fedora-security/audit fc6,1.266,1.267 fc7,1.116,1.117
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12697
Modified Files:
fc6 fc7
Log Message:
elinks
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.266
retrieving revision 1.267
diff -u -r1.266 -r1.267
--- fc6 21 Sep 2007 14:29:48 -0000 1.266
+++ fc6 21 Sep 2007 21:28:10 -0000 1.267
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20070914
# Up to date FC6 as of 20070916
+CVE-2007-5034 VULNERABLE (elinks) #297611
CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297561
CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 #297561
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.116
retrieving revision 1.117
diff -u -r1.116 -r1.117
--- fc7 21 Sep 2007 14:29:48 -0000 1.116
+++ fc7 21 Sep 2007 21:28:10 -0000 1.117
@@ -8,6 +8,7 @@
# Up to date CVE as of CVE email 20070914
# Up to date FC7 as of 20070916
+CVE-2007-5034 VULNERABLE (elinks) #297981
GENERIC-MAP-NOMATCH VULNERABLE (inotify-tools) #299771
GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601
GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc6,1.265,1.266 fc7,1.115,1.116
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3532/audit
Modified Files:
fc6 fc7
Log Message:
update on some older kde issues
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.265
retrieving revision 1.266
diff -u -r1.265 -r1.266
--- fc6 21 Sep 2007 06:43:46 -0000 1.265
+++ fc6 21 Sep 2007 14:29:48 -0000 1.266
@@ -133,6 +133,7 @@
CVE-2007-1352 fixed (libXfont) #235265 [since FEDORA-2007-423]
CVE-2007-1351 fixed (libXfont) #235265 [since FEDORA-2007-423]
CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-577]
+CVE-2007-1308 version (kdelibs)
CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315]
CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505]
CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.115
retrieving revision 1.116
diff -u -r1.115 -r1.116
--- fc7 21 Sep 2007 07:40:08 -0000 1.115
+++ fc7 21 Sep 2007 14:29:48 -0000 1.116
@@ -285,8 +285,8 @@
CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703
CVE-2007-1583 version (php, fixed 5.2.2)
-CVE-2007-1565 ignore (konqueror) client crash
-CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564]
+CVE-2007-1565 ignore (konqueror) client crash, duplicate of CVE-2007-1308
+CVE-2007-1564 version (kdelibs) affects konqueror
CVE-2007-1562 version (mozilla) #241840
CVE-2007-1560 version (squid, fixed 2.6.STABLE12)
CVE-2007-1558 version (balsa) [since FEDORA-2007-1447]
@@ -339,6 +339,7 @@
*CVE-2007-1322 ** (qemu) #238723
*CVE-2007-1321 ** (qemu) #238723
*CVE-2007-1320 ** (qemu) #238723
+CVE-2007-1308 version (kdelibs)
CVE-2007-1287 ignore (php) See NVD
CVE-2007-1286 version (php, PHP4 only)
CVE-2007-1285 version (php, 5.2.2)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.114,1.115
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4085/audit
Modified Files:
fc7
Log Message:
inotify-tools buffer overflow
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.114
retrieving revision 1.115
diff -u -r1.114 -r1.115
--- fc7 21 Sep 2007 06:43:46 -0000 1.114
+++ fc7 21 Sep 2007 07:40:08 -0000 1.115
@@ -8,6 +8,7 @@
# Up to date CVE as of CVE email 20070914
# Up to date FC7 as of 20070916
+GENERIC-MAP-NOMATCH VULNERABLE (inotify-tools) #299771
GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601
GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc6,1.264,1.265 fc7,1.113,1.114
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29230/audit
Modified Files:
fc6 fc7
Log Message:
kdm vulnerability
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.264
retrieving revision 1.265
diff -u -r1.264 -r1.265
--- fc6 20 Sep 2007 08:53:35 -0000 1.264
+++ fc6 21 Sep 2007 06:43:46 -0000 1.265
@@ -23,6 +23,7 @@
CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only)
CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011
CVE-2007-4657 VULNERABLE (php, fixed 5.2.4)
+CVE-2007-4569 VULNERABLE (kdebase) #299741
CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689]
CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -r1.113 -r1.114
--- fc7 20 Sep 2007 09:28:51 -0000 1.113
+++ fc7 21 Sep 2007 06:43:46 -0000 1.114
@@ -37,6 +37,7 @@
CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020]
CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
+CVE-2007-4569 VULNERABLE (kdebase) #299731
CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.112,1.113
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4025
Modified Files:
fc7
Log Message:
Libsndfile got a CVE
add balsa
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -r1.112 -r1.113
--- fc7 20 Sep 2007 08:53:35 -0000 1.112
+++ fc7 20 Sep 2007 09:28:51 -0000 1.113
@@ -8,9 +8,10 @@
# Up to date CVE as of CVE email 20070914
# Up to date FC7 as of 20070916
-GENERIC-MAP-NOMATCH VULNERABLE (libsndfile) #296221
+GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601
GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
