August 2007 - security [ARCHIVED] - Fedora Mailing-Lists

fedora-security/audit fc6,1.230,1.231 fc7,1.59,1.60

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24701 Modified Files: fc6 fc7 Log Message: dovecot Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.230 retrieving revision 1.231 diff -u -r1.230 -r1.231 --- fc6 3 Aug 2007 07:20:30 -0000 1.230 +++ fc6 6 Aug 2007 15:08:43 -0000 1.231 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20070801 # Up to date FC6 as of 20070803 +GENERIC-MAP-NOMATCH VULNERABLE (dovecot, fixed 1.0.3) #251009 CVE-2007-4029 VULNERABLE (libvorbis) #250600 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] CVE-2007-3841 ignore (pidgin) ethically disclosed Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.59 retrieving revision 1.60 diff -u -r1.59 -r1.60 --- fc7 6 Aug 2007 13:48:30 -0000 1.59 +++ fc7 6 Aug 2007 15:08:43 -0000 1.60 @@ -8,7 +8,8 @@ # Up to date CVE as of CVE email 20070801 # Up to date FC7 as of 20070802 -CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840 +GENERIC-MAP-NOMATCH VULNERABLE (dovecot, 1.0.3) #251008 +GENERIC-MAP-NOMATCH VULNERABLE (tor, fixed 0.1.2.15) #249840 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414] CVE-2007-4153 ignore (wordpress) "remote authenticated administrators" CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 8 months

1
0
0 / 0

fedora-security/audit fc7,1.58,1.59

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29051 Modified Files: fc7 Log Message: mediawiki was incorrectly tracked Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.58 retrieving revision 1.59 diff -u -r1.58 -r1.59 --- fc7 6 Aug 2007 13:46:35 -0000 1.58 +++ fc7 6 Aug 2007 13:48:30 -0000 1.59 @@ -265,7 +265,7 @@ *CVE-2007-1103 VULNERABLE (tor) #230927 CVE-2007-1092 version (seamonkey, fixed 1.0.8) CVE-2007-1055 version (mediawiki, fixed 1.8.3) -CVE-2007-1054 version (mediawiki, fixed 1.8.4) +CVE-2007-1054 VULNERABLE (mediawiki, fixed 1.9.3) CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991 *CVE-2007-1036 (jboss) *CVE-2007-1030 (libevent) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 8 months

1
0
0 / 0

fedora-security/audit fc7,1.57,1.58

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27482 Modified Files: fc7 Log Message: wordpress Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- fc7 3 Aug 2007 14:21:06 -0000 1.57 +++ fc7 6 Aug 2007 13:46:35 -0000 1.58 @@ -10,6 +10,8 @@ CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414] +CVE-2007-4153 ignore (wordpress) "remote authenticated administrators" +CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" CVE-2007-4139 VULNERABLE (wordpress) #250751 CVE-2007-4029 VULNERABLE (libvorbis) #245991 CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 8 months

1
0
0 / 0

fedora-security/audit fc7,1.56,1.57

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27096 Modified Files: fc7 Log Message: wordpress Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- fc7 3 Aug 2007 07:20:30 -0000 1.56 +++ fc7 3 Aug 2007 14:21:06 -0000 1.57 @@ -10,6 +10,7 @@ CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414] +CVE-2007-4139 VULNERABLE (wordpress) #250751 CVE-2007-4029 VULNERABLE (libvorbis) #245991 CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc6,1.229,1.230 fc7,1.55,1.56

