June 2007 - security [ARCHIVED] - Fedora Mailing-Lists

by fedora-extras-commits＠redhat.com

Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19805 Modified Files: fc7 Log Message: Process openssh Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- fc7 12 Jun 2007 20:40:54 -0000 1.5 +++ fc7 13 Jun 2007 02:28:16 -0000 1.6 @@ -23,7 +23,7 @@ *CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 *CVE-2007-2799 (file) -*CVE-2007-2768 (openssh) +CVE-2007-2768 VULNERABLE (openssh) *CVE-2007-2756 ignore (gd) DoS only *CVE-2007-2754 (freetype) *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 @@ -54,7 +54,7 @@ *CVE-2007-2356 (gimp) *CVE-2007-2353 (axis) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 -*CVE-2007-2243 (openssh) +CVE-2007-2243 VULNERABLE (openssh, fixed 4.6) *CVE-2007-2241 (bind) *CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction *CVE-2007-2172 (kernel) @@ -395,7 +395,7 @@ *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 -*CVE-2006-5794 backport (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215] +CVE-2006-5794 version (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215] *CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263 *CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash *CVE-2006-5783 ignore (firefox) disputed @@ -449,7 +449,7 @@ *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 *CVE-2006-5276 VULNERABLE (snort) #229265 -*CVE-2006-5229 ignore (openssh) not reproduced +CVE-2006-5229 ignore (openssh) not reproduced *CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167 *CVE-2006-5215 version (xorg-x11-xdm) *CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession @@ -466,8 +466,8 @@ *CVE-2006-5129 version (moodle, fixed 1.6.3) #206516 *CVE-2006-5111 version (libksba, fixed 0.9.14) *CVE-2006-5072 backport (mono) -*CVE-2006-5052 VULNERABLE (openssh, fixed 4.4) -*CVE-2006-5051 backport (openssh, fixed 4.4) +CVE-2006-5052 version (openssh, fixed 4.4) +CVE-2006-5051 version (openssh, fixed 4.4) #208459 *CVE-2006-4997 version (kernel, fixed 2.6.18) *CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA *CVE-2006-4976 ** (php-adodb) #208299 @@ -480,8 +480,8 @@ *CVE-2006-4937 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4936 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4935 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4925 ignore (openssh) client crash only -*CVE-2006-4924 backport (openssh, fixed 4.4) +CVE-2006-4925 ignore (openssh) client crash only +CVE-2006-4924 version (openssh, fixed 4.4) #207957 *CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr *CVE-2006-4816 (php) *CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] @@ -982,7 +982,7 @@ *CVE-2006-0987 (bind) *CVE-2006-0903 version (mysql, 4.1.19) *CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-0883 (openssh) +CVE-2006-0883 version (openssh, fixed 3.8.1p1) *CVE-2006-0855 patch (zoo, patched in OpenSUSE "upstream", fixed 2.10-7) *CVE-2006-0847 version (python-cherrypy, fixed 2.1.1) *CVE-2006-0841 version (mantis, fixed 1.0.1) @@ -1066,7 +1066,7 @@ *CVE-2006-0292 version (firefox, fixed 1.5.1) *CVE-2006-0254 version (tomcat5, fixed 5.5.16) *CVE-2006-0236 ignore (thunderbird) windows only -*CVE-2006-0225 version (openssh, fixed 4.3p2) +CVE-2006-0225 version (openssh, fixed 4.3p2) #168167 *CVE-2006-0208 version (php, fixed 5.1.2) *CVE-2006-0207 version (php, fixed 5.1.2) *CVE-2006-0200 version (php, fixed 5.1.2) @@ -1295,8 +1295,8 @@ *CVE-2005-2811 version (net-snmp) not upstream, gentoo only *CVE-2005-2801 version (kernel, fixed 2.6.11) *CVE-2005-2800 version (kernel, fixed 2.6.12.6) -*CVE-2005-2798 version (openssh, fixed 4.2) -*CVE-2005-2797 version (openssh, fixed 4.2) +CVE-2005-2798 version (openssh, fixed 4.2) +CVE-2005-2797 version (openssh, fixed 4.2) *CVE-2005-2796 version (squid, fixed 2.5.STABLE11) *CVE-2005-2794 version (squid, fixed 2.5.STABLE11) *CVE-2005-2728 version (httpd, not 2.2) @@ -1319,7 +1319,7 @@ *CVE-2005-2700 version (httpd, not 2.2) *CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch *CVE-2005-2672 version (lm_sensors, fixed 2.9.2) -*CVE-2005-2666 version (openssh, fixed 4.0p1) +CVE-2005-2666 version (openssh, fixed 4.0p1) *CVE-2005-2642 version (mutt) openbsd only *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2629 (helixplayer) @@ -1751,7 +1751,7 @@ *CVE-2004-2136 ignore (dm-crypt) design *CVE-2004-2135 ignore (kernel) design CVE-2004-2093 ignore (rsync) not a security issue (rsync is not setuid) -*CVE-2004-2069 version (openssh, not 4) +CVE-2004-2069 version (openssh, not 4) *CVE-2004-2014 version (wget, fixed 1.10.1) *CVE-2004-2013 version (kernel, not 2.6) *CVE-2004-2004 version (configuration) SUSE only @@ -1761,7 +1761,7 @@ *CVE-2004-1772 version (sharutils, not 4.6) *CVE-2004-1761 version (wireshark, fixed 0.10.3) *CVE-2004-1689 version (sudo, fixed 1.6.8p1) -*CVE-2004-1653 ignore (openssh) +CVE-2004-1653 ignore (openssh) *CVE-2004-1639 version (firefox) *CVE-2004-1617 ignore (lynx) not able to verify flaw *CVE-2004-1488 version (wget, fixed 1.10.1) @@ -2082,7 +2082,7 @@ *CVE-2004-0178 version (kernel, not 2.6) *CVE-2004-0177 version (kernel, fixed 2.6.6) *CVE-2004-0176 version (wireshark, fixed 0.10.3) -*CVE-2004-0175 version (openssh, fixed 3.4p1) +CVE-2004-0175 version (openssh, fixed 3.4p1) *CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch *CVE-2004-0174 version (httpd, not 2.2) *CVE-2004-0173 version (httpd, not 2.2) @@ -2193,8 +2193,8 @@ *CVE-2003-0792 version (fetchmail, 6.2.4 only) *CVE-2003-0789 version (httpd, not 2.2) *CVE-2003-0788 version (cups, fixed 1.1.19) -*CVE-2003-0787 version (openssh, fixed 3.7.1p2) -*CVE-2003-0786 version (openssh, fixed 3.7.1p2) +CVE-2003-0787 version (openssh, fixed 3.7.1p2) +CVE-2003-0786 version (openssh, fixed 3.7.1p2) *CVE-2003-0780 version (mysql, not 4.1) *CVE-2003-0778 version (sane-backends, fixed 1.0.10) *CVE-2003-0777 version (sane-backends, fixed 1.0.10) @@ -2206,15 +2206,15 @@ *CVE-2003-0730 version (XFree86, fixed after 4.3.0) *CVE-2003-0700 version (kernel, not 2.6) *CVE-2003-0699 version (kernel, not 2.6) -*CVE-2003-0695 version (openssh, fixed 3.7.1) +CVE-2003-0695 version (openssh, fixed 3.7.1) *CVE-2003-0694 version (sendmail, fixed 8.12.10) -*CVE-2003-0693 version (openssh, fixed 3.7) +CVE-2003-0693 version (openssh, fixed 3.7) *CVE-2003-0692 version (kde, fixed after 3.1.3) *CVE-2003-0690 version (kde, fixed after 3.1.3) *CVE-2003-0689 version (glibc, fixed 2.3.2 at least) *CVE-2003-0688 version (sendmail, fixed 8.12.9) *CVE-2003-0686 version (pam_smb, fixed 1.1.7) -*CVE-2003-0682 version (openssh, fixed 4.0p1 at least) +CVE-2003-0682 version (openssh, fixed 4.0p1 at least) *CVE-2003-0681 version (sendmail, fixed 8.12.10) *CVE-2003-0655 version (cdrtools, fixed 2.01a18) *CVE-2003-0644 version (kdbg, not after 1.2.8) @@ -2260,7 +2260,7 @@ *CVE-2003-0427 backport (mikmod) from changelog *CVE-2003-0418 version (kernel, not 2.6) *CVE-2003-0388 version (pam, fixed 0.78) -*CVE-2003-0386 version (openssh, fixed after 3.6.1) +CVE-2003-0386 version (openssh, fixed after 3.6.1) *CVE-2003-0370 version (kde, fixed 3.0) *CVE-2003-0367 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch *CVE-2003-0364 version (kernel, not 2.6) @@ -2291,7 +2291,7 @@ *CVE-2003-0195 version (cups, fixed 1.1.19) *CVE-2003-0194 version (tcpdump, not upstream) *CVE-2003-0192 version (httpd, not 2.2) -*CVE-2003-0190 version (openssh, fixed 3.6.1p1) +CVE-2003-0190 version (openssh, fixed after 3.6.1p1) *CVE-2003-0189 version (httpd, not 2.2) *CVE-2003-0188 version (lv, fixed 4.51 at least) *CVE-2003-0187 version (kernel, not 2.6) @@ -2520,10 +2520,10 @@ *CVE-2002-0655 version (openssl097a, not 0.9.7) *CVE-2002-0653 version (mod_ssl, not httpd 2.2) *CVE-2002-0651 version (bind, not 9) -*CVE-2002-0640 version (openssh, fixed after 3.3) -*CVE-2002-0639 version (openssh, fixed after 3.3) +CVE-2002-0640 version (openssh, fixed after 3.3) +CVE-2002-0639 version (openssh, fixed after 3.3) *CVE-2002-0638 version (util-linux, fixed 2.13 at least) -*CVE-2002-0575 version (openssh, fixed 3.2.1) +CVE-2002-0575 version (openssh, fixed 3.2.1) *CVE-2002-0570 ignore (kernel) not a vulnerability *CVE-2002-0517 version (XFree86) didn't affect Linux *CVE-2002-0516 version (squirrelmail, fixed 1.2.6) @@ -2573,7 +2573,7 @@ *CVE-2002-0129 ignore (efax) not setuid root *CVE-2002-0121 version (php, fixed after 4.1.1) *CVE-2002-0092 version (cve, fixed 1.10.8) -*CVE-2002-0083 version (openssh, fixed 3.1) +CVE-2002-0083 version (openssh, fixed 3.1) *CVE-2002-0082 version (mod_ssl, not httpd 2.2) *CVE-2002-0081 version (php, not 4.2+) CVE-2002-0080 version (rsync, fixed 2.5.3) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

