[Secure-testing-commits] r13383 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Nov 26 09:54:38 UTC 2009 

Author: jmm-guest
Date: 2009-11-26 09:54:38 +0000 (Thu, 26 Nov 2009)
New Revision: 13383

Modified:
   data/CVE/list
Log:
New round of java issues. This is all a fucking mess.
- some might not affect openjdk, but I don't know how
  to determine that
- some might also affect sun-java5


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-26 09:14:26 UTC (rev 13382)
+++ data/CVE/list	2009-11-26 09:54:38 UTC (rev 13383)
@@ -445,47 +445,81 @@
 CVE-2009-3887
 	RESERVED
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...)
 	TODO: check
 CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...)
 	TODO: check
 CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...)
 	TODO: check
 CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
 	TODO: check
 CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...)
 	TODO: check
 CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise ...)
@@ -789,9 +823,13 @@
 CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
 	NOT-FOR-US: ReqWeb
 CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...)
-	TODO: check
+	- openjdk <unfixed>
+	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...)
 	- asterisk 1:1.6.2.0~rc6-1
 	[lenny] - asterisk <no-dsa> (Minor issue)
@@ -5195,6 +5233,7 @@
 	- openssl 0.9.8k-4 (low; bug #539899)
 	- gnutls26 2.4.2-5 (low; bug #539901)
 	- gnutls13 <removed>
+	- sun-java6 <unfixed>
 CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in ...)
 	{DSA-1845-1 DSA-1844-1}
 	- linux-2.6 2.6.30-5 (medium)

More information about the Secure-testing-commits mailing list