[Secure-testing-commits] r16075 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2011-02-07 08:05:51 +0000 (Mon, 07 Feb 2011)
New Revision: 16075

Modified:
   data/CVE/list
Log:
three tomcat issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-02-07 00:31:51 UTC (rev 16074)
+++ data/CVE/list	2011-02-07 08:05:51 UTC (rev 16075)
@@ -593,8 +593,9 @@
 	RESERVED
 CVE-2011-0534 [remote DoS via NIO connector]
 	RESERVED
+	- tomcat5.5 <not-affected> (Vulnerable code not present)
 	- tomcat6 <unfixed>
-	TODO: check
+	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 CVE-2011-0533
 	RESERVED
 CVE-2011-0532
@@ -2281,8 +2282,12 @@
 	- tor 0.2.1.29-1
 CVE-2011-0014
 	RESERVED
-CVE-2011-0013
+CVE-2011-0013 [tomcat HTML manager XSS]
 	RESERVED
+	- tomcat5.5 <removed> (low)
+	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
+	- tomcat6 <unfixed>
+	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 CVE-2011-0012
 	RESERVED
 CVE-2011-0011 [qemu-kvm: Setting VNC password to empty string silently disables all authentication]
@@ -4363,8 +4368,12 @@
 	RESERVED
 CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the ...)
 	NOT-FOR-US: Symantec IM Manager
-CVE-2010-3718
+CVE-2010-3718 [security manager permission bypas]
 	RESERVED
+	- tomcat5.5 <removed> (low)
+	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
+	- tomcat6 <unfixed>
+	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 CVE-2010-3717 (The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x ...)
 	{DSA-2121-1}
 	- typo3-src 4.3.7-1
@@ -13747,7 +13756,6 @@
 CVE-2010-0435 (The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise ...)
 	{DSA-2153-1}
 	- linux-2.6 2.6.32-29
-	- kvm <removed>
 CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP ...)
 	{DSA-2035-1}
 	- apache2 2.2.15-1