[Secure-testing-commits] r13530 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sat Dec 12 20:50:54 UTC 2009
Author: gilbert-guest
Date: 2009-12-12 20:50:54 +0000 (Sat, 12 Dec 2009)
New Revision: 13530
Modified:
data/CVE/list
Log:
fix some package naming errors
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-12 20:50:43 UTC (rev 13529)
+++ data/CVE/list 2009-12-12 20:50:54 UTC (rev 13530)
@@ -948,82 +948,82 @@
CVE-2009-3887
RESERVED
CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...)
TODO: check
CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...)
TODO: check
CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...)
NOT-FOR-US: Sun Java System Web Server
CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
TODO: check
CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...)
@@ -1382,11 +1382,11 @@
CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
NOT-FOR-US: ReqWeb
CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...)
- - openjdk <unfixed>
+ - openjdk-6 <unfixed>
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...)
@@ -13940,7 +13940,7 @@
CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before ...)
NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0052 (The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access ...)
- NOT-FOR-US: Atheros wireless driver
+ NOT-FOR-US: Netgear WNDAP330 Access Point
CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value from ...)
NOT-FOR-US: ZXID
CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value from ...)
@@ -19911,14 +19911,14 @@
CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...)
- jasper 1.900.1-5.1 (medium; bug #501021)
- ghostscript <unfixed> (medium; bug #559778)
- - netpbm <not-affected> (dynamically links to ghostscript if available)
+ - netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in ...)
- jasper 1.900.1-5.1 (unimportant; bug #501021)
NOTE: file is opened with O_EXCL even if tmpnam is used in this case
CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...)
- jasper 1.900.1-5.1 (medium; bug #501021)
- ghostscript <unfixed> (medium; bug #559778)
- - netpbm <not-affected> (dynamically links to ghostscript if available)
+ - netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...)
- jbossas4 <not-affected> (configuration not yet included in Debian package)
CVE-2008-3518
@@ -27027,9 +27027,8 @@
NOTE: The blog has to provide user accounts
NOTE: A crafted XML-RPC request referring to a valid user can exploit this
NOTE: This is specific to wordpress' implementation of xmlrpc.php, which is
- NOTE: not included in any other packages (except libwordpress-xmlrpc-perl).
- - libwordpress-xmlrpc-perl <unfixed>
- TODO: according to maintainer, this package is soon to be removed, remark when that happens
+ NOTE: not included in any other packages.
+ - libwordpress-xmlrpc-perl <removed>
CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in ...)
{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
- tk8.5 8.5.0-3
More information about the Secure-testing-commits
mailing list