June 2007 - security [ARCHIVED] - Fedora Mailing-Lists

by fedora-extras-commits＠redhat.com

Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28545 Modified Files: fc7 Log Message: Sort out cpio Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- fc7 18 Jun 2007 21:31:40 -0000 1.18 +++ fc7 20 Jun 2007 18:59:53 -0000 1.19 @@ -1136,7 +1136,7 @@ *CVE-2005-4442 version (openldap) gentoo only *CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471] *CVE-2005-4348 version (fetchmail, fixed 6.3.1) -*CVE-2005-4268 backport (cpio) cpio-2.6-writeOutHeaderBufferOverflow.patch +CVE-2005-4268 backport (cpio) cpio-2.6-writeOutHeaderBufferOverflow.patch *CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment *CVE-2005-4154 ignore (php) don't install untrusted pear packages *CVE-2005-4153 version (mailman) @@ -1498,7 +1498,7 @@ CVE-2005-1262 version (gaim, fixed gaim:1.5.0) CVE-2005-1261 version (gaim, fixed gaim:1.5.0) *CVE-2005-1260 version (bzip2, fixed 1.0.3) -*CVE-2005-1229 backport (cpio) cpio-2.6-dirTraversal.patch +CVE-2005-1229 backport (cpio) cpio-2.6-dirTraversal.patch *CVE-2005-1228 backport (gzip) changelog *CVE-2005-1194 backport (nasm) changelog *CVE-2005-1184 ignore (kernel) expected to not be an issue @@ -1514,7 +1514,7 @@ *CVE-2005-1155 version (firefox) *CVE-2005-1154 version (firefox) *CVE-2005-1153 version (firefox) -*CVE-2005-1111 backport (cpio) cpio-2.6-chmodRaceC.patch +CVE-2005-1111 backport (cpio) cpio-2.6-chmodRaceC.patch *CVE-2005-1065 version (tetex) not upstream version *CVE-2005-1061 version (logwatch, fixed 4.3.2 at least) *CVE-2005-1046 version (kdelibs, fixed after 3.4.0) @@ -2620,7 +2620,7 @@ CVE-2000-1137 version (ed, fixed 0.2-18.1) *CVE-2000-0992 (krb5) *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) -*CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch +CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) CVE-1999-0710 version (squid, fixed 2.5.STABLE10) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7,1.17,1.18

by fedora-extras-commits＠redhat.com

Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23904 Modified Files: fc7 Log Message: Deal with ed Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- fc7 18 Jun 2007 17:59:55 -0000 1.17 +++ fc7 18 Jun 2007 21:31:40 -0000 1.18 @@ -305,7 +305,7 @@ *CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6939 VULNERABLE (ed, fixed 0.3) #223075 +CVE-2006-6939 version (ed, fixed 0.3) #223075 *CVE-2006-6899 version (bluez-utils, fixed 2.23) *CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019] *CVE-2006-6811 ignore (ksirc) DoS only @@ -2617,7 +2617,7 @@ *CVE-2001-0235 (vixie-cron) CVE-2001-0187 ignore, no-ship (wu-ftpd) *CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch -*CVE-2000-1137 (ed) +CVE-2000-1137 version (ed, fixed 0.2-18.1) *CVE-2000-0992 (krb5) *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc5, 1.460, 1.461 fc6, 1.218, 1.219 fc7, 1.16, 1.17

