Separate list for commits
by Lubomir Kundrak
Hi all,
Wit the volume of the commit messagaes and bugzilla mails this list
became less suited for discussions. Would anyone mind creating another
list, say fedora-security-commits-list, where would that sort of mails
go?
Regards,
--
Lubomir Kundrak (Security Response Team)
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
Registered in Brno under #CZ27690016
16 years, 6 months
fedora-security/audit fc6,1.267,1.268 fc7,1.122,1.123
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19819/audit
Modified Files:
fc6 fc7
Log Message:
proccess large pile of fedora updates
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.267
retrieving revision 1.268
diff -u -r1.267 -r1.268
--- fc6 21 Sep 2007 21:28:10 -0000 1.267
+++ fc6 27 Sep 2007 12:55:40 -0000 1.268
@@ -5,7 +5,7 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# Up to date CVE as of CVE email 20070914
-# Up to date FC6 as of 20070916
+# Up to date FC6 as of 20070926
CVE-2007-5034 VULNERABLE (elinks) #297611
CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
@@ -17,17 +17,19 @@
CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694]
CVE-2007-4730 VULNERABLE (xorg-x11) #286061
CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-4670 backport (php) [since FEDORA-2007-709]
CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix
CVE-2007-4660 VULNERABLE (php, fixed 5.2.4)
CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only)
-CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011
+CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709]
CVE-2007-4657 VULNERABLE (php, fixed 5.2.4)
CVE-2007-4569 VULNERABLE (kdebase) #299741
CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689]
CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
+CVE-2007-4465 version (httpd) [since FEDORA-2007-707]
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4255 ignore (php) msql extension not shipped
CVE-2007-4251 ignore (openoffice.org) just a crash
@@ -35,7 +37,7 @@
CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664]
-CVE-2007-4137 VULNERABLE (qt) #292951
+CVE-2007-4137 backport (qt) #292951 [since FEDORA-2007-703]
CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254129
CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-683]
CVE-2007-4029 backport (libvorbis) #250600 [since FEDORA-2007-677]
@@ -44,17 +46,19 @@
CVE-2007-3999 backport (krb5) [since FEDORA-2007-690]
CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294911
CVE-2007-3999 VULNERABLE (libtirpc) #294931
+CVE-2007-3998 backport (php) [since FEDORA-2007-709]
+CVE-2007-3996 backport (php) [since FEDORA-2007-709]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675]
CVE-2007-3848 version (kernel) [since FEDORA-2007-679]
-CVE-2007-3847 VULNERABLE (httpd) #250756
+CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707]
CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
CVE-2007-3820 ** (kdebase) #248537
-CVE-2007-3799 ** (php)
+CVE-2007-3799 backport (php) [since FEDORA-2007-709]
CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654]
CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44)
CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44)
@@ -62,19 +66,20 @@
CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655]
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561]
-CVE-2007-3478 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3477 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3476 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3475 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3474 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3473 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3472 VULNERABLE (gd, fixed 2.0.35) #277421
