Posted at LWN.net: "WireX have found some occurrences of insecure opening of temporary
files in htdigest and htpasswd. Both programs are not installed
setuid or setgid and thus the impact should be minimal. The Apache
group has released another security bugfix which fixes a vulnerability
in mod_rewrite which may result the remote attacker to access
arbitrary files on the web server."
January 26, 2001