diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2009-04-03 19:20:24 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2009-04-03 19:20:24 +0000 |
commit | 26d650b47927e93df59c99fcae3c287d512ec927 (patch) | |
tree | fbd3af15beeb8730b4d7df9597f26ce124e9f42a | |
parent | d04d78d710c18645d985649f5234dae416fda922 (diff) |
- mark xulrunner as unsupported for etch as well
- new unspecified libapache-mod-security issue
- formencode issue doesn't affect etch
- most of the java6 issues apply to java5 as well
- wlcpp wireshark issue already fixed in Lenny preparation
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11550 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/list | 41 | ||||
-rw-r--r-- | data/package-tags | 2 |
2 files changed, 39 insertions, 4 deletions
diff --git a/data/CVE/list b/data/CVE/list index 63b437083b..4c4e8744e2 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,7 +1,10 @@ +CVE-2009-XXXX [unspecified DoS] + - libapache-mod-security 2.5.9-1 + TODO: Investigate, check stable/oldstable, if necessary open RT ticket CVE-2009-1221 RESERVED CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in ...) - NOT-FOR-US: Cisco Adaptive Security Appliances + NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...) NOT-FOR-US: Sun Calendar Express Web Server CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar ...) @@ -43,7 +46,7 @@ CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, NOT-FOR-US: Blue Coat ProxySG CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in ...) - wireshark <unfixed> - TODO: File bug + TODO: File bug, investigate, if necessary open RT ticket CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...) - amaya <unfixed> (bug filed) CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other ...) @@ -334,6 +337,7 @@ CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not ch TODO: check CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does not ...) - python-formencode 1.0.1-1 + [etch] - python-formencode <not-affected> (Vulnerable code was introduced in 1.0) CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown impact and ...) NOT-FOR-US: phpns CVE-2008-6545 (PHP remote file inclusion vulnerability in news/include/createdb.php ...) @@ -377,24 +381,45 @@ CVE-2007-6721 (The Legion of the Bouncy Castle Java Cryptography API before rele CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) @@ -410,12 +435,21 @@ CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Ja CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) @@ -986,7 +1020,8 @@ CVE-2009-0875 (Race condition in the Doors subsystem in the kernel in Sun Solari CVE-2009-0874 (Multiple unspecified vulnerabilities in the Doors subsystem in the ...) NOT-FOR-US: Sun Solaris CVE-2008-6472 (The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote ...) - TODO: check + [lenny] - wireshark 1.0.2-3+lenny3 + - wireshark 1.0.5-1 (low; bug #506741) CVE-2008-6471 (SQL injection vulnerability in detail.php in MountainGrafix easyLink ...) NOT-FOR-US: MountainGrafix easyLink CVE-2008-6470 (Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 ...) diff --git a/data/package-tags b/data/package-tags index c0a00ad48e..92ee6fa62b 100644 --- a/data/package-tags +++ b/data/package-tags @@ -6,7 +6,7 @@ [lenny] kfreebsd-7 <unsupported> (FreeBSD not yet supported) [etch] iceweasel <unsupported> (Support was dropped for oldstable) - +[etch] xulrunner <unsupported> (Support was dropped for oldstable) [etch] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone) [lenny] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone) |