3
3
0 / 0

fedora-security/audit fc7,1.9,1.10

by fedora-extras-commits＠redhat.com

Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16293 Modified Files: fc7 Log Message: process some kernel cve's Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- fc7 13 Jun 2007 21:39:40 -0000 1.9 +++ fc7 14 Jun 2007 03:53:59 -0000 1.10 @@ -58,7 +58,7 @@ CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped. *CVE-2007-2241 (bind) *CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction -*CVE-2007-2172 (kernel) +CVE-2007-2172 version (kernel, fixed 2.6.21-rc6) *CVE-2007-2165 VULNERABLE (proftpd) #237533 *CVE-2007-2138 (postgresql) *CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) @@ -111,7 +111,7 @@ *CVE-2007-1536 (file) *CVE-2007-1521 (php) *CVE-2007-1515 version (imp, fixed 4.1.4) -*CVE-2007-1496 (kernel) +CVE-2007-1496 version (kernel, fixed 2.6.20.3) *CVE-2007-1484 (php) *CVE-2007-1475 ignore (php) unshipped ibase extension *CVE-2007-1474 version (horde, fixed 3.1.4) @@ -175,7 +175,7 @@ *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 *CVE-2007-1002 VULNERABLE (evolution) #233587 *CVE-2007-1001 (php) -*CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] +CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335] *CVE-2007-0999 (ekiga) *CVE-2007-0998 version (qemu, fixed 0.8.2) *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] @@ -208,8 +208,8 @@ *CVE-2007-0777 version (seamonkey, fixed 1.0.8) *CVE-2007-0775 version (seamonkey, fixed 1.0.8) *CVE-2007-0774 (mod_jk) -*CVE-2007-0772 version (kernel) [since FEDORA-2007-291] -*CVE-2007-0771 (kernel) +CVE-2007-0772 version (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] +CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952 *CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 *CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 *CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated @@ -275,11 +275,10 @@ *CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] *CVE-2007-0008 ignore (seamonkey, uses system NSS) *CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 -*CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] -*CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226] -*CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] +CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] +CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] *CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] -*CVE-2007-0001 (kernel) +CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected *CVE-2006-7205 (php) *CVE-2006-7204 (php) *CVE-2006-7197 (tomcat) @@ -334,14 +333,14 @@ *CVE-2006-6493 (openldap) *CVE-2006-6481 version (clamav, fixed 0.88.7) *CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 -*CVE-2006-6385 ignore (kernel) windows only +CVE-2006-6385 ignore (kernel) windows only *CVE-2006-6383 ignore (php) safe mode isn't safe *CVE-2006-6374 ** (phpMyAdmin) #218853 *CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 -*CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] -*CVE-2006-6332 ignore (kernel) no support for madwifi +CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] +CVE-2006-6332 ignore (kernel) no support for madwifi *CVE-2006-6305 ignore (net-snmp) already have the backported patch -*CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] +CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] *CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441] *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6297 ignore (kdegraphics) just a crash @@ -356,11 +355,11 @@ CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456 CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456 *CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] -*CVE-2006-6128 VULNERABLE (kernel, fixed **) +CVE-2006-6128 VULNERABLE (kernel, fixed **) *CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped) *CVE-2006-6120 version (koffice, fixed 1.6.1) #218030 *CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2) #219665 -*CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] +CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] *CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067] *CVE-2006-6103 (xorg-x11) @@ -369,10 +368,10 @@ *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] *CVE-2006-6085 version (kile, fixed 1.9.3) #217238 *CVE-2006-6077 VULNERABLE (firefox) -*CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support -*CVE-2006-6058 VULNERABLE (kernel, fixed **) -*CVE-2006-6057 VULNERABLE (kernel, fixed **) -*CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 +CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support +CVE-2006-6058 VULNERABLE (kernel, fixed **) +CVE-2006-6057 VULNERABLE (kernel, fixed **) +CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 CVE-2006-6027 ignore, no-ship (acroread) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7,1.8,1.9

by fedora-extras-commits＠redhat.com

Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24851 Modified Files: fc7 Log Message: Update 2 openssh cves Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- fc7 13 Jun 2007 18:06:54 -0000 1.8 +++ fc7 13 Jun 2007 21:39:40 -0000 1.9 @@ -24,7 +24,7 @@ *CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 *CVE-2007-2799 (file) -CVE-2007-2768 VULNERABLE (openssh) +CVE-2007-2768 ignore (openssh) needs pam OPIE which is not shipped. *CVE-2007-2756 ignore (gd) DoS only *CVE-2007-2754 (freetype) *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 @@ -55,7 +55,7 @@ *CVE-2007-2356 (gimp) *CVE-2007-2353 (axis) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 -CVE-2007-2243 VULNERABLE (openssh, fixed 4.6) +CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped. *CVE-2007-2241 (bind) *CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction *CVE-2007-2172 (kernel) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7,1.7,1.8

