[Secure-testing-commits] r8070 - data/CVE

[stef-guest at alioth.debian.org]

Author: stef-guest
Date: 2008-02-02 10:37:32 +0000 (Sat, 02 Feb 2008)
New Revision: 8070

Modified:
   data/CVE/list
Log:
deluge-torrent fixed, new apache issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-02-02 00:15:45 UTC (rev 8069)
+++ data/CVE/list	2008-02-02 10:37:32 UTC (rev 8070)
@@ -1,5 +1,5 @@
 CVE-2008-XXXX [deluge-torrent unspecified remote issue]
-	- deluge-torrent <unfixed> (unknown; bug #463357)
+	- deluge-torrent 0.5.8.3-1 (unknown; bug #463357)
 CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows remote ...)
 	NOT-FOR-US: phpMyClub
 CVE-2008-0500 (Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have ...)
@@ -92,9 +92,23 @@
 CVE-2008-0457
 	RESERVED
 CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the ...)
-	TODO: check
+	- apache <unfixed> (low)
+	- apache2 <unfixed> (low)
+	[etch] - apache <no-dsa> (minor issue)
+	[etch] - apache2 <no-dsa> (minor issue)
+	[sarge] - apache <no-dsa> (minor issue)
+	[sarge] - apache2 <no-dsa> (minor issue)
+	NOTE: This is only relevant if an attacker can upload files with arbitrary names
+	NOTE: but not with arbitrary contents.
 CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...)
-	TODO: check
+	- apache <unfixed> (low)
+	- apache2 <unfixed> (low)
+	[etch] - apache <no-dsa> (minor issue)
+	[etch] - apache2 <no-dsa> (minor issue)
+	[sarge] - apache <no-dsa> (minor issue)
+	[sarge] - apache2 <no-dsa> (minor issue)
+	NOTE: This is only relevant if an attacker can upload files with arbitrary names
+	NOTE: but not with arbitrary contents.
 CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web ...)
 	NOT-FOR-US: Skype
 CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe ...)