Author: jmm-guest Date: 2010-06-28 17:34:16 +0000 (Mon, 28 Jun 2010) New Revision: 14916 Modified: data/CVE/list data/spu-candidates.txt Log: - pgp4pine removed - squirrelmail already tracked by separate ID - remove spu entries for issues fixed in latest point release - mono fix was uploaded to unstable - another slim issue was fixed in 5.0.5 point update - 5.0.5 point update also introduced fixed sun-java[56] packages - ziproxy fixed - feh fixed - new issues in wget (dsa), lftp (dsa) and libwww-perl (no-dsa) - bug filed for w3m/ssl validation - convert older safari TODOs to undetermined entries - bug filed for tomcat6 information disclosure Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-06-27 21:14:39 UTC (rev 14915) +++ data/CVE/list 2010-06-28 17:34:16 UTC (rev 14916) @@ -1,5 +1,5 @@ CVE-2010-XXXX [feh --wget-timestamp issue] - - feh <unfixed> (low; bug #587205) + - feh 1.8-1 (low; bug #587205) [lenny] - feh <no-dsa> (Minor issue) CVE-2010-2452 [kvirc dir. trav. issue] RESERVED @@ -203,7 +203,7 @@ CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 ...) NOT-FOR-US: Novell Netware CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows ...) - - ziproxy <unfixed> (bug #587039) + - ziproxy 3.1.1-1 (bug #587039) [lenny] - ziproxy <not-affected> (Introduced in 3.1.0) CVE-2010-2349 (H264WebCam 3.7 allows remote attackers to cause a denial of service ...) NOT-FOR-US: H264WebCam @@ -469,15 +469,16 @@ NOT-FOR-US: joomla! CVE-2010-2253 [lftp, wget, libwww-perl unexpected download issue] RESERVED - - libwww-perl <undetermined> - - lftp <undetermined> - - wget <undetermined> - NOTE: http://www.ocert.org/advisories/ocert-2010-001.html - TODO: check + - libwww-perl 5.835-1 (low) + [lenny] - libwww-perl <no-dsa> (Minor issue) CVE-2010-2252 RESERVED + - wget <unfixed> CVE-2010-2251 RESERVED + - lftp 4.0.6-1 (low) + [lenny] - lftp <no-dsa> (Minor issue) + NOTE: http://www.ocert.org/advisories/ocert-2010-001.html CVE-2010-2250 RESERVED CVE-2010-2249 @@ -907,9 +908,8 @@ CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from ...) - unrealircd <itp> (bug #515130) CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ...) - - w3m <unfixed> (low) + - w3m <unfixed> (low; bug filed) [lenny] - w3m <no-dsa> (Minor issue) - TODO: File bug CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and ...) - pyftpd 0.8.5 (low; bug #585776) [lenny] - pyftpd 0.8.4.6+lenny1 @@ -1229,9 +1229,11 @@ CVE-2010-1941 (Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and ...) NOT-FOR-US: NEC WebSAM DeploymentManager CVE-2010-1940 (Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header ...) - TODO: check webkit, chromium, etc once sufficient details are revealed + - chromium-browser <undetermined> + - webkit <undetermined> CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows ...) - TODO: check webkit, chromium, etc. once sufficient details are revealed + - chromium-browser <undetermined> + - webkit <undetermined> CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in libopie ...) - opie 2.32.dfsg.1-0.2 (low; bug #584932) [lenny] - opie <no-dsa> (Minor issue) @@ -1995,9 +1997,7 @@ - clamav 0.96.1+dfsg-1 (bug #584183) [lenny] - clamav <end-of-life> CVE-2010-1638 (The IMP plugin in Horde allows remote attackers to bypass firewall ...) - - horde3 <undetermined> - - squirrelmail <undetermined> - TODO: check + - horde3 <unfixed> (unimportant) CVE-2010-1637 (The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...) - squirrelmail <unfixed> (unimportant) CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs ...) @@ -2568,7 +2568,6 @@ NOT-FOR-US: IBM BladeCenter Management Module CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a value ...) - mono 2.6.3-2 (bug #585440) - NOTE: Fix currently only in experimental, but will be uploaded to unstable later CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip ...) NOT-FOR-US: TweakFS CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not ...) @@ -2865,7 +2864,7 @@ NOT-FOR-US: Apple Mac OS X CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI ...) - sun-java6 6.20-1 (high) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-2449 [gource: predictable log file located in /tmp] RESERVED - gource 0.26-2 (low; bug #577958) @@ -3437,16 +3436,13 @@ CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a ...) - nano 2.2.4-1 (low; bug #577817) [lenny] - nano 2.0.7-5 - NOTE: http://www.openwall.com/lists/oss-security/2010/04/14/4 CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed ...) - nano 2.2.4-1 (low; bug #577817) [lenny] - nano 2.0.7-5 - NOTE: http://www.openwall.com/lists/oss-security/2010/04/14/4 CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...) - perl <not-affected> (re engine rewritten for 5.10 to address issues such as this; and proof-of-concept not effective) CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might ...) - - tomcat6 <unfixed> (unimportant) - TODO: File bug + - tomcat6 <unfixed> (bug filed; unimportant) NOTE: Negligable information disclosure CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to ...) - irssi 0.8.15-1 (low) @@ -4300,11 +4296,11 @@ CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...) - openjdk-6 <undetermined> - sun-java6 6.20-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0886 (Unspecified vulnerability in the Java Deployment Toolkit component in ...) - openjdk-6 <undetermined> - sun-java6 6.20-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications ...) NOT-FOR-US: Oracle Sun Product Suite CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...) @@ -4378,59 +4374,59 @@ CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0849 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0846 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0843 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0839 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0836 RESERVED CVE-2010-0835 @@ -7147,55 +7143,55 @@ CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0087 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle Fusion ...) NOT-FOR-US: Oracle Fusion Middleware CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0083 RESERVED CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2010-0081 RESERVED CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile ...) @@ -8764,7 +8760,7 @@ CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...) - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...) - openjdk-6 <not-affected> (a problem in code that is unused on non-windows platforms) - sun-java6 <not-affected> (a problem in code that is unused on non-windows platforms) @@ -8772,77 +8768,78 @@ CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 + [lenny] - sun-java6 6-20-0lenny1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...) NOT-FOR-US: Sun Java System Web Server CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...) - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...) - openjdk-6 <unfixed> (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...) - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...) - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...) - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...) - openjdk-6 6b17 (unimportant) - sun-java6 6-17-1 (unimportant) @@ -9250,11 +9247,11 @@ CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...) - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...) - openjdk-6 6b17~pre3-1 (medium; bug #560908) - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...) {DSA-1952-1} - asterisk 1:1.6.2.0~rc6-1 @@ -12714,47 +12711,47 @@ CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 NOTE: unknown impact and attack vectors CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider class in ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 NOTE: unknown impact and attack vectors CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 NOTE: unknown impact and attack vectors CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 NOTE: unknown impact and attack vectors CVE-2009-2720 (Unspecified vulnerability in the ...) - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1 (medium; bug #560908) CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 ...) - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1 (medium; bug #560908) CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...) - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1 (medium; bug #560908) CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...) - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1 (medium; bug #560908) CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not ...) - sun-java6 6-15-1 [etch] - sun-java6 <no-dsa> (Non-free not supported) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1 (medium; bug #560908) CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...) NOT-FOR-US: cPanel @@ -12940,12 +12937,13 @@ - linux-2.6.24 <removed> CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants ...) - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) CVE-2009-2689 (JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when ...) - xemacs21 21.4.22-3 (low; bug #540470) @@ -12974,51 +12972,51 @@ CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not properly ...) NOT-FOR-US: IBM AIX @@ -13211,9 +13209,9 @@ {DSA-1984-1} - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) - libxerces2-java 2.9.1-4.1 (bug #548358) CVE-2009-2624 (The huft_build function in inflate.c in gzip before 1.3.13 creates a ...) @@ -13559,7 +13557,7 @@ CVE-2009-XXXX [insecure tmp file vulnerability in slim] - slim <removed> (unimportant; bug #537604) NOTE: exploit scenario too constructed - TODO: request CVE id + [lenny] - slim 1.3.0-1+lenny2 CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in ...) - vlc <not-affected> (The vulnerability affects Windows builds only) CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote ...) @@ -13571,14 +13569,14 @@ NOTE: browser crashes not treated as security issues CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java SE 6 ...) - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, ...) - sun-java5 1.5.0-20-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) CVE-2009-2474 (neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly ...) - neon27 0.28.6-1 (low; bug #542926) @@ -13842,7 +13840,7 @@ - openjdk-6 6b17~pre3-1 (low) - gnutls13 <removed> - sun-java6 6-17-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in ...) {DSA-1845-1 DSA-1844-1} - linux-2.6 2.6.30-5 (medium) @@ -15093,7 +15091,7 @@ CVE-2008-6825 (Directory traversal vulnerability in user/index.php in Fonality ...) NOT-FOR-US: trixbox CVE-2009-XXXX [pgp4pine off-by-one] - - pgp4pine <unfixed> (bug #457947; medium) + - pgp4pine <removed> (bug #457947; medium) [etch] - pgp4pine <no-dsa> (Contrib not supported) [lenny] - pgp4pine <no-dsa> (Contrib not supported) NOTE: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0122.html @@ -18097,99 +18095,99 @@ - bouncycastle 1.38-1 CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development ...) - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...) - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...) {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) ...) - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 CVE-2009-1099 (Integer signedness error in Java SE Development Kit (JDK) and Java ...) - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java Runtime ...) {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Java ...) {DSA-1769-1} - sun-java6 6-13-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...) {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and ...) {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE ...) {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - sun-java5 1.5.0-18-1 [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java ...) {DSA-1769-1} - sun-java6 6-13-1 (bug #521414) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <undetermined> (bug #566769) CVE-2009-1962 (Xfig, possibly 3.2.5, allows local users to read and write arbitrary ...) - xfig 1:3.2.5.a-1 @@ -21685,7 +21683,7 @@ NOTE: http://anonsvn.mono-project.com/viewvc?view=rev&revision=137891 NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix) - sun-java6 6-15-1 - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b16-1.6-1 (medium; bug #542210) - openoffice.org 1:3.1.1-16 CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication ...) @@ -23538,37 +23536,37 @@ CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...) - sun-java5 1.5.0-17-0.1 (low; bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (low; bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5357 (Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <not-affected> (uses system''s freetype library) CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <not-affected> (uses system''s freetype library) CVE-2008-5355 (The "Java Update" feature for Java Runtime Environment (JRE) for Sun ...) - sun-java5 <not-affected> (Java update not used in Debian) @@ -23577,112 +23575,112 @@ CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5353 (The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 6b11-9.1 (bug #510972) CVE-2008-5346 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with Sun ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <not-affected> (bug in plugin code) NOTE: For OpenJDK, see: <http://mail.openjdk.java.net/pipermail/core-libs-dev/2009-June/001784.html> CVE-2008-5344 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <not-affected> (browser plugin is different code base) CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <not-affected> (browser plugin is different code base) CVE-2008-5342 (Unspecified vulnerability in the BasicService for Java Web Start (JWS) ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <not-affected> (browser plugin is different code base) CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <not-affected> (browser plugin is different code base) CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <not-affected> (browser plugin is different code base) CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...) - sun-java5 1.5.0-17-0.1 (bug #508194) [etch] - sun-java5 <no-dsa> (Non-free not supported) - [lenny] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 1.5.0-22-0lenny1 - sun-java6 6-12-1 (bug #508195) - [lenny] - sun-java6 <no-dsa> (Non-free not supported) + [lenny] - sun-java6 6-20-0lenny1 - openjdk-6 <not-affected> (browser plugin is different code base) CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite ...) NOT-FOR-US: Bandwebsite Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2010-06-27 21:14:39 UTC (rev 14915) +++ data/spu-candidates.txt 2010-06-28 17:34:16 UTC (rev 14916) @@ -61,11 +61,6 @@ -- -cpio (CVE-2010-0624) -notified maintainer - --- - couchdb (CVE-2010-0009) #576304 notified maintainer @@ -331,12 +326,6 @@ -- -pyftpd (CVE-2010-2072, CVE-2010-2073) -bug #585776, #585773 -notified maintainer - --- - squid (CVE-2009-0801) #521053 notified maintainer @@ -440,12 +429,6 @@ -- -slim (CVE-2009-1756) -bug #529306 -Maintainer notified through followup in #529306 - --- - squid (CVE-2010-0639) #572553 Maintainer notified through initial bugreport @@ -469,11 +452,6 @@ -- -texlive-bin (CVE-2010-0739, CVE-2010-0827) -notified maintainer - --- - trac (CVE-2009-4405) notified maintainer @@ -491,6 +469,7 @@ -- w3m (CVE-2010-2074) +maintainer notified through bug report --