by fedora-extras-commits＠redhat.com

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29900 Modified Files: fc5 fc6 fc7 Log Message: CVE-2007-2873 (spamassassin) fixed Index: fc5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc5,v retrieving revision 1.460 retrieving revision 1.461 diff -u -r1.460 -r1.461 --- fc5 13 Jun 2007 14:00:41 -0000 1.460 +++ fc5 18 Jun 2007 17:59:55 -0000 1.461 @@ -4,6 +4,7 @@ ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243891 +CVE-2007-2873 version (spamassassin, fixed 3.1.9) CVE-2007-1565 ignore (konqueror) client crash CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] CVE-2007-1475 ignore (php) unshipped ibase extension Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.218 retrieving revision 1.219 diff -u -r1.218 -r1.219 --- fc6 13 Jun 2007 14:00:41 -0000 1.218 +++ fc6 18 Jun 2007 17:59:55 -0000 1.219 @@ -4,6 +4,7 @@ ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243892 +CVE-2007-2873 version (spamassassin, fixed 3.1.9) CVE-2007-2438 VULNERABLE (vim) #238734 CVE-2007-1856 VULNERABLE (vixie-cron) #235882 CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- fc7 18 Jun 2007 17:03:11 -0000 1.16 +++ fc7 18 Jun 2007 17:59:55 -0000 1.17 @@ -19,6 +19,7 @@ *CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] *CVE-2007-2874 (wpa_supplicant) #242455 +CVE-2007-2873 version (spamassassin, fixed 3.2.1) *CVE-2007-2871 version (seamonkey, fixed 1.0.9) *CVE-2007-2870 version (seamonkey, fixed 1.0.9) *CVE-2007-2869 (firefox) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7,1.15,1.16

