[Secure-testing-commits] r21150 - data/CVE

Tue Feb 5 15:44:26 UTC 2013

Author: jmm
Date: 2013-02-05 15:44:25 +0000 (Tue, 05 Feb 2013)
New Revision: 21150

Modified:
   data/CVE/list
Log:
java updates for openjdk-7
red hat NFUs
latd no-dsa


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-02-05 07:25:40 UTC (rev 21149)
+++ data/CVE/list	2013-02-05 15:44:25 UTC (rev 21150)
@@ -207,7 +207,8 @@
 CVE-2013-1490 (Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE ...)
 	TODO: check
 CVE-2013-1489 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Only affects Java7)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2013-1488
 	RESERVED
 CVE-2013-1487
@@ -2855,9 +2856,12 @@
 	- openjdk-6 6b27-1.12-1
 	- openjdk-7 <unfixed>
 CVE-2013-0449 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Only affects Java 7)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2013-0448 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Only affects Java7)
+	- openjdk-7 <unfixed>
+	NOTE: Affects the Libraries component, likely part of IcedTea/OpenJDK
 CVE-2013-0447 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
 	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
 	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
@@ -2867,7 +2871,9 @@
 CVE-2013-0445 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	TODO: check
 CVE-2013-0444 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Only affects Java7)
+	- openjdk-7 <unfixed>
+	NOTE: IcedTea commit: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39
 CVE-2013-0443 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-6 6b27-1.12-1
 	- openjdk-7 <unfixed>
@@ -2887,7 +2893,9 @@
 	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2013-0437 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Only affects Java7)
+	- openjdk-7 <unfixed>
+	NOTE: Affects the 2D component according to Oracle advisory, but no fix in IcedTea
 CVE-2013-0436 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
 	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
 	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
@@ -2904,7 +2912,9 @@
 	- openjdk-6 6b27-1.12-1
 	- openjdk-7 <unfixed>
 CVE-2013-0431 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Only affects Java7)
+	- openjdk-7 <unfixed>
+	NOTE: IcedTea commit: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/b09c28ff798f
 CVE-2013-0430 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -3295,7 +3305,8 @@
 	- boost1.42 <removed> (bug #699719)
 CVE-2013-0251 [unix socket privilege escalation]
 	RESERVED
-	- latd 1.31 (bug #699625)
+	- latd 1.31 (low; bug #699625)
+	[squeeze] - latd <no-dsa> (Minor issue)
 CVE-2013-0250 [corosync: Remote DoS due improper HMAC initialization]
 	RESERVED
 	- corosync <unfixed> (bug #699615)
@@ -3573,6 +3584,7 @@
 	RESERVED
 CVE-2013-0168
 	RESERVED
+	NOTE: RHEV management tool
 CVE-2013-0167
 	RESERVED
 CVE-2013-0166
@@ -5722,6 +5734,7 @@
 	RESERVED
 CVE-2012-5629
 	RESERVED
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2012-5628
 	RESERVED
 	NOT-FOR-US: gofer component of PULP project


