Package: apache Tags: security upstream Severity: important Upstream reports a cross-site scripting issue in Apache: <http://issues.apache.org/bugzilla/show_bug.cgi?id=37874> Impact does not seem to be substantial (rather obscure module, specific configuration required, only clients running IE are exploitable), therefore I'm setting the severity to "important".