Author: jmm Date: 2012-06-25 07:17:41 +0000 (Mon, 25 Jun 2012) New Revision: 19586 Modified: data/CVE/list data/spu-candidates.txt Log: openjdk-6 fixed mark python hash collision issues as no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-06-25 06:02:27 UTC (rev 19585) +++ data/CVE/list 2012-06-25 07:17:41 UTC (rev 19586) @@ -4749,13 +4749,13 @@ CVE-2012-1726 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1725 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> (bug #677487) + - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1724 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> (bug #677487) + - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1723 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> (bug #677487) + - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1722 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - openjdk-6 <not-affected> (specific to Oracle Java) @@ -4767,28 +4767,28 @@ - openjdk-6 <unfixed> (bug #677487) - openjdk-7 <unfixed> CVE-2012-1719 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> (bug #677487) + - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1718 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> (bug #677487) + - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1717 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> (bug #677487) + - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1716 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> (bug #677487) + - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1715 RESERVED CVE-2012-1714 RESERVED CVE-2012-1713 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> (bug #677487) + - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1712 RESERVED CVE-2012-1711 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...) - - openjdk-6 <unfixed> (bug #677487) + - openjdk-6 6b24-1.11.3-1 (bug #677487) - openjdk-7 7~u3-2.1.1-1 (bug #677486) CVE-2012-1710 (Unspecified vulnerability in the Oracle WebCenter Forms Recognition ...) NOT-FOR-US: Oracle Fusion @@ -6103,13 +6103,12 @@ - libdbd-pg-perl 2.19.0-1 (bug #661536) CVE-2012-1150 RESERVED - - python2.6 2.6.8-0.1 (unimportant) - - python2.7 <unfixed> (unimportant) - - python3.2 <unfixed> (unimportant) - [squeeze] - python2.5 <no-dsa> (unimportant) - [squeeze] - python2.6 <no-dsa> (unimportant) - [squeeze] - python3.1 <no-dsa> (unimportant) - NOTE: the same hash DoS attack as other languages/bindings + - python2.6 2.6.8-0.1 (low) + - python2.7 <unfixed> (low) + - python3.2 <unfixed> (low) + [squeeze] - python2.5 <no-dsa> (Minor issue) + [squeeze] - python2.6 <no-dsa> (Minor issue) + [squeeze] - python3.1 <no-dsa> (Minor issue) CVE-2012-1149 (Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, ...) {DSA-2487-1 DSA-2473-1} - libreoffice 1:3.4.5-1 Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2012-06-25 06:02:27 UTC (rev 19585) +++ data/spu-candidates.txt 2012-06-25 07:17:41 UTC (rev 19586) @@ -380,6 +380,8 @@ python2.5 (CVE-2011-4940 [python: potential XSS in SimpleHTTPServer''s list_directory()]) http://www.openwall.com/lists/oss-security/2012/03/14/11 +CVE-2012-1150 + -- python2.6 (CVE-2011-4940 [python: potential XSS in SimpleHTTPServer''s list_directory()]) @@ -390,8 +392,16 @@ #650555 http://bugs.python.org/file23824/pypirc-secure.diff +CVE-2012-1150 + -- +python3.1 + +CVE-2012-1150 + +-- + python-tornado (CVE-2012-2374) #673987