On 31 Aug 2011, at 21:03, Dirk-WIllem van Gulik wrote: > Suggestion for > > http://people.apache.org/~dirkx/CVE-2011-3192.txt > > to be sent to announce and the usual security places. > > -> Comments on weaken/strenghten 1.3 text > > Happy to completely recant that it was vulnerable. Or happy to keep a > bit of a warning in there. > > -> Lots of small tweaks. > > -> Do we leave the 200/206 chunked/full range caveats in - or is that no > longer the case ? > > Thanks,
Ah - before I forget - also fine to not do it this heavy handed - but to sent Jim his message to users/devs@ to these security places as well. But am slightly biased to towards an advisory of this size - as it helps admins in large organizations negotiate priorities with their ops teams, bosses and others. Dw.
