On Sun, Dec 16, 2007 at 08:37:08PM +0100, Stefan Fritsch wrote: > *) http_protocol: Escape request method in 413 error reporting. > Determined to be not generally exploitable, but a flaw in any case. > PR 44014 [Victor Stinner <victor.stinner inl.fr>] > > This is CVE-2007-6203. Maybe you should add the reference to the CHANGES file?
I don't think that's a good idea since we don't want to mislead users into thinking a security issue exists here. Mark, do you think it would be OK to track such non-issues that nonetheless get assigned CVE names via the vulnerability tracking pages? We could write them up with "impact: None"? joe