thr3ads.net - Secure testing commits - [Secure-testing-commits] r7733

If this information is useful, please help other people find it:
Share via:

stef-guest at alioth.debian.org

2007-Dec-27 11:30 UTC

[Secure-testing-commits] r7733 - data/CVE

Author: stef-guest
Date: 2007-12-27 11:30:49 +0000 (Thu, 27 Dec 2007)
New Revision: 7733

Modified:
   data/CVE/list
Log:
pending apache fixes

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-12-27 10:17:38 UTC (rev 7732)
+++ data/CVE/list	2007-12-27 11:30:49 UTC (rev 7733)
@@ -4570,7 +4570,8 @@
 	[etch] - apache <no-dsa> (minor issue)
 	- apache2 <unfixed> (low)
 	- apache <unfixed> (low)
-	NOTE: pending for 2.2.3-4+etch4 / etch r3
+	NOTE: pending for apache2 2.2.3-4+etch4 / etch r3
+	NOTE: pending for apache 1.3.34-4.1+etch1 / etch r3
 CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML
logging, ...)
 	- pidgin 2.2.2-1 (medium)
 CVE-2007-4998
@@ -7232,6 +7233,8 @@
 CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy)
in ...)
 	- apache2 2.2.6-1 (bug #441845; low)
 	[etch] - apache2 2.2.3-4+etch3 (bug #441845; low)
+	- apache <removed> (unimportant)
+	NOTE: Apache 1.3 is non-threaded, therefore unimportant
 CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as
used ...)
 	NOT-FOR-US: TortoiseSVN on Windows
 CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and
2.x ...)
@@ -11968,10 +11971,10 @@
 	- php5 5.2.2-1
 CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server
(httpd), ...)
 	- apache2 2.2.4-1 (low)
-	- apache <unfixed> (low)
+	- apache <removed> (unimportant)
 	[sarge] - apache2 2.0.54-5sarge2
 	[etch] - apache2 2.2.3-4+etch2
-	NOTE: vulnerable code in src/modules/proxy/proxy_cache.c starting in line 1132
+	NOTE: Apache 1.3 is non-threaded, therefore unimportant
 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4
does not ...)
 	- apache2 <not-affected> (Only Apache 2.2.4 was affected, and all
versions of 2.2.4 in Debian are fixed)
 CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux
Kernel ...)
@@ -13272,6 +13275,7 @@
 CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm
in ...)
 	- apache <removed> (low)
 	- libapache2-mod-perl2 2.0.2-5 (low; bug #433549)
+	NOTE: pending for apache 1.3.34-4.1+etch1 / etch r3
 CVE-2007-1348
 	RESERVED
 CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR,
and ...)
@@ -19598,6 +19602,7 @@
 	[sarge] - apache2 2.0.54-5sarge2
 	[etch] - apache2 2.2.3-4+etch2
 	- apache <removed> (low)
+	NOTE: pending for apache 1.3.34-4.1+etch1 / etch r3
 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
 	{DSA-1233}
 	- linux-2.6 2.6.18-8 (medium)

Secure testing commits - Dec 2007 - r7733 - data/CVE

[Secure-testing-commits] r7733 - data/CVE