Author: gilbert-guest
Date: 2009-12-18 18:07:16 +0000 (Fri, 18 Dec 2009)
New Revision: 13594
Modified:
data/CVE/list
Log:
lots of openjdk issues that need to be checked
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-18 17:41:17 UTC (rev 13593)
+++ data/CVE/list 2009-12-18 18:07:16 UTC (rev 13594)
@@ -1311,7 +1311,6 @@
- openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- TODO: check
CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0
before ...)
- openjdk-6 6b17~pre3-1 (medium; bug #560908)
- sun-java6 6-17-1
@@ -5447,12 +5446,14 @@
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime
...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-15-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java
...)
- sun-java5 1.5.0-20-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -6288,6 +6289,7 @@
- gnutls13 <removed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - openjdk-6 6b17~pre3-1 (low)
CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in
...)
{DSA-1845-1 DSA-1844-1}
- linux-2.6 2.6.30-5 (medium)
@@ -10371,36 +10373,42 @@
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java
Runtime ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java
Runtime ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java
Runtime ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE
Development ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
@@ -10408,20 +10416,24 @@
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit
(JDK) ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-1099 (Integer signedness error in Java SE Development Kit (JDK) and
Java ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java
Runtime ...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and
Java ...)
{DSA-1769-1}
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK)
and Java ...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
@@ -10429,6 +10441,7 @@
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK)
and ...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
@@ -10436,6 +10449,7 @@
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE
...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
@@ -10443,10 +10457,12 @@
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and
Java ...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2009-1962 (Xfig in Debian GNU/Linux, possibly 3.2.5, allows local users to
read ...)
- xfig 1:3.2.5.a-1
[etch] - xfig <no-dsa> (Minor issue)
@@ -21346,53 +21362,66 @@
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
+ TODO: check openjdk
CVE-2008-3114 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6
...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
+ TODO: check openjdk
CVE-2008-3113 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE
5.0 ...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 <not-affected> (Only for sun-java5)
+ TODO: check openjdk
CVE-2008-3112 (Directory traversal vulnerability in Sun Java Web Start in JDK
and JRE ...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
+ TODO: check openjdk
CVE-2008-3111 (Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6
...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-04-1 (bug #490260)
+ TODO: check openjdk
CVE-2008-3110 (Unspecified vulnerability in scripting language support in Sun
Java ...)
- sun-java5 <not-affected> (Only for sun-java6)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
+ TODO: check openjdk
CVE-2008-3109 (Unspecified vulnerability in scripting language support in Sun
Java ...)
- sun-java5 <not-affected> (Only for sun-java6)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
+ TODO: check openjdk
CVE-2008-3108 (Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and
JRE ...)
- sun-java5 1.5.0-10-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 <not-affected> (Only for sun-java5)
+ TODO: check openjdk
CVE-2008-3107 (Unspecified vulnerability in the Virtual Machine in Sun Java
Runtime ...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
+ TODO: check openjdk
CVE-2008-3106 (Unspecified vulnerability in Sun Java Runtime Environment (JRE)
in JDK ...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
+ TODO: check openjdk
CVE-2008-3105 (Unspecified vulnerability in the JAX-WS client and service in
Sun Java ...)
- sun-java5 <not-affected> (Only for sun-java6)
- sun-java6 6-07-1 (bug #490260)
+ TODO: check openjdk
CVE-2008-3104 (Multiple unspecified vulnerabilities in Sun Java Runtime
Environment ...)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-16-1 (bug #490260)
- sun-java6 6-07-1 (bug #490260)
+ TODO: check openjdk
CVE-2008-3103 (Unspecified vulnerability in the Java Management Extensions
(JMX) ...)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-16-1 (bug #490260)
- sun-java6 6-07-1 (bug #490260)
+ TODO: check openjdk
CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not
set the ...)
- mantis 1.1.2+dfsg-6 (low; bug #501179)
CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger
CRM ...)
@@ -25889,49 +25918,61 @@
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime
Environment ...)
- sun-java6 6-05-1 (low)
- sun-java5 1.5.0-15-1 (low)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2008-1194 (Multiple unspecified vulnerabilities in the color management
library ...)
