Author: fw
Date: 2009-06-08 13:07:32 +0000 (Mon, 08 Jun 2009)
New Revision: 12070
Modified:
data/CVE/list
Log:
CVE-2009-0794: no PulseAudio support in the lenny version, fixed in unstable
CVE-2009-0793: fixed lcms included in recent IcedTea versions
CVE-2008-5357, CVE-2008-5356: OpenJDK uses FreeType
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-08 12:52:10 UTC (rev 12069)
+++ data/CVE/list 2009-06-08 13:07:32 UTC (rev 12070)
@@ -3669,10 +3669,11 @@
CVE-2009-0795
REJECTED
CVE-2009-0794 (Integer overflow in the PulseAudioTargetDataL class in ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 6b16-1
+ [lenny] - openjdk-6 <not-affected> (no PulseAudio support included)
CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in
OpenJDK ...)
{DSA-1769-1}
- - openjdk-6 <unfixed>
+ - openjdk-6 6b16-1
- lcms <unfixed> (low; bug #530785)
[lenny] - lcms <no-dsa> (Minor issue)
[etch] - lcms <no-dsa> (Minor issue)
@@ -7953,14 +7954,14 @@
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-12-1 (bug #508195)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 6b14-1.5~pre1-3 (bug #510972)
+ - openjdk-6 <not-affected> (uses system''s freetype library)
CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for
Sun ...)
- sun-java5 1.5.0-17-0.1 (bug #508194)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-12-1 (bug #508195)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 6b14-1.5~pre1-3 (bug #510972)
+ - openjdk-6 <not-affected> (uses system''s freetype library)
CVE-2008-5355 (The "Java Update" feature for Java Runtime
Environment (JRE) for Sun ...)
- sun-java5 <not-affected> (Java update not used in Debian)
- sun-java6 <not-affected> (Java update not used in Debian)