Author: fw
Date: 2009-06-08 12:52:10 +0000 (Mon, 08 Jun 2009)
New Revision: 12069
Modified:
data/CVE/list
Log:
CVE-2008-5346: JDK 6 not affected
CVE-2008-5317: newer lcms included in recent IcedTea versions, so fixed
several CVEs: openjdk-6 uses the Netx plugin, which is different from
Sun''s
We still might have some of the bugs, but they would be independent
coding errors and would receive distinct CVEs.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-08 09:14:13 UTC (rev 12068)
+++ data/CVE/list 2009-06-08 12:52:10 UTC (rev 12069)
@@ -8025,9 +8025,6 @@
- sun-java5 1.5.0-17-0.1 (bug #508194)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- - sun-java6 6-12-1 (bug #508195)
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with
Sun ...)
- sun-java5 1.5.0-17-0.1 (bug #508194)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -8041,7 +8038,7 @@
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-12-1 (bug #508195)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (bug #510972)
+ - openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6
Update 10 ...)
- sun-java5 1.5.0-17-0.1 (bug #508194)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -8055,28 +8052,28 @@
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-12-1 (bug #508195)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (bug #510972)
+ - openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java
Plug-in ...)
- sun-java5 1.5.0-17-0.1 (bug #508194)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-12-1 (bug #508195)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (bug #510972)
+ - openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java
Plug-in ...)
- sun-java5 1.5.0-17-0.1 (bug #508194)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-12-1 (bug #508195)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (bug #510972)
+ - openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java
Plug-in ...)
- sun-java5 1.5.0-17-0.1 (bug #508194)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-12-1 (bug #508195)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (bug #510972)
+ - openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in
Bandwebsite ...)
NOT-FOR-US: Bandwebsite
CVE-2008-5337 (SQL injection vulnerability in lyrics.php in Bandwebsite (aka
Bandsite ...)
@@ -8128,7 +8125,7 @@
CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in ...)
{DSA-1684-1}
- lcms 1.17-1
- - openjdk-6 <unfixed>
+ - openjdk-6 6b16-1
CVE-2008-5316 (Buffer overflow in the ReadEmbeddedTextTag function in
src/cmsio1.c in ...)
{DSA-1684-1}
- lcms 1.16-1
@@ -15908,7 +15905,7 @@
CVE-2008-2087 (SQL injection vulnerability in search_result.php in Softbiz Web
Host ...)
NOT-FOR-US: Softbiz Web Host Directory Script
CVE-2008-2086 (Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10
and ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <not-affected> (browser plugin is different code base)
- sun-java5 <unfixed>
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)