fedora-security/audit fc7,1.5,1.6
by fedora-extras-commits@redhat.com
Author: kevin
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19805
Modified Files:
fc7
Log Message:
Process openssh
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- fc7 12 Jun 2007 20:40:54 -0000 1.5
+++ fc7 13 Jun 2007 02:28:16 -0000 1.6
@@ -23,7 +23,7 @@
*CVE-2007-2843 ignore (konqueror) safari specific
*CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970
*CVE-2007-2799 (file)
-*CVE-2007-2768 (openssh)
+CVE-2007-2768 VULNERABLE (openssh)
*CVE-2007-2756 ignore (gd) DoS only
*CVE-2007-2754 (freetype)
*CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
@@ -54,7 +54,7 @@
*CVE-2007-2356 (gimp)
*CVE-2007-2353 (axis)
*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
-*CVE-2007-2243 (openssh)
+CVE-2007-2243 VULNERABLE (openssh, fixed 4.6)
*CVE-2007-2241 (bind)
*CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction
*CVE-2007-2172 (kernel)
@@ -395,7 +395,7 @@
*CVE-2006-5848 version (trac, fixed 0.10.1) #215077
*CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
*CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
-*CVE-2006-5794 backport (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215]
+CVE-2006-5794 version (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215]
*CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263
*CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash
*CVE-2006-5783 ignore (firefox) disputed
@@ -449,7 +449,7 @@
*CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
*CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
*CVE-2006-5276 VULNERABLE (snort) #229265
-*CVE-2006-5229 ignore (openssh) not reproduced
+CVE-2006-5229 ignore (openssh) not reproduced
*CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167
*CVE-2006-5215 version (xorg-x11-xdm)
*CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession
@@ -466,8 +466,8 @@
*CVE-2006-5129 version (moodle, fixed 1.6.3) #206516
*CVE-2006-5111 version (libksba, fixed 0.9.14)
*CVE-2006-5072 backport (mono)
-*CVE-2006-5052 VULNERABLE (openssh, fixed 4.4)
-*CVE-2006-5051 backport (openssh, fixed 4.4)
+CVE-2006-5052 version (openssh, fixed 4.4)
+CVE-2006-5051 version (openssh, fixed 4.4) #208459
*CVE-2006-4997 version (kernel, fixed 2.6.18)
*CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA
*CVE-2006-4976 ** (php-adodb) #208299
@@ -480,8 +480,8 @@
*CVE-2006-4937 version (moodle, fixed 1.6.3) #206516
*CVE-2006-4936 version (moodle, fixed 1.6.3) #206516
*CVE-2006-4935 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4925 ignore (openssh) client crash only
-*CVE-2006-4924 backport (openssh, fixed 4.4)
+CVE-2006-4925 ignore (openssh) client crash only
+CVE-2006-4924 version (openssh, fixed 4.4) #207957
*CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr
*CVE-2006-4816 (php)
*CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058]
@@ -982,7 +982,7 @@
*CVE-2006-0987 (bind)
*CVE-2006-0903 version (mysql, 4.1.19)
*CVE-2006-0884 version (thunderbird, fixed 1.5.0.2)
-*CVE-2006-0883 (openssh)
+CVE-2006-0883 version (openssh, fixed 3.8.1p1)
*CVE-2006-0855 patch (zoo, patched in OpenSUSE "upstream", fixed 2.10-7)
*CVE-2006-0847 version (python-cherrypy, fixed 2.1.1)
*CVE-2006-0841 version (mantis, fixed 1.0.1)
@@ -1066,7 +1066,7 @@
*CVE-2006-0292 version (firefox, fixed 1.5.1)
*CVE-2006-0254 version (tomcat5, fixed 5.5.16)
*CVE-2006-0236 ignore (thunderbird) windows only
-*CVE-2006-0225 version (openssh, fixed 4.3p2)
+CVE-2006-0225 version (openssh, fixed 4.3p2) #168167
*CVE-2006-0208 version (php, fixed 5.1.2)
*CVE-2006-0207 version (php, fixed 5.1.2)
*CVE-2006-0200 version (php, fixed 5.1.2)
@@ -1295,8 +1295,8 @@
*CVE-2005-2811 version (net-snmp) not upstream, gentoo only
*CVE-2005-2801 version (kernel, fixed 2.6.11)
*CVE-2005-2800 version (kernel, fixed 2.6.12.6)
-*CVE-2005-2798 version (openssh, fixed 4.2)
-*CVE-2005-2797 version (openssh, fixed 4.2)
+CVE-2005-2798 version (openssh, fixed 4.2)
+CVE-2005-2797 version (openssh, fixed 4.2)
*CVE-2005-2796 version (squid, fixed 2.5.STABLE11)
*CVE-2005-2794 version (squid, fixed 2.5.STABLE11)
*CVE-2005-2728 version (httpd, not 2.2)
@@ -1319,7 +1319,7 @@
*CVE-2005-2700 version (httpd, not 2.2)
*CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch
*CVE-2005-2672 version (lm_sensors, fixed 2.9.2)
-*CVE-2005-2666 version (openssh, fixed 4.0p1)
+CVE-2005-2666 version (openssh, fixed 4.0p1)
*CVE-2005-2642 version (mutt) openbsd only
*CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
*CVE-2005-2629 (helixplayer)
@@ -1751,7 +1751,7 @@
*CVE-2004-2136 ignore (dm-crypt) design
*CVE-2004-2135 ignore (kernel) design
CVE-2004-2093 ignore (rsync) not a security issue (rsync is not setuid)
-*CVE-2004-2069 version (openssh, not 4)
+CVE-2004-2069 version (openssh, not 4)
*CVE-2004-2014 version (wget, fixed 1.10.1)
*CVE-2004-2013 version (kernel, not 2.6)
*CVE-2004-2004 version (configuration) SUSE only
@@ -1761,7 +1761,7 @@
*CVE-2004-1772 version (sharutils, not 4.6)
*CVE-2004-1761 version (wireshark, fixed 0.10.3)
*CVE-2004-1689 version (sudo, fixed 1.6.8p1)
-*CVE-2004-1653 ignore (openssh)
+CVE-2004-1653 ignore (openssh)
*CVE-2004-1639 version (firefox)
*CVE-2004-1617 ignore (lynx) not able to verify flaw
*CVE-2004-1488 version (wget, fixed 1.10.1)
@@ -2082,7 +2082,7 @@
*CVE-2004-0178 version (kernel, not 2.6)
*CVE-2004-0177 version (kernel, fixed 2.6.6)
*CVE-2004-0176 version (wireshark, fixed 0.10.3)
-*CVE-2004-0175 version (openssh, fixed 3.4p1)
+CVE-2004-0175 version (openssh, fixed 3.4p1)
*CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch
*CVE-2004-0174 version (httpd, not 2.2)
*CVE-2004-0173 version (httpd, not 2.2)
@@ -2193,8 +2193,8 @@
*CVE-2003-0792 version (fetchmail, 6.2.4 only)
*CVE-2003-0789 version (httpd, not 2.2)
*CVE-2003-0788 version (cups, fixed 1.1.19)
-*CVE-2003-0787 version (openssh, fixed 3.7.1p2)
-*CVE-2003-0786 version (openssh, fixed 3.7.1p2)
+CVE-2003-0787 version (openssh, fixed 3.7.1p2)
+CVE-2003-0786 version (openssh, fixed 3.7.1p2)
*CVE-2003-0780 version (mysql, not 4.1)
*CVE-2003-0778 version (sane-backends, fixed 1.0.10)
*CVE-2003-0777 version (sane-backends, fixed 1.0.10)
@@ -2206,15 +2206,15 @@
*CVE-2003-0730 version (XFree86, fixed after 4.3.0)
*CVE-2003-0700 version (kernel, not 2.6)
*CVE-2003-0699 version (kernel, not 2.6)
-*CVE-2003-0695 version (openssh, fixed 3.7.1)
+CVE-2003-0695 version (openssh, fixed 3.7.1)
*CVE-2003-0694 version (sendmail, fixed 8.12.10)
-*CVE-2003-0693 version (openssh, fixed 3.7)
+CVE-2003-0693 version (openssh, fixed 3.7)
*CVE-2003-0692 version (kde, fixed after 3.1.3)
*CVE-2003-0690 version (kde, fixed after 3.1.3)
*CVE-2003-0689 version (glibc, fixed 2.3.2 at least)
*CVE-2003-0688 version (sendmail, fixed 8.12.9)
*CVE-2003-0686 version (pam_smb, fixed 1.1.7)
-*CVE-2003-0682 version (openssh, fixed 4.0p1 at least)
+CVE-2003-0682 version (openssh, fixed 4.0p1 at least)
*CVE-2003-0681 version (sendmail, fixed 8.12.10)
*CVE-2003-0655 version (cdrtools, fixed 2.01a18)
*CVE-2003-0644 version (kdbg, not after 1.2.8)
@@ -2260,7 +2260,7 @@
*CVE-2003-0427 backport (mikmod) from changelog
*CVE-2003-0418 version (kernel, not 2.6)
*CVE-2003-0388 version (pam, fixed 0.78)
-*CVE-2003-0386 version (openssh, fixed after 3.6.1)
+CVE-2003-0386 version (openssh, fixed after 3.6.1)
*CVE-2003-0370 version (kde, fixed 3.0)
*CVE-2003-0367 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch
*CVE-2003-0364 version (kernel, not 2.6)
@@ -2291,7 +2291,7 @@
*CVE-2003-0195 version (cups, fixed 1.1.19)
*CVE-2003-0194 version (tcpdump, not upstream)
*CVE-2003-0192 version (httpd, not 2.2)
-*CVE-2003-0190 version (openssh, fixed 3.6.1p1)
+CVE-2003-0190 version (openssh, fixed after 3.6.1p1)
*CVE-2003-0189 version (httpd, not 2.2)
*CVE-2003-0188 version (lv, fixed 4.51 at least)
*CVE-2003-0187 version (kernel, not 2.6)
@@ -2520,10 +2520,10 @@
*CVE-2002-0655 version (openssl097a, not 0.9.7)
*CVE-2002-0653 version (mod_ssl, not httpd 2.2)
*CVE-2002-0651 version (bind, not 9)
-*CVE-2002-0640 version (openssh, fixed after 3.3)
-*CVE-2002-0639 version (openssh, fixed after 3.3)
+CVE-2002-0640 version (openssh, fixed after 3.3)
+CVE-2002-0639 version (openssh, fixed after 3.3)
*CVE-2002-0638 version (util-linux, fixed 2.13 at least)
-*CVE-2002-0575 version (openssh, fixed 3.2.1)
+CVE-2002-0575 version (openssh, fixed 3.2.1)
*CVE-2002-0570 ignore (kernel) not a vulnerability
*CVE-2002-0517 version (XFree86) didn't affect Linux
*CVE-2002-0516 version (squirrelmail, fixed 1.2.6)
@@ -2573,7 +2573,7 @@
*CVE-2002-0129 ignore (efax) not setuid root
*CVE-2002-0121 version (php, fixed after 4.1.1)
*CVE-2002-0092 version (cve, fixed 1.10.8)
-*CVE-2002-0083 version (openssh, fixed 3.1)
+CVE-2002-0083 version (openssh, fixed 3.1)
*CVE-2002-0082 version (mod_ssl, not httpd 2.2)
*CVE-2002-0081 version (php, not 4.2+)
CVE-2002-0080 version (rsync, fixed 2.5.3)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 10 months
fedora-security/audit fc7,1.9,1.10
by fedora-extras-commits@redhat.com
Author: kevin
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16293
Modified Files:
fc7
Log Message:
process some kernel cve's
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- fc7 13 Jun 2007 21:39:40 -0000 1.9
+++ fc7 14 Jun 2007 03:53:59 -0000 1.10
@@ -58,7 +58,7 @@
CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped.
