[Secure-testing-commits] r12512 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sat Aug 8 09:48:44 UTC 2009
Author: derevko-guest
Date: 2009-08-08 09:48:44 +0000 (Sat, 08 Aug 2009)
New Revision: 12512
Modified:
data/CVE/list
Log:
- new xemacs21 integer overflows issues
- CVE-2009-2687: fixed in php5 5.2.10.dfsg.1-1
- Two new vulnerabilities for zope and zodb
- Start to triage sun-java/openjdk issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-08 08:09:06 UTC (rev 12511)
+++ data/CVE/list 2009-08-08 09:48:44 UTC (rev 12512)
@@ -57,9 +57,10 @@
CVE-2009-2689
RESERVED
CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when ...)
- TODO: check
+ - xemacs21 <unfixed> (low; bug #540470)
CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 ...)
- TODO: check
+ - php5 5.2.10.dfsg.1-1
+ TODO: check php4
CVE-2009-2686
RESERVED
CVE-2009-2685
@@ -81,9 +82,17 @@
CVE-2009-2677
RESERVED
CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...)
- TODO: check
+ - sun-java5 1.5.0-20-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ - sun-java6 6-15-1
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime ...)
- TODO: check
+ - sun-java5 1.5.0-20-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ - sun-java6 6-15-1
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-2674 (Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE ...)
TODO: check
CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment ...)
@@ -275,7 +284,13 @@
CVE-2009-2626
RESERVED
CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in ...)
- TODO: check
+ - sun-java5 1.5.0-20-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ - sun-java6 6-15-1
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - openjdk-6 <unfixed>
+ TODO: file bug
CVE-2009-2624
RESERVED
CVE-2009-2623
@@ -606,10 +621,24 @@
CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of ...)
- xulrunner <not-affected> (unimportant)
NOTE: browser crashes not treated as security issues
-CVE-2009-2476
+CVE-2009-2476 [OpenJDK OpenType checks can be bypassed]
RESERVED
-CVE-2009-2475
+ - sun-java5 1.5.0-20-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ - sun-java6 6-15-1
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - openjdk-6 <unfixed>
+ TODO: file bug
+CVE-2009-2475 [OpenJDK information leaks in mutable variables]
RESERVED
+ - sun-java5 1.5.0-20-1
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
+ - sun-java6 6-15-1
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ - openjdk-6 <unfixed>
+ TODO: file bug
CVE-2009-2474
RESERVED
CVE-2009-2473
@@ -6480,10 +6509,18 @@
REJECTED
CVE-2009-0670
RESERVED
-CVE-2009-0669
+CVE-2009-0669 [Authentication bypass in ZODB ZEO storage servers]
RESERVED
-CVE-2009-0668
+ - zope3 <unfixed> (bug #540462)
+ - zope2.11 <unfixed> (bug #540463)
+ - zope2.10 <unfixed> (bug #540464)
+ - zodb <unfixed> (bug #540465)
+CVE-2009-0668 [Arbitrary Python code execution in ZODB ZEO storage servers]
RESERVED
+ - zope3 <unfixed> (medium; bug #540462)
+ - zope2.11 <unfixed> (medium; bug #540463)
+ - zope2.10 <unfixed> (medium; bug #540464)
+ - zodb <unfixed> (medium; bug #540465)
CVE-2009-0667 (Untrusted search path vulnerability in Agent/Backend.pm in ...)
{DSA-1828-1}
- ocsinventory-agent 1:0.0.9.2repack1-5 (medium; bug #506416)
More information about the Secure-testing-commits
mailing list