[Secure-testing-commits] r12402 - in data: CVE DSA

Stefan Fritsch sf at alioth.debian.org
Fri Jul 24 17:56:09 UTC 2009 

Author: sf
Date: 2009-07-24 17:56:08 +0000 (Fri, 24 Jul 2009)
New Revision: 12402

Modified:
   data/CVE/list
   data/DSA/list
Log:
remove apache2-mpm-itk from the apache issues to avoid it showing up in
unstable/testing. It has a dependency on an exact version of apache2.2-common,
allowing to just use the apache2 source package for the tracking. In
unstable/testing, apache2-mpm-itk is 'fixed' by binNMU, which is not integrated
into the tracker.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-24 17:21:36 UTC (rev 12401)
+++ data/CVE/list	2009-07-24 17:56:08 UTC (rev 12402)
@@ -1752,7 +1752,6 @@
 	{DSA-1834-1}
 	- apache2 2.2.11-7 (medium; bug #536718)
 	[etch] - apache2 <not-affected> (bug introduced in 2.2.5)
-	[lenny] - apache2-mpm-itk 2.2.6-02-1+lenny2
 	[lenny] - apache2 2.2.9-10+lenny4
 CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets ...)
 	- pidgin 2.5.8-1 (low; bug #535790)
@@ -4085,8 +4084,6 @@
 CVE-2009-1195 (The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not ...)
 	{DSA-1816-1}
 	- apache2 2.2.11-6 (low; bug #530834)
-	- apache2-mpm-itk
-	NOTE: apache2-mpm-itk is vulnerable due to static linking
 CVE-2009-1194 (Integer overflow in the pango_glyph_string_set_size function in ...)
 	{DSA-1798-1}
 	- pango1.0 1.24.0-2 (medium; bug #527474) 

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-07-24 17:21:36 UTC (rev 12401)
+++ data/DSA/list	2009-07-24 17:56:08 UTC (rev 12402)
@@ -22,8 +22,6 @@
 [15 Jul 2009] DSA-1834-1 apache2 apache2-mpm-itk - denial of service
 	{CVE-2009-1891 CVE-2009-1890}
 	[etch] - apache2 2.2.3-4+etch9
-	[etch] - apache2-mpm-itk 2.2.3-01-2+etch3
-	[lenny] - apache2-mpm-itk 2.2.6-02-1+lenny2
 	[lenny] - apache2 2.2.9-10+lenny4
 [14 Jul 2009] DSA-1833-1 dhcp3 - arbitrary code execution
 	{CVE-2009-0692}
@@ -86,9 +84,7 @@
 	[lenny] - ctorrent 1.3.4-dnh3.2-1+lenny1
 [16 Jun 2009] DSA-1816-1 apache2 apache2-mpm-itk - privilege escalation
 	{CVE-2009-1195}
-	[etch] - apache2-mpm-itk 2.2.3-01-2+etch2
 	[etch] - apache2 2.2.3-4+etch8
-	[lenny] - apache2-mpm-itk 2.2.6-02-1+lenny1
 	[lenny] - apache2 2.2.9-10+lenny3
 [14 Jun 2009] DSA-1815-1 libtorrent-rasterbar - denial of
 	{CVE-2009-1760}

More information about the Secure-testing-commits mailing list