*CVE-2007-2241 (bind)
*CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction
-*CVE-2007-2172 (kernel)
+CVE-2007-2172 version (kernel, fixed 2.6.21-rc6)
*CVE-2007-2165 VULNERABLE (proftpd) #237533
*CVE-2007-2138 (postgresql)
*CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1)
@@ -111,7 +111,7 @@
*CVE-2007-1536 (file)
*CVE-2007-1521 (php)
*CVE-2007-1515 version (imp, fixed 4.1.4)
-*CVE-2007-1496 (kernel)
+CVE-2007-1496 version (kernel, fixed 2.6.20.3)
*CVE-2007-1484 (php)
*CVE-2007-1475 ignore (php) unshipped ibase extension
*CVE-2007-1474 version (horde, fixed 3.1.4)
@@ -175,7 +175,7 @@
*CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263
*CVE-2007-1002 VULNERABLE (evolution) #233587
*CVE-2007-1001 (php)
-*CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
+CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335]
*CVE-2007-0999 (ekiga)
*CVE-2007-0998 version (qemu, fixed 0.8.2)
*CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343]
@@ -208,8 +208,8 @@
*CVE-2007-0777 version (seamonkey, fixed 1.0.8)
*CVE-2007-0775 version (seamonkey, fixed 1.0.8)
*CVE-2007-0774 (mod_jk)
-*CVE-2007-0772 version (kernel) [since FEDORA-2007-291]
-*CVE-2007-0771 (kernel)
+CVE-2007-0772 version (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
+CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952
*CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758
*CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456
*CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated
@@ -275,11 +275,10 @@
*CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
*CVE-2007-0008 ignore (seamonkey, uses system NSS)
*CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233
-*CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
-*CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226]
-*CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
+CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
+CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
*CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
-*CVE-2007-0001 (kernel)
+CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected
*CVE-2006-7205 (php)
*CVE-2006-7204 (php)
*CVE-2006-7197 (tomcat)
@@ -334,14 +333,14 @@
*CVE-2006-6493 (openldap)
*CVE-2006-6481 version (clamav, fixed 0.88.7)
*CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
-*CVE-2006-6385 ignore (kernel) windows only
+CVE-2006-6385 ignore (kernel) windows only
*CVE-2006-6383 ignore (php) safe mode isn't safe
*CVE-2006-6374 ** (phpMyAdmin) #218853
*CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
-*CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
-*CVE-2006-6332 ignore (kernel) no support for madwifi
+CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
+CVE-2006-6332 ignore (kernel) no support for madwifi
*CVE-2006-6305 ignore (net-snmp) already have the backported patch
-*CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
+CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
*CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441]
*CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
*CVE-2006-6297 ignore (kdegraphics) just a crash
@@ -356,11 +355,11 @@
CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456
CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456
*CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
-*CVE-2006-6128 VULNERABLE (kernel, fixed **)
+CVE-2006-6128 VULNERABLE (kernel, fixed **)
*CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped)
*CVE-2006-6120 version (koffice, fixed 1.6.1) #218030
*CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2) #219665
-*CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
+CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
*CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
*CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067]
*CVE-2006-6103 (xorg-x11)
@@ -369,10 +368,10 @@
*CVE-2006-6097 backport (tar) [since FEDORA-2006-1393]
*CVE-2006-6085 version (kile, fixed 1.9.3) #217238
*CVE-2006-6077 VULNERABLE (firefox)
-*CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
-*CVE-2006-6058 VULNERABLE (kernel, fixed **)
-*CVE-2006-6057 VULNERABLE (kernel, fixed **)
-*CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
+CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
+CVE-2006-6058 VULNERABLE (kernel, fixed **)
+CVE-2006-6057 VULNERABLE (kernel, fixed **)
+CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
*CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
*CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
CVE-2006-6027 ignore, no-ship (acroread)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 10 months
fedora-security/audit fc7,1.8,1.9
by fedora-extras-commits@redhat.com
Author: kevin
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24851
Modified Files:
fc7
Log Message:
Update 2 openssh cves
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- fc7 13 Jun 2007 18:06:54 -0000 1.8
+++ fc7 13 Jun 2007 21:39:40 -0000 1.9
@@ -24,7 +24,7 @@
*CVE-2007-2843 ignore (konqueror) safari specific
*CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970
*CVE-2007-2799 (file)
-CVE-2007-2768 VULNERABLE (openssh)
+CVE-2007-2768 ignore (openssh) needs pam OPIE which is not shipped.
*CVE-2007-2756 ignore (gd) DoS only
*CVE-2007-2754 (freetype)
*CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
@@ -55,7 +55,7 @@
*CVE-2007-2356 (gimp)
*CVE-2007-2353 (axis)
*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
-CVE-2007-2243 VULNERABLE (openssh, fixed 4.6)
+CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped.
*CVE-2007-2241 (bind)
*CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction
*CVE-2007-2172 (kernel)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 10 months
fedora-security/audit fc7,1.7,1.8
by fedora-extras-commits@redhat.com
Author: bressers
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26004
Modified Files:
fc7
Log Message:
Deal with the squid CVE ids.
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- fc7 13 Jun 2007 14:00:41 -0000 1.7
+++ fc7 13 Jun 2007 18:06:54 -0000 1.8
@@ -100,7 +100,7 @@
*CVE-2007-1565 ignore (konqueror) client crash
*CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564]
*CVE-2007-1562 (firefox, seamonkey, thunderbird)
-*CVE-2007-1560 (squid)
+CVE-2007-1560 version (squid, fixed 2.6.STABLE12)
*CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
*CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1)
*CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
@@ -245,8 +245,8 @@
*CVE-2007-0404 version (Django, fixed 0.95.1)
*CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only)
*CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101
-*CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
-*CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
+CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
+CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
CVE-2007-0243 ignore, no-ship (java-ibm)
*CVE-2007-0242 patch (qt4, fixed 4.2.3-7)
*CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
@@ -1211,7 +1211,7 @@
*CVE-2005-3352 version (httpd, fixed 2.2.1)
*CVE-2005-3351 version (spamassassin, fixed 3.1.0)
*CVE-2005-3350 (libungif)
-*CVE-2005-3322 version (squid) not upstream, SUSE only
+CVE-2005-3322 version (squid) not upstream, SUSE only
*CVE-2005-3319 ignore (mod_php) no security consequence
*CVE-2005-3313 version (wireshark, fixed after 0.10.13)
*CVE-2005-3276 version (kernel, fixed 2.6.12.4)
@@ -1221,7 +1221,7 @@
*CVE-2005-3272 version (kernel, fixed 2.6.13)
*CVE-2005-3271 version (kernel, fixed 2.6.9)
*CVE-2005-3269 (fedora directory server)
-*CVE-2005-3258 version (squid, fixed 2.5STABLE12)
+CVE-2005-3258 version (squid, fixed 2.5STABLE12)
*CVE-2005-3257 version (kernel, fixed 2.6.15)
*CVE-2005-3249 version (wireshark, fixed 0.10.13)
*CVE-2005-3248 version (wireshark, fixed 0.10.13)
@@ -1286,7 +1286,7 @@
*CVE-2005-2933 version (libc-client, fixed 2004g at least)
*CVE-2005-2929 backport (lynx) changelog
*CVE-2005-2922 (helixplayer)
-*CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
+CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
*CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
*CVE-2005-2874 version (cups, fixed 1.1.23)
*CVE-2005-2873 version (kernel, fixed 2.6.18-rc1)
@@ -1298,8 +1298,8 @@
*CVE-2005-2800 version (kernel, fixed 2.6.12.6)
CVE-2005-2798 version (openssh, fixed 4.2)
CVE-2005-2797 version (openssh, fixed 4.2)
-*CVE-2005-2796 version (squid, fixed 2.5.STABLE11)
-*CVE-2005-2794 version (squid, fixed 2.5.STABLE11)
+CVE-2005-2796 version (squid, fixed 2.5.STABLE11)
+CVE-2005-2794 version (squid, fixed 2.5.STABLE11)
*CVE-2005-2728 version (httpd, not 2.2)
*CVE-2005-2710 (helixplayer)
*CVE-2005-2709 version (kernel, fixed 2.6.14.3)
@@ -1449,7 +1449,7 @@
*CVE-2005-1532 version (thunderbird)
*CVE-2005-1532 version (firefox, fixed 1.0.4)
*CVE-2005-1531 version (firefox, fixed 1.0.4)
-*CVE-2005-1519 version (squid, fixed 2.5.STABLE10)
+CVE-2005-1519 version (squid, fixed 2.5.STABLE10)
*CVE-2005-1476 (firefox,seamonkey,thunderbird)
*CVE-2005-1470 version (wireshark, fixed 0.10.11)
*CVE-2005-1469 version (wireshark, fixed 0.10.11)
@@ -1473,7 +1473,7 @@
*CVE-2005-1409 version (postgresql, fixed 8.0.1)
*CVE-2005-1369 version (kernel, fixed 2.6.12)
*CVE-2005-1368 version (kernel, fixed 2.6.12)
-*CVE-2005-1345 version (squid, fixed 2.5.STABLE10)
+CVE-2005-1345 version (squid, fixed 2.5.STABLE10)
*CVE-2005-1344 ignore (httpd) not a vulnerability
*CVE-2005-1281 version (wireshark, fixed 0.10.11)
*CVE-2005-1280 version (tcpdump, fixed 3.9.2)
@@ -1555,7 +1555,7 @@
*CVE-2005-0749 version (kernel, fixed 2.6.11.6)