+CVE-2007-4974 VULNERABLE (libsndfile) #296221
CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297551
CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc6,1.263,1.264 fc7,1.111,1.112
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29356/audit
Modified Files:
fc6 fc7
Log Message:
ekiga / opal tracking bugs.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.263
retrieving revision 1.264
diff -u -r1.263 -r1.264
--- fc6 19 Sep 2007 15:39:17 -0000 1.263
+++ fc6 20 Sep 2007 08:53:35 -0000 1.264
@@ -8,8 +8,8 @@
# Up to date FC6 as of 20070916
CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
-CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10
-CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8
+CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297561
+CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 #297561
CVE-2007-4829 VULNERABLE (perl-Archive-Tar)
CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9)
CVE-2007-4752 VULNERABLE (openssh) #280471
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.111
retrieving revision 1.112
diff -u -r1.111 -r1.112
--- fc7 19 Sep 2007 15:39:17 -0000 1.111
+++ fc7 20 Sep 2007 08:53:35 -0000 1.112
@@ -12,7 +12,7 @@
GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
-CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10
+CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297551
CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8
CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc6,1.262,1.263 fc7,1.110,1.111
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24650/audit
Modified Files:
fc6 fc7
Log Message:
Few more issues.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.262
retrieving revision 1.263
diff -u -r1.262 -r1.263
--- fc6 19 Sep 2007 13:24:50 -0000 1.262
+++ fc6 19 Sep 2007 15:39:17 -0000 1.263
@@ -7,7 +7,10 @@
# Up to date CVE as of CVE email 20070914
# Up to date FC6 as of 20070916
-CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9 ?)
+CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
+CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10
+CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8
+CVE-2007-4829 VULNERABLE (perl-Archive-Tar)
CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9)
CVE-2007-4752 VULNERABLE (openssh) #280471
CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694]
@@ -21,6 +24,8 @@
CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011
CVE-2007-4657 VULNERABLE (php, fixed 5.2.4)
CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689]
+CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
+CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4255 ignore (php) msql extension not shipped
CVE-2007-4251 ignore (openoffice.org) just a crash
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.110
retrieving revision 1.111
diff -u -r1.110 -r1.111
--- fc7 19 Sep 2007 13:24:50 -0000 1.110
+++ fc7 19 Sep 2007 15:39:17 -0000 1.111
@@ -11,11 +11,14 @@
GENERIC-MAP-NOMATCH VULNERABLE (libsndfile) #296221
GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-4897 version (ekiga, version 2.0.9 ?)
+CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
+CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10
+CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8
CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
CVE-2007-4841 ignore (mozilla suite) Windows only
CVE-2007-4840 ignore (php)
+CVE-2007-4829 VULNERABLE (perl-Archive-Tar)
CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881
CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) in updates-testing
CVE-2007-4752 VULNERABLE (openssh) #280461
@@ -36,7 +39,7 @@
CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
-CVE-2007-4558 version (star, fixed 1.5a84) [since FEDORA-2007-1852]
+CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]
CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
RE: Separate list for commits
by Dan Davis
Lubomir Kundrak wrote:
> Well, that sounds fair, but be warned, that the audit files are
specially for our
> track and doesn't have to be 100% reliable. Watching the package
announce list
> for [SECURITY] things can be always relied on, though it will have
some latency
> compared to this, as packagers need time to roll updates. Anyways,
knowing about
> the vulnerability and not having the updated package avaliable is not
always usable.
I'll be subscribing to the package announce list, and maybe using the
commit log less.
> So you are for separating the lists. Is the only issue the name of the
list? In
> that case, the CVS logs traditionally go to -commits mailing lists. I
assume it
> won't be much of an issue for you to subscribe to that one and
unsubscribe this
> one eventually, if you're not interested in discussions, just in raw
audit data.
Not really hard to resubscribe -- I just viewed the discussion as my
opportunity
to find out what is the best way to keep up to date on Fedora security
issues.