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15790 Modified Files: fc6 fc7 Log Message: Updates Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.229 retrieving revision 1.230 diff -u -r1.229 -r1.230 --- fc6 2 Aug 2007 15:19:32 -0000 1.229 +++ fc6 3 Aug 2007 07:20:30 -0000 1.230 @@ -5,7 +5,7 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # Up to date CVE as of CVE email 20070801 -# Up to date FC6 as of 20070802 +# Up to date FC6 as of 20070803 CVE-2007-4029 VULNERABLE (libvorbis) #250600 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] @@ -32,7 +32,6 @@ CVE-2007-3126 ignore (gimp) just a crash CVE-2007-3106 VULNERABLE (libvorbis) #250600 CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647] -CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600] CVE-2007-2875 version (kernel) [since FEDORA-2007-600] *CVE-2007-2874 (wpa_supplicant) #242455 @@ -72,8 +71,8 @@ CVE-2007-1396 ignore (php) feature, not a flaw CVE-2007-1362 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-1357 version (kernel) [since FEDORA-2007-432] -CVE-2007-1352 VULNERABLE (libXfont) #235265 -CVE-2007-1351 VULNERABLE (libXfont) #235265 +CVE-2007-1352 fixed (libXfont) #235265 [since FEDORA-2007-423] +CVE-2007-1351 fixed (libXfont) #235265 [since FEDORA-2007-423] CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-577] CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.55 retrieving revision 1.56 diff -u -r1.55 -r1.56 --- fc7 1 Aug 2007 15:19:31 -0000 1.55 +++ fc7 3 Aug 2007 07:20:30 -0000 1.56 @@ -5,7 +5,8 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Version: FEDORA-2007-1070 +# Up to date CVE as of CVE email 20070801 +# Up to date FC7 as of 20070802 CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414] @@ -56,6 +57,7 @@ CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362] CVE-2007-3378 ignore (php) safe mode escape CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since EDORA-2007-0668] +CVE-2007-3304 backport (httpd) #244665 [since FEDORA-2007-0704] CVE-2007-3257 backport (evolution) #244283 [since FEDORA-2007-0464] CVE-2007-3241 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] @@ -161,7 +163,8 @@ CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 CVE-2007-1864 version (php, fixed 5.2.2) -*CVE-2007-1862 (httpd) +CVE-2007-1863 backport (httpd) #244665 [since FEDORA-2007-0704] +CVE-2007-1862 backport (httpd) #242606 [since FEDORA-2007-0704] *CVE-2007-1859 (xscreensaver) *CVE-2007-1858 (tomcat) CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch @@ -190,10 +193,11 @@ CVE-2007-1583 version (php, fixed 5.2.2) CVE-2007-1565 ignore (konqueror) client crash CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] -CVE-2007-1562 version (firefox, seamonkey, thunderbird) #241840 +CVE-2007-1562 version (mozilla) #241840 CVE-2007-1560 version (squid, fixed 2.6.STABLE12) CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) +*CVE-2007-1558 VULNERABLE (evolution) CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 @@ -497,6 +501,7 @@ CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5754 (kernel) *CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] +CVE-2006-5752 backport (httpd) #244665 [since FEDORA-2007-0704] CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471] *CVE-2006-5750 (jboss) *CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2) @@ -545,7 +550,7 @@ VE-2006-5295 version (clamav, fixed 0.88.5) #210973 *CVE-2006-5276 VULNERABLE (snort) #229265 CVE-2006-5229 ignore (openssh) not reproduced -*CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167 +CVE-2006-5215 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-1409] *CVE-2006-5215 version (xorg-x11-xdm) CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession *CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167 @@ -2210,7 +2215,7 @@ *CVE-2003-1295 (xscreensaver) *CVE-2003-1294 (xscreensaver) CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 -CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 +CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 CVE-2003-1232 version (emacs, fixed 21.3) CVE-2003-1201 version (openldap, not 2.2) CVE-2003-1161 version (kernel, not released version) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc6,1.228,1.229

