[Secure-testing-commits] r28950 - in data: . CVE

Mon Sep 22 09:26:19 UTC 2014

Author: hertzog
Date: 2014-09-22 09:26:19 +0000 (Mon, 22 Sep 2014)
New Revision: 28950

Modified:
   data/CVE/list
   data/dla-needed.txt
   data/dsa-needed.txt
Log:
Triage apache2 CVE

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2014-09-22 07:06:11 UTC (rev 28949)
+++ data/CVE/list	2014-09-22 09:26:19 UTC (rev 28950)
@@ -16667,6 +16667,7 @@
 CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10 does not ...)
 	{DSA-2989-1}
 	- apache2 2.4.10-1
+	[squeeze] - apache2 <unfixed>
 CVE-2014-0230
 	RESERVED
 CVE-2014-0229
@@ -16679,6 +16680,7 @@
 CVE-2014-0226 (Race condition in the mod_status module in the Apache HTTP Server ...)
 	{DSA-2989-1}
 	- apache2 2.4.10-1
+	[squeeze] - apache2 <unfixed>
 CVE-2014-0225 [Information disclosure via SSRF]
 	RESERVED
 	- libspring-java 3.0.6.RELEASE-14 (low; bug #753470)
@@ -17093,6 +17095,7 @@
 CVE-2014-0118 (The deflate_in_filter function in mod_deflate.c in the mod_deflate ...)
 	{DSA-2989-1}
 	- apache2 2.4.10-1
+	[squeeze] - apache2 <unfixed>
 CVE-2014-0117 (The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, ...)
 	- apache2 2.4.10-1
 	[squeeze] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
@@ -20640,8 +20643,10 @@
 	NOTE: Upstream commit: https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
 	NOTE: http://martin.swende.se/blog/HTTPChunked.html
 CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...)
-	- apache2 2.4.10-2
+	- apache2 2.4.10-2 (medium)
+	[squeeze] - apache2 <unfixed>
 	NOTE: http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2
+	NOTE: Patch at https://github.com/apache/httpd/commit/bd34b9d92894b7fc01810fc11a059fa30067e431#diff-381c180d963fb4507c77d80edb208224
 CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute ...)
 	NOT-FOR-US: DrayTek Vigor 2700 router
 CVE-2013-5702 (Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in ...)

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2014-09-22 07:06:11 UTC (rev 28949)
+++ data/dla-needed.txt	2014-09-22 09:26:19 UTC (rev 28950)
@@ -7,6 +7,8 @@
 To pick an issue, simply add your name behind it.
 
 --
+apache2
+--
 apt (Michael Vogt, Salvatore Bonaccorso)
 --
 commons-beanutils

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2014-09-22 07:06:11 UTC (rev 28949)
+++ data/dsa-needed.txt	2014-09-22 09:26:19 UTC (rev 28950)
@@ -12,6 +12,8 @@
 If needed, specify the release by adding a slash after the name of the source package.
 
 --
+apache2
+--
 asterisk
 --
 libgcrypt11 (carnil)


