[Secure-testing-commits] r18270 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Jan 24 15:21:29 UTC 2012 

Author: jmm
Date: 2012-01-24 15:21:28 +0000 (Tue, 24 Jan 2012)
New Revision: 18270

Modified:
   data/CVE/list
Log:
tomcat hair-splitting by MITRE
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-24 15:09:25 UTC (rev 18269)
+++ data/CVE/list	2012-01-24 15:21:28 UTC (rev 18270)
@@ -436,22 +436,28 @@
 CVE-2012-0698
 	RESERVED
 CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2011-5064 (DigestAuthenticator.java in the HTTP Digest Access Authentication ...)
-	TODO: check
+	- tomcat6 6.0.32-7
+	- tomcat7 7.0.12
+	- tomcat5.5 <removed>
 CVE-2011-5063 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
-	TODO: check
+	- tomcat6 6.0.32-7
+	- tomcat7 7.0.12
+	- tomcat5.5 <removed>
 CVE-2011-5062 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
-	TODO: check
+	- tomcat6 6.0.32-7
+	- tomcat7 7.0.12
+	- tomcat5.5 <removed>
 CVE-2011-5061 (functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x ...)
-	TODO: check
+	NOT-FOR-US: WHMCompleteSolution
 CVE-2011-5060 (The par_mktmpdir function in the PAR module before 1.003 for Perl ...)
 	- libpar-perl 1.005-1 (bug #650707)
 	[squeeze] - libpar-perl <no-dsa> (Minor issue)
 CVE-2010-5082 (Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in ...)
-	TODO: check
+	NOT-FOR-US: Windows Server
 CVE-2010-XXXX [webkit info disclosure/segfault]
 	- webkit <unfixed> (low; bug #579136)
 	- chromium <not-affected>
@@ -470,7 +476,7 @@
 CVE-2012-0694
 	RESERVED
 CVE-2012-0693 (submitticket.php in WHMCompleteSolution (WHMCS) 5.03 allows remote ...)
-	TODO: check
+	NOT-FOR-US: WHMCompleteSolution
 CVE-2012-0692
 	RESERVED
 CVE-2012-0691
@@ -1093,8 +1099,7 @@
 	- kdebase-workspace <undetermined>
 	NOTE: the kcheckpass utility is not present in sid
 CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the "external ...)
-	TODO: check
-	NOTE: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755. All products listed there are not part of Debian.
+	NOT-FOR-US: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755. All products listed there are not part of Debian.
 CVE-2011-XXXX [glib hashtable dos issues: ocert-2011-003]
 	- glib2.0 <unfixed> (low; bug #655044)
 CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain ...)
@@ -1221,7 +1226,7 @@
 CVE-2012-0330
 	RESERVED
 CVE-2012-0329 (Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows ...)
-	TODO: check
+	NOT-FOR-US: Cisco Digital Media Manager
 CVE-2012-0328
 	RESERVED
 CVE-2012-0327

More information about the Secure-testing-commits mailing list