From cc1d362f2c8c2bb79d5ec94d9bc813004f6733e4 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 23 Jul 2020 11:18:10 +0200
Subject: Update information for old CVE-2008-0455/apache2

It appears from [1] that CVE-2012-2687 was as well known under
(duplicate) CVE-2008-0455. CVE-2012-2687 was fixed witn the 2.2.22-8
upload, so sync the two entries with the fixed version.
---
 data/CVE/list.2008 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'data/CVE/list.2008')

diff --git a/data/CVE/list.2008 b/data/CVE/list.2008
index 62b48f5c87..18fefc128a 100644
--- a/data/CVE/list.2008
+++ b/data/CVE/list.2008
@@ -16124,9 +16124,10 @@ CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the
 	NOTE: but not with arbitrary contents.
 CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...)
 	- apache <removed> (unimportant)
-	- apache2 <unfixed> (unimportant)
+	- apache2 2.2.22-8 (unimportant)
 	NOTE: This is only relevant if an attacker can upload files with arbitrary names
 	NOTE: but not with arbitrary contents.
+	NOTE: https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2012-2687
 CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web contro ...)
 	NOT-FOR-US: Skype
 CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe allo ...)
-- 
cgit v1.2.3