[Secure-testing-commits] r11550 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Fri Apr 3 19:20:24 UTC 2009
Author: jmm-guest
Date: 2009-04-03 19:20:24 +0000 (Fri, 03 Apr 2009)
New Revision: 11550
Modified:
data/CVE/list
data/package-tags
Log:
- mark xulrunner as unsupported for etch as well
- new unspecified libapache-mod-security issue
- formencode issue doesn't affect etch
- most of the java6 issues apply to java5 as well
- wlcpp wireshark issue already fixed in Lenny preparation
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-03 19:19:17 UTC (rev 11549)
+++ data/CVE/list 2009-04-03 19:20:24 UTC (rev 11550)
@@ -1,7 +1,10 @@
+CVE-2009-XXXX [unspecified DoS]
+ - libapache-mod-security 2.5.9-1
+ TODO: Investigate, check stable/oldstable, if necessary open RT ticket
CVE-2009-1221
RESERVED
CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in ...)
- NOT-FOR-US: Cisco Adaptive Security Appliances
+ NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...)
NOT-FOR-US: Sun Calendar Express Web Server
CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar ...)
@@ -43,7 +46,7 @@
NOT-FOR-US: Blue Coat ProxySG
CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in ...)
- wireshark <unfixed>
- TODO: File bug
+ TODO: File bug, investigate, if necessary open RT ticket
CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...)
- amaya <unfixed> (bug filed)
CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other ...)
@@ -334,6 +337,7 @@
TODO: check
CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does not ...)
- python-formencode 1.0.1-1
+ [etch] - python-formencode <not-affected> (Vulnerable code was introduced in 1.0)
CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown impact and ...)
NOT-FOR-US: phpns
CVE-2008-6545 (PHP remote file inclusion vulnerability in news/include/createdb.php ...)
@@ -377,24 +381,45 @@
CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - sun-java5 1.5.0-18-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - sun-java5 1.5.0-18-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - sun-java5 1.5.0-18-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - sun-java5 1.5.0-18-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - sun-java5 1.5.0-18-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - sun-java5 1.5.0-18-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - sun-java5 1.5.0-18-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -410,12 +435,21 @@
CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - sun-java5 1.5.0-18-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - sun-java5 1.5.0-18-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - sun-java5 1.5.0-18-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -986,7 +1020,8 @@
CVE-2009-0874 (Multiple unspecified vulnerabilities in the Doors subsystem in the ...)
NOT-FOR-US: Sun Solaris
CVE-2008-6472 (The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote ...)
- TODO: check
+ [lenny] - wireshark 1.0.2-3+lenny3
+ - wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-6471 (SQL injection vulnerability in detail.php in MountainGrafix easyLink ...)
NOT-FOR-US: MountainGrafix easyLink
CVE-2008-6470 (Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 ...)
Modified: data/package-tags
===================================================================
--- data/package-tags 2009-04-03 19:19:17 UTC (rev 11549)
+++ data/package-tags 2009-04-03 19:20:24 UTC (rev 11550)
@@ -6,8 +6,8 @@
[lenny] kfreebsd-7 <unsupported> (FreeBSD not yet supported)
[etch] iceweasel <unsupported> (Support was dropped for oldstable)
+[etch] xulrunner <unsupported> (Support was dropped for oldstable)
-
[etch] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone)
[lenny] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone)
More information about the Secure-testing-commits
mailing list