[Secure-testing-commits] r14916 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Mon Jun 28 17:34:18 UTC 2010 

Author: jmm-guest
Date: 2010-06-28 17:34:16 +0000 (Mon, 28 Jun 2010)
New Revision: 14916

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- pgp4pine removed
- squirrelmail already tracked by separate ID
- remove spu entries for issues fixed in latest point release
- mono fix was uploaded to unstable
- another slim issue was fixed in 5.0.5 point update
- 5.0.5 point update also introduced fixed sun-java[56] packages
- ziproxy fixed
- feh fixed
- new issues in wget (dsa), lftp (dsa) and libwww-perl (no-dsa)
- bug filed for w3m/ssl validation
- convert older safari TODOs to undetermined entries
- bug filed for tomcat6 information disclosure


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-27 21:14:39 UTC (rev 14915)
+++ data/CVE/list	2010-06-28 17:34:16 UTC (rev 14916)
@@ -1,5 +1,5 @@
 CVE-2010-XXXX [feh --wget-timestamp issue]
-	- feh <unfixed> (low; bug #587205)
+	- feh 1.8-1 (low; bug #587205)
 	[lenny] - feh <no-dsa> (Minor issue)
 CVE-2010-2452 [kvirc dir. trav. issue]
 	RESERVED
@@ -203,7 +203,7 @@
 CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 ...)
 	NOT-FOR-US: Novell Netware
 CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows ...)
-	- ziproxy <unfixed> (bug #587039)
+	- ziproxy 3.1.1-1 (bug #587039)
 	[lenny] - ziproxy <not-affected> (Introduced in 3.1.0)
 CVE-2010-2349 (H264WebCam 3.7 allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: H264WebCam
@@ -469,15 +469,16 @@
 	NOT-FOR-US: joomla!
 CVE-2010-2253 [lftp, wget, libwww-perl unexpected download issue]
 	RESERVED
-	- libwww-perl <undetermined>
-	- lftp <undetermined>
-	- wget <undetermined>
-	NOTE: http://www.ocert.org/advisories/ocert-2010-001.html
-	TODO: check
+	- libwww-perl 5.835-1 (low)
+	[lenny] - libwww-perl <no-dsa> (Minor issue)
 CVE-2010-2252
 	RESERVED
+	- wget <unfixed>
 CVE-2010-2251
 	RESERVED
+	- lftp 4.0.6-1 (low)
+	[lenny] - lftp <no-dsa> (Minor issue)
+	NOTE: http://www.ocert.org/advisories/ocert-2010-001.html
 CVE-2010-2250
 	RESERVED
 CVE-2010-2249
@@ -907,9 +908,8 @@
 CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from ...)
 	- unrealircd <itp> (bug #515130)
 CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ...)
-	- w3m <unfixed> (low)
+	- w3m <unfixed> (low; bug filed)
 	[lenny] - w3m <no-dsa> (Minor issue)
-	TODO: File bug
 CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and ...)
 	- pyftpd 0.8.5 (low; bug #585776)
 	[lenny] - pyftpd 0.8.4.6+lenny1
@@ -1229,9 +1229,11 @@
 CVE-2010-1941 (Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and ...)
 	NOT-FOR-US: NEC WebSAM DeploymentManager
 CVE-2010-1940 (Apple Safari 4.0.5 on Windows sends the &quot;Authorization: Basic&quot; header ...)
-	TODO: check webkit, chromium, etc once sufficient details are revealed
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows ...)
-	TODO: check webkit, chromium, etc. once sufficient details are revealed
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in libopie ...)
 	- opie 2.32.dfsg.1-0.2 (low; bug #584932)
 	[lenny] - opie <no-dsa> (Minor issue)
@@ -1995,9 +1997,7 @@
 	- clamav 0.96.1+dfsg-1 (bug #584183)
 	[lenny] - clamav <end-of-life>
 CVE-2010-1638 (The IMP plugin in Horde allows remote attackers to bypass firewall ...)
-	- horde3 <undetermined>
-	- squirrelmail <undetermined>
-	TODO: check
+	- horde3 <unfixed> (unimportant)
 CVE-2010-1637 (The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...)
 	- squirrelmail <unfixed> (unimportant)
 CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs ...)
@@ -2568,7 +2568,6 @@
 	NOT-FOR-US: IBM BladeCenter Management Module
 CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a value ...)
 	- mono 2.6.3-2 (bug #585440)
-	NOTE: Fix currently only in experimental, but will be uploaded to unstable later
 CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip ...)
 	NOT-FOR-US: TweakFS
 CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not ...)
@@ -2865,7 +2864,7 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI ...)
 	- sun-java6 6.20-1 (high)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-2449 [gource: predictable log file located in /tmp]
 	RESERVED
 	- gource 0.26-2 (low; bug #577958)
@@ -3437,16 +3436,13 @@
 CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a ...)
 	- nano 2.2.4-1 (low; bug #577817)
 	[lenny] - nano 2.0.7-5
-	NOTE: http://www.openwall.com/lists/oss-security/2010/04/14/4
 CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed ...)
 	- nano 2.2.4-1 (low; bug #577817)
 	[lenny] - nano 2.0.7-5
-	NOTE: http://www.openwall.com/lists/oss-security/2010/04/14/4
 CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...)
 	- perl <not-affected> (re engine rewritten for 5.10 to address issues such as this; and proof-of-concept not effective)
 CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might ...)
-	- tomcat6 <unfixed> (unimportant)
-	TODO: File bug
+	- tomcat6 <unfixed> (bug filed; unimportant)
 	NOTE: Negligable information disclosure
 CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to ...)
 	- irssi 0.8.15-1 (low)
@@ -4300,11 +4296,11 @@
 CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.20-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0886 (Unspecified vulnerability in the Java Deployment Toolkit component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.20-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications ...)
 	NOT-FOR-US: Oracle Sun Product Suite
 CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...)
@@ -4378,59 +4374,59 @@
 CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0849 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0846 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0843 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0839 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0836
 	RESERVED
 CVE-2010-0835
@@ -7147,55 +7143,55 @@
 CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0087 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle Fusion ...)
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0083
 	RESERVED
 CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2010-0081
 	RESERVED
 CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile ...)
@@ -8764,7 +8760,7 @@
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
 	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...)
 	- openjdk-6 <not-affected> (a problem in code that is unused on non-windows platforms)
 	- sun-java6 <not-affected> (a problem in code that is unused on non-windows platforms)
@@ -8772,77 +8768,78 @@
 CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
+	[lenny] - sun-java6 6-20-0lenny1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...)
 	NOT-FOR-US: Sun Java System Web Server
 CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...)
 	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...)
 	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...)
 	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...)
 	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...)
 	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...)
 	- openjdk-6 6b17 (unimportant)
 	- sun-java6 6-17-1 (unimportant)
@@ -9250,11 +9247,11 @@
 CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)
 	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...)
 	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...)
 	{DSA-1952-1}
 	- asterisk 1:1.6.2.0~rc6-1
@@ -12714,47 +12711,47 @@
 CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	NOTE: unknown impact and attack vectors
 CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider class in ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	NOTE: unknown impact and attack vectors
 CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	NOTE: unknown impact and attack vectors
 CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	NOTE: unknown impact and attack vectors