by fedora-extras-commits＠redhat.com

Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26004 Modified Files: fc7 Log Message: Deal with the squid CVE ids. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- fc7 13 Jun 2007 14:00:41 -0000 1.7 +++ fc7 13 Jun 2007 18:06:54 -0000 1.8 @@ -100,7 +100,7 @@ *CVE-2007-1565 ignore (konqueror) client crash *CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] *CVE-2007-1562 (firefox, seamonkey, thunderbird) -*CVE-2007-1560 (squid) +CVE-2007-1560 version (squid, fixed 2.6.STABLE12) *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) *CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 @@ -245,8 +245,8 @@ *CVE-2007-0404 version (Django, fixed 0.95.1) *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101 -*CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] -*CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] +CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] +CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] CVE-2007-0243 ignore, no-ship (java-ibm) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 @@ -1211,7 +1211,7 @@ *CVE-2005-3352 version (httpd, fixed 2.2.1) *CVE-2005-3351 version (spamassassin, fixed 3.1.0) *CVE-2005-3350 (libungif) -*CVE-2005-3322 version (squid) not upstream, SUSE only +CVE-2005-3322 version (squid) not upstream, SUSE only *CVE-2005-3319 ignore (mod_php) no security consequence *CVE-2005-3313 version (wireshark, fixed after 0.10.13) *CVE-2005-3276 version (kernel, fixed 2.6.12.4) @@ -1221,7 +1221,7 @@ *CVE-2005-3272 version (kernel, fixed 2.6.13) *CVE-2005-3271 version (kernel, fixed 2.6.9) *CVE-2005-3269 (fedora directory server) -*CVE-2005-3258 version (squid, fixed 2.5STABLE12) +CVE-2005-3258 version (squid, fixed 2.5STABLE12) *CVE-2005-3257 version (kernel, fixed 2.6.15) *CVE-2005-3249 version (wireshark, fixed 0.10.13) *CVE-2005-3248 version (wireshark, fixed 0.10.13) @@ -1286,7 +1286,7 @@ *CVE-2005-2933 version (libc-client, fixed 2004g at least) *CVE-2005-2929 backport (lynx) changelog *CVE-2005-2922 (helixplayer) -*CVE-2005-2917 version (squid, fixed 2.5.STABLE11) +CVE-2005-2917 version (squid, fixed 2.5.STABLE11) *CVE-2005-2876 version (util-linux, fixed 2.13-pre3) *CVE-2005-2874 version (cups, fixed 1.1.23) *CVE-2005-2873 version (kernel, fixed 2.6.18-rc1) @@ -1298,8 +1298,8 @@ *CVE-2005-2800 version (kernel, fixed 2.6.12.6) CVE-2005-2798 version (openssh, fixed 4.2) CVE-2005-2797 version (openssh, fixed 4.2) -*CVE-2005-2796 version (squid, fixed 2.5.STABLE11) -*CVE-2005-2794 version (squid, fixed 2.5.STABLE11) +CVE-2005-2796 version (squid, fixed 2.5.STABLE11) +CVE-2005-2794 version (squid, fixed 2.5.STABLE11) *CVE-2005-2728 version (httpd, not 2.2) *CVE-2005-2710 (helixplayer) *CVE-2005-2709 version (kernel, fixed 2.6.14.3) @@ -1449,7 +1449,7 @@ *CVE-2005-1532 version (thunderbird) *CVE-2005-1532 version (firefox, fixed 1.0.4) *CVE-2005-1531 version (firefox, fixed 1.0.4) -*CVE-2005-1519 version (squid, fixed 2.5.STABLE10) +CVE-2005-1519 version (squid, fixed 2.5.STABLE10) *CVE-2005-1476 (firefox,seamonkey,thunderbird) *CVE-2005-1470 version (wireshark, fixed 0.10.11) *CVE-2005-1469 version (wireshark, fixed 0.10.11) @@ -1473,7 +1473,7 @@ *CVE-2005-1409 version (postgresql, fixed 8.0.1) *CVE-2005-1369 version (kernel, fixed 2.6.12) *CVE-2005-1368 version (kernel, fixed 2.6.12) -*CVE-2005-1345 version (squid, fixed 2.5.STABLE10) +CVE-2005-1345 version (squid, fixed 2.5.STABLE10) *CVE-2005-1344 ignore (httpd) not a vulnerability *CVE-2005-1281 version (wireshark, fixed 0.10.11) *CVE-2005-1280 version (tcpdump, fixed 3.9.2) @@ -1555,7 +1555,7 @@ *CVE-2005-0749 version (kernel, fixed 2.6.11.6) *CVE-2005-0739 version (wireshark, fixed after 0.10.9) *CVE-2005-0736 version (kernel, fixed 2.6.11) -*CVE-2005-0718 version (squid, fixed 2.5.STABLE8) +CVE-2005-0718 version (squid, fixed 2.5.STABLE8) *CVE-2005-0711 version (mysql, fixed 4.1.11) *CVE-2005-0710 version (mysql, fixed 4.1.11) *CVE-2005-0709 version (mysql, fixed 4.1.11) @@ -1566,7 +1566,7 @@ *CVE-2005-0664 version (libexif, fixed 0.6.12) *CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless *CVE-2005-0627 version (qt, fixed 3.3.4) -*CVE-2005-0626 version (squid, fixed 2.5.STABLE10) +CVE-2005-0626 version (squid, fixed 2.5.STABLE10) *CVE-2005-0611 (helixplayer) *CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) *CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour @@ -1610,7 +1610,7 @@ *CVE-2005-0452 (perl) *CVE-2005-0449 version (kernel, fixed 2.6.11) *CVE-2005-0448 version (perl, fixed 5.8.6) -*CVE-2005-0446 version (squid, fixed 2.5.STABLE9) +CVE-2005-0446 version (squid, fixed 2.5.STABLE9) *CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020 *CVE-2005-0403 version (kernel) not upstream *CVE-2005-0402 version (firefox, fixed 1.0.2) @@ -1631,7 +1631,7 @@ *CVE-2005-0246 version (postgresql, fixed 8.0.1) *CVE-2005-0245 version (postgresql, fixed 8.0.1) *CVE-2005-0244 version (postgresql, fixed 8.0.1) -*CVE-2005-0241 version (squid, fixed 2.5.STABLE8) +CVE-2005-0241 version (squid, fixed 2.5.STABLE8) *CVE-2005-0238 version (epiphany, fixed since mozilla 1.7.6) *CVE-2005-0237 version (kdelibs, fixed 3.4.0) *CVE-2005-0233 version (firefox, fixed 1.0.1) @@ -1640,7 +1640,7 @@ *CVE-2005-0230 version (thunderbird, fixed 1.0.2) *CVE-2005-0230 version (firefox, fixed 1.0.1) *CVE-2005-0227 version (postgresql, fixed 8.0.1) -*CVE-2005-0211 version (squid, fixed 2.5.STABLE8) +CVE-2005-0211 version (squid, fixed 2.5.STABLE8) *CVE-2005-0210 version (kernel, fixed 2.6.11) *CVE-2005-0209 version (kernel, fixed 2.6.11) *CVE-2005-0208 version (gaim, fixed 1.1.4) @@ -1649,7 +1649,7 @@ *CVE-2005-0204 version (kernel) didn't affect upstream *CVE-2005-0202 version (mailman, fixed 2.1.6) *CVE-2005-0201 version (dbus, fixed 0.36.1) -*CVE-2005-0194 version (squid, fixed 2.5.STABLE8) +CVE-2005-0194 version (squid, fixed 2.5.STABLE8) *CVE-2005-0191 (helixplayer) *CVE-2005-0189 (helixplayer) *CVE-2005-0180 version (kernel, fixed 2.6.11) @@ -1657,9 +1657,9 @@ *CVE-2005-0178 version (kernel, fixed 2.6.11) *CVE-2005-0177 version (kernel, fixed 2.6.11) *CVE-2005-0176 version (kernel, fixed 2.6.10) only affected 2.6.9 -*CVE-2005-0175 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0174 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0173 version (squid, fixed 2.5.STABLE8) +CVE-2005-0175 version (squid, fixed 2.5.STABLE8) +CVE-2005-0174 version (squid, fixed 2.5.STABLE8) +CVE-2005-0173 version (squid, fixed 2.5.STABLE8) *CVE-2005-0162 version (openswan, fixed 2.3.0) *CVE-2005-0156 version (perl, fixed 5.8.8) *CVE-2005-0155 version (perl, fixed 5.8.8) @@ -1685,10 +1685,10 @@ *CVE-2005-0103 version (squirrelmail, fixed 1.4.4) *CVE-2005-0102 version (evolution-data-server, fixed 1.2.2 at least) *CVE-2005-0100 version (emacs, fixed 21.4 at least) -*CVE-2005-0097 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0096 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0095 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0094 version (squid, fixed 2.5.STABLE8) +CVE-2005-0097 version (squid, fixed 2.5.STABLE8) +CVE-2005-0096 version (squid, fixed 2.5.STABLE8) +CVE-2005-0095 version (squid, fixed 2.5.STABLE8) +CVE-2005-0094 version (squid, fixed 2.5.STABLE8) *CVE-2005-0092 version (kernel, not affected) *CVE-2005-0091 version (kernel, not affected) *CVE-2005-0090 version (kernel, not affected) @@ -1726,7 +1726,7 @@ *CVE-2004-2660 version (kernel, fixed 2.6.10) *CVE-2004-2657 ignore (firefox) windows only *CVE-2004-2655 (xscreensaver) -*CVE-2004-2654 version (squid, fixed 2.6STABLE6) +CVE-2004-2654 version (squid, fixed 2.6STABLE6) *CVE-2004-2645 (asn1c) *CVE-2004-2644 (asn1c) *CVE-2004-2607 version (kernel, fixed 2.6.5) @@ -1735,8 +1735,8 @@ *CVE-2004-2541 ignore (cscope) blocked by FORTIFY_SOURCE *CVE-2004-2536 version (kernel, fixed 2.6.7) *CVE-2004-2531 version (gnutls, fixed 1.0.17) -*CVE-2004-2480 ignore (squid) , not reproducable -*CVE-2004-2479 version (squid, fixed 2.5.STABLE8) +CVE-2004-2480 ignore (squid) , not reproducable +CVE-2004-2479 version (squid, fixed 2.5.STABLE8) *CVE-2004-2396 version (passwd, fixed 0.69) *CVE-2004-2395 version (passwd, fixed 0.69) *CVE-2004-2394 version (passwd, fixed 0.69) @@ -1899,7 +1899,7 @@ *CVE-2004-0930 version (samba, fixed 3.0.8) *CVE-2004-0929 version (libtiff, fixed 3.7.0) *CVE-2004-0923 version (cups, fixed 1.2.22) -*CVE-2004-0918 version (squid, fixed 2.4.STABLE7) +CVE-2004-0918 version (squid, fixed 2.4.STABLE7) *CVE-2004-0914 version (xorg-x11, fixed after 6.8.1) *CVE-2004-0909 version (thunderbird) *CVE-2004-0909 version (firefox) @@ -1924,7 +1924,7 @@ *CVE-2004-0837 version (mysql, fixed 4.0.21) *CVE-2004-0836 version (mysql, fixed 4.0.21) *CVE-2004-0835 version (mysql, fixed 4.1.2) -*CVE-2004-0832 version (squid, fixed 2.5.STABLE7) +CVE-2004-0832 version (squid, fixed 2.5.STABLE7) *CVE-2004-0829 version (samba, fixed 2.2.11) *CVE-2004-0827 version (ImageMagick, fixed 6.0.6.2) *CVE-2004-0826 version (nss, fixed 3.9.2) @@ -2010,7 +2010,7 @@ *CVE-2004-0550 (helixplayer) *CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue *CVE-2004-0547 version (postgresql, fixed 7.2.1) -*CVE-2004-0541 version (squid) +CVE-2004-0541 version (squid, fixed 2.5.STABLE6) *CVE-2004-0535 version (kernel, fixed 2.6.6) *CVE-2004-0527 version (konqueror, not 3+) *CVE-2004-0523 version (krb5, fixed 1.3.4) @@ -2070,7 +2070,7 @@ *CVE-2004-0229 version (kernel, fixed 2.6.6) *CVE-2004-0228 version (kernel, fixed 2.6.6) *CVE-2004-0226 version (mc, fixed 4.6.0) -*CVE-2004-0189 version (squid, fixed 2.5.STABLE5) +CVE-2004-0189 version (squid, fixed 2.5.STABLE5) *CVE-2004-0186 version (samba, not 3.0.2a) CVE-2004-0185 ignore, no-ship (wu-ftpd) *CVE-2004-0184 version (tcpdump, fixed 3.8.2) @@ -2502,9 +2502,9 @@ *CVE-2002-0759 version (bzip2, fixed 1.0.2) *CVE-2002-0728 version (libpng, fixed 1.2.4) *CVE-2002-0717 version (php, fixed 4.2.2) -*CVE-2002-0715 version (squid, fixed 2.4.STABLE6) -*CVE-2002-0714 version (squid, fixed 2.4.STABLE6) -*CVE-2002-0713 version (squid, fixed 2.4.STABLE6) +CVE-2002-0715 version (squid, fixed 2.4.STABLE6) +CVE-2002-0714 version (squid, fixed 2.4.STABLE6) +CVE-2002-0713 version (squid, fixed 2.4.STABLE6) *CVE-2002-0704 version (kernel, fixed 2.6.11) *CVE-2002-0702 version (dhcpd, fixed 3.0.1) *CVE-2002-0684 version (glibc, fixed afted 2.2.5) @@ -2566,7 +2566,7 @@ *CVE-2002-0169 ignore (docbook) was RHL only *CVE-2002-0165 version (logwatch, fixed 2.6) *CVE-2002-0164 version (XFree86, fixed 4.2.1) -*CVE-2002-0163 version (squid, fixed 20020312) +CVE-2002-0163 version (squid, fixed 2.4.STABLE6) *CVE-2002-0162 version (logwatch, fixed 2.5) *CVE-2002-0157 version (nautilus) *CVE-2002-0146 version (fetchmail, fixed 5.9.10) @@ -2578,9 +2578,9 @@ *CVE-2002-0082 version (mod_ssl, not httpd 2.2) *CVE-2002-0081 version (php, not 4.2+) CVE-2002-0080 version (rsync, fixed 2.5.3) -*CVE-2002-0069 version (squid, fixed 2.4STABLE4) -*CVE-2002-0068 version (squid, fixed 2.4STABLE4) -*CVE-2002-0067 version (squid, fixed 2.4STABLE4) +CVE-2002-0069 version (squid, fixed 2.4STABLE4) +CVE-2002-0068 version (squid, fixed 2.4STABLE4) +CVE-2002-0067 version (squid, fixed 2.4STABLE4) *CVE-2002-0063 version (cups, fixed 1.1.14) *CVE-2002-0062 version (ncurses, only 5.0) *CVE-2002-0060 version (kernel, fixed 2.5.5) @@ -2616,6 +2616,6 @@ *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) -*CVE-1999-0710 (squid) +CVE-1999-0710 version (squid, fixed 2.5.STABLE10) CVE-1999-0473 version (rsync, fixed 2.3.1) *CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc5,1.459,1.460 fc6,1.217,1.218 fc7,1.6,1.7

by fedora-extras-commits＠redhat.com

Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6153 Modified Files: fc5 fc6 fc7 Log Message: Note a new libexif flaw Index: fc5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc5,v retrieving revision 1.459 retrieving revision 1.460 diff -u -r1.459 -r1.460 --- fc5 23 Mar 2007 13:32:24 -0000 1.459 +++ fc5 13 Jun 2007 14:00:41 -0000 1.460 @@ -3,6 +3,7 @@ ** are items that need attention +CVE-2007-4168 VULNERABLE (libexif) #243891 CVE-2007-1565 ignore (konqueror) client crash CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] CVE-2007-1475 ignore (php) unshipped ibase extension Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.217 retrieving revision 1.218 diff -u -r1.217 -r1.218 --- fc6 2 May 2007 17:44:54 -0000 1.217 +++ fc6 13 Jun 2007 14:00:41 -0000 1.218 @@ -3,6 +3,7 @@ ** are items that need attention +CVE-2007-4168 VULNERABLE (libexif) #243892 CVE-2007-2438 VULNERABLE (vim) #238734 CVE-2007-1856 VULNERABLE (vixie-cron) #235882 CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- fc7 13 Jun 2007 02:28:16 -0000 1.6 +++ fc7 13 Jun 2007 14:00:41 -0000 1.7 @@ -4,6 +4,7 @@ *CVE are items that need verification for Fedora 7 +CVE-2007-4168 VULNERABLE (libexif) #243890 *CVE-NOID VULNERABLE (c-ares, fixed 1.4.0) #243591 *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7,1.4,1.5

