stef-guest at alioth.debian.org
2007-Jun-28 22:04 UTC
[Secure-testing-commits] r6073 - data/CVE
Author: stef-guest Date: 2007-06-28 22:04:52 +0000 (Thu, 28 Jun 2007) New Revision: 6073 Modified: data/CVE/list Log: two apache issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-06-28 21:48:34 UTC (rev 6072) +++ data/CVE/list 2007-06-28 22:04:52 UTC (rev 6073) @@ -330,9 +330,17 @@ CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x before ...) NOT-FOR-US: Cerulean Studios Trillian CVE-2007-3304 (Apache httpd 1.3.37, and 2.0.59 and 2.2.4 with the Prefork MPM module, ...) - TODO: check + - apache <removed> (low) + [etch] - apache <unfixed> (low) + [sarge] - apache <unfixed> (low) + - apache2 <unfixed> (low) + [etch] - apache2 <unfixed> (low) + [sarge] - apache2 <not-affected> (affects only 1.3.xnd 2.2.x) + NOTE: Apache 2.0 likely not affected, see + NOTE: http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com> CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...) - TODO: check + - apache2 <unfixed> (unimportant) + NOTE: If you can execute arbitrary code, a DoS is not a problem. CVE-2007-3302 RESERVED CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in ...)