[Secure-testing-commits] r19654 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2012-07-04 12:31:32 +0000 (Wed, 04 Jul 2012)
New Revision: 19654

Modified:
   data/CVE/list
Log:
triage ffmpeg issues for stable and mark several as N/A
one openjdk issue is Solaris-specific


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-04 04:48:58 UTC (rev 19653)
+++ data/CVE/list	2012-07-04 12:31:32 UTC (rev 19654)
@@ -4875,8 +4875,8 @@
 	- openjdk-6 <not-affected> (specific to Oracle Java)
 	- openjdk-7 <not-affected> (specific to Oracle Java)
 CVE-2012-1720 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	- openjdk-6 <unfixed> (bug #677487)
-	- openjdk-7 <unfixed>
+	- openjdk-6 <not-affected> (Only affects Java on Solaris)
+	- openjdk-7 <not-affected> (Only affects Java on Solaris)
 CVE-2012-1719 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-6 6b24-1.11.3-1 (bug #677487)
 	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
@@ -7003,7 +7003,7 @@
 CVE-2012-0848
 	RESERVED
 	- libav 4:0.8.1-1
-	- ffmpeg <removed>
+	- ffmpeg <not-affected> (Code in 0.5 not affected by upstream)
 CVE-2012-0847
 	RESERVED
 CVE-2012-0846
@@ -12154,6 +12154,7 @@
 	RESERVED
 CVE-2011-4031 (Integer underflow in the asfrtp_parse_packet function in ...)
 	- libav 0.8-1 (bug #675767)
+	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and ...)
 	- plone3 <not-affected> (Only affects Plone 4.x)
 CVE-2011-4029
@@ -12608,7 +12609,7 @@
 CVE-2011-3945
 	RESERVED
 	- libav 4:0.8.1-1
-	- ffmpeg <removed>
+	- ffmpeg <not-affected> (Vulnerable code not present)
 CVE-2011-3944
 	RESERVED
 CVE-2011-3943
@@ -12629,7 +12630,7 @@
 CVE-2011-3937
 	RESERVED
 	- libav 4:0.8.3-1
-	- ffmpeg <removed>
+	- ffmpeg <not-affected> (Vulnerable code not present, introduced in 0.7)
 CVE-2011-3936
 	RESERVED
 	{DSA-2471-1}