[Secure-testing-commits] r12514 - data/CVE

Sat, 08 Aug 2009 03:51:42 -0700 

Author: derevko-guest
Date: 2009-08-08 10:51:33 +0000 (Sat, 08 Aug 2009)
New Revision: 12514

Modified:
   data/CVE/list
Log:
- CVE-2009-2660 fixed in camlimages 1:3.0.1-3
- sun-java/openjdk issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-08-08 10:17:30 UTC (rev 12513)
+++ data/CVE/list       2009-08-08 10:51:33 UTC (rev 12514)
@@ -52,10 +52,19 @@
        RESERVED
 CVE-2009-2691
        RESERVED
-CVE-2009-2690
+CVE-2009-2690 [OpenJDK private variable information disclosure]
        RESERVED
-CVE-2009-2689
+       - sun-java6 6-15-1
+       [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+       - openjdk-6 <unfixed>
+       TODO: file bug
+CVE-2009-2689 [OpenJDK JDK13Services grants unnecessary privileges ]
        RESERVED
+       - sun-java5 1.5.0-20-1
+       [etch] - sun-java5 <no-dsa> (Non-free not supported)
+       [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+       - openjdk-6 <unfixed>
+       TODO: file bug
 CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 
21.4.22, when ...)
        - xemacs21 <unfixed> (low; bug #540470)
 CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 
5.2.10 ...)
@@ -94,15 +103,45 @@
        - sun-java6 6-15-1
        [lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-2674 (Integer overflow in Sun Java Runtime Environment (JRE) in JDK 
and JRE ...)
-       TODO: check
+       - sun-java5 1.5.0-20-1
+       [etch] - sun-java5 <no-dsa> (Non-free not supported)
+       [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+       - sun-java6 6-15-1
+       [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+       - openjdk-6 <unfixed>
+       TODO: file bug
 CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime 
Environment ...)
-       TODO: check
+       - sun-java5 1.5.0-20-1
+       [etch] - sun-java5 <no-dsa> (Non-free not supported)
+       [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+       - sun-java6 6-15-1
+       [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+       - openjdk-6 <unfixed>
+       TODO: file bug
 CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime 
Environment ...)
-       TODO: check
+       - sun-java5 1.5.0-20-1
+       [etch] - sun-java5 <no-dsa> (Non-free not supported)
+       [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+       - sun-java6 6-15-1
+       [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+       - openjdk-6 <unfixed>
+       TODO: file bug
 CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment 
(JRE) ...)
-       TODO: check
+       - sun-java5 1.5.0-20-1
+       [etch] - sun-java5 <no-dsa> (Non-free not supported)
+       [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+       - sun-java6 6-15-1
+       [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+       - openjdk-6 <unfixed>
+       TODO: file bug
 CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK 
and JRE ...)
-       TODO: check
+       - sun-java5 1.5.0-20-1
+       [etch] - sun-java5 <no-dsa> (Non-free not supported)
+       [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+       - sun-java6 6-15-1
+       [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+       - openjdk-6 <unfixed>
+       TODO: file bug
 CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not 
properly ...)
        NOT-FOR-US: IBM AIX
 CVE-2009-2668 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 
through ...)
@@ -145,7 +184,7 @@
 CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 
before ...)
        - strongswan <unfixed> (bug #540144)
 CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...)
-       - camlimages <unfixed> (medium; bug #540146)
+       - camlimages 1:3.0.1-3 (medium; bug #540146)
 CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with 
unnecessary ...)
        - nilfs2-tools <not-affected> (dh_fixperms removes the setuid and 
setgid bits from all files)
 CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process in 
Android ...)
@@ -284,12 +323,12 @@
 CVE-2009-2626
        RESERVED
 CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment 
(JRE) in ...)
-        - sun-java5 1.5.0-20-1
-        [etch] - sun-java5 <no-dsa> (Non-free not supported)
-        [lenny] - sun-java5 <no-dsa> (Non-free not supported)
-        - sun-java6 6-15-1
-        [lenny] - sun-java6 <no-dsa> (Non-free not supported)
-        - openjdk-6 <unfixed>
+       - sun-java5 1.5.0-20-1
+       [etch] - sun-java5 <no-dsa> (Non-free not supported)
+       [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+       - sun-java6 6-15-1
+       [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+       - openjdk-6 <unfixed>
        TODO: file bug
 CVE-2009-2624
        RESERVED
@@ -623,20 +662,17 @@
        NOTE: browser crashes not treated as security issues
 CVE-2009-2476 [OpenJDK OpenType checks can be bypassed]
        RESERVED
-        - sun-java5 1.5.0-20-1
-        [etch] - sun-java5 <no-dsa> (Non-free not supported)
-        [lenny] - sun-java5 <no-dsa> (Non-free not supported)
-        - sun-java6 6-15-1
-        [lenny] - sun-java6 <no-dsa> (Non-free not supported)
-        - openjdk-6 <unfixed>
-        TODO: file bug
+       - sun-java6 6-15-1
+       [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+       - openjdk-6 <unfixed>
+       TODO: file bug
 CVE-2009-2475 [OpenJDK information leaks in mutable variables]
        RESERVED
        - sun-java5 1.5.0-20-1
-        [etch] - sun-java5 <no-dsa> (Non-free not supported)
-        [lenny] - sun-java5 <no-dsa> (Non-free not supported)
-        - sun-java6 6-15-1
-        [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+       [etch] - sun-java5 <no-dsa> (Non-free not supported)
+       [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+       - sun-java6 6-15-1
+       [lenny] - sun-java6 <no-dsa> (Non-free not supported)
        - openjdk-6 <unfixed>
        TODO: file bug
 CVE-2009-2474
@@ -8425,6 +8461,10 @@
        NOTE: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
        NOTE: http://anonsvn.mono-project.com/viewvc?view=rev&revision=137891
        NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix)
+       - sun-java6 6-15-1
+       [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+       - openjdk-6 <unfixed>
+       TODO: file bug
 CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side 
authentication ...)
        NOT-FOR-US: GE Fanuc iFIX
 CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the 
IBM ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to