Secure testing commits - Jul 2010 - r14982 - data/CVE

Author: jmm-guest
Date: 2010-07-12 16:40:53 +0000 (Mon, 12 Jul 2010)
New Revision: 14982

Modified:
   data/CVE/list
Log:
- imp fixed
- spring is in the archive
- more tiff non issues
- new tomcat6 issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-07-12 15:48:08 UTC (rev 14981)
+++ data/CVE/list	2010-07-12 16:40:53 UTC (rev 14982)
@@ -41,9 +41,9 @@
 CVE-2010-2632
 	RESERVED
 CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the
first ...)
-	TODO: check
+	- tiff <unfixed> (unimportant)
 CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not
properly ...)
-	TODO: check
+	- tiff <unfixed> (unimportant)
 CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software
8.20.4.02 ...)
 	TODO: check
 CVE-2010-2628
@@ -1026,8 +1026,10 @@
 	- moodle 1.9.9-1 (bug #586280)
 CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET
access-control ...)
 	- moodle 1.9.9-1 (bug #586280)
-CVE-2010-2227
+CVE-2010-2227 [tomcat Apache Tomcat Remote Denial Of Service and Information
Disclosure Vulnerability]
 	RESERVED
+	- tomcat5 <removed>
+	- tomcat6 <unfixed> (bug filed)
 CVE-2010-2226 [xfs SWAPEXT ioctl permissions bypass]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -2582,7 +2584,7 @@
 CVE-2010-1623
 	RESERVED
 CVE-2010-1622 (SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7
before ...)
-	NOT-FOR-US: SpringSource Spring Framework
+	- libspring-2.5-java
 CVE-2010-1621 (The mysql_uninstall_plugin function in sql/sql_plugin.cc in
MySQL ...)
 	- mysql-5.1 5.1.46-1
 	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
@@ -6093,7 +6095,7 @@
 CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web
browser ...)
 	- roundcube 0.3.1-3 (bug #569660)
 CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web
browser ...)
-	- imp4 <unfixed> (low; bug #569661)
+	- imp4 4.3.7+debian0-2 (low; bug #569661)
 	[lenny] - imp4 <no-dsa> (Minor issue)
 CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.7 and 9.7.1 on Linux
allows ...)
 	NOT-FOR-US: IBM DB2