[Secure-testing-commits] r43292 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Wed Jul 20 04:31:30 UTC 2016
Author: carnil
Date: 2016-07-20 04:31:26 +0000 (Wed, 20 Jul 2016)
New Revision: 43292
Modified:
data/CVE/list
Log:
Add mitigation reference for apache2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-19 21:10:11 UTC (rev 43291)
+++ data/CVE/list 2016-07-20 04:31:26 UTC (rev 43292)
@@ -2345,6 +2345,7 @@
- libapache2-mod-fcgid <unfixed>
CVE-2016-5387 (The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 ...)
- apache2 <unfixed>
+ NOTE: https://www.apache.org/security/asf-httpoxy-response.txt
CVE-2016-5386 (The net/http package in Go through 1.6 does not attempt to address RFC ...)
- golang <unfixed>
CVE-2016-5385 (PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ...)
More information about the Secure-testing-commits
mailing list