fedora-security/audit f8, 1.37, 1.38 f9, 1.32, 1.33 fc7, 1.194, 1.195
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17181/audit
Modified Files:
f8 f9 fc7
Log Message:
note drupal cve id
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- f8 10 Dec 2007 16:12:14 -0000 1.37
+++ f8 10 Dec 2007 19:23:30 -0000 1.38
@@ -7,7 +7,7 @@
# Up to date CVE as of CVE email 20071030
# Up to date F8 as of 20071029
-GENERIC-MAP-NOMATCH version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
+CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761
GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761
GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412761
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- f9 10 Dec 2007 16:12:14 -0000 1.32
+++ f9 10 Dec 2007 19:23:30 -0000 1.33
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20071030
# Up to date F9 as of 20071029
+CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031
CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9]
CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.194
retrieving revision 1.195
diff -u -r1.194 -r1.195
--- fc7 10 Dec 2007 16:12:14 -0000 1.194
+++ fc7 10 Dec 2007 19:23:30 -0000 1.195
@@ -8,7 +8,7 @@
# Up to date CVE as of CVE email 20071030
# Up to date FC7 as of 20071029
-GENERIC-MAP-NOMATCH version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
+CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751
GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751
GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412751
16 years, 5 months
fedora-security/audit fc6,1.305,1.306
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4763/audit
Modified Files:
fc6
Log Message:
note last FC6 updates that managed to get in before EOL
fix EOL message
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.305
retrieving revision 1.306
diff -u -r1.305 -r1.306
--- fc6 7 Dec 2007 14:53:17 -0000 1.305
+++ fc6 10 Dec 2007 18:10:07 -0000 1.306
@@ -5,16 +5,22 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# Up to date CVE as of CVE email 20071030
-# Up to date FC6 as of 20071029
+# Up to date FC6 as of 20071207
-# This list is no longer maintained by the Red Hat security
-# response team as of 29th June 2007 (two months after the
+# This list is no longer maintained by the Red Hat Security Response
+# Team as of 7th December 2007 (EOL date of FC6, ~one month after the
# release date of Fedora 8)
+#
+# Zod's dead baby, Zod's dead...
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
+CVE-2007-6110 backport (htdig) [since FEDORA-2007-757]
+CVE-2007-5960 backport (mozilla) [since FEDORA-2007-756]
+CVE-2007-5959 backport (mozilla) [since FEDORA-2007-756]
+CVE-2007-5947 backport (mozilla) [since FEDORA-2007-756]
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-5937 backport (tetex) #379841 [since FEDORA-2007-750] Multiple dviljk buffer overflows
CVE-2007-5936 backport (tetex) #379841 [since FEDORA-2007-750] dviljk uses insecure temporary file
@@ -26,6 +32,8 @@
CVE-2007-5770 backport (ruby) #373371 [since FEDORA-2007-738]
CVE-2007-5708 backport (openldap) [since FEDORA-2007-741]
CVE-2007-5707 backport (openldap) [since FEDORA-2007-741]
+CVE-2007-5501 version (kernel) [since FEDORA-2007-759]
+CVE-2007-5500 version (kernel) [since FEDORA-2007-759]
CVE-2007-5461 VULNERABLE (tomcat5) #334521
CVE-2007-5398 backport (samba) [since FEDORA-2007-751]
CVE-2007-5393 backport (cups) [since FEDORA-2007-746]
@@ -52,12 +60,12 @@
CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718]
CVE-2007-5137 backport (tk, fixed 8.4.16) #332071 [since FEDORA-2007-728]
CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-725]
-CVE-2007-5116 VULNERABLE (perl) #378121
+CVE-2007-5116 backport (perl) #378121 [since FEDORA-2007-748]
CVE-2007-5079 VULNERABLE (gdm) #363031
CVE-2007-5034 version (elinks) #297611 [since FEDORA-2007-710]
CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-725]
