From 355e7cbf1f5e931397b708bb7626ac27b207f68a Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Sat, 25 Jul 2009 13:34:25 +0000 Subject: - jetty fixed in experimental - jetty CVEfied, remove dupe - verlihub removed git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@12411 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/CVE/list | 14 ++++---------- data/packages/removed-packages | 2 ++ data/problematic-packages | 7 ------- 3 files changed, 6 insertions(+), 17 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index f8816bb3fc..2d6a94403e 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2753,8 +2753,10 @@ CVE-2009-1525 (CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote .. NOT-FOR-US: Directadmin CVE-2009-1524 (Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before ...) - jetty (low; bug #527571) + NOTE: Fixed in experimental CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay Jetty ...) - jetty (low; bug #528389) + NOTE: Fixed in experimental CVE-2009-1522 (The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 ...) NOT-FOR-US: Tivoli CVE-2009-1521 (Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage ...) @@ -2861,10 +2863,6 @@ CVE-2008-6776 (SQL injection vulnerability in viewcomments.php in Scripts For Si NOT-FOR-US: EZ Hot or Not CVE-2008-6775 (HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to ...) NOT-FOR-US: HTC Touch -CVE-2009-XXXX [jetty: Vulnerability in ResourceHandler and DefaultServlet with aliases] - - jetty - NOTE: http://jira.codehaus.org/browse/JETTY-1004 - NOTE: It's not entirely clear, whether version 5 is affected CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses ...) - memcached 1.2.8-1 (low; bug #526554) [lenny] - memcached (Affected compile-time options not set) @@ -10296,13 +10294,9 @@ CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably o {DSA-1709-1} - shadow 1:4.1.1-6 (bug #505271) CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...) - - verlihub (low; bug #506530) - TODO: further investigation on this package is needed - NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats + - verlihub (low; bug #506530) CVE-2008-5705 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...) - - verlihub (low; bug #506530) - TODO: further investigation on this package is needed - NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats + - verlihub (low; bug #506530) CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...) - rails 2.1.0-6 (low) CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...) diff --git a/data/packages/removed-packages b/data/packages/removed-packages index cf74620b0e..888dd9d1db 100644 --- a/data/packages/removed-packages +++ b/data/packages/removed-packages @@ -215,3 +215,5 @@ tomcat5 openssh-krb5 atmailopen phpicalendar +verlihub + diff --git a/data/problematic-packages b/data/problematic-packages index fea4ea58c1..fabc4f4997 100644 --- a/data/problematic-packages +++ b/data/problematic-packages @@ -26,10 +26,3 @@ Group maintained by Java Team, but no reply to RC security bug xpdf: (May 2009) No maintainer upload for two years, frequent security issues. Filed RC bug about maintenance status: #527840 - ----- - -verlihub: (May 2009) -No maintainer upload for one year, no reply to RC security bug -#506530 for six months as of 2009-05-21 -Requested removal from the archive: 529817 -- cgit v1.2.3