September 2007 - security [ARCHIVED]

fedora-security/audit fc6,1.255,1.256 fc7,1.100,1.101

by fedora-extras-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25374/audit Modified Files: fc6 fc7 Log Message: Add ekiga, wordpress Track updates release to FC6 & F7 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.255 retrieving revision 1.256 diff -u -r1.255 -r1.256 --- fc6 11 Sep 2007 17:49:30 -0000 1.255 +++ fc6 17 Sep 2007 07:53:32 -0000 1.256 @@ -4,9 +4,10 @@ # *CVE are items that need verification for Fedora Core 6 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070910 -# Up to date FC6 as of 20070910 +# Up to date CVE as of CVE email 20070914 +# Up to date FC6 as of 20070916 +CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9 ?) CVE-2007-4752 VULNERABLE (openssh) #280471 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] CVE-2007-4730 VULNERABLE (xorg-x11) #286061 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.100 retrieving revision 1.101 diff -u -r1.100 -r1.101 --- fc7 12 Sep 2007 20:26:35 -0000 1.100 +++ fc7 17 Sep 2007 07:53:32 -0000 1.101 @@ -5,16 +5,19 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Up to date CVE as of CVE email 20070910 -# Up to date FC7 as of 20070910 +# Up to date CVE as of CVE email 20070914 +# Up to date FC7 as of 20070916 +CVE-2007-4897 version (ekiga, version 2.0.9 ?) +CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] +CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4841 ignore (mozilla suite) Windows only CVE-2007-4840 ignore (php) CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4730 VULNERABLE (xorg-x11) #286051 -CVE-2007-4727 VULNERABLE (lighttpd) #284511 +CVE-2007-4727 version (lighttpd) #284511 [since FEDORA-2007-2132] CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf @@ -58,7 +61,7 @@ CVE-2007-4153 ignore (wordpress) "remote authenticated administrators" CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885] -CVE-2007-4138 VULNERABLE (samba, fixed 3.0.26) #286311 +CVE-2007-4138 version (samba, fixed 3.0.26) #286311 [since FEDORA-2007-2145] CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852] CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890] CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765] -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit epel5,1.2,1.3

