[Secure-testing-commits] r22686 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Jun 19 16:10:47 UTC 2013
Author: jmm
Date: 2013-06-19 16:10:47 +0000 (Wed, 19 Jun 2013)
New Revision: 22686
Modified:
data/CVE/list
Log:
- new chromium issue not-affected
- new java issues (depending on icedtea release some more might be Oracle only)
- update some issues, which only affect Oracle Java, but not OpenJDK
- no-dsa for squeeze: mongodb, mplayer, system-config-printer
- some more ffmpeg updates: rewrite some entries as "code not present", add links
to libav commits to confirmed issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-06-19 15:12:28 UTC (rev 22685)
+++ data/CVE/list 2013-06-19 16:10:47 UTC (rev 22686)
@@ -1783,8 +1783,12 @@
RESERVED
CVE-2013-3744
RESERVED
+ - openjdk-6 <not-affected> (Only affects Java 7)
+ - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-3743
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-3741
RESERVED
CVE-2013-3740
@@ -3715,6 +3719,7 @@
RESERVED
CVE-2013-2866
RESERVED
+ - chromium-browser <not-affected> (Flash plugin not included in Chromium)
CVE-2013-2865 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2706-1}
- chromium-browser 27.0.1453.110-1
@@ -4740,34 +4745,64 @@
RESERVED
CVE-2013-2473
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2472
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2471
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2470
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2469
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2468
RESERVED
+ - openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+ - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2467
RESERVED
+ - openjdk-6 <not-affected> (Only affects Java 5)
+ - openjdk-7 <not-affected> (Only affects Java 5)
CVE-2013-2466
RESERVED
+ - openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+ - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2465
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2464
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2463
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2462
RESERVED
+ - openjdk-6 <not-affected> (Only affects Java 7)
+ - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2461
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2460
RESERVED
+ - openjdk-6 <not-affected> (Only affects Java 7)
+ - openjdk-7 <unfixed>
CVE-2013-2459
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2458
RESERVED
CVE-2013-2457
@@ -4776,32 +4811,56 @@
RESERVED
CVE-2013-2455
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2454
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2453
RESERVED
CVE-2013-2452
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2451
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2450
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2449
RESERVED
+ - openjdk-6 <not-affected> (Only affects Java 7)
+ - openjdk-7 <unfixed>
CVE-2013-2448
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2447
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2446
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2445
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2444
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2443
RESERVED
CVE-2013-2442
RESERVED
+ - openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+ - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2441 (Unspecified vulnerability in the Agile EDM component in Oracle Supply ...)
NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-2440 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
@@ -4815,6 +4874,8 @@
- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-2437
RESERVED
+ - openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+ - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2436 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-7 7u21-2.3.9-1
- openjdk-6 <not-affected> (Only affects Java7)
@@ -4900,6 +4961,8 @@
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2407
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-2406 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2405 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
@@ -4914,6 +4977,8 @@
NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2400
RESERVED
+ - openjdk-6 <not-affected> (Only affects Java 7)
+ - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2399 (Unspecified vulnerability in the Siebel Call Center component in ...)
NOT-FOR-US: Oracle Siebel CRM
CVE-2013-2398 (Unspecified vulnerability in the Siebel UI Framework component in ...)
@@ -6446,6 +6511,7 @@
RESERVED
- mongodb 1:2.4.1-1 (bug #704042)
[wheezy] - mongodb 1:2.0.6-1.1
+ [squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed)
NOTE: http://www.openwall.com/lists/oss-security/2013/03/25/7
CVE-2013-1891
RESERVED
@@ -7573,6 +7639,8 @@
NOT-FOR-US: Oracle E-Business Suite
CVE-2013-1500
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2013-1499 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
NOT-FOR-US: Solaris
CVE-2013-1498 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
@@ -9050,15 +9118,13 @@
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=796012af6c780b5b13ebca39a491f215515a18fe
CVE-2013-0877 [libavcodec/sanm.c out of array accesses]
RESERVED
- - ffmpeg <removed>
- [squeeze] - ffmpeg <not-affected> (codec not built)
- - libav <not-affected> (codec not built)
+ - ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
+ - libav <not-affected> (Smush codec not present in libav)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=365270aec5c2b9284230abc702b11168818f14cf
CVE-2013-0876 [libavcodec/sanm.c integer overflow and out of array accesses]
RESERVED
- - ffmpeg <removed>
- [squeeze] - ffmpeg <not-affected> (codec not built)
- - libav <not-affected> (codec not built)
+ - ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
+ - libav <not-affected> (Smush codec not present in libav)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1
CVE-2013-0875 [libavcodec/pngdec.c dont access out array elements]
RESERVED
@@ -9072,6 +9138,8 @@
- libav <unfixed>
TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1219cdaf9fb4bc8cea410e1caf802373c1bfe51
+ NOTE: Is that the relevant libav commit?
