[Secure-testing-commits] r20074 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Sat Sep 1 17:29:30 UTC 2012
Author: geissert
Date: 2012-09-01 17:29:30 +0000 (Sat, 01 Sep 2012)
New Revision: 20074
Modified:
data/CVE/list
Log:
possible issues in struts 1.2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-31 22:45:00 UTC (rev 20073)
+++ data/CVE/list 2012-09-01 17:29:30 UTC (rev 20074)
@@ -2772,7 +2772,6 @@
- horizon 2012.1.1-5 (bug #686050)
CVE-2012-3539
REJECTED
- NOTE: to be rejected
CVE-2012-3538
RESERVED
CVE-2012-3537
@@ -7641,7 +7640,6 @@
- drupal7 7.14-1 (bug #671402)
CVE-2012-1587
REJECTED
- NOTE: To be rejected
CVE-2012-1585 (OpenStack Compute (Nova) Essex before 2011.3 allows remote ...)
- nova 2012-1~rc3-1 (bug #666888)
CVE-2012-1584
@@ -13577,7 +13575,6 @@
NOT-FOR-US: Joomla
CVE-2011-4331
REJECTED
- NOTE: Duplicate of CVE-2011-4110, will be rejected
CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in ...)
- linux-2.6 3.1.4-1
[squeeze] - linux-2.6 2.6.32-40
@@ -14356,7 +14353,6 @@
NOT-FOR-US: JBoss Enterprise SOA Platform
CVE-2011-4084
REJECTED
- NOTE: Will be rejected to avoid confusion
CVE-2011-4083
RESERVED
NOT-FOR-US: RedHat sos
@@ -18716,7 +18712,6 @@
NOTE: so we do not appear to be affected directly.
CVE-2011-2708
REJECTED
- NOTE: duplicate of CVE-2011-2710, will be rejected
CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the ...)
- linux-2.6 <not-affected> (xtensa arch not used in Debian)
CVE-2011-2706
@@ -21312,7 +21307,7 @@
RESERVED
NOT-FOR-US: virt-v2v
CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache ...)
- NOT-FOR-US: Apache Struts 2.x
+ - libstruts1.2-java <not-affected> (xwork introduced in 2.x)
CVE-2011-1771 (The cifs_close function in fs/cifs/file.c in the Linux kernel before ...)
- linux-2.6 2.6.38-4
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
@@ -50453,9 +50448,11 @@
CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and ...)
NOT-FOR-US: Sun Solaris
CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other ...)
- NOT-FOR-US: Apache Tiles
+ - libstruts1.2-java <undetermined>
+ TODO: check
CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
- NOT-FOR-US: Apache Struts 2.x
+ - libstruts1.2-java <undetermined>
+ TODO: check
CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo ...)
NOT-FOR-US: Dojo
CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and ...)
More information about the Secure-testing-commits
mailing list