jmm-guest at alioth.debian.org
2007-Sep-05 17:00 UTC
[Secure-testing-commits] r6515 - data/CVE
Author: jmm-guest
Date: 2007-09-05 17:00:14 +0000 (Wed, 05 Sep 2007)
New Revision: 6515
Modified:
data/CVE/list
Log:
no-dsa for contrib and non-free
NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-09-05 16:11:30 UTC (rev 6514)
+++ data/CVE/list 2007-09-05 17:00:14 UTC (rev 6515)
@@ -114,7 +114,7 @@
- php5 <unfixed> (unimportant)
NOTE: Safe mode violations not treated as vulnerabilities
CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12
allows ...)
- TODO: check
+ NOT-FOR-US: Mayaa
CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly
...)
NOT-FOR-US: Entrust Entelligence Security Provider
CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare
Workstation 6.0 ...)
@@ -202,7 +202,7 @@
CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet
in ...)
NOT-FOR-US: Novell
CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x
before ...)
- TODO: check
+ NOT-FOR-US: OpenSymphony XWork
CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP
allows ...)
NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in
tiki-remind_password.php ...)
@@ -272,7 +272,7 @@
CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager
before ...)
NOT-FOR-US: Novell Identity Manager
CVE-2007-4525 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: SPIP (was in unstable some time, but not in any supported release)
CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in
PhPress ...)
NOT-FOR-US: PhPress
CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe
Website ...)
@@ -296,7 +296,7 @@
CVE-2007-4516
RESERVED
CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll
before ...)
- TODO: check
+ NOT-FOR-US: Yahoo! Messenger
CVE-2007-4514
RESERVED
CVE-2007-4513
@@ -2052,6 +2052,7 @@
CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp
in ...)
- unrar-nonfree <unfixed> (low; bug #437703)
[etch] - unrar-nonfree <no-dsa> (Non-free not supported)
+ [sarge] - unrar-nonfree <no-dsa> (Non-free not supported)
- rar <unfixed> (low; bug #437704)
[etch] - rar <no-dsa> (Non-free not supported)
CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91
allows ...)
@@ -5058,7 +5059,9 @@
- tomcat4 <removed> (low)
- tomcat5 <unfixed> (low)
- tomcat5.5 <unfixed> (low)
+ [sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain
JSP ...)
+ [sarge] - tomcat4 <no-dsa> (Contrib not supported)
- tomcat4 <removed> (low)
- tomcat5 <unfixed> (low)
- tomcat5.5 <unfixed> (low)
@@ -5842,10 +5845,12 @@
- tomcat5.5 5.5.20-1 (low)
- tomcat5 <unfixed> (low)
- tomcat4 <removed> (low)
+ [sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp
in ...)
- tomcat5.5 5.5.20-1 (low)
- tomcat5 <unfixed> (low)
- tomcat4 <removed> (low)
+ [sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
- mixmaster 3.0b2-5 (low; bug #418662)
[etch] - mixmaster 3.0b2-4.etch1
@@ -7665,6 +7670,7 @@
- libapache-mod-security <removed>
CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications
using ...)
- tomcat4 <removed> (low)
+ [sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x
before ...)
{DSA-1304 DSA-1286-1}
- linux-2.6 2.6.20-1
@@ -7672,6 +7678,7 @@
REJECTED
CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- tomcat4 <removed> (low)
+ [sarge] - tomcat4 <no-dsa> (Contrib not supported)
- tomcat5 <unfixed> (low)
- tomcat5.5 <unfixed> (low)
CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in
JMX ...)