[Secure-testing-commits] r11974 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Mon May 25 21:44:16 UTC 2009 

Author: jmm-guest
Date: 2009-05-25 21:44:16 +0000 (Mon, 25 May 2009)
New Revision: 11974

Modified:
   data/CVE/list
Log:
- file issues from 5.03 don't affect etch or lenny
- CVE-2009-0040 doesn't affect Debian, we link dynamically
- checked status of two older openjdk issues, what a confusing
  mess. 


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-25 08:03:58 UTC (rev 11973)
+++ data/CVE/list	2009-05-25 21:44:16 UTC (rev 11974)
@@ -398,7 +398,8 @@
 	NOT-FOR-US: Yigit Aybuga Dizi Portali
 CVE-2009-XXXX [More file buffer overflows]
 	- file 5.03-1
-	TODO: Check, whether code was introduced in 5.x as well like the other issues
+	[etch] - file <not-affected> (CDF code not yet present in 4.x)
+	[lenny] - file <not-affected> (CDF code not yet present in 4.x)
 CVE-2009-1594 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x ...)
 	NOT-FOR-US: Armorlogic Profense Web Application Firewall
 CVE-2009-1593 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x ...)
@@ -6837,7 +6838,6 @@
 	NOTE: http://www.tdiary.org/20071215.html
 CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before ...)
 	{DSA-1750-1}
-	- pngcrush 1.6.15-1
 	- libpng 1.2.35-1 (bug #516256)
 CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
 	- geronimo <itp> (bug #481869)
@@ -7530,14 +7530,14 @@
 	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-12-1 (bug #508195)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	- openjdk-6 <unfixed> (bug #510972)
+	- openjdk-6 6b14-1.5~pre1-3 (bug #510972)
 CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-12-1 (bug #508195)
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-	- openjdk-6 <unfixed> (bug #510972)
+	- openjdk-6 6b14-1.5~pre1-3 (bug #510972)
 CVE-2008-5355 (The &quot;Java Update&quot; feature for Java Runtime Environment (JRE) for Sun ...)
 	- sun-java5 <not-affected> (Java update not used in Debian)
 	- sun-java6 <not-affected> (Java update not used in Debian)

More information about the Secure-testing-commits mailing list