Author: nion Date: 2007-11-30 15:46:18 +0000 (Fri, 30 Nov 2007) New Revision: 7443 Modified: data/CVE/list Log: CVE-2007-3387 does not affect ipe Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-30 14:59:27 UTC (rev 7442) +++ data/CVE/list 2007-11-30 15:46:18 UTC (rev 7443) @@ -1,3 +1,6 @@ +CVE-2007-6171 [sql injection issue in asterisk res_config_pgsql module] + - asterisk <unfixed> (medium) + NOTE: maintainer is aware of it, preparing upload atm CVE-2007-6170 [sql injection issue in asterisk cdr_pgsql module] - asterisk <unfixed> (medium) NOTE: maintainer is aware of it, preparing upload atm @@ -7326,7 +7329,7 @@ NOTE: links to poppler since 0.8-4, thus marking as fixed - libextractor 0.5.12-1 NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed - TODO: check ipe (only small parts, but with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp) + - ipe <not-affected> (Does not include the vulnerable code) CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...) - tomcat5.5 5.5.25-1 NOTE: patch can be found in http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm