fedora-security/audit fc6,1.230,1.231 fc7,1.59,1.60
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24701
Modified Files:
fc6 fc7
Log Message:
dovecot
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.230
retrieving revision 1.231
diff -u -r1.230 -r1.231
--- fc6 3 Aug 2007 07:20:30 -0000 1.230
+++ fc6 6 Aug 2007 15:08:43 -0000 1.231
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20070801
# Up to date FC6 as of 20070803
+GENERIC-MAP-NOMATCH VULNERABLE (dovecot, fixed 1.0.3) #251009
CVE-2007-4029 VULNERABLE (libvorbis) #250600
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
CVE-2007-3841 ignore (pidgin) ethically disclosed
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- fc7 6 Aug 2007 13:48:30 -0000 1.59
+++ fc7 6 Aug 2007 15:08:43 -0000 1.60
@@ -8,7 +8,8 @@
# Up to date CVE as of CVE email 20070801
# Up to date FC7 as of 20070802
-CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840
+GENERIC-MAP-NOMATCH VULNERABLE (dovecot, 1.0.3) #251008
+GENERIC-MAP-NOMATCH VULNERABLE (tor, fixed 0.1.2.15) #249840
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414]
CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc7,1.58,1.59
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29051
Modified Files:
fc7
Log Message:
mediawiki was incorrectly tracked
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- fc7 6 Aug 2007 13:46:35 -0000 1.58
+++ fc7 6 Aug 2007 13:48:30 -0000 1.59
@@ -265,7 +265,7 @@
*CVE-2007-1103 VULNERABLE (tor) #230927
CVE-2007-1092 version (seamonkey, fixed 1.0.8)
CVE-2007-1055 version (mediawiki, fixed 1.8.3)
-CVE-2007-1054 version (mediawiki, fixed 1.8.4)
+CVE-2007-1054 VULNERABLE (mediawiki, fixed 1.9.3)
CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991
*CVE-2007-1036 (jboss)
*CVE-2007-1030 (libevent)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc7,1.57,1.58
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27482
Modified Files:
fc7
Log Message:
wordpress
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- fc7 3 Aug 2007 14:21:06 -0000 1.57
+++ fc7 6 Aug 2007 13:46:35 -0000 1.58
@@ -10,6 +10,8 @@
CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414]
+CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
+CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 VULNERABLE (wordpress) #250751
CVE-2007-4029 VULNERABLE (libvorbis) #245991
CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc7,1.56,1.57
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27096
Modified Files:
fc7
Log Message:
wordpress
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- fc7 3 Aug 2007 07:20:30 -0000 1.56
+++ fc7 3 Aug 2007 14:21:06 -0000 1.57
@@ -10,6 +10,7 @@
CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414]
+CVE-2007-4139 VULNERABLE (wordpress) #250751
CVE-2007-4029 VULNERABLE (libvorbis) #245991
CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 9 months
fedora-security/audit fc6,1.229,1.230 fc7,1.55,1.56
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15790
Modified Files:
fc6 fc7
Log Message:
Updates
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.229
retrieving revision 1.230
diff -u -r1.229 -r1.230
--- fc6 2 Aug 2007 15:19:32 -0000 1.229
+++ fc6 3 Aug 2007 07:20:30 -0000 1.230
@@ -5,7 +5,7 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# Up to date CVE as of CVE email 20070801
-# Up to date FC6 as of 20070802
+# Up to date FC6 as of 20070803
CVE-2007-4029 VULNERABLE (libvorbis) #250600
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
@@ -32,7 +32,6 @@
CVE-2007-3126 ignore (gimp) just a crash
CVE-2007-3106 VULNERABLE (libvorbis) #250600
CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647]
-CVE-2007-2894 VULNERABLE (bochs) #241799
CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600]
CVE-2007-2875 version (kernel) [since FEDORA-2007-600]
*CVE-2007-2874 (wpa_supplicant) #242455
@@ -72,8 +71,8 @@
CVE-2007-1396 ignore (php) feature, not a flaw
CVE-2007-1362 version (mozilla) #241840 [since FEDORA-2007-549]
CVE-2007-1357 version (kernel) [since FEDORA-2007-432]
-CVE-2007-1352 VULNERABLE (libXfont) #235265
-CVE-2007-1351 VULNERABLE (libXfont) #235265
+CVE-2007-1352 fixed (libXfont) #235265 [since FEDORA-2007-423]
+CVE-2007-1351 fixed (libXfont) #235265 [since FEDORA-2007-423]
CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-577]
CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315]
CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- fc7 1 Aug 2007 15:19:31 -0000 1.55
+++ fc7 3 Aug 2007 07:20:30 -0000 1.56
@@ -5,7 +5,8 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Version: FEDORA-2007-1070
+# Up to date CVE as of CVE email 20070801
+# Up to date FC7 as of 20070802
CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414]
@@ -56,6 +57,7 @@
CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362]
CVE-2007-3378 ignore (php) safe mode escape
CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since EDORA-2007-0668]
+CVE-2007-3304 backport (httpd) #244665 [since FEDORA-2007-0704]
CVE-2007-3257 backport (evolution) #244283 [since FEDORA-2007-0464]
CVE-2007-3241 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
@@ -161,7 +163,8 @@
CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
CVE-2007-1864 version (php, fixed 5.2.2)
-*CVE-2007-1862 (httpd)
+CVE-2007-1863 backport (httpd) #244665 [since FEDORA-2007-0704]
+CVE-2007-1862 backport (httpd) #242606 [since FEDORA-2007-0704]
*CVE-2007-1859 (xscreensaver)
*CVE-2007-1858 (tomcat)
CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch
@@ -190,10 +193,11 @@
CVE-2007-1583 version (php, fixed 5.2.2)
CVE-2007-1565 ignore (konqueror) client crash
CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564]
-CVE-2007-1562 version (firefox, seamonkey, thunderbird) #241840
+CVE-2007-1562 version (mozilla) #241840
