On Jan 8, 2008, at 3:19 PM, Ruediger Pluem wrote:
On 01/08/2008 05:47 PM, Ruediger Pluem wrote:
On 01/08/2008 05:12 PM, William A. Rowe, Jr. wrote:
[EMAIL PROTECTED] wrote:
+ *) SECURITY: CVE-2008-0005 (cve.mitre.org)
I thought we concur that (short of direct html injection in the
page's
<head>) the browser misdetection of UTF-7, contrary on it's face to
RFC2616, was a client specific problem? If so, this is a
"related to
CVE-2008-0005" footnote, not the topic.
So did I misunderstood Mark in its mail on [EMAIL PROTECTED]
I am now confused, because the browser issue is one and the same for
all cases. Why having a special CVE number for the mod_proxy_ftp case
then?
Anyway I can change this to a footnote if you like.
BTW: Shouldn't we drop 2.2.7 entirely from the CHANGES file and put
all
changes since 2.2.6 under 2.2.8?
No, since there *was* a 2.2.7... it just wasn't released.