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19784 Modified Files: fc6 Log Message: Updated the updated updates :) Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.228 retrieving revision 1.229 diff -u -r1.228 -r1.229 --- fc6 2 Aug 2007 12:58:54 -0000 1.228 +++ fc6 2 Aug 2007 15:19:32 -0000 1.229 @@ -12,6 +12,7 @@ CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) +CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654] CVE-2007-3782 ** (mysql) CVE-2007-3781 ** (mysql) CVE-2007-3508 ignore (glibc) not an issue @@ -22,8 +23,10 @@ CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] +CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653] CVE-2007-3378 ignore (php) safe mode escape CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 [since FEDORA-2007-609] +CVE-2007-3741 version (gimp, fixed 2.2.16) #247567 [since FEDORA-2007-627] CVE-2007-3304 backport (httpd) #244660 [since FEDORA-2007-615] CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594] CVE-2007-3126 ignore (gimp) just a crash @@ -76,12 +79,12 @@ CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505] CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] -CVE-2007-1004 VULNERABLE (firefox, ...) +CVE-2007-1004 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390627 CVE-2007-1003 backport (xorg-x11-server, fixed > X11R7.2) #235263 [since FEDORA-2007-425] CVE-2007-1002 backport (evolution) #233587 [since FEDORA-2007-393] CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] -CVE-2007-0981 VULNERABLE (firefox, ...) +CVE-2007-0981 version (mozilla) CVE-2007-0823 ignore (xterm) feature, not a bug CVE-2007-0822 ignore (util-linux) NULL dereference CVE-2007-0772 version (kernel) [since FEDORA-2007-291] @@ -130,7 +133,7 @@ CVE-2006-6144 ** krb5 CVE-2006-6143 ** krb5 CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] -CVE-2006-6128 VULNERABLE (kernel, fixed **) +CVE-2006-6128 VULNERABLE (kernel) #250625 CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2) #219665 CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] @@ -138,8 +141,8 @@ CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] CVE-2006-6077 version (firefox, fixed 1.5.0.10) [since FEDORA-2007-293] CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support -CVE-2006-6058 VULNERABLE (kernel, fixed **) -CVE-2006-6057 VULNERABLE (kernel, fixed **) +CVE-2006-6058 VULNERABLE (kernel) #250623 +CVE-2006-6057 version (kernel, fixed kernel-2_6_20-1_2924_fc6) [since FEDORA-2007-432] CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 @@ -167,7 +170,7 @@ CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe -CVE-2006-5701 VULNERABLE (kernel) squashfs is not included upstream +CVE-2006-5701 version (kernel, fixed kernel-2_6_20-1_2927_fc6) #219534 [since FEDORA-2007-600] CVE-2006-5633 ignore (firefox) just a client DoS CVE-2006-5619 version (kernel, fixed 2.6.18.2, fixed 2.6.19-rc4) [since FEDORA-2006-1223] CVE-2006-5595 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] @@ -199,7 +202,7 @@ CVE-2006-5214 version (xorg-x11-xdm) CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167 -CVE-2006-5178 VULNERABLE (php) can't be fixed +CVE-2006-5178 ignore (php) safe mode escape CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield CVE-2006-5170 version (nss_ldap, fixed 183) @@ -240,10 +243,10 @@ CVE-2006-4566 version (firefox, fixed 1.5.0.7) CVE-2006-4565 version (thunderbird, fixed 1.5.0.7) CVE-2006-4565 version (firefox, fixed 1.5.0.7) -CVE-2006-4561 VULNERABLE (firefox) +CVE-2006-4561 ignore (firefox) An attacker needs to control DNS CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6) CVE-2006-4535 version (kernel, fixed 2.6.18-rc6) -CVE-2006-4519 VULNERABLE (gimp) #247567 +CVE-2006-4519 version (gimp, fixed 2.2.16) #247567 [since FEDORA-2007-627] CVE-2006-4514 backport (libgsf) [since FEDORA-2006-1417] CVE-2006-4507 ignore (libtiff) can't reproduce CVE-2006-4486 version (php, fixed 5.1.6) @@ -660,7 +663,7 @@ CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) CVE-2006-0019 version (kdelibs, fixed 3.5.1) CVE-2005-4811 version (kernel, fixed 2.6.13) -CVE-2005-4809 VULNERABLE (firefox) +CVE-2005-4809 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390630 CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug CVE-2005-4798 version (kernel, not 2.6) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc6,1.227,1.228

