[Secure-testing-commits] r17331 - data/CVE

Thu Sep 29 15:03:03 UTC 2011

Author: jmm
Date: 2011-09-29 15:03:02 +0000 (Thu, 29 Sep 2011)
New Revision: 17331

Modified:
   data/CVE/list
Log:
- new tomcat issue
- one php5 issue a non-issue
- cyrus-imapd-2.2 not fixed (however, will be turned to a dummy upgrade package in sid)


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-09-29 10:39:27 UTC (rev 17330)
+++ data/CVE/list	2011-09-29 15:03:02 UTC (rev 17331)
@@ -1515,10 +1515,10 @@
 CVE-2011-3209
 	RESERVED
 CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c ...)
-	- cyrus-imapd-2.2 2.4.11-1 (medium)
+	- cyrus-imapd-2.2 <unfixed> (medium)
 	- cyrus-imapd-2.4 2.4.11-1 (medium)
 	- kolab-cyrus-imapd <unfixed> (medium)
-	TODO: file bugs
+	TODO: file bug for kolab-cyrus-imapd
 CVE-2011-3207 (crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not ...)
 	- openssl 1.0.0e-1
 	[squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
@@ -1600,7 +1600,8 @@
 CVE-2011-3183
 	RESERVED
 CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the ...)
-	- php5 <undetermined>
+	- php5 5.3.7-1 (unimportant)
+	NOTE: exploitable by malicious scripts only
 CVE-2011-3181 (Multiple cross-site scripting (XSS) vulnerabilities in the Tracking ...)
 	- phpmyadmin 4:3.4.4-1
 	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
@@ -7197,6 +7198,9 @@
 	NOTE: http://trac.webkit.org/changeset/74853
 CVE-2011-1184
 	RESERVED
+	- tomcat6 <unfixed>
+	- tomcat7 7.0.12
+	- tomcat5.5 <removed>
 CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration, does ...)
 	- tomcat6 <not-affected> (Only affects Tomcat 7)
 CVE-2011-1182


