[Secure-testing-commits] r17687 - data/CVE
Stefan Fritsch
sf at alioth.debian.org
Sat Nov 26 19:40:25 UTC 2011
Author: sf
Date: 2011-11-26 19:40:24 +0000 (Sat, 26 Nov 2011)
New Revision: 17687
Modified:
data/CVE/list
Log:
apache2: one issue unimportant, two new variants of a previous issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-11-26 15:44:33 UTC (rev 17686)
+++ data/CVE/list 2011-11-26 19:40:24 UTC (rev 17687)
@@ -347,7 +347,8 @@
CVE-2011-4416
RESERVED
CVE-2011-4415 (The ap_pregsub function in server/util.c in the Apache HTTP Server ...)
- - apache2 <unfixed>
+ - apache2 <unfixed> (unimportant)
+ NOTE: apache2 does not protect or claim to protect against DoS through .htaccess
CVE-2011-4414
RESERVED
CVE-2011-4413
@@ -569,8 +570,10 @@
RESERVED
- dovecot <unfixed> (unimportant; bug #649511)
NOTE: Additional hardening
-CVE-2011-4317
+CVE-2011-4317 [mod_proxy/mod_rewrite insufficient sanitization of invalid URLs]
RESERVED
+ - apache2 <unfixed>
+ NOTE: Related to CVE-2011-3368 and CVE-2011-3639 but a different issue
CVE-2011-4316
RESERVED
CVE-2011-4315
@@ -2609,8 +2612,10 @@
[lenny] - chromium-browser <no-dsa> (attacker needs to get malicious file into cwd first)
[squeeze] - chromium-browser <no-dsa> (attacker needs to get malicious file into cwd first)
NOTE: http://seclists.org/fulldisclosure/2011/Oct/734
-CVE-2011-3639
+CVE-2011-3639 [mod_proxy/mod_rewrite insufficient URI sanitization with HTTP/0.9 and pre 2.2.18]
RESERVED
+ - apache2 2.2.18-1
+ NOTE: Related to CVE-2011-3368 and CVE-2011-4317 but a different issue
CVE-2011-3638
RESERVED
- linux-2.6 3.0.0-1
More information about the Secure-testing-commits
mailing list