July 2007 - security [ARCHIVED] - Fedora Mailing-Lists

[Bug 194511] CVE-2006-2894 arbitrary file read vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2894 arbitrary file read vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194511 bugzilla(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |medium Priority|normal |medium Product|Fedora Extras |Fedora mcepl(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |mcepl(a)redhat.com ------- Additional Comments From mcepl(a)redhat.com 2007-07-18 13:28 EST ------- Fedora Core 5 is no longer supported, could you please reproduce this with the updated version of the currently supported distribution (Fedora Core 6, or Fedora 7, or Rawhide)? If this issue turns out to still be reproducible, please let us know in this bug report. If after a month's time we have not heard back from you, we will have to close this bug as CANTFIX. Setting status to NEEDINFO, and awaiting information from the reporter. Thanks in advance. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc6,1.223,1.224 fc7,1.44,1.45

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv703 Modified Files: fc6 fc7 Log Message: pidgin Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.223 retrieving revision 1.224 diff -u -r1.223 -r1.224 --- fc6 17 Jul 2007 10:15:46 -0000 1.223 +++ fc6 18 Jul 2007 14:15:40 -0000 1.224 @@ -4,7 +4,8 @@ ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243892 -CVE-2007-3820 ** (kdebase) +CVE-2007-3841 WTF (pidgin) +CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) CVE-2007-3782 ** (mysql) CVE-2007-3781 ** (mysql) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- fc7 17 Jul 2007 10:15:46 -0000 1.44 +++ fc7 18 Jul 2007 14:15:40 -0000 1.45 @@ -5,7 +5,8 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 -CVE-2007-3820 ** (kdebase) +CVE-2007-3841 WTF (pidgin) +CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) CVE-2007-3781 ** (mysql) CVE-2007-3782 ** (mysql) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc6,1.222,1.223 fc7,1.43,1.44

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13567 Modified Files: fc6 fc7 Log Message: Today's new stuff. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.222 retrieving revision 1.223 diff -u -r1.222 -r1.223 --- fc6 12 Jul 2007 14:09:44 -0000 1.222 +++ fc6 17 Jul 2007 10:15:46 -0000 1.223 @@ -4,6 +4,10 @@ ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243892 +CVE-2007-3820 ** (kdebase) +CVE-2007-3799 ** (php) +CVE-2007-3782 ** (mysql) +CVE-2007-3781 ** (mysql) CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- fc7 14 Jul 2007 09:07:01 -0000 1.43 +++ fc7 17 Jul 2007 10:15:46 -0000 1.44 @@ -5,6 +5,12 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3820 ** (kdebase) +CVE-2007-3799 ** (php) +CVE-2007-3781 ** (mysql) +CVE-2007-3782 ** (mysql) +CVE-2007-3770 ** (xfce-utils) +CVE-2007-3725 ** (clamav) CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) CVE-2007-3555 VULNERABLE (moodle) #247528 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc7,1.42,1.43 fe6,1.127,1.128

by fedora-extras-commits＠redhat.com

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4381 Modified Files: fc7 fe6 Log Message: flac123 fixed Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- fc7 12 Jul 2007 19:17:05 -0000 1.42 +++ fc7 14 Jul 2007 09:07:01 -0000 1.43 @@ -14,7 +14,7 @@ CVE-2007-3543 ** (wordpress) #245211 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033] -CVE-2007-3507 VULNERABLE (flac123, fixed 0.0.10) #246322 +CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 CVE-2007-3478 ** (gd) CVE-2007-3477 ** (gd) CVE-2007-3476 ** (gd) Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.127 retrieving revision 1.128 diff -u -r1.127 -r1.128 --- fe6 12 Jul 2007 19:17:05 -0000 1.127 +++ fe6 14 Jul 2007 09:07:01 -0000 1.128 @@ -8,7 +8,7 @@ CVE-2007-3544 ** (wordpress) #245211 CVE-2007-3543 ** (wordpress) #245211 CVE-2007-3528 VULNERABLE (dar, fixed 2.3.4) #246760 -CVE-2007-3507 VULNERABLE (flac123, fixed 0.0.10) #246322 +CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 CVE-2007-3241 ** (wordpress) #245211 CVE-2007-3240 ** (wordpress) #245211 CVE-2007-3239 ** (wordpress) #245211 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

