Done.
On 21.08.2012 17:41, Plüm, Rüdiger, Vodafone Group wrote:
-----Original Message-----
From: Jeff Trawick [mailto:]
Sent: Dienstag, 21. August 2012 17:37
To: [email protected]
Subject: Re: Updating 2.4 security page
On Tue, Aug 21, 2012 at 11:30 AM, Rainer Jung
wrote:
Now that 2.4.3 is released and annouced I'm in the process of updating
the
security page (the xml file with the known vulnerabilities) to include
the
two issues that are in CHANGES.
The XSS mod_negotitation issues I think is clearly of severity level 4
(low), but I'm a bit uncertain about the mod_proxy_ajp problem.
It can be triggered by remote and leads to response mixups, so a
privacy
issue (all disclosed via Bugzilla before the release, so no need to
discuss
privately).
I'd go for a "Important" but would like to get more opinions. The
definitions are at:
+1 for "Important"
+1
Regards
Rüdiger
