fedora-security/audit fc6,1.255,1.256 fc7,1.100,1.101
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25374/audit
Modified Files:
fc6 fc7
Log Message:
Add ekiga, wordpress
Track updates release to FC6 & F7
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.255
retrieving revision 1.256
diff -u -r1.255 -r1.256
--- fc6 11 Sep 2007 17:49:30 -0000 1.255
+++ fc6 17 Sep 2007 07:53:32 -0000 1.256
@@ -4,9 +4,10 @@
# *CVE are items that need verification for Fedora Core 6
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070910
-# Up to date FC6 as of 20070910
+# Up to date CVE as of CVE email 20070914
+# Up to date FC6 as of 20070916
+CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9 ?)
CVE-2007-4752 VULNERABLE (openssh) #280471
CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694]
CVE-2007-4730 VULNERABLE (xorg-x11) #286061
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -r1.100 -r1.101
--- fc7 12 Sep 2007 20:26:35 -0000 1.100
+++ fc7 17 Sep 2007 07:53:32 -0000 1.101
@@ -5,16 +5,19 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20070910
-# Up to date FC7 as of 20070910
+# Up to date CVE as of CVE email 20070914
+# Up to date FC7 as of 20070916
+CVE-2007-4897 version (ekiga, version 2.0.9 ?)
+CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
+CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
CVE-2007-4841 ignore (mozilla suite) Windows only
CVE-2007-4840 ignore (php)
CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881
CVE-2007-4752 VULNERABLE (openssh) #280461
CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
CVE-2007-4730 VULNERABLE (xorg-x11) #286051
-CVE-2007-4727 VULNERABLE (lighttpd) #284511
+CVE-2007-4727 version (lighttpd) #284511 [since FEDORA-2007-2132]
CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
@@ -58,7 +61,7 @@
CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885]
-CVE-2007-4138 VULNERABLE (samba, fixed 3.0.26) #286311
+CVE-2007-4138 version (samba, fixed 3.0.26) #286311 [since FEDORA-2007-2145]
CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852]
CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890]
CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit epel5,1.2,1.3
by fedora-extras-commits@redhat.com
Author: kevin
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31447
Modified Files:
epel5
Log Message:
Process a bunch more epel5 packages
Index: epel5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/epel5,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- epel5 5 Sep 2007 04:53:03 -0000 1.2
+++ epel5 14 Sep 2007 00:23:19 -0000 1.3
@@ -3,112 +3,115 @@
# *CVE are items that need verification for EPEL-5
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070829
-# Up to date EPEL5 as of
+# Up to date CVE as of CVE email 20070910
+# Up to date EPEL5 as of 20070910
#
-*CVE-2007-4631 VULNERABLE (qgit) #268381
-*CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
-*CVE-2007-4560 VULNERABLE (clamav) #260583
-*CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
-*CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561
-*CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
-*CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
-*CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
-*CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
-*CVE-2007-4400 VULNERABLE (konversation) #253545
-*CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
-*CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643
-*CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-*CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-*CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-*CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-*CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-*CVE-2007-3725 ** (clamav)
-*CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10)
-*CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445]
-*CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904]
+*CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881
+CVE-2007-4727 version (lighttpd, fixed 1.4.18) #284511
+CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
+CVE-2007-4631 version (qgit, fixed 1.5.7) #268381
+CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
+CVE-2007-4560 VULNERABLE (clamav) #260583
+CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021
+CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561
+CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021
+CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021
+CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
+*CVE-2007-4462 version (po4a) #253541
+CVE-2007-4400 VULNERABLE (konversation) #253545
+CVE-2007-4323 backport (denyhosts) #252291
+*CVE-2007-4321 backport (fail2ban) #252290
+CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162
+CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162
+CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162
+CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162
+CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162
+CVE-2007-3725 ** (clamav)
+CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10)
+CVE-2007-3555 version (moodle) #247528
+CVE-2007-3528 version (dar, fixed 2.3.4) #246760
*CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383]
-*CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
-*CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
-*CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
-*CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
-*CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
-*CVE-2007-3113 VULNERABLE (cacti) #243592
-*CVE-2007-3112 VULNERABLE (cacti) #243592
-*CVE-2007-3025 ignore (clamav, Solaris only)
-*CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
-*CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
-*CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469]
-*CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
-*CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154]
-*CVE-2007-2637 patch (moin, fixed 1.5.7-2)
-*CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
+CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
+CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591
+CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591
+CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3113 VULNERABLE (cacti) #243592
+CVE-2007-3112 VULNERABLE (cacti) #243592
+CVE-2007-3025 ignore (clamav, Solaris only)
+CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489
+CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
+CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395
+CVE-2007-2637 patch (moin, fixed 1.5.7-2)
+CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
*CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615
-*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
-*CVE-2007-2165 VULNERABLE (proftpd) #237533
-*CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219
-*CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
-*CVE-2007-1997 version (clamav, fixed in 0.90.2)
-*CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
-*CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
-*CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703
-*CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
-*CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
-*CVE-2007-1546 version (nas, fixed 1.8a-2) #233353
-*CVE-2007-1545 version (nas, fixed 1.8a-2) #233353
-*CVE-2007-1544 version (nas, fixed 1.8a-2) #233353
-*CVE-2007-1543 version (nas, fixed 1.8a-2) #233353
+CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
+CVE-2007-2165 VULNERABLE (proftpd) #237533
+CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
+CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2)
+CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
+CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
+CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703
+CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
+CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
+CVE-2007-1546 version (nas, fixed 1.8a-2) #233353
+CVE-2007-1545 version (nas, fixed 1.8a-2) #233353
+CVE-2007-1544 version (nas, fixed 1.8a-2) #233353
+CVE-2007-1543 version (nas, fixed 1.8a-2) #233353
*CVE-2007-1515 version (imp, fixed 4.1.4)
*CVE-2007-1474 version (horde, fixed 3.1.4)
*CVE-2007-1474 ignore (imp, < 4.x only)
*CVE-2007-1473 version (horde, fixed 3.1.4)
-*CVE-2007-1429 version (moodle, fixed 1.6.5) #232103
-*CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729
-*CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729
-*CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5)
-*CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2)
-*CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728
-*CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2)
+CVE-2007-1429 version (moodle, fixed 1.6.5) #232103
+CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729
+CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729
+CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5)
+CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2)
+CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728
+CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2)
*CVE-2007-1263 version (gpgme, fixed 1.1.4)
*CVE-2007-1055 version (mediawiki, fixed 1.8.3)
*CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
-*CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764
-*CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764
-*CVE-2007-0898 version (clamav, fixed 0.90) #229202
-*CVE-2007-0897 version (clamav, fixed 0.90) #229202
+CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764
+CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764
+CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202
+CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202
*CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
-*CVE-2007-0857 version (moin, fixed 1.5.7) #228139
-*CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
+CVE-2007-0857 version (moin, fixed 1.5.7) #228139
+CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
*CVE-2007-0469 version (rubygems, fixed 0.9.1)
-*CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only)
-*CVE-2007-0242 patch (qt4, fixed 4.2.3-7)
-*CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
+CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only)
+CVE-2007-0242 VULNERABLE (qt4, fixed 4.2.3-7)
+CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
*CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958
*CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694
-*CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233
-*CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1)
-*CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1)
-*CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1)
-*CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410
-*CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
-*CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
-*CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
-*CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
-*CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938
-*CVE-2006-6481 version (clamav, fixed 0.88.7)
-*CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
+CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233
+CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1)
+CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1)
+CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1)
+CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410
+CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
+CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
+CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
+CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
+CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938
+CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7)
+CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095
*CVE-2006-6374 ** (phpMyAdmin) #218853
-*CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
-*CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
+CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
+CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
*CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821
-*CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820
-*CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820
+CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820
+CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820
*CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950
*CVE-2006-6085 version (kile, fixed 1.9.3) #217238
-*CVE-2006-5874 version (clamav, fixed 0.88.1)
-*CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136
-*CVE-2006-5848 version (trac, fixed 0.10.1) #215077
-*CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
+CVE-2006-5874 version (clamav, fixed 0.88.1)
+CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136
