[Secure-testing-commits] r26841 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue May 6 15:26:17 UTC 2014
Author: jmm
Date: 2014-05-06 15:26:16 +0000 (Tue, 06 May 2014)
New Revision: 26841
Modified:
data/CVE/list
Log:
record libav fix, thanks Odyx
remove pointless historic openjdk <undetermined> entries
fix up some older <undetermined> entries for chrome/webkit
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-05-06 07:56:43 UTC (rev 26840)
+++ data/CVE/list 2014-05-06 15:26:16 UTC (rev 26841)
@@ -6403,10 +6403,9 @@
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=2115a3597457231a6e5c0527fe0ff8550f64b733
NOTE: Pending for 0.8.11
CVE-2012-6617 (The prepare_sdp_description function in ffserver.c in FFmpeg before ...)
- - libav <unfixed>
+ - libav 6:9.11-1
[wheezy] - libav <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
- ffmpeg <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
- NOTE: Pending for 9.12
NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d
NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=82b9799bb211ecd117171115e4a8b832c4942314
CVE-2012-6616 (The mov_text_decode_frame function in libavcodec/movtextdec.c in ...)
@@ -53917,7 +53916,7 @@
NOTE: http://trac.webkit.org/changeset/84085
CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
{DSA-2245-1}
- - chromium-browser <undetermined>
+ - chromium-browser 12.0.742.91~r87961-1
CVE-2011-1796
RESERVED
- chromium-browser 11.0.696.65~r84435-1
@@ -71199,7 +71198,7 @@
CVE-2010-0474
RESERVED
{DSA-2188-1}
- - webkit <undetermined>
+ - webkit 1.4.0-1
CVE-2010-0473
RESERVED
CVE-2010-0472 (kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 ...)
@@ -83867,42 +83866,36 @@
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 1.5.0-22-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 6-20-0lenny1
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 1.5.0-22-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 6-20-0lenny1
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 1.5.0-22-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 6-20-0lenny1
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 1.5.0-22-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 6-20-0lenny1
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 1.5.0-22-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 6-20-0lenny1
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 1.5.0-22-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
@@ -83910,24 +83903,20 @@
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 1.5.0-22-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1099 (Integer signedness error in Java SE Development Kit (JDK) and Java ...)
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 6-20-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java Runtime ...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 6-20-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Java ...)
{DSA-1769-1}
- sun-java6 6-13-1
[lenny] - sun-java6 6-20-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
@@ -83935,7 +83924,6 @@
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 1.5.0-22-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and ...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
@@ -83943,7 +83931,6 @@
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 1.5.0-22-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE ...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
@@ -83951,12 +83938,10 @@
- sun-java5 1.5.0-18-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
[lenny] - sun-java5 1.5.0-22-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java ...)
{DSA-1769-1}
- sun-java6 6-13-1 (bug #521414)
[lenny] - sun-java6 6-20-0lenny1
- - openjdk-6 <undetermined> (bug #566769)
CVE-2009-1962 (Xfig, possibly 3.2.5, allows local users to read and write arbitrary ...)
- xfig 1:3.2.5.a-1
[etch] - xfig <no-dsa> (Minor issue)
@@ -86046,7 +86031,6 @@
CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as ...)
{DSA-1769-1 DSA-1745-1}
- lcms 1.18.dfsg-1 (bug #522446)
- - openjdk-6 <undetermined>
CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...)
{DSA-2207-1}
- tomcat6 6.0.20-1 (low; bug #532362)
@@ -94914,17 +94898,14 @@
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3114 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 ...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3113 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 ...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 <not-affected> (Only for sun-java5)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3112 (Directory traversal vulnerability in Sun Java Web Start in JDK and JRE ...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -94934,46 +94915,37 @@
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-04-1 (bug #490260)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3110 (Unspecified vulnerability in scripting language support in Sun Java ...)
- sun-java5 <not-affected> (Only for sun-java6)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3109 (Unspecified vulnerability in scripting language support in Sun Java ...)
- sun-java5 <not-affected> (Only for sun-java6)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3108 (Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE ...)
- sun-java5 1.5.0-10-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 <not-affected> (Only for sun-java5)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3107 (Unspecified vulnerability in the Virtual Machine in Sun Java Runtime ...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3106 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK ...)
- sun-java5 1.5.0-16-1 (bug #490260)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 6-07-1 (bug #490260)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3105 (Unspecified vulnerability in the JAX-WS client and service in Sun Java ...)
- sun-java5 <not-affected> (Only for sun-java6)
- sun-java6 6-07-1 (bug #490260)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3104 (Multiple unspecified vulnerabilities in Sun Java Runtime Environment ...)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-16-1 (bug #490260)
- sun-java6 6-07-1 (bug #490260)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3103 (Unspecified vulnerability in the Java Management Extensions (JMX) ...)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-16-1 (bug #490260)
- sun-java6 6-07-1 (bug #490260)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the ...)
- mantis 1.1.2+dfsg-6 (low; bug #501179)
CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...)
@@ -99490,61 +99462,49 @@
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment ...)
- sun-java6 6-05-1 (low)
- sun-java5 1.5.0-15-1 (low)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1194 (Multiple unspecified vulnerabilities in the color management library ...)
- sun-java6 6-05-1 (unimportant)
- sun-java5 1.5.0-15-1 (unimportant)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1193 (Unspecified vulnerability in Java Runtime Environment Image Parsing ...)
- sun-java6 6-05-1 (low)
- sun-java5 1.5.0-15-1 (low)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1192 (Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 ...)
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1191 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 ...)
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1190 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 ...)
- sun-java6 6-05-1 (medium)
- sun-java5 <not-affected> (No more information by sun)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1189 (Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and ...)
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1188 (Multiple buffer overflows in the useEncodingDecl function in Java Web ...)
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1187 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) and ...)
- sun-java6 6-05-1 (low)
- sun-java5 1.5.0-15-1 (low)
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1186 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime ...)
- sun-java6 6-05-1
- sun-java5 1.5.0-15-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1185 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime ...)
- sun-java6 6-05-1
- sun-java5 1.5.0-15-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-1184 (The DNSSEC validation library (libval) library in dnssec-tools before ...)
- dnssec-tools <not-affected> (first version in Debian was 1.4.1)
CVE-2008-1183 (Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax ...)
@@ -100760,7 +100720,6 @@
- sun-java6 6-02-1
- sun-java5 1.5.0-14-1
[etch] - sun-java5 1.5.0-14-1etch1
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-0656 (Unrestricted file upload vulnerability in dmclTrace.jsp in EMC ...)
NOT-FOR-US: Documentum Administrator and Webtop
CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat ...)
@@ -100829,7 +100788,6 @@
CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 ...)
- sun-java6 6-04-1
- sun-java5 <not-affected> (referring to sun this vulnerability is not present in java5)
- - openjdk-6 <undetermined> (bug #566770)
CVE-2008-0627
REJECTED
CVE-2008-0626
More information about the Secure-testing-commits
mailing list