[Secure-testing-commits] r39289 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jan 29 15:40:59 UTC 2016
Author: carnil
Date: 2016-01-29 15:40:59 +0000 (Fri, 29 Jan 2016)
New Revision: 39289
Modified:
data/CVE/list
Log:
Update two CVEs which affect icu (one only after the fix for the first one)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-01-29 09:29:18 UTC (rev 39288)
+++ data/CVE/list 2016-01-29 15:40:59 UTC (rev 39289)
@@ -4821,8 +4821,12 @@
- openjdk-8 8u72-b15-1
- openjdk-7 7u95-2.6.4-1
- openjdk-6 <removed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298906#c1
+ NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/dbb4e2bdfa9e#l2.15
- icu <unfixed>
- NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298906#c1
+ NOTE: ICU not directly affected by CVE-2016-0494 itself since original patch for
+ NOTE: CVE-2015-4844 was not yet applied. CVE-2016-0494 was introduced as part of
+ NOTE: the CVE-2015-4844 fix.
CVE-2016-0493 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
TODO: check
CVE-2016-0492 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
@@ -16229,6 +16233,11 @@
- openjdk-6 <removed>
- openjdk-7 7u85-2.6.1-6
- openjdk-8 8u66-b17-1
+ - icu <unfixed>
+ NOTE: http://bugs.icu-project.org/trac/ticket/12020
+ NOTE: For ICU note that the original fix causes additional problems:
+ NOTE: https://ssl.icu-project.org/trac/ticket/12020#comment:4
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298906#c1
CVE-2015-4843 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
{DSA-3381-1 DLA-346-1}
- openjdk-6 <removed>
More information about the Secure-testing-commits
mailing list