munin fixed

new GCC issue
one openjdk issue also affects openjdk6


git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@20088 e39458fd-73e7-0310-bf30-c45bca0a0e42

2 files changed, 9 insertions, 3 deletions

diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index f88955e702..0a28752575 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -8,6 +8,12 @@ CVE-2002-2440
 	RESERVED
 CVE-2002-2439
 	RESERVED
+	- gcc-4.1 <removed>
+	- gcc-4.3 <removed>
+	- gcc-4.4 <unfixed>
+	- gcc-4.6 <unfixed>
+	NOTE: Are there apps known to be exploitable through this?
+	NOTE: Any application using unguarded memory allocation would be susceptible to DoS anyway?
 CVE-2002-2438
 	RESERVED
 	NOT-FOR-US: ancient linux 2.4 issue
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index da8986b024..4751b3e6fd 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -2654,12 +2654,12 @@ CVE-2012-3514 (OCaml Xml-Light Library before r234 computes hash values without
 	- xml-light <unfixed> (bug #685584)
 CVE-2012-3513 [remote execution as www-data]
 	RESERVED
-	- munin <unfixed> (bug #684076)
+	- munin 2.0.6-1 (bug #684076)
 	[squeeze] - munin <not-affected> (vulnerable code introduced in 2.x)
 	NOTE: http://www.munin-monitoring.org/ticket/1238
 CVE-2012-3512 [local privilege escalation munin to root]
 	RESERVED
-	- munin <unfixed> (bug #684075)
+	- munin 2.0.6-1 (bug #684075)
 	NOTE: http://www.munin-monitoring.org/ticket/1234
 CVE-2012-3511
 	RESERVED
@@ -7028,7 +7028,7 @@ CVE-2012-1683 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11
 	NOT-FOR-US: Solaris
 CVE-2012-1682 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-7 <unfixed>
-	- openjdk-6 <not-affected>
+	- openjdk-6 <unfixed>
 CVE-2012-1681 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
 	NOT-FOR-US: Solaris
 CVE-2012-1680