Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 234088 (CVE-2008-2939) - www-servers/apache < 2.2.9-r1 xss in mod_proxy_ftp (CVE-2008-2939)
Summary: www-servers/apache < 2.2.9-r1 xss in mod_proxy_ftp (CVE-2008-2939)
Alias: CVE-2008-2939
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Depends on:
Reported: 2008-08-06 13:59 UTC by Hanno Böck
Modified: 2020-04-09 19:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2008-08-06 13:59:10 UTC
see subject, will probably not get a new apache release.

Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-08-15 10:46:28 UTC
CVE-2008-2939 (
  Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp
  module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp
  module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to
  inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI.
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2008-08-29 13:31:06 UTC
2.2.9-r1 in cvs
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-08-30 12:52:04 UTC
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 4 Markus Meier gentoo-dev 2008-08-30 15:21:05 UTC
amd64/x86 stable
Comment 5 Friedrich Oslage (RETIRED) gentoo-dev 2008-08-30 15:24:58 UTC
sparc stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2008-08-30 16:53:03 UTC
alpha/ia64 stable
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2008-08-31 15:53:09 UTC
ppc stable
Comment 8 Markus Rothe (RETIRED) gentoo-dev 2008-09-01 06:49:39 UTC
ppc64 stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2008-09-03 21:33:20 UTC
Stable for HPPA.
Comment 10 Robert Buchholz (RETIRED) gentoo-dev 2008-09-14 11:31:53 UTC
it's a vote. I vote NO.
Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-09-14 17:19:38 UTC
no too, and closing.