[Secure-testing-commits] r22100 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Apr 30 11:00:16 UTC 2013 

Author: jmm
Date: 2013-04-30 11:00:15 +0000 (Tue, 30 Apr 2013)
New Revision: 22100

Modified:
   data/CVE/list
Log:
update status of several java issues
new autopostgresqlbackup issue (no CVE yet)
NFUs



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-04-30 10:05:14 UTC (rev 22099)
+++ data/CVE/list	2013-04-30 11:00:15 UTC (rev 22100)
@@ -1,5 +1,7 @@
 CVE-2013-XXXX [automysqlbackup code injection]
 	- automysqlbackup 2.6+debian.3-1 (bug #706099)
+CVE-2013-XXXX [autopostgresqlbackup code injection]
+	- autopostgresqlbackup 1.0-2 (bug #706095)
 CVE-2013-3300
 	RESERVED
 CVE-2013-3299
@@ -1146,10 +1148,12 @@
 	RESERVED
 CVE-2013-2758
 	RESERVED
+	NOT-FOR-US: CloudStack
 CVE-2013-2757
 	RESERVED
 CVE-2013-2756
 	RESERVED
+	NOT-FOR-US: CloudStack
 CVE-2013-2755
 	RESERVED
 CVE-2013-2754
@@ -1929,9 +1933,11 @@
 CVE-2013-2441 (Unspecified vulnerability in the Agile EDM component in Oracle Supply ...)
 	NOT-FOR-US: Oracle Supply Chain Products Suite
 CVE-2013-2440 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2013-2439 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Installation performed differently for Linux distros)
+	- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
 CVE-2013-2438 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
 	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
@@ -1941,13 +1947,15 @@
 	- openjdk-7 7u21-2.3.9-1
 	TODO: check
 CVE-2013-2435 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2013-2434 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	TODO: might affect icedtea
 CVE-2013-2433 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2013-2432 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	TODO: might affect icedtea
 CVE-2013-2431 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
@@ -1967,7 +1975,8 @@
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
 CVE-2013-2425 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Only applies to Java 7)
+	- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
 CVE-2013-2424 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
@@ -1987,12 +1996,14 @@
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
 CVE-2013-2418 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2013-2417 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
 CVE-2013-2416 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Only affects Java 7)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2013-2415 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-7 7u21-2.3.9-1
 	- openjdk-6 6b27-1.12.5-1
@@ -2039,7 +2050,7 @@
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
 	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
 CVE-2013-2394 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	TODO: might affect icedtea
 CVE-2013-2393 (Unspecified vulnerability in the Oracle Outside In Technology ...)
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2013-2392 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...)

More information about the Secure-testing-commits mailing list