Author: stef-guest
Date: 2007-12-01 09:41:15 +0000 (Sat, 01 Dec 2007)
New Revision: 7451
Modified:
data/CVE/list
Log:
bugnum and no-dsa for apache issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-01 09:27:04 UTC (rev 7450)
+++ data/CVE/list 2007-12-01 09:41:15 UTC (rev 7451)
@@ -4923,7 +4923,11 @@
NOT-FOR-US: snif
CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in
the ...)
- apache <unfixed>
- - apache2 2.2.6-1
+ - apache2 2.2.6-1 (bug #453783)
+ [sarge] - apache <no-dsa> (browser issue, low impact)
+ [etch] - apache <no-dsa> (browser issue, low impact)
+ [sarge] - apache2 <no-dsa> (browser issue, low impact)
+ [etch] - apache2 <no-dsa> (browser issue, low impact)
NOTE: This is really a browser bug, see CVE-2006-5152. But still
unfixed in MSIE.
NOTE: Etch's default configuration not vulnerable due to
AddDefaultCharset,
NOTE: but many users change this.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
