stef-guest at alioth.debian.org
2008-Jan-18 19:38 UTC
[Secure-testing-commits] r7963 - data/CVE
Author: stef-guest
Date: 2008-01-18 19:38:39 +0000 (Fri, 18 Jan 2008)
New Revision: 7963
Modified:
data/CVE/list
Log:
info about apache .-release
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-01-18 16:13:44 UTC (rev 7962)
+++ data/CVE/list 2008-01-18 19:38:39 UTC (rev 7963)
@@ -1259,6 +1259,8 @@
CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the
Apache ...)
- apache <unfixed> (low)
- apache2 2.2.8-1 (low)
+ [etch] - apache <no-dsa> (scheduled for next point release)
+ NOTE: pending for apache 1.3.34-4.1+etch1 / etch r3
CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local
users ...)
{DSA-1437-1}
- cupsys 1.3.5-1 (low; bug #456960)
@@ -1702,6 +1704,8 @@
CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before
...)
- apache2 2.2.8-1 (low)
- apache <unfixed> (low)
+ [etch] - apache <no-dsa> (browser issue; low impact)
+ [sarge] - apache <no-dsa> (browser issue; low impact)
CVE-2008-0004
RESERVED
CVE-2008-0003 (Stack-based buffer overflow in the
PAMBasicAuthenticator::PAMCallback ...)
@@ -1725,9 +1729,9 @@
- apache2 2.2.6-3 (low)
[sarge] - apache2 <no-dsa> (minor issue)
[etch] - apache2 <no-dsa> (minor issue)
+ - apache <not-affected> (vulnerable code not present)
NOTE: Might be exploitable with older flash plugins via HTTP Request Splitting
NOTE: pending for 2.2.3-4+etch4 / etch r3
- NOTE: apache 1.3 is not vulnerable
CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local
users ...)
- claws-mail 3.1.0-2 (low; bug #454089)
CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs
"UserParameter" ...)