[Secure-testing-commits] r12709 - data/CVE

Sun Aug 30 17:26:31 UTC 2009

Author: jmm-guest
Date: 2009-08-30 17:26:31 +0000 (Sun, 30 Aug 2009)
New Revision: 12709

Modified:
   data/CVE/list
Log:
- sun java no-dsa
- new alsainfo which doesn't affect us
- php issue unimportant by our PHP update policy


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-08-30 17:09:16 UTC (rev 12708)
+++ data/CVE/list	2009-08-30 17:26:31 UTC (rev 12709)
@@ -970,30 +970,48 @@
 	RESERVED
 CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...)
 	- sun-java5 1.5.0-20-1 (unknown)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	NOTE: unknown impact and attack vectors
 CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider class in ...)
 	- sun-java5 1.5.0-20-1 (unknown)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	NOTE: unknown impact and attack vectors
 CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
 	- sun-java5 1.5.0-20-1 (unknown)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	NOTE: unknown impact and attack vectors
 CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
 	- sun-java5 1.5.0-20-1 (unknown)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	NOTE: unknown impact and attack vectors
 CVE-2009-2720 (Unspecified vulnerability in the ...)
 	- sun-java6 6-15-1
+	[etch] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	TODO: check openjdk-6
 CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 ...)
 	- sun-java6 6-15-1
+	[etch] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	TODO: check openjdk-6
 CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
 	- sun-java6 6-15-1
+	[etch] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	TODO: check openjdk-6
 CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
 	- sun-java6 6-15-1
+	[etch] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	TODO: check openjdk-6
 CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not ...)
 	- sun-java6 6-15-1
+	[etch] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	TODO: check openjdk-6
 CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: cPanel
@@ -10743,8 +10761,10 @@
 CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in ...)
 	- libvirt 0.5.1-7 (unimportant)
 	NOTE: not building libvirt proxy from libvirt source package
-CVE-2009-0035
+CVE-2009-0035 [alsainfo insecure temp file usage]
 	RESERVED
+        - alsa-driver 1.0.20-1 (unimportant)
+        NOTE: alsainfo not built into source package
 CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...)
 	- sudo 1.6.9p17-2 (medium)
 	[etch] - sudo <not-affected> (Vulnerable code not present)
@@ -11757,10 +11777,10 @@
 	TODO: write proper advisory and request CVE id
 CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
 	{DTSA-188-1}
-	- php5 5.2.6.dfsg.1-3 (low; bug #507101)
+	- php5 5.2.6.dfsg.1-3 (unimportant; bug #507101)
 	[lenny] - php5 5.2.6.dfsg.1-1+lenny2
-	- php4 <removed> (low)
-	NOTE: no-dsa candidate, if a user has write access to a file he simply can use fopen()
+	- php4 <removed> (unimportant)
+	NOTE: if a user has write access to a file he simply can use fopen()
 CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...)
 	- wordpress 2.5.1-11 (low; bug #507193)
 	[etch] - wordpress <not-affected> (Vulnerable code not present)


