Author: jmm
Date: 2015-08-19 20:49:54 +0000 (Wed, 19 Aug 2015)
New Revision: 36197
Modified:
data/CVE/list
Log:
two glasssfish issues n/a
mark openssl back as fixed, this was used as the official initial upstream
fix and we use the same, later changes to move to 1024 can follow independant
of that
nss fixed
gnome-online-accounts bug never in the archive
openjdk-6 removed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-19 20:29:31 UTC (rev 36196)
+++ data/CVE/list 2015-08-19 20:49:54 UTC (rev 36197)
@@ -4147,7 +4147,7 @@
CVE-2015-4760 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45 ...)
{DSA-3323-1 DSA-3316-1 DLA-283-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
- icu 52.1-10
@@ -4189,7 +4189,7 @@
CVE-2015-4749 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45; ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -4197,7 +4197,7 @@
CVE-2015-4748 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45; ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -4239,7 +4239,7 @@
CVE-2015-4733 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, and ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -4247,7 +4247,7 @@
CVE-2015-4732 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, and ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -4255,7 +4255,7 @@
CVE-2015-4731 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45; Java ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -6214,10 +6214,10 @@
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite
is ...)
{DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-247-1}
- - openssl <unfixed>
- - nss <unfixed>
+ - openssl 1.0.2b-1
+ - nss 2:3.19.1-1
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: CVE assigned specific to vulnerability in the TLS protocol that
was
@@ -9712,7 +9712,7 @@
NOTE: This CVE is specific to the design of the RC4 protocol and not to
its
NOTE: implementations.
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10386,7 +10386,7 @@
CVE-2015-2632 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45 ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10400,7 +10400,7 @@
CVE-2015-2628 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, and ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10414,7 +10414,7 @@
CVE-2015-2625 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45; ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10428,7 +10428,7 @@
CVE-2015-2621 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, and ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10457,7 +10457,7 @@
NOT-FOR-US: Solaris (NVM Express Driver)
CVE-2015-2613 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and
Java SE ...)
{DSA-3316-1}
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10489,7 +10489,7 @@
CVE-2015-2601 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10522,7 +10522,7 @@
CVE-2015-2590 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and
8u45, and ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -47500,7 +47500,7 @@
- openjdk-6 6b27-1.12.7-1
- openjdk-7 7u45-2.4.3-1
CVE-2013-5816 (Unspecified vulnerability in the Oracle GlassFish Server
component in ...)
- - glassfish <undetermined>
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2013-5815 (Unspecified vulnerability in the Oracle Identity Analytics
component ...)
NOT-FOR-US: Oracle Fusion Middleware Oracle Identity Analytics
CVE-2013-5814 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier,
Java SE ...)
@@ -52875,7 +52875,7 @@
CVE-2013-3828 (Unspecified vulnerability in the Oracle Web Services component
in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3827 (Unspecified vulnerability in the Oracle GlassFish Server
component in ...)
- - glassfish <undetermined>
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2013-3826 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
NOT-FOR-US: Oracle Database Server
CVE-2013-3825 (Unspecified vulnerability in the Oracle Agile Product
Collaboration ...)
@@ -58396,9 +58396,7 @@
CVE-2013-1800 (The crack gem 0.3.1 and earlier for Ruby does not properly
restrict ...)
- ruby-crack 0.3.2-1
CVE-2013-1799 (Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before
...)
- - gnome-online-accounts <undetermined>
- NOTE: CVE for incomplete fix for CVE-2013-0240 in some versions
- TODO: check if fix applied to Debian in 3.4.2-2 was incomplete
+ - gnome-online-accounts <not-affected> (Incomplete patch wasn't applied
in Debian)
CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the
Linux ...)
{DSA-2668-1}
- linux 3.2.41-2
@@ -66401,7 +66399,7 @@
- linux-2.6 <unfixed> (unimportant)
NOTE: btrfs support in Squeeze/Wheezy is not ready for production use
CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier,
computes hash ...)
- - openjdk-6 <unfixed> (low)
+ - openjdk-6 <removed> (low)
[squeeze] - openjdk-6 <no-dsa> (Minor issue, no icedtea fix, too
complex to backport)
[wheezy] - openjdk-6 <no-dsa> (Minor issue, no icedtea fix, too complex
to backport)
- openjdk-7 <unfixed> (low)
@@ -73524,7 +73522,7 @@
CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in
phpList ...)
NOT-FOR-US: phplist
CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6
build 12 ...)
- - openjdk-6 <unfixed> (unimportant)
+ - openjdk-6 <removed> (unimportant)
- openjdk-7 <unfixed> (unimportant)
NOTE: Upstream disputes this and states it needs to be fixed in Java
apps itself
NOTE:
http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
@@ -143639,7 +143637,7 @@
CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in
Java ...)
- sun-java6 <removed> (unimportant)
- sun-java5 <removed> (unimportant)
- - openjdk-6 <unfixed> (unimportant)
+ - openjdk-6 <removed> (unimportant)
NOTE: exploiting this would not work under Linux
CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows
remote ...)
NOT-FOR-US: Pegasus Mail Mercury
@@ -156477,7 +156475,7 @@
CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a
denial ...)
- sun-java5 <removed> (unimportant)
- sun-java6 <removed> (unimportant)
- - openjdk-6 <unfixed> (unimportant)
+ - openjdk-6 <removed> (unimportant)
NOTE: not a security issue, browser dos treated as regular bugs, also
likely Windows-specific
CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix
Advanced ...)
NOT-FOR-US: Citrix Access Gateway
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
