Secure testing commits - May 2012 - r19192 - data/CVE

Author: geissert
Date: 2012-05-10 03:27:10 +0000 (Thu, 10 May 2012)
New Revision: 19192

Modified:
   data/CVE/list
Log:
Qpid issues, possibly fixed before the initial upload


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-05-09 21:14:33 UTC (rev 19191)
+++ data/CVE/list	2012-05-10 03:27:10 UTC (rev 19192)
@@ -23647,12 +23647,15 @@
 CVE-2009-5007 (The Cisco trial client on Linux for Cisco AnyConnect SSL VPN
allows ...)
 	NOT-FOR-US: Cisco AnyConnect SSL VPN trial client
 CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function
in ...)
-	NOT-FOR-US: Apache Qpid
+	- qpid-cpp <unfixed>
+	TODO: check
 CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in
Apache ...)
-	NOT-FOR-US: Apache Qpid
+	- qpid-cpp <unfixed>
+	TODO: check
 CVE-2009-5004
 	RESERVED
-	NOT-FOR-US: Apache Qpid
+	- qpid-cpp <unfixed>
+	TODO: check
 CVE-2010-3845
 	RESERVED
 	- libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712)
@@ -25875,7 +25878,8 @@
 	- linux-2.6 2.6.32-25
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.30)
 CVE-2010-3083 (sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red
Hat ...)
-	NOT-FOR-US: Apache Qpid
+	- qpid-cpp <unfixed>
+	TODO: check
 CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before
1.2.2 ...)
 	- python-django 1.2.3-1 (low; bug #596205)
 	NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/