On Sun, Dec 16, 2007 at 08:37:08PM +0100, Stefan Fritsch wrote:
>  *) http_protocol: Escape request method in 413 error reporting.
>      Determined to be not generally exploitable, but a flaw in any case.
>      PR 44014 [Victor Stinner <victor.stinner inl.fr>]
> 
> This is CVE-2007-6203. Maybe you should add the reference to the CHANGES file?

I don't think that's a good idea since we don't want to mislead users 
into thinking a security issue exists here.

Mark, do you think it would be OK to track such non-issues that 
nonetheless get assigned CVE names via the vulnerability tracking pages?  
We could write them up with "impact: None"?

joe

Reply via email to