[Secure-testing-commits] r13537 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sun Dec 13 02:57:13 UTC 2009


Author: gilbert-guest
Date: 2009-12-13 02:57:12 +0000 (Sun, 13 Dec 2009)
New Revision: 13537

Modified:
   data/CVE/list
Log:
chromium, webkit, and openjdk issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-13 01:52:08 UTC (rev 13536)
+++ data/CVE/list	2009-12-13 02:57:12 UTC (rev 13537)
@@ -797,7 +797,6 @@
 	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed> (low)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734
-	TODO: check
 CVE-2009-3963 (Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have ...)
 	NOT-FOR-US: XOOPS
 CVE-2009-3962 (The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, ...)
@@ -864,7 +863,7 @@
 CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management Module ...)
 	NOT-FOR-US: IBM BladeCenter
 CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function ...)
-	TODO: check
+	- chromium-browser <itp> (low; bug #520324)
 CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before 3.0.195.32, ...)
 	- webkit <not-affected> (chromium-specific issue in their timer)
 	- qt4-x11 <not-affected> (chromium-specific issue in their timer)
@@ -872,9 +871,11 @@
 	- kde4libs <not-affected> (chromium-specific issue in their timer)
 	- chromium-browser <itp> (low; bug #520324)
 CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
-	TODO: check
+	- chromium-browser <itp> (low; bug #520324)
+	- webkit <unfixed> (low; bug #560905)
+	TODO: check qt4-x11, kdelibs, kde4libs
 CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...)
-	TODO: check
+	- chromium-browser <itp> (low; bug #520324)
 CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow ...)
 	- file 5.03-1
 	[lenny] - file <not-affected>
@@ -983,82 +984,86 @@
 CVE-2009-3887
 	RESERVED
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...)
-	TODO: check
+	- openjdk-6 <not-affected> (a problem in code that is unused on non-windows platforms)
+	- sun-java6 <not-affected> (a problem in code that is unused on non-windows platforms)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=530114
 CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...)
-	TODO: check
+	- openjdk-6 <unfixed> (medium; bug #560908)
+	- sun-java6 6-17-1
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...)
 	NOT-FOR-US: Sun Java System Web Server
 CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	TODO: check
 CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...)
@@ -1424,11 +1429,11 @@
 CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
 	NOT-FOR-US: ReqWeb
 CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...)
@@ -1756,11 +1761,9 @@
 	- linux-2.6 <unfixed> (medium)
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-3619 (Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before ...)
-	- viewvc <unfixed>
-	TODO: check
+	- viewvc <unfixed> (low; bug #560903)
 CVE-2009-3618 (Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 ...)
-	- viewvc <unfixed>
-	TODO: check
+	- viewvc <unfixed> (low; bug #560903)
 CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function ...)
 	- aria2 1.6.2-1 (low)
 	[lenny] - aria2 <not-affected> (Vulnerable code not present)
@@ -4780,27 +4783,27 @@
 	- sun-java6 6-15-1
 	[etch] - sun-java6 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	TODO: check openjdk-6
+	- openjdk-6 <unfixed> (medium; bug #560908)
 CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 ...)
 	- sun-java6 6-15-1
 	[etch] - sun-java6 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	TODO: check openjdk-6
+	- openjdk-6 <unfixed> (medium; bug #560908)
 CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
 	- sun-java6 6-15-1
 	[etch] - sun-java6 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	TODO: check openjdk-6
+	- openjdk-6 <unfixed> (medium; bug #560908)
 CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
 	- sun-java6 6-15-1
 	[etch] - sun-java6 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	TODO: check openjdk-6
+	- openjdk-6 <unfixed> (medium; bug #560908)
 CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not ...)
 	- sun-java6 6-15-1
 	[etch] - sun-java6 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	TODO: check openjdk-6
+	- openjdk-6 <unfixed> (medium; bug #560908)
 CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: cPanel
 CVE-2008-6926 (Directory traversal vulnerability in ...)




More information about the Secure-testing-commits mailing list