Secure testing commits - Oct 2007 - r6777 - data/CVE

Author: nion
Date: 2007-10-03 19:48:11 +0000 (Wed, 03 Oct 2007)
New Revision: 6777

Modified:
   data/CVE/list
Log:
CVE-2007-1355, CVS-2007-2449 and CVE-2007-2450 fixed in tomcat5.5 5.5.25-1


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-03 11:24:12 UTC (rev 6776)
+++ data/CVE/list	2007-10-03 19:48:11 UTC (rev 6777)
@@ -6309,13 +6309,13 @@
 CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1)
Manager ...)
 	- tomcat4 <removed> (low)
 	- tomcat5 <unfixed> (low)
-	- tomcat5.5 <unfixed> (low)
+	- tomcat5.5 5.5.25-1 (low)
 	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
 CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain
JSP ...)
 	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
 	- tomcat4 <removed> (low)
 	- tomcat5 <unfixed> (low)
-	- tomcat5.5 <unfixed> (low)
+	- tomcat5.5 5.5.25-1 (low)
 CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the
&quot;partial ...)
 	- subversion 1.4.4dfsg1-1 (bug #428194; low)
 	[etch] - subversion <no-dsa> (Minor issue)
@@ -8937,7 +8937,7 @@
 	- tomcat4 <removed> (low)
 	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
 	- tomcat5 <unfixed> (low)
-	- tomcat5.5 <unfixed> (low)
+	- tomcat5.5 5.5.25-1 (low)
 CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in
JMX ...)
 	NOT-FOR-US: JBoss Application Server
 CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support
in the ...)