[Secure-testing-commits] r15266 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Sep 5 14:51:49 UTC 2010 

Author: jmm-guest
Date: 2010-09-05 14:51:37 +0000 (Sun, 05 Sep 2010)
New Revision: 15266

Modified:
   data/CVE/list
Log:
- strongswan issue doesn't affect stable
- struts is in the archive
- jboss is partly in the archive


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-04 18:04:51 UTC (rev 15265)
+++ data/CVE/list	2010-09-05 14:51:37 UTC (rev 15266)
@@ -1481,6 +1481,7 @@
 	NOT-FOR-US: Cisco
 CVE-2010-2628 (The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 ...)
 	- strongswan 4.4.1-1
+	[lenny] - strongswan <not-affected> (Vulnerability introduced in 4.3.3)
 CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2 ...)
 	NOT-FOR-US: Refractor 2
 CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to ...)
@@ -1815,7 +1816,7 @@
 CVE-2010-2496
 	RESERVED
 CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) ...)
-	NOT-FOR-US: JBoss Enterprise SOA Platform
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2010-2492
 	RESERVED
 CVE-2010-2491 [roundup XSS]
@@ -1867,7 +1868,7 @@
 CVE-2010-2475
 	RESERVED
 CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise ...)
-	NOT-FOR-US: JBoss Enterprise
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...)
 	- bugzilla <not-affected> (Only affects 3.5 to 3.7)
 CVE-2010-2476 [syscp open_basedir bypassing]
@@ -3345,7 +3346,7 @@
 CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...)
-	NOT-FOR-US: struts2
+	TODO: Check, there's libstruts1.2-java and libspring-webmvc-struts-2.5-java, which could be affected
 CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...)
 	{DSA-2080-1}
 	- ghostscript 8.71~dfsg-4

More information about the Secure-testing-commits mailing list