Secure testing commits - Aug 2009 - r12512 - data/CVE

Author: derevko-guest
Date: 2009-08-08 09:48:44 +0000 (Sat, 08 Aug 2009)
New Revision: 12512

Modified:
   data/CVE/list
Log:
- new xemacs21 integer overflows issues
- CVE-2009-2687: fixed in php5 5.2.10.dfsg.1-1
- Two new vulnerabilities for zope and zodb
- Start to triage sun-java/openjdk issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-08-08 08:09:06 UTC (rev 12511)
+++ data/CVE/list	2009-08-08 09:48:44 UTC (rev 12512)
@@ -57,9 +57,10 @@
 CVE-2009-2689
 	RESERVED
 CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22,
when ...)
-	TODO: check
+	- xemacs21 <unfixed> (low; bug #540470)
 CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before
5.2.10 ...)
-	TODO: check
+	- php5 5.2.10.dfsg.1-1
+	TODO: check php4
 CVE-2009-2686
 	RESERVED
 CVE-2009-2685
@@ -81,9 +82,17 @@
 CVE-2009-2677
 	RESERVED
 CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE,
and SE ...)
-	TODO: check
+	- sun-java5 1.5.0-20-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime
...)
-	TODO: check
+	- sun-java5 1.5.0-20-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-2674 (Integer overflow in Sun Java Runtime Environment (JRE) in JDK
and JRE ...)
 	TODO: check
 CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime
Environment ...)
@@ -275,7 +284,13 @@
 CVE-2009-2626
 	RESERVED
 CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment
(JRE) in ...)
-	TODO: check
+        - sun-java5 1.5.0-20-1
+        [etch] - sun-java5 <no-dsa> (Non-free not supported)
+        [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+        - sun-java6 6-15-1
+        [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+        - openjdk-6 <unfixed>
+	TODO: file bug
 CVE-2009-2624
 	RESERVED
 CVE-2009-2623
@@ -606,10 +621,24 @@
 CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of
...)
 	- xulrunner <not-affected> (unimportant)
 	NOTE: browser crashes not treated as security issues
-CVE-2009-2476
+CVE-2009-2476 [OpenJDK OpenType checks can be bypassed]
 	RESERVED
-CVE-2009-2475
+        - sun-java5 1.5.0-20-1
+        [etch] - sun-java5 <no-dsa> (Non-free not supported)
+        [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+        - sun-java6 6-15-1
+        [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+        - openjdk-6 <unfixed>
+        TODO: file bug
+CVE-2009-2475 [OpenJDK information leaks in mutable variables]
 	RESERVED
+	- sun-java5 1.5.0-20-1
+        [etch] - sun-java5 <no-dsa> (Non-free not supported)
+        [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+        - sun-java6 6-15-1
+        [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- openjdk-6 <unfixed>
+	TODO: file bug
 CVE-2009-2474
 	RESERVED
 CVE-2009-2473
@@ -6480,10 +6509,18 @@
 	REJECTED
 CVE-2009-0670
 	RESERVED
-CVE-2009-0669
+CVE-2009-0669 [Authentication bypass in ZODB ZEO storage servers]
 	RESERVED
-CVE-2009-0668
+	- zope3 <unfixed> (bug #540462)
+	- zope2.11 <unfixed> (bug #540463)
+	- zope2.10 <unfixed> (bug #540464)
+	- zodb <unfixed> (bug #540465)
+CVE-2009-0668 [Arbitrary Python code execution in ZODB ZEO storage servers]
 	RESERVED
+	- zope3 <unfixed> (medium; bug #540462)
+	- zope2.11 <unfixed> (medium; bug #540463)
+	- zope2.10 <unfixed> (medium; bug #540464)
+	- zodb <unfixed> (medium; bug #540465)
 CVE-2009-0667 (Untrusted search path vulnerability in Agent/Backend.pm in ...)
 	{DSA-1828-1}
 	- ocsinventory-agent 1:0.0.9.2repack1-5 (medium; bug #506416)