Author: luk
Date: 2012-01-01 10:52:37 +0000 (Sun, 01 Jan 2012)
New Revision: 17956
Modified:
data/CVE/list
Log:
Mark some more as removed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-01-01 10:35:28 UTC (rev 17955)
+++ data/CVE/list 2012-01-01 10:52:37 UTC (rev 17956)
@@ -5682,7 +5682,7 @@
CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat
7.0.0 ...)
- tomcat6 <unfixed>
- tomcat7 7.0.21-1
- - tomcat5.5 <removed>
+ - tomcat5.5 <unfixed>
CVE-2011-3189 (The crypt function in PHP 5.3.7, when the MD5 hash type is used,
...)
- php5 5.3.8-1
[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
@@ -7635,7 +7635,7 @@
CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x
before ...)
- tomcat6 6.0.32-7 (bug #634992)
- tomcat7 7.0.19-1 (bug #634992)
- - tomcat5.5 <removed> (bug #634992)
+ - tomcat5.5 <unfixed> (bug #634992)
CVE-2011-2525
RESERVED
{DSA-2310-1 DSA-2303-1}
@@ -31568,7 +31568,7 @@
NOT-FOR-US: MyMsg
CVE-2009-3525 (The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does
not ...)
- xen-3 <unfixed> (unimportant)
- - xen-unstable <unfixed> (unimportant)
+ - xen-unstable <removed> (unimportant)
NOTE: This is an enhancement, not a security issue.
NOTE: A user must have access to a guest hard drive image in order to boot it,
NOTE: so he can simply mount the drive and remove the password option.
@@ -40795,7 +40795,7 @@
[etch] - systemtap <not-affected> (vulnerable code not present)
CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and
6.0.0 ...)
{DSA-2207-1}
- - tomcat5.5 <unfixed> (low; bug #532366)
+ - tomcat5.5 <removed> (low; bug #532366)
- tomcat6 6.0.20-1 (low; bug #532362)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
- tomcat5 <removed> (low; bug #532363)
@@ -40803,7 +40803,7 @@
REJECTED
CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in
the ...)
{DSA-2207-1}
- - tomcat5.5 <unfixed> (unimportant; bug #532366)
+ - tomcat5.5 <removed> (unimportant; bug #532366)
- tomcat6 6.0.20-1 (unimportant; bug #532362)
- tomcat5 <removed> (unimportant; bug #532363)
NOTE: Just examples on how to use Tomcat, not for production
@@ -41896,7 +41896,7 @@
- tomcat6 6.0.20-1 (low; bug #532362)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
- tomcat5 <removed> (low; bug #532363)
- - tomcat5.5 <unfixed> (low; bug #532366)
+ - tomcat5.5 <removed> (low; bug #532366)
CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age
...)
- pam 1.0.1-10 (unimportant; bug #514437)
NOTE: the ability to change a password earlier than scheduled is not a
security
@@ -44497,7 +44497,7 @@
- tomcat6 6.0.28-1
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
- tomcat5 <removed> (medium; bug #532363)
- - tomcat5.5 <unfixed> (medium; bug #532366)
+ - tomcat5.5 <removed> (medium; bug #532366)
CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server
(CS) ...)
NOT-FOR-US: issue affects pdfdistiller
CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
@@ -44737,7 +44737,7 @@
CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0
...)
{DSA-2207-1}
- tomcat5 <removed> (bug #532363)
- - tomcat5.5 <unfixed> (bug #532366)
+ - tomcat5.5 <removed> (bug #532366)
- tomcat6 6.0.20-1 (bug #532362)
[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the ...)
@@ -47483,7 +47483,7 @@
[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus
minor issue)
CVE-2008-4405 (xend in Xen 3.0.3 does not properly limit the contents of the
...)
- xen-3 3.4.0-1 (bug #503811)
- - xen-unstable <unfixed>
+ - xen-unstable <removed>
NOTE: a proposed patch leads to new problems, see CVE-2008-5716
CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM
...)
NOT-FOR-US: IPv6 NDP on IBM zSeries
@@ -53363,7 +53363,7 @@
- qemu 0.9.1-5
- kvm 66+dfsg-1.1 (bug #481204)
- xen-3 3.4.0-1 (bug #490409)
- - xen-unstable <unfixed> (bug #490411)
+ - xen-unstable <removed> (bug #490411)
- xen-3.0 <removed>
CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the
web ...)
NOT-FOR-US: BadBlue
@@ -63946,7 +63946,7 @@
NOT-FOR-US: AkkyWareHOUSE
CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in
the ...)
- tomcat5.5 <not-affected> (Version already ships fixed files)
- - tomcat5 <unfixed> (unimportant; bug #441205)
+ - tomcat5 <removed> (unimportant; bug #441205)
- libservlet2.4-java 5.0.30-6 (unimportant)
NOTE: DSA should not be required, minor issue, jsp just present as example
CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control
Panel ...)
