fedora-security/audit fc6,1.242,1.243 fc7,1.75,1.76
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv681
Modified Files:
fc6 fc7
Log Message:
Add CVE-2007-4131 - tar directory traversal.
Update status of resolved issues.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.242
retrieving revision 1.243
diff -u -r1.242 -r1.243
--- fc6 20 Aug 2007 16:01:57 -0000 1.242
+++ fc6 21 Aug 2007 08:39:05 -0000 1.243
@@ -15,6 +15,7 @@
CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664]
+CVE-2007-4131 VULNERABLE (tar) #253684
CVE-2007-4029 VULNERABLE (libvorbis) #250600
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- fc7 20 Aug 2007 16:01:57 -0000 1.75
+++ fc7 21 Aug 2007 08:39:05 -0000 1.76
@@ -14,12 +14,12 @@
CVE-2007-4400 VULNERABLE (konversation) #253545
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
-CVE-2007-4321 VULNERABLE (fail2ban) #252290
+CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643
CVE-2007-4255 ignore (php) msql extension not shipped
CVE-2007-4251 ignore (openoffice.org) just a crash
CVE-2007-4229 ignore (kdebase) just an ASSERT fail
-CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
-CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
+CVE-2007-4225 backport (kdebase) [since FEDORA-2007-1700]
+CVE-2007-4224 backport (kdebase) [since FEDORA-2007-1700]
CVE-2007-4211 version (dovecot, 1.0.3) #251008 [since FEDORA-2007-1485]
CVE-2007-4174 version (tor, fixed 0.1.2.16) [since FEDORA-2007-1674]
GENERIC-MAP-NOMATCH version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
@@ -27,10 +27,11 @@
CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 VULNERABLE (wordpress) #250751
+CVE-2007-4131 VULNERABLE (tar) #253684
CVE-2007-4029 VULNERABLE (libvorbis) #245991
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
-CVE-2007-3852 VULNERABLE (sysstat) #252295
+CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
@@ -40,7 +41,7 @@
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
-CVE-2007-3820 ** (kdebase) #248537
+CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700]
CVE-2007-3799 ** (php)
CVE-2007-3781 ** (mysql)
CVE-2007-3782 ** (mysql)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc6,1.241,1.242 fc7,1.74,1.75
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27214
Modified Files:
fc6 fc7
Log Message:
Up-to-date as of today
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.241
retrieving revision 1.242
diff -u -r1.241 -r1.242
--- fc6 15 Aug 2007 10:46:44 -0000 1.241
+++ fc6 20 Aug 2007 16:01:57 -0000 1.242
@@ -4,8 +4,8 @@
# *CVE are items that need verification for Fedora Core 6
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070815
-# Up to date FC6 as of 20070815
+# Up to date CVE as of CVE email 20070820
+# Up to date FC6 as of 20070820
GENERIC-MAP-NOMATCH VULNERABLE (tomboy) #252294
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
@@ -14,7 +14,7 @@
CVE-2007-4229 ignore (kdebase) just an ASSERT fail
CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
-CVE-2007-4211 VULNERABLE (dovecot, fixed 1.0.3) #251009
+CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664]
CVE-2007-4029 VULNERABLE (libvorbis) #250600
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
@@ -39,9 +39,9 @@
CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3387 VULNERABLE (poppler) #251513
-CVE-2007-3387 VULNERABLE (tetex) #251515
+CVE-2007-3387 backport (tetex) #251515 [since FEDORA-2007-669]
CVE-2007-3387 VULNERABLE (kdegraphics) #251511
-CVE-2007-3387 VULNERABLE (cups) #251519
+CVE-2007-3387 backport (cups) #251519 [since FEDORA-2007-644]
CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653]
CVE-2007-3378 ignore (php) safe mode escape
@@ -50,7 +50,7 @@
CVE-2007-3304 backport (httpd) #244660 [since FEDORA-2007-615]
CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594]
CVE-2007-3126 ignore (gimp) just a crash
-CVE-2007-3108 VULNERABLE (openssl) #250574
+CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-661]
CVE-2007-3106 VULNERABLE (libvorbis) #250600
CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647]
CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -r1.74 -r1.75
--- fc7 20 Aug 2007 09:44:37 -0000 1.74
+++ fc7 20 Aug 2007 16:01:57 -0000 1.75
@@ -5,10 +5,13 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20070815
-# Up to date FC7 as of 20070815
+# Up to date CVE as of CVE email 20070820
+# Up to date FC7 as of 20070820
+GENERIC-MAP-NOMATCH VULNERABLE (id3lib) #253553
+GENERIC-MAP-NOMATCH VULNERABLE (po4a) #253541
GENERIC-MAP-NOMATCH VULNERABLE (tomboy) #252294
+CVE-2007-4400 VULNERABLE (konversation) #253545
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
CVE-2007-4321 VULNERABLE (fail2ban) #252290
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc7,1.73,1.74
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7100/audit
Modified Files:
fc7
Log Message:
Updated tor package was released
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -r1.73 -r1.74
--- fc7 16 Aug 2007 06:34:29 -0000 1.73
+++ fc7 20 Aug 2007 09:44:37 -0000 1.74
@@ -18,8 +18,8 @@
CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
CVE-2007-4211 version (dovecot, 1.0.3) #251008 [since FEDORA-2007-1485]
-CVE-2007-4174 VULNERABLE (tor, fixed 0.1.2.16)
-GENERIC-MAP-NOMATCH VULNERABLE (tor, fixed 0.1.2.15) #249840
+CVE-2007-4174 version (tor, fixed 0.1.2.16) [since FEDORA-2007-1674]
+GENERIC-MAP-NOMATCH version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414]
CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
@@ -99,7 +99,7 @@
CVE-2007-3106 VULNERABLE (libvorbis) #245991
CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
-CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502
+CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674]
CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
CVE-2007-3145 VULNERABLE (galeon) **
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc7,1.72,1.73
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9481
Modified Files:
fc7
Log Message:
Note resolved issues.
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- fc7 15 Aug 2007 10:46:44 -0000 1.72
+++ fc7 16 Aug 2007 06:34:29 -0000 1.73
@@ -41,7 +41,7 @@
CVE-2007-3799 ** (php)
CVE-2007-3781 ** (mysql)
CVE-2007-3782 ** (mysql)
-CVE-2007-3770 backport (terminal/xfce) update pending
+CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620]
CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138]
@@ -67,7 +67,7 @@
CVE-2007-3474 ** (gd)
CVE-2007-3473 ** (gd)
CVE-2007-3472 ** (gd)
-CVE-2007-3410 backport (HelixPlayer) #245838 [since CVE-2007-3410]
+CVE-2007-3410 backport (HelixPlayer) #245838 [since FEDORA-2007-0756]
CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807
CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-3392 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
@@ -79,13 +79,13 @@
CVE-2007-3387 backport (tetex) #251514 [since FEDORA-2007-1547]
CVE-2007-3387 VULNERABLE (poppler) #251512
CVE-2007-3387 backport (kdegraphics) #251509 [since FEDORA-2007-1594]
-CVE-2007-3387 VULNERABLE (koffice) #251522
+CVE-2007-3387 backport (koffice) #251522 [since FEDORA-2007-1614]
CVE-2007-3387 backport (cups) #251518 [since FEDORA-2007-1541]
CVE-2007-3387 ** (libextractor)
CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362]
CVE-2007-3378 ignore (php) safe mode escape
-CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since EDORA-2007-0668]
+CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since FEDORA-2007-0668]
CVE-2007-3304 backport (httpd) #244665 [since FEDORA-2007-0704]
