thr3ads.net - Secure testing commits - [Secure-testing-commits] r13530

If this information is useful, please help other people find it:
Share via:
Michael Gilbert
2009-Dec-12 20:50 UTC
[Secure-testing-commits] r13530 - data/CVE

Author: gilbert-guest
Date: 2009-12-12 20:50:54 +0000 (Sat, 12 Dec 2009)
New Revision: 13530

Modified:
   data/CVE/list
Log:
fix some package naming errors

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-12-12 20:50:43 UTC (rev 13529)
+++ data/CVE/list	2009-12-12 20:50:54 UTC (rev 13530)
@@ -948,82 +948,82 @@
 CVE-2009-3887
 	RESERVED
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update
17 ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on
Windows ...)
 	TODO: check
 CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update
22 ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable
Look and ...)
 	TODO: check
 CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation
in ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and
OpenJDK, ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment
(JRE) in ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has
...)
 	NOT-FOR-US: Sun Java System Web Server
 CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0
before ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	TODO: check
 CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0
before ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment
(JRE) ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the
ImageI/O ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before
Update ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java
SE in ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the
...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the
Abstract ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6
before ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank
function in ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6
before ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java
Runtime ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE)
in Sun ...)
@@ -1382,11 +1382,11 @@
 CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the
ReqWeb Help ...)
 	NOT-FOR-US: ReqWeb
 CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing
functionality ...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance
...)
-	- openjdk <unfixed>
+	- openjdk-6 <unfixed>
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3,
...)
@@ -13940,7 +13940,7 @@
 CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4
before ...)
 	NOT-FOR-US: Cisco IronPort Encryption Appliance
 CVE-2009-0052 (The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi
access ...)
-	NOT-FOR-US: Atheros wireless driver
+	NOT-FOR-US: Netgear WNDAP330 Access Point
 CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value
from ...)
 	NOT-FOR-US: ZXID
 CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value
from ...)
@@ -19911,14 +19911,14 @@
 CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...)
 	- jasper 1.900.1-5.1 (medium; bug #501021)
 	- ghostscript <unfixed> (medium; bug #559778)
-	- netpbm <not-affected> (dynamically links to ghostscript if available)
+	- netpbm-free <not-affected> (dynamically links to ghostscript if
available)
 CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in ...)
 	- jasper 1.900.1-5.1 (unimportant; bug #501021)
 	NOTE: file is opened with O_EXCL even if tmpnam is used in this case
 CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...)
 	- jasper 1.900.1-5.1 (medium; bug #501021)
 	- ghostscript <unfixed> (medium; bug #559778)
-	- netpbm <not-affected> (dynamically links to ghostscript if available)
+	- netpbm-free <not-affected> (dynamically links to ghostscript if
available)
 CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat
JBoss ...)
 	- jbossas4 <not-affected> (configuration not yet included in Debian
package)
 CVE-2008-3518
@@ -27027,9 +27027,8 @@
 	NOTE: The blog has to provide user accounts
 	NOTE: A crafted XML-RPC request referring to a valid user can exploit this
 	NOTE: This is specific to wordpress'' implementation of xmlrpc.php,
which is
-	NOTE: not included in any other packages (except libwordpress-xmlrpc-perl).
-	- libwordpress-xmlrpc-perl <unfixed>
-	TODO: according to maintainer, this package is soon to be removed, remark when
that happens
+	NOTE: not included in any other packages.
+	- libwordpress-xmlrpc-perl <removed>
 CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in
tkImgGIF.c in ...)
 	{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
 	- tk8.5 8.5.0-3
Secure testing commits - Dec 2009 - r13530 - data/CVE

[Secure-testing-commits] r13530 - data/CVE
