Author: jmm Date: 2011-07-06 17:58:08 +0000 (Wed, 06 Jul 2011) New Revision: 16905 Modified: data/CVE/list Log: new tomcat issue (no-dsa) new issue in dotclear and liferay (ITPd) NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-07-06 16:48:14 UTC (rev 16904) +++ data/CVE/list 2011-07-06 17:58:08 UTC (rev 16905) @@ -1000,7 +1000,12 @@ [squeeze] - prosody <no-dsa> (Minor issue) [lenny] - prosody <no-dsa> (Minor issue) CVE-2011-2204 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before ...) - TODO: check + - tomcat5.5 <removed> (low) + [lenny] - tomcat5.5 <no-dsa> (Minor issue) + - tomcat6 <unfixed> (low) + [lenny] - tomcat6 <no-dsa> (Minor issue) + [squeeze] - tomcat6 <no-dsa> (Minor issue) + - tomcat7 <unfixed> CVE-2011-2201 RESERVED CVE-2011-2200 (The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus ...) @@ -1049,9 +1054,9 @@ CVE-2010-4805 (The socket implementation in net/core/sock.c in the Linux kernel ...) - linux-2.6 2.6.34-1 CVE-2009-5077 (CRE Loaded before 6.2.14 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: CRE Loaded CVE-2009-5076 (CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, ...) - TODO: check + NOT-FOR-US: CRE Loaded CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in ...) - icinga <undetermined> NOTE: 1.4.1 is said to be fixed @@ -2731,7 +2736,7 @@ - linux-2.6 <unfixed> (unimportant) NOTE: an exploitation requires the ability to run mount.cifs w/ root privs CVE-2011-1584 (The updateFile function in inc/core/class.dc.media.php in the Media ...) - TODO: check + - dotclear <itp> (bug #570139) CVE-2011-1583 RESERVED CVE-2011-1582 (Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a ...)