[Secure-testing-commits] r13537 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Dec 13 02:57:13 UTC 2009
Author: gilbert-guest
Date: 2009-12-13 02:57:12 +0000 (Sun, 13 Dec 2009)
New Revision: 13537
Modified:
data/CVE/list
Log:
chromium, webkit, and openjdk issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-13 01:52:08 UTC (rev 13536)
+++ data/CVE/list 2009-12-13 02:57:12 UTC (rev 13537)
@@ -797,7 +797,6 @@
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734
- TODO: check
CVE-2009-3963 (Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have ...)
NOT-FOR-US: XOOPS
CVE-2009-3962 (The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, ...)
@@ -864,7 +863,7 @@
CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management Module ...)
NOT-FOR-US: IBM BladeCenter
CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function ...)
- TODO: check
+ - chromium-browser <itp> (low; bug #520324)
CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before 3.0.195.32, ...)
- webkit <not-affected> (chromium-specific issue in their timer)
- qt4-x11 <not-affected> (chromium-specific issue in their timer)
@@ -872,9 +871,11 @@
- kde4libs <not-affected> (chromium-specific issue in their timer)
- chromium-browser <itp> (low; bug #520324)
CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
- TODO: check
+ - chromium-browser <itp> (low; bug #520324)
+ - webkit <unfixed> (low; bug #560905)
+ TODO: check qt4-x11, kdelibs, kde4libs
CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...)
- TODO: check
+ - chromium-browser <itp> (low; bug #520324)
CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow ...)
- file 5.03-1
[lenny] - file <not-affected>
@@ -983,82 +984,86 @@
CVE-2009-3887
RESERVED
CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...)
- TODO: check
+ - openjdk-6 <not-affected> (a problem in code that is unused on non-windows platforms)
+ - sun-java6 <not-affected> (a problem in code that is unused on non-windows platforms)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=530114
CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...)
- TODO: check
+ - openjdk-6 <unfixed> (medium; bug #560908)
+ - sun-java6 6-17-1
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...)
NOT-FOR-US: Sun Java System Web Server
CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 <unfixed>
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
TODO: check
CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...)
@@ -1424,11 +1429,11 @@
CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
NOT-FOR-US: ReqWeb
CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...)
- - openjdk-6 <unfixed>
+ - openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...)
@@ -1756,11 +1761,9 @@
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-3619 (Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before ...)
- - viewvc <unfixed>
- TODO: check
+ - viewvc <unfixed> (low; bug #560903)
CVE-2009-3618 (Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 ...)
- - viewvc <unfixed>
- TODO: check
+ - viewvc <unfixed> (low; bug #560903)
CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function ...)
- aria2 1.6.2-1 (low)
[lenny] - aria2 <not-affected> (Vulnerable code not present)
@@ -4780,27 +4783,27 @@
- sun-java6 6-15-1
[etch] - sun-java6 <no-dsa> (Non-free not supported)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- TODO: check openjdk-6
+ - openjdk-6 <unfixed> (medium; bug #560908)
CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 ...)
- sun-java6 6-15-1
[etch] - sun-java6 <no-dsa> (Non-free not supported)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- TODO: check openjdk-6
+ - openjdk-6 <unfixed> (medium; bug #560908)
CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
- sun-java6 6-15-1
[etch] - sun-java6 <no-dsa> (Non-free not supported)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- TODO: check openjdk-6
+ - openjdk-6 <unfixed> (medium; bug #560908)
CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
- sun-java6 6-15-1
[etch] - sun-java6 <no-dsa> (Non-free not supported)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- TODO: check openjdk-6
+ - openjdk-6 <unfixed> (medium; bug #560908)
CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not ...)
- sun-java6 6-15-1
[etch] - sun-java6 <no-dsa> (Non-free not supported)
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
- TODO: check openjdk-6
+ - openjdk-6 <unfixed> (medium; bug #560908)
CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: cPanel
CVE-2008-6926 (Directory traversal vulnerability in ...)
More information about the Secure-testing-commits
mailing list