by fedora-extras-commits＠redhat.com

Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22232 Modified Files: fc7 Log Message: Processed rsync. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- fc7 12 Jun 2007 19:18:56 -0000 1.4 +++ fc7 12 Jun 2007 20:40:54 -0000 1.5 @@ -804,7 +804,7 @@ *CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612 *CVE-2006-2120 version (libtiff, fixed 3.8.2 at least) *CVE-2006-2093 version (nessus, fixed 2.2.7) bz#191053 -*CVE-2006-2083 version (rsync, fixed 2.6.8) +CVE-2006-2083 version (rsync, fixed 2.6.8) *CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP *CVE-2006-2071 version (kernel, fixed 2.6.16.6) *CVE-2006-2057 ignore (firefox) not Linux @@ -1750,7 +1750,7 @@ *CVE-2004-2149 version (mysql, fixed 4.1.5) *CVE-2004-2136 ignore (dm-crypt) design *CVE-2004-2135 ignore (kernel) design -*CVE-2004-2093 ignore (rsync) not security issue +CVE-2004-2093 ignore (rsync) not a security issue (rsync is not setuid) *CVE-2004-2069 version (openssh, not 4) *CVE-2004-2014 version (wget, fixed 1.10.1) *CVE-2004-2013 version (kernel, not 2.6) @@ -1946,7 +1946,7 @@ *CVE-2004-0797 version (zlib, fixed 1.2.2.2 at least) *CVE-2004-0797 version (zlib) *CVE-2004-0796 version (spamassassin, fixed 2.64) -*CVE-2004-0792 version (rsync, fixed 2.6.3) +CVE-2004-0792 version (rsync, fixed 2.6.3) *CVE-2004-0791 version (kernel, fixed 2.6.9) *CVE-2004-0790 version (kernel, not 2.6) *CVE-2004-0788 version (gtk2, fixed 2.6.7 at least) @@ -2035,7 +2035,7 @@ *CVE-2004-0452 version (perl, fixed 5.8.8) *CVE-2004-0447 version (kernel, fixed 2.6.5) *CVE-2004-0427 version (kernel, fixed 2.6.6) -*CVE-2004-0426 version (rsync, fixed 2.6.1) +CVE-2004-0426 version (rsync, fixed 2.6.1) *CVE-2004-0424 version (kernel, fixed 2.6.4) *CVE-2004-0421 version (libpng, fixed 1.0.16) *CVE-2004-0419 version (xorg-x11, fixed 6.8.2 at least) @@ -2163,7 +2163,7 @@ *CVE-2003-0967 version (freeradius, fixed after 0.9.2) *CVE-2003-0965 version (mailman, fixed 2.1.4) *CVE-2003-0963 version (lftp, fixed after 2.6.9) -*CVE-2003-0962 version (rsync, fixed 2.5.7) +CVE-2003-0962 version (rsync, fixed 2.5.7) *CVE-2003-0961 version (kernel, fixed 2.4.23) *CVE-2003-0959 version (kernel, fixed 2.4.21) *CVE-2003-0956 version (kernel, fixed 2.4.22) @@ -2576,16 +2576,17 @@ *CVE-2002-0083 version (openssh, fixed 3.1) *CVE-2002-0082 version (mod_ssl, not httpd 2.2) *CVE-2002-0081 version (php, not 4.2+) -*CVE-2002-0080 version (rsync, fixed 2.5.3) +CVE-2002-0080 version (rsync, fixed 2.5.3) *CVE-2002-0069 version (squid, fixed 2.4STABLE4) *CVE-2002-0068 version (squid, fixed 2.4STABLE4) *CVE-2002-0067 version (squid, fixed 2.4STABLE4) *CVE-2002-0063 version (cups, fixed 1.1.14) *CVE-2002-0062 version (ncurses, only 5.0) *CVE-2002-0060 version (kernel, fixed 2.5.5) -*CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, rsync, vnc) +*CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc) +CVE-2002-0059 version (rsync, fixed 2.5.4/2.6.6) *CVE-2002-0059 version (zlib, fixed 1.1.4) -*CVE-2002-0048 version (rsync, fixed 2.5.2) +CVE-2002-0048 version (rsync, fixed 2.5.2) *CVE-2002-0046 version (kernel, fixed 2.4.0) *CVE-2002-0045 version (openldap, fixed 2.0.20) *CVE-2002-0044 version (enscript, fixed 1.6.4 at least) @@ -2615,4 +2616,5 @@ *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) *CVE-1999-0710 (squid) +CVE-1999-0473 version (rsync, fixed 2.3.1) *CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7,1.3,1.4

by fedora-extras-commits＠redhat.com

Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8876 Modified Files: fc7 Log Message: Mark last batch done. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- fc7 12 Jun 2007 19:02:04 -0000 1.3 +++ fc7 12 Jun 2007 19:18:56 -0000 1.4 @@ -160,7 +160,7 @@ *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 *CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] -*CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537 +CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537 *CVE-2007-1103 VULNERABLE (tor) #230927 *CVE-2007-1092 version (seamonkey, fixed 1.0.8) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) @@ -183,8 +183,8 @@ *CVE-2007-0988 (php) *CVE-2007-0981 VULNERABLE (firefox, ...) *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 -*CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 -*CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782 +CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 +CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782 *CVE-2007-0911 (php) *CVE-2007-0910 (php) *CVE-2007-0909 (php) @@ -246,7 +246,7 @@ *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] *CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] -*CVE-2007-0243 ignore, no-ship (java-ibm) +CVE-2007-0243 ignore, no-ship (java-ibm) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 *CVE-2007-0239 (openoffice.org) @@ -264,10 +264,10 @@ *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 *CVE-2007-0086 ignore (apache) not a security issue *CVE-2007-0080 (freeradius) -*CVE-2007-0048 ignore, no-ship (acroread) -*CVE-2007-0046 ignore, no-ship (acroread) -*CVE-2007-0045 ignore, no-ship (acroread) -*CVE-2007-0044 ignore, no-ship (acroread) +CVE-2007-0048 ignore, no-ship (acroread) +CVE-2007-0046 ignore, no-ship (acroread) +CVE-2007-0045 ignore, no-ship (acroread) +CVE-2007-0044 ignore, no-ship (acroread) *CVE-2007-0010 (gtk2) *CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] *CVE-2007-0009 ignore (seamonkey, uses system NSS) @@ -345,15 +345,15 @@ *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6297 ignore (kdegraphics) just a crash *CVE-2006-6238 (konqueror) probably safari only -*CVE-2006-6236 ignore, no-ship (acroread) +CVE-2006-6236 ignore, no-ship (acroread) *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950 *CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] -*CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456 -*CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456 +CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456 +CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456 *CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] *CVE-2006-6128 VULNERABLE (kernel, fixed **) *CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped) @@ -374,7 +374,7 @@ *CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 -*CVE-2006-6027 ignore, no-ship (acroread) +CVE-2006-6027 ignore, no-ship (acroread) *CVE-2006-6015 (pcre) *CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6 *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 @@ -391,7 +391,7 @@ *CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] *CVE-2006-5864 VULNERABLE (evince) #217672 *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 -*CVE-2006-5857 ignore, no-ship (acroread) +CVE-2006-5857 ignore, no-ship (acroread) *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 @@ -444,7 +444,7 @@ *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280 *CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] -*CVE-2006-5330 ignore, no-ship (flash-plugin) +CVE-2006-5330 ignore, no-ship (flash-plugin) *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 @@ -501,7 +501,7 @@ *CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514 *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4663 ignore (kernel) not a vulnerability -*CVE-2006-4640 ignore, no-ship (flash-plugin) +CVE-2006-4640 ignore, no-ship (flash-plugin) *CVE-2006-4625 ignore (php) safe mode isn't safe *CVE-2006-4624 version (mailman, fixed 2.1.9rc1) *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) @@ -658,7 +658,7 @@ *CVE-2006-3627 version (wireshark, fixed 0.99.2) *CVE-2006-3626 version (kernel, fixed 2.6.17.6) *CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least) -*CVE-2006-3587 ignore, no-ship (flash-plugin) +CVE-2006-3587 ignore, no-ship (flash-plugin) *CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable @@ -682,7 +682,7 @@ *CVE-2006-3376 backport (libwmf) from changelog *CVE-2006-3352 ignore (firefox) not a vulnerability *CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable -*CVE-2006-3311 ignore, no-ship (flash-plugin) +CVE-2006-3311 ignore, no-ship (flash-plugin) *CVE-2006-3276 (helixplayer) *CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12) *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) @@ -1095,7 +1095,7 @@ *CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) -*CVE-2006-0024 ignore, no-ship (flash-plugin) +CVE-2006-0024 ignore, no-ship (flash-plugin) *CVE-2006-0019 version (kdelibs, fixed 3.5.1) *CVE-2006-0017 (fedora directory server) *CVE-2006-0016 (fedora directory server) @@ -1190,7 +1190,7 @@ *CVE-2005-3624 version (cups, fixed 1.2.0) *CVE-2005-3624 backport (tetex) *CVE-2005-3623 version (kernel, fixed 2.6.14.5) -*CVE-2005-3591 ignore, no-ship (flash-plugin) +CVE-2005-3591 ignore, no-ship (flash-plugin) *CVE-2005-3582 version (ImageMagick) gentoo only *CVE-2005-3573 version (mailman, fixed 2.1.7) *CVE-2005-3527 version (kernel, fixed 2.6.14) @@ -1323,7 +1323,7 @@ *CVE-2005-2642 version (mutt) openbsd only *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2629 (helixplayer) -*CVE-2005-2628 ignore, no-ship (flash-plugin) +CVE-2005-2628 ignore, no-ship (flash-plugin) *CVE-2005-2617 version (kernel, fixed 2.6.12.5) *CVE-2005-2602 ignore (thunderbird) probably *CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085 @@ -2071,7 +2071,7 @@ *CVE-2004-0226 version (mc, fixed 4.6.0) *CVE-2004-0189 version (squid, fixed 2.5.STABLE5) *CVE-2004-0186 version (samba, not 3.0.2a) -*CVE-2004-0185 ignore, no-ship (wu-ftpd) +CVE-2004-0185 ignore, no-ship (wu-ftpd) *CVE-2004-0184 version (tcpdump, fixed 3.8.2) *CVE-2004-0183 version (tcpdump, fixed 3.8.2) *CVE-2004-0182 version (mailman) only affected Red Hat packages @@ -2126,7 +2126,7 @@ *CVE-2004-0005 version (gaim, fixed 0.76) *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) -*CVE-2003-1329 ignore, no-ship (wu-ftpd) +CVE-2003-1329 ignore, no-ship (wu-ftpd) *CVE-2003-1307 ignore (mod_php) not a vulnerability *CVE-2003-1303 version (php, fixed 4.3.3) *CVE-2003-1302 version (php, fixed 4.3.1) @@ -2602,17 +2602,17 @@ *CVE-2001-1494 version (util-linux, fixed 2.11n) *CVE-2001-1429 (mc) *CVE-2001-0955 version (XFree86, fixed 4.2.0) -*CVE-2001-0935 ignore, no-ship (wu-ftpd) +CVE-2001-0935 ignore, no-ship (wu-ftpd) *CVE-2001-0474 version (mesa, fixed 3.3-14) *CVE-2001-0310 (sort) *CVE-2001-0235 (vixie-cron) -*CVE-2001-0187 ignore, no-ship (wu-ftpd) +CVE-2001-0187 ignore, no-ship (wu-ftpd) *CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch *CVE-2000-1137 (ed) *CVE-2000-0992 (krb5) *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) -*CVE-1999-0997 ignore, no-ship (wu-ftpd) +CVE-1999-0997 ignore, no-ship (wu-ftpd) *CVE-1999-0710 (squid) *CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7,1.2,1.3

