Author: derevko-guest
Date: 2009-06-08 21:08:52 +0000 (Mon, 08 Jun 2009)
New Revision: 12080
Modified:
data/CVE/list
Log:
new tomcat issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-08 20:56:42 UTC (rev 12079)
+++ data/CVE/list 2009-06-08 21:08:52 UTC (rev 12080)
@@ -3707,13 +3707,17 @@
{DSA-1755-1}
- systemtap 0.0.20090314-2
[etch] - systemtap <not-affected> (vulnerable code not present)
-CVE-2009-0783
+CVE-2009-0783 [Apache Tomcat Information disclosure]
RESERVED
+ - tomcat5.5 <unfixed> (low; bug #532366)
+ - tomcat6 6.0.20-1 (low; bug #532362)
+ - tomcat5 <removed> (low; bug #532363)
CVE-2009-0782
REJECTED
CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in
the ...)
- - tomcat5.5 <unfixed> (unimportant)
- - tomcat6 <unfixed> (unimportant)
+ - tomcat5.5 <unfixed> (unimportant; bug #532366)
+ - tomcat6 6.0.20-1 (unimportant; bug #532362)
+ - tomcat5 <removed> (unimportant; bug #532363)
NOTE: Just examples on how to use Tomcat, not for production
CVE-2009-0780 (The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3
and ...)
NOT-FOR-US: CVE-2009-0780
@@ -4761,8 +4765,11 @@
CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2,
as ...)
{DSA-1769-1 DSA-1745-1}
- lcms 1.18.dfsg-1 (bug #522446)
-CVE-2009-0580
+CVE-2009-0580 [Apache Tomcat Information disclosure]
RESERVED
+ - tomcat6 6.0.20-1 (low; bug #532362)
+ - tomcat5 <removed> (low; bug #532363)
+ - tomcat5.5 <unfixed> (low; bug #532366)
CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age
...)
- pam <unfixed> (unimportant; bug #514437)
[etch] - pam <no-dsa> (violation of administrator''s policy, not
a vulnerability)
@@ -7285,8 +7292,11 @@
CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly
interpret ...)
- sudo 1.6.9p17-2 (medium)
[etch] - sudo <not-affected> (Vulnerable code not present)
-CVE-2009-0033
+CVE-2009-0033 [Apache Tomcat denial of service]
RESERVED
+ - tomcat6 6.0.20-1 (medium; bug #532362)
+ - tomcat5 <removed> (medium; bug #532363)
+ - tomcat5.5 <unfixed> (medium; bug #532366)
CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server
(CS) ...)
NOT-FOR-US: issue affects pdfdistiller
CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)