Author: jmm-guest Date: 2007-03-07 12:07:57 +0000 (Wed, 07 Mar 2007) New Revision: 5519 Modified: data/CVE/list Log: apache setsid issue CVEfied and fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-03-07 09:14:13 UTC (rev 5518) +++ data/CVE/list 2007-03-07 12:07:57 UTC (rev 5519) @@ -20,7 +20,7 @@ RESERVED CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites ...) TODO: check -CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...) +5ACVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...) TODO: check CVE-2007-1275 RESERVED @@ -325,7 +325,7 @@ CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows ...) TODO: check CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...) - TODO: check + - apache 1.3.34-4.1 (low; bug #357561) CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have ...) TODO: check CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in ...) @@ -759,8 +759,6 @@ TODO: check CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...) NOT-FOR-US: FreeBSD -CVE-2007-XXXX [apache does not use setsid() to detach from controlling tty ] - - apache <unfixed> (bug #357561) CVE-2007-XXXX [vserver patch allows renice of processes in different context] - linux-2.6 <unfixed> (bug #412143) CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures]