The first post I came across was in a thread entitled Patch 188.8.131.52 and Alert #68 where Jared tries to clarify the situation. He suggests that 184.108.40.206 does indeed include fixes for alert 68, although one metalink document is unsure about this Doc ID 283899.1 then Doc ID 283897.1 does state that alert 68 is included in the 220.127.116.11 patch set. Then Mike said that he concurred but he had noticed that a note on metalink said that some alert #68 fixes are e.g. mod_plsql is not included. More on this in a later comment.
In another thread entitled Patchset 18.104.22.168 The poster asks where is the 22.214.171.124 patch set for other platforms apart from the Windows release. An interesting side note to this is Pete Sharman's reply which tells us that Oracle development is still moving to Linux so all future development will be on Linux and there should be no porting need for this platform.
A third thread on the same subject entitled 9.2.6 patch release installed starts by saying that the patch set had been installed but the poster was now running alert #68, back to the original plot.....
Then Jared comes up with the goods and tells us that only the database portions of security alert 68 are included in patch set 126.96.36.199, the HTTP server patches are not included. This is according to this metalink note. Alex confirms that the database portions are installed but the OUI doesn't indicate that alert 68 is installed. Another poster expresses his confusion at all of this patch 188.8.131.52 and alert 68 goings on. Basically he said he was told to apply p3835964 after 184.108.40.206 (p3948480). Not clear at all.
The watch words seem to be clarity and consistency!! - Maybe the Alert 68 FAQ should be updated to answer the doubts about 220.127.116.11 and alert 68.