Moritz Muehlenhoff
2009-Jul-25 13:34 UTC
[Secure-testing-commits] r12411 - in data: . CVE packages
Author: jmm-guest
Date: 2009-07-25 13:34:25 +0000 (Sat, 25 Jul 2009)
New Revision: 12411
Modified:
data/CVE/list
data/packages/removed-packages
data/problematic-packages
Log:
- jetty fixed in experimental
- jetty CVEfied, remove dupe
- verlihub removed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-07-25 11:38:54 UTC (rev 12410)
+++ data/CVE/list 2009-07-25 13:34:25 UTC (rev 12411)
@@ -2753,8 +2753,10 @@
NOT-FOR-US: Directadmin
CVE-2009-1524 (Cross-site scripting (XSS) vulnerability in Mort Bay Jetty
before ...)
- jetty <unfixed> (low; bug #527571)
+ NOTE: Fixed in experimental
CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay
Jetty ...)
- jetty <unfixed> (low; bug #528389)
+ NOTE: Fixed in experimental
CVE-2009-1522 (The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through
5.5.1.17 ...)
NOT-FOR-US: Tivoli
CVE-2009-1521 (Unspecified vulnerability in the Java GUI in the IBM Tivoli
Storage ...)
@@ -2861,10 +2863,6 @@
NOT-FOR-US: EZ Hot or Not
CVE-2008-6775 (HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers
to ...)
NOT-FOR-US: HTC Touch
-CVE-2009-XXXX [jetty: Vulnerability in ResourceHandler and DefaultServlet with
aliases]
- - jetty <unfixed>
- NOTE: http://jira.codehaus.org/browse/JETTY-1004
- NOTE: It''s not entirely clear, whether version 5 is affected
CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses ...)
- memcached 1.2.8-1 (low; bug #526554)
[lenny] - memcached <not-affected> (Affected compile-time options not
set)
@@ -10296,13 +10294,9 @@
{DSA-1709-1}
- shadow 1:4.1.1-6 (bug #505271)
CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger
...)
- - verlihub <unfixed> (low; bug #506530)
- TODO: further investigation on this package is needed
- NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
+ - verlihub <removed> (low; bug #506530)
CVE-2008-5705 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger
...)
- - verlihub <unfixed> (low; bug #506530)
- TODO: further investigation on this package is needed
- NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
+ - verlihub <removed> (low; bug #506530)
CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5
allows ...)
- rails 2.1.0-6 (low)
CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential,
and ...)
Modified: data/packages/removed-packages
==================================================================---
data/packages/removed-packages 2009-07-25 11:38:54 UTC (rev 12410)
+++ data/packages/removed-packages 2009-07-25 13:34:25 UTC (rev 12411)
@@ -215,3 +215,5 @@
openssh-krb5
atmailopen
phpicalendar
+verlihub
+
Modified: data/problematic-packages
==================================================================---
data/problematic-packages 2009-07-25 11:38:54 UTC (rev 12410)
+++ data/problematic-packages 2009-07-25 13:34:25 UTC (rev 12411)
@@ -26,10 +26,3 @@
xpdf: (May 2009)
No maintainer upload for two years, frequent security issues.
Filed RC bug about maintenance status: #527840
-
-----
-
-verlihub: (May 2009)
-No maintainer upload for one year, no reply to RC security bug
-#506530 for six months as of 2009-05-21
-Requested removal from the archive: 529817