Author: nion
Date: 2009-09-18 14:20:09 +0000 (Fri, 18 Sep 2009)
New Revision: 12846
Modified:
data/CVE/list
Log:
openjdk fixes
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-09-18 11:03:33 UTC (rev 12845)
+++ data/CVE/list 2009-09-18 14:20:09 UTC (rev 12846)
@@ -2056,12 +2056,12 @@
CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK,
grants ...)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (medium; bug #542210)
+ - openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2689 (JDK13Services.getProviders in Sun Java SE 5.0 before Update 20
and 6 ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (medium; bug #542210)
+ - openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22,
when ...)
- xemacs21 <unfixed> (low; bug #540470)
[etch] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
@@ -2104,35 +2104,35 @@
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (medium; bug #542210)
+ - openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime
Environment ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (medium; bug #542210)
+ - openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime
Environment ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (medium; bug #542210)
+ - openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment
(JRE) ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (medium; bug #542210)
+ - openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK
and JRE ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (medium; bug #542210)
+ - openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not
properly ...)
NOT-FOR-US: IBM AIX
CVE-2009-2668 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7
through ...)
@@ -2314,7 +2314,7 @@
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (medium; bug #542210)
+ - openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2624
RESERVED
CVE-2009-2623
@@ -2656,14 +2656,14 @@
CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java
SE 6 ...)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (medium; bug #542210)
+ - openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and
OpenJDK, ...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (medium; bug #542210)
+ - openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2474 (neon before 0.28.6, when OpenSSL is used, does not properly
handle a ...)
- neon27 0.28.6-1 (low; bug #542926)
[lenny] - neon27 <no-dsa> (Minor issue)
@@ -4254,7 +4254,7 @@
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
NOTE: http://seclists.org/fulldisclosure/2009/Jul/0241.html
CVE-2009-1896 (The Java Web Start framework in IcedTea in OpenJDK before ...)
- - openjdk-6 <unfixed> (bug #542210)
+ - openjdk-6 6b16-1.6-1 (bug #542210)
CVE-2009-1895 (The personality subsystem in the Linux kernel before 2.6.31-rc3
has a ...)
{DSA-1845-1 DSA-1844-1}
- linux-2.6 2.6.30-3 (low)
@@ -10511,7 +10511,7 @@
NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- - openjdk-6 <unfixed> (medium; bug #542210)
+ - openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side
authentication ...)
NOT-FOR-US: GE Fanuc iFIX
CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM
...)