CVE-2007-3257 backport (evolution) #244283 [since FEDORA-2007-0464]
CVE-2007-3241 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc6,1.240,1.241 fc7,1.71,1.72
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24878
Modified Files:
fc6 fc7
Log Message:
kdegraphics, denyhosts -- up to date as of today
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.240
retrieving revision 1.241
diff -u -r1.240 -r1.241
--- fc6 15 Aug 2007 08:13:30 -0000 1.240
+++ fc6 15 Aug 2007 10:46:44 -0000 1.241
@@ -4,8 +4,8 @@
# *CVE are items that need verification for Fedora Core 6
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070814
-# Up to date FC6 as of 20070808
+# Up to date CVE as of CVE email 20070815
+# Up to date FC6 as of 20070815
GENERIC-MAP-NOMATCH VULNERABLE (tomboy) #252294
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72
--- fc7 15 Aug 2007 08:13:30 -0000 1.71
+++ fc7 15 Aug 2007 10:46:44 -0000 1.72
@@ -5,12 +5,12 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20070814
-# Up to date FC7 as of 20070808
+# Up to date CVE as of CVE email 20070815
+# Up to date FC7 as of 20070815
GENERIC-MAP-NOMATCH VULNERABLE (tomboy) #252294
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
-CVE-2007-4323 VULNERABLE (denyhosts) #252291
+CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
CVE-2007-4321 VULNERABLE (fail2ban) #252290
CVE-2007-4255 ignore (php) msql extension not shipped
CVE-2007-4251 ignore (openoffice.org) just a crash
@@ -116,7 +116,7 @@
CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
CVE-2007-3007 ignore (php) safe mode isn't safe
*CVE-2007-2975 (openfire)
-CVE-2007-2956 VULNERABLE (qtpfsgui) #251674
+CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581]
CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725]
CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
CVE-2007-2925 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc6,1.239,1.240 fc7,1.70,1.71
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1331/audit
Modified Files:
fc6 fc7
Log Message:
Various cleanups.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.239
retrieving revision 1.240
diff -u -r1.239 -r1.240
--- fc6 15 Aug 2007 07:17:12 -0000 1.239
+++ fc6 15 Aug 2007 08:13:30 -0000 1.240
@@ -41,7 +41,7 @@
CVE-2007-3387 VULNERABLE (poppler) #251513
CVE-2007-3387 VULNERABLE (tetex) #251515
CVE-2007-3387 VULNERABLE (kdegraphics) #251511
-CVE-2007-3387 VULNERABLE (cups) #251518
+CVE-2007-3387 VULNERABLE (cups) #251519
CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653]
CVE-2007-3378 ignore (php) safe mode escape
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -r1.70 -r1.71
--- fc7 15 Aug 2007 07:17:12 -0000 1.70
+++ fc7 15 Aug 2007 08:13:30 -0000 1.71
@@ -41,7 +41,7 @@
CVE-2007-3799 ** (php)
CVE-2007-3781 ** (mysql)
CVE-2007-3782 ** (mysql)
-CVE-2007-3770 ** (xfce-utils)
+CVE-2007-3770 backport (terminal/xfce) update pending
CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138]
@@ -78,9 +78,9 @@
CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383]
CVE-2007-3387 backport (tetex) #251514 [since FEDORA-2007-1547]
CVE-2007-3387 VULNERABLE (poppler) #251512
-CVE-2007-3387 VULNERABLE (kdegraphics) #251509
+CVE-2007-3387 backport (kdegraphics) #251509 [since FEDORA-2007-1594]
CVE-2007-3387 VULNERABLE (koffice) #251522
-CVE-2007-3387 backport (cups) #251519 [since FEDORA-2007-1541]
+CVE-2007-3387 backport (cups) #251518 [since FEDORA-2007-1541]
CVE-2007-3387 ** (libextractor)
CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362]
@@ -166,7 +166,7 @@
*CVE-2007-2444 (samba)
CVE-2007-2443 version (krb5, 1.6.1) [since FEDORA-2007-0740]
CVE-2007-2442 version (krb5, 1.6.1) [since FEDORA-2007-0740]
-*CVE-2007-2438 VULNERABLE (vim) #238734
