jmm-guest at alioth.debian.org
2009-Apr-03 19:20 UTC
[Secure-testing-commits] r11550 - in data: . CVE
Author: jmm-guest Date: 2009-04-03 19:20:24 +0000 (Fri, 03 Apr 2009) New Revision: 11550 Modified: data/CVE/list data/package-tags Log: - mark xulrunner as unsupported for etch as well - new unspecified libapache-mod-security issue - formencode issue doesn''t affect etch - most of the java6 issues apply to java5 as well - wlcpp wireshark issue already fixed in Lenny preparation Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-03 19:19:17 UTC (rev 11549) +++ data/CVE/list 2009-04-03 19:20:24 UTC (rev 11550) @@ -1,7 +1,10 @@ +CVE-2009-XXXX [unspecified DoS] + - libapache-mod-security 2.5.9-1 + TODO: Investigate, check stable/oldstable, if necessary open RT ticket CVE-2009-1221 RESERVED CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in ...) - NOT-FOR-US: Cisco Adaptive Security Appliances + NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...) NOT-FOR-US: Sun Calendar Express Web Server CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar ...) @@ -43,7 +46,7 @@ NOT-FOR-US: Blue Coat ProxySG CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in ...) - wireshark <unfixed> - TODO: File bug + TODO: File bug, investigate, if necessary open RT ticket CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...) - amaya <unfixed> (bug filed) CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other ...) @@ -334,6 +337,7 @@ TODO: check CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does not ...) - python-formencode 1.0.1-1 + [etch] - python-formencode <not-affected> (Vulnerable code was introduced in 1.0) CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown impact and ...) NOT-FOR-US: phpns CVE-2008-6545 (PHP remote file inclusion vulnerability in news/include/createdb.php ...) @@ -377,24 +381,45 @@ CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) @@ -410,12 +435,21 @@ CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) @@ -986,7 +1020,8 @@ CVE-2009-0874 (Multiple unspecified vulnerabilities in the Doors subsystem in the ...) NOT-FOR-US: Sun Solaris CVE-2008-6472 (The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote ...) - TODO: check + [lenny] - wireshark 1.0.2-3+lenny3 + - wireshark 1.0.5-1 (low; bug #506741) CVE-2008-6471 (SQL injection vulnerability in detail.php in MountainGrafix easyLink ...) NOT-FOR-US: MountainGrafix easyLink CVE-2008-6470 (Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 ...) Modified: data/package-tags ==================================================================--- data/package-tags 2009-04-03 19:19:17 UTC (rev 11549) +++ data/package-tags 2009-04-03 19:20:24 UTC (rev 11550) @@ -6,8 +6,8 @@ [lenny] kfreebsd-7 <unsupported> (FreeBSD not yet supported) [etch] iceweasel <unsupported> (Support was dropped for oldstable) +[etch] xulrunner <unsupported> (Support was dropped for oldstable) - [etch] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone) [lenny] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone)