[Secure-testing-commits] r12080 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Mon Jun 8 21:08:52 UTC 2009 

Author: derevko-guest
Date: 2009-06-08 21:08:52 +0000 (Mon, 08 Jun 2009)
New Revision: 12080

Modified:
   data/CVE/list
Log:
new tomcat issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-08 20:56:42 UTC (rev 12079)
+++ data/CVE/list	2009-06-08 21:08:52 UTC (rev 12080)
@@ -3707,13 +3707,17 @@
 	{DSA-1755-1}
 	- systemtap 0.0.20090314-2
 	[etch] - systemtap <not-affected> (vulnerable code not present)
-CVE-2009-0783
+CVE-2009-0783 [Apache Tomcat Information disclosure]
 	RESERVED
+	- tomcat5.5 <unfixed> (low; bug #532366)
+	- tomcat6 6.0.20-1 (low; bug #532362)
+	- tomcat5 <removed> (low; bug #532363)
 CVE-2009-0782
 	REJECTED
 CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...)
-	- tomcat5.5 <unfixed> (unimportant)
-	- tomcat6 <unfixed> (unimportant)
+	- tomcat5.5 <unfixed> (unimportant; bug #532366)
+	- tomcat6 6.0.20-1 (unimportant; bug #532362)
+	- tomcat5 <removed> (unimportant; bug #532363)
 	NOTE: Just examples on how to use Tomcat, not for production
 CVE-2009-0780 (The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and ...)
 	NOT-FOR-US: CVE-2009-0780
@@ -4761,8 +4765,11 @@
 CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as ...)
 	{DSA-1769-1 DSA-1745-1}
 	- lcms 1.18.dfsg-1 (bug #522446)
-CVE-2009-0580
+CVE-2009-0580 [Apache Tomcat Information disclosure]
 	RESERVED
+	- tomcat6 6.0.20-1 (low; bug #532362)
+	- tomcat5 <removed> (low; bug #532363)
+	- tomcat5.5 <unfixed> (low; bug #532366)
 CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age ...)
 	- pam <unfixed> (unimportant; bug #514437)
 	[etch] - pam <no-dsa> (violation of administrator's policy, not a vulnerability)
@@ -7285,8 +7292,11 @@
 CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...)
 	- sudo 1.6.9p17-2 (medium)
 	[etch] - sudo <not-affected> (Vulnerable code not present)
-CVE-2009-0033
+CVE-2009-0033 [Apache Tomcat denial of service]
 	RESERVED
+	- tomcat6 6.0.20-1 (medium; bug #532362)
+	- tomcat5 <removed> (medium; bug #532363)
+	- tomcat5.5 <unfixed> (medium; bug #532366)
 CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) ...)
 	NOT-FOR-US: issue affects pdfdistiller
 CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)

More information about the Secure-testing-commits mailing list