[Secure-testing-commits] r30129 - data/CVE

Stefan Fritsch sf at moszumanska.debian.org
Tue Nov 18 14:32:30 UTC 2014


Author: sf
Date: 2014-11-18 14:32:30 +0000 (Tue, 18 Nov 2014)
New Revision: 30129

Modified:
   data/CVE/list
Log:
note CVE-2014-3583 apache2 fix


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-11-18 14:04:06 UTC (rev 30128)
+++ data/CVE/list	2014-11-18 14:32:30 UTC (rev 30129)
@@ -12287,9 +12287,9 @@
 	RESERVED
 CVE-2014-3584 (The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before ...)
 	NOT-FOR-US: Apache CXF
-CVE-2014-3583 [mod_proxy_fcgi heap-based buffer overflow]
+CVE-2014-3583 [mod_proxy_fcgi buffer overread]
 	RESERVED
-	- apache2 <unfixed> (low)
+	- apache2 2.4.10-8 (low)
 	[wheezy] - apache2 <no-dsa> (minor issue)
 	NOTE: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c?r1=1618401&r2=1638818
 	NOTE: Only exploitable by a malicious fcgi script.




More information about the Secure-testing-commits mailing list