[Secure-testing-commits] r35663 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Jul 24 04:58:38 UTC 2015


Author: carnil
Date: 2015-07-24 04:58:38 +0000 (Fri, 24 Jul 2015)
New Revision: 35663

Modified:
   data/CVE/list
Log:
Add first set of CVEs mentioned in changelog for fixed version

NOTE: For reviewers, just added the CVEs mentioned in the changelog, but
there are still issues for openjdk-7 as unfixed. Please double-check if
this is complete.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-07-23 22:53:34 UTC (rev 35662)
+++ data/CVE/list	2015-07-24 04:58:38 UTC (rev 35663)
@@ -1984,7 +1984,7 @@
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
 CVE-2015-4760 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	- icu 52.1-10
 	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3f9845510b47
@@ -2024,13 +2024,13 @@
 	TODO: check
 CVE-2015-4749 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client and server deployment of Java."
 CVE-2015-4748 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client and server deployment of Java."
@@ -2069,19 +2069,19 @@
 	RESERVED
 CVE-2015-4733 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-4732 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
 CVE-2015-4731 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
@@ -3985,7 +3985,7 @@
 	- openssl <unfixed>
 	- nss <unfixed>
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: CVE assigned specific to vulnerability in the TLS protocol that was
 	NOTE: disclosed in section 3.2 of the
@@ -7448,7 +7448,7 @@
 	NOTE: This CVE is specific to the design of the RC4 protocol and not to its
 	NOTE: implementations.
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client and server deployment of JSSE."
@@ -8123,7 +8123,7 @@
 	RESERVED
 CVE-2015-2632 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
@@ -8135,7 +8135,7 @@
 	TODO: check
 CVE-2015-2628 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
@@ -8147,7 +8147,7 @@
 	TODO: check
 CVE-2015-2625 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client and server deployment of JSSE."
@@ -8159,7 +8159,7 @@
 	TODO: check
 CVE-2015-2621 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
@@ -8187,7 +8187,7 @@
 	TODO: check
 CVE-2015-2613 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client and server deployment of Java."
@@ -8218,7 +8218,7 @@
 	TODO: check
 CVE-2015-2601 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client and server deployment of Java."
@@ -8249,7 +8249,7 @@
 	TODO: check
 CVE-2015-2590 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
 	- openjdk-6 <unfixed>
-	- openjdk-7 <unfixed>
+	- openjdk-7 7u79-2.5.6-1
 	- openjdk-8 <unfixed>
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
 	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."




More information about the Secure-testing-commits mailing list