[Secure-testing-commits] r16959 - data/CVE

Helmut Grohne helmut-guest at alioth.debian.org
Wed Jul 20 08:46:08 UTC 2011 

Author: helmut-guest
Date: 2011-07-20 08:46:08 +0000 (Wed, 20 Jul 2011)
New Revision: 16959

Modified:
   data/CVE/list
Log:
NFUs, tomcat

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-07-20 08:19:23 UTC (rev 16958)
+++ data/CVE/list	2011-07-20 08:46:08 UTC (rev 16959)
@@ -1,27 +1,27 @@
 CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a page ...)
 	TODO: check
 CVE-2011-2760 (Brocade BigIron RX switches allow remote attackers to bypass ACL rules ...)
-	TODO: check
+	NOT-FOR-US: Brocade BigIron RX
 CVE-2011-2759 (The login page of IDSWebApp in the Web Administration Tool in IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Directory Server
 CVE-2011-2758 (IDSWebApp in the Web Administration Tool in IBM Tivoli Directory ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Directory Server
 CVE-2011-2757 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2011-2756 (FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2011-2755 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2011-2754 (Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Portal
 CVE-2011-2753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	TODO: check
 CVE-2011-2752 (CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows ...)
 	TODO: check
 CVE-2011-2751 (SQL injection vulnerability in Parodia before 6.809 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Parodia
 CVE-2011-2750 (NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Novell File Reporter
 CVE-2011-2749
 	RESERVED
 CVE-2011-2748
@@ -552,7 +552,11 @@
 	- qemu-kvm 0.14.1+dfsg-3 (bug #633669)
 	- kvm <not-affected> (Vulnerable code not present)
 CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before ...)
-	TODO: check
+	- tomcat6 <undetermined>
+	- tomcat7 <undetermined>
+	NOTE: tomcat6 likely affected. sid: 6.0.32-5, fixed-upstream: 6.0.33
+	NOTE: tomcat7 likely affected. sid: 7.0.16-3, fixed-upstream: 7.0.19
+	TODO: check further packages
 CVE-2011-2525
 	RESERVED
 	- linux-2.6 2.6.35-1
@@ -1268,7 +1272,7 @@
 CVE-2011-2221
 	RESERVED
 CVE-2011-2220 (Stack-based buffer overflow in NFREngine.exe in Novell File Reporter ...)
-	TODO: check
+	NOT-FOR-US: Novell File Reporter
 CVE-2011-2219
 	RESERVED
 CVE-2011-2218
@@ -3809,7 +3813,7 @@
 CVE-2011-1339
 	RESERVED
 CVE-2011-1338 (Untrusted search path vulnerability in XnView before 1.98.1 allows ...)
-	TODO: check
+	NOT-FOR-US: XnView
 CVE-2011-1337 (Opera before 11.50 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Opera
 CVE-2011-1336 (Buffer overflow in ALZip 8.21 and earlier allows remote attackers to ...)
@@ -4078,9 +4082,9 @@
 CVE-2011-1224 (IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not ...)
 	NOT-FOR-US: IBM WebSphere MQ
 CVE-2011-1223 (Buffer overflow in the Alternate Data Stream (aka ADS or named stream) ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Storage Manager 
 CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in the ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Storage Manager 
 CVE-2011-1221
 	RESERVED
 CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM ...)
@@ -6151,7 +6155,7 @@
 CVE-2011-0550
 	RESERVED
 CVE-2011-0549 (SQL injection vulnerability in forget.php in the management GUI in ...)
-	TODO: check
+	NOT-FOR-US: Symantec Web Gateway
 CVE-2011-0548 (Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in ...)
 	TODO: check
 CVE-2011-0547
@@ -6825,7 +6829,7 @@
 CVE-2011-0288
 	RESERVED
 CVE-2011-0287 (Unspecified vulnerability in the BlackBerry Administration API in ...)
-	TODO: check
+	NOT-FOR-US: BlackBerry products
 CVE-2011-0286 (Cross-site scripting (XSS) vulnerability in webdesktop/app in the ...)
 	NOT-FOR-US: BlackBerry Enterprise Server
 CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)

More information about the Secure-testing-commits mailing list