[Secure-testing-commits] r30049 - data/CVE

[Stefan Fritsch]

Author: sf
Date: 2014-11-13 20:43:02 +0000 (Thu, 13 Nov 2014)
New Revision: 30049

Modified:
   data/CVE/list
Log:
CVE-2014-3583 apache2 no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-13 20:23:07 UTC (rev 30048)
+++ data/CVE/list	2014-11-13 20:43:02 UTC (rev 30049)
@@ -11882,8 +11882,10 @@
 	NOT-FOR-US: Apache CXF
 CVE-2014-3583 [mod_proxy_fcgi heap-based buffer overflow]
 	RESERVED
-	- apache2 <unfixed>
+	- apache2 <unfixed> (low)
+	[wheezy] - apache2 <no-dsa> (minor issue)
 	NOTE: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c?r1=1618401&r2=1638818
+	NOTE: Only exploitable by a malicious fcgi script.
 CVE-2014-3582
 	RESERVED
 CVE-2014-3581 (The cache_merge_headers_out function in modules/cache/cache_util.c in ...)