Author: nion Date: 2007-10-07 09:26:03 +0000 (Sun, 07 Oct 2007) New Revision: 6849 Modified: data/CVE/list Log: CVE-2007-3386,CVE-2007-3385 and CVE-2007-3382 fixed in tomcat5.5 5.5.25-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-10-07 08:35:23 UTC (rev 6848) +++ data/CVE/list 2007-10-07 09:26:03 UTC (rev 6849) @@ -4197,10 +4197,12 @@ NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed TODO: check ipe (only small parts, but with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp) CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...) - - tomcat5.5 <unfixed> + - tomcat5.5 5.5.25-1 + NOTE: patch can be found in http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...) - - tomcat5.5 <unfixed> + - tomcat5.5 5.5.25-1 - tomcat5 <removed> + NOTE: patch can be found in http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: tomcat 3.3 CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the ...) @@ -4208,8 +4210,9 @@ [sarge] - tomcat4 <no-dsa> (minor issue) NOTE: affects example app in tomcat4-webapps CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...) - - tomcat5.5 <unfixed> + - tomcat5.5 5.5.25-1 - tomcat5 <removed> + NOTE: patch can be found in http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x ...) - gdm 2.18.4-1 (low) [sarge] - gdm <no-dsa> (Minor issue)