Author: jmm Date: 2012-02-20 08:08:36 +0000 (Mon, 20 Feb 2012) New Revision: 18487 Modified: data/CVE/list data/spu-candidates.txt Log: openjd[6|7] fixed new eglibc issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-02-20 07:02:50 UTC (rev 18486) +++ data/CVE/list 2012-02-20 08:08:36 UTC (rev 18487) @@ -698,8 +698,10 @@ RESERVED CVE-2012-0865 RESERVED -CVE-2012-0864 +CVE-2012-0864 [FORTIFY_SOURCE format string protection bypass] RESERVED + - eglibc <unfixed> (low; bug #660611) + [squeeze] - eglibc <no-dsa> (Hardening bypass, can be fixed in next point update) CVE-2012-0863 [mumble info disclosure] RESERVED {DSA-2411-1} @@ -1506,29 +1508,30 @@ CVE-2012-0507 RESERVED CVE-2012-0506 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> - - openjdk-7 <unfixed> + - openjdk-6 6b24-1.11.1-1 + - openjdk-7 7~u3-2.1-1 - sun-java6 <removed> [squeeze] - sun-java6 <no-dsa> (Non-free not supported) CVE-2012-0505 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - TODO: check + - openjdk-6 6b24-1.11.1-1 + - openjdk-7 7~u3-2.1-1 CVE-2012-0504 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 <not-affected> (Only applies to the Windows-specific update tool) - openjdk-7 <not-affected> (Only applies to the Windows-specific update tool) - sun-java6 <not-affected> (Only applies to the Windows-specific update tool) CVE-2012-0503 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> - - openjdk-7 <unfixed> + - openjdk-6 6b24-1.11.1-1 + - openjdk-7 7~u3-2.1-1 - sun-java6 <removed> [squeeze] - sun-java6 <no-dsa> (Non-free not supported) CVE-2012-0502 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> - - openjdk-7 <unfixed> + - openjdk-6 6b24-1.11.1-1 + - openjdk-7 7~u3-2.1-1 - sun-java6 <removed> [squeeze] - sun-java6 <no-dsa> (Non-free not supported) CVE-2012-0501 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> - - openjdk-7 <unfixed> + - openjdk-6 6b24-1.11.1-1 + - openjdk-7 7~u3-2.1-1 - sun-java6 <removed> [squeeze] - sun-java6 <no-dsa> (Non-free not supported) CVE-2012-0500 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) @@ -1547,8 +1550,8 @@ - sun-java6 <removed> [squeeze] - sun-java6 <no-dsa> (Non-free not supported) CVE-2012-0497 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> - - openjdk-7 <unfixed> + - openjdk-6 6b24-1.11.1-1 + - openjdk-7 7~u3-2.1-1 - sun-java6 <removed> [squeeze] - sun-java6 <no-dsa> (Non-free not supported) CVE-2012-0496 (Unspecified vulnerability in the MySQL Server component in Oracle ...) @@ -2186,8 +2189,8 @@ CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...) - ruby-rack <unfixed> (bug #653962) CVE-2011-5035 (Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications ...) - - openjdk-6 <unfixed> - - openjdk-7 <unfixed> + - openjdk-6 6b24-1.11.1-1 + - openjdk-7 7~u3-2.1-1 - sun-java6 <removed> [squeeze] - sun-java6 <no-dsa> (Non-free not supported) - glassfish <unfixed> (bug #653964) @@ -7100,8 +7103,8 @@ CVE-2011-3572 RESERVED CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) ...) - - openjdk-6 <unfixed> - - openjdk-7 <unfixed> + - openjdk-6 6b24-1.11.1-1 + - openjdk-7 7~u3-2.1-1 - sun-java6 <removed> [squeeze] - sun-java6 <no-dsa> (Non-free not supported) NOTE: CVE description is wrong @@ -7120,7 +7123,8 @@ CVE-2011-3564 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 ...) TODO: check CVE-2011-3563 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - TODO: check + - openjdk-6 6b24-1.11.1-1 + - openjdk-7 7~u3-2.1-1 CVE-2011-3562 RESERVED CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment component in ...) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2012-02-20 07:02:50 UTC (rev 18486) +++ data/spu-candidates.txt 2012-02-20 08:08:36 UTC (rev 18487) @@ -36,6 +36,10 @@ -- +eglibc (CVE-2012-0864) + +-- + fabric (CVE-2011-2185) #629003