Author: nion Date: 2008-02-13 21:12:56 +0000 (Wed, 13 Feb 2008) New Revision: 8155 Modified: data/CVE/list Log: CVE-2007-6286 does not affect tomcat5.5, tomcat5 removed Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-02-13 20:48:55 UTC (rev 8154) +++ data/CVE/list 2008-02-13 21:12:56 UTC (rev 8155) @@ -2556,9 +2556,8 @@ CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in Lxlabs ...) NOT-FOR-US: HyperVM CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the ...) - TODO: check - NOTE: poked maintainer if we make use of the apr backend, I guess not because - NOTE: libapr is not the build-deps + - tomcat5.5 <not-affected> (Does not use apr connector) + - tomcat5 <removed> CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux ...) NOTE: maintainer will patch autofs5 in upload to unstable TODO: check when autofs5 hits unstable