@@ -66350,10 +66350,10 @@
CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make
use of ...)
NOT-FOR-US: Solaris
CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs
scheduling ...)
- - kfreebsd-5 <unfixed> (low)
+ - kfreebsd-5 <removed> (low)
[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference
to ...)
- - kfreebsd-5 <unfixed> (low)
+ - kfreebsd-5 <removed> (low)
[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs
scheduling ...)
- linux-2.6 <not-affected> (There''s a separate ID for 2.6, see
CVE-2007-3719)
@@ -69444,7 +69444,7 @@
CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
Manager ...)
{DSA-1468-1}
- tomcat4 <removed> (low)
- - tomcat5 <unfixed> (low)
+ - tomcat5 <removed> (low)
- tomcat5.5 5.5.25-1 (low)
[sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain
JSP ...)
@@ -70014,7 +70014,7 @@
CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of
service ...)
{DSA-1356-1}
- linux-2.6 2.6.21-1 (low; bug #421595)
- - kfreebsd-5 <unfixed> (low)
+ - kfreebsd-5 <removed> (low)
[etch] - kfreebsd-5 <no-dsa> (No security support for KFreeBSD)
NOTE: This should be off by default, tweakable by a simple knob.
NOTE: (FreeBSD has it turned on for hosts, too.)
@@ -70297,7 +70297,7 @@
NOT-FOR-US: Oracle
CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar
application ...)
- tomcat5.5 5.5.16-1 (unimportant)
- - tomcat5 <unfixed> (unimportant)
+ - tomcat5 <removed> (unimportant)
- tomcat4 <removed> (unimportant)
NOTE: Only present in an example, not in production code
CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp
in ...)
@@ -70887,7 +70887,7 @@
NOTE: insecure ciphers should not be (and usually are not) enabled in browsers
[sarge] - tomcat4 <no-dsa> (low)
[etch] - tomcat5 <no-dsa> (low; bug #423435)
- - tomcat5 <unfixed> (low; bug #423435)
+ - tomcat5 <removed> (low; bug #423435)
- tomcat5.5 5.5.17-1 (low)
- tomcat4 <removed> (low)
CVE-2007-1857
@@ -78393,7 +78393,7 @@
CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako
...)
NOT-FOR-US: Kayako SupportSuite
CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1
allows ...)
- - kfreebsd-5 <unfixed>
+ - kfreebsd-5 <removed>
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local
users to ...)
{DSA-1503-2 DSA-1504-1 DSA-1503-1}
@@ -78726,7 +78726,7 @@
CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and
before ...)
- libarchive 1.3.1-1 (unimportant)
CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1
allows ...)
- - kfreebsd-5 <unfixed> (medium)
+ - kfreebsd-5 <removed> (medium)
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5678 (** DISPUTED ** ...)
NOT-FOR-US: Les Visiteurs
@@ -78989,7 +78989,7 @@
CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might
allow ...)
NOT-FOR-US: QK SMTP
CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to
cause ...)
- - kfreebsd-5 <unfixed> (low)
+ - kfreebsd-5 <removed> (low)
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5549 (** DISPUTED ** ...)
NOT-FOR-US: Adobe PHP SDK
@@ -79142,10 +79142,10 @@
CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager
2.2.0 ...)
NOT-FOR-US: SSH Tectia
CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an
unspecified ...)
- - kfreebsd-5 <unfixed> (low)
+ - kfreebsd-5 <removed> (low)
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an
unspecified ...)
- - kfreebsd-5 <unfixed> (low)
+ - kfreebsd-5 <removed> (low)
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in 2le.net
Castor ...)
NOT-FOR-US: Castor
@@ -81304,7 +81304,7 @@
CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a
...)
NOT-FOR-US: Novell iManager
CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local
users to ...)
- - kfreebsd-5 <unfixed> (low)
+ - kfreebsd-5 <removed> (low)
[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-4515
RESERVED
@@ -82110,7 +82110,7 @@
CVE-2006-4179
RESERVED
CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD
5.5, and ...)
- - kfreebsd-5 <unfixed> (bug #391289; low)
+ - kfreebsd-5 <removed> (bug #391289; low)
[etch] - kfreebsd-5 <no-dsa> (Etch doesn''t have security
support for the FreeBSD kernel)
CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell
eDirectory ...)
NOT-FOR-US: Novell eDirectory
@@ -82123,7 +82123,7 @@
CVE-2006-4173
RESERVED
CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in
FreeBSD ...)
- - kfreebsd-5 <unfixed> (bug #391289; low)
+ - kfreebsd-5 <removed> (bug #391289; low)
[etch] - kfreebsd-5 <no-dsa> (Etch doesn''t have security
support for the FreeBSD kernel)
CVE-2006-4171
RESERVED