What a busy couple of days. It all started last month with a seemingly innocent DOS being reported to the Apache security team. jorton and I spent some time analysing it and found that although it wasn't exploitable on 32 bit until platforms it may well be exploitable on some 64 bit machines. Then started the co- ordination work with CERT.
Then, suddenly, the ISS team announced the same issue publically causing us to go into firefighting mode and release the advisory (which I'd fortunately already drafted and got positive feedback on), followed by seemingly hundreds of press calls, lots of additional analysis, and reading ISS say I was untrustworthy in some Chicago newspaper ;-)
Now for some sleep