Author: geissert
Date: 2010-01-24 23:31:05 +0000 (Sun, 24 Jan 2010)
New Revision: 13899
Modified:
data/CVE/list
Log:
three tomcat issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-01-24 23:00:20 UTC (rev 13898)
+++ data/CVE/list 2010-01-24 23:31:05 UTC (rev 13899)
@@ -6017,10 +6017,18 @@
{DSA-1928-1 DSA-1915-1}
- linux-2.6 2.6.31-1 (low)
- linux-2.6.24 <removed> (low)
-CVE-2009-2902
+CVE-2009-2902 [tomcat directory traversal via WAR file names]
RESERVED
-CVE-2009-2901
+ - tomcat6 <unfixed>
+ - tomcat5 <removed>
+ TODO: check
+ NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
+CVE-2009-2901 [tomcat insecure partial deploy after failed undeploy]
RESERVED
+ - tomcat6 <unfixed>
+ - tomcat5 <removed>
+ TODO: check
+ NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
CVE-2009-2900
RESERVED
CVE-2009-2899
@@ -6837,8 +6845,12 @@
- pidgin 2.5.9-1 (medium; bug #542486)
[lenny] - gaim <not-affected> (Only a transitional package)
- gaim <removed>
-CVE-2009-2693
+CVE-2009-2693 [tomcat directory traversal via WAR files]
RESERVED
+ - tomcat6 <unfixed>
+ - tomcat5 <removed>
+ TODO: check
+ NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through
2.4.37.4, ...)
{DSA-1864-1 DSA-1865-1 DSA-1862-1}
- linux-2.6 2.6.30-6 (high; bug #541403)