keescook-guest at alioth.debian.org
2007-May-16 19:48 UTC
[Secure-testing-commits] r5849 - data/CVE
Author: keescook-guest
Date: 2007-05-16 19:48:50 +0000 (Wed, 16 May 2007)
New Revision: 5849
Modified:
data/CVE/list
Log:
NFUs: 2
unfixed: tomcat5
fixed: tomcat5.5
removed: tomcat4
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-05-16 19:34:30 UTC (rev 5848)
+++ data/CVE/list 2007-05-16 19:48:50 UTC (rev 5849)
@@ -209,7 +209,7 @@
CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3
and ...)
NOT-FOR-US: Motobit
CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in
the ...)
- NOT-FOR-US: myflash
+ NOT-FOR-US: myflash plugin for WordPress
CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php
in ...)
NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in
the ...)
@@ -219,7 +219,7 @@
CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php
in the ...)
NOT-FOR-US: wordTube plugin for WordPress
CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does
not ...)
- TODO: check
+ NOT-FOR-US: Mambo
CVE-2007-XXXX [schroot may use outdated configuration information]
- schroot <unfixed> (low; bug #422354)
[etch] - schroot <not-affected> (Only exploitable in unstable)
@@ -1022,9 +1022,13 @@
CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component Oracle
Database ...)
NOT-FOR-US: Oracle
CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar
application ...)
- TODO: check
+ - tomcat5.5 5.5.20-1 (low)
+ - tomcat5 <unfixed> (low)
+ - tomcat4 <removed> (low)
CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp
in ...)
- TODO: check
+ - tomcat5.5 5.5.20-1 (low)
+ - tomcat5 <unfixed> (low)
+ - tomcat4 <removed> (low)
CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
- mixmaster 3.0b2-5 (low; bug #418662)
[etch] - mixmaster 3.0b2-4.etch1
@@ -1592,6 +1596,7 @@
[etch] - tomcat5 <no-dsa> (low; bug #423435)
- tomcat5 <unfixed> (low; bug #423435)
- tomcat5.5 5.5.17-1 (low)
+ - tomcat4 <removed> (low)
CVE-2007-1857
RESERVED
CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with
insecure ...)
@@ -2796,7 +2801,7 @@
CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and
...)
- libapache-mod-security <removed>
CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications
using ...)
- TODO: check
+ - tomcat4 <removed> (low)
CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x
before ...)
{DSA-1286-1}
- linux-2.6 2.6.20-1