Author: sf Date: 2011-11-26 19:40:24 +0000 (Sat, 26 Nov 2011) New Revision: 17687 Modified: data/CVE/list Log: apache2: one issue unimportant, two new variants of a previous issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-11-26 15:44:33 UTC (rev 17686) +++ data/CVE/list 2011-11-26 19:40:24 UTC (rev 17687) @@ -347,7 +347,8 @@ CVE-2011-4416 RESERVED CVE-2011-4415 (The ap_pregsub function in server/util.c in the Apache HTTP Server ...) - - apache2 <unfixed> + - apache2 <unfixed> (unimportant) + NOTE: apache2 does not protect or claim to protect against DoS through .htaccess CVE-2011-4414 RESERVED CVE-2011-4413 @@ -569,8 +570,10 @@ RESERVED - dovecot <unfixed> (unimportant; bug #649511) NOTE: Additional hardening -CVE-2011-4317 +CVE-2011-4317 [mod_proxy/mod_rewrite insufficient sanitization of invalid URLs] RESERVED + - apache2 <unfixed> + NOTE: Related to CVE-2011-3368 and CVE-2011-3639 but a different issue CVE-2011-4316 RESERVED CVE-2011-4315 @@ -2609,8 +2612,10 @@ [lenny] - chromium-browser <no-dsa> (attacker needs to get malicious file into cwd first) [squeeze] - chromium-browser <no-dsa> (attacker needs to get malicious file into cwd first) NOTE: http://seclists.org/fulldisclosure/2011/Oct/734 -CVE-2011-3639 +CVE-2011-3639 [mod_proxy/mod_rewrite insufficient URI sanitization with HTTP/0.9 and pre 2.2.18] RESERVED + - apache2 2.2.18-1 + NOTE: Related to CVE-2011-3368 and CVE-2011-4317 but a different issue CVE-2011-3638 RESERVED - linux-2.6 3.0.0-1