[Secure-testing-commits] r5826 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Fri May 11 20:08:50 UTC 2007
Author: stef-guest
Date: 2007-05-11 20:08:46 +0000 (Fri, 11 May 2007)
New Revision: 5826
Modified:
data/CVE/list
Log:
- fix syntax
- CVE-2007-1858 tomcat5.5 already fixed, tomcat4+5 affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-11 19:43:59 UTC (rev 5825)
+++ data/CVE/list 2007-05-11 20:08:46 UTC (rev 5826)
@@ -1572,7 +1572,11 @@
CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for ...)
- xscreensaver <unfixed> (low)
CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through ...)
- TODO: check
+ NOTE: insecure ciphers should not be (and usually are not) enabled in browsers
+ [sarge] - tomcat4 <no-dsa> (low)
+ [etch] - tomcat5 <no-dsa> (low; bug #423435)
+ - tomcat5 <unfixed> (low; bug #423435)
+ - tomcat5.5 5.5.17-1 (low)
CVE-2007-1857
RESERVED
CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure ...)
@@ -1612,7 +1616,7 @@
CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before ...)
- net-snmp 5.2.2-1 (medium)
CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 and later does not ...)
- - tomcat4 <no-dsa> (affects deprecated HTTP/1.1 connector only)
+ [sarge] - tomcat4 <no-dsa> (affects deprecated HTTP/1.1 connector only)
CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
- initramfs-tools 0.85g (low; bug #417995)
CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...)
More information about the Secure-testing-commits
mailing list