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15592 Modified Files: fc6 Log Message: Walk through VULNERABLEs, clean them up a bit and ping developers. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.227 retrieving revision 1.228 diff -u -r1.227 -r1.228 --- fc6 2 Aug 2007 09:39:05 -0000 1.227 +++ fc6 2 Aug 2007 12:58:54 -0000 1.228 @@ -7,14 +7,13 @@ # Up to date CVE as of CVE email 20070801 # Up to date FC6 as of 20070802 -CVE-2007-4029 VULNERABLE (libvorbis) #245991 -CVE-2007-4168 VULNERABLE (libexif) #243892 -CVE-2007-3841 WTF (pidgin) +CVE-2007-4029 VULNERABLE (libvorbis) #250600 +CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] +CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) CVE-2007-3782 ** (mysql) CVE-2007-3781 ** (mysql) -CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809 @@ -28,9 +27,9 @@ CVE-2007-3304 backport (httpd) #244660 [since FEDORA-2007-615] CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594] CVE-2007-3126 ignore (gimp) just a crash -CVE-2007-3106 VULNERABLE (libvorbis) #245991 +CVE-2007-3106 VULNERABLE (libvorbis) #250600 CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647] -*CVE-2007-2894 VULNERABLE (bochs) #241799 +CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600] CVE-2007-2875 version (kernel) [since FEDORA-2007-600] *CVE-2007-2874 (wpa_supplicant) #242455 @@ -44,7 +43,7 @@ CVE-2007-2453 version (kernel) [since FEDORA-2007-600] CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600] CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529] -CVE-2007-2438 VULNERABLE (vim) #238734 +CVE-2007-2438 version (vim, fixed 7.0.235) #238734 [since FEDORA-2007-492] CVE-2007-2242 version (kernel) [since FEDORA-2007-482] CVE-2007-2138 version (postgresql, fixed 8.1.9) [since FEDORA-2007-565] CVE-2007-2028 backport (freeradius) [since FEDORA-2007-499] @@ -56,13 +55,13 @@ CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413] CVE-2007-1667 backport (libX11) [since FEDORA-2007-426] -CVE-2007-1565 ignore (konqueror) client crash -CVE-2007-1564 vulnerable (konqueror) +CVE-2007-1565 ignore (kdebase) client crash +CVE-2007-1564 ignore (kdebase) Correct behavior according to RFC CVE-2007-1562 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-1558 backport (evolution) #235290 [since FEDORA-2007-484] CVE-2007-1536 backport (file, fixed 4.20) #233164 [since FEDORA-2007-391] CVE-2007-1475 ignore (php) unshipped ibase extension -CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 +CVE-2007-1420 ignore (mysql, fixed 5.0.36) #232604 mysql_safe keeps the server alive CVE-2007-1413 ignore (php) Windows NT SNMP specific CVE-2007-1412 ignore (php) unshipped cpdf extension CVE-2007-1411 ignore (php) unshipped mssql extension @@ -89,18 +88,18 @@ CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated CVE-2007-0650 ignore (tetex) needs user's assistance -CVE-2007-0537 VULNERABLE (kdebase) #225420 +CVE-2007-0537 backport (kdebase) #225420 [since FEDORA-2007-195] CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147] CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147] CVE-2007-0459 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0458 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0457 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0456 version (wireshark, fixed 0.99.5) #227140 -CVE-2007-0455 VULNERABLE (gd) #224610 +CVE-2007-0455 backport (gd) #224610 [since FEDORA-2007-149] CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] -CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage +CVE-2007-0235 VULNERABLE (libgtop2) #222637 CVE-2007-0104 ignore (poppler) only client DoS CVE-2007-0104 ignore (kdegraphics) only client DoS CVE-2007-0086 ignore (apache) not a security issue @@ -111,12 +110,12 @@ CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226] CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] -CVE-2006-6939 VULNERABLE (ed, fixed 0.3) #223075 +CVE-2006-6939 version (ed, fixed 0.3) #223075 [since FEDORA-2007-100] CVE-2006-6899 version (bluez-utils, fixed 2.23) CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019] CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077] CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043] -CVE-2006-6698 VULNERABLE (GConf2) #219280 +CVE-2006-6698 VULNERABLE (GConf2) #219280 wontfix CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible CVE-2006-6385 ignore (kernel) windows only CVE-2006-6383 ignore (php) safe mode isn't safe @@ -137,7 +136,7 @@ CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067] CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] -CVE-2006-6077 VULNERABLE (firefox) +CVE-2006-6077 version (firefox, fixed 1.5.0.10) [since FEDORA-2007-293] CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support CVE-2006-6058 VULNERABLE (kernel, fixed **) CVE-2006-6057 VULNERABLE (kernel, fixed **) @@ -146,23 +145,23 @@ CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6 CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 -CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508 +CVE-2006-5973 version (dovecot, fixed 1.0.rc15) #216508 [since ???] CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] CVE-2006-5871 version (kernel, fixed 2.6.10) CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560 CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] -CVE-2006-5864 VULNERABLE (evince) #217672 +CVE-2006-5864 backport (evince) #217672 [since ???] CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 CVE-2006-5794 backport (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215] CVE-2006-5793 backport (libpng, fixed 1.2.13) #215405 [since FEDORA-2007-529] CVE-2006-5783 ignore (firefox) disputed -CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768 +CVE-2006-5779 version (openldap, fixed 2.3.29) #214768 [since FEDORA-2007-467] CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] CVE-2006-5752 backport (httpd) #244660 [since FEDORA-2007-615] CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471] -CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2) +CVE-2006-5749 version (kernel, fixed 2.6.20-rc2) [since FEDORA-2007-335] CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5748 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] @@ -187,9 +186,9 @@ CVE-2006-5463 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5462 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5462 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] -CVE-2006-5461 VULNERABLE (avahi, fixed 0.6.15) +CVE-2006-5461 version (avahi, fixed 0.6.15) [since FEDORA-2007-019] CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285] -CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280 +CVE-2006-5397 backport (libX11, 1.0.2 and 1.0.3 only) #213280 [since FEDORA-2007-162] CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] @@ -203,7 +202,7 @@ CVE-2006-5178 VULNERABLE (php) can't be fixed CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield -CVE-2006-5170 VULNERABLE (nss_ldap, fixed 183) +CVE-2006-5170 version (nss_ldap, fixed 183) CVE-2006-5160 ignore (firefox) unverified CVE-2006-5159 ignore (firefox) unverified CVE-2006-5158 version (kernel, fixed 2.6.15) @@ -228,7 +227,7 @@ CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) CVE-2006-4600 version (openldap, fixed 2.3.25) CVE-2006-4574 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] -CVE-2006-4573 VULNERABLE (screen) #212057 +CVE-2006-4573 version (screen, fixed 4.0.3) #212057 [since FEDORA-2007-106] CVE-2006-4572 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] CVE-2006-4571 version (thunderbird, fixed 1.5.0.7) CVE-2006-4571 version (firefox, fixed 1.5.0.7) @@ -707,7 +706,7 @@ CVE-2005-3753 version (kernel, fixed 2.6.14) CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat CVE-2005-3732 version (ipsec-tools, fixed 0.6.3) -CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix +CVE-2005-3675 ignore (kernel) optack, not a bug CVE-2005-3671 version (openswan, fixed 2.4.4) CVE-2005-3662 version (netpbm) CVE-2005-3656 version (mod_auth_pgsql, fixed 2.0.3) @@ -1639,7 +1638,6 @@ CVE-2003-1303 version (php, fixed 4.3.3) CVE-2003-1302 version (php, fixed 4.3.1) CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 -CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 CVE-2003-1232 version (emacs, fixed 21.3) CVE-2003-1201 version (openldap, not 2.2) CVE-2003-1161 version (kernel, not released version) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

[Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 bugzilla(a)redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|normal |medium Product|Fedora Core |Fedora -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc6,1.226,1.227

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10940 Modified Files: fc6 Log Message: Up to date CVE as of CVE email 20070801 Up to date FC6 as of 20070802 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.226 retrieving revision 1.227 diff -u -r1.226 -r1.227 --- fc6 27 Jul 2007 12:57:04 -0000 1.226 +++ fc6 2 Aug 2007 09:39:05 -0000 1.227 @@ -1,7 +1,11 @@ -Up to date CVE as of CVE email 20061123 -Up to date FC6 as of 20061123 +# $Id$ -** are items that need attention +# ** are items that need attention +# *CVE are items that need verification for Fedora Core 6 +# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) + +# Up to date CVE as of CVE email 20070801 +# Up to date FC6 as of 20070802 CVE-2007-4029 VULNERABLE (libvorbis) #245991 CVE-2007-4168 VULNERABLE (libexif) #243892 @@ -14,19 +18,49 @@ CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809 +CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] +CVE-2007-3392 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] +CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] +CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] +CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3378 ignore (php) safe mode escape -CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 +CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 [since FEDORA-2007-609] +CVE-2007-3304 backport (httpd) #244660 [since FEDORA-2007-615] +CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594] CVE-2007-3126 ignore (gimp) just a crash CVE-2007-3106 VULNERABLE (libvorbis) #245991 +CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647] *CVE-2007-2894 VULNERABLE (bochs) #241799 -CVE-2007-2876 version (kernel, fixed 2.6.21.5?) [since ?] +CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600] +CVE-2007-2875 version (kernel) [since FEDORA-2007-600] *CVE-2007-2874 (wpa_supplicant) #242455 -CVE-2007-2873 version (spamassassin, fixed 3.1.9) +CVE-2007-2873 version (spamassassin, fixed 3.1.9) [since FEDORA-2007-582] +CVE-2007-2871 version (mozilla) #241840 [since FEDORA-2007-549] +CVE-2007-2870 version (mozilla) #241840 [since FEDORA-2007-549] +CVE-2007-2869 version (mozilla) #241840 [since FEDORA-2007-549] +CVE-2007-2868 version (mozilla) #241840 [since FEDORA-2007-549] +CVE-2007-2867 version (mozilla) #241840 [since FEDORA-2007-549] +CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-538] +CVE-2007-2453 version (kernel) [since FEDORA-2007-600] +CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600] +CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529] CVE-2007-2438 VULNERABLE (vim) #238734 +CVE-2007-2242 version (kernel) [since FEDORA-2007-482] +CVE-2007-2138 version (postgresql, fixed 8.1.9) [since FEDORA-2007-565] +CVE-2007-2028 backport (freeradius) [since FEDORA-2007-499] +CVE-2007-1995 version (quagga, fixed 0.99.7) [since FEDORA-2007-525] +CVE-2007-1863 backport (httpd) #244660 [since FEDORA-2007-615] +CVE-2007-1862 backport (httpd) #244660 [since FEDORA-2007-615] +CVE-2007-1861 version (kernel) [since FEDORA-2007-482] CVE-2007-1856 VULNERABLE (vixie-cron) #235882 CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 +CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413] +CVE-2007-1667 backport (libX11) [since FEDORA-2007-426] CVE-2007-1565 ignore (konqueror) client crash -CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] +CVE-2007-1564 vulnerable (konqueror) +CVE-2007-1562 version (mozilla) #241840 [since FEDORA-2007-549] +CVE-2007-1558 backport (evolution) #235290 [since FEDORA-2007-484] +CVE-2007-1536 backport (file, fixed 4.20) #233164 [since FEDORA-2007-391] CVE-2007-1475 ignore (php) unshipped ibase extension CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 CVE-2007-1413 ignore (php) Windows NT SNMP specific @@ -34,14 +68,18 @@ CVE-2007-1411 ignore (php) unshipped mssql extension CVE-2007-1401 ignore (php) unshipped cracklib extension CVE-2007-1396 ignore (php) feature, not a flaw +CVE-2007-1362 version (mozilla) #241840 [since FEDORA-2007-549] +CVE-2007-1357 version (kernel) [since FEDORA-2007-432] CVE-2007-1352 VULNERABLE (libXfont) #235265 CVE-2007-1351 VULNERABLE (libXfont) #235265 +CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-577] CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] +CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505] CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] CVE-2007-1004 VULNERABLE (firefox, ...) -CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 -CVE-2007-1002 VULNERABLE (evolution) #233587 +CVE-2007-1003 backport (xorg-x11-server, fixed > X11R7.2) #235263 [since FEDORA-2007-425] +CVE-2007-1002 backport (evolution) #233587 [since FEDORA-2007-393] CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] CVE-2007-0981 VULNERABLE (firefox, ...) @@ -54,10 +92,10 @@ CVE-2007-0537 VULNERABLE (kdebase) #225420 CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147] CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147] -CVE-2007-0459 VULNERABLE (wireshark, fixed 0.99.5) #227140 -CVE-2007-0458 VULNERABLE (wireshark, fixed 0.99.5) #227140 -CVE-2007-0457 VULNERABLE (wireshark, fixed 0.99.5) #227140 -CVE-2007-0456 VULNERABLE (wireshark, fixed 0.99.5) #227140 +CVE-2007-0459 version (wireshark, fixed 0.99.5) #227140 +CVE-2007-0458 version (wireshark, fixed 0.99.5) #227140 +CVE-2007-0457 version (wireshark, fixed 0.99.5) #227140 +CVE-2007-0456 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0455 VULNERABLE (gd) #224610 CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] @@ -117,11 +155,12 @@ CVE-2006-5864 VULNERABLE (evince) #217672 CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 CVE-2006-5794 backport (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215] -CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash +CVE-2006-5793 backport (libpng, fixed 1.2.13) #215405 [since FEDORA-2007-529] CVE-2006-5783 ignore (firefox) disputed CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768 CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] +CVE-2006-5752 backport (httpd) #244660 [since FEDORA-2007-615] CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471] CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2) CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] @@ -169,7 +208,7 @@ CVE-2006-5159 ignore (firefox) unverified CVE-2006-5158 version (kernel, fixed 2.6.15) CVE-2006-5072 backport (mono) -CVE-2006-5052 VULNERABLE (openssh, fixed 4.4) +CVE-2006-5052 backport (openssh, fixed 4.4) [since FEDORA-2007-394] CVE-2006-5051 backport (openssh, fixed 4.4) CVE-2006-4997 version (kernel, fixed 2.6.18) CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc7,1.54,1.55

