[Secure-testing-commits] r20074 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Sat Sep 1 17:29:30 UTC 2012 

Author: geissert
Date: 2012-09-01 17:29:30 +0000 (Sat, 01 Sep 2012)
New Revision: 20074

Modified:
   data/CVE/list
Log:
possible issues in struts 1.2


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-08-31 22:45:00 UTC (rev 20073)
+++ data/CVE/list	2012-09-01 17:29:30 UTC (rev 20074)
@@ -2772,7 +2772,6 @@
 	- horizon 2012.1.1-5 (bug #686050)
 CVE-2012-3539
 	REJECTED
-	NOTE: to be rejected
 CVE-2012-3538
 	RESERVED
 CVE-2012-3537
@@ -7641,7 +7640,6 @@
 	- drupal7 7.14-1 (bug #671402)
 CVE-2012-1587
 	REJECTED
-	NOTE: To be rejected
 CVE-2012-1585 (OpenStack Compute (Nova) Essex before 2011.3 allows remote ...)
 	- nova 2012-1~rc3-1 (bug #666888)
 CVE-2012-1584
@@ -13577,7 +13575,6 @@
 	NOT-FOR-US: Joomla
 CVE-2011-4331
 	REJECTED
-	NOTE: Duplicate of CVE-2011-4110, will be rejected
 CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in ...)
 	- linux-2.6 3.1.4-1
 	[squeeze] - linux-2.6 2.6.32-40
@@ -14356,7 +14353,6 @@
 	NOT-FOR-US: JBoss Enterprise SOA Platform
 CVE-2011-4084
 	REJECTED
-	NOTE: Will be rejected to avoid confusion
 CVE-2011-4083
 	RESERVED
 	NOT-FOR-US: RedHat sos
@@ -18716,7 +18712,6 @@
 	NOTE: so we do not appear to be affected directly.
 CVE-2011-2708
 	REJECTED
-	NOTE: duplicate of CVE-2011-2710, will be rejected
 CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the ...)
 	- linux-2.6 <not-affected> (xtensa arch not used in Debian)
 CVE-2011-2706
@@ -21312,7 +21307,7 @@
 	RESERVED
 	NOT-FOR-US: virt-v2v
 CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache ...)
-	NOT-FOR-US: Apache Struts 2.x
+	- libstruts1.2-java <not-affected> (xwork introduced in 2.x)
 CVE-2011-1771 (The cifs_close function in fs/cifs/file.c in the Linux kernel before ...)
 	- linux-2.6 2.6.38-4
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
@@ -50453,9 +50448,11 @@
 CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other ...)
-	NOT-FOR-US: Apache Tiles
+	- libstruts1.2-java <undetermined>
+	TODO: check
 CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
-	NOT-FOR-US: Apache Struts 2.x
+	- libstruts1.2-java <undetermined>
+	TODO: check
 CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo ...)
 	NOT-FOR-US: Dojo
 CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and ...)

More information about the Secure-testing-commits mailing list