[Secure-testing-commits] r22959 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Jul 16 07:48:22 UTC 2013 

Author: jmm
Date: 2013-07-16 07:48:22 +0000 (Tue, 16 Jul 2013)
New Revision: 22959

Modified:
   data/CVE/list
Log:
new spice issue (no-dsa)
libjgroups no-dsa
fix old openjdk entries


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-07-16 07:26:48 UTC (rev 22958)
+++ data/CVE/list	2013-07-16 07:48:22 UTC (rev 22959)
@@ -1484,6 +1484,9 @@
 	RESERVED
 CVE-2013-4130
 	RESERVED
+	- spice <unfixed> (low; bug #717030)
+	[wheezy] - spice <no-dsa> (Minor issue)
+	[squeeze] - spice <no-dsa> (Minor issue)
 CVE-2013-4129
 	RESERVED
 	- linux <not-affected> (Introduced in 3.11-rc1)
@@ -1556,8 +1559,9 @@
 	NOTE: https://bugs.php.net/bug.php?id=65236
 CVE-2013-4112
 	RESERVED
-	- libjgroups-java <unfixed>
-	TODO: check
+	- libjgroups-java <unfixed> 
+	[wheezy] - libjgroups-java <no-dsa> (Minor issue)
+	[squeeze] - libjgroups-java <no-dsa> (Minor issue)
 CVE-2013-4111
 	RESERVED
 CVE-2013-4110
@@ -8397,7 +8401,7 @@
 	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
 CVE-2013-1490 (Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE ...)
 	- openjdk-6 <not-affected> (Not exploitable in OpenJDK6)
-	- openjdk-7 <unfixed>
+	- openjdk-7 <not-affected> (Icedtea 2.3 not affected)
 CVE-2013-1489 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-6 <not-affected> (Only affects Java7)
 	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
@@ -15178,6 +15182,7 @@
 	[squeeze] - openjdk-6 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
 	[wheezy] - openjdk-6 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
 	- openjdk-7 <unfixed> (low)
+	[wheezy] - openjdk-7 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
 CVE-2012-5372 (Rubinius computes hash values without properly restricting the ability ...)
 	- rubinius  <itp> (bug #591817)
 CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes ...)

More information about the Secure-testing-commits mailing list