[Secure-testing-commits] r23686 - data/CVE
Salvatore Bonaccorso
carnil at alioth.debian.org
Mon Sep 16 16:30:33 UTC 2013
Author: carnil
Date: 2013-09-16 16:30:33 +0000 (Mon, 16 Sep 2013)
New Revision: 23686
Modified:
data/CVE/list
Log:
Add CVE-2013-4349/icedtea-web (not fixed in 1.4 branch)
Correspond to CVE-2012-4540.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-09-16 15:20:37 UTC (rev 23685)
+++ data/CVE/list 2013-09-16 16:30:33 UTC (rev 23686)
@@ -3089,8 +3089,11 @@
- linux <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2013/09/13/2
NOTE: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7
-CVE-2013-4349
+CVE-2013-4349 [IcedTeaScriptableJavaObject::invoke off-by-one heap-based buffer overflow]
RESERVED
+ - icedtea-web <unfixed>
+ NOTE: issues CVE-2012-4540 not fixed in 1.4 branch
+ NOTE: Patch: http://icedtea.classpath.org/hg/release/icedtea-web-1.4/rev/82e007d8b05a
CVE-2013-4348
RESERVED
CVE-2013-4347 [Uses poor PRNG]
More information about the Secure-testing-commits
mailing list