*CVE-2005-0739 version (wireshark, fixed after 0.10.9)
*CVE-2005-0736 version (kernel, fixed 2.6.11)
-*CVE-2005-0718 version (squid, fixed 2.5.STABLE8)
+CVE-2005-0718 version (squid, fixed 2.5.STABLE8)
*CVE-2005-0711 version (mysql, fixed 4.1.11)
*CVE-2005-0710 version (mysql, fixed 4.1.11)
*CVE-2005-0709 version (mysql, fixed 4.1.11)
@@ -1566,7 +1566,7 @@
*CVE-2005-0664 version (libexif, fixed 0.6.12)
*CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless
*CVE-2005-0627 version (qt, fixed 3.3.4)
-*CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
+CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
*CVE-2005-0611 (helixplayer)
*CVE-2005-0605 version (libXpm, fixed 3.5.4 at least)
*CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour
@@ -1610,7 +1610,7 @@
*CVE-2005-0452 (perl)
*CVE-2005-0449 version (kernel, fixed 2.6.11)
*CVE-2005-0448 version (perl, fixed 5.8.6)
-*CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
+CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
*CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020
*CVE-2005-0403 version (kernel) not upstream
*CVE-2005-0402 version (firefox, fixed 1.0.2)
@@ -1631,7 +1631,7 @@
*CVE-2005-0246 version (postgresql, fixed 8.0.1)
*CVE-2005-0245 version (postgresql, fixed 8.0.1)
*CVE-2005-0244 version (postgresql, fixed 8.0.1)
-*CVE-2005-0241 version (squid, fixed 2.5.STABLE8)
+CVE-2005-0241 version (squid, fixed 2.5.STABLE8)
*CVE-2005-0238 version (epiphany, fixed since mozilla 1.7.6)
*CVE-2005-0237 version (kdelibs, fixed 3.4.0)
*CVE-2005-0233 version (firefox, fixed 1.0.1)
@@ -1640,7 +1640,7 @@
*CVE-2005-0230 version (thunderbird, fixed 1.0.2)
*CVE-2005-0230 version (firefox, fixed 1.0.1)
*CVE-2005-0227 version (postgresql, fixed 8.0.1)
-*CVE-2005-0211 version (squid, fixed 2.5.STABLE8)
+CVE-2005-0211 version (squid, fixed 2.5.STABLE8)
*CVE-2005-0210 version (kernel, fixed 2.6.11)
*CVE-2005-0209 version (kernel, fixed 2.6.11)
*CVE-2005-0208 version (gaim, fixed 1.1.4)
@@ -1649,7 +1649,7 @@
*CVE-2005-0204 version (kernel) didn't affect upstream
*CVE-2005-0202 version (mailman, fixed 2.1.6)
*CVE-2005-0201 version (dbus, fixed 0.36.1)
-*CVE-2005-0194 version (squid, fixed 2.5.STABLE8)
+CVE-2005-0194 version (squid, fixed 2.5.STABLE8)
*CVE-2005-0191 (helixplayer)
*CVE-2005-0189 (helixplayer)
*CVE-2005-0180 version (kernel, fixed 2.6.11)
@@ -1657,9 +1657,9 @@
*CVE-2005-0178 version (kernel, fixed 2.6.11)
*CVE-2005-0177 version (kernel, fixed 2.6.11)
*CVE-2005-0176 version (kernel, fixed 2.6.10) only affected 2.6.9
-*CVE-2005-0175 version (squid, fixed 2.5.STABLE8)
-*CVE-2005-0174 version (squid, fixed 2.5.STABLE8)
-*CVE-2005-0173 version (squid, fixed 2.5.STABLE8)
+CVE-2005-0175 version (squid, fixed 2.5.STABLE8)
+CVE-2005-0174 version (squid, fixed 2.5.STABLE8)
+CVE-2005-0173 version (squid, fixed 2.5.STABLE8)
*CVE-2005-0162 version (openswan, fixed 2.3.0)
*CVE-2005-0156 version (perl, fixed 5.8.8)
*CVE-2005-0155 version (perl, fixed 5.8.8)
@@ -1685,10 +1685,10 @@
*CVE-2005-0103 version (squirrelmail, fixed 1.4.4)
*CVE-2005-0102 version (evolution-data-server, fixed 1.2.2 at least)
*CVE-2005-0100 version (emacs, fixed 21.4 at least)
-*CVE-2005-0097 version (squid, fixed 2.5.STABLE8)
-*CVE-2005-0096 version (squid, fixed 2.5.STABLE8)
-*CVE-2005-0095 version (squid, fixed 2.5.STABLE8)
-*CVE-2005-0094 version (squid, fixed 2.5.STABLE8)
+CVE-2005-0097 version (squid, fixed 2.5.STABLE8)
+CVE-2005-0096 version (squid, fixed 2.5.STABLE8)
+CVE-2005-0095 version (squid, fixed 2.5.STABLE8)
+CVE-2005-0094 version (squid, fixed 2.5.STABLE8)
*CVE-2005-0092 version (kernel, not affected)
*CVE-2005-0091 version (kernel, not affected)
*CVE-2005-0090 version (kernel, not affected)
@@ -1726,7 +1726,7 @@
*CVE-2004-2660 version (kernel, fixed 2.6.10)
*CVE-2004-2657 ignore (firefox) windows only
*CVE-2004-2655 (xscreensaver)
-*CVE-2004-2654 version (squid, fixed 2.6STABLE6)
+CVE-2004-2654 version (squid, fixed 2.6STABLE6)
*CVE-2004-2645 (asn1c)
*CVE-2004-2644 (asn1c)
*CVE-2004-2607 version (kernel, fixed 2.6.5)
@@ -1735,8 +1735,8 @@
*CVE-2004-2541 ignore (cscope) blocked by FORTIFY_SOURCE
*CVE-2004-2536 version (kernel, fixed 2.6.7)
*CVE-2004-2531 version (gnutls, fixed 1.0.17)
-*CVE-2004-2480 ignore (squid) , not reproducable
-*CVE-2004-2479 version (squid, fixed 2.5.STABLE8)
+CVE-2004-2480 ignore (squid) , not reproducable
+CVE-2004-2479 version (squid, fixed 2.5.STABLE8)
*CVE-2004-2396 version (passwd, fixed 0.69)
*CVE-2004-2395 version (passwd, fixed 0.69)
*CVE-2004-2394 version (passwd, fixed 0.69)
@@ -1899,7 +1899,7 @@
*CVE-2004-0930 version (samba, fixed 3.0.8)
*CVE-2004-0929 version (libtiff, fixed 3.7.0)
*CVE-2004-0923 version (cups, fixed 1.2.22)
-*CVE-2004-0918 version (squid, fixed 2.4.STABLE7)
+CVE-2004-0918 version (squid, fixed 2.4.STABLE7)
*CVE-2004-0914 version (xorg-x11, fixed after 6.8.1)
*CVE-2004-0909 version (thunderbird)
*CVE-2004-0909 version (firefox)
@@ -1924,7 +1924,7 @@
*CVE-2004-0837 version (mysql, fixed 4.0.21)
*CVE-2004-0836 version (mysql, fixed 4.0.21)
*CVE-2004-0835 version (mysql, fixed 4.1.2)
-*CVE-2004-0832 version (squid, fixed 2.5.STABLE7)
+CVE-2004-0832 version (squid, fixed 2.5.STABLE7)
*CVE-2004-0829 version (samba, fixed 2.2.11)
*CVE-2004-0827 version (ImageMagick, fixed 6.0.6.2)
*CVE-2004-0826 version (nss, fixed 3.9.2)
@@ -2010,7 +2010,7 @@
*CVE-2004-0550 (helixplayer)
*CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue
*CVE-2004-0547 version (postgresql, fixed 7.2.1)
-*CVE-2004-0541 version (squid)
+CVE-2004-0541 version (squid, fixed 2.5.STABLE6)
*CVE-2004-0535 version (kernel, fixed 2.6.6)
*CVE-2004-0527 version (konqueror, not 3+)
*CVE-2004-0523 version (krb5, fixed 1.3.4)
@@ -2070,7 +2070,7 @@
*CVE-2004-0229 version (kernel, fixed 2.6.6)
*CVE-2004-0228 version (kernel, fixed 2.6.6)
*CVE-2004-0226 version (mc, fixed 4.6.0)
-*CVE-2004-0189 version (squid, fixed 2.5.STABLE5)
+CVE-2004-0189 version (squid, fixed 2.5.STABLE5)
*CVE-2004-0186 version (samba, not 3.0.2a)
CVE-2004-0185 ignore, no-ship (wu-ftpd)
*CVE-2004-0184 version (tcpdump, fixed 3.8.2)
@@ -2502,9 +2502,9 @@
*CVE-2002-0759 version (bzip2, fixed 1.0.2)
*CVE-2002-0728 version (libpng, fixed 1.2.4)
*CVE-2002-0717 version (php, fixed 4.2.2)
-*CVE-2002-0715 version (squid, fixed 2.4.STABLE6)
-*CVE-2002-0714 version (squid, fixed 2.4.STABLE6)
-*CVE-2002-0713 version (squid, fixed 2.4.STABLE6)
+CVE-2002-0715 version (squid, fixed 2.4.STABLE6)
+CVE-2002-0714 version (squid, fixed 2.4.STABLE6)
+CVE-2002-0713 version (squid, fixed 2.4.STABLE6)
*CVE-2002-0704 version (kernel, fixed 2.6.11)
*CVE-2002-0702 version (dhcpd, fixed 3.0.1)
*CVE-2002-0684 version (glibc, fixed afted 2.2.5)
@@ -2566,7 +2566,7 @@
*CVE-2002-0169 ignore (docbook) was RHL only
*CVE-2002-0165 version (logwatch, fixed 2.6)
*CVE-2002-0164 version (XFree86, fixed 4.2.1)
-*CVE-2002-0163 version (squid, fixed 20020312)
+CVE-2002-0163 version (squid, fixed 2.4.STABLE6)
*CVE-2002-0162 version (logwatch, fixed 2.5)
*CVE-2002-0157 version (nautilus)
*CVE-2002-0146 version (fetchmail, fixed 5.9.10)
@@ -2578,9 +2578,9 @@
*CVE-2002-0082 version (mod_ssl, not httpd 2.2)
*CVE-2002-0081 version (php, not 4.2+)
CVE-2002-0080 version (rsync, fixed 2.5.3)
-*CVE-2002-0069 version (squid, fixed 2.4STABLE4)
-*CVE-2002-0068 version (squid, fixed 2.4STABLE4)
-*CVE-2002-0067 version (squid, fixed 2.4STABLE4)
+CVE-2002-0069 version (squid, fixed 2.4STABLE4)
+CVE-2002-0068 version (squid, fixed 2.4STABLE4)
+CVE-2002-0067 version (squid, fixed 2.4STABLE4)
*CVE-2002-0063 version (cups, fixed 1.1.14)
*CVE-2002-0062 version (ncurses, only 5.0)
*CVE-2002-0060 version (kernel, fixed 2.5.5)
@@ -2616,6 +2616,6 @@
*CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch
*CVE-1999-1332 (gzip)
CVE-1999-0997 ignore, no-ship (wu-ftpd)
-*CVE-1999-0710 (squid)
+CVE-1999-0710 version (squid, fixed 2.5.STABLE10)
CVE-1999-0473 version (rsync, fixed 2.3.1)
*CVE-1999-0103 (bind)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 10 months
fedora-security/audit fc5,1.459,1.460 fc6,1.217,1.218 fc7,1.6,1.7
by fedora-extras-commits@redhat.com
Author: bressers
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6153
Modified Files:
fc5 fc6 fc7
Log Message:
Note a new libexif flaw
Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.459
retrieving revision 1.460
diff -u -r1.459 -r1.460
--- fc5 23 Mar 2007 13:32:24 -0000 1.459
+++ fc5 13 Jun 2007 14:00:41 -0000 1.460
@@ -3,6 +3,7 @@
** are items that need attention
+CVE-2007-4168 VULNERABLE (libexif) #243891
CVE-2007-1565 ignore (konqueror) client crash
CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564]
CVE-2007-1475 ignore (php) unshipped ibase extension
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -r1.217 -r1.218
--- fc6 2 May 2007 17:44:54 -0000 1.217
+++ fc6 13 Jun 2007 14:00:41 -0000 1.218
@@ -3,6 +3,7 @@
** are items that need attention
+CVE-2007-4168 VULNERABLE (libexif) #243892
CVE-2007-2438 VULNERABLE (vim) #238734
CVE-2007-1856 VULNERABLE (vixie-cron) #235882
CVE-2007-1841 VULNERABLE (ipsec-tools) #238052
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- fc7 13 Jun 2007 02:28:16 -0000 1.6
+++ fc7 13 Jun 2007 14:00:41 -0000 1.7
@@ -4,6 +4,7 @@
*CVE are items that need verification for Fedora 7
+CVE-2007-4168 VULNERABLE (libexif) #243890
*CVE-NOID VULNERABLE (c-ares, fixed 1.4.0) #243591
*CVE-2007-3121 version (zvbi, fixed 0.2.25)
*CVE-2007-3113 VULNERABLE (cacti) #243592
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 10 months
fedora-security/audit fc7,1.4,1.5
by fedora-extras-commits@redhat.com
Author: trassl
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22232
Modified Files:
fc7
Log Message:
Processed rsync.