by fedora-extras-commits＠redhat.com

Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16356 Modified Files: fc7 Log Message: Processed gaim. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- fc7 18 Jun 2007 14:07:25 -0000 1.15 +++ fc7 18 Jun 2007 17:03:11 -0000 1.16 @@ -1365,7 +1365,7 @@ *CVE-2005-2410 version (NetworkManager, fixed 5.0) *CVE-2005-2395 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=281851 *CVE-2005-2370 version (kdenetwork, fixed 3.4.2) -*CVE-2005-2370 version (gaim, fixed 1.5.0) +CVE-2005-2370 version (gaim, fixed gaim:1.5.0) *CVE-2005-2369 version (kdenetwork, fixed 3.4.2) *CVE-2005-2368 version (vim, fixed 6.3.086 at least) *CVE-2005-2367 version (wireshark, fixed 0.10.12) @@ -1399,8 +1399,8 @@ *CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) *CVE-2005-2114 version (firefox, fixed 1.0.5) *CVE-2005-2104 version (sysreport, fixed 1.4.1-5) -*CVE-2005-2103 version (gaim, fixed 1.5.0) -*CVE-2005-2102 version (gaim, fixed 1.5.0) +CVE-2005-2103 version (gaim, fixed gaim:1.5.0) +CVE-2005-2102 version (gaim, fixed gaim:1.5.0) *CVE-2005-2101 version (kdeedu, fixed after 3.4.2) *CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4 *CVE-2005-2099 version (kernel, fixed 2.6.12.5) @@ -1417,7 +1417,7 @@ *CVE-2005-1993 version (sudo, fixed 1.6.8p9) *CVE-2005-1992 version (ruby, fixed 1.8.3 at least) *CVE-2005-1937 version (firefox, fixed 1.0.5) -*CVE-2005-1934 version (gaim, fixed 1.3.1) +CVE-2005-1934 version (gaim, fixed gaim:1.5.0) *CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) *CVE-2005-1920 version (kdelibs, fixed 3.4.1) *CVE-2005-1918 version (tar) @@ -1487,15 +1487,15 @@ *CVE-2005-1278 version (tcpdump, fixed 3.9.2) *CVE-2005-1277 ignore (dupe) *CVE-2005-1275 version (ImageMagick, fixed 6.2.2) -*CVE-2005-1269 version (gaim, fixed 1.3.1) +CVE-2005-1269 version (gaim, gaim:fixed 1.5.0) *CVE-2005-1268 version (httpd, not 2.2) *CVE-2005-1267 version (tcpdump, fixed 3.9.4 at least) *CVE-2005-1266 version (spamassassin, fixed 3.0.4) *CVE-2005-1265 version (kernel) *CVE-2005-1264 version (kernel) *CVE-2005-1263 version (kernel) -*CVE-2005-1262 version (gaim, fixed 1.3.0) -*CVE-2005-1261 version (gaim, fixed 1.3.0) +CVE-2005-1262 version (gaim, fixed gaim:1.5.0) +CVE-2005-1261 version (gaim, fixed gaim:1.5.0) *CVE-2005-1260 version (bzip2, fixed 1.0.3) *CVE-2005-1229 backport (cpio) cpio-2.6-dirTraversal.patch *CVE-2005-1228 backport (gzip) changelog @@ -1527,9 +1527,9 @@ *CVE-2005-0989 version (firefox, fixed 1.0.3) *CVE-2005-0988 backport (gzip) changelog *CVE-2005-0977 version (kernel, fixed 2.6.11) -*CVE-2005-0967 version (gaim, fixed 1.2.1) -*CVE-2005-0966 version (gaim, fixed 1.2.1) -*CVE-2005-0965 version (gaim, fixed 1.2.1) +CVE-2005-0967 version (gaim, fixed gaim:1.5.0) +CVE-2005-0966 version (gaim, fixed gaim:1.5.0) +CVE-2005-0965 version (gaim, fixed gaim:1.5.0) *CVE-2005-0953 backport (bzip2) bzip2-1.0.2-chmod.patch *CVE-2005-0941 version (openoffice.org, fixed 1.9 m95) *CVE-2005-0937 version (kernel, fixed 2.6.11) @@ -1605,8 +1605,8 @@ *CVE-2005-0489 version (kernel, not 2.6) *CVE-2005-0488 backport (telnet) *CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch -*CVE-2005-0473 version (gaim, fixed 1.1.3) -*CVE-2005-0472 version (gaim, fixed 1.1.3) +CVE-2005-0473 version (gaim, fixed gaim:1.5.0) +CVE-2005-0472 version (gaim, fixed gaim:1.5.0) *CVE-2005-0470 version (wpa_supplicant, fixed 0.2.7) *CVE-2005-0469 version (krb5, fixed 1.4.1) *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch @@ -1649,7 +1649,7 @@ CVE-2005-0211 version (squid, fixed 2.5.STABLE8) *CVE-2005-0210 version (kernel, fixed 2.6.11) *CVE-2005-0209 version (kernel, fixed 2.6.11) -*CVE-2005-0208 version (gaim, fixed 1.1.4) +CVE-2005-0208 version (gaim, fixed gaim:1.5.0) *CVE-2005-0207 version (kernel, fixed 