fedora-security/audit fc6,1.236,1.237 fc7,1.66,1.67
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5215
Modified Files:
fc6 fc7
Log Message:
New kernel issue, some stuff fixed.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.236
retrieving revision 1.237
diff -u -r1.236 -r1.237
--- fc6 10 Aug 2007 14:48:41 -0000 1.236
+++ fc6 13 Aug 2007 12:22:22 -0000 1.237
@@ -19,12 +19,14 @@
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3845 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
+CVE-2007-3843 VULNERABLE (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
CVE-2007-3820 ** (kdebase) #248537
CVE-2007-3799 ** (php)
CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654]
CVE-2007-3782 ** (mysql)
CVE-2007-3781 ** (mysql)
+CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655]
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561]
CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809
@@ -69,7 +71,7 @@
CVE-2007-1863 backport (httpd) #244660 [since FEDORA-2007-615]
CVE-2007-1862 backport (httpd) #244660 [since FEDORA-2007-615]
CVE-2007-1861 version (kernel) [since FEDORA-2007-482]
-CVE-2007-1856 backport (vixie-cron) #235882 [since ???]
+CVE-2007-1856 backport (vixie-cron) #235882 [since FEDORA-2007-662]
CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 [sconklin] Developer busy -- next week.
CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413]
CVE-2007-1667 backport (libX11) [since FEDORA-2007-426]
@@ -117,7 +119,7 @@
CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
-CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since ???]
+CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since FEDORA-2007-657]
CVE-2007-0104 ignore (poppler) only client DoS
CVE-2007-0104 ignore (kdegraphics) only client DoS
CVE-2007-0086 ignore (apache) not a security issue
@@ -149,7 +151,7 @@
CVE-2006-6144 ** krb5
CVE-2006-6143 ** krb5
CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
-CVE-2006-6128 VULNERABLE (kernel) #250625
+CVE-2006-6128 patch (kernel) #250625 [since FEDORA-2007-226] This was bug in our patch, not upstream
CVE-2006-6107 backport (dbus, fixed 1.0.2) #219665 [since FEDORA-2006-1475]
CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
@@ -217,7 +219,7 @@
CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167
CVE-2006-5214 version (xorg-x11-xdm)
CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession
-CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167
+CVE-2006-5214 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-659]
CVE-2006-5178 ignore (php) safe mode escape
CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only
CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- fc7 10 Aug 2007 14:48:41 -0000 1.66
+++ fc7 13 Aug 2007 12:22:22 -0000 1.67
@@ -30,6 +30,7 @@
CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3845 VULNERABLE (firefox, fixed 2.0.0.6) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
+CVE-2007-3843 VULNERABLE (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
CVE-2007-3820 ** (kdebase) #248537
CVE-2007-3799 ** (php)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc6,1.235,1.236 fc7,1.65,1.66
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32280/audit
Modified Files:
fc6 fc7
Log Message:
Add fsplib issues affecting gftp 2.0.18 - see NVD for explanation of ignore
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.235
retrieving revision 1.236
diff -u -r1.235 -r1.236
--- fc6 9 Aug 2007 16:00:14 -0000 1.235
+++ fc6 10 Aug 2007 14:48:41 -0000 1.236
@@ -15,6 +15,8 @@
CVE-2007-4211 VULNERABLE (dovecot, fixed 1.0.3) #251009
CVE-2007-4029 VULNERABLE (libvorbis) #250600
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
+CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
+CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3845 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3841 ignore (pidgin) ethically disclosed
@@ -126,6 +128,7 @@
CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226]
CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
+CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib
CVE-2006-6939 version (ed, fixed 0.3) #223075 [since FEDORA-2007-100]
CVE-2006-6899 version (bluez-utils, fixed 2.23)
CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- fc7 10 Aug 2007 11:38:12 -0000 1.65
+++ fc7 10 Aug 2007 14:48:41 -0000 1.66
@@ -21,6 +21,8 @@
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 VULNERABLE (wordpress) #250751
CVE-2007-4029 VULNERABLE (libvorbis) #245991
+CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
+CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
@@ -401,6 +403,7 @@
CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected
+CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib
CVE-2006-7205 ignore (php) See NVD
CVE-2006-7204 ignore (php) See NVD
*CVE-2006-7197 (tomcat)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.64,1.65
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5065
Modified Files:
fc7
Log Message:
qtpfsgui
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -r1.64 -r1.65
--- fc7 10 Aug 2007 02:11:01 -0000 1.64
+++ fc7 10 Aug 2007 11:38:12 -0000 1.65
@@ -108,6 +108,7 @@
CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
CVE-2007-3007 ignore (php) safe mode isn't safe
*CVE-2007-2975 (openfire)
+CVE-2007-2956 VULNERABLE (qtpfsgui) #251674
CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725]
CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
CVE-2007-2925 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.63,1.64
by fedora-extras-commits@redhat.com
Author: trassl
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5508
Modified Files:
fc7
Log Message:
Added CVE-2007-3388 qt vulnerable
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- fc7 9 Aug 2007 16:00:14 -0000 1.63
+++ fc7 10 Aug 2007 02:11:01 -0000 1.64
@@ -66,6 +66,7 @@
CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
+CVE-2007-3388 VULNERABLE (qt, fixed qt-3.3.8-20070727) patch available: 170529.diff
CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383]
CVE-2007-3387 VULNERABLE (tetex) #251514
CVE-2007-3387 VULNERABLE (poppler) #251512
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc6,1.234,1.235 fc7,1.62,1.63
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14661
Modified Files:
fc6 fc7
Log Message:
ignores, ignores, ignores
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.234
retrieving revision 1.235
diff -u -r1.234 -r1.235
--- fc6 9 Aug 2007 15:53:20 -0000 1.234
+++ fc6 9 Aug 2007 16:00:14 -0000 1.235
@@ -7,6 +7,11 @@
# Up to date CVE as of CVE email 20070808
# Up to date FC6 as of 20070808
+CVE-2007-4255 ignore (php) msql extension not shipped
+CVE-2007-4251 ignore (openoffice.org) just a crash
+CVE-2007-4229 ignore (kdebase) just an ASSERT fail
+CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
+CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
CVE-2007-4211 VULNERABLE (dovecot, fixed 1.0.3) #251009
CVE-2007-4029 VULNERABLE (libvorbis) #250600
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- fc7 9 Aug 2007 15:53:20 -0000 1.62
+++ fc7 9 Aug 2007 16:00:14 -0000 1.63
@@ -8,6 +8,11 @@
# Up to date CVE as of CVE email 20070808
# Up to date FC7 as of 20070808
+CVE-2007-4255 ignore (php) msql extension not shipped
+CVE-2007-4251 ignore (openoffice.org) just a crash
+CVE-2007-4229 ignore (kdebase) just an ASSERT fail
+CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
+CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
CVE-2007-4211 version (dovecot, 1.0.3) #251008 [since FEDORA-2007-1485]
CVE-2007-4174 VULNERABLE (tor, fixed 0.1.2.16)
GENERIC-MAP-NOMATCH VULNERABLE (tor, fixed 0.1.2.15) #249840
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc6, 1.233, 1.234 fc7, 1.61, 1.62 fe6, 1.131, 1.132
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13200/audit
Modified Files:
fc6 fc7 fe6
Log Message:
Add CVE-2007-3387 - xpdf integer overflow - which affects several packages
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -r1.233 -r1.234
--- fc6 8 Aug 2007 17:11:26 -0000 1.233
+++ fc6 9 Aug 2007 15:53:20 -0000 1.234