CVE-2007-1560 version (squid, fixed 2.6.STABLE12)
CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
*CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1)
+*CVE-2007-1558 VULNERABLE (evolution)
CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
CVE-2007-1546 version (nas, fixed 1.8a-2) #233353
CVE-2007-1545 version (nas, fixed 1.8a-2) #233353
@@ -497,6 +501,7 @@
CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
*CVE-2006-5754 (kernel)
*CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
+CVE-2006-5752 backport (httpd) #244665 [since FEDORA-2007-0704]
CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471]
*CVE-2006-5750 (jboss)
*CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2)
@@ -545,7 +550,7 @@
VE-2006-5295 version (clamav, fixed 0.88.5) #210973
*CVE-2006-5276 VULNERABLE (snort) #229265
CVE-2006-5229 ignore (openssh) not reproduced
-*CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167
+CVE-2006-5215 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-1409]
*CVE-2006-5215 version (xorg-x11-xdm)
CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession
*CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167
@@ -2210,7 +2215,7 @@
*CVE-2003-1295 (xscreensaver)
*CVE-2003-1294 (xscreensaver)
CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
-CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
+CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
CVE-2003-1232 version (emacs, fixed 21.3)
CVE-2003-1201 version (openldap, not 2.2)
CVE-2003-1161 version (kernel, not released version)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 9 months
fedora-security/audit fc6,1.228,1.229
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19784
Modified Files:
fc6
Log Message:
Updated the updated updates :)
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.228
retrieving revision 1.229
diff -u -r1.228 -r1.229
--- fc6 2 Aug 2007 12:58:54 -0000 1.228
+++ fc6 2 Aug 2007 15:19:32 -0000 1.229
@@ -12,6 +12,7 @@
CVE-2007-3841 ignore (pidgin) ethically disclosed
CVE-2007-3820 ** (kdebase) #248537
CVE-2007-3799 ** (php)
+CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654]
CVE-2007-3782 ** (mysql)
CVE-2007-3781 ** (mysql)
CVE-2007-3508 ignore (glibc) not an issue
@@ -22,8 +23,10 @@
CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653]
CVE-2007-3378 ignore (php) safe mode escape
CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 [since FEDORA-2007-609]
+CVE-2007-3741 version (gimp, fixed 2.2.16) #247567 [since FEDORA-2007-627]
CVE-2007-3304 backport (httpd) #244660 [since FEDORA-2007-615]
CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594]
CVE-2007-3126 ignore (gimp) just a crash
@@ -76,12 +79,12 @@
CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505]
CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322]
-CVE-2007-1004 VULNERABLE (firefox, ...)
+CVE-2007-1004 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390627
CVE-2007-1003 backport (xorg-x11-server, fixed > X11R7.2) #235263 [since FEDORA-2007-425]
CVE-2007-1002 backport (evolution) #233587 [since FEDORA-2007-393]
CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343]
-CVE-2007-0981 VULNERABLE (firefox, ...)
+CVE-2007-0981 version (mozilla)
CVE-2007-0823 ignore (xterm) feature, not a bug
CVE-2007-0822 ignore (util-linux) NULL dereference
CVE-2007-0772 version (kernel) [since FEDORA-2007-291]
@@ -130,7 +133,7 @@
CVE-2006-6144 ** krb5
CVE-2006-6143 ** krb5
CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
-CVE-2006-6128 VULNERABLE (kernel, fixed **)
+CVE-2006-6128 VULNERABLE (kernel) #250625
CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2) #219665
CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
@@ -138,8 +141,8 @@
CVE-2006-6097 backport (tar) [since FEDORA-2006-1393]
CVE-2006-6077 version (firefox, fixed 1.5.0.10) [since FEDORA-2007-293]
CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
-CVE-2006-6058 VULNERABLE (kernel, fixed **)
-CVE-2006-6057 VULNERABLE (kernel, fixed **)
+CVE-2006-6058 VULNERABLE (kernel) #250623
+CVE-2006-6057 version (kernel, fixed kernel-2_6_20-1_2924_fc6) [since FEDORA-2007-432]
CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
@@ -167,7 +170,7 @@
CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe
-CVE-2006-5701 VULNERABLE (kernel) squashfs is not included upstream
+CVE-2006-5701 version (kernel, fixed kernel-2_6_20-1_2927_fc6) #219534 [since FEDORA-2007-600]
CVE-2006-5633 ignore (firefox) just a client DoS
CVE-2006-5619 version (kernel, fixed 2.6.18.2, fixed 2.6.19-rc4) [since FEDORA-2006-1223]
CVE-2006-5595 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
@@ -199,7 +202,7 @@
CVE-2006-5214 version (xorg-x11-xdm)
CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession
CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167
-CVE-2006-5178 VULNERABLE (php) can't be fixed
+CVE-2006-5178 ignore (php) safe mode escape
CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only
CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield
CVE-2006-5170 version (nss_ldap, fixed 183)
@@ -240,10 +243,10 @@
CVE-2006-4566 version (firefox, fixed 1.5.0.7)
CVE-2006-4565 version (thunderbird, fixed 1.5.0.7)
CVE-2006-4565 version (firefox, fixed 1.5.0.7)
-CVE-2006-4561 VULNERABLE (firefox)
+CVE-2006-4561 ignore (firefox) An attacker needs to control DNS
CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6)
CVE-2006-4535 version (kernel, fixed 2.6.18-rc6)
-CVE-2006-4519 VULNERABLE (gimp) #247567
+CVE-2006-4519 version (gimp, fixed 2.2.16) #247567 [since FEDORA-2007-627]
CVE-2006-4514 backport (libgsf) [since FEDORA-2006-1417]
CVE-2006-4507 ignore (libtiff) can't reproduce
CVE-2006-4486 version (php, fixed 5.1.6)
@@ -660,7 +663,7 @@
CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
CVE-2006-0019 version (kdelibs, fixed 3.5.1)
