Author: luk
Date: 2012-01-01 15:02:07 +0000 (Sun, 01 Jan 2012)
New Revision: 17958
Modified:
data/CVE/list
Log:
Some more removed, mark doctrine as fixed, mark evince as not-affected in
unstable
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-01-01 12:49:48 UTC (rev 17957)
+++ data/CVE/list 2012-01-01 15:02:07 UTC (rev 17958)
@@ -5682,7 +5682,7 @@
CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat
7.0.0 ...)
- tomcat6 <unfixed>
- tomcat7 7.0.21-1
- - tomcat5.5 <unfixed>
+ - tomcat5.5 <removed>
CVE-2011-3189 (The crypt function in PHP 5.3.7, when the MD5 hash type is used,
...)
- php5 5.3.8-1
[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
@@ -7635,7 +7635,7 @@
CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x
before ...)
- tomcat6 6.0.32-7 (bug #634992)
- tomcat7 7.0.19-1 (bug #634992)
- - tomcat5.5 <unfixed> (bug #634992)
+ - tomcat5.5 <removed> (bug #634992)
CVE-2011-2525
RESERVED
{DSA-2310-1 DSA-2303-1}
@@ -10376,7 +10376,7 @@
NOTE: http://tracker.nagios.org/view.php?id=207
CVE-2011-1522 (Multiple SQL injection vulnerabilities in the ...)
{DSA-2223-1}
- - doctrine <unfixed> (bug #622674)
+ - doctrine 1.2.4-1 (bug #622674)
CVE-2010-4777
RESERVED
- perl <unfixed> (unimportant; bug #628836)
@@ -12682,8 +12682,8 @@
CVE-2010-4728 (Zikula before 1.3.1 uses the rand and srand PHP functions for
random ...)
NOT-FOR-US: zikula
CVE-2011-XXXX [evince segfault]
- - evince <unfixed> (bug #612668)
- TODO: check
+ - evince <not-affected>
+ [lenny] - evince <unfixed> (bug #612668)
CVE-2011-XXXX [php-gettext XSS]
- php-gettext <unfixed> (unimportant)
NOTE: http://secunia.com/advisories/43228/ they are only examples
@@ -15914,10 +15914,8 @@
CVE-2008-7267 (SQL injection vulnerability in announcements.php in SiteEngine
5.x ...)
NOT-FOR-US: SiteEngine
CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes]
- - elfsign <unfixed> (low; bug #555668)
+ - elfsign <removed> (low; bug #555668)
[lenny] - elfsign <no-dsa> (a stronger hashing algorithm would
completely change functionality of the package)
- [squeeze] - elfsign <no-dsa> (a stronger hashing algorithm would
completely change functionality of the package)
- NOTE: too late to fix in squeeze release cycle, but this should be fixed for
wheezy
CVE-2010-4354 (The remote-access IPSec VPN implementation on Cisco Adaptive
Security ...)
NOT-FOR-US: Cisco ASA
CVE-2010-4353 (Unrestricted file upload vulnerability in ...)
@@ -17044,7 +17042,7 @@
[lenny] - git-core 1.5.6.5-3+lenny3.3
- git 1:1.7.2.3-2.2
CVE-2010-3905 (The password reset feature in the administrator interface for
...)
- - eucalyptus <unfixed> (bug #608289)
+ - eucalyptus <removed> (bug #608289)
CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the
Reliable ...)
- linux-2.6 2.6.32-26
[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in
2.6.30)
@@ -25959,7 +25957,7 @@
- emacs21 <removed> (low)
[lenny] - emacs21 <no-dsa> (Minor issue)
NOTE: Only exploitable when configured as setgid mail, which isn''t
set by default
- - emacs22 <unfixed> (low; bug #590301)
+ - emacs22 <removed> (low; bug #590301)
[lenny] - emacs22 <no-dsa> (Minor issue)
- xemacs21 21.4.22-3.1 (low)
[lenny] - xemacs21 <no-dsa> (Minor issue)