[Secure-testing-commits] r17956 - data/CVE

Luk Claes luk at alioth.debian.org
Sun Jan 1 10:52:37 UTC 2012 

Author: luk
Date: 2012-01-01 10:52:37 +0000 (Sun, 01 Jan 2012)
New Revision: 17956

Modified:
   data/CVE/list
Log:
Mark some more as removed

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-01 10:35:28 UTC (rev 17955)
+++ data/CVE/list	2012-01-01 10:52:37 UTC (rev 17956)
@@ -5682,7 +5682,7 @@
 CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 ...)
 	- tomcat6 <unfixed>
 	- tomcat7 7.0.21-1
-	- tomcat5.5 <removed>
+	- tomcat5.5 <unfixed>
 CVE-2011-3189 (The crypt function in PHP 5.3.7, when the MD5 hash type is used, ...)
 	- php5 5.3.8-1
 	[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
@@ -7635,7 +7635,7 @@
 CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before ...)
 	- tomcat6 6.0.32-7 (bug #634992)
 	- tomcat7 7.0.19-1 (bug #634992)
-	- tomcat5.5 <removed> (bug #634992)
+	- tomcat5.5 <unfixed> (bug #634992)
 CVE-2011-2525
 	RESERVED
 	{DSA-2310-1 DSA-2303-1}
@@ -31568,7 +31568,7 @@
 	NOT-FOR-US: MyMsg
 CVE-2009-3525 (The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not ...)
 	- xen-3 <unfixed> (unimportant)
-	- xen-unstable <unfixed> (unimportant)
+	- xen-unstable <removed> (unimportant)
 	NOTE: This is an enhancement, not a security issue.
 	NOTE: A user must have access to a guest hard drive image in order to boot it,
 	NOTE:  so he can simply mount the drive and remove the password option.
@@ -40795,7 +40795,7 @@
 	[etch] - systemtap <not-affected> (vulnerable code not present)
 CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...)
 	{DSA-2207-1}
-	- tomcat5.5 <unfixed> (low; bug #532366)
+	- tomcat5.5 <removed> (low; bug #532366)
 	- tomcat6 6.0.20-1 (low; bug #532362)
 	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 	- tomcat5 <removed> (low; bug #532363)
@@ -40803,7 +40803,7 @@
 	REJECTED
 CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...)
 	{DSA-2207-1}
-	- tomcat5.5 <unfixed> (unimportant; bug #532366)
+	- tomcat5.5 <removed> (unimportant; bug #532366)
 	- tomcat6 6.0.20-1 (unimportant; bug #532362)
 	- tomcat5 <removed> (unimportant; bug #532363)
 	NOTE: Just examples on how to use Tomcat, not for production
@@ -41896,7 +41896,7 @@
 	- tomcat6 6.0.20-1 (low; bug #532362)
 	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 	- tomcat5 <removed> (low; bug #532363)
-	- tomcat5.5 <unfixed> (low; bug #532366)
+	- tomcat5.5 <removed> (low; bug #532366)
 CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age ...)
 	- pam 1.0.1-10 (unimportant; bug #514437)
 	NOTE: the ability to change a password earlier than scheduled is not a security 
@@ -44497,7 +44497,7 @@
 	- tomcat6 6.0.28-1
 	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 	- tomcat5 <removed> (medium; bug #532363)
-	- tomcat5.5 <unfixed> (medium; bug #532366)
+	- tomcat5.5 <removed> (medium; bug #532366)
 CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) ...)
 	NOT-FOR-US: issue affects pdfdistiller
 CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
@@ -44737,7 +44737,7 @@
 CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 ...)
 	{DSA-2207-1}
 	- tomcat5 <removed> (bug #532363)
-	- tomcat5.5 <unfixed> (bug #532366)
+	- tomcat5.5 <removed> (bug #532366)
 	- tomcat6 6.0.20-1 (bug #532362)
 	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
 CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the ...)
@@ -47483,7 +47483,7 @@
 	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
 CVE-2008-4405 (xend in Xen 3.0.3 does not properly limit the contents of the ...)
 	- xen-3 3.4.0-1 (bug #503811)
-	- xen-unstable <unfixed>
+	- xen-unstable <removed>
 	NOTE: a proposed patch leads to new problems, see CVE-2008-5716
 CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM ...)
 	NOT-FOR-US: IPv6 NDP on IBM zSeries
@@ -53363,7 +53363,7 @@
 	- qemu 0.9.1-5
 	- kvm 66+dfsg-1.1 (bug #481204)
 	- xen-3 3.4.0-1 (bug #490409)
-	- xen-unstable <unfixed> (bug #490411)
+	- xen-unstable <removed> (bug #490411)
 	- xen-3.0 <removed>
 CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web ...)
 	NOT-FOR-US: BadBlue
@@ -63946,7 +63946,7 @@
 	NOT-FOR-US: AkkyWareHOUSE
 CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the ...)
 	- tomcat5.5 <not-affected> (Version already ships fixed files)
-	- tomcat5 <unfixed> (unimportant; bug #441205)
+	- tomcat5 <removed> (unimportant; bug #441205)
 	- libservlet2.4-java 5.0.30-6 (unimportant)
 	NOTE: DSA should not be required, minor issue, jsp just present as example
 CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control Panel ...)
