[Secure-testing-commits] r13823 - data/CVE

[Raphael Geissert]

Author: geissert
Date: 2010-01-15 03:44:17 +0000 (Fri, 15 Jan 2010)
New Revision: 13823

Modified:
   data/CVE/list
Log:
httpds escape sequence issues are unimportant
terminal emulators executing escape sequences should be fixed instead


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-15 03:34:27 UTC (rev 13822)
+++ data/CVE/list	2010-01-15 03:44:17 UTC (rev 13823)
@@ -685,51 +685,34 @@
 	- lxr-cvs <unfixed>
 	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
 CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...)
-	- boa <unfixed> (low)
-	[etch] - boa <no-dsa> (issue not really specific to the httpd)
-	[lenny] - boa <no-dsa> (issue not really specific to the httpd)
+	- boa <unfixed> (unimportant)
 	NOTE: same as CVE-2009-4487
 CVE-2009-4495 (Yaws 1.85 writes data to a log file without sanitizing non-printable ...)
-	- yaws <unfixed> (low)
-	[etch] - yaws <no-dsa> (issue not really specific to the httpd)
-	[lenny] - yaws <no-dsa> (issue not really specific to the httpd)
+	- yaws <unfixed> (unimportant)
 	NOTE: same as CVE-2009-4487
 CVE-2009-4494 (AOLserver 4.5.1 writes data to a log file without sanitizing ...)
-	- aolserver4 <unfixed> (low)
-	[etch] - aolserver4 <no-dsa> (issue not really specific to the httpd)
-	[lenny] - aolserver4 <no-dsa> (issue not really specific to the httpd)
+	- aolserver4 <unfixed> (unimportant)
 	NOTE: same as CVE-2009-4487
 CVE-2009-4493 (Orion Application Server 2.0.7 writes data to a log file without ...)
 	NOT-FOR-US: Orion httpd
 CVE-2009-4492 (WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through ...)
-	- ruby1.8 1.8.7.249-1 (low; bug #564598)
-	[etch] - ruby1.8 <no-dsa> (issue not really specific to the httpd)
-	[lenny] - ruby1.8 <no-dsa> (issue not really specific to the httpd)
+	- ruby1.8 1.8.7.249-1 (unimportant; bug #564598)
+	- ruby1.9 <unfixed> (unimportant; bug #564647)
 	NOTE: same as CVE-2009-4487
 CVE-2009-4491 (thttpd 2.25b0 writes data to a log file without sanitizing ...)
-	- thttpd <unfixed> (low)
-	[etch] - thttpd <no-dsa> (issue not really specific to the httpd)
-	[lenny] - thttpd <no-dsa> (issue not really specific to the httpd)
+	- thttpd <unfixed> (unimportant)
 	NOTE: same as CVE-2009-4487
 CVE-2009-4490 (mini_httpd 1.19 writes data to a log file without sanitizing ...)
-	- mini-httpd <unfixed> (low)
-	[etch] - mini-httpd <no-dsa> (issue not really specific to the httpd)
-	[lenny] - mini-httpd <no-dsa> (issue not really specific to the httpd)
+	- mini-httpd <unfixed> (unimportant)
 	NOTE: same as CVE-2009-4487
 CVE-2009-4489 (header.c in Cherokee before 0.99.32 writes data to a log file without ...)
-	- cherokee 0.99.37-1 (low)
-	[etch] - cherokee <no-dsa> (issue not really specific to the httpd)
-	[lenny] - cherokee <no-dsa> (issue not really specific to the httpd)
+	- cherokee 0.99.37-1 (unimportant)
 	NOTE: same as CVE-2009-4487
 CVE-2009-4488 (** DISPUTED ** Varnish 2.0.6 writes data to a log file without ...)
-	- varnish <unfixed> (low)
-	[etch] - varnish <no-dsa> (issue not really specific to the httpd)
-	[lenny] - varnish <no-dsa> (issue not really specific to the httpd)
+	- varnish <unfixed> (unimportant)
 	NOTE: same as CVE-2009-4487
 CVE-2009-4487 (nginx 0.7.64 writes data to a log file without sanitizing ...)
-	- nginx <unfixed> (low)
-	[etch] - nginx <no-dsa> (issue not really specific to the httpd)
-	[lenny] - nginx <no-dsa> (issue not really specific to the httpd)
+	- nginx <unfixed> (unimportant)
 	NOTE: http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
 CVE-2009-4486 (Stack-based buffer overflow in the eDirectory plugin in Novell ...)
 	NOT-FOR-US: iManager