openjdk team mailing list archive

Thread
Date

Bug#510972: CVE mapping

To: 510972@xxxxxxxxxxxxxxx, Stefan Fritsch <sf@xxxxxxxxxxx>
From: Kees Cook <kees@xxxxxxxxxxx>
Date: Tue, 13 Jan 2009 10:56:52 -0800
Organization: Outflux
Reply-to: Kees Cook <kees@xxxxxxxxxxx>, 510972@xxxxxxxxxxxxxxx
Resent-cc: OpenJDK Team <openjdk@xxxxxxxxxxxxxxxxxxx>
Resent-date: Tue, 13 Jan 2009 19:00:05 +0000
Resent-date: Tue, 13 Jan 2009 19:00:06 +0000
Resent-from: Kees Cook <kees@xxxxxxxxxxx>
Resent-message-id: <handler.510972.B510972.12318730148409@xxxxxxxxxxxxxxx>
Resent-sender: Debian BTS <debbugs@xxxxxxxxxxxxxxxx>
Resent-to: debian-bugs-dist@xxxxxxxxxxxxxxxx

Unknown
-------
(Do these apply to IcedTea, or only WebStart which is not in openjdk?)

http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1
    6727079, 6727081, 6694892, 6727071, 6707535, 6716217, 6767668
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5339
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5340
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5341
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5342
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5343
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5344
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246387-1
    6704154
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5345
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246386-1
    6674093
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5346
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246366-1
    6592792
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5347


Not Affected
------------
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1
    6728071
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5355


Fixed in b14
------------
http://blogs.sun.com/darcy/entry/openjdk_6_sources_for_b14

http://sunsolve.sun.com/search/document.do?assetkey=1-26-246346-1
    6588160
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5348
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246286-1
    6497740
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5349
http://sunsolve.sun.com/search/document.do?assetkey=1-26-246266-1
    6484091
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5350
http://sunsolve.sun.com/search/document.do?assetkey=1-26-245246-1
    4486841
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5351
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244992-1
    6755943
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5352
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244991-1
    6734167
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244990-1
    6733959
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5354
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1
    6726779, 6733336, 6751322, 6766136
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5357
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5358
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5359
http://sunsolve.sun.com/search/document.do?assetkey=1-26-244986-1
    6721753
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5360

-- 
Kees Cook                                            @outflux.net