thr3ads.net - Secure testing commits - [Secure-testing-commits] r7834

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2008-Jan-05 01:03 UTC
[Secure-testing-commits] r7834 - data/CVE

Author: jmm-guest
Date: 2008-01-05 01:03:11 +0000 (Sat, 05 Jan 2008)
New Revision: 7834

Modified:
   data/CVE/list
Log:
tomcat cleanups


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-01-05 00:59:57 UTC (rev 7833)
+++ data/CVE/list	2008-01-05 01:03:11 UTC (rev 7834)
@@ -2022,9 +2022,9 @@
 	NOTE: Not exploitable in real-world circumstances:
 	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
 CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection
mechanisms ...)
-	- php5 <unfixed> (bug #453295)
+	NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the patch
+	NOTE: from CVS and later re-introduction
 	NOTE: http://bugs.php.net/bug.php?id=41561
-	NOTE: having trouble fetching the diffs for this...
 CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites
local ...)
 	{DSA-1444-1}
 	- php5 <unfixed> (bug #453295)
@@ -3976,9 +3976,8 @@
 CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat 4.0.0
through ...)
 	{DSA-1447-1}
 	- tomcat5.5 5.5.25-2 (low; bug #448664)
-	[etch] - tomcat5 <unfixed>
-	NOTE: see
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705
at apache.org%3E
-	NOTE: for the patch
+	- tomcat5 <removed>
+	NOTE: patch:
http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705
at apache.org%3E
 CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through
4.01.010 ...)
 	NOT-FOR-US: HP Select Identity
 CVE-2007-5390 (PHP remote file inclusion vulnerability in index.php in PicoFlat
CMS ...)
@@ -4097,7 +4096,6 @@
 	{DSA-1447-1}
 	- tomcat5.5 5.5.25-4 (low; bug #458237)
 	- tomcat5 <not-affected> (Vulnerable code not present)
-	[etch] - tomcat5.5 5.5.20-2etch1
 CVE-2007-5341
 	RESERVED
 CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla
Firefox ...)
@@ -8874,23 +8872,20 @@
 CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager
Servlet ...)
 	{DSA-1447-1}
 	- tomcat5.5 5.5.25-1
-	NOTE: patch can be found in
http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
 CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30,
4.1.0 ...)
 	{DSA-1447-1}
 	- tomcat5.5 5.5.25-1
 	- tomcat5 <removed>
-	NOTE: patch can be found in
http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
 CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: tomcat 3.3
 CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in
the ...)
 	- tomcat4 <removed> (low)
-	[sarge] - tomcat4 <no-dsa> (minor issue)
+	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
 	NOTE: affects example app in tomcat4-webapps
 CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30,
4.1.0 ...)
 	{DSA-1447-1}
 	- tomcat5.5 5.5.25-1
 	- tomcat5 <removed>
-	NOTE: patch can be found in
http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
 CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13,
2.16.x ...)
 	- gdm 2.18.4-1 (low)
 	[sarge] - gdm <no-dsa> (Minor issue)
Secure testing commits - Jan 2008 - r7834 - data/CVE

[Secure-testing-commits] r7834 - data/CVE
