[Secure-testing-commits] r8147 - data/CVE
Author: joeyh Date: 2008-02-13 09:14:27 + (Wed, 13 Feb 2008) New Revision: 8147 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2008-02-12 23:05:04 UTC (rev 8146) +++ data/CVE/list 2008-02-13 09:14:27 UTC (rev 8147) @@ -1,3 +1,135 @@ +CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks ...) + TODO: check +CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not ...) + TODO: check +CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and ...) + TODO: check +CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers ...) + TODO: check +CVE-2008-0728 (libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown ...) + TODO: check +CVE-2008-0727 + RESERVED +CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows ...) + TODO: check +CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and (2) ...) + TODO: check +CVE-2008-0724 (The Everything Development Engine in The Everything Development System ...) + TODO: check +CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews ...) + TODO: check +CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in Pagetool ...) + TODO: check +CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon (com_sermon) ...) + TODO: check +CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and ...) + TODO: check +CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the ...) + TODO: check +CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in ...) + TODO: check +CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 ...) + TODO: check +CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 ...) + TODO: check +CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows ...) + TODO: check +CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host allows ...) + TODO: check +CVE-2008-0713 + RESERVED +CVE-2008-0712 + RESERVED +CVE-2008-0711 + RESERVED +CVE-2008-0710 + RESERVED +CVE-2008-0709 + RESERVED +CVE-2008-0708 + RESERVED +CVE-2008-0707 + RESERVED +CVE-2008-0706 + RESERVED +CVE-2008-0705 + RESERVED +CVE-2008-0704 + RESERVED +CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 allow ...) + TODO: check +CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 and ...) + TODO: check +CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check ...) + TODO: check +CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux ...) + TODO: check +CVE-2008-0699 (Unspecified vulnerability in SYSPROC.ADMIN_SP_C in IBM DB2 UDB before ...) + TODO: check +CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 ...) + TODO: check +CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 ...) + TODO: check +CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization ...) + TODO: check +CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script 2007 ...) + TODO: check +CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM ...) + TODO: check +CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 ...) + TODO: check +CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and ...) + TODO: check +CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php ...) + TODO: check +CVE-2008-0690 (SQL injection vulnerability in index.php in the mosDirectory ...) + TODO: check +CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace ...) + TODO: check +CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript ...) + TODO: check +CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in ...) + TODO: check +CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences ...) + TODO: check +CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 ...) + TODO: check +CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...) + TODO: check +CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ...) + TODO: check +CVE-2008-0682 (SQL injection vulnerability in
[Secure-testing-commits] r8148 - data/CVE
Author: jmm-guest Date: 2008-02-13 13:58:52 + (Wed, 13 Feb 2008) New Revision: 8148 Modified: data/CVE/list Log: two NFUs Modified: data/CVE/list === --- data/CVE/list 2008-02-13 09:14:27 UTC (rev 8147) +++ data/CVE/list 2008-02-13 13:58:52 UTC (rev 8148) @@ -11,7 +11,7 @@ CVE-2008-0727 RESERVED CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Reader CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and (2) ...) TODO: check CVE-2008-0724 (The Everything Development Engine in The Everything Development System ...) @@ -129,7 +129,7 @@ CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c in ...) TODO: check CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Reader CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with ...) NOT-FOR-US: Novell Challenge Response Client CVE-2008-0662 (The Auto Local Logon feature in Check Point VPN-1 ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8149 - data/CVE
Author: nion Date: 2008-02-13 14:28:23 + (Wed, 13 Feb 2008) New Revision: 8149 Modified: data/CVE/list Log: CVE-2005-1039 fixed in coreutils 6.10-1 Modified: data/CVE/list === --- data/CVE/list 2008-02-13 13:58:52 UTC (rev 8148) +++ data/CVE/list 2008-02-13 14:28:23 UTC (rev 8149) @@ -47519,7 +47519,7 @@ CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...) - netapplet not-affected (Not vulerable, see bug #310833) CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...) - - coreutils unfixed (bug #304556; unimportant) + - coreutils 6.10-1 (bug #304556; unimportant) NOTE: Minor issue, generic UNIX design issue, see discussion in #304556) CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...) NOTE: long fixed in Debian's cron ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8150 - data/CVE
