Author: gilbert-guest
Date: 2009-08-18 16:06:12 +0000 (Tue, 18 Aug 2009)
New Revision: 12632
Modified:
data/CVE/list
Log:
- bug submitted for openjdk issues
- remove duplicate kernel entries
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-08-18 13:55:25 UTC (rev 12631)
+++ data/CVE/list 2009-08-18 16:06:12 UTC (rev 12632)
@@ -412,14 +412,12 @@
CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK,
grants ...)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed>
- TODO: file bug
+ - openjdk-6 <unfixed> (medium; bug #542210)
CVE-2009-2689 (JDK13Services.getProviders in Sun Java SE 5.0 before Update 20
and 6 ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed>
- TODO: file bug
+ - openjdk-6 <unfixed> (medium; bug #542210)
CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22,
when ...)
- xemacs21 <unfixed> (low; bug #540470)
[etch] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
@@ -462,40 +460,35 @@
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed>
- TODO: file bug
+ - openjdk-6 <unfixed> (medium; bug #542210)
CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime
Environment ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed>
- TODO: file bug
+ - openjdk-6 <unfixed> (medium; bug #542210)
CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime
Environment ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed>
- TODO: file bug
+ - openjdk-6 <unfixed> (medium; bug #542210)
CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment
(JRE) ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed>
- TODO: file bug
+ - openjdk-6 <unfixed> (medium; bug #542210)
CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK
and JRE ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed>
- TODO: file bug
+ - openjdk-6 <unfixed> (medium; bug #542210)
CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not
properly ...)
NOT-FOR-US: IBM AIX
CVE-2009-2668 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7
through ...)
@@ -683,8 +676,7 @@
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed>
- TODO: file bug
+ - openjdk-6 <unfixed> (medium; bug #542210)
CVE-2009-2624
RESERVED
CVE-2009-2623
@@ -792,8 +784,7 @@
[etch] - linux-2.6 <not-affected> (vulnerable code not present)
[lenny] - linux-2.6 <not-affected> (vulnerable code not present)
[squeeze] - linux-2.6 <not-affected> (vulnerable code not present)
- - linux-2.6.24 <removed>
- [etch] - linux-2.6.24 <not-affected> (vulnerable code not present)
+ - linux-2.6.24 <not-affected> (vulnerable code not present)
CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity
...)
NOT-FOR-US: IBM Tivoli
CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download
Manager ...)
@@ -1027,16 +1018,14 @@
CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java
SE 6 ...)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed>
- TODO: file bug
+ - openjdk-6 <unfixed> (medium; bug #542210)
CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and
OpenJDK, ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed>
- TODO: file bug
+ - openjdk-6 <unfixed> (medium; bug #542210)
CVE-2009-2474
RESERVED
CVE-2009-2473
@@ -1291,13 +1280,11 @@
CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in
...)
{DSA-1845-1 DSA-1844-1}
- linux-2.6 2.6.30-5 (medium)
- [etch] - linux-2.6 <not-affected> (ecryptfs code introduced after
2.6.18)
[etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
- linux-2.6.24 <removed>
CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function
in ...)
{DSA-1845-1 DSA-1844-1}
- linux-2.6 2.6.30-5 (medium)
- [etch] - linux-2.6 <not-affected> (ecryptfs code introduced after
2.6.18)
[etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
- linux-2.6.24 <removed>
CVE-2009-2405
@@ -8842,8 +8829,7 @@
NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed>
- TODO: file bug
+ - openjdk-6 <unfixed> (medium; bug #542210)
CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side
authentication ...)
NOT-FOR-US: GE Fanuc iFIX
CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM
...)
@@ -10871,7 +10857,7 @@
CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in ...)
{DSA-1684-1}
- lcms 1.17-1
- - openjdk-6 6b16-1
+ - openjdk-6 6b16-1 (medium; bug #542210)
CVE-2008-5316 (Buffer overflow in the ReadEmbeddedTextTag function in
src/cmsio1.c in ...)
{DSA-1684-1}
- lcms 1.16-1