[Secure-testing-commits] r7930 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Tue Jan 15 20:27:40 UTC 2008 

Author: stef-guest
Date: 2008-01-15 20:27:39 +0000 (Tue, 15 Jan 2008)
New Revision: 7930

Modified:
   data/CVE/list
Log:
more minor apache issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-15 12:38:57 UTC (rev 7929)
+++ data/CVE/list	2008-01-15 20:27:39 UTC (rev 7930)
@@ -1042,18 +1042,22 @@
 	RESERVED
 CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in ...)
 	NOT-FOR-US: Fonality Trixbox
-CVE-2007-6423
+CVE-2007-6423 [windows only Apache mod_proxy_balancer issue]
 	RESERVED
+	- apache2 <not-affected> (disputed / only for Windows)
 CVE-2007-6422 (Unspecified vulnerability in mod_proxy_balancer in the Apache HTTP ...)
 	- apache2 <unfixed> (low)
 	[etch] - apache2 <no-dsa> (minor issue)
-	[sarge] - apache2 <not-affected> (vulnerable code introduced later)
+	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
 CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in mod_proxy_balancer in the ...)
 	- apache2 <unfixed> (low)
 	[etch] - apache2 <no-dsa> (minor issue)
-	[sarge] - apache2 <not-affected> (vulnerable code introduced later)
-CVE-2007-6420
+	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
+CVE-2007-6420 [Apache mod_proxy_balancer XSRF in balancer manager]
 	RESERVED
+	- apache2 <unfixed> (low)
+	[etch] - apache2 <no-dsa> (minor issue)
+	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
 CVE-2007-6419 (Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, ...)
 	NOT-FOR-US: HP-UX
 CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...)
@@ -1559,8 +1563,10 @@
 	RESERVED
 CVE-2008-0006
 	RESERVED
-CVE-2008-0005
+CVE-2008-0005 [Apache mod_proxy_ftp Undefined Charset UTF-7 XSS Vulnerability]
 	RESERVED
+	- apache2 <unfixed> (low)
+	- apache <unfixed> (low)
 CVE-2008-0004
 	RESERVED
 CVE-2008-0003 (Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback ...)

More information about the Secure-testing-commits mailing list