[Secure-testing-commits] r15126 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Aug 4 01:07:43 UTC 2010


Author: jmm-guest
Date: 2010-08-04 01:07:39 +0000 (Wed, 04 Aug 2010)
New Revision: 15126

Modified:
   data/CVE/list
Log:
- openttd fixed
- tomcat6 in lenny not affected by any of the open issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-08-03 21:15:31 UTC (rev 15125)
+++ data/CVE/list	2010-08-04 01:07:39 UTC (rev 15126)
@@ -306,10 +306,10 @@
 	RESERVED
 CVE-2010-2801 [Integer wrap-around (crash) by processing certain *.cab files in test archive mode]
 	RESERVED
-	- cabextract <unfixed> (bug filed)
+	- cabextract <unfixed> (bug #591552)
 CVE-2010-2800 [Infinite loop in MS-ZIP and Quantum decoders]
 	RESERVED
-	- cabextract <unfixed> (bug filed; unimportant)
+	- cabextract <unfixed> (bug #591552; unimportant)
 CVE-2010-2799 [socat buffer overflow]
 	RESERVED
 	- socat 1.7.1.3-1 (bug #591443; medium)
@@ -993,7 +993,7 @@
 CVE-2010-2535
 	RESERVED
 CVE-2010-2534 (The NetworkSyncCommandQueue function in network/network_command.cpp in ...)
-	- openttd <unfixed>
+	- openttd 1.0.3-1
 	[lenny] - openttd <not-affected> (Introduced in 1.0.1)
 	NOTE: http://bugs.openttd.org/task/3909
 CVE-2010-2533
@@ -1792,6 +1792,7 @@
 CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 ...)
 	- tomcat5.5 <removed>
 	- tomcat6 6.0.28-1 (bug #588813)
+	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 CVE-2010-2226 [xfs SWAPEXT ioctl permissions bypass]
 	RESERVED
 	- linux-2.6 2.6.32-19
@@ -13424,6 +13425,7 @@
 	- linux-2.6.24 <removed> (low)
 CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...)
 	- tomcat6 6.0.24-1 (low)
+	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 	- tomcat5.5 <removed>
 CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and ...)
 	- tomcat6 <not-affected> (Windows-only)
@@ -20520,6 +20522,7 @@
 CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...)
 	- tomcat5.5 <unfixed> (low; bug #532366)
 	- tomcat6 6.0.20-1 (low; bug #532362)
+	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 	- tomcat5 <removed> (low; bug #532363)
 CVE-2009-0782
 	REJECTED
@@ -21616,6 +21619,7 @@
 	- openjdk-6 <undetermined>
 CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...)
 	- tomcat6 6.0.20-1 (low; bug #532362)
+	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 	- tomcat5 <removed> (low; bug #532363)
 	- tomcat5.5 <unfixed> (low; bug #532366)
 CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age ...)
@@ -24211,7 +24215,8 @@
 	- sudo 1.6.9p17-2 (medium)
 	[etch] - sudo <not-affected> (Vulnerable code not present)
 CVE-2009-0033 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...)
-	- tomcat6 6.0.20-1 (medium; bug #532362)
+	- tomcat6 6.20-1
+	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 	- tomcat5 <removed> (medium; bug #532363)
 	- tomcat5.5 <unfixed> (medium; bug #532366)
 CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) ...)
@@ -24454,8 +24459,7 @@
 	- tomcat5 <removed> (bug #532363)
 	- tomcat5.5 <unfixed> (bug #532366)
 	- tomcat6 6.0.20-1 (bug #532362)
-	NOTE: http://tomcat.apache.org/security-6.html
-	NOTE: http://tomcat.apache.org/security-5.html
+	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the ...)
 	{DTSA-174-2}
 	- uw-imap 2007b~dfsg-1.1 (medium; bug #510918)




More information about the Secure-testing-commits mailing list