February 2007 - security [ARCHIVED]

[Bug 227415] New: CVE-2007-0657 - vulnerability in Nexuiz 2.2.2

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227415 Summary: CVE-2007-0657 - vulnerability in Nexuiz 2.2.2 Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: nexuiz AssignedTo: adrian(a)lisas.de ReportedBy: deisenst(a)gtw.net QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com According to http://www.alientrap.org/devwiki/index.php?n=Nexuiz.Patch, Nexuiz 2.2.3 fixes a remote file read/write security hole: "fix severe remote file read/overwrite security hole in 'gamedir' command (2.2.1 was NOT affected as the command was new in 2.2.2)." It is CVE-2007-0657. Although it claims 2.2.1 (the current Fedora Extras release) is not affected, we may want to upgrade anyway? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
1
0 / 0

[Bug 214820] New: CVE-2006-5815: proftpd unspecified vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820 Summary: CVE-2006-5815: proftpd unspecified vulnerability Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: proftpd AssignedTo: matthias(a)rpmforge.net ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5815 Very little information available at the moment. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
24
0 / 0

[Bug 194511] CVE-2006-2894 arbitrary file read vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2894 arbitrary file read vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194511 ------- Additional Comments From kengert(a)redhat.com 2007-02-02 14:26 EST ------- Adding reference to Mozilla bug. Looks like nobody is working on backporting the fix to the branch. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
0
0 / 0

[Bug 225919] New: CVE-2007-0619: chmlib < 0.3.9 arbitrary code execution

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225919 Summary: CVE-2007-0619: chmlib < 0.3.9 arbitrary code execution Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: chmlib AssignedTo: lemenkov(a)gmail.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0619 "chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption." FC5+ seemingly affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
1
0 / 0

[Bug 225469] New: wordpress < 2.1 multiple vulnerabilities

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225469 Summary: wordpress < 2.1 multiple vulnerabilities Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: wordpress AssignedTo: jwb(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com Multiple (low CVSS score) vulnerabilities reported against Wordpress < 2.1: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0541 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
2
0 / 0

[Bug 223101] New: CVE-2007-0{106, 107, 109, 262}: Wordpress < 2.0.7 multiple vulnerabilities

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223101 Summary: CVE-2007-0{106,107,109,262}: Wordpress < 2.0.7 multiple vulnerabilities Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: wordpress AssignedTo: jwb(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0262 FE5+ apparently affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
2
0 / 0

[Bug 221023] New: CVE-2006-6808: wordpress 2.0.5 XSS vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=221023 Summary: CVE-2006-6808: wordpress 2.0.5 XSS vulnerability Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: normal Component: wordpress AssignedTo: jwb(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6808 "Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter." All FE4+ releases affected. This is supposedly fixed in 2.0.6, but it looks like it hasn't been released yet. Patch at http://trac.wordpress.org/changeset/4665 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 2 months

1
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] February 2007