[Bug 246322] New: flac123 0.0.9 vorbis comment parsing buffer overflow

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322 Summary: flac123 0.0.9 vorbis comment parsing buffer overflow Product: Fedora Version: f7 Platform: All URL: http://www.vuxml.org/freebsd/32d38cbb-2632-11dc-94da- 0016179b2dd5.html OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: flac123 AssignedTo: foolish(a)guezz.net ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://www.vuxml.org/freebsd/32d38cbb-2632-11dc-94da-0016179b2dd5.html "flac123, also known as flac-tools, is vulnerable to a buffer overflow in vorbis comment parsing. This allows for the execution of arbitrary code." 0.0.10 is out, supposedly containing a fix for this. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 9 months

1
5
0 / 0

Re: Maintenance and support policy

by Bob Staaf

> From: "Monlong Pierre" <pierre.monlong(a)cnes.fr> > Date: 2007/07/12 Thu PM 03:48:45 EDT > To: <fedora-security-list(a)redhat.com> > Subject: Maintenance and support policy > > Hi all, > Where i can find these informations about fedora : > -Duration of support and maintenance for a particular release. > With eventually distinction between security support, fonctionnal bugs > support ,.... > I note that the releases of FC are spaced of about 6 to 7 months. Is it > a coincidence or a rule ? > Thank you for your help. > http://fedoraproject.org/wiki/LifeCycle -- Fedora-security-list mailing list Fedora-security-list(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-security-list

16 years, 9 months

1
0
0 / 0

Maintenance and support policy

by Monlong Pierre

Hi all, Where i can find these informations about fedora : -Duration of support and maintenance for a particular release. With eventually distinction between security support, fonctionnal bugs support ,.... I note that the releases of FC are spaced of about 6 to 7 months. Is it a coincidence or a rule ? Thank you for your help. == Pierre Monlong - Antiope/IF/IE Tel : +594 (0)5 94 33 47 53 / Fax : +594 (0)5 94 33 42 59 pierre.monlong(a)cnes.fr ==

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc7, 1.41, 1.42 fe5, 1.211, 1.212 fe6, 1.126, 1.127

by fedora-extras-commits＠redhat.com

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29446 Modified Files: fc7 fe5 fe6 Log Message: Note phpPgAdmin and clamav fixes. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- fc7 12 Jul 2007 14:09:44 -0000 1.41 +++ fc7 12 Jul 2007 19:17:05 -0000 1.42 @@ -61,7 +61,7 @@ CVE-2007-2869 (firefox) CVE-2007-2868 version (seamonkey, fixed 1.0.9) CVE-2007-2867 version (seamonkey, fixed 1.0.9) -CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 +CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 CVE-2007-2844 ignore (php) #241641 CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.211 retrieving revision 1.212 diff -u -r1.211 -r1.212 --- fe5 2 Jul 2007 19:25:50 -0000 1.211 +++ fe5 12 Jul 2007 19:17:05 -0000 1.212 @@ -24,7 +24,7 @@ CVE-2007-3024 ** (clamav, fixed 0.90.3) #245219 CVE-2007-3023 ** (clamav, fixed 0.90.3) #245219 CVE-2007-2894 VULNERABLE (bochs) #241799 -CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 +CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 CVE-2007-2654 VULNERABLE (xfsdump) #240396 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.126 retrieving revision 1.127 diff -u -r1.126 -r1.127 --- fe6 9 Jul 2007 19:12:51 -0000 1.126 +++ fe6 12 Jul 2007 19:17:05 -0000 1.127 @@ -31,11 +31,11 @@ CVE-2007-2870 version (seamonkey, fixed 1.0.9) CVE-2007-2868 version (seamonkey, fixed 1.0.9) CVE-2007-2867 version (seamonkey, fixed 1.0.9) -CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 +CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 CVE-2007-2654 VULNERABLE (xfsdump) #240396 -CVE-2007-2650 ** (clamav) #240395 +CVE-2007-2650 patch (clamav, fixed 0.88.7-3) #240395 CVE-2007-2637 patch (moin, fixed 1.5.7-2) CVE-2007-2627 ** (wordpress) #239904 CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc6,1.221,1.222 fc7,1.40,1.41

