[Secure-testing-commits] r55870 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Sep 18 13:43:06 UTC 2017
Author: carnil
Date: 2017-09-18 13:43:06 +0000 (Mon, 18 Sep 2017)
New Revision: 55870
Modified:
data/CVE/list
Log:
Add CVE-2017-9798
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-09-18 13:04:46 UTC (rev 55869)
+++ data/CVE/list 2017-09-18 13:43:06 UTC (rev 55870)
@@ -11659,6 +11659,12 @@
NOT-FOR-US: Apache Storm
CVE-2017-9798
RESERVED
+ - apache2 <unfixed>
+ NOTE: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
+ NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61207
+ NOTE: https://github.com/hannob/optionsbleed
+ NOTE: Patch: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
+ NOTE: Patch backport for 2.2: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
CVE-2017-9797
RESERVED
CVE-2017-9796
More information about the Secure-testing-commits
mailing list