CVE-2008-2939 low severity Apache httpd XSS

[Mark J Cox <mjc () redhat com>]

FYI as this was committed yesterday but isn't triggering a new upstream 
release so might not get noticed much until the advisory comes out from 
Rapid7:

  *) SECURITY: CVE-2008-2939 (cve.mitre.org)
     mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
     the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]

Hence Low severity, affects 2.0.*, 2.2.*, fixes in svn:
http://svn.apache.org/viewvc?view=rev&revision=682870

Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team