+ NOTE: http://git.libav.org/?p=libav.git;a=commit;h=9c2216976907336dfae0e8e38a4d70ca2465a92c
CVE-2013-0873 [libavcodec/shorten.c freeing invalid addresses]
RESERVED
- ffmpeg <removed>
@@ -9118,14 +9186,13 @@
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6
+ NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a943a132f36f4df8fe2f749744677b71984abce7
CVE-2013-0865 [libavcodec/vqavideo.c out of array writes]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
- NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ab6c9332bfa1e20127a16392a0b85a4aa4840889
+ NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=f7d18deb73d1dd1b27b2c7062c9a10d168a6c62a
CVE-2013-0864 [libavcodec/gifdec.c out of array accesses]
RESERVED
- ffmpeg <removed>
@@ -9134,15 +9201,13 @@
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c10350358da58600884292c08a8690289b81de29
CVE-2013-0863 [libavcodec/sanm.c buffer overflow]
RESERVED
- - ffmpeg <removed>
- [squeeze] - ffmpeg <not-affected> (codec not built)
- - libav <not-affected> (codec not built)
+ - ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
+ - libav <not-affected> (Smush codec not present in libav)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7357ca900efcf829de4cce4cec6ddc286526d417
CVE-2013-0862 [libavcodec/sanm.c integer overflows and out of array accesses]
RESERVED
- - ffmpeg <removed>
- [squeeze] - ffmpeg <not-affected> (codec not built)
- - libav <not-affected> (codec not built)
+ - ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
+ - libav <not-affected> (Smush codec not present in libav)
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=49b729d3af8464de431362e6c5b3027102bc2f88
CVE-2013-0861 [libavcodec/utils.c memory corruption]
RESERVED
@@ -9224,13 +9289,13 @@
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
+ NOTE: No roqvideo-related changes in libav git so far
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
CVE-2013-0848 [libavcodec/huffyuv.c out of array accesses]
RESERVED
- ffmpeg <removed>
- libav <unfixed>
- TODO: check
+ NOTE: No related changes in libav git so far
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
CVE-2013-0847 [libavformat/id3v2.c out of array accesses]
RESERVED
@@ -22057,16 +22122,24 @@
NOTE: https://bitcointalk.org/index.php?topic=81749.0
CVE-2012-2458
RESERVED
+ - openjdk-6 <not-affected> (Only affects Java 7)
+ - openjdk-7 <unfixed>
CVE-2012-2457
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2012-2456
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2012-2455 (Advanced Productivity Software DTE Axiom before 12.3.3 does not ...)
NOT-FOR-US: Advanced Productivity Software DTE Axiom
CVE-2012-2454
RESERVED
CVE-2012-2453
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2012-2452
RESERVED
CVE-2012-2450 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, ...)
@@ -22090,6 +22163,8 @@
RESERVED
CVE-2012-2443
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2012-2442 (Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and ...)
NOT-FOR-US: Nokia PC Suite
CVE-2012-2441 (RuggedCom Rugged Operating System (ROS) before 3.3 has a factory ...)
@@ -22148,6 +22223,8 @@
RESERVED
CVE-2012-2412
RESERVED
+ - openjdk-6 <unfixed>
+ - openjdk-7 <unfixed>
CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and ...)
NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2410 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...)
@@ -30117,7 +30194,8 @@
RESERVED
- accountsservice 0.6.15-3
CVE-2011-4405 (The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and ...)
- - system-config-printer 1.3.7-1 (bug #651204)
+ - system-config-printer 1.3.7-1 (low; bug #651204)
+ [squeeze] - system-config-printer 1.3.7-1 (bug #651204)
CVE-2011-4404 (The default configuration of the HTTP server in Jetty in vSphere ...)
- jetty 6.1.19-1 (low; bug #528389)
NOTE: duplicate of CVE-2009-1523
@@ -32591,6 +32669,7 @@
CVE-2011-3625 [mplayer SAMI subtitle parsing buffer overflow]
RESERVED
- mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bug #645987)
+ [squeeze] - mplayer <no-dsa> (Minor issue)
- mplayer2 2.0-134-g84d8671-9 (bug #646937)
CVE-2011-3624
RESERVED
More information about the Secure-testing-commits
mailing list