- mark xulrunner as unsupported for etch as well

- new unspecified libapache-mod-security issue - formencode issue doesn't affect etch - most of the java6 issues apply to java5 as well - wlcpp wireshark issue already fixed in Lenny preparation git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11550 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Moritz Muehlenhoff <jmm@debian.org> 2009-04-03 19:20:24 +0000
committer: Moritz Muehlenhoff <jmm@debian.org> 2009-04-03 19:20:24 +0000
commit: 06b83430e424b61c9a87953b8a7da0f9e6698505 (patch)
tree: 281f54938d118bdedd4bfe1524e68351a19fa5ec /data
parent: 5de07fab4b573ac4dd4dc20c89d4b0c8805bf557 (diff)
3 files changed, 39 insertions, 4 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index d741854c28..55ee9866b0 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -67,6 +67,7 @@ CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not ch
 	TODO: check
 CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does not ...)
 	- python-formencode 1.0.1-1
+	[etch] - python-formencode <not-affected> (Vulnerable code was introduced in 1.0)
 CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown impact and ...)
 	NOT-FOR-US: phpns
 CVE-2008-6545 (PHP remote file inclusion vulnerability in news/include/createdb.php ...)
@@ -214,7 +215,8 @@ CVE-2008-6474 (The management interface in F5 BIG-IP 9.4.3 allows remote ...)
 CVE-2008-6473 (_blogadata/include/init_pass2.php in Blogator-script 0.95 allows ...)
 	NOT-FOR-US: Blogator-script
 CVE-2008-6472 (The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote ...)
-	TODO: check
+	[lenny] - wireshark 1.0.2-3+lenny3
+	- wireshark 1.0.5-1 (low; bug #506741)
 CVE-2008-6471 (SQL injection vulnerability in detail.php in MountainGrafix easyLink ...)
 	NOT-FOR-US: MountainGrafix easyLink
 CVE-2008-6470 (Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 ...)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 5e12af17cb..85bf1fe56e 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -1,7 +1,10 @@
+CVE-2009-XXXX [unspecified DoS]
+	- libapache-mod-security 2.5.9-1
+	TODO: Investigate, check stable/oldstable, if necessary open RT ticket
 CVE-2009-1221
 	RESERVED
 CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in ...)
-	NOT-FOR-US:  Cisco Adaptive Security Appliances
+	NOT-FOR-US: Cisco Adaptive Security Appliances
 CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...)
 	NOT-FOR-US: Sun Calendar Express Web Server
 CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar ...)
@@ -29,7 +32,7 @@ CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled,
 	NOT-FOR-US: Blue Coat ProxySG
 CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in ...)
 	- wireshark <unfixed>
-	TODO: File bug
+	TODO: File bug, investigate, if necessary open RT ticket
 CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...)
 	- amaya <unfixed> (bug filed)
 CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other ...)
@@ -252,24 +255,45 @@ CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal ..
 CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- sun-java5 1.5.0-18-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- sun-java5 1.5.0-18-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- sun-java5 1.5.0-18-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- sun-java5 1.5.0-18-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- sun-java5 1.5.0-18-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- sun-java5 1.5.0-18-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- sun-java5 1.5.0-18-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
@@ -285,12 +309,21 @@ CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Ja
 CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- sun-java5 1.5.0-18-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- sun-java5 1.5.0-18-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
+	- sun-java5 1.5.0-18-1
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
diff --git a/data/package-tags b/data/package-tags
index c0a00ad48e..92ee6fa62b 100644
--- a/data/package-tags
+++ b/data/package-tags
@@ -6,7 +6,7 @@
 [lenny] kfreebsd-7 <unsupported> (FreeBSD not yet supported)
 
 [etch] iceweasel <unsupported> (Support was dropped for oldstable)
-
+[etch] xulrunner <unsupported> (Support was dropped for oldstable)
 
 [etch] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone)
 [lenny] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone)
author	Moritz Muehlenhoff <jmm@debian.org>	2009-04-03 19:20:24 +0000
committer	Moritz Muehlenhoff <jmm@debian.org>	2009-04-03 19:20:24 +0000
commit	06b83430e424b61c9a87953b8a7da0f9e6698505 (patch)
tree	281f54938d118bdedd4bfe1524e68351a19fa5ec /data
parent	5de07fab4b573ac4dd4dc20c89d4b0c8805bf557 (diff)