+CVE-2007-3478 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3477 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3476 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3475 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3474 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3473 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3472 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809
CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3392 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-3388 backport (qt) [since FEDORA-2007-703]
CVE-2007-3387 VULNERABLE (poppler) #251513
CVE-2007-3387 backport (tetex) #251515 [since FEDORA-2007-669]
CVE-2007-3387 backport (kdegraphics) #251511 [since FEDORA-2007-685]
@@ -94,14 +99,16 @@
CVE-2007-2875 version (kernel) [since FEDORA-2007-600]
*CVE-2007-2874 (wpa_supplicant) #242455
CVE-2007-2873 version (spamassassin, fixed 3.1.9) [since FEDORA-2007-582]
+CVE-2007-2872 backport (php) [since FEDORA-2007-709]
CVE-2007-2871 version (mozilla) #241840 [since FEDORA-2007-549]
CVE-2007-2870 version (mozilla) #241840 [since FEDORA-2007-549]
CVE-2007-2869 version (mozilla) #241840 [since FEDORA-2007-549]
CVE-2007-2868 version (mozilla) #241840 [since FEDORA-2007-549]
CVE-2007-2867 version (mozilla) #241840 [since FEDORA-2007-549]
-CVE-2007-2834 VULNERABLE (openoffice.org, fixed 2.3) #293371
+CVE-2007-2834 backport (openoffice.org, fixed 2.3) #293371 [since FEDORA-2007-700]
CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-538]
CVE-2007-2797 version (xterm)
+CVE-2007-2756 backport (php) [since FEDORA-2007-709]
CVE-2007-2453 version (kernel) [since FEDORA-2007-600]
CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600]
CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529]
@@ -162,6 +169,7 @@
CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
+CVE-2007-0242 backport (qt) [since FEDORA-2007-703]
CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since FEDORA-2007-657]
CVE-2007-0104 ignore (poppler) only client DoS
CVE-2007-0104 ignore (kdegraphics) only client DoS
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.122
retrieving revision 1.123
diff -u -r1.122 -r1.123
--- fc7 26 Sep 2007 15:57:23 -0000 1.122
+++ fc7 27 Sep 2007 12:55:40 -0000 1.123
@@ -6,16 +6,17 @@
# A couple of first F7 updates were marked as FEDORA-2007-0001
# Up to date CVE as of CVE email 20070914
-# Up to date FC7 as of 20070916
+# Up to date FC7 as of 20070926
-GENERIC-MAP-NOMATCH VULNERABLE (t1lib) #303021
-CVE-2007-5038 VULNERABLE (bugzilla, fixed 3.0.2, 3.1.2) #299981
+CVE-2007-5106 version (wordpress) affects old 2.0.x versions
+CVE-2007-5105 version (wordpress) affects old 2.0.x versions
+CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 [since FEDORA-2007-2299]
CVE-2007-5037 VULNERABLE (inotify-tools) #299771
-CVE-2007-5034 VULNERABLE (elinks) #297981
+CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224]
CVE-2007-5007 VULNERABLE (balsa) #297601
GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-4974 VULNERABLE (libsndfile) #296221
+CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236]
CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297551
CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8
@@ -24,8 +25,8 @@
CVE-2007-4841 ignore (mozilla suite) Windows only
CVE-2007-4840 ignore (php)
CVE-2007-4829 VULNERABLE (perl-Archive-Tar)
-CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881
-CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) in updates-testing
+CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189]
+CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196]
CVE-2007-4752 VULNERABLE (openssh) #280461
CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
CVE-2007-4730 VULNERABLE (xorg-x11) #286051
@@ -41,6 +42,7 @@
CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020]
CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
+CVE-2007-4573 version (kernel) [since FEDORA-2007-2298]
CVE-2007-4569 VULNERABLE (kdebase) #299731
CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
@@ -54,6 +56,7 @@
CVE-2007-4533 backport (vavoom) #256621 [since FEDORA-2007-1977]
CVE-2007-4532 backport (vavoom) #256621 [since FEDORA-2007-1977]
CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 [since FEDORA-2007-2050]
+CVE-2007-4465 version (httpd) [since FEDORA-2007-2214]
CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
CVE-2007-4400 VULNERABLE (konversation) #253545
@@ -75,11 +78,12 @@
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885]
CVE-2007-4138 version (samba, fixed 3.0.26) #286311 [since FEDORA-2007-2145]
-CVE-2007-4137 VULNERABLE (qt) #292941
+CVE-2007-4137 backport (qt) #292941 [since FEDORA-2007-2216]
CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852]
CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890]
CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765]
+CVE-2007-4033 VULNERABLE (t1lib) #303021
CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017]
CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017]
@@ -94,7 +98,7 @@
CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3848 version (kernel) [since FEDORA-2007-1785]
-CVE-2007-3847 VULNERABLE (httpd) #250755
+CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214]
CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
@@ -138,7 +142,7 @@
CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
-CVE-2007-3388 VULNERABLE (qt, fixed qt-3.3.8-20070727) patch available: 170529.diff
+CVE-2007-3388 backport (qt, fixed qt-3.3.8-20070727) patch available: 170529.diff [since FEDORA-2007-2216]
CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383]
CVE-2007-3387 backport (tetex) #251514 [since FEDORA-2007-1547]
CVE-2007-3387 VULNERABLE (poppler) #251512
@@ -168,8 +172,8 @@
CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
CVE-2007-3122 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
CVE-2007-3121 version (zvbi, fixed 0.2.25) [since FEDORA-2007-0175]
-*CVE-2007-3113 VULNERABLE (cacti) #243592
-*CVE-2007-3112 VULNERABLE (cacti) #243592
+CVE-2007-3113 backport (cacti) #243592 [since FEDORA-2007-2199]
+CVE-2007-3112 backport (cacti) #243592 [since FEDORA-2007-2199]
CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444]
CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 6 months
fedora-security/audit fc7,1.121,1.122
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21067/audit
Modified Files:
fc7
Log Message:
php non-issue
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.121
retrieving revision 1.122
diff -u -r1.121 -r1.122
--- fc7 25 Sep 2007 09:39:20 -0000 1.121
+++ fc7 26 Sep 2007 15:57:23 -0000 1.122
@@ -151,6 +151,7 @@
CVE-2007-3378 ignore (php) safe mode escape
CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since FEDORA-2007-0668]
CVE-2007-3304 backport (httpd) #244665 [since FEDORA-2007-0704]
+CVE-2007-3294 ignore (php-extras) win only
CVE-2007-3257 backport (evolution) #244283 [since FEDORA-2007-0464]
CVE-2007-3241 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.120,1.121
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31518/audit
Modified Files:
fc7
Log Message:
Forgot to commit note for bugzilla yesterday.
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.120
retrieving revision 1.121
diff -u -r1.120 -r1.121
--- fc7 24 Sep 2007 21:01:58 -0000 1.120
+++ fc7 25 Sep 2007 09:39:20 -0000 1.121
@@ -9,6 +9,7 @@
# Up to date FC7 as of 20070916
GENERIC-MAP-NOMATCH VULNERABLE (t1lib) #303021
+CVE-2007-5038 VULNERABLE (bugzilla, fixed 3.0.2, 3.1.2) #299981
CVE-2007-5037 VULNERABLE (inotify-tools) #299771
CVE-2007-5034 VULNERABLE (elinks) #297981
CVE-2007-5007 VULNERABLE (balsa) #297601
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.119,1.120
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1187
Modified Files:
fc7
Log Message:
CVE for something, I forgot for what.
Most likely it was for balsa or something like that.
