Author: jmm Date: 2011-01-16 00:57:00 +0000 (Sun, 16 Jan 2011) New Revision: 15887 Modified: data/CVE/list Log: tomcat6 fairly limited in lenny, thus not-affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-01-16 00:55:08 UTC (rev 15886) +++ data/CVE/list 2011-01-16 00:57:00 UTC (rev 15887) @@ -1881,7 +1881,7 @@ NOT-FOR-US: Orbis CMS CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include the ...) - tomcat6 <unfixed> (unimportant; bug #608286) - NOTE: S + [lenny] - tomcat6 <not-affected> (Only ships the servlet package) CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which allows ...) NOT-FOR-US: Free Simple Software CVE-2010-4310 @@ -2258,6 +2258,7 @@ - libsdp 1.1.99-2.1 (bug #603841) CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager ...) - tomcat6 6.0.28-9 (bug #606388) + [lenny] - tomcat6 <not-affected> (Only ships the servlet package) CVE-2010-4171 (The staprun runtime tool in SystemTap 1.3 does not verify that a ...) - systemtap 1.2-3 (bug #603946) CVE-2010-4170 (The staprun runtime tool in SystemTap 1.3 does not properly clear the ...)