You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by "William A. Rowe Jr." <wr...@rowe-clan.net> on 2011/09/08 04:26:14 UTC

Re: VN: VU#405811 / TN:JPCERT#96552408

[resending publicly...]

On 9/7/2011 8:54 AM, JPCERT/CC wrote:
> 
> Their question here is as follows;
>   The URL (directory path) of the UPDATE3 advisory, it differs
>   from the UPDATE2 or the first advisory, so they are wondering
>   if the UPDATE3 is official or not.

>   UPDATE3's location:
>   http://people.apache.org/~dirkx/CVE-2011-3192.txt

Update 3 has not been published, as you observed.  It is in draft.
All files that reside under http://people.apache.org/~committer/
are that individual committer's scratchpad/personal workspace.

This does raise the question of whether such files should be marked
DRAFT as such, thank you for bringing this to our attention.  The
next update will be distributed through the normal channels.

Thanks for the report,

Bill