+CVE-2007-2438 version (vim, 7.0.235) #238734 [since FEDORA-2007-492]
CVE-2007-2437 ignore (xorg-x11) DoS only
*CVE-2007-2435 (java)
*CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc6,1.238,1.239 fc7,1.69,1.70
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26082
Modified Files:
fc6 fc7
Log Message:
Up to date as of todays CVENEW
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.238
retrieving revision 1.239
diff -u -r1.238 -r1.239
--- fc6 13 Aug 2007 13:05:46 -0000 1.238
+++ fc6 15 Aug 2007 07:17:12 -0000 1.239
@@ -4,9 +4,11 @@
# *CVE are items that need verification for Fedora Core 6
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070808
+# Up to date CVE as of CVE email 20070814
# Up to date FC6 as of 20070808
+GENERIC-MAP-NOMATCH VULNERABLE (tomboy) #252294
+CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4255 ignore (php) msql extension not shipped
CVE-2007-4251 ignore (openoffice.org) just a crash
CVE-2007-4229 ignore (kdebase) just an ASSERT fail
@@ -17,6 +19,7 @@
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
+CVE-2007-3852 VULNERABLE (sysstat) #252296
CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- fc7 13 Aug 2007 13:05:46 -0000 1.69
+++ fc7 15 Aug 2007 07:17:12 -0000 1.70
@@ -5,9 +5,13 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20070808
+# Up to date CVE as of CVE email 20070814
# Up to date FC7 as of 20070808
+GENERIC-MAP-NOMATCH VULNERABLE (tomboy) #252294
+CVE-2007-4357 ignore (firefox) status bar can be overwrittten
+CVE-2007-4323 VULNERABLE (denyhosts) #252291
+CVE-2007-4321 VULNERABLE (fail2ban) #252290
CVE-2007-4255 ignore (php) msql extension not shipped
CVE-2007-4251 ignore (openoffice.org) just a crash
CVE-2007-4229 ignore (kdebase) just an ASSERT fail
@@ -23,6 +27,7 @@
CVE-2007-4029 VULNERABLE (libvorbis) #245991
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
+CVE-2007-3852 VULNERABLE (sysstat) #252295
CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc6,1.237,1.238 fc7,1.68,1.69
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15057
Modified Files:
fc6 fc7
Log Message:
Firefox NUL injection was Windows specific.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.237
retrieving revision 1.238
diff -u -r1.237 -r1.238
--- fc6 13 Aug 2007 12:22:22 -0000 1.237
+++ fc6 13 Aug 2007 13:05:46 -0000 1.238
@@ -17,7 +17,7 @@
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
-CVE-2007-3845 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
+CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- fc7 13 Aug 2007 12:29:51 -0000 1.68
+++ fc7 13 Aug 2007 13:05:46 -0000 1.69
@@ -28,7 +28,7 @@
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-CVE-2007-3845 VULNERABLE (firefox, fixed 2.0.0.6) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
+CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc7,1.67,1.68
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5720
Modified Files:
fc7
Log Message:
xpdf issue fixed for tetex and cups
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- fc7 13 Aug 2007 12:22:22 -0000 1.67
+++ fc7 13 Aug 2007 12:29:51 -0000 1.68
@@ -71,11 +71,11 @@
CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-3388 VULNERABLE (qt, fixed qt-3.3.8-20070727) patch available: 170529.diff
CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383]
-CVE-2007-3387 VULNERABLE (tetex) #251514
+CVE-2007-3387 backport (tetex) #251514 [since FEDORA-2007-1547]
CVE-2007-3387 VULNERABLE (poppler) #251512
CVE-2007-3387 VULNERABLE (kdegraphics) #251509
CVE-2007-3387 VULNERABLE (koffice) #251522
-CVE-2007-3387 VULNERABLE (cups) #251519
+CVE-2007-3387 backport (cups) #251519 [since FEDORA-2007-1541]
CVE-2007-3387 ** (libextractor)
CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months