[Secure-testing-commits] r6154 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Thu Jul 19 11:41:24 UTC 2007 

Author: stef-guest
Date: 2007-07-19 11:41:23 +0000 (Thu, 19 Jul 2007)
New Revision: 6154

Modified:
   data/CVE/list
Log:
note upcomming apache2 fixes, clarify some other apache issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-19 09:14:07 UTC (rev 6153)
+++ data/CVE/list	2007-07-19 11:41:23 UTC (rev 6154)
@@ -1259,10 +1259,10 @@
 	- apache <removed> (low)
 	[etch] - apache <unfixed> (low)
 	[sarge] - apache <unfixed> (low)
-	- apache2 <unfixed> (low)
+	- apache2 2.2.4-2 (low)
 	[etch] - apache2 <unfixed> (low)
 	[sarge] - apache2 2.0.54-5sarge2 (low)
-	NOTE: Apache 2.0 likely not affected, see
+	NOTE: Apache 2.0 likely not exploitable, see
 	NOTE: http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com>
 CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
 	- apache2 <unfixed> (unimportant)
@@ -4549,8 +4549,7 @@
 	TODO: check apache 1
 	NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)
-	- apache2 <not-affected> (Only Apache 2.2.4 was affected)
-	TODO: Check, that no 2.2.4 version is uploaded w/o a fix and remove me once 2.2.5 is in the archive
+	- apache2 <not-affected> (Only Apache 2.2.4 was affected, and all versions of 2.2.4 in Debian are fixed)
 CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
 	{DSA-1289-1}
 	- linux-2.6 2.6.21-1
@@ -12110,10 +12109,9 @@
 	{DSA-1304}
 	- linux-2.6 <unfixed>
 CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...)
-	- apache2 <unfixed> (low)
+	- apache2 2.2.4-2 (low)
 	[sarge] - apache2 2.0.54-5sarge2
 	- apache <removed> (low)
-	TODO: sf, when was this fixed in apache2 for unstable?
 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
 	{DSA-1233}
 	- linux-2.6 2.6.18-8 (medium)
@@ -16237,7 +16235,7 @@
 	{DSA-1167-1}
 	- apache2 2.0.55-4.1 (bug #381376; low)
 	[sarge] - apache2 2.0.54-5sarge2
-	- apache 1.3.34-3 (bug #381381; low)
+	- apache 1.3.34-3 (bug #381381; medium)
 CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...)
 	NOT-FOR-US: PHP Forge
 CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka ...)

More information about the Secure-testing-commits mailing list