2.6.11) *CVE-2005-0205 version (kdenetwork, not 3.3+) *CVE-2005-0204 version (kernel) didn't affect upstream @@ -1736,7 +1736,7 @@ *CVE-2004-2645 (asn1c) *CVE-2004-2644 (asn1c) *CVE-2004-2607 version (kernel, fixed 2.6.5) -*CVE-2004-2589 version (gaim, fixed 0.82) +CVE-2004-2589 version (gaim, fixed gaim:0.82.1) *CVE-2004-2546 version (samba, fixed 3.0.6) *CVE-2004-2541 ignore (cscope) blocked by FORTIFY_SOURCE *CVE-2004-2536 version (kernel, fixed 2.6.7) @@ -1913,7 +1913,7 @@ *CVE-2004-0907 version (firefox) *CVE-2004-0906 version (thunderbird) *CVE-2004-0906 version (firefox) -*CVE-2004-0891 version (gaim, fixed 1.0.2) +CVE-2004-0891 version (gaim, fixed gaim:1.0.2) *CVE-2004-0888 version (tetex, fixed 3.0) *CVE-2004-0888 version (kdegraphics, not 3.4) *CVE-2004-0888 version (cups) @@ -1958,8 +1958,8 @@ *CVE-2004-0790 version (kernel, not 2.6) *CVE-2004-0788 version (gtk2, fixed 2.6.7 at least) *CVE-2004-0786 version (apr-util, not httpd-2.2) -*CVE-2004-0785 version (gaim, fixed 0.82) -*CVE-2004-0784 version (gaim, fixed 0.82) +CVE-2004-0785 version (gaim, fixed gaim:0.82.1) +CVE-2004-0784 version (gaim, fixed gaim:0.82.1) *CVE-2004-0783 version (gtk2, fixed 2.6.7 at least) *CVE-2004-0782 version (gtk2, fixed 2.6.7 at least) *CVE-2004-0779 version (thunderbird) @@ -1968,7 +1968,7 @@ *CVE-2004-0772 version (krb5, fixed after 1.2.8) *CVE-2004-0768 version (libpng, fixed 1.2.6) *CVE-2004-0755 version (ruby, fixed 1.8.1) -*CVE-2004-0754 version (gaim, fixed 0.82) +CVE-2004-0754 version (gaim, fixed gaim:0.82.1) *CVE-2004-0753 version (gtk2, fixed after 2.2.4) *CVE-2004-0752 version (openoffice.org, fixed after 1.1.2) *CVE-2004-0751 version (httpd, not 2.2) @@ -2027,7 +2027,7 @@ *CVE-2004-0506 version (wireshark, fixed 0.10.4) *CVE-2004-0505 version (wireshark, fixed 0.10.4) *CVE-2004-0504 version (wireshark, fixed 0.10.4) -*CVE-2004-0500 version (gaim, fixed 0.82) +CVE-2004-0500 version (gaim, fixed gaim:0.82.1) *CVE-2004-0497 version (kernel, fixed 2.6.8) *CVE-2004-0496 version (kernel, fixed 2.6.8) *CVE-2004-0495 version (kernel, fixed 2.6.8) @@ -2127,10 +2127,10 @@ *CVE-2004-0055 version (tcpdump, fixed 3.8.2) *CVE-2004-0042 ignore (vsftpd) disputed *CVE-2004-0010 version (kernel, not 2.6) -*CVE-2004-0008 version (gaim, fixed 0.75) -*CVE-2004-0007 version (gaim, fixed 0.75) -*CVE-2004-0006 version (gaim, fixed 0.76) -*CVE-2004-0005 version (gaim, fixed 0.76) +CVE-2004-0008 version (gaim, fixed gaim:0.76) +CVE-2004-0007 version (gaim, fixed gaim:0.76) +CVE-2004-0006 version (gaim, fixed gaim:0.76) +CVE-2004-0005 version (gaim, fixed gaim:0.76) *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) CVE-2003-1329 ignore, no-ship (wu-ftpd) @@ -2481,7 +2481,7 @@ *CVE-2002-1146 version (bind, not 8.3+) *CVE-2002-1131 version (squirrelmail, fixed 1.2.8) *CVE-2002-1119 version (python, fixed 2.2.2) -*CVE-2002-0989 version (gaim, fixed 0.59.1) +CVE-2002-0989 version (gaim, fixed gaim:0.59.1) *CVE-2002-0986 version (php, fixed 4.2.3) *CVE-2002-0985 version (php, fixed 4.2.3) *CVE-2002-0972 version (postgresql, fixed 7.2.2) @@ -2552,11 +2552,11 @@ *CVE-2002-0391 version (glibc, fixed after 2.2.5) *CVE-2002-0389 ignore (mailman) upstream say not a vulnerability *CVE-2002-0388 version (mailman, fixed 2.0.11) -*CVE-2002-0384 version (gaim, fixed 0.58) +CVE-2002-0384 version (gaim, fixed gaim:0.58) *CVE-2002-0382 version (xchat, fixed 1.9.1) *CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) *CVE-2002-0379 version (imap, vuln code removed imap-2002) -*CVE-2002-0377 version (gaim, fixed 0.58) +CVE-2002-0377 version (gaim, fixed gaim:0.58) *CVE-2002-0374 version (pam_ldap, fixed 144) *CVE-2002-0363 version (ghostscript, fixed 6.53) *CVE-2002-0353 version (wireshark, fixed ethereal 0.9.3) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7,1.14,1.15

