httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m..@apache.org
Subject svn commit: r399010 - in /httpd/site/trunk: docs/security/vulnerabilities_13.html docs/security/vulnerabilities_20.html docs/security/vulnerabilities_22.html xdocs/security/vulnerabilities-httpd.xml xdocs/security/vulnerabilities_22.xml
Date Tue, 02 May 2006 18:45:19 GMT
Author: mjc
Date: Tue May  2 11:45:16 2006
New Revision: 399010

URL: http://svn.apache.org/viewcvs?rev=399010&view=rev
Log:
Deal with latest releases

Modified:
    httpd/site/trunk/docs/security/vulnerabilities_13.html
    httpd/site/trunk/docs/security/vulnerabilities_20.html
    httpd/site/trunk/docs/security/vulnerabilities_22.html
    httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
    httpd/site/trunk/xdocs/security/vulnerabilities_22.xml

Modified: httpd/site/trunk/docs/security/vulnerabilities_13.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_13.html?rev=399010&r1=399009&r2=399010&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_13.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_13.html Tue May  2 11:45:16 2006
@@ -81,7 +81,7 @@
            <table border="0" cellspacing="0" cellpadding="2" width="100%">
  <tr><td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
-   <a name="1.3.35-dev"><strong>Fixed in Apache httpd 1.3.35-dev</strong></a>
+   <a name="1.3.35"><strong>Fixed in Apache httpd 1.3.35</strong></a>
   </font>
  </td></tr>
  <tr><td>
@@ -100,7 +100,9 @@
 URL using certain web browsers.  
 </p>
 </dd>
-<dd />
+<dd>
+  Update Released: 1st May 2006<br />
+</dd>
 <dd>
       Affects: 
     1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20,
1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, 1.3.0<p
/>

Modified: httpd/site/trunk/docs/security/vulnerabilities_20.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_20.html?rev=399010&r1=399009&r2=399010&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_20.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_20.html Tue May  2 11:45:16 2006
@@ -81,7 +81,7 @@
            <table border="0" cellspacing="0" cellpadding="2" width="100%">
  <tr><td bgcolor="#525D76">
   <font color="#ffffff" face="arial,helvetica,sanserif">
-   <a name="2.0.56-dev"><strong>Fixed in Apache httpd 2.0.56-dev</strong></a>
+   <a name="2.0.58"><strong>Fixed in Apache httpd 2.0.58</strong></a>
   </font>
  </td></tr>
  <tr><td>
@@ -101,7 +101,9 @@
 crash would only be a denial of service if using the worker MPM.
 </p>
 </dd>
-<dd />
+<dd>
+  Update Released: 1st May 2006<br />
+</dd>
 <dd>
       Affects: 
     2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />
@@ -119,7 +121,9 @@
 URL using certain web browsers.  
 </p>
 </dd>
-<dd />
+<dd>
+  Update Released: 1st May 2006<br />
+</dd>
 <dd>
       Affects: 
     2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45,
2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35<p />

Modified: httpd/site/trunk/docs/security/vulnerabilities_22.html
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/docs/security/vulnerabilities_22.html?rev=399010&r1=399009&r2=399010&view=diff
==============================================================================
--- httpd/site/trunk/docs/security/vulnerabilities_22.html (original)
+++ httpd/site/trunk/docs/security/vulnerabilities_22.html Tue May  2 11:45:16 2006
@@ -78,6 +78,39 @@
   </blockquote>
  </td></tr>
 </table>
+           <table border="0" cellspacing="0" cellpadding="2" width="100%">
+ <tr><td bgcolor="#525D76">
+  <font color="#ffffff" face="arial,helvetica,sanserif">
+   <a name="2.2.2"><strong>Fixed in Apache httpd 2.2.2</strong></a>
+  </font>
+ </td></tr>
+ <tr><td>
+  <blockquote>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+</dd>
+<dd>
+  Update Released: 1st May 2006<br />
+</dd>
+<dd>
+      Affects: 
+    2.2.0<p />
+</dd>
+</dl>
+  </blockquote>
+ </td></tr>
+</table>
          </td>
    </tr>
    <!-- FOOTER -->

Modified: httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml?rev=399010&r1=399009&r2=399010&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities-httpd.xml Tue May  2 11:45:16 2006
@@ -1,6 +1,6 @@
 <security updated="20051222">
 
-<issue fixed="2.0.56-dev" public="20051212" reported="20051205">
+<issue fixed="2.0.58" public="20051212" reported="20051205" released="20060501">
 <cve name="CVE-2005-3357"/>
 <severity level="4">low</severity>
 <title>mod_ssl access control DoS</title>
@@ -34,7 +34,7 @@
 <affects prod="httpd" version="2.0.35"/>
 </issue>
 
-<issue fixed="2.2.1-dev" public="20051212" reported="20051101">
+<issue fixed="2.2.2" public="20051212" reported="20051101" released="20060501">
 <cve name="CVE-2005-3352"/>
 <severity level="3">moderate</severity>
 <title>mod_imap Referer Cross-Site Scripting</title>
@@ -49,7 +49,7 @@
 <affects prod="httpd" version="2.2.0"/>
 </issue>
 
-<issue fixed="2.0.56-dev" public="20051212" reported="20051101">
+<issue fixed="2.0.58" public="20051212" reported="20051101" released="20060501">
 <cve name="CVE-2005-3352"/>
 <severity level="3">moderate</severity>
 <title>mod_imap Referer Cross-Site Scripting</title>
@@ -82,7 +82,7 @@
 <affects prod="httpd" version="2.0.35"/>
 </issue>
 
-<issue fixed="1.3.35-dev" public="20051212" reported="20051101">
+<issue fixed="1.3.35" public="20051212" reported="20051101" released="20060501">
 <cve name="CVE-2005-3352"/>
 <severity level="3">moderate</severity>
 <title>mod_imap Referer Cross-Site Scripting</title>

Modified: httpd/site/trunk/xdocs/security/vulnerabilities_22.xml
URL: http://svn.apache.org/viewcvs/httpd/site/trunk/xdocs/security/vulnerabilities_22.xml?rev=399010&r1=399009&r2=399010&view=diff
==============================================================================
--- httpd/site/trunk/xdocs/security/vulnerabilities_22.xml (original)
+++ httpd/site/trunk/xdocs/security/vulnerabilities_22.xml Tue May  2 11:45:16 2006
@@ -19,5 +19,30 @@
 these vulnerabilities to the <a href="/security_report.html">Security
 Team</a>.  </p>
 </section>
+<section id="2.2.2">
+<title>Fixed in Apache httpd 2.2.2</title>
+<dl>
+<dd>
+<b>moderate: </b>
+<b>
+<name name="CVE-2005-3352">mod_imap Referer Cross-Site Scripting</name>
+</b>
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352">CVE-2005-3352</a>
+<p>
+A flaw in mod_imap when using the Referer directive with image maps.
+In certain site configurations a remote attacker could perform a cross-site
+scripting attack if a victim can be forced to visit a malicious 
+URL using certain web browsers.  
+</p>
+</dd>
+<dd>
+  Update Released: 1st May 2006<br/>
+</dd>
+<dd>
+      Affects: 
+    2.2.0<p/>
+</dd>
+</dl>
+</section>
 </body>
 </document>



Mime
View raw message