[Secure-testing-commits] r35509 - data/CVE

[Ben Hutchings]

Author: benh
Date: 2015-07-16 16:31:23 +0000 (Thu, 16 Jul 2015)
New Revision: 35509

Modified:
   data/CVE/list
Log:
Triage new issues for squeeze-lts

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-07-16 16:27:03 UTC (rev 35508)
+++ data/CVE/list	2015-07-16 16:31:23 UTC (rev 35509)
@@ -127,6 +127,7 @@
 	- ipython <unfixed> (bug #789824)
 	[jessie] - ipython <no-dsa> (Minor issue)
 	[wheezy] - ipython <no-dsa> (Minor issue)
+	[squeeze] - ipython <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0 (2.x)
 	NOTE: https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816 (3.x)
 	NOTE: Affected versions: 0.12 <= version <= 3.2.0
@@ -410,10 +411,12 @@
 CVE-2015-XXXX [Do not blindly forward cache peer CONNECT responses]
 	- squid <removed>
 	- squid3 <unfixed>
+	[squeeze] - squid <not-affected> (Vulnerable code not present)
 	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch (3.5)
 	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch (3.4)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/06/8
+	NOTE: In squeeze's squid3 the code is structured differently but the bug still appears to be present.
 	TODO: check
 CVE-2015-5380 (The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in ...)
 	- nodejs <not-affected> (Only affects 0.12.x)
@@ -1683,6 +1686,8 @@
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
 	- icu <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-4760
+	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-4759
 	RESERVED
 CVE-2015-4758
@@ -1723,11 +1728,15 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client and server deployment of Java."
 CVE-2015-4748
 	RESERVED
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client and server deployment of Java."
 CVE-2015-4747
 	RESERVED
 CVE-2015-4746
@@ -1767,16 +1776,22 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-4732
 	RESERVED
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-4731
 	RESERVED
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-4730
 	RESERVED
 CVE-2015-4729
@@ -2061,6 +2076,7 @@
 	RESERVED
 	- cacti 0.8.8e+ds1-1
 	NOTE: http://bugs.cacti.net/view.php?id=2577
+	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
 CVE-2015-4633
 	RESERVED
 CVE-2015-4632
@@ -7100,6 +7116,8 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client and server deployment of JSSE."
 CVE-2015-2807
 	RESERVED
 CVE-2015-2831 (Buffer overflow in das_watchdog 0.9.0 allows local users to execute ...)
@@ -7696,7 +7714,6 @@
 	RESERVED
 CVE-2015-2659
 	RESERVED
-	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
 CVE-2015-2658
@@ -7760,11 +7777,15 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-2637
 	RESERVED
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-2636
 	RESERVED
 CVE-2015-2635
@@ -7778,6 +7799,8 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-2631
 	RESERVED
 CVE-2015-2630
@@ -7789,6 +7812,8 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-2627
 	RESERVED
 	- openjdk-6 <not-affected> (Specific to Java client installer)
@@ -7801,6 +7826,8 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client and server deployment of JSSE."
 CVE-2015-2624
 	RESERVED
 CVE-2015-2623
@@ -7812,6 +7839,8 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-2620
 	RESERVED
 	- mysql-5.6 5.6.25-2
@@ -7820,7 +7849,6 @@
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
 CVE-2015-2619
 	RESERVED
-	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
 CVE-2015-2618
@@ -7842,6 +7870,8 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client and server deployment of Java."
 CVE-2015-2612
 	RESERVED
 CVE-2015-2611
@@ -7873,6 +7903,8 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client and server deployment of Java."
 CVE-2015-2600
 	RESERVED
 CVE-2015-2599
@@ -7893,6 +7925,9 @@
 	RESERVED
 	- virtualbox 4.3.30-dfsg-1 (bug #792446)
 	- virtualbox-ose <removed>
+	[squeeze] - virtualbox-ose <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixOVIR
+	NOTE: "This issue affects Windows, Linux and Mac OS X hosts only when guests using bridged networking over Wifi."
 CVE-2015-2593
 	RESERVED
 CVE-2015-2592
@@ -7904,6 +7939,8 @@
 	- openjdk-6 <unfixed>
 	- openjdk-7 <unfixed>
 	- openjdk-8 <unfixed>
+	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
+	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-2589
 	RESERVED
 CVE-2015-2588