Add 133 new statements, strict subset of Prospector's findings

Author: matteogreek

statements/CVE-2009-2625/statement.yaml

@@ -0,0 +1,92 @@
+vulnerability_id: CVE-2009-2625
+notes:
+- links:
+  - https://issues.apache.org/jira/browse/XERCESJ-1412.
+  text: XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
+fixes:
+- id: DEFAULT_BRANCH
+  commits:
+  - id: "787352"
+    repository: http://svn.apache.org/repos/asf/xerces/java
+artifacts:
+- id: pkg:maven/xerces/xercesImpl@2.11.0
+  reason: Reviewed manually
+  affected: false
+- id: pkg:maven/xerces/xercesImpl@2.8.1
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.4.0
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.0.2
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.0.2
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.9.0
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.9.0
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.6.2
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.8.0
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.3.0
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.3.0
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.7.1
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.7.1
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.2.1
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.2.1
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/org.apache.servicemix.bundles/org.apache.servicemix.bundles.xerces@2.9.1_5
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/org.apache.servicemix.bundles/org.apache.servicemix.bundles.xerces@2.9.1_5
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.11.0
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: false
+- id: pkg:maven/xerces/xercesImpl@2.10.0
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: false
+- id: pkg:maven/xerces/xercesImpl@2.9.1
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.9.1
+  reason: Reviewed manually
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.6.1
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/xerces/xercesImpl@2.12.0
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: false
+- id: pkg:maven/org.apache.servicemix.bundles/org.apache.servicemix.bundles.xerces@2.12.0_1
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: false
+- id: pkg:maven/com.rackspace.apache/xerces2-xsd11@2.11.1
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: false
+- id: pkg:maven/org.apache.avro/avro-tools@1.9.1
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true
+- id: pkg:maven/org.apache.avro/avro-tools@1.9.2
+  reason: Assessed with Eclipse Steady (AST_EQUALITY)
+  affected: true