Author: stef-guest Date: 2007-05-11 20:08:46 +0000 (Fri, 11 May 2007) New Revision: 5826 Modified: data/CVE/list Log: - fix syntax - CVE-2007-1858 tomcat5.5 already fixed, tomcat4+5 affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-05-11 19:43:59 UTC (rev 5825) +++ data/CVE/list 2007-05-11 20:08:46 UTC (rev 5826) @@ -1572,7 +1572,11 @@ CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for ...) - xscreensaver <unfixed> (low) CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through ...) - TODO: check + NOTE: insecure ciphers should not be (and usually are not) enabled in browsers + [sarge] - tomcat4 <no-dsa> (low) + [etch] - tomcat5 <no-dsa> (low; bug #423435) + - tomcat5 <unfixed> (low; bug #423435) + - tomcat5.5 5.5.17-1 (low) CVE-2007-1857 RESERVED CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure ...) @@ -1612,7 +1616,7 @@ CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before ...) - net-snmp 5.2.2-1 (medium) CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 and later does not ...) - - tomcat4 <no-dsa> (affects deprecated HTTP/1.1 connector only) + [sarge] - tomcat4 <no-dsa> (affects deprecated HTTP/1.1 connector only) CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable] - initramfs-tools 0.85g (low; bug #417995) CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...)