[Secure-testing-commits] r13782 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Sun Jan 10 23:25:57 UTC 2010 

Author: geissert
Date: 2010-01-10 23:25:56 +0000 (Sun, 10 Jan 2010)
New Revision: 13782

Modified:
   data/CVE/list
Log:
httpds escape sequence issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-10 22:57:49 UTC (rev 13781)
+++ data/CVE/list	2010-01-10 23:25:56 UTC (rev 13782)
@@ -434,26 +434,63 @@
 	RESERVED
 	- lxr-cvs <unfixed>
 	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
-CVE-2009-4496
+CVE-2009-4496 [boa escape sequence injection]
 	RESERVED
-CVE-2009-4495
+	- boa <unfixed> (low)
+	[etch] - boa <no-dsa> (issue not really specific to the httpd)
+	[lenny] - boa <no-dsa> (issue not really specific to the httpd)
+	NOTE: same as CVE-2009-4487
+CVE-2009-4495 [yaws escape sequence injection]
 	RESERVED
-CVE-2009-4494
+	- yaws <unfixed> (low)
+	[etch] - yaws <no-dsa> (issue not really specific to the httpd)
+	[lenny] - yaws <no-dsa> (issue not really specific to the httpd)
+	NOTE: same as CVE-2009-4487
+CVE-2009-4494 [aolserver escape sequence injection]
 	RESERVED
-CVE-2009-4493
+	- aolserver4 <unfixed> (low)
+	[etch] - aolserver4 <no-dsa> (issue not really specific to the httpd)
+	[lenny] - aolserver4 <no-dsa> (issue not really specific to the httpd)
+	NOTE: same as CVE-2009-4487
+CVE-2009-4493 [orion escape sequence injection]
 	RESERVED
-CVE-2009-4492
+	NOT-FOR-US: Orion httpd
+CVE-2009-4492 [webrick escape sequence injection]
 	RESERVED
-CVE-2009-4491
+	- ruby1.8 <unfixed> (low; bug #564598)
+	[etch] - ruby1.8 <no-dsa> (issue not really specific to the httpd)
+	[lenny] - ruby1.8 <no-dsa> (issue not really specific to the httpd)
+	NOTE: same as CVE-2009-4487
+CVE-2009-4491 [thttpd escape sequence injection]
 	RESERVED
-CVE-2009-4490
+	- thttpd <unfixed> (low)
+	[etch] - thttpd <no-dsa> (issue not really specific to the httpd)
+	[lenny] - thttpd <no-dsa> (issue not really specific to the httpd)
+	NOTE: same as CVE-2009-4487
+CVE-2009-4490 [mini-httpd escape sequence injection]
 	RESERVED
-CVE-2009-4489
+	- mini-httpd <unfixed> (low)
+	[etch] - mini-httpd <no-dsa> (issue not really specific to the httpd)
+	[lenny] - mini-httpd <no-dsa> (issue not really specific to the httpd)
+	NOTE: same as CVE-2009-4487
+CVE-2009-4489 [cherokee escape sequence injection]
 	RESERVED
-CVE-2009-4488
+	- cherokee 0.99.37-1 (low)
+	[etch] - cherokee <no-dsa> (issue not really specific to the httpd)
+	[lenny] - cherokee <no-dsa> (issue not really specific to the httpd)
+	NOTE: same as CVE-2009-4487
+CVE-2009-4488 [varnish escape sequence injection]
 	RESERVED
-CVE-2009-4487
+	- varnish <unfixed> (low)
+	[etch] - varnish <no-dsa> (issue not really specific to the httpd)
+	[lenny] - varnish <no-dsa> (issue not really specific to the httpd)
+	NOTE: same as CVE-2009-4487
+CVE-2009-4487 [nginx escape sequence injection]
 	RESERVED
+	- nginx <unfixed> (low)
+	[etch] - nginx <no-dsa> (issue not really specific to the httpd)
+	[lenny] - nginx <no-dsa> (issue not really specific to the httpd)
+	NOTE: http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
 CVE-2009-4486
 	RESERVED
 CVE-2009-4485

More information about the Secure-testing-commits mailing list