thr3ads.net - Secure testing commits - [Secure-testing-commits] r6154

If this information is useful, please help other people find it:
Share via:

stef-guest at alioth.debian.org

2007-Jul-19 11:41 UTC

[Secure-testing-commits] r6154 - data/CVE

Author: stef-guest
Date: 2007-07-19 11:41:23 +0000 (Thu, 19 Jul 2007)
New Revision: 6154

Modified:
   data/CVE/list
Log:
note upcomming apache2 fixes, clarify some other apache issues

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-07-19 09:14:07 UTC (rev 6153)
+++ data/CVE/list	2007-07-19 11:41:23 UTC (rev 6154)
@@ -1259,10 +1259,10 @@
 	- apache <removed> (low)
 	[etch] - apache <unfixed> (low)
 	[sarge] - apache <unfixed> (low)
-	- apache2 <unfixed> (low)
+	- apache2 2.2.4-2 (low)
 	[etch] - apache2 <unfixed> (low)
 	[sarge] - apache2 2.0.54-5sarge2 (low)
-	NOTE: Apache 2.0 likely not affected, see
+	NOTE: Apache 2.0 likely not exploitable, see
 	NOTE:
http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com>
 CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module,
allows ...)
 	- apache2 <unfixed> (unimportant)
@@ -4549,8 +4549,7 @@
 	TODO: check apache 1
 	NOTE: see
http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4
does not ...)
-	- apache2 <not-affected> (Only Apache 2.2.4 was affected)
-	TODO: Check, that no 2.2.4 version is uploaded w/o a fix and remove me once
2.2.5 is in the archive
+	- apache2 <not-affected> (Only Apache 2.2.4 was affected, and all
versions of 2.2.4 in Debian are fixed)
 CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux
Kernel ...)
 	{DSA-1289-1}
 	- linux-2.6 2.6.21-1
@@ -12110,10 +12109,9 @@
 	{DSA-1304}
 	- linux-2.6 <unfixed>
 CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the
...)
-	- apache2 <unfixed> (low)
+	- apache2 2.2.4-2 (low)
 	[sarge] - apache2 2.0.54-5sarge2
 	- apache <removed> (low)
-	TODO: sf, when was this fixed in apache2 for unstable?
 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
 	{DSA-1233}
 	- linux-2.6 2.6.18-8 (medium)
@@ -16237,7 +16235,7 @@
 	{DSA-1167-1}
 	- apache2 2.0.55-4.1 (bug #381376; low)
 	[sarge] - apache2 2.0.54-5sarge2
-	- apache 1.3.34-3 (bug #381381; low)
+	- apache 1.3.34-3 (bug #381381; medium)
 CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in
R. ...)
 	NOT-FOR-US: PHP Forge
 CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews
(aka ...)

Secure testing commits - Jul 2007 - r6154 - data/CVE

[Secure-testing-commits] r6154 - data/CVE