stef-guest at alioth.debian.org
2008-May-14 21:44 UTC
[Secure-testing-commits] r8812 - data/CVE
Author: stef-guest Date: 2008-05-14 21:43:59 +0000 (Wed, 14 May 2008) New Revision: 8812 Modified: data/CVE/list Log: - new apache2 DoS fixed - apache-ssl is unfortunately in etch Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-05-14 21:14:14 UTC (rev 8811) +++ data/CVE/list 2008-05-14 21:43:59 UTC (rev 8812) @@ -1,3 +1,7 @@ +CVE-2008-XXXX [apache2 mod_ssl DoS (memory leak)] + - apache2 2.2.8-4 + [etch] - apache2 <not-affected> (only a problem with openssl 0.9.8f or later) + NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975 CVE-2008-XXXX [Cross-site scripting (XSS) by missing escaping] - python-django <unfixed> (bug #481164) NOTE: CVE id requested by gentoo @@ -3659,7 +3663,8 @@ CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, ...) NOT-FOR-US: OpenCA PKI Project CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 ...) - NOT-FOR-US: Apache-SSL + - apache <removed> + TODO: check if this needs a DSA CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket ...) NOT-FOR-US: eTicket CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll ...)