[Secure-testing-commits] r18557 - data/CVE
Florian Weimer
fw at alioth.debian.org
Tue Feb 28 19:27:34 UTC 2012
Author: fw
Date: 2012-02-28 19:27:34 +0000 (Tue, 28 Feb 2012)
New Revision: 18557
Modified:
data/CVE/list
Log:
Update several entries related to OpenJDK
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-02-28 19:09:46 UTC (rev 18556)
+++ data/CVE/list 2012-02-28 19:27:34 UTC (rev 18557)
@@ -1774,11 +1774,11 @@
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0507
RESERVED
- - openjdk-6 <unfixed>
- - openjdk-7 <unfixed>
+ - openjdk-6 6b24-1.11.1-1
+ - openjdk-7 7~u3-2.1-1
- sun-java6 <removed>
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
- TODO: check
+ NOTE: Replacement for misused CVE-2011-3571.
CVE-2012-0506 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-6 6b24-1.11.1-1
- openjdk-7 7~u3-2.1-1
@@ -1807,20 +1807,17 @@
- sun-java6 <removed>
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0500 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- - openjdk-6 <unfixed>
- - openjdk-7 <unfixed>
- sun-java6 <removed>
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
+ NOTE: OpenJDK browser plugin is a different code base.
CVE-2012-0499 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- - openjdk-6 <unfixed>
- - openjdk-7 <unfixed>
- sun-java6 <removed>
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
+ NOTE: According to the Red Hat bug tracker, this vulnerability does not affect Iced Tea/OpenJDK.
CVE-2012-0498 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- - openjdk-6 <unfixed>
- - openjdk-7 <unfixed>
- sun-java6 <removed>
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
+ NOTE: According to the Red Hat bug tracker, this vulnerability does not affect Iced Tea/OpenJDK.
CVE-2012-0497 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-6 6b24-1.11.1-1
- openjdk-7 7~u3-2.1-1
@@ -7397,11 +7394,7 @@
CVE-2011-3572
RESERVED
CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) ...)
- - openjdk-6 6b24-1.11.1-1
- - openjdk-7 7~u3-2.1-1
- - sun-java6 <removed>
- [squeeze] - sun-java6 <no-dsa> (Non-free not supported)
- NOTE: CVE description is wrong
+ NOTE: CVE was misused by Oracle. Replaced by CVE-2012-0507.
CVE-2011-3570 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...)
NOT-FOR-US: Oracle Communications Unified
CVE-2011-3569 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
More information about the Secure-testing-commits
mailing list