[Secure-testing-commits] r24647 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Dec 9 15:26:25 UTC 2013
Author: carnil
Date: 2013-12-09 15:26:25 +0000 (Mon, 09 Dec 2013)
New Revision: 24647
Modified:
data/CVE/list
Log:
Add fixed versions for openjdk-7 CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-12-09 14:22:47 UTC (rev 24646)
+++ data/CVE/list 2013-12-09 15:26:25 UTC (rev 24647)
@@ -3422,13 +3422,13 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5851 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
- openjdk-6 <not-affected> (Only affects Java 7)
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5850 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5849 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5848 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -3448,12 +3448,12 @@
NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-5842 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5841 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5840 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5839 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
NOT-FOR-US: Solaris
CVE-2013-5838 (Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java ...)
@@ -3478,10 +3478,10 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5830 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5829 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5828 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-5827 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
@@ -3490,13 +3490,13 @@
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5825 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5824 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5823 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a7758faab30d
CVE-2013-5822 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
NOT-FOR-US: Oracle iLearning
@@ -3504,7 +3504,7 @@
RESERVED
CVE-2013-5820 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5819 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -3513,14 +3513,14 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5817 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5816 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5815 (Unspecified vulnerability in the Oracle Identity Analytics component ...)
NOT-FOR-US: Oracle Fusion Middleware Oracle Identity Analytics
CVE-2013-5814 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5813 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5812 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
@@ -3533,7 +3533,7 @@
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5809 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5808
RESERVED
CVE-2013-5807 (Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 ...)
@@ -3542,35 +3542,37 @@
NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5806 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
- openjdk-6 <not-affected> (Specific to MacOS X)
- - openjdk-7 <not-affected> (Specific to MacOS X)
+ - openjdk-7 7u45-2.4.3-1
+ NOTE: openjdk-7 package mentioned this CVE, specifc to Mac OS X?
CVE-2013-5805 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
- openjdk-6 <not-affected> (Specific to MacOS X)
- - openjdk-7 <not-affected> (Specific to MacOS X)
+ - openjdk-7 7u45-2.4.3-1
+ NOTE: openjdk-7 package mentioned this CVE, specific to MacOS X?
CVE-2013-5804 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1 (unimportant)
- - openjdk-7 <unfixed> (unimportant)
+ - openjdk-7 7u45-2.4.3-1 (unimportant)
NOTE: Javadoc comments can contain arbitrary HTML
CVE-2013-5803 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/0b84d3b434c2
CVE-2013-5802 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5801 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-5800 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
- openjdk-6 <not-affected> (Only affects Java 7)
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5799 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5798 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5797 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5796 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5795
@@ -3587,7 +3589,7 @@
NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5790 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5789 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -3605,24 +3607,24 @@
RESERVED
CVE-2013-5784 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5783 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/2790e9ace697
CVE-2013-5782 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5781 (Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running ...)
NOT-FOR-US: Oracle PARC Enterprise
CVE-2013-5780 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5779 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5778 (Unspecified vulnerability in Oracle Java SE Java SE 7u40 and earlier, ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5777 (Unspecified vulnerability in the Java SE and JavaFX components in ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
@@ -3634,12 +3636,12 @@
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5774 (Unspecified vulnerability in the Java SE, Java SE Embedded component ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5773 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5772 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-5771 (Unspecified vulnerability in the XML Parser component in Oracle ...)
NOT-FOR-US: Oracle Database Server
CVE-2013-5770 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
@@ -8269,7 +8271,7 @@
NOT-FOR-US: IBM TRIRIGA
CVE-2013-4002 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-4001
RESERVED
CVE-2013-4000
@@ -8618,7 +8620,7 @@
RESERVED
CVE-2013-3829 (Unspecified vulnerability in the Java SE, Java SE Embedded component ...)
- openjdk-6 6b27-1.12.7-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u45-2.4.3-1
CVE-2013-3828 (Unspecified vulnerability in the Oracle Web Services component in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3827 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
More information about the Secure-testing-commits
mailing list