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- fc7 12 Jun 2007 19:18:56 -0000 1.4
+++ fc7 12 Jun 2007 20:40:54 -0000 1.5
@@ -804,7 +804,7 @@
*CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612
*CVE-2006-2120 version (libtiff, fixed 3.8.2 at least)
*CVE-2006-2093 version (nessus, fixed 2.2.7) bz#191053
-*CVE-2006-2083 version (rsync, fixed 2.6.8)
+CVE-2006-2083 version (rsync, fixed 2.6.8)
*CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP
*CVE-2006-2071 version (kernel, fixed 2.6.16.6)
*CVE-2006-2057 ignore (firefox) not Linux
@@ -1750,7 +1750,7 @@
*CVE-2004-2149 version (mysql, fixed 4.1.5)
*CVE-2004-2136 ignore (dm-crypt) design
*CVE-2004-2135 ignore (kernel) design
-*CVE-2004-2093 ignore (rsync) not security issue
+CVE-2004-2093 ignore (rsync) not a security issue (rsync is not setuid)
*CVE-2004-2069 version (openssh, not 4)
*CVE-2004-2014 version (wget, fixed 1.10.1)
*CVE-2004-2013 version (kernel, not 2.6)
@@ -1946,7 +1946,7 @@
*CVE-2004-0797 version (zlib, fixed 1.2.2.2 at least)
*CVE-2004-0797 version (zlib)
*CVE-2004-0796 version (spamassassin, fixed 2.64)
-*CVE-2004-0792 version (rsync, fixed 2.6.3)
+CVE-2004-0792 version (rsync, fixed 2.6.3)
*CVE-2004-0791 version (kernel, fixed 2.6.9)
*CVE-2004-0790 version (kernel, not 2.6)
*CVE-2004-0788 version (gtk2, fixed 2.6.7 at least)
@@ -2035,7 +2035,7 @@
*CVE-2004-0452 version (perl, fixed 5.8.8)
*CVE-2004-0447 version (kernel, fixed 2.6.5)
*CVE-2004-0427 version (kernel, fixed 2.6.6)
-*CVE-2004-0426 version (rsync, fixed 2.6.1)
+CVE-2004-0426 version (rsync, fixed 2.6.1)
*CVE-2004-0424 version (kernel, fixed 2.6.4)
*CVE-2004-0421 version (libpng, fixed 1.0.16)
*CVE-2004-0419 version (xorg-x11, fixed 6.8.2 at least)
@@ -2163,7 +2163,7 @@
*CVE-2003-0967 version (freeradius, fixed after 0.9.2)
*CVE-2003-0965 version (mailman, fixed 2.1.4)
*CVE-2003-0963 version (lftp, fixed after 2.6.9)
-*CVE-2003-0962 version (rsync, fixed 2.5.7)
+CVE-2003-0962 version (rsync, fixed 2.5.7)
*CVE-2003-0961 version (kernel, fixed 2.4.23)
*CVE-2003-0959 version (kernel, fixed 2.4.21)
*CVE-2003-0956 version (kernel, fixed 2.4.22)
@@ -2576,16 +2576,17 @@
*CVE-2002-0083 version (openssh, fixed 3.1)
*CVE-2002-0082 version (mod_ssl, not httpd 2.2)
*CVE-2002-0081 version (php, not 4.2+)
-*CVE-2002-0080 version (rsync, fixed 2.5.3)
+CVE-2002-0080 version (rsync, fixed 2.5.3)
*CVE-2002-0069 version (squid, fixed 2.4STABLE4)
*CVE-2002-0068 version (squid, fixed 2.4STABLE4)
*CVE-2002-0067 version (squid, fixed 2.4STABLE4)
*CVE-2002-0063 version (cups, fixed 1.1.14)
*CVE-2002-0062 version (ncurses, only 5.0)
*CVE-2002-0060 version (kernel, fixed 2.5.5)
-*CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, rsync, vnc)
+*CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc)
+CVE-2002-0059 version (rsync, fixed 2.5.4/2.6.6)
*CVE-2002-0059 version (zlib, fixed 1.1.4)
-*CVE-2002-0048 version (rsync, fixed 2.5.2)
+CVE-2002-0048 version (rsync, fixed 2.5.2)
*CVE-2002-0046 version (kernel, fixed 2.4.0)
*CVE-2002-0045 version (openldap, fixed 2.0.20)
*CVE-2002-0044 version (enscript, fixed 1.6.4 at least)
@@ -2615,4 +2616,5 @@
*CVE-1999-1332 (gzip)
CVE-1999-0997 ignore, no-ship (wu-ftpd)
*CVE-1999-0710 (squid)
+CVE-1999-0473 version (rsync, fixed 2.3.1)
*CVE-1999-0103 (bind)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 10 months
fedora-security/audit fc7,1.3,1.4
by fedora-extras-commits@redhat.com
Author: kevin
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8876
Modified Files:
fc7
Log Message:
Mark last batch done.
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- fc7 12 Jun 2007 19:02:04 -0000 1.3
+++ fc7 12 Jun 2007 19:18:56 -0000 1.4
@@ -160,7 +160,7 @@
*CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898
*CVE-2007-1230 version (wordpress, fixed 2.1.2)
*CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
-*CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537
+CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537
*CVE-2007-1103 VULNERABLE (tor) #230927
*CVE-2007-1092 version (seamonkey, fixed 1.0.8)
*CVE-2007-1055 version (mediawiki, fixed 1.8.3)
@@ -183,8 +183,8 @@
*CVE-2007-0988 (php)
*CVE-2007-0981 VULNERABLE (firefox, ...)
*CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253
-*CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528
-*CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782
+CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528
+CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782
*CVE-2007-0911 (php)
*CVE-2007-0910 (php)
*CVE-2007-0909 (php)
@@ -246,7 +246,7 @@
*CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101
*CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
*CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
-*CVE-2007-0243 ignore, no-ship (java-ibm)
+CVE-2007-0243 ignore, no-ship (java-ibm)
*CVE-2007-0242 patch (qt4, fixed 4.2.3-7)
*CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
*CVE-2007-0239 (openoffice.org)
@@ -264,10 +264,10 @@
*CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694
*CVE-2007-0086 ignore (apache) not a security issue
*CVE-2007-0080 (freeradius)
-*CVE-2007-0048 ignore, no-ship (acroread)
-*CVE-2007-0046 ignore, no-ship (acroread)
-*CVE-2007-0045 ignore, no-ship (acroread)
-*CVE-2007-0044 ignore, no-ship (acroread)
+CVE-2007-0048 ignore, no-ship (acroread)
+CVE-2007-0046 ignore, no-ship (acroread)
+CVE-2007-0045 ignore, no-ship (acroread)
+CVE-2007-0044 ignore, no-ship (acroread)
*CVE-2007-0010 (gtk2)
*CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
*CVE-2007-0009 ignore (seamonkey, uses system NSS)
@@ -345,15 +345,15 @@
*CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
*CVE-2006-6297 ignore (kdegraphics) just a crash
*CVE-2006-6238 (konqueror) probably safari only
-*CVE-2006-6236 ignore, no-ship (acroread)
+CVE-2006-6236 ignore, no-ship (acroread)
*CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821
*CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
*CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820
*CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820
*CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950
*CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
-*CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456
-*CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456
+CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456
+CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456
*CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
*CVE-2006-6128 VULNERABLE (kernel, fixed **)
*CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped)
@@ -374,7 +374,7 @@
*CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
*CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
*CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
-*CVE-2006-6027 ignore, no-ship (acroread)
+CVE-2006-6027 ignore, no-ship (acroread)
*CVE-2006-6015 (pcre)
*CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6
*CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
@@ -391,7 +391,7 @@
*CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042]
*CVE-2006-5864 VULNERABLE (evince) #217672
*CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136
-*CVE-2006-5857 ignore, no-ship (acroread)
+CVE-2006-5857 ignore, no-ship (acroread)
*CVE-2006-5848 version (trac, fixed 0.10.1) #215077
*CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
*CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
@@ -444,7 +444,7 @@
*CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355
*CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280
*CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
-*CVE-2006-5330 ignore, no-ship (flash-plugin)
+CVE-2006-5330 ignore, no-ship (flash-plugin)
*CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
*CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
*CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
@@ -501,7 +501,7 @@
*CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514
*CVE-2006-4684 version (zope, fixed 2.9.2)
*CVE-2006-4663 ignore (kernel) not a vulnerability
-*CVE-2006-4640 ignore, no-ship (flash-plugin)
+CVE-2006-4640 ignore, no-ship (flash-plugin)
*CVE-2006-4625 ignore (php) safe mode isn't safe
*CVE-2006-4624 version (mailman, fixed 2.1.9rc1)
*CVE-2006-4623 version (kernel, fixed 2.6.18-rc1)
@@ -658,7 +658,7 @@
*CVE-2006-3627 version (wireshark, fixed 0.99.2)
*CVE-2006-3626 version (kernel, fixed 2.6.17.6)
*CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least)
-*CVE-2006-3587 ignore, no-ship (flash-plugin)
+CVE-2006-3587 ignore, no-ship (flash-plugin)
*CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108
*CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108
*CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
@@ -682,7 +682,7 @@
*CVE-2006-3376 backport (libwmf) from changelog
*CVE-2006-3352 ignore (firefox) not a vulnerability
*CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable
-*CVE-2006-3311 ignore, no-ship (flash-plugin)
+CVE-2006-3311 ignore, no-ship (flash-plugin)
*CVE-2006-3276 (helixplayer)
*CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12)
*CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped)
@@ -1095,7 +1095,7 @@
*CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15)
*CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15)
*CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
-*CVE-2006-0024 ignore, no-ship (flash-plugin)
+CVE-2006-0024 ignore, no-ship (flash-plugin)
*CVE-2006-0019 version (kdelibs, fixed 3.5.1)
*CVE-2006-0017 (fedora directory server)
*CVE-2006-0016 (fedora directory server)
@@ -1190,7 +1190,7 @@
*CVE-2005-3624 version (cups, fixed 1.2.0)
*CVE-2005-3624 backport (tetex)
*CVE-2005-3623 version (kernel, fixed 2.6.14.5)
-*CVE-2005-3591 ignore, no-ship (flash-plugin)
+CVE-2005-3591 ignore, no-ship (flash-plugin)
*CVE-2005-3582 version (ImageMagick) gentoo only
*CVE-2005-3573 version (mailman, fixed 2.1.7)
*CVE-2005-3527 version (kernel, fixed 2.6.14)
@@ -1323,7 +1323,7 @@
*CVE-2005-2642 version (mutt) openbsd only
*CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
*CVE-2005-2629 (helixplayer)
-*CVE-2005-2628 ignore, no-ship (flash-plugin)
+CVE-2005-2628 ignore, no-ship (flash-plugin)
*CVE-2005-2617 version (kernel, fixed 2.6.12.5)
*CVE-2005-2602 ignore (thunderbird) probably
*CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
@@ -2071,7 +2071,7 @@
*CVE-2004-0226 version (mc, fixed 4.6.0)
*CVE-2004-0189 version (squid, fixed 2.5.STABLE5)
*CVE-2004-0186 version (samba, not 3.0.2a)
-*CVE-2004-0185 ignore, no-ship (wu-ftpd)
+CVE-2004-0185 ignore, no-ship (wu-ftpd)
*CVE-2004-0184 version (tcpdump, fixed 3.8.2)
*CVE-2004-0183 version (tcpdump, fixed 3.8.2)
*CVE-2004-0182 version (mailman) only affected Red Hat packages
@@ -2126,7 +2126,7 @@
*CVE-2004-0005 version (gaim, fixed 0.76)
*CVE-2004-0003 version (kernel, not 2.6)
*CVE-2004-0001 version (kernel, not 2.6)
-*CVE-2003-1329 ignore, no-ship (wu-ftpd)
+CVE-2003-1329 ignore, no-ship (wu-ftpd)
*CVE-2003-1307 ignore (mod_php) not a vulnerability
*CVE-2003-1303 version (php, fixed 4.3.3)
*CVE-2003-1302 version (php, fixed 4.3.1)
@@ -2602,17 +2602,17 @@
*CVE-2001-1494 version (util-linux, fixed 2.11n)
*CVE-2001-1429 (mc)
*CVE-2001-0955 version (XFree86, fixed 4.2.0)
-*CVE-2001-0935 ignore, no-ship (wu-ftpd)
+CVE-2001-0935 ignore, no-ship (wu-ftpd)
*CVE-2001-0474 version (mesa, fixed 3.3-14)
*CVE-2001-0310 (sort)
*CVE-2001-0235 (vixie-cron)
-*CVE-2001-0187 ignore, no-ship (wu-ftpd)
+CVE-2001-0187 ignore, no-ship (wu-ftpd)
*CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch
*CVE-2000-1137 (ed)
*CVE-2000-0992 (krb5)
*CVE-2000-0504 version (libICE, fixed XFree86:4.0.1)
*CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch
*CVE-1999-1332 (gzip)
-*CVE-1999-0997 ignore, no-ship (wu-ftpd)
+CVE-1999-0997 ignore, no-ship (wu-ftpd)
*CVE-1999-0710 (squid)
*CVE-1999-0103 (bind)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 10 months
fedora-security/audit fc7,1.2,1.3
by fedora-extras-commits@redhat.com
Author: kevin
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8011
Modified Files:
fc7
Log Message:
Initial pass at krb5
Mark packages we don't ship currently
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fc7 11 Jun 2007 20:21:46 -0000 1.2
+++ fc7 12 Jun 2007 19:02:04 -0000 1.3
@@ -160,7 +160,7 @@
*CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898
*CVE-2007-1230 version (wordpress, fixed 2.1.2)
*CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
-*CVE-2007-1216 (krb5)
+*CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537
*CVE-2007-1103 VULNERABLE (tor) #230927
*CVE-2007-1092 version (seamonkey, fixed 1.0.8)
*CVE-2007-1055 version (mediawiki, fixed 1.8.3)
@@ -183,8 +183,8 @@
*CVE-2007-0988 (php)
*CVE-2007-0981 VULNERABLE (firefox, ...)
*CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253
-*CVE-2007-0957 (krb5)
-*CVE-2007-0956 (krb5)
+*CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528
+*CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782
*CVE-2007-0911 (php)
*CVE-2007-0910 (php)
*CVE-2007-0909 (php)
@@ -246,7 +246,7 @@
*CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101
*CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
*CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
-*CVE-2007-0243 (java-ibm)
+*CVE-2007-0243 ignore, no-ship (java-ibm)
*CVE-2007-0242 patch (qt4, fixed 4.2.3-7)
*CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
*CVE-2007-0239 (openoffice.org)
@@ -264,10 +264,10 @@
*CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694
*CVE-2007-0086 ignore (apache) not a security issue
*CVE-2007-0080 (freeradius)
-*CVE-2007-0048 (acroread)
-*CVE-2007-0046 (acroread)
-*CVE-2007-0045 (acroread)
-*CVE-2007-0044 (acroread)
+*CVE-2007-0048 ignore, no-ship (acroread)
+*CVE-2007-0046 ignore, no-ship (acroread)
+*CVE-2007-0045 ignore, no-ship (acroread)
+*CVE-2007-0044 ignore, no-ship (acroread)
*CVE-2007-0010 (gtk2)
*CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
*CVE-2007-0009 ignore (seamonkey, uses system NSS)
@@ -345,15 +345,15 @@
*CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
*CVE-2006-6297 ignore (kdegraphics) just a crash
*CVE-2006-6238 (konqueror) probably safari only
-*CVE-2006-6236 (acroread)
+*CVE-2006-6236 ignore, no-ship (acroread)
*CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821
*CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
*CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820
*CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820
*CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950
*CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
-*CVE-2006-6144 ** krb5
-*CVE-2006-6143 ** krb5
+*CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456
+*CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456
*CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
*CVE-2006-6128 VULNERABLE (kernel, fixed **)
*CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped)
@@ -374,7 +374,7 @@
*CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
*CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
*CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
-*CVE-2006-6027 (acroread)
+*CVE-2006-6027 ignore, no-ship (acroread)
*CVE-2006-6015 (pcre)
*CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6
*CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
@@ -391,7 +391,7 @@
*CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042]
*CVE-2006-5864 VULNERABLE (evince) #217672
*CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136
-*CVE-2006-5857 (acroread)
+*CVE-2006-5857 ignore, no-ship (acroread)
*CVE-2006-5848 version (trac, fixed 0.10.1) #215077
*CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
*CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
@@ -444,7 +444,7 @@
*CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355
*CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280
*CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
-*CVE-2006-5330 (flash-plugin)
+*CVE-2006-5330 ignore, no-ship (flash-plugin)
*CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
*CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
*CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
@@ -501,7 +501,7 @@
*CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514
*CVE-2006-4684 version (zope, fixed 2.9.2)
*CVE-2006-4663 ignore (kernel) not a vulnerability
-*CVE-2006-4640 (flash-plugin)
+*CVE-2006-4640 ignore, no-ship (flash-plugin)
*CVE-2006-4625 ignore (php) safe mode isn't safe
*CVE-2006-4624 version (mailman, fixed 2.1.9rc1)
*CVE-2006-4623 version (kernel, fixed 2.6.18-rc1)
@@ -658,7 +658,7 @@
*CVE-2006-3627 version (wireshark, fixed 0.99.2)
*CVE-2006-3626 version (kernel, fixed 2.6.17.6)
*CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least)
-*CVE-2006-3587 (flash-plugin)
+*CVE-2006-3587 ignore, no-ship (flash-plugin)
*CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108
*CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108
*CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
@@ -682,7 +682,7 @@
*CVE-2006-3376 backport (libwmf) from changelog
*CVE-2006-3352 ignore (firefox) not a vulnerability
*CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable
-*CVE-2006-3311 (flash-plugin)
+*CVE-2006-3311 ignore, no-ship (flash-plugin)
*CVE-2006-3276 (helixplayer)
*CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12)
*CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped)
@@ -1095,7 +1095,7 @@
*CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15)
*CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15)
*CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
-*CVE-2006-0024 (flash-plugin)
+*CVE-2006-0024 ignore, no-ship (flash-plugin)
*CVE-2006-0019 version (kdelibs, fixed 3.5.1)
*CVE-2006-0017 (fedora directory server)
*CVE-2006-0016 (fedora directory server)
@@ -1190,7 +1190,7 @@
*CVE-2005-3624 version (cups, fixed 1.2.0)
*CVE-2005-3624 backport (tetex)
*CVE-2005-3623 version (kernel, fixed 2.6.14.5)
-*CVE-2005-3591 (flash-plugin)
+*CVE-2005-3591 ignore, no-ship (flash-plugin)
*CVE-2005-3582 version (ImageMagick) gentoo only
*CVE-2005-3573 version (mailman, fixed 2.1.7)
*CVE-2005-3527 version (kernel, fixed 2.6.14)
@@ -1323,7 +1323,7 @@
*CVE-2005-2642 version (mutt) openbsd only
*CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
*CVE-2005-2629 (helixplayer)
-*CVE-2005-2628 (flash-plugin)
+*CVE-2005-2628 ignore, no-ship (flash-plugin)
*CVE-2005-2617 version (kernel, fixed 2.6.12.5)
*CVE-2005-2602 ignore (thunderbird) probably
*CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
@@ -2071,7 +2071,7 @@
*CVE-2004-0226 version (mc, fixed 4.6.0)
*CVE-2004-0189 version (squid, fixed 2.5.STABLE5)
*CVE-2004-0186 version (samba, not 3.0.2a)
-*CVE-2004-0185 (wu-ftpd)
+*CVE-2004-0185 ignore, no-ship (wu-ftpd)
*CVE-2004-0184 version (tcpdump, fixed 3.8.2)
*CVE-2004-0183 version (tcpdump, fixed 3.8.2)
*CVE-2004-0182 version (mailman) only affected Red Hat packages
@@ -2126,7 +2126,7 @@
*CVE-2004-0005 version (gaim, fixed 0.76)
*CVE-2004-0003 version (kernel, not 2.6)
*CVE-2004-0001 version (kernel, not 2.6)
-*CVE-2003-1329 (wu-ftpd)
+*CVE-2003-1329 ignore, no-ship (wu-ftpd)
*CVE-2003-1307 ignore (mod_php) not a vulnerability
*CVE-2003-1303 version (php, fixed 4.3.3)
*CVE-2003-1302 version (php, fixed 4.3.1)
@@ -2602,17 +2602,17 @@
*CVE-2001-1494 version (util-linux, fixed 2.11n)
*CVE-2001-1429 (mc)
*CVE-2001-0955 version (XFree86, fixed 4.2.0)
-*CVE-2001-0935 (wu-ftpd)
+*CVE-2001-0935 ignore, no-ship (wu-ftpd)
*CVE-2001-0474 version (mesa, fixed 3.3-14)
*CVE-2001-0310 (sort)
*CVE-2001-0235 (vixie-cron)
-*CVE-2001-0187 (wu-ftpd)
+*CVE-2001-0187 ignore, no-ship (wu-ftpd)
*CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch
*CVE-2000-1137 (ed)
*CVE-2000-0992 (krb5)
*CVE-2000-0504 version (libICE, fixed XFree86:4.0.1)
*CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch
*CVE-1999-1332 (gzip)
-*CVE-1999-0997 (wu-ftpd)
+*CVE-1999-0997 ignore, no-ship (wu-ftpd)
*CVE-1999-0710 (squid)
*CVE-1999-0103 (bind)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 10 months
fedora-security/audit fc7,1.1,1.2
by fedora-extras-commits@redhat.com
Author: bressers
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12078
Modified Files:
fc7
Log Message:
Add a number of outstanding CVE ids
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fc7 11 Jun 2007 17:23:05 -0000 1.1
+++ fc7 11 Jun 2007 20:21:46 -0000 1.2
@@ -9,46 +9,97 @@
*CVE-2007-3113 VULNERABLE (cacti) #243592
*CVE-2007-3112 VULNERABLE (cacti) #243592
*CVE-2007-3025 ignore (clamav, Solaris only)
+*CVE-2007-3007 ignore (php) safe mode isn't safe
+*CVE-2007-2975 (openfire)
*CVE-2007-2894 VULNERABLE (bochs) #241799
+*CVE-2007-2874 (wpa_supplicant) #242455
*CVE-2007-2871 version (seamonkey, fixed 1.0.9)
*CVE-2007-2870 version (seamonkey, fixed 1.0.9)
+*CVE-2007-2869 (firefox)
*CVE-2007-2868 version (seamonkey, fixed 1.0.9)
*CVE-2007-2867 version (seamonkey, fixed 1.0.9)
*CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489
+*CVE-2007-2844 ignore (php) #241641
+*CVE-2007-2843 ignore (konqueror) safari specific
*CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970
+*CVE-2007-2799 (file)
+*CVE-2007-2768 (openssh)
+*CVE-2007-2756 ignore (gd) DoS only
+*CVE-2007-2754 (freetype)
*CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
+*CVE-2007-2683 (mutt)
*CVE-2007-2654 VULNERABLE (xfsdump) #240396
*CVE-2007-2650 ** (clamav) #240395
+*CVE-2007-2645 ignore (libexif) #240055 DoS only
*CVE-2007-2637 patch (moin, fixed 1.5.7-2)
*CVE-2007-2627 ** (wordpress) #239904
+*CVE-2007-2589 (squirrelmail)
+*CVE-2007-2583 (mysql)
+*CVE-2007-2519 ignore (php-pear) no trust boundary is crossed
+*CVE-2007-2511 ignore (php) #239011 see the bug
+*CVE-2007-2510 (php)
+*CVE-2007-2509 (php)
*CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213
+*CVE-2007-2452 (locate)
+*CVE-2007-2447 (samba)
+*CVE-2007-2446 (samba)
*CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398
+*CVE-2007-2444 (samba)
*CVE-2007-2438 VULNERABLE (vim) #238734
+*CVE-2007-2437 ignore (xorg-x11) DoS only
+*CVE-2007-2435 (java)
*CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
*CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615
*CVE-2007-2381 ignore (MochiKit) #238616
+*CVE-2007-2356 (gimp)
+*CVE-2007-2353 (axis)
*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
+*CVE-2007-2243 (openssh)
+*CVE-2007-2241 (bind)
+*CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction
+*CVE-2007-2172 (kernel)
*CVE-2007-2165 VULNERABLE (proftpd) #237533
+*CVE-2007-2138 (postgresql)
*CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1)
*CVE-2007-2029 ignore (clamav, 0.90/0.90.1 only)
+*CVE-2007-2028 (freeradius)
+*CVE-2007-2026 (file)
*CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
*CVE-2007-1997 ignore (clamav, 0.90/0.90.1 only)
+*CVE-2007-1995 (quagga) #240488
*CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912
*CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2)
*CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912
*CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
*CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
+*CVE-2007-1864 (php)
+*CVE-2007-1862 (httpd)
+*CVE-2007-1859 (xscreensaver)
+*CVE-2007-1858 (tomcat)
*CVE-2007-1856 VULNERABLE (vixie-cron) #235882
*CVE-2007-1841 VULNERABLE (ipsec-tools) #238052
*CVE-2007-1804 VULNERABLE (pulseaudio) #235013
*CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014
*CVE-2007-1745 ignore (clamav, 0.90/0.90.1 only) #236703
+*CVE-2007-1743 (httpd)
+*CVE-2007-1742 (httpd)
+*CVE-2007-1741 (httpd)
*CVE-2007-1732 ignore (wordpress) #235015
+*CVE-2007-1718 (php)
+*CVE-2007-1717 (php)
+*CVE-2007-1711 (php)
+*CVE-2007-1710 (php)
+*CVE-2007-1709 (php)
+*CVE-2007-1667 (xorg-x11)
+*CVE-2007-1649 (php)
*CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703
*CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
*CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703
+*CVE-2007-1583 (php)
*CVE-2007-1565 ignore (konqueror) client crash
*CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564]
+*CVE-2007-1562 (firefox, seamonkey, thunderbird)
+*CVE-2007-1560 (squid)
*CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
*CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1)
*CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
@@ -56,13 +107,19 @@
*CVE-2007-1545 version (nas, fixed 1.8a-2) #233353
*CVE-2007-1544 version (nas, fixed 1.8a-2) #233353
*CVE-2007-1543 version (nas, fixed 1.8a-2) #233353
+*CVE-2007-1536 (file)
+*CVE-2007-1521 (php)
*CVE-2007-1515 version (imp, fixed 4.1.4)
+*CVE-2007-1496 (kernel)
+*CVE-2007-1484 (php)
*CVE-2007-1475 ignore (php) unshipped ibase extension
*CVE-2007-1474 version (horde, fixed 3.1.4)
*CVE-2007-1474 ignore (imp, < 4.x only)
*CVE-2007-1473 version (horde, fixed 3.1.4)
+*CVE-2007-1466 (openoffice.org)
*CVE-2007-1464 version (inkscape, fixed 0.45.1)
*CVE-2007-1463 version (inkscape, fixed 0.45.1)
+*CVE-2007-1460 (php)
*CVE-2007-1429 version (moodle, fixed 1.6.5) #232103
*CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604
*CVE-2007-1413 ignore (php) Windows NT SNMP specific
@@ -78,41 +135,62 @@
*CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3)
*CVE-2007-1385 version (ktorrent, fixed 2.1.2)
*CVE-2007-1384 version (ktorrent, fixed 2.1.2)
+*CVE-2007-1375 (php)
*CVE-2007-1366 ** (qemu) #238723
*CVE-2007-1362 version (seamonkey, fixed 1.0.9)
*CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728
+*CVE-2007-1354 (jboss)
*CVE-2007-1352 VULNERABLE (libXfont) #235265
*CVE-2007-1351 VULNERABLE (libXfont) #235265
*CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2)
*CVE-2007-1322 ** (qemu) #238723
*CVE-2007-1321 ** (qemu) #238723
*CVE-2007-1320 ** (qemu) #238723
+*CVE-2007-1287 (php)
+*CVE-2007-1286 (php)
+*CVE-2007-1285 (php)
*CVE-2007-1282 version (seamonkey, fixed 1.0.8)
*CVE-2007-1277 version (wordpress, fixed 2.1.2)
*CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733
*CVE-2007-1263 version (gpgme, fixed 1.1.4)
*CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315]
+*CVE-2007-1262 (squirrelmail)
*CVE-2007-1253 patch (blender, fixed 2.42a-21) #239338
*CVE-2007-1246 patch (xine-lib, fixed 1.1.4-3)
*CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898
*CVE-2007-1230 version (wordpress, fixed 2.1.2)
*CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
+*CVE-2007-1216 (krb5)
*CVE-2007-1103 VULNERABLE (tor) #230927
*CVE-2007-1092 version (seamonkey, fixed 1.0.8)
*CVE-2007-1055 version (mediawiki, fixed 1.8.3)
*CVE-2007-1054 version (mediawiki, fixed 1.8.4)
*CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991
+*CVE-2007-1036 (jboss)
+*CVE-2007-1030 (libevent)
+*CVE-2007-1007 (ekiga)
*CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322]
*CVE-2007-1004 VULNERABLE (firefox, ...)
*CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263
*CVE-2007-1002 VULNERABLE (evolution) #233587
+*CVE-2007-1001 (php)
*CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
+*CVE-2007-0999 (ekiga)
*CVE-2007-0998 version (qemu, fixed 0.8.2)
*CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343]
*CVE-2007-0996 version (seamonkey, fixed 1.0.8)
*CVE-2007-0995 version (seamonkey, fixed 1.0.8)
+*CVE-2007-0988 (php)
*CVE-2007-0981 VULNERABLE (firefox, ...)
*CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253
+*CVE-2007-0957 (krb5)
+*CVE-2007-0956 (krb5)
+*CVE-2007-0911 (php)
+*CVE-2007-0910 (php)
+*CVE-2007-0909 (php)
+*CVE-2007-0908 (php)
+*CVE-2007-0907 (php)
+*CVE-2007-0906 (php)
*CVE-2007-0903 version (ejabberd, fixed 1.1.3)
*CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764
*CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764
@@ -128,7 +206,9 @@
*CVE-2007-0778 version (seamonkey, fixed 1.0.8)
*CVE-2007-0777 version (seamonkey, fixed 1.0.8)
*CVE-2007-0775 version (seamonkey, fixed 1.0.8)
+*CVE-2007-0774 (mod_jk)
*CVE-2007-0772 version (kernel) [since FEDORA-2007-291]
+*CVE-2007-0771 (kernel)
*CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758
*CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456
*CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated
@@ -137,6 +217,8 @@
*CVE-2007-0653 VULNERABLE (xmms) #233705
*CVE-2007-0650 ignore (tetex) needs user's assistance
*CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
+*CVE-2007-0578 (mpg321)
+*CVE-2007-0555 (postgresql)
*CVE-2007-0541 version (wordpress, fixed 2.1-0) #225469
*CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469
*CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469
@@ -153,18 +235,27 @@
*CVE-2007-0457 VULNERABLE (wireshark, fixed 0.99.5) #227140
*CVE-2007-0456 VULNERABLE (wireshark, fixed 0.99.5) #227140
*CVE-2007-0455 VULNERABLE (gd) #224610
+*CVE-2007-0454 (samba)
+*CVE-2007-0452 (samba)
*CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
+*CVE-2007-0450 (tomcat)
+*CVE-2007-0448 (php)
*CVE-2007-0405 version (Django, fixed 0.95.1)
*CVE-2007-0404 version (Django, fixed 0.95.1)
*CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only)
*CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101
*CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
*CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
+*CVE-2007-0243 (java-ibm)
*CVE-2007-0242 patch (qt4, fixed 4.2.3-7)
*CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
+*CVE-2007-0239 (openoffice.org)
+*CVE-2007-0238 (openoffice.org)
*CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage
+*CVE-2007-0227 (slocate)
*CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958
*CVE-2007-0160 patch (centericq, fixed 4.21.0-9) #227791
+*CVE-2007-0157 (neon)
*CVE-2007-0109 version (wordpress, fixed 2.1-0) #223101
*CVE-2007-0107 version (wordpress, fixed 2.1-0) #223101
*CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101
@@ -172,6 +263,12 @@
*CVE-2007-0104 ignore (kdegraphics) only client DoS
*CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694
*CVE-2007-0086 ignore (apache) not a security issue
+*CVE-2007-0080 (freeradius)
+*CVE-2007-0048 (acroread)
+*CVE-2007-0046 (acroread)
+*CVE-2007-0045 (acroread)
+*CVE-2007-0044 (acroread)
+*CVE-2007-0010 (gtk2)
*CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
*CVE-2007-0009 ignore (seamonkey, uses system NSS)
*CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
@@ -181,29 +278,48 @@
*CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226]
*CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
*CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
+*CVE-2007-0001 (kernel)
+*CVE-2006-7205 (php)
+*CVE-2006-7204 (php)
+*CVE-2006-7197 (tomcat)
+*CVE-2006-7196 (tomcat)
+*CVE-2006-7195 (tomcat)
+*CVE-2006-7195 (tomcat)
*CVE-2006-7193 ignore (php-Smarty, SMARTY_DIR is a constant)
+*CVE-2006-7176 (sendmail)
+*CVE-2006-7175 (sendmail)
*CVE-2006-7162 version (putty, fixed 0.59) #231726
+*CVE-2006-7151 (libtool)
+*CVE-2006-7139 (kmail)
+*CVE-2006-7108 (util-linux)
*CVE-2006-6979 backport (amarok, fixed 1.4.5-2) #228138
+*CVE-2006-6948 (myodbc)
*CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1)
*CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1)
*CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1)
*CVE-2006-6939 VULNERABLE (ed, fixed 0.3) #223075
*CVE-2006-6899 version (bluez-utils, fixed 2.23)
*CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019]
+*CVE-2006-6811 ignore (ksirc) DoS only
*CVE-2006-6808 version (wordpress, fixed 2.1-0) #221023
*CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410
*CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077]
+*CVE-2006-6745 (java-ibm)
+*CVE-2006-6736 (java-ibm)
+*CVE-2006-6731 (java-ibm)
*CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043]
*CVE-2006-6698 VULNERABLE (GConf2) #219280
*CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
*CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
*CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible
+*CVE-2006-6628 (openoffice.org)
*CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
*CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
*CVE-2006-6610 version (nexuiz, fixed 2.2.1) #220034
*CVE-2006-6609 version (nexuiz, fixed 2.2.1) #220034
*CVE-2006-6574 backport (mantis, fixed 1.0.6-2) #219937
*CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938
+*CVE-2006-6561 (openoffice.org)
*CVE-2006-6515 version (mantis, fixed 1.0.6) #219720
*CVE-2006-6505 version (seamonkey, fixed 1.0.7) #220516
*CVE-2006-6504 version (seamonkey, fixed 1.0.7) #220516
@@ -214,6 +330,7 @@
*CVE-2006-6499 version (seamonkey, fixed 1.0.7) #220516
*CVE-2006-6498 version (seamonkey, fixed 1.0.7) #220516
*CVE-2006-6497 version (seamonkey, fixed 1.0.7) #220516
+*CVE-2006-6493 (openldap)
*CVE-2006-6481 version (clamav, fixed 0.88.7)
*CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
*CVE-2006-6385 ignore (kernel) windows only
@@ -227,6 +344,8 @@
*CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441]
*CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
*CVE-2006-6297 ignore (kdegraphics) just a crash
+*CVE-2006-6238 (konqueror) probably safari only
+*CVE-2006-6236 (acroread)
*CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821
*CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
*CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820
@@ -243,6 +362,9 @@
*CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
*CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
*CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067]
+*CVE-2006-6103 (xorg-x11)
+*CVE-2006-6102 (xorg-x11)
+*CVE-2006-6101 (xorg-x11)
*CVE-2006-6097 backport (tar) [since FEDORA-2006-1393]
*CVE-2006-6085 version (kile, fixed 1.9.3) #217238
*CVE-2006-6077 VULNERABLE (firefox)
@@ -252,18 +374,24 @@
*CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
*CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
*CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
+*CVE-2006-6027 (acroread)
+*CVE-2006-6015 (pcre)
*CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6
*CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
*CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508
+*CVE-2006-5969 (fvwm)
+*CVE-2006-5941 (net-snmp)
*CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support
*CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109]
*CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4)
*CVE-2006-5874 version (clamav, fixed 0.88.1)
*CVE-2006-5871 version (kernel, fixed 2.6.10)
+*CVE-2006-5870 (openoffice.org)
*CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560
*CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042]
*CVE-2006-5864 VULNERABLE (evince) #217672
*CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136
+*CVE-2006-5857 (acroread)
*CVE-2006-5848 version (trac, fixed 0.10.1) #215077
*CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
*CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
@@ -273,8 +401,10 @@
*CVE-2006-5783 ignore (firefox) disputed
*CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768
*CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
+*CVE-2006-5754 (kernel)
*CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
*CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471]
+*CVE-2006-5750 (jboss)
*CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2)
*CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
*CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822
@@ -314,6 +444,7 @@
*CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355
*CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280
*CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
+*CVE-2006-5330 (flash-plugin)
*CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
*CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
*CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
@@ -352,6 +483,7 @@
*CVE-2006-4925 ignore (openssh) client crash only
*CVE-2006-4924 backport (openssh, fixed 4.4)
*CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr
+*CVE-2006-4816 (php)
*CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058]
*CVE-2006-4813 version (kernel, fixed 2.6.13)
*CVE-2006-4812 backport (php) php-5.1.6-ecalloc.patch
@@ -369,6 +501,7 @@
*CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514
*CVE-2006-4684 version (zope, fixed 2.9.2)
*CVE-2006-4663 ignore (kernel) not a vulnerability
+*CVE-2006-4640 (flash-plugin)
*CVE-2006-4625 ignore (php) safe mode isn't safe
*CVE-2006-4624 version (mailman, fixed 2.1.9rc1)
*CVE-2006-4623 version (kernel, fixed 2.6.18-rc1)
