[Secure-testing-commits] r7801 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Jan 3 20:45:45 UTC 2008 

Author: jmm-guest
Date: 2008-01-03 20:45:45 +0000 (Thu, 03 Jan 2008)
New Revision: 7801

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
two no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-03 20:39:37 UTC (rev 7800)
+++ data/CVE/list	2008-01-03 20:45:45 UTC (rev 7801)
@@ -20,9 +20,12 @@
 	- konqueror <unfixed> (medium)
 	NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921
 CVE-2007-6590 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2, SeaMonkey 1.1.5, ...)
-	- iceape <unfixed> (medium)
-	- iceweasel <unfixed> (medium)
-	TODO: check mozilla derivatives/xulrunner
+	- iceape <unfixed> (low)
+	[etch] - iceape <no-dsa> (Minor issue, new certificate manager in Firefox 3 et al will address this)
+	- iceweasel <unfixed> (low)
+	[etch] - iceweasel <no-dsa> (Minor issue, new certificate manager in Firefox 3 et al will address this)
+	- xulrunner <unfixed> (low)
+	[etch] - xulrunner <no-dsa> (Minor issue, new certificate manager in Firefox 3 et al will address this)
 CVE-2007-6589 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and ...)
 	- iceape 1.1.7-1 (medium)
 	- iceweasel 2.0.0.10-1 (medium)
@@ -323,9 +326,6 @@
 	NOT-FOR-US: PHP Real Estate Classifieds
 CVE-2007-6461 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
 	- flyspray <removed>
-	[etch] - flyspray <unfixed>
-	[sarge] - flyspray <unfixed>
-	TODO: check if sarge and etch a really affected
 CVE-2007-6460 (Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy ...)
 	NOT-FOR-US: Anon Proxy Server
 CVE-2007-6459 (Anon Proxy Server 0.100, and probably 0.101, allows remote attackers ...)
@@ -13478,6 +13478,8 @@
 	REJECTED
 CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	- tomcat4 <removed> (low)
+	[etch] - tomcat5 <no-dsa> (Just an example, no enduser app)
+	[etch] - tomcat5.5 <no-dsa> (Just an example, no enduser app)
 	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
 	- tomcat5 <unfixed> (low)
 	- tomcat5.5 5.5.25-1 (low)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-01-03 20:39:37 UTC (rev 7800)
+++ data/spu-candidates.txt	2008-01-03 20:45:45 UTC (rev 7801)
@@ -23,7 +23,7 @@
 --
 
 proftpd-dfsg, proftpd (CVE-2007-2165)
-notified maintainer
+update in progress
 
 --
 
@@ -41,7 +41,7 @@
 
 sing (CVE-2007-6211)
 #454167
-notified maintainer
+update in progress
 
 --

More information about the Secure-testing-commits mailing list