by fedora-extras-commits＠redhat.com

Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31447 Modified Files: epel5 Log Message: Process a bunch more epel5 packages Index: epel5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel5,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- epel5 5 Sep 2007 04:53:03 -0000 1.2 +++ epel5 14 Sep 2007 00:23:19 -0000 1.3 @@ -3,112 +3,115 @@ # *CVE are items that need verification for EPEL-5 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070829 -# Up to date EPEL5 as of +# Up to date CVE as of CVE email 20070910 +# Up to date EPEL5 as of 20070910 # -*CVE-2007-4631 VULNERABLE (qgit) #268381 -*CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 -*CVE-2007-4560 VULNERABLE (clamav) #260583 -*CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -*CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561 -*CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -*CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -*CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 -*CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] -*CVE-2007-4400 VULNERABLE (konversation) #253545 -*CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] -*CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643 -*CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3725 ** (clamav) -*CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) -*CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445] -*CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904] +*CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 +CVE-2007-4727 version (lighttpd, fixed 1.4.18) #284511 +CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 +CVE-2007-4631 version (qgit, fixed 1.5.7) #268381 +CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 +CVE-2007-4560 VULNERABLE (clamav) #260583 +CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 +CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561 +CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 +CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 +CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 +*CVE-2007-4462 version (po4a) #253541 +CVE-2007-4400 VULNERABLE (konversation) #253545 +CVE-2007-4323 backport (denyhosts) #252291 +*CVE-2007-4321 backport (fail2ban) #252290 +CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3725 ** (clamav) +CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) +CVE-2007-3555 version (moodle) #247528 +CVE-2007-3528 version (dar, fixed 2.3.4) #246760 *CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383] -*CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) -*CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] -*CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] -*CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3113 VULNERABLE (cacti) #243592 -*CVE-2007-3112 VULNERABLE (cacti) #243592 -*CVE-2007-3025 ignore (clamav, Solaris only) -*CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469] -*CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 -*CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] -*CVE-2007-2637 patch (moin, fixed 1.5.7-2) -*CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) +CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3113 VULNERABLE (cacti) #243592 +CVE-2007-3112 VULNERABLE (cacti) #243592 +CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 +CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 +CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395 +CVE-2007-2637 patch (moin, fixed 1.5.7-2) +CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 -*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 -*CVE-2007-2165 VULNERABLE (proftpd) #237533 -*CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) -*CVE-2007-1997 version (clamav, fixed in 0.90.2) -*CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 -*CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 -*CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 +CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 +CVE-2007-2165 VULNERABLE (proftpd) #237533 +CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) +CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2) +CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703 +CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 +CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1515 version (imp, fixed 4.1.4) *CVE-2007-1474 version (horde, fixed 3.1.4) *CVE-2007-1474 ignore (imp, < 4.x only) *CVE-2007-1473 version (horde, fixed 3.1.4) -*CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 -*CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 -*CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 -*CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) -*CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) -*CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 -*CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) +CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 +CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 +CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 +CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) +CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) +CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 +CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1263 version (gpgme, fixed 1.1.4) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) *CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] -*CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 -*CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 -*CVE-2007-0898 version (clamav, fixed 0.90) #229202 -*CVE-2007-0897 version (clamav, fixed 0.90) #229202 +CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 +CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 +CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202 +CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202 *CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 -*CVE-2007-0857 version (moin, fixed 1.5.7) #228139 -*CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 +CVE-2007-0857 version (moin, fixed 1.5.7) #228139 +CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 *CVE-2007-0469 version (rubygems, fixed 0.9.1) -*CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) -*CVE-2007-0242 patch (qt4, fixed 4.2.3-7) -*CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 +CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) +CVE-2007-0242 VULNERABLE (qt4, fixed 4.2.3-7) +CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 *CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 -*CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 -*CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 -*CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) -*CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) -*CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 -*CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 -*CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 -*CVE-2006-6481 version (clamav, fixed 0.88.7) -*CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 +CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 +CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 +CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) +CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) +CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 +CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 +CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 +CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7) +CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095 *CVE-2006-6374 ** (phpMyAdmin) #218853 -*CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 -*CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 +CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 +CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 -*CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 -*CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 +CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 +CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950 *CVE-2006-6085 version (kile, fixed 1.9.3) #217238 -*CVE-2006-5874 version (clamav, fixed 0.88.1) -*CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 -*CVE-2006-5848 version (trac, fixed 0.10.1) #215077 -*CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 +CVE-2006-5874 version (clamav, fixed 0.88.1) +CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 +CVE-2006-5848 version (trac, fixed 0.10.1) #215077 +CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 CVE-2006-5602 version (xsupplicant, fixed 1.2.6) CVE-2006-5601 version (xsupplicant, fixed 1.2.8) #212700 CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc7,1.99,1.100

by fedora-extras-commits＠redhat.com

Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12905 Modified Files: fc7 Log Message: Add some CVE ids Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.99 retrieving revision 1.100 diff -u -r1.99 -r1.100 --- fc7 12 Sep 2007 18:24:08 -0000 1.99 +++ fc7 12 Sep 2007 20:26:35 -0000 1.100 @@ -8,6 +8,8 @@ # Up to date CVE as of CVE email 20070910 # Up to date FC7 as of 20070910 +CVE-2007-4841 ignore (mozilla suite) Windows only +CVE-2007-4840 ignore (php) CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc7,1.98,1.99

by fedora-extras-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23837/audit Modified Files: fc7 Log Message: mediawiki cve name Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.98 retrieving revision 1.99 diff -u -r1.98 -r1.99 --- fc7 12 Sep 2007 16:17:07 -0000 1.98 +++ fc7 12 Sep 2007 18:24:08 -0000 1.99 @@ -8,7 +8,7 @@ # Up to date CVE as of CVE email 20070910 # Up to date FC7 as of 20070910 -GENERIC-MAP-NOMATCH VULNERABLE (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 +CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4730 VULNERABLE (xorg-x11) #286051 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc7,1.97,1.98

by fedora-extras-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2338/audit Modified Files: fc7 Log Message: mediawiki XSS Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.97 retrieving revision 1.98 diff -u -r1.97 -r1.98 --- fc7 11 Sep 2007 17:49:30 -0000 1.97 +++ fc7 12 Sep 2007 16:17:07 -0000 1.98 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070910 # Up to date FC7 as of 20070910 +GENERIC-MAP-NOMATCH VULNERABLE (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4730 VULNERABLE (xorg-x11) #286051 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc6,1.254,1.255 fc7,1.96,1.97

