[Secure-testing-commits] r7834 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sat Jan 5 01:03:11 UTC 2008
Author: jmm-guest
Date: 2008-01-05 01:03:11 +0000 (Sat, 05 Jan 2008)
New Revision: 7834
Modified:
data/CVE/list
Log:
tomcat cleanups
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-05 00:59:57 UTC (rev 7833)
+++ data/CVE/list 2008-01-05 01:03:11 UTC (rev 7834)
@@ -2022,9 +2022,9 @@
NOTE: Not exploitable in real-world circumstances:
NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms ...)
- - php5 <unfixed> (bug #453295)
+ NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the patch
+ NOTE: from CVS and later re-introduction
NOTE: http://bugs.php.net/bug.php?id=41561
- NOTE: having trouble fetching the diffs for this...
CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...)
{DSA-1444-1}
- php5 <unfixed> (bug #453295)
@@ -3976,9 +3976,8 @@
CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through ...)
{DSA-1447-1}
- tomcat5.5 5.5.25-2 (low; bug #448664)
- [etch] - tomcat5 <unfixed>
- NOTE: see http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
- NOTE: for the patch
+ - tomcat5 <removed>
+ NOTE: patch: http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 ...)
NOT-FOR-US: HP Select Identity
CVE-2007-5390 (PHP remote file inclusion vulnerability in index.php in PicoFlat CMS ...)
@@ -4097,7 +4096,6 @@
{DSA-1447-1}
- tomcat5.5 5.5.25-4 (low; bug #458237)
- tomcat5 <not-affected> (Vulnerable code not present)
- [etch] - tomcat5.5 5.5.20-2etch1
CVE-2007-5341
RESERVED
CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox ...)
@@ -8874,23 +8872,20 @@
CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...)
{DSA-1447-1}
- tomcat5.5 5.5.25-1
- NOTE: patch can be found in http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
{DSA-1447-1}
- tomcat5.5 5.5.25-1
- tomcat5 <removed>
- NOTE: patch can be found in http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: tomcat 3.3
CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the ...)
- tomcat4 <removed> (low)
- [sarge] - tomcat4 <no-dsa> (minor issue)
+ [sarge] - tomcat4 <no-dsa> (Contrib not supported)
NOTE: affects example app in tomcat4-webapps
CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
{DSA-1447-1}
- tomcat5.5 5.5.25-1
- tomcat5 <removed>
- NOTE: patch can be found in http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x ...)
- gdm 2.18.4-1 (low)
[sarge] - gdm <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list