[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] note apache2 fixes
Stefan Fritsch
sf at debian.org
Sat Mar 31 12:34:54 UTC 2018
Stefan Fritsch pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0da4e696 by Stefan Fritsch at 2018-03-31T14:34:23+02:00
note apache2 fixes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -20917,7 +20917,7 @@ CVE-2018-1314
CVE-2018-1313
RESERVED
CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest ...)
- - apache2 <unfixed>
+ - apache2 2.4.33-1
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/7
CVE-2018-1311
RESERVED
@@ -20958,16 +20958,16 @@ CVE-2018-1304 (The URL pattern of "" (the empty string) which exactly
NOTE: https://svn.apache.org/r1823309 (7.0.x)
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62067
CVE-2018-1303 (A specially crafted HTTP request header could have crashed the Apache ...)
- - apache2 <unfixed>
+ - apache2 2.4.33-1
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/3
CVE-2018-1302 (When an HTTP/2 stream was destroyed after being handled, the Apache ...)
- - apache2 <unfixed>
+ - apache2 2.4.33-1
[jessie] - apache2 <not-affected> (Vulnerable code not present)
[wheezy] - apache2 <not-affected> (Vulnerable code not present)
NOTE: HTTP/2 support introduced in 2.4.17
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/5
CVE-2018-1301 (A specially crafted request could have crashed the Apache HTTP Server ...)
- - apache2 <unfixed>
+ - apache2 2.4.33-1
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/2
CVE-2018-1300
RESERVED
@@ -21020,7 +21020,7 @@ CVE-2018-1285
CVE-2018-1284
RESERVED
CVE-2018-1283 (In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to ...)
- - apache2 <unfixed>
+ - apache2 2.4.33-1
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/4
CVE-2018-1282
RESERVED
@@ -28835,7 +28835,7 @@ CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...)
CVE-2017-15716
RESERVED
CVE-2017-15715 (In Apache httpd 2.4.0 to 2.4.29, the expression specified in ...)
- - apache2 <unfixed>
+ - apache2 2.4.33-1
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/6
CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape ...)
NOT-FOR-US: BIRT plugin in Apache OFBiz
@@ -28846,7 +28846,7 @@ CVE-2017-15712 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to
CVE-2017-15711
REJECTED
CVE-2017-15710 (In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to ...)
- - apache2 <unfixed>
+ - apache2 2.4.33-1
NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/8
CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...)
- activemq 5.15.3-1 (bug #890352)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0da4e6969363e63357348d440c46929598405c87
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0da4e6969363e63357348d440c46929598405c87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180331/e4a1dd10/attachment.html>
More information about the Secure-testing-commits
mailing list