https://bugzilla.novell.com/show_bug.cgi?id=422464
User skh@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=422464#c1
Sonja Krause-Harder changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|skh@novell.com |security-team@suse.de
Status|ASSIGNED |NEW
--- Comment #1 from Sonja Krause-Harder 2008-09-20 12:31:24 MDT ---
Submitted apache2 to sles9, sles10, 10.2, 10.3 and 11.0. apache was not
affected.
Changelogs:
sles10:
-------------------------------------------------------------------
Fri Sep 19 17:55:47 CEST 2008 - skh@suse.de
- add httpd-2.2.x-CVE-2007-6420.patch [bnc#373903]:
mod_proxy_balancer: Prevent CSRF attacks against the
balancer-manager interface. [Joe Orton]
- add httpd-2.0.x-CVE-2008-2939.patch [bnc#415061]:
mod_proxy_ftp: Prevent XSS attacks when using wildcards in
the path of the FTP URL. Discovered by Marc Bevand of Rapid7.
[Ruediger Pluem]
- fix httpd-2.2.x-CVE-2007-3304.patch:
do not bump MODULE_MAGIC_NUMBER_MINOR to 5 as the security fix
only provides part of the api changes
sles9:
-------------------------------------------------------------------
Fri Sep 19 17:58:01 CEST 2008 - skh@suse.de
- add httpd-2.0.x-CVE-2008-2939.patch [bnc#415061]:
mod_proxy_ftp: Prevent XSS attacks when using wildcards in
the path of the FTP URL. Discovered by Marc Bevand of Rapid7.
[Ruediger Pluem]
11.0:
-------------------------------------------------------------------
Fri Sep 19 17:14:36 CEST 2008 - skh@suse.de
- add httpd-2.x.x-logresolve.patch again [bnc#210904]
- add httpd-2.2.x-CVE-2007-6420.patch [bnc#373903]:
mod_proxy_balancer: Prevent CSRF attacks against the
balancer-manager interface. [Joe Orton]
- add httpd-2.2.x-CVE-2008-2364.patch [bnc#408832]:
mod_proxy_http: Better handling of excessive interim responses
from origin server to prevent potential denial of service and high
memory usage. Reported by Ryujiro Shibuya. [Ruediger Pluem,
Joe Orton, Jim Jagielski]
- add httpd-2.2.x-CVE-2008-2939.patch [bnc#415061]:
mod_proxy_ftp: Prevent XSS attacks when using wildcards in
the path of the FTP URL. Discovered by Marc Bevand of Rapid7.
[Ruediger Pluem]
10.3:
-------------------------------------------------------------------
Fri Sep 19 17:39:16 CEST 2008 - skh@suse.de
- add httpd-2.2.x-CVE-2007-6420.patch [bnc#373903]:
mod_proxy_balancer: Prevent CSRF attacks against the
balancer-manager interface. [Joe Orton]
- add httpd-2.2.x-CVE-2008-1678.patch [bnc#392096]:
modules/ssl/mod_ssl.c (ssl_cleanup_pre_config):
Remove the call to CRYPTO_cleanup_all_ex_data here, fixing a
per-connection memory leak which occurs if the client indicates
support for a compression algorithm in the initial handshake, and
mod_ssl is linked against OpenSSL >= 0.9.8f.
- add httpd-2.2.x-CVE-2008-2939.patch [bnc#415061]:
mod_proxy_ftp: Prevent XSS attacks when using wildcards in
the path of the FTP URL. Discovered by Marc Bevand of Rapid7.
[Ruediger Pluem]
- fix httpd-2.2.x-CVE-2007-3304.patch:
do not bump MODULE_MAGIC_NUMBER_MINOR to 5 as the security fix
only provides part of the api changes
10.2:
-------------------------------------------------------------------
Fri Sep 19 17:51:30 CEST 2008 - skh@suse.de
- add httpd-2.2.x-CVE-2007-6420.patch [bnc#373903]:
mod_proxy_balancer: Prevent CSRF attacks against the
balancer-manager interface. [Joe Orton]
- add httpd-2.2.x-CVE-2008-2939.patch [bnc#415061]:
mod_proxy_ftp: Prevent XSS attacks when using wildcards in
the path of the FTP URL. Discovered by Marc Bevand of Rapid7.
[Ruediger Pluem]
- fix httpd-2.2.x-CVE-2007-3304.patch:
do not bump MODULE_MAGIC_NUMBER_MINOR to 5 as the security fix
only provides part of the api changes
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.