[Secure-testing-commits] r12514 - data/CVE

Sat Aug 8 10:51:33 UTC 2009

Author: derevko-guest
Date: 2009-08-08 10:51:33 +0000 (Sat, 08 Aug 2009)
New Revision: 12514

Modified:
   data/CVE/list
Log:
- CVE-2009-2660 fixed in camlimages 1:3.0.1-3
- sun-java/openjdk issues


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-08-08 10:17:30 UTC (rev 12513)
+++ data/CVE/list	2009-08-08 10:51:33 UTC (rev 12514)
@@ -52,10 +52,19 @@
 	RESERVED
 CVE-2009-2691
 	RESERVED
-CVE-2009-2690
+CVE-2009-2690 [OpenJDK private variable information disclosure]
 	RESERVED
-CVE-2009-2689
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- openjdk-6 <unfixed>
+	TODO: file bug
+CVE-2009-2689 [OpenJDK JDK13Services grants unnecessary privileges ]
 	RESERVED
+	- sun-java5 1.5.0-20-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	- openjdk-6 <unfixed>
+	TODO: file bug
 CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when ...)
 	- xemacs21 <unfixed> (low; bug #540470)
 CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 ...)
@@ -94,15 +103,45 @@
 	- sun-java6 6-15-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-2674 (Integer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE ...)
-	TODO: check
+	- sun-java5 1.5.0-20-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- openjdk-6 <unfixed>
+	TODO: file bug
 CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment ...)
-	TODO: check
+	- sun-java5 1.5.0-20-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- openjdk-6 <unfixed>
+	TODO: file bug
 CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment ...)
-	TODO: check
+	- sun-java5 1.5.0-20-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- openjdk-6 <unfixed>
+	TODO: file bug
 CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) ...)
-	TODO: check
+	- sun-java5 1.5.0-20-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- openjdk-6 <unfixed>
+	TODO: file bug
 CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE ...)
-	TODO: check
+	- sun-java5 1.5.0-20-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- openjdk-6 <unfixed>
+	TODO: file bug
 CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not properly ...)
 	NOT-FOR-US: IBM AIX
 CVE-2009-2668 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...)
@@ -145,7 +184,7 @@
 CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before ...)
 	- strongswan <unfixed> (bug #540144)
 CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...)
-	- camlimages <unfixed> (medium; bug #540146)
+	- camlimages 1:3.0.1-3 (medium; bug #540146)
 CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with unnecessary ...)
 	- nilfs2-tools <not-affected> (dh_fixperms removes the setuid and setgid bits from all files)
 CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process in Android ...)
@@ -284,12 +323,12 @@
 CVE-2009-2626
 	RESERVED
 CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in ...)
-        - sun-java5 1.5.0-20-1
-        [etch] - sun-java5 <no-dsa> (Non-free not supported)
-        [lenny] - sun-java5 <no-dsa> (Non-free not supported)
-        - sun-java6 6-15-1
-        [lenny] - sun-java6 <no-dsa> (Non-free not supported)
-        - openjdk-6 <unfixed>
+	- sun-java5 1.5.0-20-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- openjdk-6 <unfixed>
 	TODO: file bug
 CVE-2009-2624
 	RESERVED
@@ -623,20 +662,17 @@
 	NOTE: browser crashes not treated as security issues
 CVE-2009-2476 [OpenJDK OpenType checks can be bypassed]
 	RESERVED
-        - sun-java5 1.5.0-20-1
-        [etch] - sun-java5 <no-dsa> (Non-free not supported)
-        [lenny] - sun-java5 <no-dsa> (Non-free not supported)
-        - sun-java6 6-15-1
-        [lenny] - sun-java6 <no-dsa> (Non-free not supported)
-        - openjdk-6 <unfixed>
-        TODO: file bug
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- openjdk-6 <unfixed>
+	TODO: file bug
 CVE-2009-2475 [OpenJDK information leaks in mutable variables]
 	RESERVED
 	- sun-java5 1.5.0-20-1
-        [etch] - sun-java5 <no-dsa> (Non-free not supported)
-        [lenny] - sun-java5 <no-dsa> (Non-free not supported)
-        - sun-java6 6-15-1
-        [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	- openjdk-6 <unfixed>
 	TODO: file bug
 CVE-2009-2474
@@ -8425,6 +8461,10 @@
 	NOTE: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
 	NOTE: http://anonsvn.mono-project.com/viewvc?view=rev&revision=137891
 	NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix)
+	- sun-java6 6-15-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- openjdk-6 <unfixed>
+	TODO: file bug
 CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication ...)
 	NOT-FOR-US: GE Fanuc iFIX
 CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM ...)