CVE-2005-4811 version (kernel, fixed 2.6.13)
-CVE-2005-4809 VULNERABLE (firefox)
+CVE-2005-4809 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390630
CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug
CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug
CVE-2005-4798 version (kernel, not 2.6)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 9 months
fedora-security/audit fc6,1.227,1.228
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15592
Modified Files:
fc6
Log Message:
Walk through VULNERABLEs, clean them up a bit and ping developers.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.227
retrieving revision 1.228
diff -u -r1.227 -r1.228
--- fc6 2 Aug 2007 09:39:05 -0000 1.227
+++ fc6 2 Aug 2007 12:58:54 -0000 1.228
@@ -7,14 +7,13 @@
# Up to date CVE as of CVE email 20070801
# Up to date FC6 as of 20070802
-CVE-2007-4029 VULNERABLE (libvorbis) #245991
-CVE-2007-4168 VULNERABLE (libexif) #243892
-CVE-2007-3841 WTF (pidgin)
+CVE-2007-4029 VULNERABLE (libvorbis) #250600
+CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
+CVE-2007-3841 ignore (pidgin) ethically disclosed
CVE-2007-3820 ** (kdebase) #248537
CVE-2007-3799 ** (php)
CVE-2007-3782 ** (mysql)
CVE-2007-3781 ** (mysql)
-CVE-2007-3713 VULNERABLE (centericq) #247979
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561]
CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809
@@ -28,9 +27,9 @@
CVE-2007-3304 backport (httpd) #244660 [since FEDORA-2007-615]
CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594]
CVE-2007-3126 ignore (gimp) just a crash
-CVE-2007-3106 VULNERABLE (libvorbis) #245991
+CVE-2007-3106 VULNERABLE (libvorbis) #250600
CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647]
-*CVE-2007-2894 VULNERABLE (bochs) #241799
+CVE-2007-2894 VULNERABLE (bochs) #241799
CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600]
CVE-2007-2875 version (kernel) [since FEDORA-2007-600]
*CVE-2007-2874 (wpa_supplicant) #242455
@@ -44,7 +43,7 @@
CVE-2007-2453 version (kernel) [since FEDORA-2007-600]
CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600]
CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529]
-CVE-2007-2438 VULNERABLE (vim) #238734
+CVE-2007-2438 version (vim, fixed 7.0.235) #238734 [since FEDORA-2007-492]
CVE-2007-2242 version (kernel) [since FEDORA-2007-482]
CVE-2007-2138 version (postgresql, fixed 8.1.9) [since FEDORA-2007-565]
CVE-2007-2028 backport (freeradius) [since FEDORA-2007-499]
@@ -56,13 +55,13 @@
CVE-2007-1841 VULNERABLE (ipsec-tools) #238052
CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413]
CVE-2007-1667 backport (libX11) [since FEDORA-2007-426]
-CVE-2007-1565 ignore (konqueror) client crash
-CVE-2007-1564 vulnerable (konqueror)
+CVE-2007-1565 ignore (kdebase) client crash
+CVE-2007-1564 ignore (kdebase) Correct behavior according to RFC
CVE-2007-1562 version (mozilla) #241840 [since FEDORA-2007-549]
CVE-2007-1558 backport (evolution) #235290 [since FEDORA-2007-484]
CVE-2007-1536 backport (file, fixed 4.20) #233164 [since FEDORA-2007-391]
CVE-2007-1475 ignore (php) unshipped ibase extension
-CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604
+CVE-2007-1420 ignore (mysql, fixed 5.0.36) #232604 mysql_safe keeps the server alive
CVE-2007-1413 ignore (php) Windows NT SNMP specific
CVE-2007-1412 ignore (php) unshipped cpdf extension
CVE-2007-1411 ignore (php) unshipped mssql extension
@@ -89,18 +88,18 @@
CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456
CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated
CVE-2007-0650 ignore (tetex) needs user's assistance
-CVE-2007-0537 VULNERABLE (kdebase) #225420
+CVE-2007-0537 backport (kdebase) #225420 [since FEDORA-2007-195]
CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147]
CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147]
CVE-2007-0459 version (wireshark, fixed 0.99.5) #227140
CVE-2007-0458 version (wireshark, fixed 0.99.5) #227140
CVE-2007-0457 version (wireshark, fixed 0.99.5) #227140
CVE-2007-0456 version (wireshark, fixed 0.99.5) #227140
-CVE-2007-0455 VULNERABLE (gd) #224610
+CVE-2007-0455 backport (gd) #224610 [since FEDORA-2007-149]
CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
-CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage
+CVE-2007-0235 VULNERABLE (libgtop2) #222637
CVE-2007-0104 ignore (poppler) only client DoS
CVE-2007-0104 ignore (kdegraphics) only client DoS
CVE-2007-0086 ignore (apache) not a security issue
@@ -111,12 +110,12 @@
CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226]
CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
-CVE-2006-6939 VULNERABLE (ed, fixed 0.3) #223075
+CVE-2006-6939 version (ed, fixed 0.3) #223075 [since FEDORA-2007-100]
CVE-2006-6899 version (bluez-utils, fixed 2.23)
CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019]
CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077]
CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043]
-CVE-2006-6698 VULNERABLE (GConf2) #219280
+CVE-2006-6698 VULNERABLE (GConf2) #219280 wontfix
CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible
CVE-2006-6385 ignore (kernel) windows only
CVE-2006-6383 ignore (php) safe mode isn't safe
@@ -137,7 +136,7 @@
CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067]
CVE-2006-6097 backport (tar) [since FEDORA-2006-1393]
-CVE-2006-6077 VULNERABLE (firefox)
+CVE-2006-6077 version (firefox, fixed 1.5.0.10) [since FEDORA-2007-293]
CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
CVE-2006-6058 VULNERABLE (kernel, fixed **)
CVE-2006-6057 VULNERABLE (kernel, fixed **)
@@ -146,23 +145,23 @@
CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6
CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
-CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508
+CVE-2006-5973 version (dovecot, fixed 1.0.rc15) #216508 [since ???]
CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support
CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109]
CVE-2006-5871 version (kernel, fixed 2.6.10)
CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560
CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042]
-CVE-2006-5864 VULNERABLE (evince) #217672
+CVE-2006-5864 backport (evince) #217672 [since ???]
CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
CVE-2006-5794 backport (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215]
CVE-2006-5793 backport (libpng, fixed 1.2.13) #215405 [since FEDORA-2007-529]
CVE-2006-5783 ignore (firefox) disputed
-CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768
+CVE-2006-5779 version (openldap, fixed 2.3.29) #214768 [since FEDORA-2007-467]
CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
CVE-2006-5752 backport (httpd) #244660 [since FEDORA-2007-615]
CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471]
-CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2)
+CVE-2006-5749 version (kernel, fixed 2.6.20-rc2) [since FEDORA-2007-335]
CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
CVE-2006-5748 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
@@ -187,9 +186,9 @@
CVE-2006-5463 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
CVE-2006-5462 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
CVE-2006-5462 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
-CVE-2006-5461 VULNERABLE (avahi, fixed 0.6.15)
+CVE-2006-5461 version (avahi, fixed 0.6.15) [since FEDORA-2007-019]
CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285]
-CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280
+CVE-2006-5397 backport (libX11, 1.0.2 and 1.0.3 only) #213280 [since FEDORA-2007-162]
CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
@@ -203,7 +202,7 @@
CVE-2006-5178 VULNERABLE (php) can't be fixed
CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only
CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield
-CVE-2006-5170 VULNERABLE (nss_ldap, fixed 183)
+CVE-2006-5170 version (nss_ldap, fixed 183)
CVE-2006-5160 ignore (firefox) unverified
CVE-2006-5159 ignore (firefox) unverified
CVE-2006-5158 version (kernel, fixed 2.6.15)
@@ -228,7 +227,7 @@
CVE-2006-4623 version (kernel, fixed 2.6.18-rc1)
CVE-2006-4600 version (openldap, fixed 2.3.25)
CVE-2006-4574 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
-CVE-2006-4573 VULNERABLE (screen) #212057
+CVE-2006-4573 version (screen, fixed 4.0.3) #212057 [since FEDORA-2007-106]
CVE-2006-4572 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
CVE-2006-4571 version (thunderbird, fixed 1.5.0.7)
CVE-2006-4571 version (firefox, fixed 1.5.0.7)
@@ -707,7 +706,7 @@
CVE-2005-3753 version (kernel, fixed 2.6.14)
CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
CVE-2005-3732 version (ipsec-tools, fixed 0.6.3)
-CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix
+CVE-2005-3675 ignore (kernel) optack, not a bug
CVE-2005-3671 version (openswan, fixed 2.4.4)
CVE-2005-3662 version (netpbm)
CVE-2005-3656 version (mod_auth_pgsql, fixed 2.0.3)
@@ -1639,7 +1638,6 @@
CVE-2003-1303 version (php, fixed 4.3.3)
CVE-2003-1302 version (php, fixed 4.3.1)
CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
-CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
CVE-2003-1232 version (emacs, fixed 21.3)
CVE-2003-1201 version (openldap, not 2.2)
CVE-2003-1161 version (kernel, not released version)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 9 months
[Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357
bugzilla(a)redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|normal |medium
Product|Fedora Core |Fedora
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
16 years, 9 months
fedora-security/audit fc6,1.226,1.227
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10940
Modified Files:
fc6
Log Message:
Up to date CVE as of CVE email 20070801
Up to date FC6 as of 20070802
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.226
retrieving revision 1.227
diff -u -r1.226 -r1.227
--- fc6 27 Jul 2007 12:57:04 -0000 1.226
+++ fc6 2 Aug 2007 09:39:05 -0000 1.227
@@ -1,7 +1,11 @@
-Up to date CVE as of CVE email 20061123
-Up to date FC6 as of 20061123
+# $Id$
-** are items that need attention
+# ** are items that need attention
+# *CVE are items that need verification for Fedora Core 6
+# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
+
+# Up to date CVE as of CVE email 20070801
+# Up to date FC6 as of 20070802
CVE-2007-4029 VULNERABLE (libvorbis) #245991
CVE-2007-4168 VULNERABLE (libexif) #243892
@@ -14,19 +18,49 @@
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561]
CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809
+CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-3392 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3378 ignore (php) safe mode escape
-CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614
+CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 [since FEDORA-2007-609]
+CVE-2007-3304 backport (httpd) #244660 [since FEDORA-2007-615]
+CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594]
CVE-2007-3126 ignore (gimp) just a crash
CVE-2007-3106 VULNERABLE (libvorbis) #245991
+CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647]
*CVE-2007-2894 VULNERABLE (bochs) #241799
-CVE-2007-2876 version (kernel, fixed 2.6.21.5?) [since ?]
+CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600]
+CVE-2007-2875 version (kernel) [since FEDORA-2007-600]
*CVE-2007-2874 (wpa_supplicant) #242455
-CVE-2007-2873 version (spamassassin, fixed 3.1.9)
+CVE-2007-2873 version (spamassassin, fixed 3.1.9) [since FEDORA-2007-582]
+CVE-2007-2871 version (mozilla) #241840 [since FEDORA-2007-549]
+CVE-2007-2870 version (mozilla) #241840 [since FEDORA-2007-549]
+CVE-2007-2869 version (mozilla) #241840 [since FEDORA-2007-549]
+CVE-2007-2868 version (mozilla) #241840 [since FEDORA-2007-549]
+CVE-2007-2867 version (mozilla) #241840 [since FEDORA-2007-549]
+CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-538]
+CVE-2007-2453 version (kernel) [since FEDORA-2007-600]
+CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600]
+CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529]
CVE-2007-2438 VULNERABLE (vim) #238734
+CVE-2007-2242 version (kernel) [since FEDORA-2007-482]
+CVE-2007-2138 version (postgresql, fixed 8.1.9) [since FEDORA-2007-565]
+CVE-2007-2028 backport (freeradius) [since FEDORA-2007-499]
+CVE-2007-1995 version (quagga, fixed 0.99.7) [since FEDORA-2007-525]
+CVE-2007-1863 backport (httpd) #244660 [since FEDORA-2007-615]
+CVE-2007-1862 backport (httpd) #244660 [since FEDORA-2007-615]
+CVE-2007-1861 version (kernel) [since FEDORA-2007-482]
CVE-2007-1856 VULNERABLE (vixie-cron) #235882
CVE-2007-1841 VULNERABLE (ipsec-tools) #238052
+CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413]
+CVE-2007-1667 backport (libX11) [since FEDORA-2007-426]
CVE-2007-1565 ignore (konqueror) client crash
-CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564]
+CVE-2007-1564 vulnerable (konqueror)
+CVE-2007-1562 version (mozilla) #241840 [since FEDORA-2007-549]
+CVE-2007-1558 backport (evolution) #235290 [since FEDORA-2007-484]
+CVE-2007-1536 backport (file, fixed 4.20) #233164 [since FEDORA-2007-391]
CVE-2007-1475 ignore (php) unshipped ibase extension
CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604
CVE-2007-1413 ignore (php) Windows NT SNMP specific
@@ -34,14 +68,18 @@
CVE-2007-1411 ignore (php) unshipped mssql extension
CVE-2007-1401 ignore (php) unshipped cracklib extension
CVE-2007-1396 ignore (php) feature, not a flaw
+CVE-2007-1362 version (mozilla) #241840 [since FEDORA-2007-549]
+CVE-2007-1357 version (kernel) [since FEDORA-2007-432]
CVE-2007-1352 VULNERABLE (libXfont) #235265
CVE-2007-1351 VULNERABLE (libXfont) #235265
+CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-577]
CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315]
+CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505]
CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322]
CVE-2007-1004 VULNERABLE (firefox, ...)
-CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263
-CVE-2007-1002 VULNERABLE (evolution) #233587
+CVE-2007-1003 backport (xorg-x11-server, fixed > X11R7.2) #235263 [since FEDORA-2007-425]
+CVE-2007-1002 backport (evolution) #233587 [since FEDORA-2007-393]
CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343]
CVE-2007-0981 VULNERABLE (firefox, ...)
@@ -54,10 +92,10 @@
CVE-2007-0537 VULNERABLE (kdebase) #225420
CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147]
CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147]
-CVE-2007-0459 VULNERABLE (wireshark, fixed 0.99.5) #227140
-CVE-2007-0458 VULNERABLE (wireshark, fixed 0.99.5) #227140
-CVE-2007-0457 VULNERABLE (wireshark, fixed 0.99.5) #227140
-CVE-2007-0456 VULNERABLE (wireshark, fixed 0.99.5) #227140
+CVE-2007-0459 version (wireshark, fixed 0.99.5) #227140
+CVE-2007-0458 version (wireshark, fixed 0.99.5) #227140
+CVE-2007-0457 version (wireshark, fixed 0.99.5) #227140
+CVE-2007-0456 version (wireshark, fixed 0.99.5) #227140
CVE-2007-0455 VULNERABLE (gd) #224610
CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
@@ -117,11 +155,12 @@
CVE-2006-5864 VULNERABLE (evince) #217672
CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
CVE-2006-5794 backport (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215]
-CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash
+CVE-2006-5793 backport (libpng, fixed 1.2.13) #215405 [since FEDORA-2007-529]
CVE-2006-5783 ignore (firefox) disputed
CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768
CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
+CVE-2006-5752 backport (httpd) #244660 [since FEDORA-2007-615]
CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471]
CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2)
CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
@@ -169,7 +208,7 @@
CVE-2006-5159 ignore (firefox) unverified
CVE-2006-5158 version (kernel, fixed 2.6.15)
CVE-2006-5072 backport (mono)
-CVE-2006-5052 VULNERABLE (openssh, fixed 4.4)
+CVE-2006-5052 backport (openssh, fixed 4.4) [since FEDORA-2007-394]
CVE-2006-5051 backport (openssh, fixed 4.4)
CVE-2006-4997 version (kernel, fixed 2.6.18)
CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 9 months
fedora-security/audit fc7,1.54,1.55
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1903
Modified Files:
fc7
Log Message:
Updated to match FEDORA-2007-1070
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- fc7 27 Jul 2007 15:56:53 -0000 1.54
+++ fc7 1 Aug 2007 15:19:31 -0000 1.55
@@ -1,35 +1,44 @@
# $Id$
-** are items that need attention
+# ** are items that need attention
+# *CVE are items that need verification for Fedora 7
+# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
+# A couple of first F7 updates were marked as FEDORA-2007-0001
-*CVE are items that need verification for Fedora 7
+# Version: FEDORA-2007-1070
CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840
-CVE-2007-4168 VULNERABLE (libexif) #243890
+CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414]
CVE-2007-4029 VULNERABLE (libvorbis) #245991
-CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162
-CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162
-CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162
-CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162
-CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162
+CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
+CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
+CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
+CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
+CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3841 WTF (pidgin)
CVE-2007-3820 ** (kdebase) #248537
CVE-2007-3799 ** (php)
CVE-2007-3781 ** (mysql)
CVE-2007-3782 ** (mysql)
CVE-2007-3770 ** (xfce-utils)
+CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138]
+CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138]
+CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138]
+CVE-2007-3735 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3728 ignore (libsilc, 1.1.1 only)
CVE-2007-3725 ** (clamav)
-CVE-2007-3713 VULNERABLE (centericq) #247979
+CVE-2007-3713 backport (centericq) #247979 [since FEDORA-2007-1160]
+CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138]
+CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130]
CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10)
CVE-2007-3555 VULNERABLE (moodle) #247528
CVE-2007-3546 ignore (nessus-core) Windows only
-CVE-2007-3528 VULNERABLE (dar, fixed 2.3.4) #246760
-CVE-2007-3544 ** (wordpress) #245211
-CVE-2007-3543 ** (wordpress) #245211
+CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904]
+CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
+CVE-2007-3543 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033]
-CVE-2007-3507 version (flac123, fixed 0.0.10) #246322
+CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045]
CVE-2007-3478 ** (gd)
CVE-2007-3477 ** (gd)
CVE-2007-3476 ** (gd)
@@ -37,65 +46,74 @@
CVE-2007-3474 ** (gd)
CVE-2007-3473 ** (gd)
CVE-2007-3472 ** (gd)
-CVE-2007-3410 VULNERABLE (HelixPlayer) #245838
+CVE-2007-3410 backport (HelixPlayer) #245838 [since CVE-2007-3410]
CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807
-CVE-2007-3393 VULNERABLE (wireshark)
-CVE-2007-3392 VULNERABLE (wireshark)
-CVE-2007-3391 VULNERABLE (wireshark)
-CVE-2007-3390 VULNERABLE (wireshark)
-CVE-2007-3389 VULNERABLE (wireshark)
+CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
+CVE-2007-3392 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
+CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
+CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
+CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
+CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362]
CVE-2007-3378 ignore (php) safe mode escape
-CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612
-CVE-2007-3241 ** (wordpress) #245211
-CVE-2007-3240 ** (wordpress) #245211
-CVE-2007-3239 ** (wordpress) #245211
-CVE-2007-3238 ** (wordpress) #245211
+CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since EDORA-2007-0668]
+CVE-2007-3257 backport (evolution) #244283 [since FEDORA-2007-0464]
+CVE-2007-3241 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
+CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
+CVE-2007-3239 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
+CVE-2007-3238 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
+CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
+CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366]
CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
CVE-2007-3106 VULNERABLE (libvorbis) #245991
-CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865)
-CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865)
+CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
+CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502
-CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591
-CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591
+CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
+CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
CVE-2007-3145 VULNERABLE (galeon) **
-CVE-2007-3140 ** (wordpress) #245211
+CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3126 ignore (gimp) just a crash
CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3121 version (zvbi, fixed 0.2.25)
+CVE-2007-3121 version (zvbi, fixed 0.2.25) [since FEDORA-2007-0175]
*CVE-2007-3113 VULNERABLE (cacti) #243592
*CVE-2007-3112 VULNERABLE (cacti) #243592
+CVE-2007-3089 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3025 ignore (clamav, Solaris only)
CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
CVE-2007-3007 ignore (php) safe mode isn't safe
*CVE-2007-2975 (openfire)
+CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725]
+CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
+CVE-2007-2925 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
*CVE-2007-2894 VULNERABLE (bochs) #241799
CVE-2007-2894 ignore (bochs, unreproducible) #241799
-CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799
+CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799 [since FEDORA-2007-1153]
CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ]
-*CVE-2007-2874 (wpa_supplicant) #242455
-CVE-2007-2873 version (spamassassin, fixed 3.2.1)
-CVE-2007-2871 version (seamonkey, fixed 1.0.9)
-CVE-2007-2870 version (seamonkey, fixed 1.0.9)
-CVE-2007-2869 (firefox)
-CVE-2007-2868 version (seamonkey, fixed 1.0.9)
-CVE-2007-2867 version (seamonkey, fixed 1.0.9)
-CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489
+CVE-2007-2874 remove-patch (wpa_supplicant) #242455 [since FEDORA-2007-0185]
+CVE-2007-2873 version (spamassassin, fixed 3.2.1) [since FEDORA-2007-0390]
+CVE-2007-2871 version (mozilla) #241840
+CVE-2007-2870 version (mozilla) #241840
+CVE-2007-2869 version (mozilla) #241840
+CVE-2007-2868 version (mozilla) #241840
+CVE-2007-2867 version (mozilla) #241840
+CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469]
CVE-2007-2844 ignore (php) #241641
CVE-2007-2843 ignore (konqueror) safari specific
-*CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970
-*CVE-2007-2799 (file)
+CVE-2007-2821 version (wordpress, fixed 2.2) #245211 [since FEDORA-2007-0894]
+CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-0836]
+CVE-2007-2798 version (krb5, 1.6.1) [since FEDORA-2007-0740]
CVE-2007-2768 ignore (openssh) needs pam OPIE which is not shipped.
