[resending publicly...] On 9/7/2011 8:54 AM, JPCERT/CC wrote: > > Their question here is as follows; > The URL (directory path) of the UPDATE3 advisory, it differs > from the UPDATE2 or the first advisory, so they are wondering > if the UPDATE3 is official or not.
> UPDATE3's location: > http://people.apache.org/~dirkx/CVE-2011-3192.txt Update 3 has not been published, as you observed. It is in draft. All files that reside under http://people.apache.org/~committer/ are that individual committer's scratchpad/personal workspace. This does raise the question of whether such files should be marked DRAFT as such, thank you for bringing this to our attention. The next update will be distributed through the normal channels. Thanks for the report, Bill
