Secure testing commits - Feb 2012 - r18557 - data/CVE

Author: fw
Date: 2012-02-28 19:27:34 +0000 (Tue, 28 Feb 2012)
New Revision: 18557

Modified:
   data/CVE/list
Log:
Update several entries related to OpenJDK


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-02-28 19:09:46 UTC (rev 18556)
+++ data/CVE/list	2012-02-28 19:27:34 UTC (rev 18557)
@@ -1774,11 +1774,11 @@
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2012-0507
 	RESERVED
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-6 6b24-1.11.1-1
+	- openjdk-7 7~u3-2.1-1
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
-	TODO: check
+	NOTE: Replacement for misused CVE-2011-3571.
 CVE-2012-0506 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
 	- openjdk-6 6b24-1.11.1-1
 	- openjdk-7 7~u3-2.1-1
@@ -1807,20 +1807,17 @@
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2012-0500 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
+	NOTE: OpenJDK browser plugin is a different code base.
 CVE-2012-0499 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
+	NOTE: According to the Red Hat bug tracker, this vulnerability does not affect
Iced Tea/OpenJDK.
 CVE-2012-0498 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
+	NOTE: According to the Red Hat bug tracker, this vulnerability does not affect
Iced Tea/OpenJDK.
 CVE-2012-0497 (Unspecified vulnerability in the Java Runtime Environment (JRE)
...)
 	- openjdk-6 6b24-1.11.1-1
 	- openjdk-7 7~u3-2.1-1
@@ -7397,11 +7394,7 @@
 CVE-2011-3572
 	RESERVED
 CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure
(VDI) ...)
-	- openjdk-6 6b24-1.11.1-1
-	- openjdk-7 7~u3-2.1-1
-	- sun-java6 <removed>
-	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
-	NOTE: CVE description is wrong
+	NOTE: CVE was misused by Oracle.  Replaced by CVE-2012-0507.
 CVE-2011-3570 (Unspecified vulnerability in Oracle Communications Unified 7.0
allows ...)
 	NOT-FOR-US: Oracle Communications Unified
 CVE-2011-3569 (Unspecified vulnerability in the Oracle Web Services Manager
component ...)