[Secure-testing-commits] r18453 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2012-02-16 09:21:55 +0000 (Thu, 16 Feb 2012)
New Revision: 18453

Modified:
   data/CVE/list
Log:
new Java issues, three of them w/o details :-/


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-02-16 08:21:48 UTC (rev 18452)
+++ data/CVE/list	2012-02-16 09:21:55 UTC (rev 18453)
@@ -1487,28 +1487,58 @@
 	RESERVED
 CVE-2012-0508
 	RESERVED
+	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
+	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
+	- sun-java6 <removed>
 CVE-2012-0507
 	RESERVED
 CVE-2012-0506
 	RESERVED
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
+	- sun-java6 <removed>
 CVE-2012-0505
 	RESERVED
 CVE-2012-0504
 	RESERVED
+	- openjdk-6 <not-affected> (Only applies to the Windows-specific update tool)
+	- openjdk-7 <not-affected> (Only applies to the Windows-specific update tool)
+	- sun-java6 <not-affected> (Only applies to the Windows-specific update tool)
 CVE-2012-0503
 	RESERVED
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
+	- sun-java6 <removed>
 CVE-2012-0502
 	RESERVED
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
+	- sun-java6 <removed>
 CVE-2012-0501
 	RESERVED
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
+	- sun-java6 <removed>
 CVE-2012-0500
 	RESERVED
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
+	- sun-java6 <removed>
 CVE-2012-0499
 	RESERVED
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
+	- sun-java6 <removed>
 CVE-2012-0498
 	RESERVED
-CVE-2012-0497
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
+	- sun-java6 <removed>
+CVE-2012-0497 [OpenJDK: insufficient checking of the graphics rendering object]
 	RESERVED
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
+	- sun-java6 <removed>
 CVE-2012-0496 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
 	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
 CVE-2012-0495 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
@@ -2144,6 +2174,9 @@
 CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)
 	- ruby-rack <unfixed> (bug #653962)
 CVE-2011-5035 (Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications ...)
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
+	- sun-java6 <removed>
 	- glassfish <unfixed> (bug #653964)
 CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form ...)
 	TODO: check
@@ -3143,7 +3176,7 @@
 	- mysql-5.1 <unfixed> (bug #659687) 
 CVE-2012-0111 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
 	- virtualbox 4.1.8-dfsg-1 (bug #659950)
-	[squeeze] - virtualbox <not-affected>
+	[squeeze] - virtualbox <not-affected> (Vulnerable code not present, see #659950)
 CVE-2012-0110 (Unspecified vulnerability in the Oracle Outside In Technology ...)
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2012-0109 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
@@ -3156,7 +3189,7 @@
 	RESERVED
 CVE-2012-0105 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
 	- virtualbox-guest-additions-iso 4.1.8-1 (bug #659951)
-	[squeeze] - virtualbox-guest-additions-iso <not-affected>
+	[squeeze] - virtualbox-guest-additions-iso <not-affected> (Vulnerable code not present, see #659950)
 CVE-2012-0104 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 ...)
 	TODO: check
 CVE-2012-0103 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
@@ -7054,7 +7087,10 @@
 CVE-2011-3572
 	RESERVED
 CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) ...)
-	TODO: check
+	- openjdk-6 <unfixed>
+	- openjdk-7 <unfixed>
+	- sun-java6 <removed>
+	NOTE: CVE description is wrong
 CVE-2011-3570 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...)
 	NOT-FOR-US: Oracle Communications Unified
 CVE-2011-3569 (Unspecified vulnerability in the Oracle Web Services Manager component ...)