jmm-guest at alioth.debian.org
2007-Jul-18 21:56 UTC
[Secure-testing-commits] r6149 - data/CVE
Author: jmm-guest
Date: 2007-07-18 21:56:57 +0000 (Wed, 18 Jul 2007)
New Revision: 6149
Modified:
data/CVE/list
Log:
record some minor apache fixes coming through os-p-u
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-07-18 19:58:33 UTC (rev 6148)
+++ data/CVE/list 2007-07-18 21:56:57 UTC (rev 6149)
@@ -1040,7 +1040,7 @@
[sarge] - apache <unfixed> (low)
- apache2 <unfixed> (low)
[etch] - apache2 <unfixed> (low)
- [sarge] - apache2 <not-affected> (affects only 1.3.x and 2.2.x)
+ [sarge] - apache2 2.0.54-5sarge2 (low)
NOTE: Apache 2.0 likely not affected, see
NOTE:
http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com>
CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module,
allows ...)
@@ -4314,7 +4314,8 @@
- php4 <unfixed>
- php5 5.2.2-1
CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server
(httpd), ...)
- - apache2 2.2.4-1
+ - apache2 2.2.4-1 (low)
+ [sarge] - apache2 2.0.54-5sarge2
TODO: check apache 1
NOTE: see
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4
does not ...)
@@ -11880,8 +11881,9 @@
- linux-2.6 <unfixed>
CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the
...)
- apache2 <unfixed> (low)
- - apache <unfixed> (low)
- NOTE: 1.3 and 2.0 are affected, too
+ [sarge] - apache2 2.0.54-5sarge2
+ - apache <removed> (low)
+ TODO: sf, when was this fixed in apache2 for unstable?
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
{DSA-1233}
- linux-2.6 2.6.18-8 (medium)
@@ -16002,8 +16004,9 @@
NOT-FOR-US: SD Studio CMS
CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and
6.1 ...)
{DSA-1167-1}
- - apache2 2.0.55-4.1 (bug #381376; medium)
- - apache 1.3.34-3 (bug #381381; medium)
+ - apache2 2.0.55-4.1 (bug #381376; low)
+ [sarge] - apache2 2.0.54-5sarge2
+ - apache 1.3.34-3 (bug #381381; low)
CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in
R. ...)
NOT-FOR-US: PHP Forge
CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews
(aka ...)
@@ -28882,7 +28885,8 @@
{DSA-1017-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL
vhost ...)
- - apache2 2.0.55-4 (bug #351246)
+ - apache2 2.0.55-4 (bug #351246; low)
+ [sarge] - apache2 2.0.54-5sarge2
CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain
situations, ...)
{DSA-1017-1}
- linux-2.6 2.6.15-4
@@ -28903,6 +28907,7 @@
{DSA-1167-1}
- apache 1.3.34-2 (bug #343466; low)
- apache2 2.0.55-4 (bug #343467; bug #349793; low)
+ [sarge] - apache2 2.0.54-5sarge2
NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
NOTE: Means oldstable and stable are affected
CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via
an ...)
@@ -30108,8 +30113,8 @@
- koffice 1:1.3.5-5 (bug #333497; medium)
CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in
certain ...)
- apache2 2.0.55-1 (bug #340337; low)
+ [sarge] - apache2 2.0.54-5sarge2
NOTE: this occurs in the binary package apache2-mpm-worker
- NOTE: Sarge is affected, apache2 was not in oldstable
CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h
and ...)
{DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1}
- openssl 0.9.8-3 (bug #333500; low)