[Secure-testing-commits] r17958 - data/CVE

Luk Claes luk at alioth.debian.org
Sun Jan 1 15:02:07 UTC 2012 

Author: luk
Date: 2012-01-01 15:02:07 +0000 (Sun, 01 Jan 2012)
New Revision: 17958

Modified:
   data/CVE/list
Log:
Some more removed, mark doctrine as fixed, mark evince as not-affected in unstable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-01 12:49:48 UTC (rev 17957)
+++ data/CVE/list	2012-01-01 15:02:07 UTC (rev 17958)
@@ -5682,7 +5682,7 @@
 CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 ...)
 	- tomcat6 <unfixed>
 	- tomcat7 7.0.21-1
-	- tomcat5.5 <unfixed>
+	- tomcat5.5 <removed>
 CVE-2011-3189 (The crypt function in PHP 5.3.7, when the MD5 hash type is used, ...)
 	- php5 5.3.8-1
 	[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
@@ -7635,7 +7635,7 @@
 CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before ...)
 	- tomcat6 6.0.32-7 (bug #634992)
 	- tomcat7 7.0.19-1 (bug #634992)
-	- tomcat5.5 <unfixed> (bug #634992)
+	- tomcat5.5 <removed> (bug #634992)
 CVE-2011-2525
 	RESERVED
 	{DSA-2310-1 DSA-2303-1}
@@ -10376,7 +10376,7 @@
 	NOTE: http://tracker.nagios.org/view.php?id=207
 CVE-2011-1522 (Multiple SQL injection vulnerabilities in the ...)
 	{DSA-2223-1}
-	- doctrine <unfixed> (bug #622674)
+	- doctrine 1.2.4-1 (bug #622674)
 CVE-2010-4777
 	RESERVED
 	- perl <unfixed> (unimportant; bug #628836)
@@ -12682,8 +12682,8 @@
 CVE-2010-4728 (Zikula before 1.3.1 uses the rand and srand PHP functions for random ...)
 	NOT-FOR-US: zikula
 CVE-2011-XXXX [evince segfault]
-	- evince <unfixed> (bug #612668)
-	TODO: check
+	- evince <not-affected>
+	[lenny] - evince <unfixed> (bug #612668)
 CVE-2011-XXXX [php-gettext XSS]
 	- php-gettext <unfixed> (unimportant)
 	NOTE: http://secunia.com/advisories/43228/ they are only examples
@@ -15914,10 +15914,8 @@
 CVE-2008-7267 (SQL injection vulnerability in announcements.php in SiteEngine 5.x ...)
 	NOT-FOR-US: SiteEngine
 CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes]
-	- elfsign <unfixed> (low; bug #555668)
+	- elfsign <removed> (low; bug #555668)
 	[lenny] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package)
-	[squeeze] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package)
-	NOTE: too late to fix in squeeze release cycle, but this should be fixed for wheezy
 CVE-2010-4354 (The remote-access IPSec VPN implementation on Cisco Adaptive Security ...)
 	NOT-FOR-US: Cisco ASA
 CVE-2010-4353 (Unrestricted file upload vulnerability in ...)
@@ -17044,7 +17042,7 @@
 	[lenny] - git-core 1.5.6.5-3+lenny3.3
 	- git 1:1.7.2.3-2.2
 CVE-2010-3905 (The password reset feature in the administrator interface for ...)
-	- eucalyptus <unfixed> (bug #608289)
+	- eucalyptus <removed> (bug #608289)
 CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable ...)
 	- linux-2.6 2.6.32-26
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.30)
@@ -25959,7 +25957,7 @@
 	- emacs21 <removed> (low)
 	[lenny] - emacs21 <no-dsa> (Minor issue)
 	NOTE: Only exploitable when configured as setgid mail, which isn't set by default
-	- emacs22 <unfixed> (low; bug #590301)
+	- emacs22 <removed> (low; bug #590301)
 	[lenny] - emacs22 <no-dsa> (Minor issue)
 	- xemacs21 21.4.22-3.1 (low)
 	[lenny] - xemacs21 <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list