According to this Apache httpd commit:
http://marc.info/?l=apache-cvs&m=119930222400965&w=2
+ *) Add explicit charset to the output of various modules to work around
+ possible cross-site scripting flaws affecting web browsers that do not
+ derive the response character set as required by RFC2616. One of these
+ reported by SecurityReason [Joe Orton]
Only mod_proxy_ftp seems to have security implications.
Comment 6Fedora Update System
2008-02-13 14:28:34 UTC
httpd-2.2.8-1.fc8 has been submitted as an update for Fedora 8
Comment 7Fedora Update System
2008-02-13 14:32:57 UTC
httpd-2.2.8-1.fc7 has been submitted as an update for Fedora 7
Comment 8Fedora Update System
2008-02-16 02:08:10 UTC
httpd-2.2.8-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9Fedora Update System
2008-02-16 02:10:50 UTC
httpd-2.2.8-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.