@@ -429,6 +562,7 @@
*CVE-2006-4330 version (wireshark, fixed 0.99.3)
*CVE-2006-4310 ignore (firefox) crash only
*CVE-2006-4262 backport (cscope)
+*CVE-2006-4261 (firefox)
*CVE-2006-4253 version (thunderbird, fixed 1.5.0.7)
*CVE-2006-4253 version (seamonkey, fixed 1.0.5) #209167
*CVE-2006-4253 version (firefox, fixed 1.5.0.7)
@@ -439,9 +573,11 @@
*CVE-2006-4226 version (mysql, fixed 5.0.26,5.1.12) #203428 [since FEDORA-2006-1297]
*CVE-2006-4192 patch (libmodplug, fixed 0.8-3)
*CVE-2006-4182 version (clamav, fixed 0.88.5) #210973
+*CVE-2006-4181 (gnuradius)
*CVE-2006-4146 backport (gdb)
*CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix
*CVE-2006-4144 backport (ImageMagick, fixed 6.2.9)
+*CVE-2006-4124 (lesstif)
*CVE-2006-4096 backport (bind)
*CVE-2006-4095 backport (bind)
*CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5)
@@ -503,6 +639,7 @@
*CVE-2006-3740 version (libXfont, fixed 1.2.2)
*CVE-2006-3739 version (libXfont, fixed 1.2.2)
*CVE-2006-3738 backport (openssl, fixed 0.9.8d)
+*CVE-2006-3733 ignore (jboss) cisco only
*CVE-2006-3731 ignore (firefox) just a user complicit crash
*CVE-2006-3694 version (ruby, fixed 1.8.5)
*CVE-2006-3677 version (thunderbird, fixed 1.5.0.5)
@@ -521,6 +658,7 @@
*CVE-2006-3627 version (wireshark, fixed 0.99.2)
*CVE-2006-3626 version (kernel, fixed 2.6.17.6)
*CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least)
+*CVE-2006-3587 (flash-plugin)
*CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108
*CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108
*CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
@@ -544,6 +682,8 @@
*CVE-2006-3376 backport (libwmf) from changelog
*CVE-2006-3352 ignore (firefox) not a vulnerability
*CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable
+*CVE-2006-3311 (flash-plugin)
+*CVE-2006-3276 (helixplayer)
*CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12)
*CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped)
*CVE-2006-3174 version (squirrelmail, fixed 1.4.7)
@@ -556,6 +696,7 @@
*CVE-2006-3113 version (thunderbird, fixed 1.5.0.5)
*CVE-2006-3113 version (seamonkey, fixed 1.0.4) #200455
*CVE-2006-3113 version (firefox, fixed 1.5.0.5)
+*CVE-2006-3093 ignore (acroread) windows only
*CVE-2006-3085 version (kernel, fixed 2.6.17.1)
*CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux
*CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4)
@@ -565,6 +706,7 @@
*CVE-2006-3018 version (php, fixed 5.1.3)
*CVE-2006-3017 version (php, fixed 5.1.3)
*CVE-2006-3016 version (php, fixed 5.1.3)
+*CVE-2006-3014 ignore (flash-plugin) windows only
*CVE-2006-3011 ignore (php) safe mode isn't safe
*CVE-2006-3005 ignore (libjpeg) not a vuln
*CVE-2006-2941 version (mailman, fixed 2.1.9)
@@ -613,17 +755,20 @@
*CVE-2006-2661 version (freetype, fixed 2.2.1)
*CVE-2006-2660 ignore (php) see #195539
*CVE-2006-2658 version (xsp, fixed 1.1.14) #206510
+*CVE-2006-2657 (php)
*CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch
*CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC
*CVE-2006-2613 ignore (firefox) This isn't an issue on FC
*CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_42-bz178431.patch
*CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983
*CVE-2006-2563 ignore (php) safe mode isn't safe
+*CVE-2006-2502 (cyrus-imapd)
*CVE-2006-2489 version (nagios, fixed 2.3.1)
*CVE-2006-2480 patch (dia, fixed 0.95-2) bz#192535
*CVE-2006-2453 patch (dia, fixed 0.95-3) #192830
*CVE-2006-2452 version (gdm)
*CVE-2006-2451 version (kernel, fixed 2.6.17.4)
+*CVE-2006-2450 (vnc)
*CVE-2006-2449 version (kdebase, fixed 3.5.4)
*CVE-2006-2448 version (kernel, fixed 2.6.17)
*CVE-2006-2447 version (spamassassin, fixed 3.1.3)
@@ -801,6 +946,7 @@
*CVE-2006-1490 version (php, fixed 5.1.4)
*CVE-2006-1470 version (openldap, not 2.3.24 at least)
*CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353
+*CVE-2006-1370 (helixplayer)
*CVE-2006-1368 version (kernel, fixed 2.6.16)
*CVE-2006-1354 version (freeradius, fixed 1.1.2 at least)
*CVE-2006-1343 version (kernel, fixed 2.6.16.19)
@@ -827,13 +973,16 @@
*CVE-2006-1057 version (gdm, fixed 2.14.1)
*CVE-2006-1056 version (kernel, fixed 2.6.16.9)
*CVE-2006-1055 version (kernel, fixed 2.6.17)
+*CVE-2006-1053 (fedora directory server)
*CVE-2006-1052 version (kernel, fixed 2.6.16)
*CVE-2006-1045 version (thunderbird, fixed 1.5.0.2)
*CVE-2006-1015 ignore (php) safe mode isn't safe
*CVE-2006-1014 ignore (php) safe mode isn't safe
*CVE-2006-0996 version (php, fixed 5.1.4)
+*CVE-2006-0987 (bind)
*CVE-2006-0903 version (mysql, 4.1.19)
*CVE-2006-0884 version (thunderbird, fixed 1.5.0.2)
+*CVE-2006-0883 (openssh)
*CVE-2006-0855 patch (zoo, patched in OpenSUSE "upstream", fixed 2.10-7)
*CVE-2006-0847 version (python-cherrypy, fixed 2.1.1)
*CVE-2006-0841 version (mantis, fixed 1.0.1)
@@ -853,9 +1002,11 @@
*CVE-2006-0746 version (kdegraphics, fixed 3.4)
*CVE-2006-0745 version (xorg-x11-server, fixed 1.1.1 at least)
*CVE-2006-0744 version (kernel, fixed 2.6.16.5)
+*CVE-2006-0743 (log4net)
*CVE-2006-0742 version (kernel, fixed 2.6.16)
*CVE-2006-0741 version (kernel, fixed 2.6.15.5)
*CVE-2006-0730 version (dovecot, 1.0beta[12] only)
+*CVE-2006-0709 (metamail)
*CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert
*CVE-2006-0670 version (bluez-hcidump, fixed 1.30)
*CVE-2006-0665 version (mantis, fixed 1.0.1)
@@ -879,9 +1030,13 @@
*CVE-2006-0456 ignore (kernel) s390 only
*CVE-2006-0455 version (gnupg, fixed 1.4.2.1)
*CVE-2006-0454 version (kernel, fixed 2.6.15.3)
+*CVE-2006-0453 (fedora directory server)
+*CVE-2006-0452 (fedora directory server)
+*CVE-2006-0451 (fedora directory server)
*CVE-2006-0405 version (libtiff, 3.8.0 only)
*CVE-2006-0377 version (squirrelmail, fixed 1.4.6)
*CVE-2006-0369 ignore (mysql) this is not a security issue
+*CVE-2006-0323 (helixplayer)
*CVE-2006-0322 version (mediawiki, fixed 1.5.8)
*CVE-2006-0321 version (fetchmail, fixed 6.3.2)
*CVE-2006-0301 version (poppler, fixed 0.4.5)
@@ -919,9 +1074,12 @@
*CVE-2006-0195 version (squirrelmail, fixed 1.4.6)
*CVE-2006-0188 version (squirrelmail, fixed 1.4.6)
*CVE-2006-0162 version (clamav, fixed 0.88)
+*CVE-2006-0151 (sudo)
+*CVE-2006-0150 (auth_ldap)
*CVE-2006-0144 version (php-pear, not 1.4.4)
*CVE-2006-0126 version (rxvt-unicode, fixed 7.5)
*CVE-2006-0106 version (wine, fixed 0.9.10)
+*CVE-2006-0105 (postgresql)
*CVE-2006-0097 ignore (php) Windows only
*CVE-2006-0096 ignore (kernel) minor and requires root
*CVE-2006-0095 version (kernel, fixed 2.6.16)
@@ -931,12 +1089,19 @@
*CVE-2006-0052 version (mailman, fixed 2.1.6)
*CVE-2006-0049 version (gnupg, fixed 1.4.2.2)
*CVE-2006-0047 version (freeciv, fixed 2.0.8) bz#184507
+*CVE-2006-0043 ignore (nfs-server) we use the kernel nfs server
*CVE-2006-0042 version (libapreq2, fixed 2.0.7)
*CVE-2006-0039 version (kernel, fixed 2.6.16.17)
*CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15)
*CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15)
*CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
+*CVE-2006-0024 (flash-plugin)
*CVE-2006-0019 version (kdelibs, fixed 3.5.1)
+*CVE-2006-0017 (fedora directory server)
+*CVE-2006-0016 (fedora directory server)
+*CVE-2005-4838 (tomcat)
+*CVE-2005-4837 (net-snmp)
+*CVE-2005-4836 (tomcat)
*CVE-2005-4811 version (kernel, fixed 2.6.13)
*CVE-2005-4809 VULNERABLE (firefox)
*CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug
@@ -958,6 +1123,7 @@
*CVE-2005-4635 version (kernel, fixed 2.6.15)
*CVE-2005-4618 version (kernel, fixed 2.6.15)
*CVE-2005-4605 version (kernel, fixed 2.6.15)
+*CVE-2005-4601 (ImageMagick)
*CVE-2005-4585 version (wireshark, fixed 0.10.14)
*CVE-2005-4442 version (openldap) gentoo only
*CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471]
@@ -967,13 +1133,22 @@
*CVE-2005-4154 ignore (php) don't install untrusted pear packages
*CVE-2005-4153 version (mailman)
*CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html
+*CVE-2005-4130 (helixplayer)
+*CVE-2005-4126 (helixplayer)
*CVE-2005-4077 version (curl, fixed 7.15.1)
+*CVE-2005-3964 (openmotif)
*CVE-2005-3962 version (perl, fixed 5.8.8)
+*CVE-2005-3896 (firefox,seamonkey,thunderbird)
+*CVE-2005-3891 (pidgin)
+*CVE-2005-3890 (pidgin)
+*CVE-2005-3889 (pidgin)
+*CVE-2005-3888 (pidgin)
*CVE-2005-3883 version (php, fixed 5.1.1 at least)
*CVE-2005-3858 version (kernel, fixed 2.6.13)
*CVE-2005-3857 version (kernel, fixed 2.6.15)
*CVE-2005-3848 version (kernel, fixed 2.6.13)
*CVE-2005-3847 version (kernel, fixed 2.6.12.6)
+*CVE-2005-3812 (firefox,seamonkey,thunderbird)
*CVE-2005-3810 version (kernel, fixed 2.6.15)
*CVE-2005-3809 version (kernel, fixed 2.6.15)
*CVE-2005-3808 version (kernel, fixed 2.6.15)
@@ -992,6 +1167,7 @@
*CVE-2005-3651 version (wireshark, fixed 0.10.14)
*CVE-2005-3632 version (netpbm)
*CVE-2005-3631 version (udev)
+*CVE-2005-3630 (fedora directory server)
*CVE-2005-3629 version (initscripts, fixed 8.29 at least)
*CVE-2005-3628 version (poppler, fixed 0.4.4)
*CVE-2005-3628 version (kdegraphics, fixed 3.5.1)
@@ -1014,9 +1190,11 @@
*CVE-2005-3624 version (cups, fixed 1.2.0)
*CVE-2005-3624 backport (tetex)
*CVE-2005-3623 version (kernel, fixed 2.6.14.5)
+*CVE-2005-3591 (flash-plugin)
*CVE-2005-3582 version (ImageMagick) gentoo only
*CVE-2005-3573 version (mailman, fixed 2.1.7)
*CVE-2005-3527 version (kernel, fixed 2.6.14)
+*CVE-2005-3510 (tomcat)
*CVE-2005-3402 ignore (thunderbird) mozilla say by design
*CVE-2005-3392 version (php, not 5.0)
*CVE-2005-3391 version (php, not 5.0)
@@ -1027,9 +1205,11 @@
*CVE-2005-3358 version (kernel, fixed 2.6.11)
*CVE-2005-3357 version (httpd, fixed 2.2.1)
*CVE-2005-3356 version (kernel, fixed 2.6.16)
+*CVE-2005-3354 (sylpheed)
*CVE-2005-3353 version (php, not 5.0)