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1903 Modified Files: fc7 Log Message: Updated to match FEDORA-2007-1070 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.54 retrieving revision 1.55 diff -u -r1.54 -r1.55 --- fc7 27 Jul 2007 15:56:53 -0000 1.54 +++ fc7 1 Aug 2007 15:19:31 -0000 1.55 @@ -1,35 +1,44 @@ # $Id$ -** are items that need attention +# ** are items that need attention +# *CVE are items that need verification for Fedora 7 +# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) +# A couple of first F7 updates were marked as FEDORA-2007-0001 -*CVE are items that need verification for Fedora 7 +# Version: FEDORA-2007-1070 CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840 -CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414] CVE-2007-4029 VULNERABLE (libvorbis) #245991 -CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 -CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 -CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 -CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 -CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] +CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] +CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] +CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] +CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3841 WTF (pidgin) CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) CVE-2007-3781 ** (mysql) CVE-2007-3782 ** (mysql) CVE-2007-3770 ** (xfce-utils) +CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138] +CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138] +CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138] +CVE-2007-3735 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3728 ignore (libsilc, 1.1.1 only) CVE-2007-3725 ** (clamav) -CVE-2007-3713 VULNERABLE (centericq) #247979 +CVE-2007-3713 backport (centericq) #247979 [since FEDORA-2007-1160] +CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138] +CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130] CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) CVE-2007-3555 VULNERABLE (moodle) #247528 CVE-2007-3546 ignore (nessus-core) Windows only -CVE-2007-3528 VULNERABLE (dar, fixed 2.3.4) #246760 -CVE-2007-3544 ** (wordpress) #245211 -CVE-2007-3543 ** (wordpress) #245211 +CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904] +CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 +CVE-2007-3543 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033] -CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 +CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045] CVE-2007-3478 ** (gd) CVE-2007-3477 ** (gd) CVE-2007-3476 ** (gd) @@ -37,65 +46,74 @@ CVE-2007-3474 ** (gd) CVE-2007-3473 ** (gd) CVE-2007-3472 ** (gd) -CVE-2007-3410 VULNERABLE (HelixPlayer) #245838 +CVE-2007-3410 backport (HelixPlayer) #245838 [since CVE-2007-3410] CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807 -CVE-2007-3393 VULNERABLE (wireshark) -CVE-2007-3392 VULNERABLE (wireshark) -CVE-2007-3391 VULNERABLE (wireshark) -CVE-2007-3390 VULNERABLE (wireshark) -CVE-2007-3389 VULNERABLE (wireshark) +CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] +CVE-2007-3392 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] +CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] +CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] +CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] +CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362] CVE-2007-3378 ignore (php) safe mode escape -CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 -CVE-2007-3241 ** (wordpress) #245211 -CVE-2007-3240 ** (wordpress) #245211 -CVE-2007-3239 ** (wordpress) #245211 -CVE-2007-3238 ** (wordpress) #245211 +CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since EDORA-2007-0668] +CVE-2007-3257 backport (evolution) #244283 [since FEDORA-2007-0464] +CVE-2007-3241 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] +CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] +CVE-2007-3239 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] +CVE-2007-3238 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] +CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] +CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366] CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3106 VULNERABLE (libvorbis) #245991 -CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) -CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) +CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] +CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 -CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 -CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] +CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] CVE-2007-3145 VULNERABLE (galeon) ** -CVE-2007-3140 ** (wordpress) #245211 +CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3126 ignore (gimp) just a crash CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3121 version (zvbi, fixed 0.2.25) +CVE-2007-3121 version (zvbi, fixed 0.2.25) [since FEDORA-2007-0175] *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 +CVE-2007-3089 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3025 ignore (clamav, Solaris only) CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) +CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725] +CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247] +CVE-2007-2925 version (bind, fixed 9.4.1) [since FEDORA-2007-1247] *CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2894 ignore (bochs, unreproducible) #241799 -CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799 +CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799 [since FEDORA-2007-1153] CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] -*CVE-2007-2874 (wpa_supplicant) #242455 -CVE-2007-2873 version (spamassassin, fixed 3.2.1) -CVE-2007-2871 version (seamonkey, fixed 1.0.9) -CVE-2007-2870 version (seamonkey, fixed 1.0.9) -CVE-2007-2869 (firefox) -CVE-2007-2868 version (seamonkey, fixed 1.0.9) -CVE-2007-2867 version (seamonkey, fixed 1.0.9) -CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 +CVE-2007-2874 remove-patch (wpa_supplicant) #242455 [since FEDORA-2007-0185] +CVE-2007-2873 version (spamassassin, fixed 3.2.1) [since FEDORA-2007-0390] +CVE-2007-2871 version (mozilla) #241840 +CVE-2007-2870 version (mozilla) #241840 +CVE-2007-2869 version (mozilla) #241840 +CVE-2007-2868 version (mozilla) #241840 +CVE-2007-2867 version (mozilla) #241840 +CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469] CVE-2007-2844 ignore (php) #241641 CVE-2007-2843 ignore (konqueror) safari specific -*CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 -*CVE-2007-2799 (file) +CVE-2007-2821 version (wordpress, fixed 2.2) #245211 [since FEDORA-2007-0894] +CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-0836] +CVE-2007-2798 version (krb5, 1.6.1) [since FEDORA-2007-0740] CVE-2007-2768 ignore (openssh) needs pam OPIE which is not shipped. CVE-2007-2756 ignore (gd) DoS only -*CVE-2007-2754 (freetype) +CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033] CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 -*CVE-2007-2683 (mutt) +CVE-2007-2683 backport (mutt) *CVE-2007-2654 VULNERABLE (xfsdump) #240396 -CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 -CVE-2007-2645 ignore (libexif) #240055 DoS only +CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] +CVE-2007-2645 backport (libexif) #240055 [since FEDORA-2007-0414] *CVE-2007-2637 patch (moin, fixed 1.5.7-2) -*CVE-2007-2627 ** (wordpress) #239904 +CVE-2007-2627 version (wordpress, fixed 2.2.1) #239904 [since FEDORA-2007-0894] *CVE-2007-2589 (squirrelmail) *CVE-2007-2583 (mysql) CVE-2007-2519 ignore (php-pear) no trust boundary is crossed @@ -113,6 +131,8 @@ *CVE-2007-2446 (samba) CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398 *CVE-2007-2444 (samba) +CVE-2007-2443 version (krb5, 1.6.1) [since FEDORA-2007-0740] +CVE-2007-2442 version (krb5, 1.6.1) [since FEDORA-2007-0740] *CVE-2007-2438 VULNERABLE (vim) #238734 CVE-2007-2437 ignore (xorg-x11) DoS only *CVE-2007-2435 (java) @@ -123,18 +143,18 @@ *CVE-2007-2353 (axis) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped. -*CVE-2007-2241 (bind) +CVE-2007-2241 backport (bind) [since FEDORA-2007-0300] CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction CVE-2007-2172 version (kernel, fixed 2.6.21-rc6) *CVE-2007-2165 VULNERABLE (proftpd) #237533 -*CVE-2007-2138 (postgresql) +CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174] CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-2028 (freeradius) *CVE-2007-2026 (file) CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) CVE-2007-1997 version (clamav, fixed in 0.90.2) -*CVE-2007-1995 (quagga) #240488 +CVE-2007-1995 version (quagga, fixed CVE-2007-1995) #240488 CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2) CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912 @@ -148,6 +168,7 @@ *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 +CVE-2007-1797 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340] CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 *CVE-2007-1743 (httpd) *CVE-2007-1742 (httpd) @@ -159,9 +180,9 @@ CVE-2007-1710 version (php, fixed 5.2.2) CVE-2007-1709 ignore (php) no security impact *CVE-2007-1667 (xorg-x11) -CVE-2007-1665 VULNERABLE (ekg) #246034 -CVE-2007-1664 VULNERABLE (ekg) #246034 -CVE-2007-1663 VULNERABLE (ekg) #246034 +CVE-2007-1665 version (ekg) #246034 [since FEDORA-2007-0791] +CVE-2007-1664 version (ekg) #246034 [since FEDORA-2007-0791] +CVE-2007-1663 version (ekg) #246034 [since FEDORA-2007-0791] CVE-2007-1649 version (php, fixed 5.2.2) CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 @@ -169,7 +190,7 @@ CVE-2007-1583 version (php, fixed 5.2.2) CVE-2007-1565 ignore (konqueror) client crash CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] -CVE-2007-1562 (firefox, seamonkey, thunderbird) +CVE-2007-1562 version (firefox, seamonkey, thunderbird) #241840 CVE-2007-1560 version (squid, fixed 2.6.STABLE12) CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) @@ -208,12 +229,13 @@ *CVE-2007-1384 version (ktorrent, fixed 2.1.2) CVE-2007-1375 version (php, fixed 5.2.2) *CVE-2007-1366 ** (qemu) #238723 -*CVE-2007-1362 version (seamonkey, fixed 1.0.9) +CVE-2007-1362 version (seamonkey, fixed 1.0.9) #241840 *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 CVE-2007-1358 ** (tomcat5) #244810 *CVE-2007-1354 (jboss) *CVE-2007-1352 VULNERABLE (libXfont) #235265 *CVE-2007-1351 VULNERABLE (libXfont) #235265 +CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-0316] CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 @@ -281,7 +303,7 @@ *CVE-2007-0774 (mod_jk) VE-2007-0772 version (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952 -*CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 +CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated CVE-2007-0657 ignore (nexuiz, 2.2.2 only (not shipped), fixed 2.2.3) @@ -318,6 +340,7 @@ *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101 CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] +CVE-2007-0245 backport (openoffice.org) [since FEDORA-2007-0410] CVE-2007-0243 ignore, no-ship (java-ibm) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 @@ -510,6 +533,7 @@ CVE-2006-5462 