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.119
retrieving revision 1.120
diff -u -r1.119 -r1.120
--- fc7 24 Sep 2007 13:57:58 -0000 1.119
+++ fc7 24 Sep 2007 21:01:58 -0000 1.120
@@ -11,7 +11,7 @@
GENERIC-MAP-NOMATCH VULNERABLE (t1lib) #303021
CVE-2007-5037 VULNERABLE (inotify-tools) #299771
CVE-2007-5034 VULNERABLE (elinks) #297981
-GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601
+CVE-2007-5007 VULNERABLE (balsa) #297601
GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
CVE-2007-4974 VULNERABLE (libsndfile) #296221
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.118,1.119
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26230/audit
Modified Files:
fc7
Log Message:
inotify-tools cve name
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.118
retrieving revision 1.119
diff -u -r1.118 -r1.119
--- fc7 24 Sep 2007 13:48:30 -0000 1.118
+++ fc7 24 Sep 2007 13:57:58 -0000 1.119
@@ -9,8 +9,8 @@
# Up to date FC7 as of 20070916
GENERIC-MAP-NOMATCH VULNERABLE (t1lib) #303021
+CVE-2007-5037 VULNERABLE (inotify-tools) #299771
CVE-2007-5034 VULNERABLE (elinks) #297981
-GENERIC-MAP-NOMATCH VULNERABLE (inotify-tools) #299771
GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601
GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.117,1.118
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25732/audit
Modified Files:
fc7
Log Message:
t1lib
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.117
retrieving revision 1.118
diff -u -r1.117 -r1.118
--- fc7 21 Sep 2007 21:28:10 -0000 1.117
+++ fc7 24 Sep 2007 13:48:30 -0000 1.118
@@ -8,6 +8,7 @@
# Up to date CVE as of CVE email 20070914
# Up to date FC7 as of 20070916
+GENERIC-MAP-NOMATCH VULNERABLE (t1lib) #303021
CVE-2007-5034 VULNERABLE (elinks) #297981
GENERIC-MAP-NOMATCH VULNERABLE (inotify-tools) #299771
GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit epel4,1.1,1.2
by fedora-extras-commits@redhat.com
Author: kevin
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4386
Modified Files:
epel4
Log Message:
Process a ton of epel4 items.
Index: epel4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/epel4,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- epel4 1 Sep 2007 18:49:37 -0000 1.1
+++ epel4 22 Sep 2007 04:07:57 -0000 1.2
@@ -3,99 +3,102 @@
# *CVE are items that need verification for EPEL-4
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070829
-# Up to date EPEL4 as of
+# Up to date CVE as of CVE email 20070914
+# Up to date EPEL4 as of 20070916
#
-*CVE-2007-4631 VULNERABLE (qgit) #268381
+GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
+*CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881
+CVE-2007-4727 version (lighttpd, fixed 1.4.18) #284511
+*CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
+CVE-2007-4631 version (qgit, fixed 1.5.7) #268381
*CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
-*CVE-2007-4560 VULNERABLE (clamav) #260583
+CVE-2007-4560 VULNERABLE (clamav) #260583
*CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
*CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561
*CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
*CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
-*CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
+CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
*CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
*CVE-2007-4400 VULNERABLE (konversation) #253545
-*CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
+CVE-2007-4323 backport (denyhosts) #252291
*CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643
-*CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-*CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-*CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-*CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-*CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-*CVE-2007-3725 ** (clamav)
-*CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445]
-*CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
-*CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
-*CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
-*CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
-*CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
-*CVE-2007-3113 VULNERABLE (cacti) #243592
-*CVE-2007-3112 VULNERABLE (cacti) #243592
-*CVE-2007-3025 ignore (clamav, Solaris only)
-*CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
-*CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162
+CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162
+CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162
+CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162
+CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162
+CVE-2007-3725 ** (clamav)
+CVE-2007-3555 version (moodle, fixed 1.8.2) #247528
+CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
+CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591
+CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591
+CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3113 patch (cacti, fixed 0.8.7) #243592
+CVE-2007-3112 patch (cacti, fixed 0.8.7) #243592
+CVE-2007-3025 ignore (clamav, Solaris only)
+CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
*CVE-2007-2958 VULNERABLE (claws-mail) #254121
-*CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469]
-*CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
-*CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154]
-*CVE-2007-2637 patch (moin, fixed 1.5.7-2)
-*CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
+*CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489
+CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
+CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395
+CVE-2007-2637 patch (moin, fixed 1.5.7-2)
+CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
*CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615
-*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
+CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
*CVE-2007-2165 VULNERABLE (proftpd) #237533
-*CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219
-*CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
-*CVE-2007-1997 version (clamav, fixed in 0.90.2)
-*CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
-*CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
-*CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703
-*CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
+CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
+CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2)
+CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
+CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
+CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703
+CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
*CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
-*CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
-*CVE-2007-1546 version (nas, fixed 1.8a-2) #233353
-*CVE-2007-1545 version (nas, fixed 1.8a-2) #233353
-*CVE-2007-1544 version (nas, fixed 1.8a-2) #233353
-*CVE-2007-1543 version (nas, fixed 1.8a-2) #233353
-*CVE-2007-1429 version (moodle, fixed 1.6.5) #232103
+CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
+CVE-2007-1546 version (nas, fixed 1.8a-2) #233353
+CVE-2007-1545 version (nas, fixed 1.8a-2) #233353
+CVE-2007-1544 version (nas, fixed 1.8a-2) #233353
+CVE-2007-1543 version (nas, fixed 1.8a-2) #233353
+CVE-2007-1429 version (moodle, fixed 1.6.5) #232103
*CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729
*CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729
-*CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2)
+CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2)
*CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728
-*CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2)
+CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2)
*CVE-2007-1055 version (mediawiki, fixed 1.8.3)
*CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
-*CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764
-*CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764
-*CVE-2007-0898 version (clamav, fixed 0.90) #229202
-*CVE-2007-0897 version (clamav, fixed 0.90) #229202
+CVE-2007-0902 version (moin, fixed 1.5.7-2) #228764
+CVE-2007-0901 version (moin, fixed 1.5.7-2) #228764
+CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202
+CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202
*CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
-*CVE-2007-0857 version (moin, fixed 1.5.7) #228139
+CVE-2007-0857 version (moin, fixed 1.5.7) #228139
*CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
-*CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only)
-*CVE-2007-0242 patch (qt4, fixed 4.2.3-7)
+CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only)
*CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
*CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958
-*CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694
-*CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233
-*CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1)
-*CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1)
-*CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1)
-*CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410
+CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694
+CVE-2007-0007 version (gnucash, fixed 2.0.5) #223233
+CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1)
+CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1)
+CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1)
+CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410
*CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
*CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
-*CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
-*CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
+CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
+CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
*CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938
-*CVE-2006-6481 version (clamav, fixed 0.88.7)
-*CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
-*CVE-2006-6374 ** (phpMyAdmin) #218853
-*CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
-*CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
+CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7)
+CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095
+CVE-2006-6374 ** (phpMyAdmin) #218853
+CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
+CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
*CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820
*CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820
-*CVE-2006-5874 version (clamav, fixed 0.88.1)
-*CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136
+CVE-2006-5874 version (clamav, fixed 0.88.1)
+CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136
*CVE-2006-5848 version (trac, fixed 0.10.1) #215077
*CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
*CVE-2006-5602 version (xsupplicant, fixed 1.2.6)
@@ -103,51 +106,51 @@
*CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355
*CVE-2006-5454 patch (bugzilla, fixed 2.22-7) #212355
*CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355
-*CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
