Author: jmm Date: 2011-07-21 14:51:40 +0000 (Thu, 21 Jul 2011) New Revision: 16964 Modified: data/CVE/list Log: new kernel issue (nfu) filed bugs for rails and tomcat, tomcat5.5 also affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-07-21 10:49:15 UTC (rev 16963) +++ data/CVE/list 2011-07-21 14:51:40 UTC (rev 16964) @@ -146,6 +146,7 @@ RESERVED CVE-2011-2707 RESERVED + - linux-2.6 <not-affected> (xtensa arch not used in Debian) CVE-2011-2706 RESERVED CVE-2011-2705 @@ -593,11 +594,9 @@ - qemu-kvm 0.14.1+dfsg-3 (bug #633669) - kvm <not-affected> (Vulnerable code not present) CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before ...) - - tomcat6 <undetermined> - - tomcat7 <undetermined> - NOTE: tomcat6 likely affected. sid: 6.0.32-5, fixed-upstream: 6.0.33 - NOTE: tomcat7 likely affected. sid: 7.0.16-3, fixed-upstream: 7.0.19 - TODO: check further packages + - tomcat6 <unfixed> (bug #634992) + - tomcat7 <unfixed> (bug #634992) + - tomcat5.5 <removed> (bug #634992) CVE-2011-2525 RESERVED - linux-2.6 2.6.35-1 @@ -1349,7 +1348,7 @@ [squeeze] - dbus 1.2.24-4+squeeze1 [lenny] - dbus <no-dsa> (Minor issue) CVE-2011-2197 (The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x ...) - - rails <undetermined> + - rails <unfixed> (bug #634990) NOTE: likely affected since sid is < 2.3.12 CVE-2011-2196 RESERVED