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] *CVE-2006-5461 VULNERABLE (avahi, fixed 0.6.15) *CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285] +CVE-2006-5456 version (GraphicsMagick, fixed 1.1.7) [since FEDORA-2007-1340] *CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5454 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 @@ -599,7 +623,7 @@ CVE-2006-4561 VULNERABLE (firefox) CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6) CVE-2006-4535 version (kernel, fixed 2.6.18-rc6) -CVE-2006-4519 VULNERABLE (gimp) #247566 +CVE-2006-4519 version (gimp, fixed 2.2.16) #247566 [since FEDORA-2007-1044] *CVE-2006-4514 backport (libgsf) [since FEDORA-2006-1417] CVE-2006-4513 version (wv, fixed 1.2.4) #212696 *CVE-2006-4513 ** (abiword) #212698 @@ -649,6 +673,7 @@ CVE-2006-4146 backport (gdb) CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) +CVE-2006-4144 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340] *CVE-2006-4124 (lesstif) CVE-2006-4096 version (bind, fixed 9.3.2-P1) CVE-2006-4095 version (bind, fixed 9.3.2-P1) @@ -665,42 +690,19 @@ CVE-2006-3816 version (krusader, fixed 1.70.1) #200323 CVE-2006-3815 version (heartbeat, fixed 2.0.6) CVE-2006-3813 version (perl) only Red Hat Enterprise Linux affected -CVE-2006-3812 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3812 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3812 version (firefox, fixed 1.5.0.5) -CVE-2006-3811 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3811 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3811 version (firefox, fixed 1.5.0.5) -CVE-2006-3810 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3810 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3810 version (firefox, fixed 1.5.0.5) -CVE-2006-3809 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3809 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3809 version (firefox, fixed 1.5.0.5) -CVE-2006-3808 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3808 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3808 version (firefox, fixed 1.5.0.5) -CVE-2006-3807 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3807 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3807 version (firefox, fixed 1.5.0.5) -CVE-2006-3806 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3806 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3806 version (firefox, fixed 1.5.0.5) -CVE-2006-3805 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3805 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3805 version (firefox, fixed 1.5.0.5) -CVE-2006-3804 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3804 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3804 version (firefox, fixed 1.5.0.5) -CVE-2006-3803 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3803 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3803 version (firefox, fixed 1.5.0.5) -CVE-2006-3802 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3802 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3802 version (firefox, fixed 1.5.0.5) -CVE-2006-3801 version (thunderbird, fixed 1.5.0.5) -CVE-2006-3801 version (seamonkey, fixed 1.0.4) #200455 -CVE-2006-3801 version (firefox, fixed 1.5.0.5) +CVE-2006-3812 version (mozilla) #200455 +CVE-2006-3811 version (mozilla) #200455 +CVE-2006-3810 version (mozilla) #200455 +CVE-2006-3809 version (mozilla) #200455 +CVE-2006-3808 version (mozilla) #200455 +CVE-2006-3807 version (mozilla) #200455 +CVE-2006-3806 version (mozilla) #200455 +CVE-2006-3805 version (mozilla) #200455 +CVE-2006-3804 version (mozilla) #200455 +CVE-2006-3803 version (mozilla) #200455 +CVE-2006-3802 version (mozilla) #200455 +CVE-2006-3801 version (mozilla) #200455 +CVE-2007-3798 version (tcpdump, fixed 3.9.7) #244860 [since FEDORA-2007-1361] CVE-2006-3747 version (httpd, fixed 2.2.3) CVE-2006-3746 version (gnupg, fixed 1.4.5) CVE-2006-3745 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) @@ -711,6 +713,7 @@ CVE-2006-3740 version (libXfont, fixed 1.2.2) CVE-2006-3739 version (libXfont, fixed 1.2.2) *CVE-2006-3738 backport (openssl, fixed 0.9.8d) +CVE-2007-3734 version (mozilla) #248518 [since FEDORA-2007-1138] *CVE-2006-3733 ignore (jboss) cisco only CVE-2006-3731 ignore (firefox) just a user complicit crash CVE-2006-3694 version (ruby, fixed 1.8.5) @@ -855,8 +858,8 @@ *CVE-2006-2366 ignore (openobex) we don't ship ircp CVE-2006-2362 ignore (binutils) minor crash (not exploitable) CVE-2006-2332 ignore (firefox) disputed -CVE-2006-2314 version (postgresql, fixed 8.1.4) -CVE-2006-2313 version (postgresql, fixed 8.1.4) +CVE-2006-2314 version (postgresql, fixed 8.1.4) [since FEDORA-2007-0249] +CVE-2006-2313 version (postgresql, fixed 8.1.4) [since FEDORA-2007-0249] CVE-2006-2276 version (quagga, fixed 0.98.6) CVE-2006-2275 version (kernel, fixed 2.6.16.15) CVE-2006-2274 version (kernel, fixed 2.6.16.15) @@ -1156,6 +1159,7 @@ CVE-2006-0096 ignore (kernel) minor and requires root CVE-2006-0095 version (kernel, fixed 2.6.16) CVE-2006-0082 version (ImageMagick, not 6.2.5.4) +CVE-2006-0082 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340] CVE-2006-0071 ignore (pinentry, Gentoo-specific problem) CVE-2006-0058 version (sendmail, fixed 8.13.6) CVE-2006-0052 version (mailman, fixed 2.1.6) @@ -1196,6 +1200,7 @@ CVE-2005-4618 version (kernel, fixed 2.6.15) CVE-2005-4605 version (kernel, fixed 2.6.15) *CVE-2005-4601 (ImageMagick) +CVE-2005-4601 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340] CVE-2005-4585 version (wireshark, fixed 0.10.14) CVE-2005-4442 version (openldap) gentoo only CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471] -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] August 2007