Author: jmm Date: 2011-09-29 15:03:02 +0000 (Thu, 29 Sep 2011) New Revision: 17331 Modified: data/CVE/list Log: - new tomcat issue - one php5 issue a non-issue - cyrus-imapd-2.2 not fixed (however, will be turned to a dummy upgrade package in sid) Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-09-29 10:39:27 UTC (rev 17330) +++ data/CVE/list 2011-09-29 15:03:02 UTC (rev 17331) @@ -1515,10 +1515,10 @@ CVE-2011-3209 RESERVED CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c ...) - - cyrus-imapd-2.2 2.4.11-1 (medium) + - cyrus-imapd-2.2 <unfixed> (medium) - cyrus-imapd-2.4 2.4.11-1 (medium) - kolab-cyrus-imapd <unfixed> (medium) - TODO: file bugs + TODO: file bug for kolab-cyrus-imapd CVE-2011-3207 (crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not ...) - openssl 1.0.0e-1 [squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d) @@ -1600,7 +1600,8 @@ CVE-2011-3183 RESERVED CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the ...) - - php5 <undetermined> + - php5 5.3.7-1 (unimportant) + NOTE: exploitable by malicious scripts only CVE-2011-3181 (Multiple cross-site scripting (XSS) vulnerabilities in the Tracking ...) - phpmyadmin 4:3.4.4-1 [lenny] - phpmyadmin <not-affected> (Vulnerable code not present) @@ -7197,6 +7198,9 @@ NOTE: http://trac.webkit.org/changeset/74853 CVE-2011-1184 RESERVED + - tomcat6 <unfixed> + - tomcat7 7.0.12 + - tomcat5.5 <removed> CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration, does ...) - tomcat6 <not-affected> (Only affects Tomcat 7) CVE-2011-1182