thr3ads.net - Secure testing commits - [Secure-testing-commits] r9357

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2008-Jul-16 19:57 UTC
[Secure-testing-commits] r9357 - data/CVE

Author: jmm-guest
Date: 2008-07-16 19:57:49 +0000 (Wed, 16 Jul 2008)
New Revision: 9357

Modified:
   data/CVE/list
Log:
mark non-free as unsupported
lindcpp no-dsa
we only need to track iceweasel indirectly in sid, since most issues
   are fixed through xulrunner


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-07-16 19:26:11 UTC (rev 9356)
+++ data/CVE/list	2008-07-16 19:57:49 UTC (rev 9357)
@@ -158,41 +158,53 @@
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-04.html
 CVE-2008-3115 (Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and
...)
 	- sun-java5 1.5.0-16-1 (bug #490260)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-07-1 (bug #490260)
 CVE-2008-3114 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6
...)
 	- sun-java5 1.5.0-16-1 (bug #490260)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-07-1 (bug #490260)
 CVE-2008-3113 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE
5.0 ...)
 	- sun-java5 1.5.0-16-1 (bug #490260)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 <not-affected> (Only for sun-java5)
 CVE-2008-3112 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6
...)
 	- sun-java5 1.5.0-16-1 (bug #490260)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-07-1 (bug #490260)
 CVE-2008-3111 (Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6
...)
 	- sun-java5 1.5.0-16-1 (bug #490260)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-04-1 (bug #490260)
 CVE-2008-3110 (Unspecified vulnerability in scripting language support in Sun
Java ...)
 	- sun-java5 <not-affected> (Only for sun-java6)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-07-1 (bug #490260)
 CVE-2008-3109 (Unspecified vulnerability in scripting language support in Sun
Java ...)
 	- sun-java5 <not-affected> (Only for sun-java6)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-07-1 (bug #490260)
 CVE-2008-3108 (Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and
JRE ...)
 	- sun-java5 1.5.0-10-1 (bug #490260)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 <not-affected> (Only for sun-java5)
 CVE-2008-3107 (Unspecified vulnerability in the Virtual Machine in Sun Java
Runtime ...)
 	- sun-java5 1.5.0-16-1 (bug #490260)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-07-1 (bug #490260)
 CVE-2008-3106 (Unspecified vulnerability in Sun Java Runtime Environment (JRE)
in JDK ...)
 	- sun-java5 1.5.0-16-1 (bug #490260)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-07-1 (bug #490260)
 CVE-2008-3105 (Unspecified vulnerability in the JAX-WS client and service in
Sun Java ...)
 	- sun-java5 <not-affected> (Only for sun-java6)
 	- sun-java6 6-07-1 (bug #490260)
 CVE-2008-3104 (Multiple unspecified vulnerabilities in Sun Java Runtime
Environment ...)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java5 1.5.0-16-1 (bug #490260)
 	- sun-java6 6-07-1 (bug #490260)
 CVE-2008-3103 (Unspecified vulnerability in the Java Management Extensions
(JMX) ...)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java5 1.5.0-16-1 (bug #490260)
 	- sun-java6 6-07-1 (bug #490260)
 CVE-2008-3102
@@ -764,6 +776,7 @@
 	[etch] - linuxdcpp <no-dsa> (Minor issue)
 CVE-2008-2954 (client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows
...)
 	- linuxdcpp 1.0.1-2 (low; bug #488630)
+	[etch] - linuxdcpp <no-dsa> (Minor issue)
 CVE-2008-2958 (Race condition in (1) checkinstall 1.6.1 and (2) installwatch
allows ...)
 	- checkinstall 1.6.1-7 (low; bug #488140)
 CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac]
@@ -935,10 +948,11 @@
 CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and
attack ...)
 	- iceweasel <unfixed> (bug #488358)
 CVE-2008-2785 (Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown
impact ...)
-	- iceweasel 3.0.1-1 (medium; bug #488358)
+	- iceweasel 3.0 (medium; bug #488358)
 	- icedove <unfixed>
 	- iceape <unfixed>
 	- xulrunner 1.9.0.1-1
+	NOTE: Since 3.0 iceweasel links against xulrunner, marking it as fixed, since
also need to track etch
 	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
 CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not
filter RCPT ...)
 	NOT-FOR-US: spamdyke
Secure testing commits - Jul 2008 - r9357 - data/CVE

[Secure-testing-commits] r9357 - data/CVE
