Secure testing commits - Jan 2012 - r18099 - data/CVE

Author: fw
Date: 2012-01-09 19:15:08 +0000 (Mon, 09 Jan 2012)
New Revision: 18099

Modified:
   data/CVE/list
Log:
CVE-2012-0390: gnutls28 fixed
CVE-2011-5019: textpattern
CVE-2011-4905: activemq
CVE-2011-3376: tomcat7 fixed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-01-09 18:57:51 UTC (rev 18098)
+++ data/CVE/list	2012-01-09 19:15:08 UTC (rev 18099)
@@ -5,7 +5,8 @@
 	[squeeze] - znc <not-affected> (Only affects 0.200 and 0.202)
 	[lenny] - znc <not-affected> (Only affects 0.200 and 0.202)
 CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes
certain ...)
-	TODO: check
+	- gnutls28 3.0.11-1
+	NOTE: gnutls26 lacks DTLS support and is not affected.
 CVE-2012-0389
 	RESERVED
 CVE-2012-0388
@@ -391,7 +392,9 @@
 CVE-2011-5020
 	RESERVED
 CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in
...)
-	TODO: check
+	- textpattern <unfixed> (low)
+	NOTE: Vulnerability is in setup.php, which becomes inaccessible
+	NOTE: after installation.
 CVE-2011-5018
 	RESERVED
 CVE-2011-5017
@@ -642,7 +645,7 @@
 CVE-2011-4906
 	RESERVED
 CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a
denial ...)
-	TODO: check
+	- activemq <unfixed>
 CVE-2011-4899
 	RESERVED
 CVE-2011-4898
@@ -5628,7 +5631,7 @@
 CVE-2011-3377
 	RESERVED
 CVE-2011-3376 (org/apache/catalina/core/DefaultInstanceManager.java in Apache
Tomcat ...)
-	TODO: check
+	- tomcat7 7.0.22-1
 CVE-2011-3375
 	RESERVED
 CVE-2011-3374 [apt-key insecure validation]