@@ -66350,10 +66350,10 @@
 CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of ...)
 	NOT-FOR-US: Solaris
 CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling ...)
-	- kfreebsd-5 <unfixed> (low)
+	- kfreebsd-5 <removed> (low)
 	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
 CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference to ...)
-	- kfreebsd-5 <unfixed> (low)
+	- kfreebsd-5 <removed> (low)
 	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
 CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs scheduling ...)
 	- linux-2.6 <not-affected> (There's a separate ID for 2.6, see CVE-2007-3719)
@@ -69444,7 +69444,7 @@
 CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager ...)
 	{DSA-1468-1}
 	- tomcat4 <removed> (low)
-	- tomcat5 <unfixed> (low)
+	- tomcat5 <removed> (low)
 	- tomcat5.5 5.5.25-1 (low)
 	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
 CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP ...)
@@ -70014,7 +70014,7 @@
 CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...)
 	{DSA-1356-1}
 	- linux-2.6 2.6.21-1 (low; bug #421595)
-	- kfreebsd-5 <unfixed> (low)
+	- kfreebsd-5 <removed> (low)
 	[etch] - kfreebsd-5 <no-dsa> (No security support for KFreeBSD)
 	NOTE: This should be off by default, tweakable by a simple knob.
 	NOTE: (FreeBSD has it turned on for hosts, too.)
@@ -70297,7 +70297,7 @@
 	NOT-FOR-US: Oracle
 CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application ...)
 	- tomcat5.5 5.5.16-1 (unimportant)
-	- tomcat5 <unfixed> (unimportant)
+	- tomcat5 <removed> (unimportant)
 	- tomcat4 <removed> (unimportant)
 	NOTE: Only present in an example, not in production code
 CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in ...)
@@ -70887,7 +70887,7 @@
 	NOTE: insecure ciphers should not be (and usually are not) enabled in browsers
 	[sarge] - tomcat4 <no-dsa> (low)
 	[etch] - tomcat5 <no-dsa> (low; bug #423435)
-	- tomcat5 <unfixed> (low; bug #423435)
+	- tomcat5 <removed> (low; bug #423435)
 	- tomcat5.5 5.5.17-1 (low)
 	- tomcat4 <removed> (low)
 CVE-2007-1857
@@ -78393,7 +78393,7 @@
 CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
 	NOT-FOR-US: Kayako SupportSuite
 CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows ...)
-	- kfreebsd-5 <unfixed>
+	- kfreebsd-5 <removed>
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...)
 	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
@@ -78726,7 +78726,7 @@
 CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...)
 	- libarchive 1.3.1-1 (unimportant)
 CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...)
-	- kfreebsd-5 <unfixed> (medium)
+	- kfreebsd-5 <removed> (medium)
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5678 (** DISPUTED ** ...)
 	NOT-FOR-US: Les Visiteurs
@@ -78989,7 +78989,7 @@
 CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...)
 	NOT-FOR-US: QK SMTP
 CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause ...)
-	- kfreebsd-5 <unfixed> (low)
+	- kfreebsd-5 <removed> (low)
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5549 (** DISPUTED ** ...)
 	NOT-FOR-US: Adobe PHP SDK
@@ -79142,10 +79142,10 @@
 CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...)
 	NOT-FOR-US: SSH Tectia
 CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
-	- kfreebsd-5 <unfixed> (low)
+	- kfreebsd-5 <removed> (low)
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
-	- kfreebsd-5 <unfixed> (low)
+	- kfreebsd-5 <removed> (low)
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor ...)
 	NOT-FOR-US: Castor
@@ -81304,7 +81304,7 @@
 CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...)
 	NOT-FOR-US: Novell iManager
 CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...)
-	- kfreebsd-5 <unfixed> (low)
+	- kfreebsd-5 <removed> (low)
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-4515
 	RESERVED
@@ -82110,7 +82110,7 @@
 CVE-2006-4179
 	RESERVED
 CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and ...)
-	- kfreebsd-5 <unfixed> (bug #391289; low)
+	- kfreebsd-5 <removed> (bug #391289; low)
 	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
 CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell eDirectory ...)
 	NOT-FOR-US: Novell eDirectory
@@ -82123,7 +82123,7 @@
 CVE-2006-4173
 	RESERVED
 CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in FreeBSD ...)
-	- kfreebsd-5 <unfixed> (bug #391289; low)
+	- kfreebsd-5 <removed> (bug #391289; low)
 	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
 CVE-2006-4171
 	RESERVED

More information about the Secure-testing-commits mailing list