Bug#349793: apache-common: Cross-site scripting (XSS) vulnerability in the mod_imap module

2006-01-26 Thread Florian Weimer 
* Stephen Gran:

> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352

Uhm, hasn't this been fixed in apache 1.3.34-2 (bug #343466) and
apache2 2.0.55-4 (bug #343467)?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#349793: apache-common: Cross-site scripting (XSS) vulnerability in the mod_imap module

2006-01-25 Thread Stephen Gran 
Package: apache-common
Version: 1.3.33-6sarge1
Severity: grave
Tags: security

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352

Thanks,

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1) 
(ignored: LC_ALL set to en_US.ISO-8859-1)

Versions of packages apache-common depends on:
ii  apache2-utils2.0.54-5utility programs for webservers
ii  debconf  1.4.30.13   Debian configuration management sy
ii  elinks [www-browser] 0.10.4-7advanced text-mode WWW browser
ii  libc62.3.2.ds1-22GNU C Library: Shared libraries an
ii  libdb4.2 4.2.52-18   Berkeley v4.2 Database Libraries [
ii  libexpat11.95.8-3XML parsing C library - runtime li
ii  lynx [www-browser]   2.8.5-2sarge1   Text-mode WWW Browser
ii  mime-support 3.28-1  MIME files 'mime.types' & 'mailcap
ii  mozilla-browser [www-bro 2:1.7.8-1sarge3 The Mozilla Internet application s
ii  perl 5.8.4-8sarge3   Larry Wall's Practical Extraction 
ii  sed  4.1.2-8 The GNU sed stream editor
ii  ucf  1.17Update Configuration File: preserv
ii  w3m [www-browser]0.5.1-3 WWW browsable pager with excellent

-- debconf information:
* apache-common/confignotes:
  apache-common/old-logrotate-exists:
  apache-common/logs:
  apache-shared/debconf-modules: mod_vhost_alias, mod_userdir, mod_unique_id, 
mod_status, mod_setenvif, mod_rewrite, mod_negotiation, mod_mime_ssl, 
mod_mime_magic, mod_log_config_ssl, mod_info, mod_expires, mod_dir, mod_cgi, 
mod_autoindex, mod_auth_ssl, mod_alias, mod_access, apache-ssl, mod_php4
  apache-shared/restart: false

-- 
 -
|   ,''`.Stephen Gran |
|  : :' :[EMAIL PROTECTED] |
|  `. `'Debian user, admin, and developer |
|`- http://www.debian.org |
 -


signature.asc
Description: Digital signature