by fedora-extras-commits＠redhat.com

Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8011 Modified Files: fc7 Log Message: Initial pass at krb5 Mark packages we don't ship currently Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- fc7 11 Jun 2007 20:21:46 -0000 1.2 +++ fc7 12 Jun 2007 19:02:04 -0000 1.3 @@ -160,7 +160,7 @@ *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 *CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] -*CVE-2007-1216 (krb5) +*CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537 *CVE-2007-1103 VULNERABLE (tor) #230927 *CVE-2007-1092 version (seamonkey, fixed 1.0.8) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) @@ -183,8 +183,8 @@ *CVE-2007-0988 (php) *CVE-2007-0981 VULNERABLE (firefox, ...) *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 -*CVE-2007-0957 (krb5) -*CVE-2007-0956 (krb5) +*CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 +*CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782 *CVE-2007-0911 (php) *CVE-2007-0910 (php) *CVE-2007-0909 (php) @@ -246,7 +246,7 @@ *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] *CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] -*CVE-2007-0243 (java-ibm) +*CVE-2007-0243 ignore, no-ship (java-ibm) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 *CVE-2007-0239 (openoffice.org) @@ -264,10 +264,10 @@ *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 *CVE-2007-0086 ignore (apache) not a security issue *CVE-2007-0080 (freeradius) -*CVE-2007-0048 (acroread) -*CVE-2007-0046 (acroread) -*CVE-2007-0045 (acroread) -*CVE-2007-0044 (acroread) +*CVE-2007-0048 ignore, no-ship (acroread) +*CVE-2007-0046 ignore, no-ship (acroread) +*CVE-2007-0045 ignore, no-ship (acroread) +*CVE-2007-0044 ignore, no-ship (acroread) *CVE-2007-0010 (gtk2) *CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] *CVE-2007-0009 ignore (seamonkey, uses system NSS) @@ -345,15 +345,15 @@ *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6297 ignore (kdegraphics) just a crash *CVE-2006-6238 (konqueror) probably safari only -*CVE-2006-6236 (acroread) +*CVE-2006-6236 ignore, no-ship (acroread) *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950 *CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] -*CVE-2006-6144 ** krb5 -*CVE-2006-6143 ** krb5 +*CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456 +*CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456 *CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] *CVE-2006-6128 VULNERABLE (kernel, fixed **) *CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped) @@ -374,7 +374,7 @@ *CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 -*CVE-2006-6027 (acroread) +*CVE-2006-6027 ignore, no-ship (acroread) *CVE-2006-6015 (pcre) *CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6 *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 @@ -391,7 +391,7 @@ *CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] *CVE-2006-5864 VULNERABLE (evince) #217672 *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 -*CVE-2006-5857 (acroread) +*CVE-2006-5857 ignore, no-ship (acroread) *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 @@ -444,7 +444,7 @@ *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280 *CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] -*CVE-2006-5330 (flash-plugin) +*CVE-2006-5330 ignore, no-ship (flash-plugin) *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 @@ -501,7 +501,7 @@ *CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514 *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4663 ignore (kernel) not a vulnerability -*CVE-2006-4640 (flash-plugin) +*CVE-2006-4640 ignore, no-ship (flash-plugin) *CVE-2006-4625 ignore (php) safe mode isn't safe *CVE-2006-4624 version (mailman, fixed 2.1.9rc1) *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) @@ -658,7 +658,7 @@ *CVE-2006-3627 version (wireshark, fixed 0.99.2) *CVE-2006-3626 version (kernel, fixed 2.6.17.6) *CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least) -*CVE-2006-3587 (flash-plugin) +*CVE-2006-3587 ignore, no-ship (flash-plugin) *CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable @@ -682,7 +682,7 @@ *CVE-2006-3376 backport (libwmf) from changelog *CVE-2006-3352 ignore (firefox) not a vulnerability *CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable -*CVE-2006-3311 (flash-plugin) +*CVE-2006-3311 ignore, no-ship (flash-plugin) *CVE-2006-3276 (helixplayer) *CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12) *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) @@ -1095,7 +1095,7 @@ *CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) -*CVE-2006-0024 (flash-plugin) +*CVE-2006-0024 ignore, no-ship (flash-plugin) *CVE-2006-0019 version (kdelibs, fixed 3.5.1) *CVE-2006-0017 (fedora directory server) *CVE-2006-0016 (fedora directory server) @@ -1190,7 +1190,7 @@ *CVE-2005-3624 version (cups, fixed 1.2.0) *CVE-2005-3624 backport (tetex) *CVE-2005-3623 version (kernel, fixed 2.6.14.5) -*CVE-2005-3591 (flash-plugin) +*CVE-2005-3591 ignore, no-ship (flash-plugin) *CVE-2005-3582 version (ImageMagick) gentoo only *CVE-2005-3573 version (mailman, fixed 2.1.7) *CVE-2005-3527 version (kernel, fixed 2.6.14) @@ -1323,7 +1323,7 @@ *CVE-2005-2642 version (mutt) openbsd only *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2629 (helixplayer) -*CVE-2005-2628 (flash-plugin) +*CVE-2005-2628 ignore, no-ship (flash-plugin) *CVE-2005-2617 version (kernel, fixed 2.6.12.5) *CVE-2005-2602 ignore (thunderbird) probably *CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085 @@ -2071,7 +2071,7 @@ *CVE-2004-0226 version (mc, fixed 4.6.0) *CVE-2004-0189 version (squid, fixed 2.5.STABLE5) *CVE-2004-0186 version (samba, not 3.0.2a) -*CVE-2004-0185 (wu-ftpd) +*CVE-2004-0185 ignore, no-ship (wu-ftpd) *CVE-2004-0184 version (tcpdump, fixed 3.8.2) *CVE-2004-0183 version (tcpdump, fixed 3.8.2) *CVE-2004-0182 version (mailman) only affected Red Hat packages @@ -2126,7 +2126,7 @@ *CVE-2004-0005 version (gaim, fixed 0.76) *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) -*CVE-2003-1329 (wu-ftpd) +*CVE-2003-1329 ignore, no-ship (wu-ftpd) *CVE-2003-1307 ignore (mod_php) not a vulnerability *CVE-2003-1303 version (php, fixed 4.3.3) *CVE-2003-1302 version (php, fixed 4.3.1) @@ -2602,17 +2602,17 @@ *CVE-2001-1494 version (util-linux, fixed 2.11n) *CVE-2001-1429 (mc) *CVE-2001-0955 version (XFree86, fixed 4.2.0) -*CVE-2001-0935 (wu-ftpd) +*CVE-2001-0935 ignore, no-ship (wu-ftpd) *CVE-2001-0474 version (mesa, fixed 3.3-14) *CVE-2001-0310 (sort) *CVE-2001-0235 (vixie-cron) -*CVE-2001-0187 (wu-ftpd) +*CVE-2001-0187 ignore, no-ship (wu-ftpd) *CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch *CVE-2000-1137 (ed) *CVE-2000-0992 (krb5) *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) -*CVE-1999-0997 (wu-ftpd) +*CVE-1999-0997 ignore, no-ship (wu-ftpd) *CVE-1999-0710 (squid) *CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

