[Secure-testing-commits] r8812 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Wed May 14 21:44:01 UTC 2008
Author: stef-guest
Date: 2008-05-14 21:43:59 +0000 (Wed, 14 May 2008)
New Revision: 8812
Modified:
data/CVE/list
Log:
- new apache2 DoS fixed
- apache-ssl is unfortunately in etch
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-05-14 21:14:14 UTC (rev 8811)
+++ data/CVE/list 2008-05-14 21:43:59 UTC (rev 8812)
@@ -1,3 +1,7 @@
+CVE-2008-XXXX [apache2 mod_ssl DoS (memory leak)]
+ - apache2 2.2.8-4
+ [etch] - apache2 <not-affected> (only a problem with openssl 0.9.8f or later)
+ NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
CVE-2008-XXXX [Cross-site scripting (XSS) by missing escaping]
- python-django <unfixed> (bug #481164)
NOTE: CVE id requested by gentoo
@@ -3659,7 +3663,8 @@
CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, ...)
NOT-FOR-US: OpenCA PKI Project
CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 ...)
- NOT-FOR-US: Apache-SSL
+ - apache <removed>
+ TODO: check if this needs a DSA
CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket ...)
NOT-FOR-US: eTicket
CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll ...)
More information about the Secure-testing-commits
mailing list