 CVE-2009-2720 (Unspecified vulnerability in the ...)
 	- sun-java6 6-15-1
 	[etch] - sun-java6 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1 (medium; bug #560908)
 CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 ...)
 	- sun-java6 6-15-1
 	[etch] - sun-java6 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1 (medium; bug #560908)
 CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
 	- sun-java6 6-15-1
 	[etch] - sun-java6 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1 (medium; bug #560908)
 CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
 	- sun-java6 6-15-1
 	[etch] - sun-java6 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1 (medium; bug #560908)
 CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not ...)
 	- sun-java6 6-15-1
 	[etch] - sun-java6 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1 (medium; bug #560908)
 CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: cPanel
@@ -12940,12 +12937,13 @@
 	- linux-2.6.24 <removed>
 CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants ...)
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 CVE-2009-2689 (JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when ...)
 	- xemacs21 21.4.22-3 (low; bug #540470)
@@ -12974,51 +12972,51 @@
 CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not properly ...)
 	NOT-FOR-US: IBM AIX
@@ -13211,9 +13209,9 @@
 	{DSA-1984-1}
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 	- libxerces2-java 2.9.1-4.1 (bug #548358)
 CVE-2009-2624 (The huft_build function in inflate.c in gzip before 1.3.13 creates a ...)
@@ -13559,7 +13557,7 @@
 CVE-2009-XXXX [insecure tmp file vulnerability in slim]
 	- slim <removed> (unimportant; bug #537604)
 	NOTE: exploit scenario too constructed
-	TODO: request CVE id
+	[lenny] - slim 1.3.0-1+lenny2
 CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in ...)
 	- vlc <not-affected> (The vulnerability affects Windows builds only)
 CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote ...)
@@ -13571,14 +13569,14 @@
 	NOTE: browser crashes not treated as security issues
 CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java SE 6 ...)
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 CVE-2009-2474 (neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly ...)
 	- neon27 0.28.6-1 (low; bug #542926)
@@ -13842,7 +13840,7 @@
 	- openjdk-6 6b17~pre3-1 (low)
 	- gnutls13 <removed>
 	- sun-java6 6-17-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in ...)
 	{DSA-1845-1 DSA-1844-1}
 	- linux-2.6 2.6.30-5 (medium)
@@ -15093,7 +15091,7 @@
 CVE-2008-6825 (Directory traversal vulnerability in user/index.php in Fonality ...)
 	NOT-FOR-US: trixbox
 CVE-2009-XXXX [pgp4pine off-by-one]
-	- pgp4pine <unfixed> (bug #457947; medium)
+	- pgp4pine <removed> (bug #457947; medium)
 	[etch] - pgp4pine <no-dsa> (Contrib not supported)
 	[lenny] - pgp4pine <no-dsa> (Contrib not supported)
 	NOTE: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0122.html
@@ -18097,99 +18095,99 @@
 	- bouncycastle 1.38-1
 CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- sun-java5 1.5.0-18-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- sun-java5 1.5.0-18-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- sun-java5 1.5.0-18-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- sun-java5 1.5.0-18-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development ...)
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- sun-java5 1.5.0-18-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...)
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- sun-java5 1.5.0-18-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...)
 	{DSA-1769-1}
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- sun-java5 1.5.0-18-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) ...)
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-1099 (Integer signedness error in Java SE Development Kit (JDK) and Java ...)
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java Runtime ...)
 	{DSA-1769-1}
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Java ...)
 	{DSA-1769-1}
 	- sun-java6 6-13-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...)
 	{DSA-1769-1}
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- sun-java5 1.5.0-18-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and ...)
 	{DSA-1769-1}
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- sun-java5 1.5.0-18-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE ...)
 	{DSA-1769-1}
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- sun-java5 1.5.0-18-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java ...)
 	{DSA-1769-1}
 	- sun-java6 6-13-1 (bug #521414)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <undetermined> (bug #566769)
 CVE-2009-1962 (Xfig, possibly 3.2.5, allows local users to read and write arbitrary ...)
 	- xfig 1:3.2.5.a-1
@@ -21685,7 +21683,7 @@
 	NOTE: http://anonsvn.mono-project.com/viewvc?view=rev&revision=137891
 	NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix)
 	- sun-java6 6-15-1
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
 	- openoffice.org 1:3.1.1-16
 CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication ...)
@@ -23538,37 +23536,37 @@
 CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
 	- sun-java5 1.5.0-17-0.1 (low; bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (low; bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b11-9.1 (bug #510972)
 CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b11-9.1 (bug #510972)
 CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b11-9.1 (bug #510972)
 CVE-2008-5357 (Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <not-affected> (uses system's freetype library)
 CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <not-affected> (uses system's freetype library)
 CVE-2008-5355 (The &quot;Java Update&quot; feature for Java Runtime Environment (JRE) for Sun ...)
 	- sun-java5 <not-affected> (Java update not used in Debian)
@@ -23577,112 +23575,112 @@
 CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b11-9.1 (bug #510972)
 CVE-2008-5353 (The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b11-9.1 (bug #510972)
 CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b11-9.1 (bug #510972)
 CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b11-9.1 (bug #510972)
 CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b11-9.1 (bug #510972)
 CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b11-9.1 (bug #510972)
 CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b11-9.1 (bug #510972)
 CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 6b11-9.1 (bug #510972)
 CVE-2008-5346 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with Sun ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <not-affected> (bug in plugin code)
 	NOTE: For OpenJDK, see: <http://mail.openjdk.java.net/pipermail/core-libs-dev/2009-June/001784.html>
 CVE-2008-5344 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <not-affected> (browser plugin is different code base)
 CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <not-affected> (browser plugin is different code base)
 CVE-2008-5342 (Unspecified vulnerability in the BasicService for Java Web Start (JWS) ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <not-affected> (browser plugin is different code base)
 CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <not-affected> (browser plugin is different code base)
 CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <not-affected> (browser plugin is different code base)
 CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
 	- sun-java5 1.5.0-17-0.1 (bug #508194)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 1.5.0-22-0lenny1
 	- sun-java6 6-12-1 (bug #508195)
-	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java6 6-20-0lenny1
 	- openjdk-6 <not-affected> (browser plugin is different code base)
 CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite ...)
 	NOT-FOR-US: Bandwebsite

