[Secure-testing-commits] r6154 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Thu Jul 19 11:41:24 UTC 2007
Author: stef-guest
Date: 2007-07-19 11:41:23 +0000 (Thu, 19 Jul 2007)
New Revision: 6154
Modified:
data/CVE/list
Log:
note upcomming apache2 fixes, clarify some other apache issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-07-19 09:14:07 UTC (rev 6153)
+++ data/CVE/list 2007-07-19 11:41:23 UTC (rev 6154)
@@ -1259,10 +1259,10 @@
- apache <removed> (low)
[etch] - apache <unfixed> (low)
[sarge] - apache <unfixed> (low)
- - apache2 <unfixed> (low)
+ - apache2 2.2.4-2 (low)
[etch] - apache2 <unfixed> (low)
[sarge] - apache2 2.0.54-5sarge2 (low)
- NOTE: Apache 2.0 likely not affected, see
+ NOTE: Apache 2.0 likely not exploitable, see
NOTE: http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com>
CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
- apache2 <unfixed> (unimportant)
@@ -4549,8 +4549,7 @@
TODO: check apache 1
NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)
- - apache2 <not-affected> (Only Apache 2.2.4 was affected)
- TODO: Check, that no 2.2.4 version is uploaded w/o a fix and remove me once 2.2.5 is in the archive
+ - apache2 <not-affected> (Only Apache 2.2.4 was affected, and all versions of 2.2.4 in Debian are fixed)
CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
{DSA-1289-1}
- linux-2.6 2.6.21-1
@@ -12110,10 +12109,9 @@
{DSA-1304}
- linux-2.6 <unfixed>
CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...)
- - apache2 <unfixed> (low)
+ - apache2 2.2.4-2 (low)
[sarge] - apache2 2.0.54-5sarge2
- apache <removed> (low)
- TODO: sf, when was this fixed in apache2 for unstable?
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
{DSA-1233}
- linux-2.6 2.6.18-8 (medium)
@@ -16237,7 +16235,7 @@
{DSA-1167-1}
- apache2 2.0.55-4.1 (bug #381376; low)
[sarge] - apache2 2.0.54-5sarge2
- - apache 1.3.34-3 (bug #381381; low)
+ - apache 1.3.34-3 (bug #381381; medium)
CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...)
NOT-FOR-US: PHP Forge
CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka ...)
More information about the Secure-testing-commits
mailing list