Bug 234088 (CVE-2008-2939)

Comment 1 Robert Buchholz (RETIRED) 2008-08-15 10:46:28 UTC

CVE-2008-2939 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2939):
  Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp
  module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp
  module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to
  inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI.

Comment 2 Benedikt Böhm (RETIRED) 2008-08-29 13:31:06 UTC

2.2.9-r1 in cvs

Comment 3 Robert Buchholz (RETIRED) 2008-08-30 12:52:04 UTC

Arches, please test and mark stable:
=www-servers/apache-2.2.9-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"

Comment 4 Markus Meier 2008-08-30 15:21:05 UTC

amd64/x86 stable

Comment 5 Friedrich Oslage (RETIRED) 2008-08-30 15:24:58 UTC

sparc stable

Comment 6 Raúl Porcel (RETIRED) 2008-08-30 16:53:03 UTC

alpha/ia64 stable

Comment 7 Tobias Scherbaum (RETIRED) 2008-08-31 15:53:09 UTC

ppc stable

Comment 8 Markus Rothe (RETIRED) 2008-09-01 06:49:39 UTC

ppc64 stable

Comment 9 Jeroen Roovers (RETIRED) 2008-09-03 21:33:20 UTC

Stable for HPPA.

Comment 10 Robert Buchholz (RETIRED) 2008-09-14 11:31:53 UTC

it's a vote. I vote NO.

Comment 11 Pierre-Yves Rofes (RETIRED) 2008-09-14 17:19:38 UTC

no too, and closing.