[Secure-testing-commits] r7930 - data/CVE

Tue, 15 Jan 2008 12:27:35 -0800 

Author: stef-guest
Date: 2008-01-15 20:27:39 +0000 (Tue, 15 Jan 2008)
New Revision: 7930

Modified:
   data/CVE/list
Log:
more minor apache issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2008-01-15 12:38:57 UTC (rev 7929)
+++ data/CVE/list       2008-01-15 20:27:39 UTC (rev 7930)
@@ -1042,18 +1042,22 @@
        RESERVED
 CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running 
in ...)
        NOT-FOR-US: Fonality Trixbox
-CVE-2007-6423
+CVE-2007-6423 [windows only Apache mod_proxy_balancer issue]
        RESERVED
+       - apache2 <not-affected> (disputed / only for Windows)
 CVE-2007-6422 (Unspecified vulnerability in mod_proxy_balancer in the Apache 
HTTP ...)
        - apache2 <unfixed> (low)
        [etch] - apache2 <no-dsa> (minor issue)
-       [sarge] - apache2 <not-affected> (vulnerable code introduced later)
+       [sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
 CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in mod_proxy_balancer 
in the ...)
        - apache2 <unfixed> (low)
        [etch] - apache2 <no-dsa> (minor issue)
-       [sarge] - apache2 <not-affected> (vulnerable code introduced later)
-CVE-2007-6420
+       [sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
+CVE-2007-6420 [Apache mod_proxy_balancer XSRF in balancer manager]
        RESERVED
+       - apache2 <unfixed> (low)
+       [etch] - apache2 <no-dsa> (minor issue)
+       [sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
 CVE-2007-6419 (Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, 
...)
        NOT-FOR-US: HP-UX
 CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 
through ...)
@@ -1559,8 +1563,10 @@
        RESERVED
 CVE-2008-0006
        RESERVED
-CVE-2008-0005
+CVE-2008-0005 [Apache mod_proxy_ftp Undefined Charset UTF-7 XSS Vulnerability]
        RESERVED
+       - apache2 <unfixed> (low)
+       - apache <unfixed> (low)
 CVE-2008-0004
        RESERVED
 CVE-2008-0003 (Stack-based buffer overflow in the 
PAMBasicAuthenticator::PAMCallback ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to