[Secure-testing-commits] r36197 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Aug 19 20:49:54 UTC 2015
Author: jmm
Date: 2015-08-19 20:49:54 +0000 (Wed, 19 Aug 2015)
New Revision: 36197
Modified:
data/CVE/list
Log:
two glasssfish issues n/a
mark openssl back as fixed, this was used as the official initial upstream
fix and we use the same, later changes to move to 1024 can follow independant
of that
nss fixed
gnome-online-accounts bug never in the archive
openjdk-6 removed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-08-19 20:29:31 UTC (rev 36196)
+++ data/CVE/list 2015-08-19 20:49:54 UTC (rev 36197)
@@ -4147,7 +4147,7 @@
CVE-2015-4760 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
{DSA-3323-1 DSA-3316-1 DLA-283-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
- icu 52.1-10
@@ -4189,7 +4189,7 @@
CVE-2015-4749 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -4197,7 +4197,7 @@
CVE-2015-4748 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -4239,7 +4239,7 @@
CVE-2015-4733 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -4247,7 +4247,7 @@
CVE-2015-4732 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -4255,7 +4255,7 @@
CVE-2015-4731 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -6214,10 +6214,10 @@
NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ...)
{DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-247-1}
- - openssl <unfixed>
- - nss <unfixed>
+ - openssl 1.0.2b-1
+ - nss 2:3.19.1-1
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: CVE assigned specific to vulnerability in the TLS protocol that was
@@ -9712,7 +9712,7 @@
NOTE: This CVE is specific to the design of the RC4 protocol and not to its
NOTE: implementations.
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10386,7 +10386,7 @@
CVE-2015-2632 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10400,7 +10400,7 @@
CVE-2015-2628 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10414,7 +10414,7 @@
CVE-2015-2625 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10428,7 +10428,7 @@
CVE-2015-2621 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10457,7 +10457,7 @@
NOT-FOR-US: Solaris (NVM Express Driver)
CVE-2015-2613 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE ...)
{DSA-3316-1}
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10489,7 +10489,7 @@
CVE-2015-2601 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -10522,7 +10522,7 @@
CVE-2015-2590 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
{DSA-3316-1}
[experimental] - openjdk-6 6b36-1.13.8-1
- - openjdk-6 <unfixed>
+ - openjdk-6 <removed>
- openjdk-7 7u79-2.5.6-1
- openjdk-8 8u66-b01-1
NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
@@ -47500,7 +47500,7 @@
- openjdk-6 6b27-1.12.7-1
- openjdk-7 7u45-2.4.3-1
CVE-2013-5816 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- - glassfish <undetermined>
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2013-5815 (Unspecified vulnerability in the Oracle Identity Analytics component ...)
NOT-FOR-US: Oracle Fusion Middleware Oracle Identity Analytics
CVE-2013-5814 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
@@ -52875,7 +52875,7 @@
CVE-2013-3828 (Unspecified vulnerability in the Oracle Web Services component in ...)
NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3827 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- - glassfish <undetermined>
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2013-3826 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
NOT-FOR-US: Oracle Database Server
CVE-2013-3825 (Unspecified vulnerability in the Oracle Agile Product Collaboration ...)
@@ -58396,9 +58396,7 @@
CVE-2013-1800 (The crack gem 0.3.1 and earlier for Ruby does not properly restrict ...)
- ruby-crack 0.3.2-1
CVE-2013-1799 (Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before ...)
- - gnome-online-accounts <undetermined>
- NOTE: CVE for incomplete fix for CVE-2013-0240 in some versions
- TODO: check if fix applied to Debian in 3.4.2-2 was incomplete
+ - gnome-online-accounts <not-affected> (Incomplete patch wasn't applied in Debian)
CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux ...)
{DSA-2668-1}
- linux 3.2.41-2
@@ -66401,7 +66399,7 @@
- linux-2.6 <unfixed> (unimportant)
NOTE: btrfs support in Squeeze/Wheezy is not ready for production use
CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash ...)
- - openjdk-6 <unfixed> (low)
+ - openjdk-6 <removed> (low)
[squeeze] - openjdk-6 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
[wheezy] - openjdk-6 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
- openjdk-7 <unfixed> (low)
@@ -73524,7 +73522,7 @@
CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList ...)
NOT-FOR-US: phplist
CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 ...)
- - openjdk-6 <unfixed> (unimportant)
+ - openjdk-6 <removed> (unimportant)
- openjdk-7 <unfixed> (unimportant)
NOTE: Upstream disputes this and states it needs to be fixed in Java apps itself
NOTE: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
@@ -143639,7 +143637,7 @@
CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java ...)
- sun-java6 <removed> (unimportant)
- sun-java5 <removed> (unimportant)
- - openjdk-6 <unfixed> (unimportant)
+ - openjdk-6 <removed> (unimportant)
NOTE: exploiting this would not work under Linux
CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote ...)
NOT-FOR-US: Pegasus Mail Mercury
@@ -156477,7 +156475,7 @@
CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...)
- sun-java5 <removed> (unimportant)
- sun-java6 <removed> (unimportant)
- - openjdk-6 <unfixed> (unimportant)
+ - openjdk-6 <removed> (unimportant)
NOTE: not a security issue, browser dos treated as regular bugs, also likely Windows-specific
CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...)
NOT-FOR-US: Citrix Access Gateway
More information about the Secure-testing-commits
mailing list