On Tue, Dec 20, 2011 at 03:25:09AM -0600, William Rowe wrote: > On 11/18/2011 4:38 PM, William A. Rowe Jr. wrote: > > After several prods, it seems the security@ and hackathon participants > > can't be drawn out of their shells on to dev@. So I'll simply call for > > a majority vote on the following statement... > > > > Resource abuse of an .htaccess config in the form of cpu/memory/bandwidth; > > > > [ ] Is not a security defect > > Carries with Issac, Joe, Rüdiger, Reindl, Eric, Stefan and myself in support, > and Graham and Noel opposed. (6 x +1/1 x -1)
Thanks Bill - that consensus means that we do not consider CVE-2011-4415 to be a security vulnerability in httpd. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4415 Regards, Joe