stef-guest at alioth.debian.org
2007-Dec-05 16:34 UTC
[Secure-testing-commits] r7514 - data/CVE
Author: stef-guest Date: 2007-12-05 16:34:22 +0000 (Wed, 05 Dec 2007) New Revision: 7514 Modified: data/CVE/list Log: new minor apache2 issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-12-05 16:12:47 UTC (rev 7513) +++ data/CVE/list 2007-12-05 16:34:22 UTC (rev 7514) @@ -28,7 +28,11 @@ CVE-2007-6204 RESERVED CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method ...) - TODO: check + - apache2 <unfixed> (low) + [sarge] - apache2 <no-dsa> (minor issue) + [etch] - apache2 <no-dsa> (minor issue) + NOTE: There is no way known to exploit this, yet. + NOTE: apache 1.3 is not vulnerable CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users ...) - claws-mail 3.1.0-2 (low; bug #454089) CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX runs "UserParameter" scripts with gid 0, ...)