[Secure-testing-commits] r43445 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Mon Jul 25 11:00:18 UTC 2016 

Author: jmm
Date: 2016-07-25 11:00:18 +0000 (Mon, 25 Jul 2016)
New Revision: 43445

Modified:
   data/CVE/list
Log:
java triage:
- don't use not-affected for java branches not affected, we don't use it
  for past issues either and only adds noise, instead simply don't list these
- mark openjdk-[67] as removed, it's dropped from testing/sid and only kept in
  experimental for staging towards security.debian.org
- some issues are limited to Oracle Java or Windows
- java fx in separate source package


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-07-25 10:32:01 UTC (rev 43444)
+++ data/CVE/list	2016-07-25 11:00:18 UTC (rev 43445)
@@ -8575,9 +8575,6 @@
 	TODO: check
 CVE-2016-3610 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded ...)
 	- openjdk-8 <unfixed>
-	- openjdk-7 <undetermined>
-	- openjdk-6 <undetermined>
-	TODO: check
 CVE-2016-3609 (Unspecified vulnerability in the OJVM component in Oracle Database ...)
 	NOT-FOR-US: Oracle Database
 CVE-2016-3608 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
@@ -8586,9 +8583,7 @@
 	- glassfish <not-affected> (Full application server not packaged)
 CVE-2016-3606 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE ...)
 	- openjdk-8 <unfixed>
-	- openjdk-7 <unfixed>
-	- openjdk-6 <undetermined>
-	TODO: check
+	- openjdk-7 <removed>
 CVE-2016-3605
 	RESERVED
 CVE-2016-3604
@@ -8605,9 +8600,6 @@
 	RESERVED
 CVE-2016-3598 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded ...)
 	- openjdk-8 <unfixed>
-	- openjdk-7 <undetermined>
-	- openjdk-6 <undetermined>
-	TODO: check
 CVE-2016-3597 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
 	TODO: check
 CVE-2016-3596 (Unspecified vulnerability in the Outside In Technology component in ...)
@@ -8632,9 +8624,6 @@
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
 CVE-2016-3587 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded ...)
 	- openjdk-8 <unfixed>
-	- openjdk-7 <not-affected> (Only affects OpenJDK 8)
-	- openjdk-6 <not-affected> (Only affects OpenJDK 8)
-	TODO: check
 CVE-2016-3586 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	TODO: check
 CVE-2016-3585 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
@@ -8704,17 +8693,13 @@
 CVE-2016-3553 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
 	TODO: check
 CVE-2016-3552 (Unspecified vulnerability in Oracle Java SE 8u92 allows local users to ...)
-	- openjdk-8 <unfixed>
-	- openjdk-7 <undetermined>
-	- openjdk-6 <undetermined>
-	TODO: check
+	- openjdk-8 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
 CVE-2016-3551
 	RESERVED
 CVE-2016-3550 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and ...)
 	- openjdk-8 <unfixed>
-	- openjdk-7 <unfixed>
-	- openjdk-6 <unfixed>
-	TODO: check
+	- openjdk-7 <removed>
+	- openjdk-6 <removed>
 CVE-2016-3549 (Unspecified vulnerability in the Oracle E-Business Suite Secure ...)
 	TODO: check
 CVE-2016-3548 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
@@ -8807,9 +8792,8 @@
 	TODO: check
 CVE-2016-3508 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; ...)
 	- openjdk-8 <unfixed>
-	- openjdk-7 <unfixed>
-	- openjdk-6 <unfixed>
-	TODO: check
+	- openjdk-7 <removed>
+	- openjdk-6 <removed>
 CVE-2016-3507 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
 	TODO: check
 CVE-2016-3506 (Unspecified vulnerability in the JDBC component in Oracle Database ...)
@@ -8819,10 +8803,9 @@
 CVE-2016-3504 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
 	TODO: check
 CVE-2016-3503 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 ...)
-	- openjdk-8 <unfixed>
-	- openjdk-7 <unfixed>
-	- openjdk-6 <unfixed>
-	TODO: check
+	- openjdk-8 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
+	- openjdk-7 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
+	- openjdk-6 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
 CVE-2016-3502 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
 	TODO: check
 CVE-2016-3501 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and ...)
@@ -8831,16 +8814,12 @@
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
 CVE-2016-3500 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; ...)
 	- openjdk-8 <unfixed>
-	- openjdk-7 <unfixed>
-	- openjdk-6 <unfixed>
-	TODO: check
+	- openjdk-7 <removed>
+	- openjdk-6 <removed>
 CVE-2016-3499 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
 	TODO: check
 CVE-2016-3498 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows ...)
-	- openjdk-8 <unfixed>
-	- openjdk-7 <unfixed>
-	- openjdk-6 <undetermined>
-	TODO: check
+	- openjfx <unfixed>
 CVE-2016-3497 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
 	TODO: check
 CVE-2016-3496 (Unspecified vulnerability in the Enterprise Manager for Fusion ...)
@@ -8868,10 +8847,9 @@
 	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
 CVE-2016-3485 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; ...)
-	- openjdk-8 <unfixed>
-	- openjdk-7 <unfixed>
-	- openjdk-6 <unfixed>
-	TODO: check
+	- openjdk-8 <not-affected> (Windows-specific)
+	- openjdk-7 <not-affected> (Windows-specific)
+	- openjdk-6 <not-affected> (Windows-specific)
 CVE-2016-3484 (Unspecified vulnerability in the Database Vault component in Oracle ...)
 	NOT-FOR-US: Oracle Database
 CVE-2016-3483 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
@@ -8940,9 +8918,8 @@
 	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
 CVE-2016-3458 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; ...)
 	- openjdk-8 <unfixed>
-	- openjdk-7 <unfixed>
-	- openjdk-6 <unfixed>
-	TODO: check
+	- openjdk-7 <removed>
+	- openjdk-6 <removed>
 CVE-2016-3457 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ...)
 	NOT-FOR-US: PeopleSoft
 CVE-2016-3456 (Unspecified vulnerability in the Oracle Complex Maintenance, Repair, ...)

More information about the Secure-testing-commits mailing list