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-06-27 21:14:39 UTC (rev 14915)
+++ data/spu-candidates.txt	2010-06-28 17:34:16 UTC (rev 14916)
@@ -61,11 +61,6 @@
 
 --
 
-cpio (CVE-2010-0624)
-notified maintainer
-
---
-
 couchdb (CVE-2010-0009)
 #576304
 notified maintainer
@@ -331,12 +326,6 @@
 
 --
 
-pyftpd (CVE-2010-2072, CVE-2010-2073)
-bug #585776, #585773
-notified maintainer
-
---
-
 squid (CVE-2009-0801)
 #521053
 notified maintainer
@@ -440,12 +429,6 @@
 
 --
 
-slim (CVE-2009-1756)
-bug #529306
-Maintainer notified through followup in #529306
-
---
-
 squid (CVE-2010-0639)
 #572553
 Maintainer notified through initial bugreport
@@ -469,11 +452,6 @@
 
 --
 
-texlive-bin (CVE-2010-0739, CVE-2010-0827)
-notified maintainer
-
---
-
 trac (CVE-2009-4405)
 notified maintainer
 
@@ -491,6 +469,7 @@
 --
 
 w3m (CVE-2010-2074)
+maintainer notified through bug report
 
 --

More information about the Secure-testing-commits mailing list