[Secure-testing-commits] r19586 - in data: . CVE

Moritz Muehlenhoff Mon, 25 Jun 2012 00:17:55 -0700

Author: jmm
Date: 2012-06-25 07:17:41 +0000 (Mon, 25 Jun 2012)
New Revision: 19586


Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
openjdk-6 fixed
mark python hash collision issues as no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-06-25 06:02:27 UTC (rev 19585)
+++ data/CVE/list       2012-06-25 07:17:41 UTC (rev 19586)
@@ -4749,13 +4749,13 @@
 CVE-2012-1726 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
        - openjdk-7 7~u3-2.1.1-1 (bug #677486)
 CVE-2012-1725 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
-       - openjdk-6 <unfixed> (bug #677487)
+       - openjdk-6 6b24-1.11.3-1 (bug #677487)
        - openjdk-7 7~u3-2.1.1-1 (bug #677486)
 CVE-2012-1724 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
-       - openjdk-6 <unfixed> (bug #677487)
+       - openjdk-6 6b24-1.11.3-1 (bug #677487)
        - openjdk-7 7~u3-2.1.1-1 (bug #677486)
 CVE-2012-1723 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
-       - openjdk-6 <unfixed> (bug #677487)
+       - openjdk-6 6b24-1.11.3-1 (bug #677487)
        - openjdk-7 7~u3-2.1.1-1 (bug #677486)
 CVE-2012-1722 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
        - openjdk-6 <not-affected> (specific to Oracle Java)
@@ -4767,28 +4767,28 @@
        - openjdk-6 <unfixed> (bug #677487)
        - openjdk-7 <unfixed>
 CVE-2012-1719 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
-       - openjdk-6 <unfixed> (bug #677487)
+       - openjdk-6 6b24-1.11.3-1 (bug #677487)
        - openjdk-7 7~u3-2.1.1-1 (bug #677486)
 CVE-2012-1718 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
-       - openjdk-6 <unfixed> (bug #677487)
+       - openjdk-6 6b24-1.11.3-1 (bug #677487)
        - openjdk-7 7~u3-2.1.1-1 (bug #677486)
 CVE-2012-1717 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
-       - openjdk-6 <unfixed> (bug #677487)
+       - openjdk-6 6b24-1.11.3-1 (bug #677487)
        - openjdk-7 7~u3-2.1.1-1 (bug #677486)
 CVE-2012-1716 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
-       - openjdk-6 <unfixed> (bug #677487)
+       - openjdk-6 6b24-1.11.3-1 (bug #677487)
        - openjdk-7 7~u3-2.1.1-1 (bug #677486)
 CVE-2012-1715
        RESERVED
 CVE-2012-1714
        RESERVED
 CVE-2012-1713 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
-       - openjdk-6 <unfixed> (bug #677487)
+       - openjdk-6 6b24-1.11.3-1 (bug #677487)
        - openjdk-7 7~u3-2.1.1-1 (bug #677486)
 CVE-2012-1712
        RESERVED
 CVE-2012-1711 (Unspecified vulnerability in the Java Runtime Environment (JRE) 
...)
-       - openjdk-6 <unfixed> (bug #677487)
+       - openjdk-6 6b24-1.11.3-1 (bug #677487)
        - openjdk-7 7~u3-2.1.1-1 (bug #677486)
 CVE-2012-1710 (Unspecified vulnerability in the Oracle WebCenter Forms 
Recognition ...)
        NOT-FOR-US: Oracle Fusion
@@ -6103,13 +6103,12 @@
        - libdbd-pg-perl 2.19.0-1 (bug #661536)
 CVE-2012-1150
        RESERVED
-       - python2.6 2.6.8-0.1 (unimportant)
-       - python2.7 <unfixed> (unimportant)
-       - python3.2 <unfixed> (unimportant)
-       [squeeze] - python2.5 <no-dsa> (unimportant)
-       [squeeze] - python2.6 <no-dsa> (unimportant)
-       [squeeze] - python3.1 <no-dsa> (unimportant)
-       NOTE: the same hash DoS attack as other languages/bindings
+       - python2.6 2.6.8-0.1 (low)
+       - python2.7 <unfixed> (low)
+       - python3.2 <unfixed> (low)
+       [squeeze] - python2.5 <no-dsa> (Minor issue)
+       [squeeze] - python2.6 <no-dsa> (Minor issue)
+       [squeeze] - python3.1 <no-dsa> (Minor issue)
 CVE-2012-1149 (Integer overflow in the vclmi.dll module in OpenOffice.org 
(OOo) 3.3, ...)
        {DSA-2487-1 DSA-2473-1}
        - libreoffice 1:3.4.5-1

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt     2012-06-25 06:02:27 UTC (rev 19585)
+++ data/spu-candidates.txt     2012-06-25 07:17:41 UTC (rev 19586)
@@ -380,6 +380,8 @@
 python2.5 (CVE-2011-4940 [python: potential XSS in SimpleHTTPServer's 
list_directory()])
 http://www.openwall.com/lists/oss-security/2012/03/14/11
 
+CVE-2012-1150
+
 --
 
 python2.6 (CVE-2011-4940 [python: potential XSS in SimpleHTTPServer's 
list_directory()])
@@ -390,8 +392,16 @@
 #650555
 http://bugs.python.org/file23824/pypirc-secure.diff
 
+CVE-2012-1150
+
 --
 
+python3.1
+
+CVE-2012-1150
+
+--
+
 python-tornado (CVE-2012-2374)
 #673987
 


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r19586 - in data: . CVE

Reply via email to