[Secure-testing-commits] r26576 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Apr 16 06:57:27 UTC 2014 

Author: jmm
Date: 2014-04-16 06:57:26 +0000 (Wed, 16 Apr 2014)
New Revision: 26576

Modified:
   data/CVE/list
Log:
new java issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-04-16 06:52:08 UTC (rev 26575)
+++ data/CVE/list	2014-04-16 06:57:26 UTC (rev 26576)
@@ -339,7 +339,8 @@
 	NOT-FOR-US: PrestaShop
 CVE-2012-6640 (Cross-site scripting (XSS) vulnerability in Horde Internet Mail ...)
 	- php-horde-imp 5.0.22
-	- horde3 <removed>
+	- horde3 <removed> (low)
+	[squeeze] - horde3 <no-dsa> (Minor issue)
 CVE-2014-1985 (Open redirect vulnerability in the redirect_back_or_default function ...)
 	- redmine <unfixed> (bug #743828)
 	NOTE: https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3
@@ -1122,8 +1123,12 @@
 	RESERVED
 CVE-2014-2428
 	RESERVED
+	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2014-2427
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-2426
 	RESERVED
 CVE-2014-2425
@@ -1132,12 +1137,20 @@
 	RESERVED
 CVE-2014-2423
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-2422
 	RESERVED
+	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
+	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
 CVE-2014-2421
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-2420
 	RESERVED
+	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2014-2419
 	RESERVED
 CVE-2014-2418
@@ -1150,16 +1163,26 @@
 	RESERVED
 CVE-2014-2414
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-2413
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <not-affected> (Only affects Java 7/8)
 CVE-2014-2412
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-2411
 	RESERVED
 CVE-2014-2410
 	RESERVED
+	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
+	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
 CVE-2014-2409
 	RESERVED
+	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2014-2408
 	RESERVED
 CVE-2014-2407
@@ -1172,18 +1195,27 @@
 	RESERVED
 CVE-2014-2403
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-2402
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <not-affected> (Only affects Java 7/8)
 CVE-2014-2401
 	RESERVED
+	TODO: Not fixed in IcedTea, likely specific to Oracle Java
 CVE-2014-2400
 	RESERVED
 CVE-2014-2399
 	RESERVED
 CVE-2014-2398
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-2397
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-2396
 	RESERVED
 CVE-2014-2395
@@ -5797,42 +5829,72 @@
 	RESERVED
 CVE-2014-0464
 	RESERVED
+	- openjdk-7 <not-affected> (Only affects Java 8)
+	- openjdk-6 <not-affected> (Only affects Java 8)
 CVE-2014-0463
 	RESERVED
+	- openjdk-7 <not-affected> (Only affects Java 8)
+	- openjdk-6 <not-affected> (Only affects Java 8)
 CVE-2014-0462
 	RESERVED
 CVE-2014-0461
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-0460
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-0459
 	RESERVED
 CVE-2014-0458
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-0457
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-0456
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-0455
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <not-affected> (Only affects Java 7/8)
 CVE-2014-0454
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <not-affected> (Only affects Java 7/8)
 CVE-2014-0453
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-0452
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-0451
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-0450
 	RESERVED
 CVE-2014-0449
 	RESERVED
+	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2014-0448
 	RESERVED
+	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
+	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
 CVE-2014-0447
 	RESERVED
 CVE-2014-0446
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-0445 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
 	NOT-FOR-US: PeopleSoft Enterprise
 CVE-2014-0444 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical ...)
@@ -5865,6 +5927,7 @@
 	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
 CVE-2014-0432
 	RESERVED
+	TODO: Not fixed in IcedTea, likely specific to Oracle Java
 CVE-2014-0431 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
 	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
 	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
@@ -5873,6 +5936,8 @@
 	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
 CVE-2014-0429
 	RESERVED
+	- openjdk-7 <unfixed>
+	- openjdk-6 <unfixed>
 CVE-2014-0428 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
 	- openjdk-6 6b30-1.13.1-1
 	- openjdk-7 7u51-2.4.4-1

More information about the Secure-testing-commits mailing list