Author: jmm-guest
Date: 2009-08-30 17:26:31 +0000 (Sun, 30 Aug 2009)
New Revision: 12709
Modified:
data/CVE/list
Log:
- sun java no-dsa
- new alsainfo which doesn''t affect us
- php issue unimportant by our PHP update policy
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-08-30 17:09:16 UTC (rev 12708)
+++ data/CVE/list 2009-08-30 17:26:31 UTC (rev 12709)
@@ -970,30 +970,48 @@
RESERVED
CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0
before ...)
- sun-java5 1.5.0-20-1 (unknown)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
NOTE: unknown impact and attack vectors
CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider
class in ...)
- sun-java5 1.5.0-20-1 (unknown)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
NOTE: unknown impact and attack vectors
CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in
Sun Java ...)
- sun-java5 1.5.0-20-1 (unknown)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
NOTE: unknown impact and attack vectors
CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in
Sun Java ...)
- sun-java5 1.5.0-20-1 (unknown)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
NOTE: unknown impact and attack vectors
CVE-2009-2720 (Unspecified vulnerability in the ...)
- sun-java6 6-15-1
+ [etch] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
TODO: check openjdk-6
CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update
15 ...)
- sun-java6 6-15-1
+ [etch] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
TODO: check openjdk-6
CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE
6 ...)
- sun-java6 6-15-1
+ [etch] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
TODO: check openjdk-6
CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE
6 ...)
- sun-java6 6-15-1
+ [etch] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
TODO: check openjdk-6
CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does
not ...)
- sun-java6 6-15-1
+ [etch] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
TODO: check openjdk-6
CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: cPanel
@@ -10743,8 +10761,10 @@
CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in ...)
- libvirt 0.5.1-7 (unimportant)
NOTE: not building libvirt proxy from libvirt source package
-CVE-2009-0035
+CVE-2009-0035 [alsainfo insecure temp file usage]
RESERVED
+ - alsa-driver 1.0.20-1 (unimportant)
+ NOTE: alsainfo not built into source package
CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly
interpret ...)
- sudo 1.6.9p17-2 (medium)
[etch] - sudo <not-affected> (Vulnerable code not present)
@@ -11757,10 +11777,10 @@
TODO: write proper advisory and request CVE id
CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows
context-dependent ...)
{DTSA-188-1}
- - php5 5.2.6.dfsg.1-3 (low; bug #507101)
+ - php5 5.2.6.dfsg.1-3 (unimportant; bug #507101)
[lenny] - php5 5.2.6.dfsg.1-1+lenny2
- - php4 <removed> (low)
- NOTE: no-dsa candidate, if a user has write access to a file he simply can use
fopen()
+ - php4 <removed> (unimportant)
+ NOTE: if a user has write access to a file he simply can use fopen()
CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link
function in ...)
- wordpress 2.5.1-11 (low; bug #507193)
[etch] - wordpress <not-affected> (Vulnerable code not present)