Author: jmm
Date: 2011-02-16 18:38:41 +0000 (Wed, 16 Feb 2011)
New Revision: 16174
Modified:
data/CVE/list
Log:
- new java issues, marking openjdk as unfixed, some of the issues
might not affect openjdk, though
- pam upload fixes one issue and introduces two new
- new kernel issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-02-16 18:19:48 UTC (rev 16173)
+++ data/CVE/list 2011-02-16 18:38:41 UTC (rev 16174)
@@ -802,10 +802,13 @@
RESERVED
CVE-2011-0711
RESERVED
+ - linux-2.6 <unfixed> (low)
CVE-2011-0710
RESERVED
+ - linux-2.6 <unfixed> (low)
CVE-2011-0709
RESERVED
+ - linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in
2.6.35-rc5)
CVE-2011-0708
RESERVED
CVE-2011-0707 [unspecified XSS vulnerability]
@@ -3065,38 +3068,64 @@
RESERVED
{DSA-2161-2 DSA-2161-1}
- openjdk-6 <unfixed> (bug #612660)
- - sun-java6 <unfixed>
+ - sun-java6 6.24-1
NOTE: Patch
http://mail.openjdk.java.net/pipermail/core-libs-dev/2011-February/005795.html
NOTE: Oracle
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
NOTE: Original report
http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
CVE-2010-4475
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4474
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4473
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4472
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4471
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4470
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4469
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4468
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4467
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4466
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4465
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4464 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows
remote ...)
NOT-FOR-US: Oracle Convergence
CVE-2010-4463
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4462
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4461 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
NOT-FOR-US: PeopleSoft
CVE-2010-4460 (Unspecified vulnerability in Oracle Solaris 10 allows local
users to ...)
@@ -3113,20 +3142,32 @@
NOT-FOR-US: Oracle Fusion
CVE-2010-4454
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4453 (Unspecified vulnerability in the Oracle WebLogic Server
component in ...)
NOT-FOR-US: Oracle WebLogic
CVE-2010-4452
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4451
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4450
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4449 (Unspecified vulnerability in the Audit Vault component in Oracle
Audit ...)
NOT-FOR-US: Oracle Audit
CVE-2010-4448
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4447
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4446 (Unspecified vulnerability in Oracle Solaris 11 Express allows
local ...)
NOT-FOR-US: Solaris
CVE-2010-4445 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
@@ -3177,6 +3218,8 @@
NOT-FOR-US: Oracle Database
CVE-2010-4422
RESERVED
+ - sun-java6 6.24-1
+ - openjdk-6 <unfixed>
CVE-2010-4421 (Unspecified vulnerability in the Database Vault component in
Oracle ...)
NOT-FOR-US: Oracle Database
CVE-2010-4420 (Unspecified vulnerability in the Database Vault component in
Oracle ...)
@@ -5814,6 +5857,7 @@
- pam <unfixed> (low; bug #599832)
[squeeze] - pam <no-dsa> (Minor issue)
[lenny] - pam <no-dsa> (Minor issue)
+ NOTE: Fix from 1.1.2 is not fully complete
CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in
...)
- clamav 0.96.3+dfsg-1
[lenny] - clamav <end-of-life>
@@ -5828,10 +5872,12 @@
{DSA-2126-1}
- linux-2.6 2.6.32-24
CVE-2010-3431 (The privilege-dropping implementation in the (1) pam_env and (2)
...)
- - pam <not-affected> (Affected functionality introduced in 1.1.2, see
#599832)
+ - pam <unfixed> (bug #599832)
NOTE: 20100924164823.GA21584 at openwall.com
CVE-2010-3430 (The privilege-dropping implementation in the (1) pam_env and (2)
...)
- - pam <not-affected> (Affected functionality introduced in 1.1.2, see
#599832)
+ - pam <unfixed> (bug #599832)
+ [squeeze] - pam <not-affected> (Affected functionality introduced in
1.1.2, see #599832)
+ [lenny] - pam <not-affected> (Affected functionality introduced in
1.1.2, see #599832)
NOTE: 20100924164823.GA21584 at openwall.com
CVE-2010-3429 (flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in
...)
- ffmpeg 4:0.5.2-6 (bug #598590)
@@ -6120,7 +6166,7 @@
CVE-2010-3317 (Cross-site scripting (XSS) vulnerability in IBM Records Manager
(RM) ...)
NOT-FOR-US: IBM Records Manager
CVE-2010-3316 (The run_coprocess function in pam_xauth.c in the pam_xauth
module in ...)
- - pam <unfixed> (unimportant; bug #599832)
+ - pam 1.1.2-1 (unimportant; bug #599832)
NOTE: partial fix
http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6
NOTE: Not exploitable with current kernels
CVE-2010-3315 (authz.c in the mod_dav_svn module for the Apache HTTP Server, as
...)