[Secure-testing-commits] r5849 - data/CVE

keescook-guest at alioth.debian.org keescook-guest at alioth.debian.org
Wed May 16 19:48:51 UTC 2007 

Author: keescook-guest
Date: 2007-05-16 19:48:50 +0000 (Wed, 16 May 2007)
New Revision: 5849

Modified:
   data/CVE/list
Log:
NFUs: 2
unfixed: tomcat5
fixed: tomcat5.5
removed: tomcat4


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-16 19:34:30 UTC (rev 5848)
+++ data/CVE/list	2007-05-16 19:48:50 UTC (rev 5849)
@@ -209,7 +209,7 @@
 CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and ...)
 	NOT-FOR-US: Motobit
 CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the ...)
-	NOT-FOR-US: myflash
+	NOT-FOR-US: myflash plugin for WordPress
 CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in ...)
 	NOT-FOR-US: wp-Table plugin for WordPress
 CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the ...)
@@ -219,7 +219,7 @@
 CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the ...)
 	NOT-FOR-US: wordTube plugin for WordPress
 CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not ...)
-	TODO: check
+	NOT-FOR-US: Mambo
 CVE-2007-XXXX [schroot may use outdated configuration information]
 	- schroot <unfixed> (low; bug #422354)
 	[etch] - schroot <not-affected> (Only exploitable in unstable)
@@ -1022,9 +1022,13 @@
 CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component Oracle Database ...)
 	NOT-FOR-US: Oracle
 CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application ...)
-	TODO: check
+	- tomcat5.5 5.5.20-1 (low)
+	- tomcat5 <unfixed> (low)
+	- tomcat4 <removed> (low)
 CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in ...)
-	TODO: check
+	- tomcat5.5 5.5.20-1 (low)
+	- tomcat5 <unfixed> (low)
+	- tomcat4 <removed> (low)
 CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
 	- mixmaster 3.0b2-5 (low; bug #418662)
 	[etch] - mixmaster 3.0b2-4.etch1
@@ -1592,6 +1596,7 @@
 	[etch] - tomcat5 <no-dsa> (low; bug #423435)
 	- tomcat5 <unfixed> (low; bug #423435)
 	- tomcat5.5 5.5.17-1 (low)
+	- tomcat4 <removed> (low)
 CVE-2007-1857
 	RESERVED
 CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure ...)
@@ -2796,7 +2801,7 @@
 CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and ...)
 	- libapache-mod-security <removed>
 CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...)
-	TODO: check
+	- tomcat4 <removed> (low)
 CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...)
 	{DSA-1286-1}
 	- linux-2.6 2.6.20-1

More information about the Secure-testing-commits mailing list