16 years, 7 months
fedora-security/audit fc6,1.261,1.262 fc7,1.109,1.110
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4111
Modified Files:
fc6 fc7
Log Message:
wpa_supplicant was no problem.
added libsndfile.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.261
retrieving revision 1.262
diff -u -r1.261 -r1.262
--- fc6 18 Sep 2007 15:43:23 -0000 1.261
+++ fc6 19 Sep 2007 13:24:50 -0000 1.262
@@ -7,7 +7,6 @@
# Up to date CVE as of CVE email 20070914
# Up to date FC6 as of 20070916
-GENERIC-MAP-NOMATCH VULNERABLE (wpa_supplicant) #293011
CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9 ?)
CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9)
CVE-2007-4752 VULNERABLE (openssh) #280471
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.109
retrieving revision 1.110
diff -u -r1.109 -r1.110
--- fc7 18 Sep 2007 15:43:23 -0000 1.109
+++ fc7 19 Sep 2007 13:24:50 -0000 1.110
@@ -8,9 +8,9 @@
# Up to date CVE as of CVE email 20070914
# Up to date FC7 as of 20070916
+GENERIC-MAP-NOMATCH VULNERABLE (libsndfile) #296221
GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-GENERIC-MAP-NOMATCH VULNERABLE (wpa_supplicant) #293011
CVE-2007-4897 version (ekiga, version 2.0.9 ?)
CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
Re: Separate list for commits
by Dan Davis
I subscribe to this list so I can get alerted to new CVE related bugs.
While the audit files change log was hard to understand at first, I can
now easily scan for packages my server relies on, and run yum to get new
packages if something is fixed.
Is there a better way for me to learn about vulnerabilities? If this is
the preferred way, then it would be nice to keep the commit log on this
list, so I don't have to subscribe to both. I'd also argue that if this
is the preferred way, then a new list for security discussions would be
a better way to change things.
-----Original Message-----
From: fedora-security-list-bounces(a)redhat.com
[mailto:fedora-security-list-bounces@redhat.com] On Behalf Of
fedora-security-list-request(a)redhat.com
Sent: Tuesday, September 18, 2007 12:00 PM
To: fedora-security-list(a)redhat.com
Subject: Fedora-security-list Digest, Vol 19, Issue 15
Send Fedora-security-list mailing list submissions to
fedora-security-list(a)redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/fedora-security-list
or, via email, send a message with subject or body 'help' to
fedora-security-list-request(a)redhat.com
You can reach the person managing the list at
fedora-security-list-owner(a)redhat.com
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Fedora-security-list digest..."
Today's Topics:
1. Re: Separate list for commits (Kevin Fenzi)
2. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS
vulnerabilities (bugzilla(a)redhat.com)
3. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS
vulnerabilities (bugzilla(a)redhat.com)
4. Re: Separate list for commits (Lubomir Kundrak)
5. Re: Separate list for commits (Eugene Teo)
6. [RFC] Tracking bugs for Fedora; managing security flaws in
multiple supported releases (Lubomir Kundrak)
7. fedora-security/audit fc6,1.260,1.261 fc7,1.108,1.109
(Tomas Hoger (thoger))
----------------------------------------------------------------------
Message: 1
Date: Mon, 17 Sep 2007 15:22:35 -0600
From: Kevin Fenzi <kevin(a)tummy.com>
Subject: Re: Separate list for commits
To: fedora-security-list(a)redhat.com
Message-ID: <20070917152235.22da91ac(a)ghistelwchlohm.scrye.com>
Keywords: Debian-sarge
Content-Type: text/plain; charset="us-ascii"
On Mon, 17 Sep 2007 17:27:47 +0200
Lubomir Kundrak <lkundrak(a)redhat.com> wrote:
> Hi all,
>
> Wit the volume of the commit messagaes and bugzilla mails this list
> became less suited for discussions. Would anyone mind creating another
> list, say fedora-security-commits-list, where would that sort of mails
> go?
I filter such emails into another box, so discussion shows up just fine
here.
Perhaps we could use mailman "Topics" support better here?
ie, make all bugzilla and commits emails have their own topic.
If you just subscribe you get everything, but if you don't want
everything you can change your topics so you don't get the things you
don't want?
Or for that matter, perhaps we could just get the regular commits list
to have a security topic for people who only want security commits?
Just a thought.
> Regards,
kevin
16 years, 7 months