[Secure-testing-commits] r6154 - data/CVE

Thu, 19 Jul 2007 04:41:27 -0700 

Author: stef-guest
Date: 2007-07-19 11:41:23 +0000 (Thu, 19 Jul 2007)
New Revision: 6154

Modified:
   data/CVE/list
Log:
note upcomming apache2 fixes, clarify some other apache issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-07-19 09:14:07 UTC (rev 6153)
+++ data/CVE/list       2007-07-19 11:41:23 UTC (rev 6154)
@@ -1259,10 +1259,10 @@
        - apache <removed> (low)
        [etch] - apache <unfixed> (low)
        [sarge] - apache <unfixed> (low)
-       - apache2 <unfixed> (low)
+       - apache2 2.2.4-2 (low)
        [etch] - apache2 <unfixed> (low)
        [sarge] - apache2 2.0.54-5sarge2 (low)
-       NOTE: Apache 2.0 likely not affected, see
+       NOTE: Apache 2.0 likely not exploitable, see
        NOTE: 
http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com>
 CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, 
allows ...)
        - apache2 <unfixed> (unimportant)
@@ -4549,8 +4549,7 @@
        TODO: check apache 1
        NOTE: see 
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 
does not ...)
-       - apache2 <not-affected> (Only Apache 2.2.4 was affected)
-       TODO: Check, that no 2.2.4 version is uploaded w/o a fix and remove me 
once 2.2.5 is in the archive
+       - apache2 <not-affected> (Only Apache 2.2.4 was affected, and all 
versions of 2.2.4 in Debian are fixed)
 CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux 
Kernel ...)
        {DSA-1289-1}
        - linux-2.6 2.6.21-1
@@ -12110,10 +12109,9 @@
        {DSA-1304}
        - linux-2.6 <unfixed>
 CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the 
...)
-       - apache2 <unfixed> (low)
+       - apache2 2.2.4-2 (low)
        [sarge] - apache2 2.0.54-5sarge2
        - apache <removed> (low)
-       TODO: sf, when was this fixed in apache2 for unstable?
 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
        {DSA-1233}
        - linux-2.6 2.6.18-8 (medium)
@@ -16237,7 +16235,7 @@
        {DSA-1167-1}
        - apache2 2.0.55-4.1 (bug #381376; low)
        [sarge] - apache2 2.0.54-5sarge2
-       - apache 1.3.34-3 (bug #381381; low)
+       - apache 1.3.34-3 (bug #381381; medium)
 CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in 
R. ...)
        NOT-FOR-US: PHP Forge
 CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews 
(aka ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to