by fedora-extras-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5379/audit Modified Files: fc6 fc7 Log Message: Add few more issues Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.254 retrieving revision 1.255 diff -u -r1.254 -r1.255 --- fc6 11 Sep 2007 17:24:18 -0000 1.254 +++ fc6 11 Sep 2007 17:49:30 -0000 1.255 @@ -7,7 +7,9 @@ # Up to date CVE as of CVE email 20070910 # Up to date FC6 as of 20070910 +CVE-2007-4752 VULNERABLE (openssh) #280471 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] +CVE-2007-4730 VULNERABLE (xorg-x11) #286061 CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.96 retrieving revision 1.97 diff -u -r1.96 -r1.97 --- fc7 11 Sep 2007 17:24:18 -0000 1.96 +++ fc7 11 Sep 2007 17:49:30 -0000 1.97 @@ -8,8 +8,10 @@ # Up to date CVE as of CVE email 20070910 # Up to date FC7 as of 20070910 -CVE-2007-4727 VULNERABLE (lighttpd) #284511 +CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] +CVE-2007-4730 VULNERABLE (xorg-x11) #286051 +CVE-2007-4727 VULNERABLE (lighttpd) #284511 CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf @@ -290,7 +292,7 @@ CVE-2007-1463 version (inkscape, fixed 0.45.1) CVE-2007-1460 version (php, fixed 5.2.2) CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 -*CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 +CVE-2007-1420 version (mysql, fixed 5.0.36) #232604 CVE-2007-1413 ignore (php) Windows NT SNMP specific CVE-2007-1412 ignore (php) unshipped cpdf extension CVE-2007-1411 ignore (php) unshipped mssql extension -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