CVE-2007-4993 backport (xen) [since FEDORA-2007-713]
-CVE-2007-4990 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373321
+CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) #373321 [since FEDORA-2007-763]
CVE-2007-4965 VULNERABLE (python) imageop module heap overflow #373281
CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561
CVE-2007-4897 VULNERABLE (opal, fixed 2.2.8) #297561
@@ -78,10 +86,11 @@
CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709]
CVE-2007-4657 ignore (php, fixed 5.2.4) arbitrary read not remotely triggerable
CVE-2007-4619 backport (flac, fixed 1.2) #332581 [since FEDORA-2007-730]
+CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-762]
CVE-2007-4572 backport (samba) [since FEDORA-2007-751]
CVE-2007-4571 version (kernel) [since FEDORA-2007-714]
CVE-2007-4569 backport (kdebase) #299741 [since FEDORA-2007-716]
-CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373251
+CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) #373251 [since FEDORA-2007-763]
CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689]
CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
16 years, 5 months
fedora-security/audit f8, 1.36, 1.37 f9, 1.31, 1.32 fc7, 1.193, 1.194
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10991/audit
Modified Files:
f8 f9 fc7
Log Message:
add samba
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- f8 10 Dec 2007 14:31:34 -0000 1.36
+++ f8 10 Dec 2007 16:12:14 -0000 1.37
@@ -24,6 +24,7 @@
CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
CVE-2007-6061 VULNERABLE (audacity) #393251
+CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28)
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- f9 10 Dec 2007 14:31:34 -0000 1.31
+++ f9 10 Dec 2007 16:12:14 -0000 1.32
@@ -21,6 +21,7 @@
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2)
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9]
+CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28)
CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.193
retrieving revision 1.194
diff -u -r1.193 -r1.194
--- fc7 10 Dec 2007 14:31:34 -0000 1.193
+++ fc7 10 Dec 2007 16:12:14 -0000 1.194
@@ -26,6 +26,7 @@
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
+CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28)
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
16 years, 5 months
fedora-security/audit f8, 1.35, 1.36 f9, 1.30, 1.31 fc7, 1.192, 1.193
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22232/audit
Modified Files:
f8 f9 fc7
Log Message:
fedora update
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- f8 5 Dec 2007 20:37:28 -0000 1.35
+++ f8 10 Dec 2007 14:31:34 -0000 1.36
@@ -7,19 +7,20 @@
# Up to date CVE as of CVE email 20071030
# Up to date F8 as of 20071029
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761
GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761
GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412761
CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412391
-CVE-2007-6210 VULNERABLE (zabbix) #407181 [since zabbix-1.4.2-4.fc8]
+CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
-CVE-2007-6201 VULNERABLE (wesnoth, fixed 1.2.8)
-CVE-2007-6183 VULNERABLE (ruby-gnome2) #405601
+CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
+CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216]
CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
CVE-2007-6061 VULNERABLE (audacity) #393251
@@ -43,26 +44,28 @@
CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
-CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8)
+CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788]
CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
CVE-2007-5707 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
CVE-2007-5690 version (zaptel) [since FEDORA-2007-2860] not really an issue
-CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362801
+CVE-2007-5624 version (nagios, fixed 2.10) #362801 [since FEDORA-2007-4145]
CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8
CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-3636]
+CVE-2007-5501 version (kernel) [since FEDORA-2007-3837]
+CVE-2007-5500 version (kernel) [since FEDORA-2007-3837]
CVE-2007-5461 version (tomcat5) #363001 [since FEDORA-2007-3474]
CVE-2007-5398 version (samba) [since FEDORA-2007-3403]
CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235]
CVE-2007-5393 backport (xpdf) #372471 [since FEDORA-2007-3014]
CVE-2007-5393 backport (cups) [since FEDORA-2007-2982]
-CVE-2007-5393 VULNERABLE (poppler) #372511
+CVE-2007-5393 version (poppler, fixed 0.6.2) #372511 [since FEDORA-2007-4031]
CVE-2007-5393 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
CVE-2007-5393 backport (koffice) #372601 [since FEDORA-2007-3093]
CVE-2007-5393 backport (tetex) #372661 [since FEDORA-2007-3308]
CVE-2007-5392 backport (xpdf) #372471 [since FEDORA-2007-3014]
CVE-2007-5392 backport (cups) [since FEDORA-2007-2982]
-CVE-2007-5392 VULNERABLE (poppler) #372511
+CVE-2007-5392 version (poppler, fixed 0.6.2) #372511 [since FEDORA-2007-4031]
CVE-2007-5392 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
CVE-2007-5392 backport (koffice) #372601 [since FEDORA-2007-3093]
CVE-2007-5392 backport (tetex) #372661 [since FEDORA-2007-3308]
@@ -83,6 +86,7 @@
CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281
CVE-2007-4752 version (openssh, fixed 4.7) #280461
CVE-2007-4619 version (flac, fixed 1.2) #332581
+CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-4172]
CVE-2007-4572 version (samba) [since FEDORA-2007-3403]
CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5)
CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
@@ -92,7 +96,7 @@
CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982]
CVE-2007-4352 backport (xpdf) #372471 [since FEDORA-2007-3014]
CVE-2007-4352 backport (cups) [since FEDORA-2007-2982]
-CVE-2007-4352 VULNERABLE (poppler) #372511
+CVE-2007-4352 version (poppler, fixed 0.6.2) #372511 [since FEDORA-2007-4031]
CVE-2007-4352 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
CVE-2007-4352 backport (koffice) #372601 [since FEDORA-2007-3093]
CVE-2007-4352 backport (tetex) #372661 [since FEDORA-2007-3308]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- f9 5 Dec 2007 17:01:31 -0000 1.30
+++ f9 10 Dec 2007 14:31:34 -0000 1.31
@@ -43,20 +43,20 @@
CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9]
CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
-CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362811
+CVE-2007-5624 version (nagios, fixed 2.10) #362811 [since nagios-2.10-3.fc9]
CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731
CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531
CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9]
CVE-2007-5393 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
CVE-2007-5393 backport (cups)
-CVE-2007-5393 VULNERABLE (poppler) #372521
+CVE-2007-5393 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
CVE-2007-5393 VULNERABLE (kdegraphics) #372581
CVE-2007-5393 VULNERABLE (koffice) #372611
CVE-2007-5393 version (tetex) #372671 [since tetex-3.0-48.fc9]
CVE-2007-5392 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
CVE-2007-5392 backport (cups)
-CVE-2007-5392 VULNERABLE (poppler) #372521
+CVE-2007-5392 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
CVE-2007-5392 VULNERABLE (kdegraphics) #372581
CVE-2007-5392 VULNERABLE (koffice) #372611
CVE-2007-5392 version (tetex) #372671 [since tetex-3.0-48.fc9]
@@ -72,6 +72,7 @@
CVE-2007-4999 version (pidgin, fixed 2.2.2)
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364291
+CVE-2007-4575 version (openoffice.org, fixed 2.3.1) [since openoffice.org-2.3.1-9.1.fc9]
CVE-2007-4752 version (openssh, fixed 4.7) #280461
CVE-2007-4619 version (flac, fixed 1.2) #332581
CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5)
@@ -80,7 +81,7 @@
CVE-2007-4400 VULNERABLE (konversation) #362931 Remove media script?
