I am keeping a draft at
http://people.apache.org/~dirkx/CVE-2011-3192.txt
Changes since last are:
- version ranges more specific
- vendor information added
- backgrounder on relation to 2007 issues (see below to ensure I got this
right).
I suggest we sent this out late Z time today (i.e. end of working day US) _if_
1) it is likely that we do not have a firm timeline for the full fix and 2) we
have a bit more to add. Otherwise we skip to a final update with the fixing
instructions for 2.0 and 2.2
Feedback welcome,
Thanks,
Dw.