fedora-security/audit fc7,1.1,1.2

by fedora-extras-commits＠redhat.com

Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12078 Modified Files: fc7 Log Message: Add a number of outstanding CVE ids Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- fc7 11 Jun 2007 17:23:05 -0000 1.1 +++ fc7 11 Jun 2007 20:21:46 -0000 1.2 @@ -9,46 +9,97 @@ *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 *CVE-2007-3025 ignore (clamav, Solaris only) +*CVE-2007-3007 ignore (php) safe mode isn't safe +*CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 +*CVE-2007-2874 (wpa_supplicant) #242455 *CVE-2007-2871 version (seamonkey, fixed 1.0.9) *CVE-2007-2870 version (seamonkey, fixed 1.0.9) +*CVE-2007-2869 (firefox) *CVE-2007-2868 version (seamonkey, fixed 1.0.9) *CVE-2007-2867 version (seamonkey, fixed 1.0.9) *CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 +*CVE-2007-2844 ignore (php) #241641 +*CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 +*CVE-2007-2799 (file) +*CVE-2007-2768 (openssh) +*CVE-2007-2756 ignore (gd) DoS only +*CVE-2007-2754 (freetype) *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 +*CVE-2007-2683 (mutt) *CVE-2007-2654 VULNERABLE (xfsdump) #240396 *CVE-2007-2650 ** (clamav) #240395 +*CVE-2007-2645 ignore (libexif) #240055 DoS only *CVE-2007-2637 patch (moin, fixed 1.5.7-2) *CVE-2007-2627 ** (wordpress) #239904 +*CVE-2007-2589 (squirrelmail) +*CVE-2007-2583 (mysql) +*CVE-2007-2519 ignore (php-pear) no trust boundary is crossed +*CVE-2007-2511 ignore (php) #239011 see the bug +*CVE-2007-2510 (php) +*CVE-2007-2509 (php) *CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213 +*CVE-2007-2452 (locate) +*CVE-2007-2447 (samba) +*CVE-2007-2446 (samba) *CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398 +*CVE-2007-2444 (samba) *CVE-2007-2438 VULNERABLE (vim) #238734 +*CVE-2007-2437 ignore (xorg-x11) DoS only +*CVE-2007-2435 (java) *CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 *CVE-2007-2381 ignore (MochiKit) #238616 +*CVE-2007-2356 (gimp) +*CVE-2007-2353 (axis) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 +*CVE-2007-2243 (openssh) +*CVE-2007-2241 (bind) +*CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction +*CVE-2007-2172 (kernel) *CVE-2007-2165 VULNERABLE (proftpd) #237533 +*CVE-2007-2138 (postgresql) *CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) *CVE-2007-2029 ignore (clamav, 0.90/0.90.1 only) +*CVE-2007-2028 (freeradius) +*CVE-2007-2026 (file) *CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) *CVE-2007-1997 ignore (clamav, 0.90/0.90.1 only) +*CVE-2007-1995 (quagga) #240488 *CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 *CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2) *CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912 *CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 *CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 +*CVE-2007-1864 (php) +*CVE-2007-1862 (httpd) +*CVE-2007-1859 (xscreensaver) +*CVE-2007-1858 (tomcat) *CVE-2007-1856 VULNERABLE (vixie-cron) #235882 *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 *CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 *CVE-2007-1745 ignore (clamav, 0.90/0.90.1 only) #236703 +*CVE-2007-1743 (httpd) +*CVE-2007-1742 (httpd) +*CVE-2007-1741 (httpd) *CVE-2007-1732 ignore (wordpress) #235015 +*CVE-2007-1718 (php) +*CVE-2007-1717 (php) +*CVE-2007-1711 (php) +*CVE-2007-1710 (php) +*CVE-2007-1709 (php) +*CVE-2007-1667 (xorg-x11) +*CVE-2007-1649 (php) *CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 +*CVE-2007-1583 (php) *CVE-2007-1565 ignore (konqueror) client crash *CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] +*CVE-2007-1562 (firefox, seamonkey, thunderbird) +*CVE-2007-1560 (squid) *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) *CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 @@ -56,13 +107,19 @@ *CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 +*CVE-2007-1536 (file) +*CVE-2007-1521 (php) *CVE-2007-1515 version (imp, fixed 4.1.4) +*CVE-2007-1496 (kernel) +*CVE-2007-1484 (php) *CVE-2007-1475 ignore (php) unshipped ibase extension *CVE-2007-1474 version (horde, fixed 3.1.4) *CVE-2007-1474 ignore (imp, < 4.x only) *CVE-2007-1473 version (horde, fixed 3.1.4) +*CVE-2007-1466 (openoffice.org) *CVE-2007-1464 version (inkscape, fixed 0.45.1) *CVE-2007-1463 version (inkscape, fixed 0.45.1) +*CVE-2007-1460 (php) *CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 *CVE-2007-1413 ignore (php) Windows NT SNMP specific @@ -78,41 +135,62 @@ *CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3) *CVE-2007-1385 version (ktorrent, fixed 2.1.2) *CVE-2007-1384 version (ktorrent, fixed 2.1.2) +*CVE-2007-1375 (php) *CVE-2007-1366 ** (qemu) #238723 *CVE-2007-1362 version (seamonkey, fixed 1.0.9) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 +*CVE-2007-1354 (jboss) *CVE-2007-1352 VULNERABLE (libXfont) #235265 *CVE-2007-1351 VULNERABLE (libXfont) #235265 *CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 *CVE-2007-1320 ** (qemu) #238723 +*CVE-2007-1287 (php) +*CVE-2007-1286 (php) +*CVE-2007-1285 (php) *CVE-2007-1282 version (seamonkey, fixed 1.0.8) *CVE-2007-1277 version (wordpress, fixed 2.1.2) *CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733 *CVE-2007-1263 version (gpgme, fixed 1.1.4) *CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] +*CVE-2007-1262 (squirrelmail) *CVE-2007-1253 patch (blender, fixed 2.42a-21) #239338 *CVE-2007-1246 patch (xine-lib, fixed 1.1.4-3) *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 *CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] +*CVE-2007-1216 (krb5) *CVE-2007-1103 VULNERABLE (tor) #230927 *CVE-2007-1092 version (seamonkey, fixed 1.0.8) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) *CVE-2007-1054 version (mediawiki, fixed 1.8.4) *CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991 +*CVE-2007-1036 (jboss) +*CVE-2007-1030 (libevent) +*CVE-2007-1007 (ekiga) *CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] *CVE-2007-1004 VULNERABLE (firefox, ...) *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 *CVE-2007-1002 VULNERABLE (evolution) #233587 +*CVE-2007-1001 (php) *CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] +*CVE-2007-0999 (ekiga) *CVE-2007-0998 version (qemu, fixed 0.8.2) *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] *CVE-2007-0996 version (seamonkey, fixed 1.0.8) *CVE-2007-0995 version (seamonkey, fixed 1.0.8) +*CVE-2007-0988 (php) *CVE-2007-0981 VULNERABLE (firefox, ...) *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 +*CVE-2007-0957 (krb5) +*CVE-2007-0956 (krb5) +*CVE-2007-0911 (php) +*CVE-2007-0910 (php) +*CVE-2007-0909 (php) +*CVE-2007-0908 (php) +*CVE-2007-0907 (php) +*CVE-2007-0906 (php) *CVE-2007-0903 version (ejabberd, fixed 1.1.3) *CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 @@ -128,7 +206,9 @@ *CVE-2007-0778 version (seamonkey, fixed 1.0.8) *CVE-2007-0777 version (seamonkey, fixed 1.0.8) *CVE-2007-0775 version (seamonkey, fixed 1.0.8) +*CVE-2007-0774 (mod_jk) *CVE-2007-0772 version (kernel) [since FEDORA-2007-291] +*CVE-2007-0771 (kernel) *CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 *CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 *CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated @@ -137,6 +217,8 @@ *CVE-2007-0653 VULNERABLE (xmms) #233705 *CVE-2007-0650 ignore (tetex) needs user's assistance *CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 +*CVE-2007-0578 (mpg321) +*CVE-2007-0555 (postgresql) *CVE-2007-0541 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469 @@ -153,18 +235,27 @@ *CVE-2007-0457 VULNERABLE (wireshark, fixed 0.99.5) #227140 *CVE-2007-0456 VULNERABLE (wireshark, fixed 0.99.5) #227140 *CVE-2007-0455 VULNERABLE (gd) #224610 +*CVE-2007-0454 (samba) +*CVE-2007-0452 (samba) *CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] +*CVE-2007-0450 (tomcat) +*CVE-2007-0448 (php) *CVE-2007-0405 version (Django, fixed 0.95.1) *CVE-2007-0404 version (Django, fixed 0.95.1) *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] *CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] +*CVE-2007-0243 (java-ibm) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 +*CVE-2007-0239 (openoffice.org) +*CVE-2007-0238 (openoffice.org) *CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage +*CVE-2007-0227 (slocate) *CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 *CVE-2007-0160 patch (centericq, fixed 4.21.0-9) #227791 +*CVE-2007-0157 (neon) *CVE-2007-0109 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0107 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101 @@ -172,6 +263,12 @@ *CVE-2007-0104 ignore (kdegraphics) only client DoS *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 *CVE-2007-0086 ignore (apache) not a security issue +*CVE-2007-0080 (freeradius) +*CVE-2007-0048 (acroread) +*CVE-2007-0046 (acroread) +*CVE-2007-0045 (acroread) +*CVE-2007-0044 (acroread) +*CVE-2007-0010 (gtk2) *CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] *CVE-2007-0009 ignore (seamonkey, uses system NSS) *CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] @@ -181,29 +278,48 @@ *CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226] *CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] *CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] +*CVE-2007-0001 (kernel) +*CVE-2006-7205 (php) +*CVE-2006-7204 (php) +*CVE-2006-7197 (tomcat) +*CVE-2006-7196 (tomcat) +*CVE-2006-7195 (tomcat) +*CVE-2006-7195 (tomcat) *CVE-2006-7193 ignore (php-Smarty, SMARTY_DIR is a constant) +*CVE-2006-7176 (sendmail) +*CVE-2006-7175 (sendmail) *CVE-2006-7162 version (putty, fixed 0.59) #231726 +*CVE-2006-7151 (libtool) +*CVE-2006-7139 (kmail) +*CVE-2006-7108 (util-linux) *CVE-2006-6979 backport (amarok, fixed 1.4.5-2) #228138 +*CVE-2006-6948 (myodbc) *CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6939 VULNERABLE (ed, fixed 0.3) #223075 *CVE-2006-6899 version (bluez-utils, fixed 2.23) *CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019] +*CVE-2006-6811 ignore (ksirc) DoS only *CVE-2006-6808 version (wordpress, fixed 2.1-0) #221023 *CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 *CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077] +*CVE-2006-6745 (java-ibm) +*CVE-2006-6736 (java-ibm) +*CVE-2006-6731 (java-ibm) *CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043] *CVE-2006-6698 VULNERABLE (GConf2) #219280 *CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible +*CVE-2006-6628 (openoffice.org) *CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6610 version (nexuiz, fixed 2.2.1) #220034 *CVE-2006-6609 version (nexuiz, fixed 2.2.1) #220034 *CVE-2006-6574 backport (mantis, fixed 1.0.6-2) #219937 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 +*CVE-2006-6561 (openoffice.org) *CVE-2006-6515 version (mantis, fixed 1.0.6) #219720 *CVE-2006-6505 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6504 version (seamonkey, fixed 1.0.7) #220516 @@ -214,6 +330,7 @@ *CVE-2006-6499 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6498 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6497 version (seamonkey, fixed 1.0.7) #220516 +*CVE-2006-6493 (openldap) *CVE-2006-6481 