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19334 Modified Files: fc6 fc7 Log Message: centericq Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.221 retrieving revision 1.222 diff -u -r1.221 -r1.222 --- fc6 10 Jul 2007 23:54:03 -0000 1.221 +++ fc6 12 Jul 2007 14:09:44 -0000 1.222 @@ -4,6 +4,7 @@ ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243892 +CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] CVE-2007-3378 ignore (php) safe mode escape Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.40 retrieving revision 1.41 diff -u -r1.40 -r1.41 --- fc7 12 Jul 2007 11:12:17 -0000 1.40 +++ fc7 12 Jul 2007 14:09:44 -0000 1.41 @@ -5,6 +5,7 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) CVE-2007-3555 VULNERABLE (moodle) #247528 CVE-2007-3546 ignore (nessus-core) Windows only -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc7,1.39,1.40

by fedora-extras-commits＠redhat.com

Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13430 Modified Files: fc7 Log Message: Clean up the low hanging fruit. View full diff with command: /usr/bin/cvs -f diff -kk -u -N -r 1.39 -r 1.40 fc7 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.39 retrieving revision 1.40 diff -u -r1.39 -r1.40 --- fc7 12 Jul 2007 00:52:20 -0000 1.39 +++ fc7 12 Jul 2007 11:12:17 -0000 1.40 @@ -43,7 +43,7 @@ CVE-2007-3126 ignore (gimp) just a crash CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3121 version (zvbi, fixed 0.2.25) +CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 CVE-2007-3025 ignore (clamav, Solaris only) @@ -72,7 +72,7 @@ *CVE-2007-2683 (mutt) *CVE-2007-2654 VULNERABLE (xfsdump) #240396 CVE-2007-2650 VULNERABLE (clamav, fixed in 0.90.3) #240395 -*CVE-2007-2645 ignore (libexif) #240055 DoS only +CVE-2007-2645 ignore (libexif) #240055 DoS only *CVE-2007-2637 patch (moin, fixed 1.5.7-2) *CVE-2007-2627 ** (wordpress) #239904 *CVE-2007-2589 (squirrelmail) @@ -93,11 +93,11 @@ CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398 *CVE-2007-2444 (samba) *CVE-2007-2438 VULNERABLE (vim) #238734 -*CVE-2007-2437 ignore (xorg-x11) DoS only +CVE-2007-2437 ignore (xorg-x11) DoS only *CVE-2007-2435 (java) *CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 -*CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 -*CVE-2007-2381 ignore (MochiKit) #238616 +CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 +CVE-2007-2381 ignore (MochiKit) #238616 *CVE-2007-2356 (gimp) *CVE-2007-2353 (axis) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 @@ -107,18 +107,18 @@ CVE-2007-2172 version (kernel, fixed 2.6.21-rc6) *CVE-2007-2165 VULNERABLE (proftpd) #237533 *CVE-2007-2138 (postgresql) -*CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) +CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) *CVE-2007-2028 (freeradius) *CVE-2007-2026 (file) CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) CVE-2007-1997 version (clamav, fixed in 0.90.2) *CVE-2007-1995 (quagga) #240488 -*CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 -*CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2) -*CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912 -*CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 +CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2) +CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912 +CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 CVE-2007-1864 version (php, fixed 5.2.2) *CVE-2007-1862 (httpd) *CVE-2007-1859 (xscreensaver) @@ -126,12 +126,12 @@ CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 -*CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 +CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 *CVE-2007-1743 (httpd) *CVE-2007-1742 (httpd) *CVE-2007-1741 (httpd) -*CVE-2007-1732 ignore (wordpress) #235015 +CVE-2007-1732 ignore (wordpress) #235015 CVE-2007-1718 version (php, fixed 5.2.2) CVE-2007-1717 version (php, fixed 5.2.2) CVE-2007-1711 version (php, 4.4.5 and 4.4.6 only) @@ -142,41 +142,41 @@ CVE-2007-1664 VULNERABLE (ekg) #246034 CVE-2007-1663 VULNERABLE (ekg) #246034 CVE-2007-1649 version (php, fixed 5.2.2) -*CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 -*CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 -*CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 +CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 +CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 +CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 CVE-2007-1583 version (php, fixed 5.2.2) CVE-2007-1565 ignore (konqueror) client crash CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] CVE-2007-1562 (firefox, seamonkey, thunderbird) CVE-2007-1560 version (squid, fixed 2.6.STABLE12) -*CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 +CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) -*CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1536 (file) CVE-2007-1521 ignore (php) See NVD -*CVE-2007-1515 version (imp, fixed 4.1.4) +CVE-2007-1515 version (imp, fixed 4.1.4) CVE-2007-1496 version (kernel, fixed 2.6.20.3) CVE-2007-1484 ignore (php) See NVD CVE-2007-1475 ignore (php) unshipped ibase extension -*CVE-2007-1474 version (horde, fixed 3.1.4) -*CVE-2007-1474 ignore (imp, < 4.x only) -*CVE-2007-1473 version (horde, fixed 3.1.4) +CVE-2007-1474 version (horde, fixed 3.1.4) +CVE-2007-1474 ignore (imp, < 4.x only) +CVE-2007-1473 version (horde, fixed 3.1.4) *CVE-2007-1466 (openoffice.org) -*CVE-2007-1464 version (inkscape, fixed 0.45.1) -*CVE-2007-1463 version (inkscape, fixed 0.45.1) +CVE-2007-1464 version (inkscape, fixed 0.45.1) +CVE-2007-1463 version (inkscape, fixed 0.45.1) CVE-2007-1460 version (php, fixed 5.2.2) -*CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 +CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 CVE-2007-1413 ignore (php) Windows NT SNMP specific CVE-2007-1412 ignore (php) unshipped cpdf extension CVE-2007-1411 ignore (php) unshipped mssql extension -*CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 -*CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 +CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 +CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 CVE-2007-1401 ignore (php) unshipped cracklib extension CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) *CVE-2007-1398 ignore (snort, inline mode not shipped) #232109 @@ -193,30 +193,30 @@ *CVE-2007-1354 (jboss) *CVE-2007-1352 VULNERABLE (libXfont) #235265 *CVE-2007-1351 VULNERABLE (libXfont) #235265 -*CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) +CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 *CVE-2007-1320 ** (qemu) #238723 CVE-2007-1287 ignore (php) See NVD CVE-2007-1286 version (php, PHP4 only) CVE-2007-1285 version (php, 5.2.2) -*CVE-2007-1282 version (seamonkey, fixed 1.0.8) -*CVE-2007-1277 version (wordpress, fixed 2.1.2) -*CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733 -*CVE-2007-1263 version (gpgme, fixed 1.1.4) -*CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] +CVE-2007-1282 version (seamonkey, fixed 1.0.8) +CVE-2007-1277 version (wordpress, fixed 2.1.2) +CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733 +CVE-2007-1263 version (gpgme, fixed 1.1.4) +CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] *CVE-2007-1262 (squirrelmail) *CVE-2007-1253 patch (blender, fixed 2.42a-21) #239338 *CVE-2007-1246 patch (xine-lib, fixed 