Author: joeyh
Date: 2005-09-08 19:09:26 +0000 (Thu, 08 Sep 2005)
New Revision: 1865
Modified:
data/CAN/list
data/DSA/list
Log:
new apache2 DSA, the fix was also uploaded to tpu and I have approved it for
testing, FWIW.
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-08 18:54:39 UTC (rev 1864)
+++ data/CAN/list 2005-09-08 19:09:26 UTC (rev 1865)
@@ -225,7 +225,7 @@
NOTE: not-for-us (Astato specific)
CAN-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote
...)
NOTE: The CVE description is wrong, this has been merged for 2.0.55
- - apache2 (unfixed; bug #326435; medium)
+ - apache2 2.0.54-5 (bug #326435; medium)
CAN-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and
server ...)
NOTE: not-for-us (Home Ftp Server)
CAN-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7
allows ...)
@@ -279,8 +279,7 @@
NOTE: reserved
CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
- libapache-mod-ssl 2.8.24-1 (medium)
- NOTE: apache2 maintainer working on an update
- - apache2 (unfixed; bug #327210; medium)
+ - apache2 2.0.54-5 (bug #327210; medium)
CAN-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
NOTE: not-for-us (PHPKit)
CAN-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp
...)
@@ -2912,7 +2911,7 @@
NOTE: not-for-us (Microsoft)
CAN-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows
remote ...)
- apache 1.3.33-8 (bug #322607; medium)
- - apache2 (unfixed; bug #316173; medium)
+ - apache2 2.0.54-5 (bug #316173; medium)
CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote
attackers ...)
NOTE: not-for-us (Microsoft)
CAN-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in
phpBB ...)
@@ -6434,7 +6433,7 @@
CAN-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List
(CRL) ...)
NOTE: This is from latest Trustix advisory, exploitation would require to
trick
NOTE: someone into using a maliciously crafted certificate revocation list
- - apache2 (unfixed; bug #320048; low)
+ - apache2 2.0.54-5 (bug #320048; low)
CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly
handle ...)
- tcpdump 3.9.0.cvs.20050614-1 (medium)
CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote
attackers to ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-09-08 18:54:39 UTC (rev 1864)
+++ data/DSA/list 2005-09-08 19:09:26 UTC (rev 1865)
@@ -1,3 +1,7 @@
+[08 Sep 2005] DSA-805-1 apache2 - several
+ {CAN-2005-1268 CAN-2005-2088 CAN-2005-2700 CAN-2005-2728}
+ - apache2 2.0.54-5 (low)
+ NOTE: not fixed in testing at time of DSA (too young)
[08 Sep 2005] DSA-804-1 kdelibs - insecure permissions
{CAN-2005-1920}
- kdebase 4:3.4.2-3 (medium)