[Secure-testing-commits] r16174 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Feb 16 18:38:44 UTC 2011 

Author: jmm
Date: 2011-02-16 18:38:41 +0000 (Wed, 16 Feb 2011)
New Revision: 16174

Modified:
   data/CVE/list
Log:
- new java issues, marking openjdk as unfixed, some of the issues
  might not affect openjdk, though
- pam upload fixes one issue and introduces two new
- new kernel issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-02-16 18:19:48 UTC (rev 16173)
+++ data/CVE/list	2011-02-16 18:38:41 UTC (rev 16174)
@@ -802,10 +802,13 @@
 	RESERVED
 CVE-2011-0711
 	RESERVED
+	- linux-2.6 <unfixed> (low)
 CVE-2011-0710
 	RESERVED
+	- linux-2.6 <unfixed> (low)
 CVE-2011-0709
 	RESERVED
+	- linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in 2.6.35-rc5)
 CVE-2011-0708
 	RESERVED
 CVE-2011-0707 [unspecified XSS vulnerability]
@@ -3065,38 +3068,64 @@
 	RESERVED
 	{DSA-2161-2 DSA-2161-1}
 	- openjdk-6 <unfixed> (bug #612660)
-	- sun-java6 <unfixed>
+	- sun-java6 6.24-1
 	NOTE: Patch http://mail.openjdk.java.net/pipermail/core-libs-dev/2011-February/005795.html
 	NOTE: Oracle http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
 	NOTE: Original report http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
 CVE-2010-4475
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4474
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4473
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4472
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4471
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4470
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4469
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4468
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4467
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4466
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4465
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4464 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote ...)
 	NOT-FOR-US: Oracle Convergence
 CVE-2010-4463
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4462
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4461 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
 	NOT-FOR-US: PeopleSoft
 CVE-2010-4460 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
@@ -3113,20 +3142,32 @@
 	NOT-FOR-US: Oracle Fusion
 CVE-2010-4454
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4453 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	NOT-FOR-US: Oracle WebLogic
 CVE-2010-4452
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4451
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4450
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4449 (Unspecified vulnerability in the Audit Vault component in Oracle Audit ...)
 	NOT-FOR-US: Oracle Audit
 CVE-2010-4448
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4447
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4446 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
 	NOT-FOR-US: Solaris
 CVE-2010-4445 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
@@ -3177,6 +3218,8 @@
 	NOT-FOR-US: Oracle Database
 CVE-2010-4422
 	RESERVED
+	- sun-java6 6.24-1
+	- openjdk-6 <unfixed>
 CVE-2010-4421 (Unspecified vulnerability in the Database Vault component in Oracle ...)
 	NOT-FOR-US: Oracle Database
 CVE-2010-4420 (Unspecified vulnerability in the Database Vault component in Oracle ...)
@@ -5814,6 +5857,7 @@
 	- pam <unfixed> (low; bug #599832)
 	[squeeze] - pam <no-dsa> (Minor issue)
 	[lenny] - pam <no-dsa> (Minor issue)
+	NOTE: Fix from 1.1.2 is not fully complete
 CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in ...)
 	- clamav 0.96.3+dfsg-1
 	[lenny] - clamav <end-of-life>
@@ -5828,10 +5872,12 @@
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-24
 CVE-2010-3431 (The privilege-dropping implementation in the (1) pam_env and (2) ...)
-	- pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832)
+	- pam <unfixed> (bug #599832)
 	NOTE: 20100924164823.GA21584 at openwall.com
 CVE-2010-3430 (The privilege-dropping implementation in the (1) pam_env and (2) ...)
-	- pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832)
+	- pam <unfixed> (bug #599832)
+	[squeeze] - pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832)
+	[lenny] - pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832)
 	NOTE: 20100924164823.GA21584 at openwall.com
 CVE-2010-3429 (flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in ...)
 	- ffmpeg 4:0.5.2-6 (bug #598590)
@@ -6120,7 +6166,7 @@
 CVE-2010-3317 (Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) ...)
 	NOT-FOR-US: IBM Records Manager
 CVE-2010-3316 (The run_coprocess function in pam_xauth.c in the pam_xauth module in ...)
-	- pam <unfixed> (unimportant; bug #599832)
+	- pam 1.1.2-1 (unimportant; bug #599832)
 	NOTE: partial fix http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6
 	NOTE: Not exploitable with current kernels
 CVE-2010-3315 (authz.c in the mod_dav_svn module for the Apache HTTP Server, as ...)

More information about the Secure-testing-commits mailing list