Author: stef-guest
Date: 2008-09-22 21:14:23 +0000 (Mon, 22 Sep 2008)
New Revision: 9866
Modified:
data/CVE/list
Log:
mark two apache issues as unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-22 11:13:28 UTC (rev 9865)
+++ data/CVE/list 2008-09-22 21:14:23 UTC (rev 9866)
@@ -8560,21 +8560,13 @@
CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class
running ...)
NOT-FOR-US: Symantec LiveState Apache Tomcat server
CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in
the ...)
- - apache <unfixed> (low)
- - apache2 <unfixed> (low)
- [etch] - apache <no-dsa> (minor issue)
- [etch] - apache2 <no-dsa> (minor issue)
- [sarge] - apache <no-dsa> (minor issue)
- [sarge] - apache2 <no-dsa> (minor issue)
+ - apache <unfixed> (unimportant)
+ - apache2 <unfixed> (unimportant)
NOTE: This is only relevant if an attacker can upload files with
arbitrary names
NOTE: but not with arbitrary contents.
CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation
module ...)
- - apache <unfixed> (low)
- - apache2 <unfixed> (low)
- [etch] - apache <no-dsa> (minor issue)
- [etch] - apache2 <no-dsa> (minor issue)
- [sarge] - apache <no-dsa> (minor issue)
- [sarge] - apache2 <no-dsa> (minor issue)
+ - apache <unfixed> (unimportant)
+ - apache2 <unfixed> (unimportant)
NOTE: This is only relevant if an attacker can upload files with
arbitrary names
NOTE: but not with arbitrary contents.
CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
