[Secure-testing-commits] r6073 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Thu Jun 28 22:04:52 UTC 2007
Author: stef-guest
Date: 2007-06-28 22:04:52 +0000 (Thu, 28 Jun 2007)
New Revision: 6073
Modified:
data/CVE/list
Log:
two apache issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-28 21:48:34 UTC (rev 6072)
+++ data/CVE/list 2007-06-28 22:04:52 UTC (rev 6073)
@@ -330,9 +330,17 @@
CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x before ...)
NOT-FOR-US: Cerulean Studios Trillian
CVE-2007-3304 (Apache httpd 1.3.37, and 2.0.59 and 2.2.4 with the Prefork MPM module, ...)
- TODO: check
+ - apache <removed> (low)
+ [etch] - apache <unfixed> (low)
+ [sarge] - apache <unfixed> (low)
+ - apache2 <unfixed> (low)
+ [etch] - apache2 <unfixed> (low)
+ [sarge] - apache2 <not-affected> (affects only 1.3.xnd 2.2.x)
+ NOTE: Apache 2.0 likely not affected, see
+ NOTE: http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com>
CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
- TODO: check
+ - apache2 <unfixed> (unimportant)
+ NOTE: If you can execute arbitrary code, a DoS is not a problem.
CVE-2007-3302
RESERVED
CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in ...)
More information about the Secure-testing-commits
mailing list