CVE-2007-2756 ignore (gd) DoS only
-*CVE-2007-2754 (freetype)
+CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033]
CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
-*CVE-2007-2683 (mutt)
+CVE-2007-2683 backport (mutt)
*CVE-2007-2654 VULNERABLE (xfsdump) #240396
-CVE-2007-2650 version (clamav, fixed 0.90.3) #240395
-CVE-2007-2645 ignore (libexif) #240055 DoS only
+CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154]
+CVE-2007-2645 backport (libexif) #240055 [since FEDORA-2007-0414]
*CVE-2007-2637 patch (moin, fixed 1.5.7-2)
-*CVE-2007-2627 ** (wordpress) #239904
+CVE-2007-2627 version (wordpress, fixed 2.2.1) #239904 [since FEDORA-2007-0894]
*CVE-2007-2589 (squirrelmail)
*CVE-2007-2583 (mysql)
CVE-2007-2519 ignore (php-pear) no trust boundary is crossed
@@ -113,6 +131,8 @@
*CVE-2007-2446 (samba)
CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398
*CVE-2007-2444 (samba)
+CVE-2007-2443 version (krb5, 1.6.1) [since FEDORA-2007-0740]
+CVE-2007-2442 version (krb5, 1.6.1) [since FEDORA-2007-0740]
*CVE-2007-2438 VULNERABLE (vim) #238734
CVE-2007-2437 ignore (xorg-x11) DoS only
*CVE-2007-2435 (java)
@@ -123,18 +143,18 @@
*CVE-2007-2353 (axis)
*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped.
-*CVE-2007-2241 (bind)
+CVE-2007-2241 backport (bind) [since FEDORA-2007-0300]
CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction
CVE-2007-2172 version (kernel, fixed 2.6.21-rc6)
*CVE-2007-2165 VULNERABLE (proftpd) #237533
-*CVE-2007-2138 (postgresql)
+CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174]
CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1)
CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219
*CVE-2007-2028 (freeradius)
*CVE-2007-2026 (file)
CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
CVE-2007-1997 version (clamav, fixed in 0.90.2)
-*CVE-2007-1995 (quagga) #240488
+CVE-2007-1995 version (quagga, fixed CVE-2007-1995) #240488
CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912
CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2)
CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912
@@ -148,6 +168,7 @@
*CVE-2007-1841 VULNERABLE (ipsec-tools) #238052
*CVE-2007-1804 VULNERABLE (pulseaudio) #235013
CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014
+CVE-2007-1797 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703
*CVE-2007-1743 (httpd)
*CVE-2007-1742 (httpd)
@@ -159,9 +180,9 @@
CVE-2007-1710 version (php, fixed 5.2.2)
CVE-2007-1709 ignore (php) no security impact
*CVE-2007-1667 (xorg-x11)
-CVE-2007-1665 VULNERABLE (ekg) #246034
-CVE-2007-1664 VULNERABLE (ekg) #246034
-CVE-2007-1663 VULNERABLE (ekg) #246034
+CVE-2007-1665 version (ekg) #246034 [since FEDORA-2007-0791]
+CVE-2007-1664 version (ekg) #246034 [since FEDORA-2007-0791]
+CVE-2007-1663 version (ekg) #246034 [since FEDORA-2007-0791]
CVE-2007-1649 version (php, fixed 5.2.2)
CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703
CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
@@ -169,7 +190,7 @@
CVE-2007-1583 version (php, fixed 5.2.2)
CVE-2007-1565 ignore (konqueror) client crash
CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564]
-CVE-2007-1562 (firefox, seamonkey, thunderbird)
+CVE-2007-1562 version (firefox, seamonkey, thunderbird) #241840
CVE-2007-1560 version (squid, fixed 2.6.STABLE12)
CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
*CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1)
@@ -208,12 +229,13 @@
*CVE-2007-1384 version (ktorrent, fixed 2.1.2)
CVE-2007-1375 version (php, fixed 5.2.2)
*CVE-2007-1366 ** (qemu) #238723
-*CVE-2007-1362 version (seamonkey, fixed 1.0.9)
+CVE-2007-1362 version (seamonkey, fixed 1.0.9) #241840
*CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728
CVE-2007-1358 ** (tomcat5) #244810
*CVE-2007-1354 (jboss)
*CVE-2007-1352 VULNERABLE (libXfont) #235265
*CVE-2007-1351 VULNERABLE (libXfont) #235265
+CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-0316]
CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2)
*CVE-2007-1322 ** (qemu) #238723
*CVE-2007-1321 ** (qemu) #238723
@@ -281,7 +303,7 @@
*CVE-2007-0774 (mod_jk)
VE-2007-0772 version (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952
-*CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758
+CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758
CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456
CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated
CVE-2007-0657 ignore (nexuiz, 2.2.2 only (not shipped), fixed 2.2.3)
@@ -318,6 +340,7 @@
*CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101
CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
+CVE-2007-0245 backport (openoffice.org) [since FEDORA-2007-0410]
CVE-2007-0243 ignore, no-ship (java-ibm)
*CVE-2007-0242 patch (qt4, fixed 4.2.3-7)
*CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
@@ -510,6 +533,7 @@
CVE-2006-5462 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
*CVE-2006-5461 VULNERABLE (avahi, fixed 0.6.15)
*CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285]
+CVE-2006-5456 version (GraphicsMagick, fixed 1.1.7) [since FEDORA-2007-1340]
*CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355
*CVE-2006-5454 patch (bugzilla, fixed 2.22-7) #212355
*CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355
@@ -599,7 +623,7 @@
