-
Committer:
Bazaar Package Importer
-
Author(s):
Adam Conrad
-
Date:
2006-01-08 00:01:47 UTC
-
Revision ID:
james.westby@ubuntu.com-20060108000147-1vzo2lgiul2m8ivy
Tags: 2.0.54-5ubuntu4
* SECURITY UPDATE: Remote DoS and Cross-Site Scripting vulnerability.
- Add 050_mod_imap_CVE-2005-3352 to escape untrusted referer headers in
mod_imap before outputting HTML to avoid XSS attacks; see CVE-2005-3352
- Add 051_mod_ssl_CVE-2005-3357 to avoid a remote denial of service in
threaded MPMs when making a non-SSL connection to an SSL-enabled port
on a server with a custom 400 error document defined; see CVE-2005-3357