CVE-2007-4352 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
CVE-2007-4352 backport (cups)
-CVE-2007-4352 VULNERABLE (poppler) #372521
+CVE-2007-4352 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
CVE-2007-4352 VULNERABLE (kdegraphics) #372581
CVE-2007-4352 VULNERABLE (koffice) #372611
CVE-2007-4352 version (tetex) #372671 [since tetex-3.0-48.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.192
retrieving revision 1.193
diff -u -r1.192 -r1.193
--- fc7 5 Dec 2007 20:37:28 -0000 1.192
+++ fc7 10 Dec 2007 14:31:34 -0000 1.193
@@ -8,19 +8,20 @@
# Up to date CVE as of CVE email 20071030
# Up to date FC7 as of 20071029
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751
GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751
GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412751
CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412381
-CVE-2007-6210 VULNERABLE (zabbix) #407181 [since zabbix-1.4.2-3.fc7]
+CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
-CVE-2007-6201 VULNERABLE (wesnoth, fixed 1.2.8)
-CVE-2007-6183 VULNERABLE (ruby-gnome2) #405591
+CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
+CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229]
CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
CVE-2007-6061 VULNERABLE (audacity) #393251
@@ -44,7 +45,7 @@
CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
-CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8)
+CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
CVE-2007-5715 backport (denyhosts) fixed long ago
CVE-2007-5712 version (Django, fixed 0.96.1) #362761 [since FEDORA-2007-3157]
@@ -52,7 +53,7 @@
CVE-2007-5707 backport (openldap, fixed 2.3.39) #360081 [since FEDORA-2007-3124]
CVE-2007-5690 version (zaptel) [since FEDORA-2007-3094] not really an issue
CVE-2007-5626 ignore (bacula) known, documented limitation
-CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362791
+CVE-2007-5624 version (nagios, fixed 2.10) #362791 [since FEDORA-2007-4123]
CVE-2007-5623 backport (nagios-plugins) #348731 [since FEDORA-2007-2713]
CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
@@ -62,6 +63,8 @@
CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738]
CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652]
CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652]
+CVE-2007-5501 version (kernel) [since FEDORA-2007-3751]
+CVE-2007-5500 version (kernel) [since FEDORA-2007-3751]
CVE-2007-5461 version (tomcat5) #334511 [since FEDORA-2007-3456]
CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe
CVE-2007-5398 version (samba) [since FEDORA-2007-3402]
@@ -148,6 +151,7 @@
CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
CVE-2007-4619 version (flac, fixed 1.2) #332571 [since FEDORA-2007-2596]
+CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-4120]
CVE-2007-4573 version (kernel) [since FEDORA-2007-2298]
CVE-2007-4572 version (samba) [since FEDORA-2007-3402]
CVE-2007-4571 version (kernel) [since FEDORA-2007-2349]
16 years, 5 months
fedora-security/audit fc6,1.304,1.305
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12004/audit
Modified Files:
fc6
Log Message:
Goodbye Fedora Core! I've been pleased to meet you!
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.304
retrieving revision 1.305
diff -u -r1.304 -r1.305
--- fc6 4 Dec 2007 09:09:10 -0000 1.304
+++ fc6 7 Dec 2007 14:53:17 -0000 1.305
@@ -7,6 +7,10 @@
# Up to date CVE as of CVE email 20071030
# Up to date FC6 as of 20071029
+# This list is no longer maintained by the Red Hat security
+# response team as of 29th June 2007 (two months after the
+# release date of Fedora 8)
+
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
16 years, 5 months
fedora-security/tools generate-manifest, 1.4, 1.4.2.1
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12004/tools
Modified Files:
Tag: lkundrak-tools-ng
generate-manifest
Log Message:
Goodbye Fedora Core! I've been pleased to meet you!
Index: generate-manifest
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/generate-manifest,v
retrieving revision 1.4
retrieving revision 1.4.2.1
diff -u -r1.4 -r1.4.2.1
--- generate-manifest 6 Nov 2007 15:39:24 -0000 1.4
+++ generate-manifest 7 Dec 2007 14:53:18 -0000 1.4.2.1
@@ -12,7 +12,6 @@
if [ -z "$@" ]
then
export TAGS="
- dist-fc6-updates
dist-fc7-updates
dist-f8-updates
dist-f9-build
16 years, 5 months
fedora-security/manifest dist-fc6-updates, 1.3, NONE
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/manifest
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12004/manifest
Removed Files:
dist-fc6-updates
Log Message:
Goodbye Fedora Core! I've been pleased to meet you!