-*CVE-2006-5129 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4943 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4942 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4941 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4940 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4939 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4938 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4937 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4936 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4935 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4786 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4785 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4784 version (moodle, fixed 1.6.3) #206516
+CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
+CVE-2006-5129 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4943 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4942 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4941 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4940 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4939 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4938 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4937 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4936 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4935 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4786 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4785 version (moodle, fixed 1.6.3) #206516
+CVE-2006-4784 version (moodle, fixed 1.6.3) #206516
*CVE-2006-4684 version (zope, fixed 2.9.2)
*CVE-2006-4249 patch (plone, fixed 2.5.1-3) #213983
*CVE-2006-4248 ignore (thttpd, Debian specific issue)
*CVE-2006-4247 patch (plone, fixed 2.5-4) #209163
-*CVE-2006-4182 version (clamav, fixed 0.88.5) #210973
-*CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688
+CVE-2006-4182 version (clamav, fixed 0.88.5) #210973
+CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688
*CVE-2006-3458 patch (zope, fixed 2.9.3-3) #198106
*CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped)
-*CVE-2006-2489 version (nagios, fixed 2.3.1)
-*CVE-2006-2427 ignore (clamav) not an issue bz#192076
+CVE-2006-2489 version (nagios, fixed 2.3.1)
+CVE-2006-2427 ignore (clamav) not an issue bz#192076
*CVE-2006-2237 backport (awstats, fixed 6.5-5) bz#190923
-*CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612
+CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612
*CVE-2006-2017 version (dnsmasq, fixed 2.30)
-*CVE-2006-1989 version (clamav, fixed 0.88.2)
+CVE-2006-1989 version (clamav, fixed 0.88.2)
*CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch
*CVE-2006-1711 version (plone, fixed 2.1.2) bz#188886
-*CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286
-*CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050
-*CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286
-*CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286
-*CVE-2006-1566 ignore (libtunepimp, Debian-specific problem)
+CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286
+CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050
+CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286
+CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286
+CVE-2006-1566 ignore (libtunepimp, Debian-specific problem)
*CVE-2006-1498 version (mediawiki, fixed 1.5.8) bz#188122
*CVE-2006-1079 patch (thttpd, fixed 2.25b-11) bz#191095
*CVE-2006-1078 patch (thttpd, fixed 2.25b-11) bz#191095
-*CVE-2006-0814 ignore (lighttpd, Windows-specific problem)
-*CVE-2006-0760 version (lighttpd, fixed 1.4.10)
-*CVE-2006-0458 version (irssi, fixed 0.8.10) bz#184509
+CVE-2006-0814 ignore (lighttpd, Windows-specific problem)
+CVE-2006-0760 version (lighttpd, fixed 1.4.10)
+CVE-2006-0458 VULNERABLE (irssi, fixed 0.8.10) bz#184509
*CVE-2006-0322 version (mediawiki, fixed 1.5.8)
-*CVE-2006-0162 version (clamav, fixed 0.88)
-*CVE-2006-0126 version (rxvt-unicode, fixed 7.5)
-*CVE-2006-0106 version (wine, fixed 0.9.10)
-*CVE-2006-0071 ignore (pinentry, Gentoo-specific problem)
-*CVE-2005-4803 version (graphviz, fixed 2.2.1)
+CVE-2006-0162 version (clamav, fixed 0.88)
+CVE-2006-0126 version (rxvt-unicode, fixed 7.5)
+CVE-2006-0106 version (wine, fixed 0.9.10)
+CVE-2006-0071 ignore (pinentry, Gentoo-specific problem)
+CVE-2005-4803 version (graphviz, fixed 2.2.1)
*CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit epel5,1.3,1.4
by fedora-extras-commits@redhat.com
Author: kevin
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29558
Modified Files:
epel5
Log Message:
Catch up with new vulnerabilities.
remove qt4 (shipped in rhel, not epel)
update for cacti update.
Index: epel5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/epel5,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- epel5 14 Sep 2007 00:23:19 -0000 1.3
+++ epel5 22 Sep 2007 03:41:31 -0000 1.4
@@ -3,9 +3,11 @@
# *CVE are items that need verification for EPEL-5
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070910
-# Up to date EPEL5 as of 20070910
+# Up to date CVE as of CVE email 20070914
+# Up to date EPEL5 as of 20070916
#
+GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
+*CVE-2007-4829 VULNERABLE (perl-Archive-Tar)
*CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881
CVE-2007-4727 version (lighttpd, fixed 1.4.18) #284511
CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
@@ -36,8 +38,8 @@
CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591
CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3113 VULNERABLE (cacti) #243592
-CVE-2007-3112 VULNERABLE (cacti) #243592
+CVE-2007-3113 patch (cacti, fixed 0.8.7) #243592
+CVE-2007-3112 patch (cacti, fixed 0.8.7) #243592
CVE-2007-3025 ignore (clamav, Solaris only)
CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
@@ -84,7 +86,6 @@
CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
*CVE-2007-0469 version (rubygems, fixed 0.9.1)
CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only)
-CVE-2007-0242 VULNERABLE (qt4, fixed 4.2.3-7)
CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
*CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958
*CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months