[Secure-testing-commits] r13899 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Sun Jan 24 23:31:05 UTC 2010


Author: geissert
Date: 2010-01-24 23:31:05 +0000 (Sun, 24 Jan 2010)
New Revision: 13899

Modified:
   data/CVE/list
Log:
three tomcat issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-24 23:00:20 UTC (rev 13898)
+++ data/CVE/list	2010-01-24 23:31:05 UTC (rev 13899)
@@ -6017,10 +6017,18 @@
 	{DSA-1928-1 DSA-1915-1}
 	- linux-2.6 2.6.31-1 (low)
 	- linux-2.6.24 <removed> (low)
-CVE-2009-2902
+CVE-2009-2902 [tomcat directory traversal via WAR file names]
 	RESERVED
-CVE-2009-2901
+	- tomcat6 <unfixed>
+	- tomcat5 <removed>
+	TODO: check
+	NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
+CVE-2009-2901 [tomcat insecure partial deploy after failed undeploy]
 	RESERVED
+	- tomcat6 <unfixed>
+	- tomcat5 <removed>
+	TODO: check
+	NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
 CVE-2009-2900
 	RESERVED
 CVE-2009-2899
@@ -6837,8 +6845,12 @@
 	- pidgin 2.5.9-1 (medium; bug #542486)
 	[lenny] - gaim <not-affected> (Only a transitional package)
 	- gaim <removed>
-CVE-2009-2693
+CVE-2009-2693 [tomcat directory traversal via WAR files]
 	RESERVED
+	- tomcat6 <unfixed>
+	- tomcat5 <removed>
+	TODO: check
+	NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
 CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, ...)
 	{DSA-1864-1 DSA-1865-1 DSA-1862-1}
 	- linux-2.6 2.6.30-6 (high; bug #541403)




More information about the Secure-testing-commits mailing list