[Secure-testing-commits] r1865 - in data: CAN DSA

Thu Sep 8 19:09:30 UTC 2005

Author: joeyh
Date: 2005-09-08 19:09:26 +0000 (Thu, 08 Sep 2005)
New Revision: 1865

Modified:
   data/CAN/list
   data/DSA/list
Log:
new apache2 DSA, the fix was also uploaded to tpu and I have approved it for
testing, FWIW.


Modified: data/CAN/list
===================================================================

--- data/CAN/list	2005-09-08 18:54:39 UTC (rev 1864)
+++ data/CAN/list	2005-09-08 19:09:26 UTC (rev 1865)
@@ -225,7 +225,7 @@
 	NOTE: not-for-us (Astato specific)
 CAN-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...)
 	NOTE: The CVE description is wrong, this has been merged for 2.0.55
-	- apache2 (unfixed; bug #326435; medium)
+	- apache2 2.0.54-5 (bug #326435; medium)
 CAN-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...)
 	NOTE: not-for-us (Home Ftp Server)
 CAN-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...)
@@ -279,8 +279,7 @@
 	NOTE: reserved
 CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
 	- libapache-mod-ssl 2.8.24-1 (medium)
-	NOTE: apache2 maintainer working on an update
-	- apache2 (unfixed; bug #327210; medium)
+	- apache2 2.0.54-5 (bug #327210; medium)
 CAN-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
 	NOTE: not-for-us (PHPKit)
 CAN-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...)
@@ -2912,7 +2911,7 @@
 	NOTE: not-for-us (Microsoft)
 CAN-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote ...)
 	- apache 1.3.33-8 (bug #322607; medium)
-	- apache2 (unfixed; bug #316173; medium)
+	- apache2 2.0.54-5 (bug #316173; medium)
 CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote attackers ...)
 	NOTE: not-for-us (Microsoft)
 CAN-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...)
@@ -6434,7 +6433,7 @@
 CAN-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...)
 	NOTE: This is from latest Trustix advisory, exploitation would require to trick
 	NOTE: someone into using a maliciously crafted certificate revocation list
-	- apache2 (unfixed; bug #320048; low)
+	- apache2 2.0.54-5 (bug #320048; low)
 CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
 	- tcpdump 3.9.0.cvs.20050614-1 (medium)
 CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-09-08 18:54:39 UTC (rev 1864)
+++ data/DSA/list	2005-09-08 19:09:26 UTC (rev 1865)
@@ -1,3 +1,7 @@
+[08 Sep 2005] DSA-805-1 apache2 - several
+	{CAN-2005-1268 CAN-2005-2088 CAN-2005-2700 CAN-2005-2728}
+	- apache2 2.0.54-5 (low)
+	NOTE: not fixed in testing at time of DSA (too young)
 [08 Sep 2005] DSA-804-1 kdelibs - insecure permissions
 	{CAN-2005-1920}
 	- kdebase 4:3.4.2-3 (medium)


