[Secure-testing-commits] r5519 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Mar 7 13:08:00 CET 2007


Author: jmm-guest
Date: 2007-03-07 12:07:57 +0000 (Wed, 07 Mar 2007)
New Revision: 5519

Modified:
   data/CVE/list
Log:
apache setsid issue CVEfied and fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-07 09:14:13 UTC (rev 5518)
+++ data/CVE/list	2007-03-07 12:07:57 UTC (rev 5519)
@@ -20,7 +20,7 @@
 	RESERVED
 CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites ...)
 	TODO: check
-CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...)
+5ACVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...)
 	TODO: check
 CVE-2007-1275
 	RESERVED
@@ -325,7 +325,7 @@
 CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows ...)
 	TODO: check
 CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...)
-	TODO: check
+	- apache 1.3.34-4.1 (low; bug #357561)
 CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have ...)
 	TODO: check
 CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in ...)
@@ -759,8 +759,6 @@
 	TODO: check
 CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...)
 	NOT-FOR-US: FreeBSD
-CVE-2007-XXXX [apache does not use setsid() to detach from controlling tty ]
-	- apache <unfixed> (bug #357561)
 CVE-2007-XXXX [vserver patch allows renice of processes in different context]
 	- linux-2.6 <unfixed> (bug #412143)
 CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures]




More information about the Secure-testing-commits mailing list