- sun-java6 6-05-1 (unimportant)
- sun-java5 1.5.0-15-1 (unimportant)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2008-1193 (Unspecified vulnerability in Java Runtime Environment Image
Parsing ...)
- sun-java6 6-05-1 (low)
- sun-java5 1.5.0-15-1 (low)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2008-1192 (Unspecified vulnerability in the Java Plug-in for Sun JDK and
JRE 6 ...)
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2008-1191 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6
...)
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2008-1190 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6
...)
- sun-java6 6-05-1 (medium)
- sun-java5 <not-affected> (No more information by sun)
+ TODO: check openjdk
CVE-2008-1189 (Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4
and ...)
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2008-1188 (Multiple buffer overflows in the useEncodingDecl function in
Java Web ...)
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2008-1187 (Unspecified vulnerability in Sun Java Runtime Environment (JRE)
and ...)
- sun-java6 6-05-1 (low)
- sun-java5 1.5.0-15-1 (low)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2008-1186 (Unspecified vulnerability in the Virtual Machine for Sun Java
Runtime ...)
- sun-java6 6-05-1
- sun-java5 1.5.0-15-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2008-1185 (Unspecified vulnerability in the Virtual Machine for Sun Java
Runtime ...)
- sun-java6 6-05-1
- sun-java5 1.5.0-15-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2008-1184 (The DNSSEC validation library (libval) library in dnssec-tools
before ...)
- dnssec-tools <not-affected> (first version in Debian was 1.4.1)
CVE-2008-1183 (Multiple cross-site scripting (XSS) vulnerabilities in Crafty
Syntax ...)
@@ -27146,6 +27187,7 @@
- sun-java6 6-02-1
- sun-java5 1.5.0-14-1
[etch] - sun-java5 1.5.0-14-1etch1
+ TODO: check openjdk
CVE-2008-0656 (Unrestricted file upload vulnerability in dmclTrace.jsp in EMC
...)
NOT-FOR-US: Documentum Administrator and Webtop
CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat
...)
@@ -27214,6 +27256,7 @@
CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and JRE
6 ...)
- sun-java6 6-04-1
- sun-java5 <not-affected> (referring to sun this vulnerability is not
present in java5)
+ TODO: check openjdk
CVE-2008-0627
REJECTED
CVE-2008-0626
@@ -31365,6 +31408,7 @@
- sun-java6 6-03-1 (medium)
- sun-java5 1.5.0-13-1 (medium)
[etch] - sun-java5 1.5.0-14-1etch1
+ TODO: check openjdk
CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the
...)
NOT-FOR-US: Multi Host Forum Pro
CVE-2007-5687 (Multiple buffer overflows in the rich text processing
functionality in ...)
@@ -32754,6 +32798,7 @@
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
[etch] - sun-java5 1.5.0-14-1etch1
+ TODO: check openjdk
CVE-2007-5374 (cp_memberedit.php in LightBlog 8.4.1.1 does not check for ...)
NOT-FOR-US: LightBlog
CVE-2007-5373 (ldapscripts 1.4 and 1.7 sends a password as a command line
argument ...)
@@ -32998,10 +33043,12 @@
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
[etch] - sun-java5 1.5.0-14-1etch1
+ TODO: check openjdk
CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and
...)
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
[etch] - sun-java5 1.5.0-14-1etch1
+ TODO: check openjdk
CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan
Blog ...)
NOT-FOR-US: Furkan Tastan Blog
CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic
Cite CMS ...)
@@ -33120,22 +33167,27 @@
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
[etch] - sun-java5 1.5.0-14-1etch1
+ TODO: check openjdk
CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK
and JRE ...)
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
[etch] - sun-java5 1.5.0-14-1etch1
+ TODO: check openjdk
CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK
and JRE ...)
- sun-java6 6-03-1 (unimportant)
- sun-java5 1.5.0-13-1 (unimportant)
[etch] - sun-java5 1.5.0-14-1etch1
+ TODO: check openjdk
NOTE: Leaked information hardly sensitive
CVE-2007-5237 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does
not ...)
- sun-java6 6-03-1 (medium)
- sun-java5 1.5.0-13-1 (medium)
[etch] - sun-java5 1.5.0-14-1etch1
+ TODO: check openjdk
CVE-2007-5236 (Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and
SDK ...)
