[Secure-testing-commits] r22947 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Jul 15 16:34:31 UTC 2013
Author: jmm
Date: 2013-07-15 16:34:31 +0000 (Mon, 15 Jul 2013)
New Revision: 22947
Modified:
data/CVE/list
Log:
fixup older openjkd7 entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-07-15 15:30:01 UTC (rev 22946)
+++ data/CVE/list 2013-07-15 16:34:31 UTC (rev 22947)
@@ -11287,8 +11287,8 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0448 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-6 <not-affected> (Only affects Java7)
- - openjdk-7 <unfixed>
- NOTE: Affects the Libraries component, likely part of IcedTea/OpenJDK
+ - openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+ NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-0447 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
@@ -11297,7 +11297,7 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0445 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-6 6b27-1.12.1-1
- - openjdk-7 <unfixed>
+ - openjdk-7 7u17-2.3.8-1
NOTE: icedtea fix: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69
NOTE: openjdk-7 fixed in experimental: 7u13-2.3.6-1
CVE-2013-0444 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
@@ -22085,7 +22085,7 @@
NOT-FOR-US: phplist
CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 ...)
- openjdk-6 <unfixed> (unimportant)
- - openjdk-7 <unfixed>
+ - openjdk-7 <unfixed> (unimportant)
NOTE: Upstream disputes this and states it needs to be fixed in Java apps itself
NOTE: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
NOTE: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
@@ -22718,12 +22718,8 @@
NOTE: https://bitcointalk.org/index.php?topic=81749.0
CVE-2012-2458
RESERVED
- - openjdk-6 <not-affected> (Only affects Java 7)
- - openjdk-7 <unfixed>
CVE-2012-2457
RESERVED
- - openjdk-6 <unfixed>
- - openjdk-7 <unfixed>
CVE-2012-2456
RESERVED
- openjdk-6 <unfixed>
More information about the Secure-testing-commits
mailing list