[Secure-testing-commits] r6849 - data/CVE

Sun Oct 7 09:26:03 UTC 2007

Author: nion
Date: 2007-10-07 09:26:03 +0000 (Sun, 07 Oct 2007)
New Revision: 6849

Modified:
   data/CVE/list
Log:
CVE-2007-3386,CVE-2007-3385 and CVE-2007-3382 fixed in tomcat5.5 5.5.25-1


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-10-07 08:35:23 UTC (rev 6848)
+++ data/CVE/list	2007-10-07 09:26:03 UTC (rev 6849)
@@ -4197,10 +4197,12 @@
 	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
 	TODO: check ipe (only small parts, but with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp)
 CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...)
-	- tomcat5.5 <unfixed>
+	- tomcat5.5 5.5.25-1
+	NOTE: patch can be found in http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
 CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
-	- tomcat5.5 <unfixed>
+	- tomcat5.5 5.5.25-1
 	- tomcat5 <removed>
+	NOTE: patch can be found in http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
 CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: tomcat 3.3
 CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the ...)
@@ -4208,8 +4210,9 @@
 	[sarge] - tomcat4 <no-dsa> (minor issue)
 	NOTE: affects example app in tomcat4-webapps
 CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
-	- tomcat5.5 <unfixed>
+	- tomcat5.5 5.5.25-1
 	- tomcat5 <removed>
+	NOTE: patch can be found in http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
 CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x ...)
 	- gdm 2.18.4-1 (low)
 	[sarge] - gdm <no-dsa> (Minor issue)


