[Secure-testing-commits] r9357 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Wed Jul 16 19:57:50 UTC 2008
Author: jmm-guest
Date: 2008-07-16 19:57:49 +0000 (Wed, 16 Jul 2008)
New Revision: 9357
Modified:
data/CVE/list
Log:
mark non-free as unsupported
lindcpp no-dsa
we only need to track iceweasel indirectly in sid, since most issues
are fixed through xulrunner
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-07-16 19:26:11 UTC (rev 9356)
+++ data/CVE/list 2008-07-16 19:57:49 UTC (rev 9357)
@@ -158,41 +158,53 @@
NOTE: http://www.wireshark.org/security/wnpa-sec-2008-04.html
CVE-2008-3115 (Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and ...)
- sun-java5 1.5.0-16-1 (bug #490260)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
CVE-2008-3114 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 ...)
- sun-java5 1.5.0-16-1 (bug #490260)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
CVE-2008-3113 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 ...)
- sun-java5 1.5.0-16-1 (bug #490260)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3112 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 ...)
- sun-java5 1.5.0-16-1 (bug #490260)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
CVE-2008-3111 (Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 ...)
- sun-java5 1.5.0-16-1 (bug #490260)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-04-1 (bug #490260)
CVE-2008-3110 (Unspecified vulnerability in scripting language support in Sun Java ...)
- sun-java5 <not-affected> (Only for sun-java6)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
CVE-2008-3109 (Unspecified vulnerability in scripting language support in Sun Java ...)
- sun-java5 <not-affected> (Only for sun-java6)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
CVE-2008-3108 (Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE ...)
- sun-java5 1.5.0-10-1 (bug #490260)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3107 (Unspecified vulnerability in the Virtual Machine in Sun Java Runtime ...)
- sun-java5 1.5.0-16-1 (bug #490260)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
CVE-2008-3106 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK ...)
- sun-java5 1.5.0-16-1 (bug #490260)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
CVE-2008-3105 (Unspecified vulnerability in the JAX-WS client and service in Sun Java ...)
- sun-java5 <not-affected> (Only for sun-java6)
- sun-java6 6-07-1 (bug #490260)
CVE-2008-3104 (Multiple unspecified vulnerabilities in Sun Java Runtime Environment ...)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-16-1 (bug #490260)
- sun-java6 6-07-1 (bug #490260)
CVE-2008-3103 (Unspecified vulnerability in the Java Management Extensions (JMX) ...)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-16-1 (bug #490260)
- sun-java6 6-07-1 (bug #490260)
CVE-2008-3102
@@ -764,6 +776,7 @@
[etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2954 (client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows ...)
- linuxdcpp 1.0.1-2 (low; bug #488630)
+ [etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2958 (Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows ...)
- checkinstall 1.6.1-7 (low; bug #488140)
CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac]
@@ -935,10 +948,11 @@
CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack ...)
- iceweasel <unfixed> (bug #488358)
CVE-2008-2785 (Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown impact ...)
- - iceweasel 3.0.1-1 (medium; bug #488358)
+ - iceweasel 3.0 (medium; bug #488358)
- icedove <unfixed>
- iceape <unfixed>
- xulrunner 1.9.0.1-1
+ NOTE: Since 3.0 iceweasel links against xulrunner, marking it as fixed, since also need to track etch
NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT ...)
NOT-FOR-US: spamdyke
More information about the Secure-testing-commits
mailing list