[Secure-testing-commits] r55870 - data/CVE

Salvatore Bonaccorso Mon, 18 Sep 2017 06:43:28 -0700

Author: carnil
Date: 2017-09-18 13:43:06 +0000 (Mon, 18 Sep 2017)
New Revision: 55870


Modified:
   data/CVE/list
Log:
Add CVE-2017-9798

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-09-18 13:04:46 UTC (rev 55869)
+++ data/CVE/list       2017-09-18 13:43:06 UTC (rev 55870)
@@ -11659,6 +11659,12 @@
        NOT-FOR-US: Apache Storm
 CVE-2017-9798
        RESERVED
+       - apache2 <unfixed>
+       NOTE: 
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
+       NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61207
+       NOTE: https://github.com/hannob/optionsbleed
+       NOTE: Patch: 
https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
+       NOTE: Patch backport for 2.2: 
https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
 CVE-2017-9797
        RESERVED
 CVE-2017-9796


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r55870 - data/CVE

Reply via email to