[Secure-testing-commits] r6149 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Wed Jul 18 21:56:58 UTC 2007


Author: jmm-guest
Date: 2007-07-18 21:56:57 +0000 (Wed, 18 Jul 2007)
New Revision: 6149

Modified:
   data/CVE/list
Log:
record some minor apache fixes coming through os-p-u


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-18 19:58:33 UTC (rev 6148)
+++ data/CVE/list	2007-07-18 21:56:57 UTC (rev 6149)
@@ -1040,7 +1040,7 @@
 	[sarge] - apache <unfixed> (low)
 	- apache2 <unfixed> (low)
 	[etch] - apache2 <unfixed> (low)
-	[sarge] - apache2 <not-affected> (affects only 1.3.x and 2.2.x)
+	[sarge] - apache2 2.0.54-5sarge2 (low)
 	NOTE: Apache 2.0 likely not affected, see
 	NOTE: http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com>
 CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
@@ -4314,7 +4314,8 @@
 	- php4 <unfixed>
 	- php5 5.2.2-1
 CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), ...)
-	- apache2 2.2.4-1
+	- apache2 2.2.4-1 (low)
+        [sarge] - apache2 2.0.54-5sarge2
 	TODO: check apache 1
 	NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)
@@ -11880,8 +11881,9 @@
 	- linux-2.6 <unfixed>
 CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...)
 	- apache2 <unfixed> (low)
-	- apache <unfixed> (low)
-	NOTE: 1.3 and 2.0 are affected, too
+        [sarge] - apache2 2.0.54-5sarge2
+	- apache <removed> (low)
+        TODO: sf, when was this fixed in apache2 for unstable?
 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
 	{DSA-1233}
 	- linux-2.6 2.6.18-8 (medium)
@@ -16002,8 +16004,9 @@
 	NOT-FOR-US: SD Studio CMS
 CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...)
 	{DSA-1167-1}
-	- apache2 2.0.55-4.1 (bug #381376; medium)
-	- apache 1.3.34-3 (bug #381381; medium)
+	- apache2 2.0.55-4.1 (bug #381376; low)
+        [sarge] - apache2 2.0.54-5sarge2
+	- apache 1.3.34-3 (bug #381381; low)
 CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...)
 	NOT-FOR-US: PHP Forge
 CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka ...)
@@ -28882,7 +28885,8 @@
 	{DSA-1017-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...)
-	- apache2 2.0.55-4 (bug #351246)
+	- apache2 2.0.55-4 (bug #351246; low)
+        [sarge] - apache2 2.0.54-5sarge2
 CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...)
 	{DSA-1017-1}
 	- linux-2.6 2.6.15-4
@@ -28903,6 +28907,7 @@
 	{DSA-1167-1}
 	- apache 1.3.34-2 (bug #343466; low)
 	- apache2 2.0.55-4 (bug #343467; bug #349793; low)
+        [sarge] - apache2 2.0.54-5sarge2
 	NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
 	NOTE: Means oldstable and stable are affected
 CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)
@@ -30108,8 +30113,8 @@
 	- koffice 1:1.3.5-5 (bug #333497; medium)
 CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...)
 	- apache2 2.0.55-1 (bug #340337; low)
+        [sarge] - apache2 2.0.54-5sarge2
 	NOTE: this occurs in the binary package apache2-mpm-worker
-	NOTE: Sarge is affected, apache2 was not in oldstable
 CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...)
 	{DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1}
 	- openssl 0.9.8-3 (bug #333500; low)




More information about the Secure-testing-commits mailing list