[Secure-testing-commits] r47308 - data/CVE
Stefan Fritsch
sf at moszumanska.debian.org
Wed Dec 21 23:13:30 UTC 2016
Author: sf
Date: 2016-12-21 23:13:30 +0000 (Wed, 21 Dec 2016)
New Revision: 47308
Modified:
data/CVE/list
Log:
update apache2 issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-21 22:17:10 UTC (rev 47307)
+++ data/CVE/list 2016-12-21 23:13:30 UTC (rev 47308)
@@ -11273,7 +11273,7 @@
RESERVED
CVE-2016-8743 [Apache HTTP Request Parsing Whitespace Defects]
RESERVED
- - apache2 <unfixed>
+ - apache2 2.4.25-1
NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
NOTE: The fix is not fully backwards compatible so upstream have
@@ -11286,7 +11286,7 @@
CVE-2016-8741
RESERVED
CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ...)
- - apache2 <unfixed> (bug #847124)
+ - apache2 2.4.25-1 (bug #847124)
[jessie] - apache2 <not-affected> (Vulnerable code not present)
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
NOTE: HTTP/2 support introduced in 2.4.17
@@ -33335,7 +33335,7 @@
NOTE: http://struts.apache.org/docs/s2-030.html
CVE-2016-2161 [DoS vulnerability in mod_auth_digest]
RESERVED
- - apache2 <unfixed>
+ - apache2 2.4.25-1
[wheezy] - apache2 <not-affected> (Vulnerable code introduced in 2.4.x)
NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
NOTE: Fixed by: https://svn.apache.org/r1772919
@@ -38619,7 +38619,7 @@
NOTE: Swift: >=2.2.1 <= 2.3.0
CVE-2016-0736 [Padding Oracle in Apache mod_session_crypto]
RESERVED
- - apache2 <unfixed>
+ - apache2 2.4.25-1
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
NOTE: Fixed by: https://svn.apache.org/r1772812
More information about the Secure-testing-commits
mailing list