[Secure-testing-commits] r30129 - data/CVE
Stefan Fritsch
sf at moszumanska.debian.org
Tue Nov 18 14:32:30 UTC 2014
Author: sf
Date: 2014-11-18 14:32:30 +0000 (Tue, 18 Nov 2014)
New Revision: 30129
Modified:
data/CVE/list
Log:
note CVE-2014-3583 apache2 fix
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-11-18 14:04:06 UTC (rev 30128)
+++ data/CVE/list 2014-11-18 14:32:30 UTC (rev 30129)
@@ -12287,9 +12287,9 @@
RESERVED
CVE-2014-3584 (The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before ...)
NOT-FOR-US: Apache CXF
-CVE-2014-3583 [mod_proxy_fcgi heap-based buffer overflow]
+CVE-2014-3583 [mod_proxy_fcgi buffer overread]
RESERVED
- - apache2 <unfixed> (low)
+ - apache2 2.4.10-8 (low)
[wheezy] - apache2 <no-dsa> (minor issue)
NOTE: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c?r1=1618401&r2=1638818
NOTE: Only exploitable by a malicious fcgi script.
More information about the Secure-testing-commits
mailing list