[Secure-testing-commits] r43444 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Mon Jul 25 10:32:01 UTC 2016
Author: jmm
Date: 2016-07-25 10:32:01 +0000 (Mon, 25 Jul 2016)
New Revision: 43444
Modified:
data/CVE/list
Log:
mark shadow as unimportant
mark various glassfish issues as n/a
Oracle NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-25 09:37:44 UTC (rev 43443)
+++ data/CVE/list 2016-07-25 10:32:01 UTC (rev 43444)
@@ -346,7 +346,7 @@
- shadow <unfixed> (bug #832170)
CVE-2016-6251 [potentially unsafe use of getlogin]
RESERVED
- - shadow <unfixed>
+ - shadow <unfixed> (unimportant)
NOTE: The use of getlogin in shadow is safe, it is only used to diferentiate
NOTE: the user if there are multiple users with the same uid -> same privileges
NOTE: anyway. Cf. http://seclists.org/oss-sec/2016/q3/120
@@ -2504,7 +2504,7 @@
CVE-2016-5478
RESERVED
CVE-2016-5477 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- TODO: check
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2016-5476 (Unspecified vulnerability in the Oracle Retail Integration Bus ...)
TODO: check
CVE-2016-5475 (Unspecified vulnerability in the Oracle Retail Service Backbone ...)
@@ -8579,11 +8579,11 @@
- openjdk-6 <undetermined>
TODO: check
CVE-2016-3609 (Unspecified vulnerability in the OJVM component in Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2016-3608 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- TODO: check
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2016-3607 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- TODO: check
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2016-3606 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE ...)
- openjdk-8 <unfixed>
- openjdk-7 <unfixed>
@@ -8813,7 +8813,7 @@
CVE-2016-3507 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
TODO: check
CVE-2016-3506 (Unspecified vulnerability in the JDBC component in Oracle Database ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2016-3505
RESERVED
CVE-2016-3504 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
@@ -8858,9 +8858,9 @@
CVE-2016-3490 (Unspecified vulnerability in the Oracle Transportation Management ...)
TODO: check
CVE-2016-3489 (Unspecified vulnerability in the Data Pump Import component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2016-3488 (Unspecified vulnerability in the DB Sharding component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2016-3487 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
TODO: check
CVE-2016-3486 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and ...)
@@ -8873,7 +8873,7 @@
- openjdk-6 <unfixed>
TODO: check
CVE-2016-3484 (Unspecified vulnerability in the Database Vault component in Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2016-3483 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
TODO: check
CVE-2016-3482 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
@@ -8883,7 +8883,7 @@
CVE-2016-3480 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
TODO: check
CVE-2016-3479 (Unspecified vulnerability in the Portable Clusterware component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2016-3478 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
TODO: check
CVE-2016-3477 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 ...)
@@ -8917,7 +8917,7 @@
CVE-2016-3468 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
TODO: check
CVE-2016-3467 (Unspecified vulnerability in the Application Express component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2016-3466 (Unspecified vulnerability in the Oracle Field Service component in ...)
NOT-FOR-US: Oracle
CVE-2016-3465 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
@@ -8970,7 +8970,7 @@
- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2016-3448 (Unspecified vulnerability in the Application Express component in ...)
- TODO: check
+ NOT-FOR-US: Oracle Database
CVE-2016-3447 (Unspecified vulnerability in the Oracle Applications Framework ...)
NOT-FOR-US: Oracle
CVE-2016-3446 (Unspecified vulnerability in the Oracle Business Intelligence ...)
@@ -19251,7 +19251,7 @@
CVE-2016-0454 (Unspecified vulnerability in the Oracle Mobile Application Servlet ...)
NOT-FOR-US: Oracle
CVE-2016-0453 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- NOT-FOR-US: Oracle
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2016-0452 (Unspecified vulnerability in the Oracle GoldenGate component in Oracle ...)
NOT-FOR-US: Oracle
CVE-2016-0451 (Unspecified vulnerability in the Oracle GoldenGate component in Oracle ...)
@@ -19279,7 +19279,7 @@
CVE-2016-0442 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
NOT-FOR-US: Oracle
CVE-2016-0441 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- NOT-FOR-US: Oracle
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2016-0440 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
NOT-FOR-US: Oracle
CVE-2016-0439 (Unspecified vulnerability in the Web Cache component in Oracle Fusion ...)
@@ -30604,7 +30604,7 @@
CVE-2015-4900 (Unspecified vulnerability in the XDB - XML Database component in ...)
TODO: check
CVE-2015-4899 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- TODO: check
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2015-4898 (Unspecified vulnerability in the Oracle Applications Framework ...)
TODO: check
CVE-2015-4897
@@ -31093,7 +31093,7 @@
CVE-2015-4745 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
NOT-FOR-US: Oracle Fusion
CVE-2015-4744 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- NOT-FOR-US: Oracle
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2015-4743 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
NOT-FOR-US: Oracle E-Business
CVE-2015-4742 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
@@ -37466,7 +37466,7 @@
CVE-2015-2624 (Unspecified vulnerability in the Data Store component in Oracle ...)
NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2623 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- NOT-FOR-US: Oracle
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2015-2622 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
NOT-FOR-US: PeopleSoft
CVE-2015-2621 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
@@ -45332,7 +45332,7 @@
CVE-2015-0397 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0396 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
- NOT-FOR-US: Oracle
+ - glassfish <not-affected> (Full application server not packaged)
CVE-2015-0395 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
{DSA-3147-1 DSA-3144-1 DLA-157-1}
- openjdk-6 6b34-1.13.6-1
More information about the Secure-testing-commits
mailing list