Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2c8a2248 by Salvatore Bonaccorso at 2020-07-23T11:18:10+02:00
Update information for old CVE-2008-0455/apache2
It appears from [1] that CVE-2012-2687 was as well known under
(duplicate) CVE-2008-0455. CVE-2012-2687 was fixed witn the 2.2.22-8
upload, so sync the two entries with the fixed version.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -378206,9 +378206,10 @@ CVE-2008-0456 (CRLF injection vulnerability in the
mod_negotiation module in the
NOTE: but not with arbitrary contents.
CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation
module ...)
- apache <removed> (unimportant)
- - apache2 <unfixed> (unimportant)
+ - apache2 2.2.22-8 (unimportant)
NOTE: This is only relevant if an attacker can upload files with
arbitrary names
NOTE: but not with arbitrary contents.
+ NOTE:
https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2012-2687
CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web
contro ...)
NOT-FOR-US: Skype
CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork
Recipe allo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c8a2248de68743aa9dd09c99f7726f26174bf58
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2c8a2248de68743aa9dd09c99f7726f26174bf58
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