CVE-2006-4561 VULNERABLE (firefox)
CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6)
CVE-2006-4535 version (kernel, fixed 2.6.18-rc6)
-CVE-2006-4519 VULNERABLE (gimp) #247566
+CVE-2006-4519 version (gimp, fixed 2.2.16) #247566 [since FEDORA-2007-1044]
*CVE-2006-4514 backport (libgsf) [since FEDORA-2006-1417]
CVE-2006-4513 version (wv, fixed 1.2.4) #212696
*CVE-2006-4513 ** (abiword) #212698
@@ -649,6 +673,7 @@
CVE-2006-4146 backport (gdb)
CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix
*CVE-2006-4144 backport (ImageMagick, fixed 6.2.9)
+CVE-2006-4144 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
*CVE-2006-4124 (lesstif)
CVE-2006-4096 version (bind, fixed 9.3.2-P1)
CVE-2006-4095 version (bind, fixed 9.3.2-P1)
@@ -665,42 +690,19 @@
CVE-2006-3816 version (krusader, fixed 1.70.1) #200323
CVE-2006-3815 version (heartbeat, fixed 2.0.6)
CVE-2006-3813 version (perl) only Red Hat Enterprise Linux affected
-CVE-2006-3812 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3812 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3812 version (firefox, fixed 1.5.0.5)
-CVE-2006-3811 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3811 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3811 version (firefox, fixed 1.5.0.5)
-CVE-2006-3810 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3810 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3810 version (firefox, fixed 1.5.0.5)
-CVE-2006-3809 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3809 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3809 version (firefox, fixed 1.5.0.5)
-CVE-2006-3808 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3808 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3808 version (firefox, fixed 1.5.0.5)
-CVE-2006-3807 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3807 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3807 version (firefox, fixed 1.5.0.5)
-CVE-2006-3806 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3806 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3806 version (firefox, fixed 1.5.0.5)
-CVE-2006-3805 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3805 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3805 version (firefox, fixed 1.5.0.5)
-CVE-2006-3804 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3804 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3804 version (firefox, fixed 1.5.0.5)
-CVE-2006-3803 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3803 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3803 version (firefox, fixed 1.5.0.5)
-CVE-2006-3802 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3802 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3802 version (firefox, fixed 1.5.0.5)
-CVE-2006-3801 version (thunderbird, fixed 1.5.0.5)
-CVE-2006-3801 version (seamonkey, fixed 1.0.4) #200455
-CVE-2006-3801 version (firefox, fixed 1.5.0.5)
+CVE-2006-3812 version (mozilla) #200455
+CVE-2006-3811 version (mozilla) #200455
+CVE-2006-3810 version (mozilla) #200455
+CVE-2006-3809 version (mozilla) #200455
+CVE-2006-3808 version (mozilla) #200455
+CVE-2006-3807 version (mozilla) #200455
+CVE-2006-3806 version (mozilla) #200455
+CVE-2006-3805 version (mozilla) #200455
+CVE-2006-3804 version (mozilla) #200455
+CVE-2006-3803 version (mozilla) #200455
+CVE-2006-3802 version (mozilla) #200455
+CVE-2006-3801 version (mozilla) #200455
+CVE-2007-3798 version (tcpdump, fixed 3.9.7) #244860 [since FEDORA-2007-1361]
CVE-2006-3747 version (httpd, fixed 2.2.3)
CVE-2006-3746 version (gnupg, fixed 1.4.5)
CVE-2006-3745 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5)
@@ -711,6 +713,7 @@
CVE-2006-3740 version (libXfont, fixed 1.2.2)
CVE-2006-3739 version (libXfont, fixed 1.2.2)
*CVE-2006-3738 backport (openssl, fixed 0.9.8d)
+CVE-2007-3734 version (mozilla) #248518 [since FEDORA-2007-1138]
*CVE-2006-3733 ignore (jboss) cisco only
CVE-2006-3731 ignore (firefox) just a user complicit crash
CVE-2006-3694 version (ruby, fixed 1.8.5)
@@ -855,8 +858,8 @@
*CVE-2006-2366 ignore (openobex) we don't ship ircp
CVE-2006-2362 ignore (binutils) minor crash (not exploitable)
CVE-2006-2332 ignore (firefox) disputed
-CVE-2006-2314 version (postgresql, fixed 8.1.4)
-CVE-2006-2313 version (postgresql, fixed 8.1.4)
+CVE-2006-2314 version (postgresql, fixed 8.1.4) [since FEDORA-2007-0249]
+CVE-2006-2313 version (postgresql, fixed 8.1.4) [since FEDORA-2007-0249]
CVE-2006-2276 version (quagga, fixed 0.98.6)
CVE-2006-2275 version (kernel, fixed 2.6.16.15)
CVE-2006-2274 version (kernel, fixed 2.6.16.15)
@@ -1156,6 +1159,7 @@
CVE-2006-0096 ignore (kernel) minor and requires root
CVE-2006-0095 version (kernel, fixed 2.6.16)
CVE-2006-0082 version (ImageMagick, not 6.2.5.4)
+CVE-2006-0082 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
CVE-2006-0071 ignore (pinentry, Gentoo-specific problem)
CVE-2006-0058 version (sendmail, fixed 8.13.6)
CVE-2006-0052 version (mailman, fixed 2.1.6)
@@ -1196,6 +1200,7 @@
CVE-2005-4618 version (kernel, fixed 2.6.15)
CVE-2005-4605 version (kernel, fixed 2.6.15)
*CVE-2005-4601 (ImageMagick)
+CVE-2005-4601 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
CVE-2005-4585 version (wireshark, fixed 0.10.14)
CVE-2005-4442 version (openldap) gentoo only
CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 9 months