- jetty fixed in experimental

- jetty CVEfied, remove dupe
- verlihub removed


git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@12411 e39458fd-73e7-0310-bf30-c45bca0a0e42

4 files changed, 6 insertions, 17 deletions

diff --git a/data/CVE/list.2008 b/data/CVE/list.2008
index 66d2c4d185..08c8c3b524 100644
--- a/data/CVE/list.2008
+++ b/data/CVE/list.2008
@@ -3756,13 +3756,9 @@ CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably o
 	{DSA-1709-1}
 	- shadow 1:4.1.1-6 (bug #505271)
 CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...)
-	- verlihub <unfixed> (low; bug #506530)
-	TODO: further investigation on this package is needed
-	NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
+	- verlihub <removed> (low; bug #506530)
 CVE-2008-5705 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...)
-	- verlihub <unfixed> (low; bug #506530)
-	TODO: further investigation on this package is needed
-	NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
+	- verlihub <removed> (low; bug #506530)
 CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...)
 	- rails 2.1.0-6 (low)
 CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...)
diff --git a/data/CVE/list.2009 b/data/CVE/list.2009
index fcaf611c7d..0fc6d021bf 100644
--- a/data/CVE/list.2009
+++ b/data/CVE/list.2009
@@ -2573,8 +2573,10 @@ CVE-2009-1525 (CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote ..
 	NOT-FOR-US: Directadmin
 CVE-2009-1524 (Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before ...)
 	- jetty <unfixed> (low; bug #527571)
+	NOTE: Fixed in experimental
 CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay Jetty ...)
 	- jetty <unfixed> (low; bug #528389)
+	NOTE: Fixed in experimental
 CVE-2009-1522 (The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 ...)
 	NOT-FOR-US: Tivoli
 CVE-2009-1521 (Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage ...)
@@ -2647,10 +2649,6 @@ CVE-2009-1496 (Directory traversal vulnerability in the Cmi Marketplace ...)
 	NOT-FOR-US: com_cmimarketplace component for Joomla!
 CVE-2009-1495 (Web File Explorer 3.1 stores sensitive information under the web root ...)
 	NOT-FOR-US: Web File Explorer
-CVE-2009-XXXX [jetty: Vulnerability in ResourceHandler and DefaultServlet with aliases]
-	- jetty <unfixed>
-	NOTE: http://jira.codehaus.org/browse/JETTY-1004 
-	NOTE: It's not entirely clear, whether version 5 is affected
 CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses ...)
 	- memcached 1.2.8-1 (low; bug #526554)
 	[lenny] - memcached <not-affected> (Affected compile-time options not set)
diff --git a/data/packages/removed-packages b/data/packages/removed-packages
index cf74620b0e..888dd9d1db 100644
--- a/data/packages/removed-packages
+++ b/data/packages/removed-packages
@@ -215,3 +215,5 @@ tomcat5
 openssh-krb5
 atmailopen
 phpicalendar
+verlihub
+
diff --git a/data/problematic-packages b/data/problematic-packages
index fea4ea58c1..fabc4f4997 100644
--- a/data/problematic-packages
+++ b/data/problematic-packages
@@ -26,10 +26,3 @@ Group maintained by Java Team, but no reply to RC security bug
 xpdf: (May 2009)
 No maintainer upload for two years, frequent security issues.
 Filed RC bug about maintenance status: #527840
-
-----
-
-verlihub: (May 2009)
-No maintainer upload for one year, no reply to RC security bug
-#506530 for six months as of 2009-05-21
-Requested removal from the archive: 529817