[Secure-testing-commits] r12069 - data/CVE

Florian Weimer fw at alioth.debian.org
Mon Jun 8 12:52:10 UTC 2009 

Author: fw
Date: 2009-06-08 12:52:10 +0000 (Mon, 08 Jun 2009)
New Revision: 12069

Modified:
   data/CVE/list
Log:
CVE-2008-5346: JDK 6 not affected
CVE-2008-5317: newer lcms included in recent IcedTea versions, so fixed
several CVEs: openjdk-6 uses the Netx plugin, which is different from Sun's

We still might have some of the bugs, but they would be independent
coding errors and would receive distinct CVEs.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-08 09:14:13 UTC (rev 12068)
+++ data/CVE/list	2009-06-08 12:52:10 UTC (rev 12069)
@@ -8025,9 +8025,6 @@
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
-	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with Sun ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -8041,7 +8038,7 @@
 	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-12-1 (bug #508195)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	- openjdk-6 <unfixed> (bug #510972)
+	- openjdk-6 <not-affected> (browser plugin is different code base)
 CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -8055,28 +8052,28 @@
 	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-12-1 (bug #508195)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	- openjdk-6 <unfixed> (bug #510972)
+	- openjdk-6 <not-affected> (browser plugin is different code base)
 CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-12-1 (bug #508195)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	- openjdk-6 <unfixed> (bug #510972)
+	- openjdk-6 <not-affected> (browser plugin is different code base)
 CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-12-1 (bug #508195)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	- openjdk-6 <unfixed> (bug #510972)
+	- openjdk-6 <not-affected> (browser plugin is different code base)
 CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-12-1 (bug #508195)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	- openjdk-6 <unfixed> (bug #510972)
+	- openjdk-6 <not-affected> (browser plugin is different code base)
 CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite ...)
 	NOT-FOR-US: Bandwebsite
 CVE-2008-5337 (SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite ...)
@@ -8128,7 +8125,7 @@
 CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in ...)
 	{DSA-1684-1}
 	- lcms 1.17-1
-	- openjdk-6 <unfixed>
+	- openjdk-6 6b16-1
 CVE-2008-5316 (Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in ...)
 	{DSA-1684-1}
 	- lcms 1.16-1
@@ -15908,7 +15905,7 @@
 CVE-2008-2087 (SQL injection vulnerability in search_result.php in Softbiz Web Host ...)
 	NOT-FOR-US: Softbiz Web Host Directory Script
 CVE-2008-2086 (Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and ...)
-	- openjdk-6 <unfixed>
+	- openjdk-6 <not-affected> (browser plugin is different code base)
 	- sun-java5 <unfixed>
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java5 <no-dsa> (Non-free not supported)

More information about the Secure-testing-commits mailing list