Author: derevko-guest Date: 2009-08-08 10:51:33 +0000 (Sat, 08 Aug 2009) New Revision: 12514 Modified: data/CVE/list Log: - CVE-2009-2660 fixed in camlimages 1:3.0.1-3 - sun-java/openjdk issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-08 10:17:30 UTC (rev 12513) +++ data/CVE/list 2009-08-08 10:51:33 UTC (rev 12514) @@ -52,10 +52,19 @@ RESERVED CVE-2009-2691 RESERVED -CVE-2009-2690 +CVE-2009-2690 [OpenJDK private variable information disclosure] RESERVED -CVE-2009-2689 + - sun-java6 6-15-1 + [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - openjdk-6 <unfixed> + TODO: file bug +CVE-2009-2689 [OpenJDK JDK13Services grants unnecessary privileges ] RESERVED + - sun-java5 1.5.0-20-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) + - openjdk-6 <unfixed> + TODO: file bug CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when ...) - xemacs21 <unfixed> (low; bug #540470) CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 ...) @@ -94,15 +103,45 @@ - sun-java6 6-15-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-2674 (Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE ...) - TODO: check + - sun-java5 1.5.0-20-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) + - sun-java6 6-15-1 + [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - openjdk-6 <unfixed> + TODO: file bug CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment ...) - TODO: check + - sun-java5 1.5.0-20-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) + - sun-java6 6-15-1 + [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - openjdk-6 <unfixed> + TODO: file bug CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment ...) - TODO: check + - sun-java5 1.5.0-20-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) + - sun-java6 6-15-1 + [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - openjdk-6 <unfixed> + TODO: file bug CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) ...) - TODO: check + - sun-java5 1.5.0-20-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) + - sun-java6 6-15-1 + [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - openjdk-6 <unfixed> + TODO: file bug CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE ...) - TODO: check + - sun-java5 1.5.0-20-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) + - sun-java6 6-15-1 + [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - openjdk-6 <unfixed> + TODO: file bug CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not properly ...) NOT-FOR-US: IBM AIX CVE-2009-2668 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...) @@ -145,7 +184,7 @@ CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before ...) - strongswan <unfixed> (bug #540144) CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...) - - camlimages <unfixed> (medium; bug #540146) + - camlimages 1:3.0.1-3 (medium; bug #540146) CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with unnecessary ...) - nilfs2-tools <not-affected> (dh_fixperms removes the setuid and setgid bits from all files) CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process in Android ...) @@ -284,12 +323,12 @@ CVE-2009-2626 RESERVED CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in ...) - - sun-java5 1.5.0-20-1 - [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) - - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) - - openjdk-6 <unfixed> + - sun-java5 1.5.0-20-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) + - sun-java6 6-15-1 + [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - openjdk-6 <unfixed> TODO: file bug CVE-2009-2624 RESERVED @@ -623,20 +662,17 @@ NOTE: browser crashes not treated as security issues CVE-2009-2476 [OpenJDK OpenType checks can be bypassed] RESERVED - - sun-java5 1.5.0-20-1 - [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) - - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) - - openjdk-6 <unfixed> - TODO: file bug + - sun-java6 6-15-1 + [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - openjdk-6 <unfixed> + TODO: file bug CVE-2009-2475 [OpenJDK information leaks in mutable variables] RESERVED - sun-java5 1.5.0-20-1 - [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) - - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) + - sun-java6 6-15-1 + [lenny] - sun-java6 <no-dsa> (Non-free not supported) - openjdk-6 <unfixed> TODO: file bug CVE-2009-2474 @@ -8425,6 +8461,10 @@ NOTE: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html NOTE: http://anonsvn.mono-project.com/viewvc?view=rev&revision=137891 NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix) + - sun-java6 6-15-1 + [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - openjdk-6 <unfixed> + TODO: file bug CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication ...) NOT-FOR-US: GE Fanuc iFIX CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM ...)