Author: sf Date: 2012-02-25 21:51:04 +0000 (Sat, 25 Feb 2012) New Revision: 18542 Modified: data/CVE/list Log: apr no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-02-25 16:10:40 UTC (rev 18541) +++ data/CVE/list 2012-02-25 21:51:04 UTC (rev 18542) @@ -1008,6 +1008,7 @@ - libxml2 <unfixed> (bug #660846) CVE-2012-0840 (tables/apr_hash.c in the Apache Portable Runtime (APR) library through ...) - apr <unfixed> (low; bug #655435) + [squeeze] - apr <no-dsa> (exploitability in httpd extremely limited, not known to be exploitable in svn) NOTE: Commit http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD at eris.apache.org%3E seems to cause regressions CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without restricting the ...) - ocaml <unfixed> (low; bug #659149)