diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2009-04-03 19:20:24 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2009-04-03 19:20:24 +0000 |
commit | 06b83430e424b61c9a87953b8a7da0f9e6698505 (patch) | |
tree | 281f54938d118bdedd4bfe1524e68351a19fa5ec /data | |
parent | 5de07fab4b573ac4dd4dc20c89d4b0c8805bf557 (diff) |
- mark xulrunner as unsupported for etch as well
- new unspecified libapache-mod-security issue
- formencode issue doesn't affect etch
- most of the java6 issues apply to java5 as well
- wlcpp wireshark issue already fixed in Lenny preparation
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11550 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2008.list | 4 | ||||
-rw-r--r-- | data/CVE/2009.list | 37 | ||||
-rw-r--r-- | data/package-tags | 2 |
3 files changed, 39 insertions, 4 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list index d741854c28..55ee9866b0 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -67,6 +67,7 @@ CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not ch TODO: check CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does not ...) - python-formencode 1.0.1-1 + [etch] - python-formencode <not-affected> (Vulnerable code was introduced in 1.0) CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown impact and ...) NOT-FOR-US: phpns CVE-2008-6545 (PHP remote file inclusion vulnerability in news/include/createdb.php ...) @@ -214,7 +215,8 @@ CVE-2008-6474 (The management interface in F5 BIG-IP 9.4.3 allows remote ...) CVE-2008-6473 (_blogadata/include/init_pass2.php in Blogator-script 0.95 allows ...) NOT-FOR-US: Blogator-script CVE-2008-6472 (The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote ...) - TODO: check + [lenny] - wireshark 1.0.2-3+lenny3 + - wireshark 1.0.5-1 (low; bug #506741) CVE-2008-6471 (SQL injection vulnerability in detail.php in MountainGrafix easyLink ...) NOT-FOR-US: MountainGrafix easyLink CVE-2008-6470 (Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 ...) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 5e12af17cb..85bf1fe56e 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1,7 +1,10 @@ +CVE-2009-XXXX [unspecified DoS] + - libapache-mod-security 2.5.9-1 + TODO: Investigate, check stable/oldstable, if necessary open RT ticket CVE-2009-1221 RESERVED CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in ...) - NOT-FOR-US: Cisco Adaptive Security Appliances + NOT-FOR-US: Cisco Adaptive Security Appliances CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...) NOT-FOR-US: Sun Calendar Express Web Server CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar ...) @@ -29,7 +32,7 @@ CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, NOT-FOR-US: Blue Coat ProxySG CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in ...) - wireshark <unfixed> - TODO: File bug + TODO: File bug, investigate, if necessary open RT ticket CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...) - amaya <unfixed> (bug filed) CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other ...) @@ -252,24 +255,45 @@ CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal .. CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) @@ -285,12 +309,21 @@ CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Ja CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) + - sun-java5 1.5.0-18-1 + [etch] - sun-java5 <no-dsa> (Non-free not supported) + [lenny] - sun-java5 <no-dsa> (Non-free not supported) CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java ...) - sun-java6 6-13-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) diff --git a/data/package-tags b/data/package-tags index c0a00ad48e..92ee6fa62b 100644 --- a/data/package-tags +++ b/data/package-tags @@ -6,7 +6,7 @@ [lenny] kfreebsd-7 <unsupported> (FreeBSD not yet supported) [etch] iceweasel <unsupported> (Support was dropped for oldstable) - +[etch] xulrunner <unsupported> (Support was dropped for oldstable) [etch] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone) [lenny] sql-ledger <limited-support> (Only supported behind an authenticated HTTP zone) |