I just bumped it. Seems it has security fixes (starting from 6.0.27 that we never had): fix Fix CVE-2010-1157. Prevent possible disclosure of host name or IP address via the HTTP WWW-Authenticate header when using BASIC or DIGEST authentication. (markt) Ask arches to mark stable?
*** This bug has been marked as a duplicate of bug 320963 ***