by fedora-extras-commits＠redhat.com

Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22363 Modified Files: fc7 Log Message: Note a galeon CVE id Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- fc7 17 Jun 2007 07:09:12 -0000 1.14 +++ fc7 18 Jun 2007 14:07:25 -0000 1.15 @@ -9,6 +9,7 @@ CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3145 VULNERABLE (galeon) ** *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

[Bug 231734] New: CVE-2007-1246: xine-lib buffer overflow

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231734 Summary: CVE-2007-1246: xine-lib buffer overflow Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: xine-lib AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list@redhat.com,ville.skytta(a)iki.fi http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1246 Originally reported against MPlayer, but it turns out xine-lib is vulnerable too. Upstream fix pushed to FC6+ (1.1.4-3 currently building), but FC5 is still at 1.1.2, probably already lacking "several bug and security fixes" as put by upstream in the 1.1.3 release announcement. No FC5 system here to test with, so leaving up to Aurelien to decide whether to update while at it or just to possibly apply the patch for this issue from FC6+ (if it applies, unchecked). ------- Additional Comments From ville.skytta(a)iki.fi 2007-03-10 17:29 EST ------- Created an attachment (id=149781) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=149781&action=view) Fix from upstream CVS -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 10 months

1
2
0 / 0

fedora-security/audit fc7, 1.13, 1.14 fe5, 1.205, 1.206 fe6, 1.119, 1.120

by fedora-extras-commits＠redhat.com

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23941 Modified Files: fc7 fe5 fe6 Log Message: +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- fc7 16 Jun 2007 09:27:42 -0000 1.13 +++ fc7 17 Jun 2007 07:09:12 -0000 1.14 @@ -5,6 +5,7 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.205 retrieving revision 1.206 diff -u -r1.205 -r1.206 --- fe5 16 Jun 2007 09:27:42 -0000 1.205 +++ fe5 17 Jun 2007 07:09:12 -0000 1.206 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.119 retrieving revision 1.120 diff -u -r1.119 -r1.120 --- fe6 16 Jun 2007 09:27:42 -0000 1.119 +++ fe6 17 Jun 2007 07:09:12 -0000 1.120 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7, 1.12, 1.13 fe5, 1.204, 1.205 fe6, 1.118, 1.119

by fedora-extras-commits＠redhat.com

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32044 Modified Files: fc7 fe5 fe6 Log Message: +CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- fc7 14 Jun 2007 21:14:22 -0000 1.12 +++ fc7 16 Jun 2007 09:27:42 -0000 1.13 @@ -5,6 +5,7 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 *CVE-2007-3121 version (zvbi, fixed 0.2.25) Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.204 retrieving revision 1.205 diff -u -r1.204 -r1.205 --- fe5 14 Jun 2007 21:14:22 -0000 1.204 +++ fe5 16 Jun 2007 09:27:42 -0000 1.205 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3121 version (zvbi, fixed 0.2.25) Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.118 retrieving revision 1.119 diff -u -r1.118 -r1.119 --- fe6 14 Jun 2007 21:14:22 -0000 1.118 +++ fe6 16 Jun 2007 09:27:42 -0000 1.119 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3121 version (zvbi, fixed 0.2.25) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7, 1.11, 1.12 fe5, 1.203, 1.204 fe6, 1.117, 1.118

by fedora-extras-commits＠redhat.com

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9826 Modified Files: fc7 fe5 fe6 Log Message: c-ares CVE ids assigned Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- fc7 14 Jun 2007 19:38:18 -0000 1.11 +++ fc7 14 Jun 2007 21:14:22 -0000 1.12 @@ -5,7 +5,8 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 -*CVE-NOID VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.203 retrieving revision 1.204 diff -u -r1.203 -r1.204 --- fe5 10 Jun 2007 10:00:53 -0000 1.203 +++ fe5 14 Jun 2007 21:14:22 -0000 1.204 @@ -2,7 +2,8 @@ ** are items that need attention -CVE-NOID VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.117 retrieving revision 1.118 diff -u -r1.117 -r1.118 --- fe6 10 Jun 2007 10:00:53 -0000 1.117 +++ fe6 14 Jun 2007 21:14:22 -0000 1.118 @@ -2,7 +2,8 @@ ** are items that need attention -CVE-NOID VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7,1.10,1.11

by fedora-extras-commits＠redhat.com

Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13867 Modified Files: fc7 Log Message: Add 3 new fixed kernel CVEs with new update Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- fc7 14 Jun 2007 03:53:59 -0000 1.10 +++ fc7 14 Jun 2007 19:38:18 -0000 1.11 @@ -13,6 +13,7 @@ *CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 +CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] *CVE-2007-2874 (wpa_supplicant) #242455 *CVE-2007-2871 version (seamonkey, fixed 1.0.9) *CVE-2007-2870 version (seamonkey, fixed 1.0.9) @@ -41,6 +42,8 @@ *CVE-2007-2510 (php) *CVE-2007-2509 (php) *CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213 +CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] +CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] *CVE-2007-2452 (locate) *CVE-2007-2447 (samba) *CVE-2007-2446 (samba) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] June 2007