--- dist-fc6-updates DELETED ---
16 years, 5 months
fedora-security/tools add-tracking-bugs, 1.2.2.2, 1.2.2.3
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31921/tools
Modified Files:
Tag: lkundrak-tools-ng
add-tracking-bugs
Log Message:
new bugzilla versioning
Index: add-tracking-bugs
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/add-tracking-bugs,v
retrieving revision 1.2.2.2
retrieving revision 1.2.2.3
diff -u -r1.2.2.2 -r1.2.2.3
--- add-tracking-bugs 19 Nov 2007 09:10:37 -0000 1.2.2.2
+++ add-tracking-bugs 6 Dec 2007 16:16:18 -0000 1.2.2.3
@@ -59,15 +59,19 @@
# Valid versions
my %versions = (
- 'f6', => 'fc6',
- 'fc6', => 'fc6',
- 'f7', => 'f7',
- 'fc7', => 'f7',
- 'f8', => 'f8',
- 'fc8', => 'f8',
- 'f9', => 'devel',
- 'fc9', => 'devel',
- 'devel', => 'devel',
+ '6', => '6',
+ 'f6', => '6',
+ 'fc6', => '6',
+ '7', => '7',
+ 'f7', => '7',
+ 'fc7', => '7',
+ '8', => '8',
+ 'f8', => '8',
+ 'fc8', => '8',
+ '9', => 'rawhide',
+ 'f9', => 'rawhide',
+ 'fc9', => 'rawhide',
+ 'devel', => 'rawhide',
);
# RPC
16 years, 5 months
fedora-security/audit f8, 1.34, 1.35 fc7, 1.191, 1.192
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14243
Modified Files:
f8 fc7
Log Message:
XFCE, rawhide seems fixed
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- f8 5 Dec 2007 17:01:31 -0000 1.34
+++ f8 5 Dec 2007 20:37:28 -0000 1.35
@@ -7,6 +7,9 @@
# Up to date CVE as of CVE email 20071030
# Up to date F8 as of 20071029
+GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761
+GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761
+GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412761
CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412391
CVE-2007-6210 VULNERABLE (zabbix) #407181 [since zabbix-1.4.2-4.fc8]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.191
retrieving revision 1.192
diff -u -r1.191 -r1.192
--- fc7 5 Dec 2007 17:01:31 -0000 1.191
+++ fc7 5 Dec 2007 20:37:28 -0000 1.192
@@ -8,6 +8,9 @@
# Up to date CVE as of CVE email 20071030
# Up to date FC7 as of 20071029
+GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751
+GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751
+GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412751
CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412381
CVE-2007-6210 VULNERABLE (zabbix) #407181 [since zabbix-1.4.2-3.fc7]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
16 years, 5 months
fedora-security/audit f8, 1.33, 1.34 f9, 1.29, 1.30 fc7, 1.190, 1.191
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3776/audit
Modified Files:
f8 f9 fc7
Log Message:
squid possible dos
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- f8 4 Dec 2007 09:09:10 -0000 1.33
+++ f8 5 Dec 2007 17:01:31 -0000 1.34
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20071030
# Up to date F8 as of 20071029
+CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412391
CVE-2007-6210 VULNERABLE (zabbix) #407181 [since zabbix-1.4.2-4.fc8]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- f9 4 Dec 2007 09:09:10 -0000 1.29
+++ f9 5 Dec 2007 17:01:31 -0000 1.30
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20071030
# Up to date F9 as of 20071029
+CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9]
CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.190
retrieving revision 1.191
diff -u -r1.190 -r1.191
--- fc7 4 Dec 2007 09:09:10 -0000 1.190
+++ fc7 5 Dec 2007 17:01:31 -0000 1.191
@@ -8,6 +8,7 @@
# Up to date CVE as of CVE email 20071030
# Up to date FC7 as of 20071029
+CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412381
CVE-2007-6210 VULNERABLE (zabbix) #407181 [since zabbix-1.4.2-3.fc7]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
16 years, 5 months