Hi, On Wed, 6 Feb 2008, Boyle Owen wrote:
It is clear to me now that this is a storm in a teacup. I note also that the "vulnerability" never made it to the CVE database so I think we can decide on "no further action".
That's not true. CVE-2008-0455 and CVE-2008-0456 have been assigned to this issue. Maybe the apache security team should contact mitre so that these entries are marked as disputed.
Cheers, Stefan