Author: gilbert-guest Date: 2009-08-10 23:59:52 +0000 (Mon, 10 Aug 2009) New Revision: 12558 Modified: data/CVE/list data/embedded-code-copies Log: - fix typo - apache issue doesn''t warrant a dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-10 23:56:52 UTC (rev 12557) +++ data/CVE/list 2009-08-10 23:59:52 UTC (rev 12558) @@ -1,5 +1,7 @@ CVE-2009-XXXX [apache2: xml-based firewall bypass / port scanning] - apache2 <unfixed> (low; bug #540862) + [etch] - apache2 <no-dsa> (minor issue) + [lenny] - apache2 <no-dsa> (minor issue) CVE-2009-XXXX [linux-2.6: parisc eisa underflow] - linux-2.6 <unfixed> (low) - linux-2.6.24 <removed> Modified: data/embedded-code-copies ==================================================================--- data/embedded-code-copies 2009-08-10 23:56:52 UTC (rev 12557) +++ data/embedded-code-copies 2009-08-10 23:59:52 UTC (rev 12558) @@ -921,4 +921,4 @@ - adept <unfixed> (embed; bug #540649) libvorbis: - - xulrunner <unfixed> (embed; 540959) + - xulrunner <unfixed> (embed; bug #540959)
Michael S. Gilbert
2009-Aug-11 16:00 UTC
[Secure-testing-team] [Secure-testing-commits] r12558 - in data: . CVE
On Tue, 11 Aug 2009 17:17:11 +0200, Moritz Muehlenhoff wrote:> Hi Michael, > > On Mon, Aug 10, 2009 at 11:59:52PM +0000, Michael Gilbert wrote: > > Author: gilbert-guest > > Date: 2009-08-10 23:59:52 +0000 (Mon, 10 Aug 2009) > > New Revision: 12558 > > > > Modified: > > data/CVE/list > > data/embedded-code-copies > > Log: > > - fix typo > > - apache issue doesn''t warrant a dsa > > > michael.s.gilbert at gmail.com> > > > > > Modified: data/CVE/list > > ==================================================================> > --- data/CVE/list 2009-08-10 23:56:52 UTC (rev 12557) > > +++ data/CVE/list 2009-08-10 23:59:52 UTC (rev 12558) > > @@ -1,5 +1,7 @@ > > CVE-2009-XXXX [apache2: xml-based firewall bypass / port scanning] > > - apache2 <unfixed> (low; bug #540862) > > + [etch] - apache2 <no-dsa> (minor issue) > > + [lenny] - apache2 <no-dsa> (minor issue) > > CVE-2009-XXXX [linux-2.6: parisc eisa underflow] > > - linux-2.6 <unfixed> (low) > > - linux-2.6.24 <removed> > > Stefan''s followup indicates that Apache isn''t affected at all, > so this would rather be a <not-affected>?i think that it would make more sense to continue tracking the issue until someone has a chance to test whether the exploit actually works or not. also, i think that it should be reassigned to xerces, since the flaw happens to be in xml parsing, rather than apache itself... mike