[Secure-testing-commits] r26658 - data/CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2014-04-22 05:53:09 +0000 (Tue, 22 Apr 2014)
New Revision: 26658

Modified:
   data/CVE/list
Log:
two java issues specific to Oracle Java


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-04-22 05:49:47 UTC (rev 26657)
+++ data/CVE/list	2014-04-22 05:53:09 UTC (rev 26658)
@@ -1305,7 +1305,9 @@
 	- openjdk-7 7u55-2.4.7-1
 	- openjdk-6 <not-affected> (Only affects Java 7/8)
 CVE-2014-2401 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
-	TODO: Not fixed in IcedTea, likely specific to Oracle Java
+	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
 CVE-2014-2400 (Unspecified vulnerability in the Oracle Endeca Server component in ...)
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2014-2399 (Unspecified vulnerability in the Oracle Endeca Server component in ...)
@@ -6050,7 +6052,9 @@
 	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
 	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
 CVE-2014-0432 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
-	TODO: Not fixed in IcedTea, likely specific to Oracle Java
+	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
+	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
 CVE-2014-0431 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
 	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
 	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)