[Secure-testing-commits] r6515 - data/CVE

[jmm-guest at alioth.debian.org]

Author: jmm-guest
Date: 2007-09-05 17:00:14 +0000 (Wed, 05 Sep 2007)
New Revision: 6515

Modified:
   data/CVE/list
Log:
no-dsa for contrib and non-free
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-05 16:11:30 UTC (rev 6514)
+++ data/CVE/list	2007-09-05 17:00:14 UTC (rev 6515)
@@ -114,7 +114,7 @@
 	- php5 <unfixed> (unimportant)
 	NOTE: Safe mode violations not treated as vulnerabilities
 CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...)
-	TODO: check
+	NOT-FOR-US: Mayaa
 CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly ...)
 	NOT-FOR-US: Entrust Entelligence Security Provider
 CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...)
@@ -202,7 +202,7 @@
 CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in ...)
 	NOT-FOR-US: Novell
 CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before ...)
-	TODO: check
+	NOT-FOR-US: OpenSymphony XWork
 CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows ...)
 	NOT-FOR-US: Ipswitch WS_FTP
 CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in tiki-remind_password.php ...)
@@ -272,7 +272,7 @@
 CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before ...)
 	NOT-FOR-US: Novell Identity Manager
 CVE-2007-4525 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: SPIP (was in unstable some time, but not in any supported release)
 CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress ...)
 	NOT-FOR-US: PhPress
 CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website ...)
@@ -296,7 +296,7 @@
 CVE-2007-4516
 	RESERVED
 CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll before ...)
-	TODO: check
+	NOT-FOR-US: Yahoo! Messenger
 CVE-2007-4514
 	RESERVED
 CVE-2007-4513
@@ -2052,6 +2052,7 @@
 CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp in ...)
 	- unrar-nonfree <unfixed> (low; bug #437703)
 	[etch] - unrar-nonfree <no-dsa> (Non-free not supported)
+	[sarge] - unrar-nonfree <no-dsa> (Non-free not supported)
 	- rar <unfixed> (low; bug #437704)
 	[etch] - rar <no-dsa> (Non-free not supported)
 CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows ...)
@@ -5058,7 +5059,9 @@
 	- tomcat4 <removed> (low)
 	- tomcat5 <unfixed> (low)
 	- tomcat5.5 <unfixed> (low)
+	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
 CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP ...)
+	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
 	- tomcat4 <removed> (low)
 	- tomcat5 <unfixed> (low)
 	- tomcat5.5 <unfixed> (low)
@@ -5842,10 +5845,12 @@
 	- tomcat5.5 5.5.20-1 (low)
 	- tomcat5 <unfixed> (low)
 	- tomcat4 <removed> (low)
+	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
 CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in ...)
 	- tomcat5.5 5.5.20-1 (low)
 	- tomcat5 <unfixed> (low)
 	- tomcat4 <removed> (low)
+	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
 CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
 	- mixmaster 3.0b2-5 (low; bug #418662)
 	[etch] - mixmaster 3.0b2-4.etch1
@@ -7665,6 +7670,7 @@
 	- libapache-mod-security <removed>
 CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...)
 	- tomcat4 <removed> (low)
+	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
 CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...)
 	{DSA-1304 DSA-1286-1}
 	- linux-2.6 2.6.20-1
@@ -7672,6 +7678,7 @@
 	REJECTED
 CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	- tomcat4 <removed> (low)
+	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
 	- tomcat5 <unfixed> (low)
 	- tomcat5.5 <unfixed> (low)
 CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX ...)