version (clamav, fixed 0.88.7) *CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 *CVE-2006-6385 ignore (kernel) windows only @@ -227,6 +344,8 @@ *CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441] *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6297 ignore (kdegraphics) just a crash +*CVE-2006-6238 (konqueror) probably safari only +*CVE-2006-6236 (acroread) *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 @@ -243,6 +362,9 @@ *CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] *CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067] +*CVE-2006-6103 (xorg-x11) +*CVE-2006-6102 (xorg-x11) +*CVE-2006-6101 (xorg-x11) *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] *CVE-2006-6085 version (kile, fixed 1.9.3) #217238 *CVE-2006-6077 VULNERABLE (firefox) @@ -252,18 +374,24 @@ *CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 +*CVE-2006-6027 (acroread) +*CVE-2006-6015 (pcre) *CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6 *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 *CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508 +*CVE-2006-5969 (fvwm) +*CVE-2006-5941 (net-snmp) *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] *CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4) *CVE-2006-5874 version (clamav, fixed 0.88.1) *CVE-2006-5871 version (kernel, fixed 2.6.10) +*CVE-2006-5870 (openoffice.org) *CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560 *CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] *CVE-2006-5864 VULNERABLE (evince) #217672 *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 +*CVE-2006-5857 (acroread) *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 @@ -273,8 +401,10 @@ *CVE-2006-5783 ignore (firefox) disputed *CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768 *CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 +*CVE-2006-5754 (kernel) *CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] *CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471] +*CVE-2006-5750 (jboss) *CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2) *CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] *CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822 @@ -314,6 +444,7 @@ *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280 *CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] +*CVE-2006-5330 (flash-plugin) *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 @@ -352,6 +483,7 @@ *CVE-2006-4925 ignore (openssh) client crash only *CVE-2006-4924 backport (openssh, fixed 4.4) *CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr +*CVE-2006-4816 (php) *CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-4813 version (kernel, fixed 2.6.13) *CVE-2006-4812 backport (php) php-5.1.6-ecalloc.patch @@ -369,6 +501,7 @@ *CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514 *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4663 ignore (kernel) not a vulnerability +*CVE-2006-4640 (flash-plugin) *CVE-2006-4625 ignore (php) safe mode isn't safe *CVE-2006-4624 version (mailman, fixed 2.1.9rc1) *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) @@ -429,6 +562,7 @@ *CVE-2006-4330 version (wireshark, fixed 0.99.3) *CVE-2006-4310 ignore (firefox) crash only *CVE-2006-4262 backport (cscope) +*CVE-2006-4261 (firefox) *CVE-2006-4253 version (thunderbird, fixed 1.5.0.7) *CVE-2006-4253 version (seamonkey, fixed 1.0.5) #209167 *CVE-2006-4253 version (firefox, fixed 1.5.0.7) @@ -439,9 +573,11 @@ *CVE-2006-4226 version (mysql, fixed 5.0.26,5.1.12) #203428 [since FEDORA-2006-1297] *CVE-2006-4192 patch (libmodplug, fixed 0.8-3) *CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 +*CVE-2006-4181 (gnuradius) *CVE-2006-4146 backport (gdb) *CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) +*CVE-2006-4124 (lesstif) *CVE-2006-4096 backport (bind) *CVE-2006-4095 backport (bind) *CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5) @@ -503,6 +639,7 @@ *CVE-2006-3740 version (libXfont, fixed 1.2.2) *CVE-2006-3739 version (libXfont, fixed 1.2.2) *CVE-2006-3738 backport (openssl, fixed 0.9.8d) +*CVE-2006-3733 ignore (jboss) cisco only *CVE-2006-3731 ignore (firefox) just a user complicit crash *CVE-2006-3694 version (ruby, fixed 1.8.5) *CVE-2006-3677 version (thunderbird, fixed 1.5.0.5) @@ -521,6 +658,7 @@ *CVE-2006-3627 version (wireshark, fixed 0.99.2) *CVE-2006-3626 version (kernel, fixed 2.6.17.6) *CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least) +*CVE-2006-3587 (flash-plugin) *CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable @@ -544,6 +682,8 @@ *CVE-2006-3376 backport (libwmf) from changelog *CVE-2006-3352 ignore (firefox) not a vulnerability *CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable +*CVE-2006-3311 (flash-plugin) +*CVE-2006-3276 (helixplayer) *CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12) *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) *CVE-2006-3174 version (squirrelmail, fixed 1.4.7) @@ -556,6 +696,7 @@ *CVE-2006-3113 version (thunderbird, fixed 1.5.0.5) *CVE-2006-3113 version (seamonkey, fixed 1.0.4) #200455 *CVE-2006-3113 version (firefox, fixed 1.5.0.5) +*CVE-2006-3093 ignore (acroread) windows only *CVE-2006-3085 version (kernel, fixed 2.6.17.1) *CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux *CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) @@ -565,6 +706,7 @@ *CVE-2006-3018 version (php, fixed 5.1.3) *CVE-2006-3017 version (php, fixed 5.1.3) *CVE-2006-3016 version (php, fixed 5.1.3) +*CVE-2006-3014 ignore (flash-plugin) windows only *CVE-2006-3011 ignore (php) safe mode isn't safe *CVE-2006-3005 ignore (libjpeg) not a vuln *CVE-2006-2941 version (mailman, fixed 2.1.9) @@ -613,17 +755,20 @@ *CVE-2006-2661 version (freetype, fixed 2.2.1) *CVE-2006-2660 ignore (php) see #195539 *CVE-2006-2658 version (xsp, fixed 1.1.14) #206510 +*CVE-2006-2657 (php) *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch *CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC *CVE-2006-2613 ignore (firefox) This isn't an issue on FC *CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_42-bz178431.patch *CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983 *CVE-2006-2563 ignore (php) safe mode isn't safe +*CVE-2006-2502 (cyrus-imapd) *CVE-2006-2489 version (nagios, fixed 2.3.1) *CVE-2006-2480 patch (dia, fixed 0.95-2) bz#192535 *CVE-2006-2453 patch (dia, fixed 0.95-3) #192830 *CVE-2006-2452 version (gdm) *CVE-2006-2451 version (kernel, fixed 2.6.17.4) +*CVE-2006-2450 (vnc) *CVE-2006-2449 version (kdebase, fixed 3.5.4) *CVE-2006-2448 version (kernel, fixed 2.6.17) *CVE-2006-2447 version (spamassassin, fixed 3.1.3) @@ -801,6 +946,7 @@ *CVE-2006-1490 version (php, fixed 5.1.4) *CVE-2006-1470 version (openldap, not 2.3.24 at least) *CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353 +*CVE-2006-1370 (helixplayer) *CVE-2006-1368 version (kernel, fixed 2.6.16) *CVE-2006-1354 version (freeradius, fixed 1.1.2 at least) *CVE-2006-1343 version (kernel, fixed 2.6.16.19) @@ -827,13 +973,16 @@ *CVE-2006-1057 version (gdm, fixed 2.14.1) *CVE-2006-1056 version (kernel, fixed 2.6.16.9) *CVE-2006-1055 version (kernel, fixed 2.6.17) +*CVE-2006-1053 (fedora directory server) *CVE-2006-1052 version (kernel, fixed 2.6.16) *CVE-2006-1045 version (thunderbird, fixed 1.5.0.2) *CVE-2006-1015 ignore (php) safe mode isn't safe *CVE-2006-1014 ignore (php) safe mode isn't safe *CVE-2006-0996 version (php, fixed 5.1.4) +*CVE-2006-0987 (bind) *CVE-2006-0903 version (mysql, 4.1.19) *CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) +*CVE-2006-0883 (openssh) *CVE-2006-0855 patch (zoo, patched in OpenSUSE "upstream", fixed 2.10-7) *CVE-2006-0847 version (python-cherrypy, fixed 2.1.1) *CVE-2006-0841 version (mantis, fixed 1.0.1) @@ -853,9 +1002,11 @@ *CVE-2006-0746 version (kdegraphics, fixed 3.4) *CVE-2006-0745 version (xorg-x11-server, fixed 1.1.1 at least) *CVE-2006-0744 version (kernel, fixed 2.6.16.5) +*CVE-2006-0743 (log4net) *CVE-2006-0742 version (kernel, fixed 2.6.16) *CVE-2006-0741 version (kernel, fixed 2.6.15.5) *CVE-2006-0730 version (dovecot, 1.0beta[12] only) +*CVE-2006-0709 (metamail) *CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert *CVE-2006-0670 version (bluez-hcidump, fixed 1.30) *CVE-2006-0665 version (mantis, fixed 1.0.1) @@ -879,9 +1030,13 @@ *CVE-2006-0456 ignore (kernel) s390 only *CVE-2006-0455 version (gnupg, fixed 1.4.2.1) *CVE-2006-0454 version (kernel, fixed 2.6.15.3) +*CVE-2006-0453 (fedora directory server) +*CVE-2006-0452 (fedora directory server) +*CVE-2006-0451 (fedora directory server) *CVE-2006-0405 version (libtiff, 3.8.0 only) *CVE-2006-0377 version (squirrelmail, fixed 1.4.6) *CVE-2006-0369 ignore (mysql) this is not a security issue +*CVE-2006-0323 (helixplayer) *CVE-2006-0322 version (mediawiki, fixed 1.5.8) *CVE-2006-0321 version (fetchmail, fixed 6.3.2) *CVE-2006-0301 version (poppler, fixed 0.4.5) @@ -919,9 +1074,12 @@ *CVE-2006-0195 version (squirrelmail, fixed 1.4.6) *CVE-2006-0188 version (squirrelmail, fixed 1.4.6) *CVE-2006-0162 version (clamav, fixed 0.88) +*CVE-2006-0151 (sudo) +*CVE-2006-0150 (auth_ldap) *CVE-2006-0144 version (php-pear, not 1.4.4) *CVE-2006-0126 version (rxvt-unicode, fixed 7.5) *CVE-2006-0106 version (wine, fixed 0.9.10) +*CVE-2006-0105 (postgresql) *CVE-2006-0097 ignore (php) Windows only *CVE-2006-0096 ignore (kernel) minor and requires root *CVE-2006-0095 version (kernel, fixed 2.6.16) @@ -931,12 +1089,19 @@ *CVE-2006-0052 version (mailman, fixed 2.1.6) *CVE-2006-0049 version (gnupg, fixed 1.4.2.2) *CVE-2006-0047 version (freeciv, fixed 2.0.8) bz#184507 +*CVE-2006-0043 ignore (nfs-server) we use the kernel nfs server *CVE-2006-0042 version (libapreq2, fixed 2.0.7) *CVE-2006-0039 version (kernel, fixed 2.6.16.17) *CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) +*CVE-2006-0024 (flash-plugin) *CVE-2006-0019 version (kdelibs, fixed 3.5.1) +*CVE-2006-0017 (fedora directory server) +*CVE-2006-0016 (fedora directory server) +*CVE-2005-4838 (tomcat) +*CVE-2005-4837 (net-snmp) +*CVE-2005-4836 (tomcat) *CVE-2005-4811 version (kernel, fixed 2.6.13) *CVE-2005-4809 VULNERABLE (firefox) *CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug @@ -958,6 +1123,7 @@ *CVE-2005-4635 version (kernel, fixed 2.6.15) *CVE-2005-4618 version (kernel, fixed 2.6.15) *CVE-2005-4605 version (kernel, fixed 2.6.15) +*CVE-2005-4601 (ImageMagick) *CVE-2005-4585 version (wireshark, fixed 0.10.14) *CVE-2005-4442 version (openldap) gentoo only *CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471] @@ -967,13 +1133,22 @@ *CVE-2005-4154 ignore (php) don't install untrusted pear packages *CVE-2005-4153 version (mailman) *CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html +*CVE-2005-4130 (helixplayer) +*CVE-2005-4126 (helixplayer) *CVE-2005-4077 version (curl, fixed 7.15.1) +*CVE-2005-3964 (openmotif) *CVE-2005-3962 version (perl, fixed 5.8.8) +*CVE-2005-3896 (firefox,seamonkey,thunderbird) +*CVE-2005-3891 (pidgin) +*CVE-2005-3890 (pidgin) +*CVE-2005-3889 (pidgin) +*CVE-2005-3888 (pidgin) *CVE-2005-3883 version (php, fixed 5.1.1 at least) *CVE-2005-3858 version (kernel, fixed 2.6.13) *CVE-2005-3857 version (kernel, fixed 2.6.15) *CVE-2005-3848 version (kernel, fixed 2.6.13) *CVE-2005-3847 version (kernel, fixed 2.6.12.6) +*CVE-2005-3812 (firefox,seamonkey,thunderbird) *CVE-2005-3810 version (kernel, fixed 2.6.15) *CVE-2005-3809 version (kernel, fixed 2.6.15) *CVE-2005-3808 version (kernel, fixed 2.6.15) @@ -992,6 +1167,7 @@ *CVE-2005-3651 version (wireshark, fixed 0.10.14) *CVE-2005-3632 version (netpbm) *CVE-2005-3631 version (udev) +*CVE-2005-3630 (fedora directory server) *CVE-2005-3629 version (initscripts, fixed 8.29 at least) *CVE-2005-3628 version (poppler, fixed 0.4.4) *CVE-2005-3628 version (kdegraphics, fixed 3.5.1) @@ -1014,9 +1190,11 @@ *CVE-2005-3624 version (cups, fixed 1.2.0) *CVE-2005-3624 backport (tetex) *CVE-2005-3623 version (kernel, fixed 2.6.14.5) +*CVE-2005-3591 (flash-plugin) *CVE-2005-3582 version (ImageMagick) gentoo only *CVE-2005-3573 version (mailman, fixed 2.1.7) *CVE-2005-3527 version (kernel, fixed 2.6.14) +*CVE-2005-3510 (tomcat) *CVE-2005-3402 ignore (thunderbird) mozilla say by design *CVE-2005-3392 version (php, not 5.0) *CVE-2005-3391 version (php, not 5.0) @@ -1027,9 +1205,11 @@ *CVE-2005-3358 version (kernel, fixed 2.6.11) *CVE-2005-3357 version (httpd, fixed 2.2.1) *CVE-2005-3356 version (kernel, fixed 2.6.16) +*CVE-2005-3354 (sylpheed) *CVE-2005-3353 version (php, not 5.0) *CVE-2005-3352 version (httpd, fixed 2.2.1) *CVE-2005-3351 version (spamassassin, fixed 3.1.0) +*CVE-2005-3350 (libungif) *CVE-2005-3322 version (squid) not upstream, SUSE only *CVE-2005-3319 ignore (mod_php) no security consequence *CVE-2005-3313 version (wireshark, fixed after 0.10.13) @@ -1039,6 +1219,7 @@ *CVE-2005-3273 version (kernel, fixed 2.6.12) *CVE-2005-3272 version (kernel, fixed 2.6.13) *CVE-2005-3271 version (kernel, fixed 2.6.9) +*CVE-2005-3269 (fedora directory server) *CVE-2005-3258 version (squid, fixed 2.5STABLE12) *CVE-2005-3257 version (kernel, fixed 2.6.15) *CVE-2005-3249 version (wireshark, fixed 0.10.13) @@ -1066,6 +1247,7 @@ *CVE-2005-3185 version (wget, fixed 1.10.2 at least) *CVE-2005-3185 version (curl, fixed 7.15) *CVE-2005-3184 version (wireshark, fixed 0.10.13) +*CVE-2005-3183 (w3c-libwww) *CVE-2005-3181 version (kernel, fixed 2.6.13.4) *CVE-2005-3180 version (kernel, fixed 2.6.13.4) *CVE-2005-3179 version (kernel, fixed 2.6.13.4) @@ -1088,7 +1270,9 @@ *CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts *CVE-2005-2978 version (netpbm, fixed 10.25) *CVE-2005-2977 version (pam, fixed 0.99.2.1 at least) +*CVE-2005-2976 (gdk-pixbuf) *CVE-2005-2975 version (gtk2, fixed 2.8.7) +*CVE-2005-2974 (libungif) *CVE-2005-2973 version (kernel, fixed 2.6.14) *CVE-2005-2970 version (httpd, not 2.2) *CVE-2005-2969 version (openssl, fixed 0.9.8a) @@ -1096,9 +1280,11 @@ *CVE-2005-2968 version (thunderbird) *CVE-2005-2968 version (firefox) *CVE-2005-2959 ignore (sudo) not a vulnerability +*CVE-2005-2958 (libgda) *CVE-2005-2946 version (openssl, fixed 0.9.8) *CVE-2005-2933 version (libc-client, fixed 2004g at least) *CVE-2005-2929 backport (lynx) changelog +*CVE-2005-2922 (helixplayer) *CVE-2005-2917 version (squid, fixed 2.5.STABLE11) *CVE-2005-2876 version (util-linux, fixed 2.13-pre3) *CVE-2005-2874 version (cups, fixed 1.1.23) @@ -1114,6 +1300,7 @@ *CVE-2005-2796 version (squid, fixed 2.5.STABLE11) *CVE-2005-2794 version (squid, fixed 2.5.STABLE11) *CVE-2005-2728 version (httpd, not 2.2) +*CVE-2005-2710 (helixplayer) *CVE-2005-2709 version (kernel, fixed 2.6.14.3) *CVE-2005-2708 ignore (kernel) not reproducable on x86_64 *CVE-2005-2707 version (thunderbird) @@ -1135,6 +1322,8 @@ *CVE-2005-2666 version (openssh, fixed 4.0p1) *CVE-2005-2642 version (mutt) openbsd only *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180) +*CVE-2005-2629 (helixplayer) +*CVE-2005-2628 (flash-plugin) *CVE-2005-2617 version (kernel, fixed 2.6.12.5) *CVE-2005-2602 ignore (thunderbird) probably *CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085 @@ -1213,6 +1402,7 @@ *CVE-2005-2096 version (rpm, fixed 4.4.2) *CVE-2005-2096 backport (zlib, fixed 1.2.2.4) *CVE-2005-2095 version (squirrelmail, fixed 1.4.5) +*CVE-2005-2090 (tomcat) *CVE-2005-2088 version (httpd, not 2.2) *CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch @@ -1239,11 +1429,13 @@ *CVE-2005-1760 version (sysreport, fixed 1.4.1-3) *CVE-2005-1759 ignore (php) dead code path *CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used +*CVE-2005-1753 (tomcat) *CVE-2005-1751 version (nmap, fixed 3.93 at least) *CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used *CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable *CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least) *CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3) +*CVE-2005-1730 (openssl) *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch *CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least) *CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch @@ -1257,6 +1449,7 @@ *CVE-2005-1532 version (firefox, fixed 1.0.4) *CVE-2005-1531 version (firefox, fixed 1.0.4) *CVE-2005-1519 version (squid, fixed 2.5.STABLE10) +*CVE-2005-1476 (firefox,seamonkey,thunderbird) *CVE-2005-1470 version (wireshark, fixed 0.10.11) *CVE-2005-1469 version (wireshark, fixed 0.10.11) *CVE-2005-1468 version (wireshark, fixed 0.10.11) @@ -1367,11 +1560,13 @@ *CVE-2005-0709 version (mysql, fixed 4.1.11) *CVE-2005-0705 version (wireshark, fixed after 0.10.9) *CVE-2005-0704 version (wireshark, fixed after 0.10.9) +*CVE-2005-0699 (wireshark) *CVE-2005-0698 version (wireshark, fixed after 0.10.9) *CVE-2005-0664 version (libexif, fixed 0.6.12) *CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless *CVE-2005-0627 version (qt, fixed 3.3.4) *CVE-2005-0626 version (squid, fixed 2.5.STABLE10) +*CVE-2005-0611 (helixplayer) *CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) *CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour *CVE-2005-0596 version (php, fixed 5.0) @@ -1389,6 +1584,7 @@ *CVE-2005-0584 version (firefox) *CVE-2005-0578 version (firefox) *CVE-2005-0565 version (kernel, not 2.6) +*CVE-2005-0546 (cyrus-imapd) *CVE-2005-0532 version (kernel, fixed 2.6.11) *CVE-2005-0531 version (kernel, fixed 2.6.11) *CVE-2005-0530 version (kernel, fixed 2.6.11) @@ -1409,6 +1605,8 @@ *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch *CVE-2005-0468 version (krb5, fixed 1.4.1) *CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch +*CVE-2005-0455 (helixplayer) +*CVE-2005-0452 (perl) *CVE-2005-0449 version (kernel, fixed 2.6.11) *CVE-2005-0448 version (perl, fixed 5.8.6) *CVE-2005-0446 version (squid, fixed 2.5.STABLE9) @@ -1451,6 +1649,8 @@ *CVE-2005-0202 version (mailman, fixed 2.1.6) *CVE-2005-0201 version (dbus, fixed 0.36.1) *CVE-2005-0194 version (squid, fixed 2.5.STABLE8) +*CVE-2005-0191 (helixplayer) +*CVE-2005-0189 (helixplayer) *CVE-2005-0180 version (kernel, fixed 2.6.11) *CVE-2005-0179 version (kernel, fixed 2.6.11) *CVE-2005-0178 version (kernel, fixed 2.6.11) @@ -1509,6 +1709,7 @@ *CVE-2005-0034 version (bind, fixed after 9.3.0) *CVE-2005-0033 version (bind, not 9) *CVE-2005-0023 ignore (libvte) not a security risk +*CVE-2005-0022 (exim) *CVE-2005-0014 version (ncpfs, fixed 2.2.6) *CVE-2005-0013 version (ncpfs, fixed 2.2.6) *CVE-2005-0011 version (kdeedu, not 3.4) @@ -1523,7 +1724,10 @@ *CVE-2005-0001 version (kernel, fixed 2.6.10) *CVE-2004-2660 version (kernel, fixed 2.6.10) *CVE-2004-2657 ignore (firefox) windows only +*CVE-2004-2655 (xscreensaver) *CVE-2004-2654 version (squid, fixed 2.6STABLE6) +*CVE-2004-2645 (asn1c) +*CVE-2004-2644 (asn1c) *CVE-2004-2607 version (kernel, fixed 2.6.5) *CVE-2004-2589 version (gaim, fixed 0.82) *CVE-2004-2546 version (samba, fixed 3.0.6) @@ -1603,6 +1807,7 @@ *CVE-2004-1184 version (enscript, fixed 1.6.4 at least) *CVE-2004-1183 version (libtiff, fixed 3.7.2) *CVE-2004-1180 version (rwho, fixed 0.17) +*CVE-2004-1178 (mailman) *CVE-2004-1177 version (mailman, fixed 2.1.6) *CVE-2004-1176 version (mc, fixed 4.6.0) *CVE-2004-1175 version (mc, fixed 4.6.0) @@ -1801,6 +2006,7 @@ *CVE-2004-0558 version (cups, fixed 1.1.21) *CVE-2004-0557 version (sox, fixed after 12.17.4) *CVE-2004-0554 version (kernel, fixed 2.6.7) +*CVE-2004-0550 (helixplayer) *CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue *CVE-2004-0547 version (postgresql, fixed 7.2.1) *CVE-2004-0541 version (squid) @@ -1850,6 +2056,7 @@ *CVE-2004-0394 version (kernel, not 2.6) also not a vulnerability *CVE-2004-0392 version (racoon, fixed 20040407b) *CVE-2004-0388 version (mysql, fixed 4.1.11 at least) +*CVE-2004-0387 (helixplayer) *CVE-2004-0381 version (mysql, fixed 4.1.11 at least) *CVE-2004-0367 version (wireshark, fixed 0.10.3) *CVE-2004-0365 version (wireshark, fixed 0.10.3) @@ -1858,11 +2065,13 @@ *CVE-2004-0233 version (libutempter, fixed 0.5.5) *CVE-2004-0232 version (mc, fixed 4.6.0) *CVE-2004-0231 version (mc, fixed 4.6.0) +*CVE-2004-0230 (kernel) *CVE-2004-0229 version (kernel, fixed 2.6.6) *CVE-2004-0228 version (kernel, fixed 2.6.6) *CVE-2004-0226 version (mc, fixed 4.6.0) *CVE-2004-0189 version (squid, fixed 2.5.STABLE5) *CVE-2004-0186 version (samba, not 3.0.2a) +*CVE-2004-0185 (wu-ftpd) *CVE-2004-0184 version (tcpdump, fixed 3.8.2) *CVE-2004-0183 version (tcpdump, fixed 3.8.2) *CVE-2004-0182 version (mailman) only affected Red Hat packages @@ -1917,9 +2126,12 @@ *CVE-2004-0005 version (gaim, fixed 0.76) *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) +*CVE-2003-1329 (wu-ftpd) *CVE-2003-1307 ignore (mod_php) not a vulnerability *CVE-2003-1303 version (php, fixed 4.3.3) *CVE-2003-1302 version (php, fixed 4.3.1) +*CVE-2003-1295 (xscreensaver) +*CVE-2003-1294 (xscreensaver) *CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 *CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 *CVE-2003-1232 version (emacs, fixed 21.3) @@ -1963,6 +2175,7 @@ *CVE-2003-0914 version (bind, not 9) *CVE-2003-0901 version (postgresql, not 8) *CVE-2003-0900 version (perl, only 5.8.1) +*CVE-2003-0885 (xscreensaver) *CVE-2003-0865 version (tomcat, fixed after 4.0.3) *CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html *CVE-2003-0861 version (php, fixed 4.3.3) @@ -2387,8 +2600,19 @@ *CVE-2002-0002 version (stunnel, fixed 3.22) *CVE-2002-0001 version (mutt, fixed 1.3.25) *CVE-2001-1494 version (util-linux, fixed 2.11n) +*CVE-2001-1429 (mc) *CVE-2001-0955 version (XFree86, fixed 4.2.0) +*CVE-2001-0935 (wu-ftpd) *CVE-2001-0474 version (mesa, fixed 3.3-14) +*CVE-2001-0310 (sort) +*CVE-2001-0235 (vixie-cron) +*CVE-2001-0187 (wu-ftpd) *CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch +*CVE-2000-1137 (ed) +*CVE-2000-0992 (krb5) *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch +*CVE-1999-1332 (gzip) +*CVE-1999-0997 (wu-ftpd) +*CVE-1999-0710 (squid) +*CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 10 months

1
0
0 / 0

[Bug 240398] New: CVE-2007-2445: libpng10 DoS

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240398 Summary: CVE-2007-2445: libpng10 DoS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: libpng10 AssignedTo: paul(a)city-fan.org ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445 "The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 11 months

1
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] June 2007