thr3ads.net - Secure testing commits - [Secure-testing-commits] r13383

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2009-Nov-26 09:54 UTC
[Secure-testing-commits] r13383 - data/CVE

Author: jmm-guest
Date: 2009-11-26 09:54:38 +0000 (Thu, 26 Nov 2009)
New Revision: 13383

Modified:
   data/CVE/list
Log:
New round of java issues. This is all a fucking mess.
- some might not affect openjdk, but I don''t know how
  to determine that
- some might also affect sun-java5


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-11-26 09:14:26 UTC (rev 13382)
+++ data/CVE/list	2009-11-26 09:54:38 UTC (rev 13383)
@@ -445,47 +445,81 @@
 CVE-2009-3887
 	RESERVED
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update
17 ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on
Windows ...)
 	TODO: check
 CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update
22 ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable
Look and ...)
 	TODO: check
 CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation
in ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and
OpenJDK, ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment
(JRE) in ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has
...)
 	TODO: check
 CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0
before ...)
 	TODO: check
 CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0
before ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment
(JRE) ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the
ImageI/O ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before
Update ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java
SE in ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the
...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the
Abstract ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6
before ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank
function in ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6
before ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java
Runtime ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE)
in Sun ...)
 	TODO: check
 CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell
Groupwise ...)
@@ -789,9 +823,13 @@
 CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the
ReqWeb Help ...)
 	NOT-FOR-US: ReqWeb
 CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing
functionality ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance
...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3,
...)
 	- asterisk 1:1.6.2.0~rc6-1
 	[lenny] - asterisk <no-dsa> (Minor issue)
@@ -5195,6 +5233,7 @@
 	- openssl 0.9.8k-4 (low; bug #539899)
 	- gnutls26 2.4.2-5 (low; bug #539901)
 	- gnutls13 <removed>
+	- sun-java6 <unfixed>
 CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in
...)
 	{DSA-1845-1 DSA-1844-1}
 	- linux-2.6 2.6.30-5 (medium)
Secure testing commits - Nov 2009 - r13383 - data/CVE

[Secure-testing-commits] r13383 - data/CVE