+CVE-2006-5848 version (trac, fixed 0.10.1) #215077
+CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
CVE-2006-5602 version (xsupplicant, fixed 1.2.6)
CVE-2006-5601 version (xsupplicant, fixed 1.2.8) #212700
CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.99,1.100
by fedora-extras-commits@redhat.com
Author: bressers
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12905
Modified Files:
fc7
Log Message:
Add some CVE ids
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -r1.99 -r1.100
--- fc7 12 Sep 2007 18:24:08 -0000 1.99
+++ fc7 12 Sep 2007 20:26:35 -0000 1.100
@@ -8,6 +8,8 @@
# Up to date CVE as of CVE email 20070910
# Up to date FC7 as of 20070910
+CVE-2007-4841 ignore (mozilla suite) Windows only
+CVE-2007-4840 ignore (php)
CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881
CVE-2007-4752 VULNERABLE (openssh) #280461
CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.98,1.99
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23837/audit
Modified Files:
fc7
Log Message:
mediawiki cve name
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -r1.98 -r1.99
--- fc7 12 Sep 2007 16:17:07 -0000 1.98
+++ fc7 12 Sep 2007 18:24:08 -0000 1.99
@@ -8,7 +8,7 @@
# Up to date CVE as of CVE email 20070910
# Up to date FC7 as of 20070910
-GENERIC-MAP-NOMATCH VULNERABLE (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881
+CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881
CVE-2007-4752 VULNERABLE (openssh) #280461
CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
CVE-2007-4730 VULNERABLE (xorg-x11) #286051
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.97,1.98
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2338/audit
Modified Files:
fc7
Log Message:
mediawiki XSS
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -r1.97 -r1.98
--- fc7 11 Sep 2007 17:49:30 -0000 1.97
+++ fc7 12 Sep 2007 16:17:07 -0000 1.98
@@ -8,6 +8,7 @@
# Up to date CVE as of CVE email 20070910
# Up to date FC7 as of 20070910
+GENERIC-MAP-NOMATCH VULNERABLE (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881
CVE-2007-4752 VULNERABLE (openssh) #280461
CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
CVE-2007-4730 VULNERABLE (xorg-x11) #286051
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc6,1.254,1.255 fc7,1.96,1.97
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5379/audit
Modified Files:
fc6 fc7
Log Message:
Add few more issues
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.254
retrieving revision 1.255
diff -u -r1.254 -r1.255
--- fc6 11 Sep 2007 17:24:18 -0000 1.254
+++ fc6 11 Sep 2007 17:49:30 -0000 1.255
@@ -7,7 +7,9 @@
# Up to date CVE as of CVE email 20070910
# Up to date FC6 as of 20070910
+CVE-2007-4752 VULNERABLE (openssh) #280471
CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694]
+CVE-2007-4730 VULNERABLE (xorg-x11) #286061
CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- fc7 11 Sep 2007 17:24:18 -0000 1.96
+++ fc7 11 Sep 2007 17:49:30 -0000 1.97
@@ -8,8 +8,10 @@
# Up to date CVE as of CVE email 20070910
# Up to date FC7 as of 20070910
-CVE-2007-4727 VULNERABLE (lighttpd) #284511
+CVE-2007-4752 VULNERABLE (openssh) #280461
CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
+CVE-2007-4730 VULNERABLE (xorg-x11) #286051
+CVE-2007-4727 VULNERABLE (lighttpd) #284511
CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
@@ -290,7 +292,7 @@
CVE-2007-1463 version (inkscape, fixed 0.45.1)
CVE-2007-1460 version (php, fixed 5.2.2)
CVE-2007-1429 version (moodle, fixed 1.6.5) #232103
-*CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604
+CVE-2007-1420 version (mysql, fixed 5.0.36) #232604
CVE-2007-1413 ignore (php) Windows NT SNMP specific
CVE-2007-1412 ignore (php) unshipped cpdf extension
CVE-2007-1411 ignore (php) unshipped mssql extension
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc6,1.253,1.254 fc7,1.95,1.96
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4695/audit
Modified Files:
fc6 fc7
Log Message:
Note Fedora updates.
Clean-up some old stuff.
Move few misplaced lines.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.253
retrieving revision 1.254
diff -u -r1.253 -r1.254
--- fc6 7 Sep 2007 08:42:54 -0000 1.253
+++ fc6 11 Sep 2007 17:24:18 -0000 1.254
@@ -4,10 +4,10 @@
# *CVE are items that need verification for Fedora Core 6
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070907
-# Up to date FC6 as of 20070905
+# Up to date CVE as of CVE email 20070910
+# Up to date FC6 as of 20070910
-CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix
+CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694]
CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
@@ -42,8 +42,9 @@
CVE-2007-3820 ** (kdebase) #248537
CVE-2007-3799 ** (php)
CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654]
-CVE-2007-3782 ** (mysql)
-CVE-2007-3781 ** (mysql)
+CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44)
+CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44)
+CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44)
CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655]
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- fc7 10 Sep 2007 12:20:21 -0000 1.95
+++ fc7 11 Sep 2007 17:24:18 -0000 1.96
@@ -5,11 +5,11 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20070907
-# Up to date FC7 as of 20070905
+# Up to date CVE as of CVE email 20070910
+# Up to date FC7 as of 20070910
CVE-2007-4727 VULNERABLE (lighttpd) #284511
-CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix
+CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
@@ -20,19 +20,19 @@
CVE-2007-4657 VULNERABLE (php, fixed 5.2.4)
CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020]
CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
-CVE-2007-4631 VULNERABLE (qgit) #268381
+CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
-CVE-2007-4560 VULNERABLE (clamav) #260583
+CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
CVE-2007-4558 version (star, fixed 1.5a84) [since FEDORA-2007-1852]
CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]
CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
-CVE-2007-4534 backport (vavoom) #256621 [since CVE-2007-4533]
-CVE-2007-4533 backport (vavoom) #256621 [since CVE-2007-4533]
-CVE-2007-4532 backport (vavoom) #256621 [since CVE-2007-4533]
-CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
+CVE-2007-4534 backport (vavoom) #256621 [since FEDORA-2007-1977]
+CVE-2007-4533 backport (vavoom) #256621 [since FEDORA-2007-1977]
+CVE-2007-4532 backport (vavoom) #256621 [since FEDORA-2007-1977]
+CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 [since FEDORA-2007-2050]
CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
CVE-2007-4400 VULNERABLE (konversation) #253545
@@ -53,6 +53,7 @@
CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885]
+CVE-2007-4138 VULNERABLE (samba, fixed 3.0.26) #286311
CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852]
CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890]
CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765]
@@ -77,15 +78,16 @@
CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699]
CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700]
CVE-2007-3799 ** (php)
-CVE-2007-3781 ** (mysql)
-CVE-2007-3782 ** (mysql)
+CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44)
+CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44)
+CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44)
CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620]
CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3735 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3728 ignore (libsilc, 1.1.1 only)
-CVE-2007-3725 ** (clamav)
+CVE-2007-3725 version (clamav) [since FEDORA-2007-2050]
CVE-2007-3713 backport (centericq) #247979 [since FEDORA-2007-1160]
CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130]
@@ -98,13 +100,13 @@
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033]
CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045]
-CVE-2007-3478 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3477 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3476 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3475 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3474 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3473 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3472 VULNERABLE (gd, fixed 2.0.35) #277411
+CVE-2007-3478 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3477 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3476 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3475 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3474 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3473 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3472 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
CVE-2007-3410 backport (HelixPlayer) #245838 [since FEDORA-2007-0756]
CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807
CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
@@ -130,28 +132,27 @@
CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3239 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3238 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
-CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366]
CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
-CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444]
-CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765]
-CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
-CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674]
CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
CVE-2007-3145 VULNERABLE (galeon) **
CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3126 ignore (gimp) just a crash
-CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
+CVE-2007-3122 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
CVE-2007-3121 version (zvbi, fixed 0.2.25) [since FEDORA-2007-0175]
*CVE-2007-3113 VULNERABLE (cacti) #243592
*CVE-2007-3112 VULNERABLE (cacti) #243592
+CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444]
+CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765]
+CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
+CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3089 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3025 ignore (clamav, Solaris only)
-CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3024 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
+CVE-2007-3023 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
CVE-2007-3007 ignore (php) safe mode isn't safe
*CVE-2007-2975 (openfire)
CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009]
@@ -182,7 +183,7 @@
CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033]
CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
CVE-2007-2683 backport (mutt)
-*CVE-2007-2654 VULNERABLE (xfsdump) #240396
+CVE-2007-2654 version (xfsdump) #240396
CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154]
CVE-2007-2645 backport (libexif) #240055 [since FEDORA-2007-0414]
*CVE-2007-2637 patch (moin, fixed 1.5.7-2)
@@ -222,8 +223,8 @@
*CVE-2007-2165 VULNERABLE (proftpd) #237533
CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174]
CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1)
-CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219
-*CVE-2007-2028 (freeradius)
+CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
+CVE-2007-2028 version (freeradius)
*CVE-2007-2026 (file)
CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
CVE-2007-1997 version (clamav, fixed in 0.90.2)
@@ -297,7 +298,7 @@
CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729
CVE-2007-1401 ignore (php) unshipped cracklib extension
CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5)
-*CVE-2007-1398 ignore (snort, inline mode not shipped) #232109
+CVE-2007-1398 ignore (snort, inline mode not shipped) #232109, new upstream [since FEDORA-2007-2060]
CVE-2007-1396 ignore (php) feature, not a flaw
*CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2)
*CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3)
@@ -622,7 +623,7 @@
*CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
*CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
-*CVE-2006-5276 VULNERABLE (snort) #229265
+CVE-2006-5276 version (snort) #229265 [since FEDORA-2007-2060]
CVE-2006-5229 ignore (openssh) not reproduced
CVE-2006-5215 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-1409]
*CVE-2006-5215 version (xorg-x11-xdm)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months
fedora-security/audit fc7,1.94,1.95
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24230
Modified Files:
fc7
Log Message:
lighttpd
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- fc7 7 Sep 2007 08:42:54 -0000 1.94
+++ fc7 10 Sep 2007 12:20:21 -0000 1.95
@@ -8,6 +8,7 @@
# Up to date CVE as of CVE email 20070907
# Up to date FC7 as of 20070905
+CVE-2007-4727 VULNERABLE (lighttpd) #284511
CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix
CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 7 months