- sun-java6 <not-affected> (Windows only)
- sun-java5 <not-affected> (Windows only)
+ - openjdk-6 <not-affected> (Windows only)
CVE-2007-5235 (Cross-site scripting (XSS) vulnerability in index.php in
Uebimiau ...)
NOT-FOR-US: Uebimiau
CVE-2007-5234 (PHP remote file inclusion vulnerability in
upload/common/footer.php in ...)
@@ -33146,6 +33198,7 @@
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
[etch] - sun-java5 1.5.0-14-1etch1
+ TODO: check openjdk
CVE-2007-5231 (Unrestricted file upload vulnerability in admin/upload_files.php
in ...)
NOT-FOR-US: Zomplog
CVE-2007-5230 (admin/upload_files.php in Zomplog 3.8.1 and earlier does not
check for ...)
@@ -33744,6 +33797,7 @@
CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in
Java ...)
- sun-java6 <unfixed> (unimportant)
- sun-java5 <unfixed> (unimportant)
+ - openjdk-6 <unfixed> (unimportant)
NOTE: exploiting this would not work under Linux
CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows
remote ...)
NOT-FOR-US: Pegasus Mail Mercury
@@ -36357,6 +36411,7 @@
- sun-java5 1.5.0-12-2
[etch] - sun-java5 1.5.0-14-1etch1
- sun-java6 6-02-1
+ TODO: check openjdk
CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary
files ...)
{DSA-1402-1}
- gforge 4.6.99+svn6169-1
@@ -36890,6 +36945,7 @@
NOT-FOR-US: Sun Solaris
CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE
6 ...)
- sun-java6 6-02-1 (medium)
+ TODO: check openjdk
CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through
9.0 ...)
NOT-FOR-US: Sun Java System Application Server and Web Server
CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr)
0.6.5 ...)
@@ -36930,6 +36986,7 @@
- sun-java5 1.5.0-12-1
- sun-java6 6-02-1
[etch] - sun-java5 1.5.0-14-1etch1
+ TODO: check openjdk
CVE-2007-3697 (PHP remote file inclusion vulnerability in phpbb/sendmsg.php in
...)
NOT-FOR-US: FlashBB
CVE-2007-3696 (CA ERwin Data Model Validator (formerly AllFusion Data Model
...)
@@ -37026,6 +37083,7 @@
- sun-java5 1.5.0-12-1
[etch] - sun-java5 1.5.0-14-1etch1
- sun-java6 6-02-1
+ TODO: check openjdk
CVE-2007-3654 (The display driver allocattr functions in NetBSD 3.0 through
...)
NOT-FOR-US: NetBSD
CVE-2007-3653 (Multiple cross-site scripting (XSS) vulnerabilities in Farsi
Script ...)
@@ -37405,6 +37463,7 @@
- sun-java5 1.5.0-12-1
[etch] - sun-java6 <no-dsa> (non-free)
- sun-java6 6-01-1 (bug #432006)
+ TODO: check openjdk
CVE-2007-3502 (Unspecified vulnerability in the web-based product configuration
...)
NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-3501 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in
...)
@@ -39181,10 +39240,12 @@
- sun-java5 1.5.0-11-1 (medium)
[etch] - sun-java5 1.5.0-14-1etch1
- sun-java6 6-01-1 (bug #422403)
+ TODO: check openjdk
CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun
Java ...)
- sun-java5 1.5.0-11-1 (medium)
[etch] - sun-java5 1.5.0-14-1etch1
- sun-java6 6-01-1 (bug #422403)
+ TODO: check openjdk
CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1)
...)
NOT-FOR-US: LeadTools Raster Thumbnail Object Library
CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows
remote ...)
@@ -46569,6 +46630,7 @@
CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a
denial ...)
- sun-java5 <unfixed> (unimportant)
- sun-java6 <unfixed> (unimportant)
+ - openjdk-6 <unfixed> (unimportant)
NOTE: not a security issue, browser dos treated as regular bugs, also likely
Windows-specific
CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix
Advanced ...)
NOT-FOR-US: Citrix Access Gateway
@@ -56642,6 +56704,7 @@
- sun-java5 1.5.0-10-1 (bug #384734)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ TODO: check openjdk
CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php
in ...)
NOT-FOR-US: phpRemoteView
CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and
...)