Author: gilbert-guest Date: 2009-12-13 02:57:12 +0000 (Sun, 13 Dec 2009) New Revision: 13537 Modified: data/CVE/list Log: chromium, webkit, and openjdk issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-13 01:52:08 UTC (rev 13536) +++ data/CVE/list 2009-12-13 02:57:12 UTC (rev 13537) @@ -797,7 +797,6 @@ - linux-2.6 <unfixed> (low) - linux-2.6.24 <removed> (low) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734 - TODO: check CVE-2009-3963 (Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have ...) NOT-FOR-US: XOOPS CVE-2009-3962 (The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, ...) @@ -864,7 +863,7 @@ CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management Module ...) NOT-FOR-US: IBM BladeCenter CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function ...) - TODO: check + - chromium-browser <itp> (low; bug #520324) CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before 3.0.195.32, ...) - webkit <not-affected> (chromium-specific issue in their timer) - qt4-x11 <not-affected> (chromium-specific issue in their timer) @@ -872,9 +871,11 @@ - kde4libs <not-affected> (chromium-specific issue in their timer) - chromium-browser <itp> (low; bug #520324) CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...) - TODO: check + - chromium-browser <itp> (low; bug #520324) + - webkit <unfixed> (low; bug #560905) + TODO: check qt4-x11, kdelibs, kde4libs CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...) - TODO: check + - chromium-browser <itp> (low; bug #520324) CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow ...) - file 5.03-1 [lenny] - file <not-affected> @@ -983,82 +984,86 @@ CVE-2009-3887 RESERVED CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...) - TODO: check + - openjdk-6 <not-affected> (a problem in code that is unused on non-windows platforms) + - sun-java6 <not-affected> (a problem in code that is unused on non-windows platforms) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=530114 CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...) - TODO: check + - openjdk-6 <unfixed> (medium; bug #560908) + - sun-java6 6-17-1 + [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...) NOT-FOR-US: Sun Java System Web Server CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 <unfixed> [lenny] - sun-java6 <no-dsa> (Non-free not supported) TODO: check CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...) @@ -1424,11 +1429,11 @@ CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...) NOT-FOR-US: ReqWeb CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...) - - openjdk-6 <unfixed> + - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...) @@ -1756,11 +1761,9 @@ - linux-2.6 <unfixed> (medium) - linux-2.6.24 <removed> (medium) CVE-2009-3619 (Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before ...) - - viewvc <unfixed> - TODO: check + - viewvc <unfixed> (low; bug #560903) CVE-2009-3618 (Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 ...) - - viewvc <unfixed> - TODO: check + - viewvc <unfixed> (low; bug #560903) CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function ...) - aria2 1.6.2-1 (low) [lenny] - aria2 <not-affected> (Vulnerable code not present) @@ -4780,27 +4783,27 @@ - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) [lenny] - sun-java6 <no-dsa> (Non-free not supported) - TODO: check openjdk-6 + - openjdk-6 <unfixed> (medium; bug #560908) CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 ...) - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) [lenny] - sun-java6 <no-dsa> (Non-free not supported) - TODO: check openjdk-6 + - openjdk-6 <unfixed> (medium; bug #560908) CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...) - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) [lenny] - sun-java6 <no-dsa> (Non-free not supported) - TODO: check openjdk-6 + - openjdk-6 <unfixed> (medium; bug #560908) CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...) - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) [lenny] - sun-java6 <no-dsa> (Non-free not supported) - TODO: check openjdk-6 + - openjdk-6 <unfixed> (medium; bug #560908) CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not ...) - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) [lenny] - sun-java6 <no-dsa> (Non-free not supported) - TODO: check openjdk-6 + - openjdk-6 <unfixed> (medium; bug #560908) CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: cPanel CVE-2008-6926 (Directory traversal vulnerability in ...)