Secure testing commits - Dec 2010 - r15722 - data/CVE

Author: jmm-guest
Date: 2010-12-21 17:26:19 +0000 (Tue, 21 Dec 2010)
New Revision: 15722

Modified:
   data/CVE/list
Log:
- debian only builds a minor subset of jboss
- debian not affected by mantis issues
- git fixed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-12-21 08:54:30 UTC (rev 15721)
+++ data/CVE/list	2010-12-21 17:26:19 UTC (rev 15722)
@@ -621,16 +621,13 @@
 	RESERVED
 CVE-2010-4350 [mantisbt local file inclusion]
 	RESERVED
-	- mantis <unfixed>
-	TODO: check
+	- mantis <not-affected> (admin dir procected in Apache config, see
#607159)
 CVE-2010-4349 [mantisbt path disclosure]
 	RESERVED
-	- mantis <unfixed>
-	TODO: check
+	- mantis <not-affected> (admin dir procected in Apache config, see
#607159)
 CVE-2010-4348 [mantisbt XSS]
 	RESERVED
-	- mantis <unfixed>
-	TODO: check
+	- mantis <not-affected> (admin dir procected in Apache config, see
#607159)
 CVE-2010-4347
 	RESERVED
 	- linux-2.6 <not-affected> (Introduced in 2.6.33 and fixed in 2.6.36.2,
we never released an affected kernel)
@@ -1703,8 +1700,7 @@
 	RESERVED
 CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and
earlier ...)
 	- git-core <removed>
-	- git <unfixed>
-	TODO: check
+	- git 1:1.7.2.3-2.2
 CVE-2010-3905
 	RESERVED
 	- eucalyptus <unfixed>
@@ -1768,8 +1764,7 @@
 	- fuse <unfixed> (bug #602333)
 CVE-2010-3878 [JBoss EAP jmx console FileDeployment CSRF]
 	RESERVED
-	- jbossas4a <unfixed>
-	TODO: check
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
 CVE-2010-3877
 	RESERVED
 	{DSA-2126-1}
@@ -1816,8 +1811,7 @@
 	NOT-FOR-US: Apache Shiro / JSecurity
 CVE-2010-3862 [JBoss Remoting Denial-Of-Service]
 	RESERVED
-	- jbossas4 <unfixed>
-	TODO: check
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
 CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the
Linux ...)
 	- linux-2.6 2.6.32-29
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
@@ -2297,8 +2291,7 @@
 	- php5 5.3.3-4 (bug #603751)
 CVE-2010-3708 [JBoss drools deserialization remote code execution]
 	RESERVED
-	- jbossas4 <unfixed>
-	TODO: check
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
 CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15
and ...)
 	- dovecot 1.2.15-1
 	[lenny] - dovecot <not-affected> (Only affects 1.2.x)