*CVE-2005-3352 version (httpd, fixed 2.2.1)
*CVE-2005-3351 version (spamassassin, fixed 3.1.0)
+*CVE-2005-3350 (libungif)
*CVE-2005-3322 version (squid) not upstream, SUSE only
*CVE-2005-3319 ignore (mod_php) no security consequence
*CVE-2005-3313 version (wireshark, fixed after 0.10.13)
@@ -1039,6 +1219,7 @@
*CVE-2005-3273 version (kernel, fixed 2.6.12)
*CVE-2005-3272 version (kernel, fixed 2.6.13)
*CVE-2005-3271 version (kernel, fixed 2.6.9)
+*CVE-2005-3269 (fedora directory server)
*CVE-2005-3258 version (squid, fixed 2.5STABLE12)
*CVE-2005-3257 version (kernel, fixed 2.6.15)
*CVE-2005-3249 version (wireshark, fixed 0.10.13)
@@ -1066,6 +1247,7 @@
*CVE-2005-3185 version (wget, fixed 1.10.2 at least)
*CVE-2005-3185 version (curl, fixed 7.15)
*CVE-2005-3184 version (wireshark, fixed 0.10.13)
+*CVE-2005-3183 (w3c-libwww)
*CVE-2005-3181 version (kernel, fixed 2.6.13.4)
*CVE-2005-3180 version (kernel, fixed 2.6.13.4)
*CVE-2005-3179 version (kernel, fixed 2.6.13.4)
@@ -1088,7 +1270,9 @@
*CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
*CVE-2005-2978 version (netpbm, fixed 10.25)
*CVE-2005-2977 version (pam, fixed 0.99.2.1 at least)
+*CVE-2005-2976 (gdk-pixbuf)
*CVE-2005-2975 version (gtk2, fixed 2.8.7)
+*CVE-2005-2974 (libungif)
*CVE-2005-2973 version (kernel, fixed 2.6.14)
*CVE-2005-2970 version (httpd, not 2.2)
*CVE-2005-2969 version (openssl, fixed 0.9.8a)
@@ -1096,9 +1280,11 @@
*CVE-2005-2968 version (thunderbird)
*CVE-2005-2968 version (firefox)
*CVE-2005-2959 ignore (sudo) not a vulnerability
+*CVE-2005-2958 (libgda)
*CVE-2005-2946 version (openssl, fixed 0.9.8)
*CVE-2005-2933 version (libc-client, fixed 2004g at least)
*CVE-2005-2929 backport (lynx) changelog
+*CVE-2005-2922 (helixplayer)
*CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
*CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
*CVE-2005-2874 version (cups, fixed 1.1.23)
@@ -1114,6 +1300,7 @@
*CVE-2005-2796 version (squid, fixed 2.5.STABLE11)
*CVE-2005-2794 version (squid, fixed 2.5.STABLE11)
*CVE-2005-2728 version (httpd, not 2.2)
+*CVE-2005-2710 (helixplayer)
*CVE-2005-2709 version (kernel, fixed 2.6.14.3)
*CVE-2005-2708 ignore (kernel) not reproducable on x86_64
*CVE-2005-2707 version (thunderbird)
@@ -1135,6 +1322,8 @@
*CVE-2005-2666 version (openssh, fixed 4.0p1)
*CVE-2005-2642 version (mutt) openbsd only
*CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
+*CVE-2005-2629 (helixplayer)
+*CVE-2005-2628 (flash-plugin)
*CVE-2005-2617 version (kernel, fixed 2.6.12.5)
*CVE-2005-2602 ignore (thunderbird) probably
*CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
@@ -1213,6 +1402,7 @@
*CVE-2005-2096 version (rpm, fixed 4.4.2)
*CVE-2005-2096 backport (zlib, fixed 1.2.2.4)
*CVE-2005-2095 version (squirrelmail, fixed 1.4.5)
+*CVE-2005-2090 (tomcat)
*CVE-2005-2088 version (httpd, not 2.2)
*CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180)
*CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch
@@ -1239,11 +1429,13 @@
*CVE-2005-1760 version (sysreport, fixed 1.4.1-3)
*CVE-2005-1759 ignore (php) dead code path
*CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used
+*CVE-2005-1753 (tomcat)
*CVE-2005-1751 version (nmap, fixed 3.93 at least)
*CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used
*CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
*CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least)
*CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
+*CVE-2005-1730 (openssl)
*CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch
*CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least)
*CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch
@@ -1257,6 +1449,7 @@
*CVE-2005-1532 version (firefox, fixed 1.0.4)
*CVE-2005-1531 version (firefox, fixed 1.0.4)
*CVE-2005-1519 version (squid, fixed 2.5.STABLE10)
+*CVE-2005-1476 (firefox,seamonkey,thunderbird)
*CVE-2005-1470 version (wireshark, fixed 0.10.11)
*CVE-2005-1469 version (wireshark, fixed 0.10.11)
*CVE-2005-1468 version (wireshark, fixed 0.10.11)
@@ -1367,11 +1560,13 @@
*CVE-2005-0709 version (mysql, fixed 4.1.11)
*CVE-2005-0705 version (wireshark, fixed after 0.10.9)
*CVE-2005-0704 version (wireshark, fixed after 0.10.9)
+*CVE-2005-0699 (wireshark)
*CVE-2005-0698 version (wireshark, fixed after 0.10.9)
*CVE-2005-0664 version (libexif, fixed 0.6.12)
*CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless
*CVE-2005-0627 version (qt, fixed 3.3.4)
*CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
+*CVE-2005-0611 (helixplayer)
*CVE-2005-0605 version (libXpm, fixed 3.5.4 at least)
*CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour
*CVE-2005-0596 version (php, fixed 5.0)
@@ -1389,6 +1584,7 @@
*CVE-2005-0584 version (firefox)
*CVE-2005-0578 version (firefox)
*CVE-2005-0565 version (kernel, not 2.6)
+*CVE-2005-0546 (cyrus-imapd)
*CVE-2005-0532 version (kernel, fixed 2.6.11)
*CVE-2005-0531 version (kernel, fixed 2.6.11)
*CVE-2005-0530 version (kernel, fixed 2.6.11)
@@ -1409,6 +1605,8 @@
*CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
*CVE-2005-0468 version (krb5, fixed 1.4.1)
*CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
+*CVE-2005-0455 (helixplayer)
+*CVE-2005-0452 (perl)
*CVE-2005-0449 version (kernel, fixed 2.6.11)
*CVE-2005-0448 version (perl, fixed 5.8.6)
*CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
@@ -1451,6 +1649,8 @@
*CVE-2005-0202 version (mailman, fixed 2.1.6)
*CVE-2005-0201 version (dbus, fixed 0.36.1)
*CVE-2005-0194 version (squid, fixed 2.5.STABLE8)
+*CVE-2005-0191 (helixplayer)
+*CVE-2005-0189 (helixplayer)
*CVE-2005-0180 version (kernel, fixed 2.6.11)
*CVE-2005-0179 version (kernel, fixed 2.6.11)
*CVE-2005-0178 version (kernel, fixed 2.6.11)
@@ -1509,6 +1709,7 @@
*CVE-2005-0034 version (bind, fixed after 9.3.0)
*CVE-2005-0033 version (bind, not 9)
*CVE-2005-0023 ignore (libvte) not a security risk
+*CVE-2005-0022 (exim)
*CVE-2005-0014 version (ncpfs, fixed 2.2.6)
*CVE-2005-0013 version (ncpfs, fixed 2.2.6)
*CVE-2005-0011 version (kdeedu, not 3.4)
@@ -1523,7 +1724,10 @@
*CVE-2005-0001 version (kernel, fixed 2.6.10)
*CVE-2004-2660 version (kernel, fixed 2.6.10)
*CVE-2004-2657 ignore (firefox) windows only
+*CVE-2004-2655 (xscreensaver)
*CVE-2004-2654 version (squid, fixed 2.6STABLE6)
+*CVE-2004-2645 (asn1c)
+*CVE-2004-2644 (asn1c)
*CVE-2004-2607 version (kernel, fixed 2.6.5)
*CVE-2004-2589 version (gaim, fixed 0.82)
*CVE-2004-2546 version (samba, fixed 3.0.6)
@@ -1603,6 +1807,7 @@
*CVE-2004-1184 version (enscript, fixed 1.6.4 at least)
*CVE-2004-1183 version (libtiff, fixed 3.7.2)
*CVE-2004-1180 version (rwho, fixed 0.17)
+*CVE-2004-1178 (mailman)
*CVE-2004-1177 version (mailman, fixed 2.1.6)
*CVE-2004-1176 version (mc, fixed 4.6.0)
*CVE-2004-1175 version (mc, fixed 4.6.0)
@@ -1801,6 +2006,7 @@
*CVE-2004-0558 version (cups, fixed 1.1.21)
*CVE-2004-0557 version (sox, fixed after 12.17.4)
*CVE-2004-0554 version (kernel, fixed 2.6.7)
+*CVE-2004-0550 (helixplayer)
*CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue
*CVE-2004-0547 version (postgresql, fixed 7.2.1)
*CVE-2004-0541 version (squid)
@@ -1850,6 +2056,7 @@
*CVE-2004-0394 version (kernel, not 2.6) also not a vulnerability
*CVE-2004-0392 version (racoon, fixed 20040407b)
*CVE-2004-0388 version (mysql, fixed 4.1.11 at least)
+*CVE-2004-0387 (helixplayer)
*CVE-2004-0381 version (mysql, fixed 4.1.11 at least)
*CVE-2004-0367 version (wireshark, fixed 0.10.3)
*CVE-2004-0365 version (wireshark, fixed 0.10.3)
@@ -1858,11 +2065,13 @@
*CVE-2004-0233 version (libutempter, fixed 0.5.5)
*CVE-2004-0232 version (mc, fixed 4.6.0)
*CVE-2004-0231 version (mc, fixed 4.6.0)
+*CVE-2004-0230 (kernel)
*CVE-2004-0229 version (kernel, fixed 2.6.6)
*CVE-2004-0228 version (kernel, fixed 2.6.6)
*CVE-2004-0226 version (mc, fixed 4.6.0)
*CVE-2004-0189 version (squid, fixed 2.5.STABLE5)
*CVE-2004-0186 version (samba, not 3.0.2a)
+*CVE-2004-0185 (wu-ftpd)
*CVE-2004-0184 version (tcpdump, fixed 3.8.2)
*CVE-2004-0183 version (tcpdump, fixed 3.8.2)
*CVE-2004-0182 version (mailman) only affected Red Hat packages
@@ -1917,9 +2126,12 @@
*CVE-2004-0005 version (gaim, fixed 0.76)
*CVE-2004-0003 version (kernel, not 2.6)
*CVE-2004-0001 version (kernel, not 2.6)
+*CVE-2003-1329 (wu-ftpd)
*CVE-2003-1307 ignore (mod_php) not a vulnerability
*CVE-2003-1303 version (php, fixed 4.3.3)
*CVE-2003-1302 version (php, fixed 4.3.1)
+*CVE-2003-1295 (xscreensaver)
+*CVE-2003-1294 (xscreensaver)
*CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
*CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
*CVE-2003-1232 version (emacs, fixed 21.3)
@@ -1963,6 +2175,7 @@
*CVE-2003-0914 version (bind, not 9)
*CVE-2003-0901 version (postgresql, not 8)
*CVE-2003-0900 version (perl, only 5.8.1)
+*CVE-2003-0885 (xscreensaver)
*CVE-2003-0865 version (tomcat, fixed after 4.0.3)
*CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html
*CVE-2003-0861 version (php, fixed 4.3.3)
@@ -2387,8 +2600,19 @@
*CVE-2002-0002 version (stunnel, fixed 3.22)
*CVE-2002-0001 version (mutt, fixed 1.3.25)
*CVE-2001-1494 version (util-linux, fixed 2.11n)
+*CVE-2001-1429 (mc)
*CVE-2001-0955 version (XFree86, fixed 4.2.0)
+*CVE-2001-0935 (wu-ftpd)
*CVE-2001-0474 version (mesa, fixed 3.3-14)
+*CVE-2001-0310 (sort)
+*CVE-2001-0235 (vixie-cron)
+*CVE-2001-0187 (wu-ftpd)
*CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch
+*CVE-2000-1137 (ed)
+*CVE-2000-0992 (krb5)
*CVE-2000-0504 version (libICE, fixed XFree86:4.0.1)
*CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch
+*CVE-1999-1332 (gzip)
+*CVE-1999-0997 (wu-ftpd)
+*CVE-1999-0710 (squid)
+*CVE-1999-0103 (bind)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 10 months