Author: jmm
Date: 2012-01-24 15:21:28 +0000 (Tue, 24 Jan 2012)
New Revision: 18270
Modified:
data/CVE/list
Log:
tomcat hair-splitting by MITRE
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-24 15:09:25 UTC (rev 18269)
+++ data/CVE/list 2012-01-24 15:21:28 UTC (rev 18270)
@@ -436,22 +436,28 @@
CVE-2012-0698
RESERVED
CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging
...)
- TODO: check
+ NOT-FOR-US: WebSphere
CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere
Application ...)
- TODO: check
+ NOT-FOR-US: WebSphere
CVE-2011-5064 (DigestAuthenticator.java in the HTTP Digest Access
Authentication ...)
- TODO: check
+ - tomcat6 6.0.32-7
+ - tomcat7 7.0.12
+ - tomcat5.5 <removed>
CVE-2011-5063 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
- TODO: check
+ - tomcat6 6.0.32-7
+ - tomcat7 7.0.12
+ - tomcat5.5 <removed>
CVE-2011-5062 (The HTTP Digest Access Authentication implementation in Apache
Tomcat ...)
- TODO: check
+ - tomcat6 6.0.32-7
+ - tomcat7 7.0.12
+ - tomcat5.5 <removed>
CVE-2011-5061 (functions.php in WHMCompleteSolution (WHMCS) 4.0.x through
5.0.x ...)
- TODO: check
+ NOT-FOR-US: WHMCompleteSolution
CVE-2011-5060 (The par_mktmpdir function in the PAR module before 1.003 for
Perl ...)
- libpar-perl 1.005-1 (bug #650707)
[squeeze] - libpar-perl <no-dsa> (Minor issue)
CVE-2010-5082 (Untrusted search path vulnerability in colorcpl.exe
6.0.6000.16386 in ...)
- TODO: check
+ NOT-FOR-US: Windows Server
CVE-2010-XXXX [webkit info disclosure/segfault]
- webkit <unfixed> (low; bug #579136)
- chromium <not-affected>
@@ -470,7 +476,7 @@
CVE-2012-0694
RESERVED
CVE-2012-0693 (submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows
remote ...)
- TODO: check
+ NOT-FOR-US: WHMCompleteSolution
CVE-2012-0692
RESERVED
CVE-2012-0691
@@ -1093,8 +1099,7 @@
- kdebase-workspace <undetermined>
NOTE: the kcheckpass utility is not present in sid
CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the
"external ...)
- TODO: check
- NOTE: This vulnerability affects a protocol, not a product. More
information can be found at http://www.kb.cert.org/vuls/id/723755. All products
listed there are not part of Debian.
+ NOT-FOR-US: This vulnerability affects a protocol, not a product. More
information can be found at http://www.kb.cert.org/vuls/id/723755. All products
listed there are not part of Debian.
CVE-2011-XXXX [glib hashtable dos issues: ocert-2011-003]
- glib2.0 <unfixed> (low; bug #655044)
CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes
certain ...)
@@ -1221,7 +1226,7 @@
CVE-2012-0330
RESERVED
CVE-2012-0329 (Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3,
allows ...)
- TODO: check
+ NOT-FOR-US: Cisco Digital Media Manager
CVE-2012-0328
RESERVED
CVE-2012-0327
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
