Author: fw
Date: 2009-06-16 20:14:23 +0000 (Tue, 16 Jun 2009)
New Revision: 12138
Modified:
data/CVE/list
data/DSA/list
Log:
CVE-2009-1195: apache2-mpm-itk is actually vulnerable
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-16 19:58:46 UTC (rev 12137)
+++ data/CVE/list 2009-06-16 20:14:23 UTC (rev 12138)
@@ -2638,6 +2638,8 @@
TODO: check
CVE-2009-1195 (The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not
...)
- apache2 2.2.11-6 (low; bug #530834)
+ - apache2-mpm-itk
+ NOTE: apache2-mpm-itk is vulnerable due to static linking
CVE-2009-1194 (Integer overflow in the pango_glyph_string_set_size function in
...)
{DSA-1798-1}
- pango1.0 1.24.0-2 (medium; bug #527474)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2009-06-16 19:58:46 UTC (rev 12137)
+++ data/DSA/list 2009-06-16 20:14:23 UTC (rev 12138)
@@ -1,6 +1,8 @@
[16 Jun 2009] DSA-1816-1 apache2 apache2-mpm-itk - privilege escalation
{CVE-2009-1195}
+ [etch] - apache2-mpm-itk 2.2.3-01-2+etch2
[etch] - apache2 2.2.3-4+etch8
+ [lenny] - apache2-mpm-itk 2.2.6-02-1+lenny1
[lenny] - apache2 2.2.9-10+lenny3
[14 Jun 2009] DSA-1815-1 libtorrent-rasterbar - denial of
{CVE-2009-1760}