[Secure-testing-commits] r30049 - data/CVE
Stefan Fritsch
sf at moszumanska.debian.org
Thu Nov 13 20:43:02 UTC 2014
Author: sf
Date: 2014-11-13 20:43:02 +0000 (Thu, 13 Nov 2014)
New Revision: 30049
Modified:
data/CVE/list
Log:
CVE-2014-3583 apache2 no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-13 20:23:07 UTC (rev 30048)
+++ data/CVE/list 2014-11-13 20:43:02 UTC (rev 30049)
@@ -11882,8 +11882,10 @@
NOT-FOR-US: Apache CXF
CVE-2014-3583 [mod_proxy_fcgi heap-based buffer overflow]
RESERVED
- - apache2 <unfixed>
+ - apache2 <unfixed> (low)
+ [wheezy] - apache2 <no-dsa> (minor issue)
NOTE: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c?r1=1618401&r2=1638818
+ NOTE: Only exploitable by a malicious fcgi script.
CVE-2014-3582
RESERVED
CVE-2014-3581 (The cache_merge_headers_out function in modules/cache/cache_util.c in ...)
More information about the Secure-testing-commits
mailing list