stef-guest at alioth.debian.org
2008-Apr-03 20:25 UTC
[Secure-testing-commits] r8474 - data/CVE
Author: stef-guest
Date: 2008-04-03 20:25:49 +0000 (Thu, 03 Apr 2008)
New Revision: 8474
Modified:
data/CVE/list
Log:
note apache/apache2 no-dsa
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-04-03 10:59:54 UTC (rev 8473)
+++ data/CVE/list 2008-04-03 20:25:49 UTC (rev 8474)
@@ -4325,7 +4325,7 @@
CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the
Apache ...)
- apache <removed> (low)
- apache2 2.2.8-1 (low)
- [etch] - apache <no-dsa> (scheduled for next point release)
+ [etch] - apache2 <no-dsa> (will be fixed in 2.2.3-4+etch6, in etch r4 or
r5)
[etch] - apache 1.3.34-4.1+etch1
CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local
users ...)
{DSA-1437-1}
@@ -9966,6 +9966,7 @@
- apache2 2.2.6-1 (bug #453783)
[sarge] - apache <no-dsa> (browser issue, low impact)
[sarge] - apache2 <no-dsa> (browser issue, low impact)
+ [etch] - apache <no-dsa> (browser issue, low impact)
[etch] - apache2 2.2.3-4+etch4
NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in
MSIE.
NOTE: Etch''s default configuration not vulnerable due to
AddDefaultCharset,