Note to self: when disabling Range headers in Apache to fix CVE-2011-3192, be sure to read the updated advisory and also disable Request-Range headers. (Presumably not "Range-Request" as in the summary of that link?)
Or just apply the handy Debian update, of course.