xsp/mod_mono has reportedly a directory traversal vulnerability, see http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2658 Information about this is pretty scarce, but it should be investigated whether this applies to the FE xsp/mod_mono packages in addition to SuSE products.
I've looked at this report and by the looks of it, yes the FE xsp/mod_mono will come under the same umberella (built from the same sources). I've asked on the mono-developers list if there is a patch available and if there is, I shall apply it quickly. Could you please advise what to do in the meantime? Should I put an advisory out on the FE list alerting people to the issue?
I wouldn't go so far as to send an advisory. This is currently classified as a low-risk vulnerability so I'd suggest simply patching it ASAP. You may be able to extract the fix from the SUSE package if you can find it.
Just been advised that it only relates to the 1.1.14 version of mod_mono not 1.1.17 (which is packaged for both FE5 and rawhide) Closing the bug. Thanks for the advice :-)