fedora-security/audit fc6,1.253,1.254 fc7,1.95,1.96

by fedora-extras-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4695/audit Modified Files: fc6 fc7 Log Message: Note Fedora updates. Clean-up some old stuff. Move few misplaced lines. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.253 retrieving revision 1.254 diff -u -r1.253 -r1.254 --- fc6 7 Sep 2007 08:42:54 -0000 1.253 +++ fc6 11 Sep 2007 17:24:18 -0000 1.254 @@ -4,10 +4,10 @@ # *CVE are items that need verification for Fedora Core 6 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070907 -# Up to date FC6 as of 20070905 +# Up to date CVE as of CVE email 20070910 +# Up to date FC6 as of 20070910 -CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix +CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf @@ -42,8 +42,9 @@ CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654] -CVE-2007-3782 ** (mysql) -CVE-2007-3781 ** (mysql) +CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44) CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655] CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.95 retrieving revision 1.96 diff -u -r1.95 -r1.96 --- fc7 10 Sep 2007 12:20:21 -0000 1.95 +++ fc7 11 Sep 2007 17:24:18 -0000 1.96 @@ -5,11 +5,11 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Up to date CVE as of CVE email 20070907 -# Up to date FC7 as of 20070905 +# Up to date CVE as of CVE email 20070910 +# Up to date FC7 as of 20070910 CVE-2007-4727 VULNERABLE (lighttpd) #284511 -CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix +CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf @@ -20,19 +20,19 @@ CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020] CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] -CVE-2007-4631 VULNERABLE (qgit) #268381 +CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108] CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] -CVE-2007-4560 VULNERABLE (clamav) #260583 +CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal CVE-2007-4558 version (star, fixed 1.5a84) [since FEDORA-2007-1852] CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018] CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -CVE-2007-4534 backport (vavoom) #256621 [since CVE-2007-4533] -CVE-2007-4533 backport (vavoom) #256621 [since CVE-2007-4533] -CVE-2007-4532 backport (vavoom) #256621 [since CVE-2007-4533] -CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 +CVE-2007-4534 backport (vavoom) #256621 [since FEDORA-2007-1977] +CVE-2007-4533 backport (vavoom) #256621 [since FEDORA-2007-1977] +CVE-2007-4532 backport (vavoom) #256621 [since FEDORA-2007-1977] +CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 [since FEDORA-2007-2050] CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774] CVE-2007-4400 VULNERABLE (konversation) #253545 @@ -53,6 +53,7 @@ CVE-2007-4153 ignore (wordpress) "remote authenticated administrators" CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885] +CVE-2007-4138 VULNERABLE (samba, fixed 3.0.26) #286311 CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852] CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890] CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765] @@ -77,15 +78,16 @@ CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699] CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700] CVE-2007-3799 ** (php) -CVE-2007-3781 ** (mysql) -CVE-2007-3782 ** (mysql) +CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44) CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620] CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3735 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3728 ignore (libsilc, 1.1.1 only) -CVE-2007-3725 ** (clamav) +CVE-2007-3725 version (clamav) [since FEDORA-2007-2050] CVE-2007-3713 backport (centericq) #247979 [since FEDORA-2007-1160] CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130] @@ -98,13 +100,13 @@ CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033] CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045] -CVE-2007-3478 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3477 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3476 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3475 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3474 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3473 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3472 VULNERABLE (gd, fixed 2.0.35) #277411 +CVE-2007-3478 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3477 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3476 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3475 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3474 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3473 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3472 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] CVE-2007-3410 backport (HelixPlayer) #245838 [since FEDORA-2007-0756] CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807 CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] @@ -130,28 +132,27 @@ CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3239 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3238 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] -CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366] CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) -CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444] -CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765] -CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] -CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674] CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] CVE-2007-3145 VULNERABLE (galeon) ** CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3126 ignore (gimp) just a crash -CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] +CVE-2007-3122 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] CVE-2007-3121 version (zvbi, fixed 0.2.25) [since FEDORA-2007-0175] *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 +CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444] +CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765] +CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] +CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] CVE-2007-3089 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3025 ignore (clamav, Solaris only) -CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3024 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] +CVE-2007-3023 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009] @@ -182,7 +183,7 @@ CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033] CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 CVE-2007-2683 backport (mutt) -*CVE-2007-2654 VULNERABLE (xfsdump) #240396 +CVE-2007-2654 version (xfsdump) #240396 CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] CVE-2007-2645 backport (libexif) #240055 [since FEDORA-2007-0414] *CVE-2007-2637 patch (moin, fixed 1.5.7-2) @@ -222,8 +223,8 @@ *CVE-2007-2165 VULNERABLE (proftpd) #237533 CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174] CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) -CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-2028 (freeradius) +CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] +CVE-2007-2028 version (freeradius) *CVE-2007-2026 (file) CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) CVE-2007-1997 version (clamav, fixed in 0.90.2) @@ -297,7 +298,7 @@ CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 CVE-2007-1401 ignore (php) unshipped cracklib extension CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) -*CVE-2007-1398 ignore (snort, inline mode not shipped) #232109 +CVE-2007-1398 ignore (snort, inline mode not shipped) #232109, new upstream [since FEDORA-2007-2060] CVE-2007-1396 ignore (php) feature, not a flaw *CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3) @@ -622,7 +623,7 @@ *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 -*CVE-2006-5276 VULNERABLE (snort) #229265 +CVE-2006-5276 version (snort) #229265 [since FEDORA-2007-2060] CVE-2006-5229 ignore (openssh) not reproduced CVE-2006-5215 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-1409] *CVE-2006-5215 version (xorg-x11-xdm) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

[Bug 240396] New: CVE-2007-2654: xfsdump file permissions issue

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240396 Summary: CVE-2007-2654: xfsdump file permissions issue Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: xfsdump AssignedTo: cattelan(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2654 "xfs_fsr in xfsdump creates a temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems." Patch from SUSE update attached. ------- Additional Comments From ville.skytta(a)iki.fi 2007-05-17 03:49 EST ------- Created an attachment (id=154896) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=154896&action=view) Patch from SUSE update -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 7 months

1
4
0 / 0

fedora-security/audit fc7,1.94,1.95

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24230 Modified Files: fc7 Log Message: lighttpd Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.94 retrieving revision 1.95 diff -u -r1.94 -r1.95 --- fc7 7 Sep 2007 08:42:54 -0000 1.94 +++ fc7 10 Sep 2007 12:20:21 -0000 1.95 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070907 # Up to date FC7 as of 20070905 +CVE-2007-4727 VULNERABLE (lighttpd) #284511 CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 7 months

1
0
0 / 0

[Bug 229265] CVE-2006-5276 Vulnerability in Snort DCE/RPC Preprocessor

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-5276 Vulnerability in Snort DCE/RPC Preprocessor https://bugzilla.redhat.com/show_bug.cgi?id=229265 updates(a)fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |2.7.0.1-3.fc7 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 7 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] September 2007