cat >/dev/null_

I am not able to sleep well if I do not take at least a cursory look at BugTraq before bed.

I just literally stumbled upon this: Apache httpd vulenrabilities (sic)

What worries me has not so much to do with the vulnerabilities themselves, rather than with the accompanying note:

The information on the vulnerabilities above was sent to Apache Software Foundation on 16 May, 2006. For over 1 year no official patch has been issued.

People like myself often point at Apache as an example of Free Software’s excellence, especially where security is concerned. So, assuming that the threats are real, is this possible, I am wondering?

I will definitely keep my eyes on this thread. Meanwhile, I am not going to sleep well tonight.