1.1.4-3) -*CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 -*CVE-2007-1230 version (wordpress, fixed 2.1.2) +CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 +CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] CVE-2007-1216 version (krb5, fixed 1.6-3) #231537 *CVE-2007-1103 VULNERABLE (tor) #230927 -*CVE-2007-1092 version (seamonkey, fixed 1.0.8) -*CVE-2007-1055 version (mediawiki, fixed 1.8.3) -*CVE-2007-1054 version (mediawiki, fixed 1.8.4) -*CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991 +CVE-2007-1092 version (seamonkey, fixed 1.0.8) +CVE-2007-1055 version (mediawiki, fixed 1.8.3) +CVE-2007-1054 version (mediawiki, fixed 1.8.4) +CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991 *CVE-2007-1036 (jboss) *CVE-2007-1030 (libevent) *CVE-2007-1007 (ekiga) @@ -227,13 +227,13 @@ CVE-2007-1001 version (php, fixed 5.2.2) CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335] *CVE-2007-0999 (ekiga) -*CVE-2007-0998 version (qemu, fixed 0.8.2) +CVE-2007-0998 version (qemu, fixed 0.8.2) *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] -*CVE-2007-0996 version (seamonkey, fixed 1.0.8) -*CVE-2007-0995 version (seamonkey, fixed 1.0.8) +CVE-2007-0996 version (seamonkey, fixed 1.0.8) +CVE-2007-0995 version (seamonkey, fixed 1.0.8) CVE-2007-0988 version (php, fixed 5.2.1) CVE-2007-0981 VULNERABLE (firefox, ...) -*CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 +CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 [...3251 lines suppressed...] -*CVE-2002-0839 version (httpd, not 2.2) -*CVE-2002-0838 version (kdegraphics, fixed 3.0.4) -*CVE-2002-0838 version (ggv, fixed 20030119, 2.8.0 at least) -*CVE-2002-0837 version (wordtrans, fixed 1.1pre13 at least) -*CVE-2002-0836 version (tetex, fixed 2.0.2 at least) +CVE-2002-0972 version (postgresql, fixed 7.2.2) +CVE-2002-0970 version (kdenetwork, fixed 3.0.3) +CVE-2002-0935 version (tomcat, fixed 4.1.3) +CVE-2002-0906 version (sendmail, fxied 8.12.5) +CVE-2002-0871 version (xinetd, fixed 2.3.7) +CVE-2002-0855 version (mailman, fixed 2.0.12) +CVE-2002-0843 version (httpd, not 2.2) +CVE-2002-0840 version (httpd, not 2.2) +CVE-2002-0839 version (httpd, not 2.2) +CVE-2002-0838 version (kdegraphics, fixed 3.0.4) +CVE-2002-0838 version (ggv, fixed 20030119, 2.8.0 at least) +CVE-2002-0837 version (wordtrans, fixed 1.1pre13 at least) +CVE-2002-0836 version (tetex, fixed 2.0.2 at least) CVE-2002-0834 version (wireshark, fixed after 0.9.5) -*CVE-2002-0825 version (nss_ldap, fixed nss_ldap-198) +CVE-2002-0825 version (nss_ldap, fixed nss_ldap-198) CVE-2002-0822 version (wireshark, fixed 0.9.5) CVE-2002-0821 version (wireshark, fixed 0.9.5) -*CVE-2002-0819 version (arts, fixed cvs 20020707) -*CVE-2002-0802 version (postgresql, fixed 7.2) -*CVE-2002-0761 version (bzip2, fixed 1.0.2) -*CVE-2002-0760 version (bzip2, fixed 1.0.2) -*CVE-2002-0759 version (bzip2, fixed 1.0.2) -*CVE-2002-0728 version (libpng, fixed 1.2.4) +CVE-2002-0819 version (arts, fixed cvs 20020707) +CVE-2002-0802 version (postgresql, fixed 7.2) +CVE-2002-0761 version (bzip2, fixed 1.0.2) +CVE-2002-0760 version (bzip2, fixed 1.0.2) +CVE-2002-0759 version (bzip2, fixed 1.0.2) +CVE-2002-0728 version (libpng, fixed 1.2.4) CVE-2002-0717 version (php, fixed 4.2.2) CVE-2002-0715 version (squid, fixed 2.4.STABLE6) CVE-2002-0714 version (squid, fixed 2.4.STABLE6) CVE-2002-0713 version (squid, fixed 2.4.STABLE6) -*CVE-2002-0704 version (kernel, fixed 2.6.11) -*CVE-2002-0702 version (dhcpd, fixed 3.0.1) -*CVE-2002-0684 version (glibc, fixed afted 2.2.5) -*CVE-2002-0682 version (tomcat, fixed 4.1.3) -*CVE-2002-0662 version (scrollkeeper, fixed after 0.3.11) -*CVE-2002-0660 version (libpng, fixed 1.0.14) -*CVE-2002-0659 version (openssl, not 0.9.8) -*CVE-2002-0659 version (openssl097a, not 0.9.7) -*CVE-2002-0657 version (openssl, not 0.9.8) -*CVE-2002-0657 version (openssl097a, not 0.9.7) -*CVE-2002-0656 version (openssl, not 0.9.8) -*CVE-2002-0656 version (openssl097a, not 0.9.7) -*CVE-2002-0655 version (openssl, not 0.9.8) -*CVE-2002-0655 version (openssl097a, not 0.9.7) -*CVE-2002-0653 version (mod_ssl, not httpd 2.2) +CVE-2002-0704 version (kernel, fixed 2.6.11) +CVE-2002-0702 version (dhcpd, fixed 3.0.1) +CVE-2002-0684 version (glibc, fixed afted 2.2.5) +CVE-2002-0682 version (tomcat, fixed 4.1.3) +CVE-2002-0662 version (scrollkeeper, fixed after 0.3.11) +CVE-2002-0660 version (libpng, fixed 1.0.14) +CVE-2002-0659 version (openssl, not 0.9.8) +CVE-2002-0659 version (openssl097a, not 0.9.7) +CVE-2002-0657 version (openssl, not 0.9.8) +CVE-2002-0657 version (openssl097a, not 0.9.7) +CVE-2002-0656 version (openssl, not 0.9.8) +CVE-2002-0656 version (openssl097a, not 0.9.7) +CVE-2002-0655 version (openssl, not 0.9.8) +CVE-2002-0655 version (openssl097a, not 0.9.7) +CVE-2002-0653 version (mod_ssl, not httpd 2.2) CVE-2002-0651 version (bind, not 9) CVE-2002-0640 version (openssh, fixed after 3.3) CVE-2002-0639 version (openssh, fixed after 3.3) -*CVE-2002-0638 version (util-linux, fixed 2.13 at least) +CVE-2002-0638 version (util-linux, fixed 2.13 at least) CVE-2002-0575 version (openssh, fixed 3.2.1) -*CVE-2002-0570 ignore (kernel) not a vulnerability -*CVE-2002-0517 version (XFree86) didn't affect Linux -*CVE-2002-0516 version (squirrelmail, fixed 1.2.6) -*CVE-2002-0510 ignore (kernel) see cve -*CVE-2002-0506 version (newt, not 0.5.22 at least) -*CVE-2002-0499 version (kernel, not 2.6) +CVE-2002-0570 ignore (kernel) not a vulnerability +CVE-2002-0517 version (XFree86) didn't affect Linux +CVE-2002-0516 version (squirrelmail, fixed 1.2.6) +CVE-2002-0510 ignore (kernel) see cve +CVE-2002-0506 version (newt, not 0.5.22 at least) +CVE-2002-0499 version (kernel, not 2.6) *CVE-2002-0497 backport (mtr) mtr-0.69-CVE-2002-0497.patch -*CVE-2002-0493 version (tomcat, fixed 4.1.12) -*CVE-2002-0435 version (fileutils, fixed 4.1.7) -*CVE-2002-0429 version (kernel, not 2.6) +CVE-2002-0493 version (tomcat, fixed 4.1.12) +CVE-2002-0435 version (fileutils, fixed 4.1.7) +CVE-2002-0429 version (kernel, not 2.6) CVE-2002-0404 version (wireshark, fixed 0.9.3) CVE-2002-0403 version (wireshark, fixed 0.9.3) CVE-2002-0402 version (wireshark, fixed 0.9.3) CVE-2002-0401 version (wireshark, fixed 0.9.3) CVE-2002-0400 version (bind, fixed 9.2.1) -*CVE-2002-0399 version (tar, fixed 1.13.26) -*CVE-2002-0392 version (httpd, not 2.2) +CVE-2002-0399 version (tar, fixed 1.13.26) +CVE-2002-0392 version (httpd, not 2.2) CVE-2002-0391 version (krb5, fixed after 1.2.5) -*CVE-2002-0391 version (glibc, fixed after 2.2.5) -*CVE-2002-0389 ignore (mailman) upstream say not a vulnerability -*CVE-2002-0388 version (mailman, fixed 2.0.11) +CVE-2002-0391 version (glibc, fixed after 2.2.5) +CVE-2002-0389 ignore (mailman) upstream say not a vulnerability +CVE-2002-0388 version (mailman, fixed 2.0.11) CVE-2002-0384 version (gaim, fixed gaim:0.58) CVE-2002-0382 version (xchat, fixed 1.9.1) -*CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) -*CVE-2002-0379 version (imap, vuln code removed imap-2002) +CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) +CVE-2002-0379 version (imap, vuln code removed imap-2002) CVE-2002-0377 version (gaim, fixed gaim:0.58) -*CVE-2002-0374 version (pam_ldap, fixed 144) -*CVE-2002-0363 version (ghostscript, fixed 6.53) +CVE-2002-0374 version (pam_ldap, fixed 144) +CVE-2002-0363 