[Secure-testing-commits] r39159 - in data: . CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Jan 25 11:21:09 UTC 2016
Author: jmm
Date: 2016-01-25 11:21:09 +0000 (Mon, 25 Jan 2016)
New Revision: 39159
Modified:
data/CVE/list
data/dsa-needed.txt
Log:
openjdk updates, also track openjdk-6
one openjdk issue probably also affect src:icu
doublecheck old rsync issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-25 08:01:07 UTC (rev 39158)
+++ data/CVE/list 2016-01-25 11:21:09 UTC (rev 39159)
@@ -4496,7 +4496,8 @@
CVE-2016-0494 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
- openjdk-8 8u72-b15-1
- openjdk-7 7u95-2.6.4-1
- TODO: check
+ - openjdk-6 <removed>
+ - icu <unfixed>
CVE-2016-0493 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
TODO: check
CVE-2016-0492 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
@@ -4520,7 +4521,7 @@
CVE-2016-0483 (Unspecified vulnerability in the Java SE, Java SE Embedded, and ...)
- openjdk-8 8u72-b15-1
- openjdk-7 7u95-2.6.4-1
- TODO: check
+ - openjdk-6 <removed>
CVE-2016-0482 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
TODO: check
CVE-2016-0481 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
@@ -4537,7 +4538,6 @@
TODO: check
CVE-2016-0475 (Unspecified vulnerability in the Java SE, Java SE Embedded, and ...)
- openjdk-8 8u72-b15-1
- TODO: check
CVE-2016-0474 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
TODO: check
CVE-2016-0473 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
@@ -4557,7 +4557,7 @@
CVE-2016-0466 (Unspecified vulnerability in the Java SE, Java SE Embedded, and ...)
- openjdk-8 8u72-b15-1
- openjdk-7 7u95-2.6.4-1
- TODO: check
+ - openjdk-6 <unfixed>
CVE-2016-0465 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
TODO: check
CVE-2016-0464 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
@@ -4595,7 +4595,7 @@
CVE-2016-0448 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
- openjdk-8 8u72-b15-1
- openjdk-7 7u95-2.6.4-1
- TODO: check
+ - openjdk-6 <removed>
CVE-2016-0447 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
TODO: check
CVE-2016-0446 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
@@ -4689,7 +4689,7 @@
CVE-2016-0402 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
- openjdk-8 8u72-b15-1
- openjdk-7 7u95-2.6.4-1
- TODO: check
+ - openjdk-6 <removed>
CVE-2016-0401 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
TODO: check
CVE-2015-8536
@@ -8408,7 +8408,9 @@
- openssl 1.0.1f-1
[squeeze] - openssl <not-affected> (Vulnerable code not present)
NOTE: OpenSSL fix: https://git.openssl.org/?p=openssl.git;a=commit;h=5e1ff664f95ab4c9176b3e86b5111e5777bad61a
+ - openjdk-8 7u95-2.6.4-1
- openjdk-7 7u95-2.6.4-1
+ - openjdk-6 <removed>
- gnutls28 3.3.15-1
[jessie] - gnutls28 3.3.8-6+deb8u3
- gnutls26 <removed>
@@ -29518,6 +29520,7 @@
[wheezy] - rsync <not-affected> (Affected sanitising functionality not yet present)
[squeeze] - rsync <not-affected> (Affected sanitising functionality not yet present)
NOTE: http://xteam.baidu.com/?p=169
+ TODO: Re-check affected versions, Ubuntu released an update which also covers 3.0.9 from precise
CVE-2014-9511
RESERVED
CVE-2014-9510 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt 2016-01-25 08:01:07 UTC (rev 39158)
+++ data/dsa-needed.txt 2016-01-25 11:21:09 UTC (rev 39159)
@@ -54,6 +54,8 @@
--
openjdk-6 (jmm)
--
+openjdk-7 (jmm)
+--
openswan (corsac)
NOTE: regression fix needed for CVE-2013-2053 (#743332) and CVE-2013-6466
(#744717)
More information about the Secure-testing-commits
mailing list