[Secure-testing-commits] r18487 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Feb 20 08:08:36 UTC 2012 

Author: jmm
Date: 2012-02-20 08:08:36 +0000 (Mon, 20 Feb 2012)
New Revision: 18487

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
openjd[6|7] fixed
new eglibc issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-02-20 07:02:50 UTC (rev 18486)
+++ data/CVE/list	2012-02-20 08:08:36 UTC (rev 18487)
@@ -698,8 +698,10 @@
 	RESERVED
 CVE-2012-0865
 	RESERVED
-CVE-2012-0864
+CVE-2012-0864 [FORTIFY_SOURCE format string protection bypass]
 	RESERVED
+	- eglibc <unfixed> (low; bug #660611)
+	[squeeze] - eglibc <no-dsa> (Hardening bypass, can be fixed in next point update)
 CVE-2012-0863 [mumble info disclosure]
 	RESERVED
 	{DSA-2411-1}
@@ -1506,29 +1508,30 @@
 CVE-2012-0507
 	RESERVED
 CVE-2012-0506 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-6 6b24-1.11.1-1
+	- openjdk-7 7~u3-2.1-1
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2012-0505 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 6b24-1.11.1-1
+	- openjdk-7 7~u3-2.1-1
 CVE-2012-0504 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-6 <not-affected> (Only applies to the Windows-specific update tool)
 	- openjdk-7 <not-affected> (Only applies to the Windows-specific update tool)
 	- sun-java6 <not-affected> (Only applies to the Windows-specific update tool)
 CVE-2012-0503 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-6 6b24-1.11.1-1
+	- openjdk-7 7~u3-2.1-1
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2012-0502 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-6 6b24-1.11.1-1
+	- openjdk-7 7~u3-2.1-1
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2012-0501 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-6 6b24-1.11.1-1
+	- openjdk-7 7~u3-2.1-1
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2012-0500 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
@@ -1547,8 +1550,8 @@
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2012-0497 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-6 6b24-1.11.1-1
+	- openjdk-7 7~u3-2.1-1
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2012-0496 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
@@ -2186,8 +2189,8 @@
 CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)
 	- ruby-rack <unfixed> (bug #653962)
 CVE-2011-5035 (Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications ...)
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-6 6b24-1.11.1-1
+	- openjdk-7 7~u3-2.1-1
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
 	- glassfish <unfixed> (bug #653964)
@@ -7100,8 +7103,8 @@
 CVE-2011-3572
 	RESERVED
 CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) ...)
-	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-6 6b24-1.11.1-1
+	- openjdk-7 7~u3-2.1-1
 	- sun-java6 <removed>
 	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
 	NOTE: CVE description is wrong
@@ -7120,7 +7123,8 @@
 CVE-2011-3564 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 ...)
 	TODO: check
 CVE-2011-3563 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 6b24-1.11.1-1
+	- openjdk-7 7~u3-2.1-1
 CVE-2011-3562
 	RESERVED
 CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment component in ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-02-20 07:02:50 UTC (rev 18486)
+++ data/spu-candidates.txt	2012-02-20 08:08:36 UTC (rev 18487)
@@ -36,6 +36,10 @@
 
 --
 
+eglibc (CVE-2012-0864)
+
+--
+
 fabric (CVE-2011-2185)
 #629003

More information about the Secure-testing-commits mailing list