@@ -26,6 +26,10 @@
CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-3387 VULNERABLE (poppler) #251513
+CVE-2007-3387 VULNERABLE (tetex) #251515
+CVE-2007-3387 VULNERABLE (kdegraphics) #251511
+CVE-2007-3387 VULNERABLE (cups) #251518
CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653]
CVE-2007-3378 ignore (php) safe mode escape
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- fc7 8 Aug 2007 17:11:26 -0000 1.61
+++ fc7 9 Aug 2007 15:53:20 -0000 1.62
@@ -61,6 +61,13 @@
CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
+CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383]
+CVE-2007-3387 VULNERABLE (tetex) #251514
+CVE-2007-3387 VULNERABLE (poppler) #251512
+CVE-2007-3387 VULNERABLE (kdegraphics) #251509
+CVE-2007-3387 VULNERABLE (koffice) #251522
+CVE-2007-3387 VULNERABLE (cups) #251519
+CVE-2007-3387 ** (libextractor)
CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362]
CVE-2007-3378 ignore (php) safe mode escape
Index: fe6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fe6,v
retrieving revision 1.131
retrieving revision 1.132
diff -u -r1.131 -r1.132
--- fe6 27 Jul 2007 15:56:53 -0000 1.131
+++ fe6 9 Aug 2007 15:53:20 -0000 1.132
@@ -14,6 +14,9 @@
CVE-2007-3543 ** (wordpress) #245211
CVE-2007-3528 VULNERABLE (dar, fixed 2.3.4) #246760
CVE-2007-3507 version (flac123, fixed 0.0.10) #246322
+CVE-2007-3387 version (xpdf, fixed 3.02pl1)
+CVE-2007-3387 VULNERABLE (koffice) #251524
+CVE-2007-3387 ** (libextractor)
CVE-2007-3241 ** (wordpress) #245211
CVE-2007-3240 ** (wordpress) #245211
CVE-2007-3239 ** (wordpress) #245211
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc6,1.232,1.233 fc7,1.60,1.61
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14717
Modified Files:
fc6 fc7
Log Message:
Up to date as of today's CVENEW mails and Fedora updates.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.232
retrieving revision 1.233
diff -u -r1.232 -r1.233
--- fc6 8 Aug 2007 14:59:57 -0000 1.232
+++ fc6 8 Aug 2007 17:11:26 -0000 1.233
@@ -4,12 +4,14 @@
# *CVE are items that need verification for Fedora Core 6
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070801
-# Up to date FC6 as of 20070803
+# Up to date CVE as of CVE email 20070808
+# Up to date FC6 as of 20070808
-GENERIC-MAP-NOMATCH VULNERABLE (dovecot, fixed 1.0.3) #251009
+CVE-2007-4211 VULNERABLE (dovecot, fixed 1.0.3) #251009
CVE-2007-4029 VULNERABLE (libvorbis) #250600
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
+CVE-2007-3845 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
+CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3841 ignore (pidgin) ethically disclosed
CVE-2007-3820 ** (kdebase) #248537
CVE-2007-3799 ** (php)
@@ -24,6 +26,7 @@
CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653]
CVE-2007-3378 ignore (php) safe mode escape
CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 [since FEDORA-2007-609]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- fc7 6 Aug 2007 15:08:43 -0000 1.60
+++ fc7 8 Aug 2007 17:11:26 -0000 1.61
@@ -5,10 +5,11 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20070801
-# Up to date FC7 as of 20070802
+# Up to date CVE as of CVE email 20070808
+# Up to date FC7 as of 20070808
-GENERIC-MAP-NOMATCH VULNERABLE (dovecot, 1.0.3) #251008
+CVE-2007-4211 version (dovecot, 1.0.3) #251008 [since FEDORA-2007-1485]
+CVE-2007-4174 VULNERABLE (tor, fixed 0.1.2.16)
GENERIC-MAP-NOMATCH VULNERABLE (tor, fixed 0.1.2.15) #249840
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414]
CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
@@ -20,7 +21,9 @@
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-CVE-2007-3841 WTF (pidgin)
+CVE-2007-3845 VULNERABLE (firefox, fixed 2.0.0.6) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
+CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
+CVE-2007-3841 ignore (pidgin) ethically disclosed
CVE-2007-3820 ** (kdebase) #248537
CVE-2007-3799 ** (php)
CVE-2007-3781 ** (mysql)
@@ -36,7 +39,7 @@
CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130]
CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10)
-CVE-2007-3555 VULNERABLE (moodle) #247528
+CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445]
CVE-2007-3546 ignore (nessus-core) Windows only
CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904]
CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
@@ -58,6 +61,7 @@
CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
+CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362]
CVE-2007-3378 ignore (php) safe mode escape
CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since EDORA-2007-0668]
@@ -70,9 +74,10 @@
CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366]
CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
+CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444]
CVE-2007-3106 VULNERABLE (libvorbis) #245991
-CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
+CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502
CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
@@ -199,6 +204,7 @@
CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564]
CVE-2007-1562 version (mozilla) #241840
CVE-2007-1560 version (squid, fixed 2.6.STABLE12)
+CVE-2007-1558 version (balsa) [since FEDORA-2007-1447]
CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
*CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1)
*CVE-2007-1558 VULNERABLE (evolution)
@@ -266,7 +272,7 @@
*CVE-2007-1103 VULNERABLE (tor) #230927
CVE-2007-1092 version (seamonkey, fixed 1.0.8)
CVE-2007-1055 version (mediawiki, fixed 1.8.3)
-CVE-2007-1054 VULNERABLE (mediawiki, fixed 1.9.3)
+CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991
*CVE-2007-1036 (jboss)
*CVE-2007-1030 (libevent)
@@ -480,7 +486,7 @@
*CVE-2006-6015 (pcre)
CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6
CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
-*CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508
+CVE-2006-5973 version (dovecot, fixed 1.0.rc15) #216508 [since ???]
*CVE-2006-5969 (fvwm)
CVE-2006-5941 ignore (net-snmp) dupe CVE-2005-2177
*CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc6,1.231,1.232
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14500
Modified Files:
fc6
Log Message:
Good developers, good.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.231
retrieving revision 1.232
diff -u -r1.231 -r1.232
--- fc6 6 Aug 2007 15:08:43 -0000 1.231
+++ fc6 8 Aug 2007 14:59:57 -0000 1.232
@@ -31,6 +31,7 @@
CVE-2007-3304 backport (httpd) #244660 [since FEDORA-2007-615]
CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594]
CVE-2007-3126 ignore (gimp) just a crash
+CVE-2007-3108 VULNERABLE (openssl) #250574
CVE-2007-3106 VULNERABLE (libvorbis) #250600
CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647]
CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600]
@@ -54,8 +55,8 @@
CVE-2007-1863 backport (httpd) #244660 [since FEDORA-2007-615]
CVE-2007-1862 backport (httpd) #244660 [since FEDORA-2007-615]
CVE-2007-1861 version (kernel) [since FEDORA-2007-482]
-CVE-2007-1856 VULNERABLE (vixie-cron) #235882
-CVE-2007-1841 VULNERABLE (ipsec-tools) #238052
+CVE-2007-1856 backport (vixie-cron) #235882 [since ???]
+CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 [sconklin] Developer busy -- next week.
CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413]
CVE-2007-1667 backport (libX11) [since FEDORA-2007-426]
CVE-2007-1565 ignore (kdebase) client crash
@@ -102,7 +103,7 @@
CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
-CVE-2007-0235 VULNERABLE (libgtop2) #222637
+CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since ???]
CVE-2007-0104 ignore (poppler) only client DoS
CVE-2007-0104 ignore (kdegraphics) only client DoS
CVE-2007-0086 ignore (apache) not a security issue
@@ -134,7 +135,7 @@
CVE-2006-6143 ** krb5
CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
CVE-2006-6128 VULNERABLE (kernel) #250625
-CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2) #219665
+CVE-2006-6107 backport (dbus, fixed 1.0.2) #219665 [since FEDORA-2006-1475]
CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months