[Secure-testing-commits] r21231 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Feb 11 07:07:29 UTC 2013 

Author: jmm
Date: 2013-02-11 07:07:29 +0000 (Mon, 11 Feb 2013)
New Revision: 21231

Modified:
   data/CVE/list
Log:
Red Hat NFUs
new java issue (no details known at this point)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-02-10 21:14:28 UTC (rev 21230)
+++ data/CVE/list	2013-02-11 07:07:29 UTC (rev 21231)
@@ -310,7 +310,8 @@
 CVE-2013-1491
 	RESERVED
 CVE-2013-1490 (Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE ...)
-	TODO: check
+	- openjdk-6 <not-affected> (Not exploitable in OpenJDK6)
+	- openjdk-7 <unfixed>
 CVE-2013-1489 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-6 <not-affected> (Only affects Java7)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -3401,7 +3402,6 @@
 	RESERVED
 	- xnbd 0.1.0-pre-hg20-e75b93a47722-3 (low)
 	NOTE: http://seclists.org/oss-sec/2013/q1/248
-	NOTE: Maintainer is aware and prepares update for Testing/Unstable
 CVE-2013-0264
 	RESERVED
 	NOT-FOR-US: Cumin
@@ -3428,10 +3428,10 @@
 	RESERVED
 CVE-2013-0256 [XSS exploit of RDoc documentation generated by rdoc]
 	RESERVED
-	- ruby1.9.1 <unfixed> (bug #699929)
+	- ruby1.9.1 <unfixed> (low; bug #699929)
+	- ruby1.8 <not-affected> (Only affects 1.9 and 2.0)
 	NOTE: http://marc.info/?l=oss-security&m=136021623726440&w=2
 	NOTE: https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
-	TODO: check
 CVE-2013-0255
 	RESERVED
 	- postgresql-9.1 9.1.8-1
@@ -3494,6 +3494,7 @@
 	NOTE: not fixed in experimental, but security-tracker cannot show the information
 CVE-2013-0239
 	RESERVED
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2013-0238 [ircd-hybrid: denial of service in try_parse_v4_netmask]
 	RESERVED
 	{DSA-2618-1}
@@ -4310,6 +4311,7 @@
 	RESERVED
 CVE-2012-6126
 	RESERVED
+	NOTE: To be rejected
 CVE-2012-6125
 	RESERVED
 	- chicken <unfixed>
@@ -4338,6 +4340,7 @@
 	TODO: report bug for Squeeze?
 CVE-2012-6119
 	RESERVED
+	NOTE: Candlepin
 CVE-2012-6118
 	RESERVED
 CVE-2012-6117
@@ -5901,6 +5904,7 @@
 	- xen 4.1.3-8 (low)
 CVE-2012-5633
 	RESERVED
+	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2012-5632
 	RESERVED
 CVE-2012-5631

More information about the Secure-testing-commits mailing list