[Git][security-tracker-team/security-tracker][master] Update some older NFUs in Apache Derby to track the derby source package

Sat May 5 16:12:46 BST 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8abb2dc0 by Salvatore Bonaccorso at 2018-05-05T17:11:56+02:00
Update some older NFUs in Apache Derby to track the derby source package

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -130750,7 +130750,7 @@ CVE-2015-1833 (XML external entity (XXE) vulnerability in Apache Jackrabbit befo
 	- jackrabbit 2.10.1-1 (bug #787316)
 	NOTE: https://issues.apache.org/jira/browse/JCR-3883
 CVE-2015-1832 (XML external entity (XXE) vulnerability in the SqlXmlUtil code in ...)
-	NOT-FOR-US: Apache Derby
+	- derby <undetermined>
 CVE-2015-1831 (The default exclude patterns (excludeParams) in Apache Struts 2.3.20 ...)
 	- libstruts1.2-java <not-affected> (Affects only 2.3.20)
 	NOTE: https://struts.apache.org/docs/s2-024.html
@@ -220387,7 +220387,7 @@ CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as
 	- tiff3 <not-affected> (fixed prior to initial upload)
 	[lenny] - tiff <not-affected> (Only affects 3.9.x)
 CVE-2010-2232 (In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export ...)
-	NOT-FOR-US: Apache Derby
+	- derby <undetermined>
 CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in ...)
 	{DSA-2115-1}
 	- moodle 1.9.9-1 (bug #586280)
@@ -227822,7 +227822,7 @@ CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsm
 	{DSA-2080-1}
 	- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
 CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...)
-	NOT-FOR-US: Apache Derby
+	- derby <undetermined>
 CVE-2009-4268
 	REJECTED
 CVE-2009-4267 (The console in Apache jUDDI 3.0.0 does not properly escape line feeds, ...)
@@ -265366,9 +265366,9 @@ CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for
 CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for ...)
 	- ezpublish <not-affected> (Debian's version is too old)
 CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege ...)
-	NOT-FOR-US: Apache Derby
+	- derby <undetermined>
 CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...)
-	NOT-FOR-US: Apache Derby
+	- derby <undetermined>
 CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop ...)
 	NOT-FOR-US: Intel processor
 CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information ...)
@@ -265392,7 +265392,7 @@ CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain ...)
 CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and ...)
 	- ezpublish <removed> (bug #424790)
 CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password ...)
-	NOT-FOR-US: Apache Derby
+	- derby <undetermined>
 CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which ...)
 	- matrixssl 1.1-1
 CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8abb2dc0a3f9c2e7078f83c9c2102f8b682c8f4f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/8abb2dc0a3f9c2e7078f83c9c2102f8b682c8f4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180505/36511df5/attachment-0001.html>