version (ghostscript, fixed 6.53) CVE-2002-0353 version (wireshark, fixed 0.9.3) -*CVE-2002-0342 version (kde, not 2.2+) -*CVE-2002-0318 version (freeradius, fixed 0.7) +CVE-2002-0342 version (kde, not 2.2+) +CVE-2002-0318 version (freeradius, fixed 0.7) CVE-2002-0253 ignore (php) not a vulnerability CVE-2002-0240 ignore (php) windows only -*CVE-2002-0232 version (mrtg, not 2.11.1 at least) +CVE-2002-0232 version (mrtg, not 2.11.1 at least) CVE-2002-0229 ignore (php) safe mode isn't safe -*CVE-2002-0185 version (mod_python, fixed 2.7.7) +CVE-2002-0185 version (mod_python, fixed 2.7.7) CVE-2002-0184 version (sudo, fixed 1.6.6) -*CVE-2002-0180 version (webalizer, fixed 2.01-10) -*CVE-2002-0169 ignore (docbook) was RHL only -*CVE-2002-0165 version (logwatch, fixed 2.6) -*CVE-2002-0164 version (XFree86, fixed 4.2.1) +CVE-2002-0180 version (webalizer, fixed 2.01-10) +CVE-2002-0169 ignore (docbook) was RHL only +CVE-2002-0165 version (logwatch, fixed 2.6) +CVE-2002-0164 version (XFree86, fixed 4.2.1) CVE-2002-0163 version (squid, fixed 2.4.STABLE6) -*CVE-2002-0162 version (logwatch, fixed 2.5) -*CVE-2002-0157 version (nautilus) -*CVE-2002-0146 version (fetchmail, fixed 5.9.10) -*CVE-2002-0130 ignore (efax) not setuid root -*CVE-2002-0129 ignore (efax) not setuid root +CVE-2002-0162 version (logwatch, fixed 2.5) +CVE-2002-0157 version (nautilus) +CVE-2002-0146 version (fetchmail, fixed 5.9.10) +CVE-2002-0130 ignore (efax) not setuid root +CVE-2002-0129 ignore (efax) not setuid root CVE-2002-0121 version (php, fixed after 4.1.1) -*CVE-2002-0092 version (cve, fixed 1.10.8) +CVE-2002-0092 version (cve, fixed 1.10.8) CVE-2002-0083 version (openssh, fixed 3.1) -*CVE-2002-0082 version (mod_ssl, not httpd 2.2) +CVE-2002-0082 version (mod_ssl, not httpd 2.2) CVE-2002-0081 version (php, not 4.2+) CVE-2002-0080 version (rsync, fixed 2.5.3) CVE-2002-0069 version (squid, fixed 2.4STABLE4) CVE-2002-0068 version (squid, fixed 2.4STABLE4) CVE-2002-0067 version (squid, fixed 2.4STABLE4) -CVE-2002-0063 version (cups, fixed 1.1.14) -*CVE-2002-0062 version (ncurses, only 5.0) -*CVE-2002-0060 version (kernel, fixed 2.5.5) +VE-2002-0063 version (cups, fixed 1.1.14) +CVE-2002-0062 version (ncurses, only 5.0) +CVE-2002-0060 version (kernel, fixed 2.5.5) *CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc) CVE-2002-0059 version (rsync, fixed 2.5.4/2.6.6) -*CVE-2002-0059 version (zlib, fixed 1.1.4) +CVE-2002-0059 version (zlib, fixed 1.1.4) CVE-2002-0048 version (rsync, fixed 2.5.2) -*CVE-2002-0046 version (kernel, fixed 2.4.0) -*CVE-2002-0045 version (openldap, fixed 2.0.20) -*CVE-2002-0044 version (enscript, fixed 1.6.4 at least) +CVE-2002-0046 version (kernel, fixed 2.4.0) +CVE-2002-0045 version (openldap, fixed 2.0.20) +CVE-2002-0044 version (enscript, fixed 1.6.4 at least) CVE-2002-0043 version (sudo, fixed 1.6.4) CVE-2002-0036 version (krb5, fixed 1.2.5) CVE-2002-0029 version (bind, not 9) @@ -2649,11 +2649,11 @@ CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-11-lexer-parser.diff CVE-2002-0003 version (groff, fixed 1.17.2) -*CVE-2002-0002 version (stunnel, fixed 3.22) -*CVE-2002-0001 version (mutt, fixed 1.3.25) -*CVE-2001-1494 version (util-linux, fixed 2.11n) +CVE-2002-0002 version (stunnel, fixed 3.22) +CVE-2002-0001 version (mutt, fixed 1.3.25) +CVE-2001-1494 version (util-linux, fixed 2.11n) *CVE-2001-1429 (mc) -*CVE-2001-0955 version (XFree86, fixed 4.2.0) +CVE-2001-0955 version (XFree86, fixed 4.2.0) CVE-2001-0935 ignore, no-ship (wu-ftpd) CVE-2001-0474 version (mesa, fixed 3.3-14) CVE-2001-0310 ignore (sort) mkstemp is now being used -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] July 2007