Author: nion Date: 2008-02-13 16:14:46 + (Wed, 13 Feb 2008) New Revision: 8150 Modified: data/CVE/list Log: NFUs CVE-2008-0728 fixed in clamav 0.92.1~dfsg-1 CVE-2008-0720 webmin has an itp Modified: data/CVE/list === --- data/CVE/list 2008-02-13 14:28:23 UTC (rev 8149) +++ data/CVE/list 2008-02-13 16:14:46 UTC (rev 8150) @@ -1,41 +1,41 @@ CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks ...) - TODO: check + NOT-FOR-US: Apache Geronimo CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not ...) - TODO: check + NOT-FOR-US: SuSE kernel/apparmor CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers ...) - TODO: check + NOT-FOR-US: Apple iPhone CVE-2008-0728 (libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown ...) - TODO: check + - clamav 0.92.1~dfsg-1 CVE-2008-0727 RESERVED CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and (2) ...) - TODO: check + NOT-FOR-US: Titan FTP Server CVE-2008-0724 (The Everything Development Engine in The Everything Development System ...) - TODO: check + NOT-FOR-US: The Everything Development System CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews ...) - TODO: check + NOT-FOR-US: MyNews CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in Pagetool ...) - TODO: check + NOT-FOR-US: Pagetool CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon (com_sermon) ...) - TODO: check + NOT-FOR-US: Sermon component for Mambo CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and ...) - TODO: check + - webmin itp (bug #377948) CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the ...) - TODO: check + NOT-FOR-US: osCommerce Online Merchant CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 ...) - TODO: check + NOT-FOR-US: IBM WebSphere Edge Server CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 ...) - TODO: check + NOT-FOR-US: Symantec Altiris Notification Server CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows ...) - TODO: check + NOT-FOR-US: ACDSee CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host allows ...) - TODO: check + NOT-FOR-US: Mihalism Multi Host CVE-2008-0713 RESERVED CVE-2008-0712 @@ -57,35 +57,35 @@ CVE-2008-0704 RESERVED CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 allow ...) - TODO: check + NOT-FOR-US: sflog! CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 and ...) - TODO: check + NOT-FOR-US: Titan FTP Server CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check ...) - TODO: check + NOT-FOR-US: Magnolia CE CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux ...) - TODO: check + NOT-FOR-US: CruxCMS CVE-2008-0699 (Unspecified vulnerability in SYSPROC.ADMIN_SP_C in IBM DB2 UDB before ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization ...) - TODO: check + NOT-FOR-US: IBM DB2 CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script 2007 ...) - TODO: check + NOT-FOR-US: BookmarkX CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM ...) - TODO: check + NOT-FOR-US: IBM OS/400 V5R3M0 and V5R4M0 CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 ...) - TODO: check + NOT-FOR-US: Print Manager Plus CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and ...) - TODO: check + NOT-FOR-US: iTechBids CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in
[Secure-testing-commits] r8151 - data/CVE
Author: nion Date: 2008-02-13 17:29:32 + (Wed, 13 Feb 2008) New Revision: 8151 Modified: data/CVE/list Log: NFUs 3 tintin++ issues (CVE-2008-067[1-3]) CVE-2008-0668 fixed in gnumeric 1.8.1-1 CVE-2008-0318 dup? CVE-2008-0318 fixed in clamav 0.92.1~dfsg-1 two new tomcat issues (CVE-2007-6286, CVE-2007-5333) Modified: data/CVE/list === --- data/CVE/list 2008-02-13 16:14:46 UTC (rev 8150) +++ data/CVE/list 2008-02-13 17:29:32 UTC (rev 8151) @@ -87,47 +87,47 @@ CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace ...) NOT-FOR-US: Marketplace component for Joomla! CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript ...) - TODO: check + NOT-FOR-US: Smartscript Domain Trader CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + NOT-FOR-US: Youtube Clone Script CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences ...) - TODO: check + NOT-FOR-US: NeoReferences component for Joomla! CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 ...) - TODO: check + NOT-FOR-US: iTechClassifieds CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...) - TODO: check + NOT-FOR-US: iTechClassifieds CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ...) - TODO: check + NOT-FOR-US: st_newsletter plugin for WordPress CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin ...) - TODO: check + NOT-FOR-US: Wordspew plugin for Wordpress CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows ...) - TODO: check + NOT-FOR-US: PHPShop CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote attackers to ...) - TODO: check + NOT-FOR-US: MicroTik RouterOS CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 ...) - TODO: check + NOT-FOR-US: BlogPHP CVE-2008-0678 (SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote ...) - TODO: check + NOT-FOR-US: BlogPHP CVE-2008-0677 (SQL injection vulnerability in blog.php in A-Blog 2 allows remote ...) - TODO: check + NOT-FOR-US: A-Blog CVE-2008-0676 (Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 ...) - TODO: check + NOT-FOR-US: A-Blog CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything ...) - TODO: check + NOT-FOR-US: Everything Development System CVE-2008-0674 RESERVED CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an ...) - TODO: check + - tintin++ unfixed (low; bug #465643) CVE-2008-0672 (The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 ...) - TODO: check + - tintin++ unfixed (low; bug #465643) CVE-2008-0671 (Stack-based buffer overflow in the add_line_buffer function in ...) - TODO: check + - tintin++ unfixed (medium; bug #465643) CVE-2008-0670 (SQL injection vulnerability in index.php in the Noticias ...) - TODO: check + NOT-FOR-US: Noticias component for Joomla! CVE-2008-0669 (Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity ...) - TODO: check + NOT-FOR-US: Sift Unity CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c in ...) - TODO: check + - gnumeric 1.8.1-1 (medium) CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe ...) NOT-FOR-US: Adobe Acrobat Reader CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with ...) @@ -182,7 +182,7 @@ CVE-2008-0641 RESERVED CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 ...) - TODO: check + NOT-FOR-US: Symantec Ghost Solution Suite CVE-2008-0639 RESERVED CVE-2008-0638 @@ -190,7 +190,7 @@ CVE-2008-0637 RESERVED CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x ...) - TODO: check + NOT-FOR-US: Managed Workplace Service Center CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads 2.4.0 ...) NOT-FOR-US: Openads CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in ...) @@ -600,7 +600,7 @@ CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in SLAED CMS ...) NOT-FOR-US: SLAED CMS CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class running ...) - TODO: check + NOT-FOR-US: Symantec LiveState Apache Tomcat server CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the ...) - apache unfixed (low)
[Secure-testing-commits] Processing r8151 failed
The error message was: data/CVE/list:25: ITPed package webmin is in the archive Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r8151 failed
The error message was: data/CVE/list:25: ITPed package webmin is in the archive Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8152 - data/CVE
Author: nion Date: 2008-02-13 20:32:33 + (Wed, 13 Feb 2008) New Revision: 8152 Modified: data/CVE/list Log: fix tag Modified: data/CVE/list === --- data/CVE/list 2008-02-13 17:29:32 UTC (rev 8151) +++ data/CVE/list 2008-02-13 20:32:33 UTC (rev 8152) @@ -5719,7 +5719,7 @@ - iceape 1.1.5 NOTE: MFSA2007-33 CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 ...) - - tomcat5.5 unfixed (medium; bug #465645) + - tomcat5.5 unfixed (medium; bug #465645) - tomcat5 removed CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...) NOT-FOR-US: ARCServe BackUp ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8153 - data/CVE
Author: jmm-guest Date: 2008-02-13 20:47:29 + (Wed, 13 Feb 2008) New Revision: 8153 Modified: data/CVE/list Log: webmin is still present in Sarge (and was removed for good) Modified: data/CVE/list === --- data/CVE/list 2008-02-13 20:32:33 UTC (rev 8152) +++ data/CVE/list 2008-02-13 20:47:29 UTC (rev 8153) @@ -23,7 +23,7 @@ CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon (com_sermon) ...) NOT-FOR-US: Sermon component for Mambo CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and ...) - - webmin itp (bug #377948) + - webmin removed CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the ...) NOT-FOR-US: osCommerce Online Merchant CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in ...) @@ -5810,7 +5810,7 @@ RESERVED CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function in ...) {DTSA-66-1} - - alsaplayer 0.99.80~rc4-1 (medium; bug #446034) + - alsaplayer 0.99.80~rc4-1 (low; bug #446034) CVE-2007-5288 REJECTED CVE-2007-5287 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r8152 failed
The error message was: data/CVE/list:25: ITPed package webmin is in the archive Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8154 - data/CVE
Author: nion Date: 2008-02-13 20:48:55 + (Wed, 13 Feb 2008) New Revision: 8154 Modified: data/CVE/list Log: update on CVE-2007-6286, copied wrong CVE id first Modified: data/CVE/list === --- data/CVE/list 2008-02-13 20:47:29 UTC (rev 8153) +++ data/CVE/list 2008-02-13 20:48:55 UTC (rev 8154) @@ -2556,8 +2556,9 @@ CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in Lxlabs ...) NOT-FOR-US: HyperVM CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the ...) - - tomcat5.5 unfixed (medium; bug #465644) - - tomcat5 removed + TODO: check + NOTE: poked maintainer if we make use of the apr backend, I guess not because + NOTE: libapr is not the build-deps CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux ...) NOTE: maintainer will patch autofs5 in upload to unstable TODO: check when autofs5 hits unstable ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8155 - data/CVE
Author: nion Date: 2008-02-13 21:12:56 + (Wed, 13 Feb 2008) New Revision: 8155 Modified: data/CVE/list Log: CVE-2007-6286 does not affect tomcat5.5, tomcat5 removed Modified: data/CVE/list === --- data/CVE/list 2008-02-13 20:48:55 UTC (rev 8154) +++ data/CVE/list 2008-02-13 21:12:56 UTC (rev 8155) @@ -2556,9 +2556,8 @@ CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in Lxlabs ...) NOT-FOR-US: HyperVM CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the ...) - TODO: check - NOTE: poked maintainer if we make use of the apr backend, I guess not because - NOTE: libapr is not the build-deps + - tomcat5.5 not-affected (Does not use apr connector) + - tomcat5 removed CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux ...) NOTE: maintainer will patch autofs5 in upload to unstable TODO: check when autofs5 hits unstable ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits