fedora-security/audit fc6,1.249,1.250 fc7,1.83,1.84
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16021
Modified Files:
fc6 fc7
Log Message:
fetchmail and clamav
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.249
retrieving revision 1.250
diff -u -r1.249 -r1.250
--- fc6 28 Aug 2007 09:02:09 -0000 1.249
+++ fc6 28 Aug 2007 16:44:20 -0000 1.250
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20070823
# Up to date FC6 as of 20070827
+CVE-2007-4565 VULNERABLE (fetchmail) #260881
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4255 ignore (php) msql extension not shipped
CVE-2007-4251 ignore (openoffice.org) just a crash
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- fc7 28 Aug 2007 10:19:21 -0000 1.83
+++ fc7 28 Aug 2007 16:44:20 -0000 1.84
@@ -8,6 +8,8 @@
# Up to date CVE as of CVE email 20070823
# Up to date FC7 as of 20070827
+CVE-2007-4565 VULNERABLE (fetchmail) #260861
+CVE-2007-4560 VULNERABLE (clamav) #260583
CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
[Bug 194511] CVE-2006-2894 arbitrary file read vulnerability
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2006-2894 arbitrary file read vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=194511
mcepl(a)redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |CLOSED
Resolution| |INSUFFICIENT_DATA
------- Additional Comments From mcepl(a)redhat.com 2007-08-28 10:36 EST -------
We haven't got any reply to the last question about reproducability of the bug
with Fedora Core 6, Fedora 7, or Fedora devel. Mass closing this bug, so if you
have new information that would help us fix this bug, please reopen it with the
additional information.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
16 years, 8 months
fedora-security/audit fc7,1.82,1.83
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17223
Modified Files:
fc7
Log Message:
12:17 <thoger> kto necommituje, bude pocas dlhych zimnych vecerov riesit konflikty...
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- fc7 28 Aug 2007 09:02:09 -0000 1.82
+++ fc7 28 Aug 2007 10:19:21 -0000 1.83
@@ -13,6 +13,9 @@
CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561
CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
+CVE-2007-4534 VULNERABLE (vavoom) #256621
+CVE-2007-4533 VULNERABLE (vavoom) #256621
+CVE-2007-4532 VULNERABLE (vavoom) #256621
CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
@@ -23,7 +26,9 @@
CVE-2007-4255 ignore (php) msql extension not shipped
CVE-2007-4251 ignore (openoffice.org) just a crash
CVE-2007-4229 ignore (kdebase) just an ASSERT fail
+CVE-2007-4255 backport (kdelibs) [since FEDORA-2007-1699]
CVE-2007-4225 backport (kdebase) [since FEDORA-2007-1700]
+CVE-2007-4224 backport (kdelibs) [since FEDORA-2007-1699]
CVE-2007-4224 backport (kdebase) [since FEDORA-2007-1700]
CVE-2007-4211 version (dovecot, fixed 1.0.3) #251008 [since FEDORA-2007-1485]
CVE-2007-4174 version (tor, fixed 0.1.2.16) [since FEDORA-2007-1674]
@@ -34,6 +39,8 @@
CVE-2007-4139 VULNERABLE (wordpress) #250751
CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852]
CVE-2007-4131 VULNERABLE (tar) #253684
+CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765]
+CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
@@ -49,6 +56,7 @@
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
+CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699]
CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700]
CVE-2007-3799 ** (php)
CVE-2007-3781 ** (mysql)
@@ -135,7 +143,7 @@
CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
CVE-2007-2925 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
CVE-2007-2894 backport (bochs) #241799 [since FEDORA-2007-1778]
-CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799 [since FEDORA-2007-1153]
+CVE-2007-2893 backport (bochs, fixed 2.3-5) #241799 [since FEDORA-2007-1153]
CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ]
CVE-2007-2874 remove-patch (wpa_supplicant) #242455 [since FEDORA-2007-0185]
CVE-2007-2873 version (spamassassin, fixed 3.2.1) [since FEDORA-2007-0390]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc6,1.248,1.249 fc7,1.81,1.82
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1491/audit
Modified Files:
fc6 fc7
Log Message:
More issues from CVE mail.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.248
retrieving revision 1.249
diff -u -r1.248 -r1.249
--- fc6 28 Aug 2007 07:21:53 -0000 1.248
+++ fc6 28 Aug 2007 09:02:09 -0000 1.249
@@ -65,6 +65,7 @@
CVE-2007-2868 version (mozilla) #241840 [since FEDORA-2007-549]
CVE-2007-2867 version (mozilla) #241840 [since FEDORA-2007-549]
CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-538]
+CVE-2007-2797 version (xterm)
CVE-2007-2453 version (kernel) [since FEDORA-2007-600]
CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600]
CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- fc7 28 Aug 2007 07:21:53 -0000 1.81
+++ fc7 28 Aug 2007 09:02:09 -0000 1.82
@@ -9,10 +9,11 @@
# Up to date FC7 as of 20070827
CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
-CVE-2007-4543 version (bugzilla, 3.0.1) #256021 [since FEDORA-2007-1853]
-CVE-2007-4539 version (bugzilla, 3.0.1) #256021 [since FEDORA-2007-1853]
-CVE-2007-4538 version (bugzilla, 3.0.1) #256021 [since FEDORA-2007-1853]
-CVE-2007-4510 VULNERABLE (clamav, 0.91.2) #253780
+CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
+CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561
+CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
+CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
+CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
CVE-2007-4400 VULNERABLE (konversation) #253545
@@ -24,7 +25,7 @@
CVE-2007-4229 ignore (kdebase) just an ASSERT fail
CVE-2007-4225 backport (kdebase) [since FEDORA-2007-1700]
CVE-2007-4224 backport (kdebase) [since FEDORA-2007-1700]
-CVE-2007-4211 version (dovecot, 1.0.3) #251008 [since FEDORA-2007-1485]
+CVE-2007-4211 version (dovecot, fixed 1.0.3) #251008 [since FEDORA-2007-1485]
CVE-2007-4174 version (tor, fixed 0.1.2.16) [since FEDORA-2007-1674]
GENERIC-MAP-NOMATCH version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414]
@@ -149,6 +150,7 @@
CVE-2007-2821 version (wordpress, fixed 2.2) #245211 [since FEDORA-2007-0894]
CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-0836]
CVE-2007-2798 version (krb5, 1.6.1) [since FEDORA-2007-0740]
+CVE-2007-2797 version (xterm) fixed in fc5 and fc6 before f7 release
CVE-2007-2768 ignore (openssh) needs pam OPIE which is not shipped.
CVE-2007-2756 ignore (gd) DoS only
CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc6,1.247,1.248 fc7,1.80,1.81
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15556/audit
Modified Files:
fc6 fc7
Log Message:
Mostly Fedora updates.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.247
retrieving revision 1.248
diff -u -r1.247 -r1.248
--- fc6 24 Aug 2007 13:06:22 -0000 1.247
+++ fc6 28 Aug 2007 07:21:53 -0000 1.248
@@ -5,7 +5,7 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# Up to date CVE as of CVE email 20070823
-# Up to date FC6 as of 20070823
+# Up to date FC6 as of 20070827
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4255 ignore (php) msql extension not shipped
@@ -20,7 +20,7 @@
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
-CVE-2007-3852 VULNERABLE (sysstat) #252296
+CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675]
CVE-2007-3847 VULNERABLE (httpd) #250756
CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
@@ -77,7 +77,7 @@
CVE-2007-1862 backport (httpd) #244660 [since FEDORA-2007-615]
CVE-2007-1861 version (kernel) [since FEDORA-2007-482]
CVE-2007-1856 backport (vixie-cron) #235882 [since FEDORA-2007-662]
-CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 [sconklin] Developer busy -- next week.
+CVE-2007-1841 backport (ipsec-tools) #238052 [since FEDORA-2007-665]
CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413]
CVE-2007-1667 backport (libX11) [since FEDORA-2007-426]
CVE-2007-1565 ignore (kdebase) client crash
@@ -204,7 +204,7 @@
CVE-2006-5469 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
CVE-2006-5468 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
CVE-2006-5467 backport (ruby) #212396 [since FEDORA-2006-1109]
-CVE-2006-5466 VULNERABLE (rpm) #212833
+CVE-2006-5466 version (rpm) #212833 [since FEDORA-2007-668]
CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169]
CVE-2006-5464 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
CVE-2006-5464 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -r1.80 -r1.81
--- fc7 24 Aug 2007 13:06:22 -0000 1.80
+++ fc7 28 Aug 2007 07:21:53 -0000 1.81
@@ -6,8 +6,12 @@
# A couple of first F7 updates were marked as FEDORA-2007-0001
# Up to date CVE as of CVE email 20070823
-# Up to date FC7 as of 20070823
+# Up to date FC7 as of 20070827
+CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
+CVE-2007-4543 version (bugzilla, 3.0.1) #256021 [since FEDORA-2007-1853]
+CVE-2007-4539 version (bugzilla, 3.0.1) #256021 [since FEDORA-2007-1853]
+CVE-2007-4538 version (bugzilla, 3.0.1) #256021 [since FEDORA-2007-1853]
CVE-2007-4510 VULNERABLE (clamav, 0.91.2) #253780
CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
@@ -27,7 +31,7 @@
CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 VULNERABLE (wordpress) #250751
-CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254128
+CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852]
CVE-2007-4131 VULNERABLE (tar) #253684
CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
@@ -124,7 +128,7 @@
CVE-2007-3007 ignore (php) safe mode isn't safe
*CVE-2007-2975 (openfire)
CVE-2007-2958 VULNERABLE (claws-mail) #254121
-CVE-2007-2958 VULNERABLE (sylpheed) #254123
+CVE-2007-2958 backport (sylpheed) #254123 [since FEDORA-2007-1841]
CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581]
CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725]
CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc6,1.246,1.247 fc7,1.79,1.80
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31650/audit
Modified Files:
fc6 fc7
Log Message:
add star directory traversal
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.246
retrieving revision 1.247
diff -u -r1.246 -r1.247
--- fc6 24 Aug 2007 10:27:36 -0000 1.246
+++ fc6 24 Aug 2007 13:06:22 -0000 1.247
@@ -14,6 +14,7 @@
CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664]
+CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254129
CVE-2007-4131 VULNERABLE (tar) #253684
CVE-2007-4029 VULNERABLE (libvorbis) #250600
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- fc7 24 Aug 2007 10:27:37 -0000 1.79
+++ fc7 24 Aug 2007 13:06:22 -0000 1.80
@@ -27,6 +27,7 @@
CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 VULNERABLE (wordpress) #250751
+CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254128
CVE-2007-4131 VULNERABLE (tar) #253684
CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc6, 1.245, 1.246 fc7, 1.78, 1.79 fe6, 1.132, 1.133
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3670/audit
Modified Files:
fc6 fc7 fe6
Log Message:
- CVE update
- Fedora update
- add CVE-2007-2958
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.245
retrieving revision 1.246
diff -u -r1.245 -r1.246
--- fc6 23 Aug 2007 10:30:39 -0000 1.245
+++ fc6 24 Aug 2007 10:27:36 -0000 1.246
@@ -4,8 +4,8 @@
# *CVE are items that need verification for Fedora Core 6
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070822
-# Up to date FC6 as of 20070820
+# Up to date CVE as of CVE email 20070823
+# Up to date FC6 as of 20070823
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4255 ignore (php) msql extension not shipped
@@ -20,6 +20,7 @@
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3852 VULNERABLE (sysstat) #252296
+CVE-2007-3847 VULNERABLE (httpd) #250756
CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- fc7 23 Aug 2007 10:30:39 -0000 1.78
+++ fc7 24 Aug 2007 10:27:37 -0000 1.79
@@ -5,11 +5,12 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20070822
-# Up to date FC7 as of 20070820
+# Up to date CVE as of CVE email 20070823
+# Up to date FC7 as of 20070823
-CVE-2007-4462 VULNERABLE (po4a) #253541
-CVE-2007-4460 VULNERABLE (id3lib) #253553
+CVE-2007-4510 VULNERABLE (clamav, 0.91.2) #253780
+CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
+CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
CVE-2007-4400 VULNERABLE (konversation) #253545
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
@@ -27,7 +28,7 @@
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 VULNERABLE (wordpress) #250751
CVE-2007-4131 VULNERABLE (tar) #253684
-CVE-2007-4029 VULNERABLE (libvorbis) #245991
+CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
@@ -36,6 +37,8 @@
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
+CVE-2007-3848 version (kernel) [since FEDORA-2007-1785]
+CVE-2007-3847 VULNERABLE (httpd) #250755
CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
@@ -99,7 +102,7 @@
CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366]
CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444]
-CVE-2007-3106 VULNERABLE (libvorbis) #245991
+CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674]
@@ -119,12 +122,13 @@
CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
CVE-2007-3007 ignore (php) safe mode isn't safe
*CVE-2007-2975 (openfire)
+CVE-2007-2958 VULNERABLE (claws-mail) #254121
+CVE-2007-2958 VULNERABLE (sylpheed) #254123
CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581]
CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725]
CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
CVE-2007-2925 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
-*CVE-2007-2894 VULNERABLE (bochs) #241799
-CVE-2007-2894 ignore (bochs, unreproducible) #241799
+CVE-2007-2894 backport (bochs) #241799 [since FEDORA-2007-1778]
CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799 [since FEDORA-2007-1153]
CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ]
CVE-2007-2874 remove-patch (wpa_supplicant) #242455 [since FEDORA-2007-0185]
@@ -332,7 +336,7 @@
CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
CVE-2007-0884 ignore (mimedefang 2.59/2.60 not shipped) #228757
CVE-2007-0857 version (moin, fixed 1.5.7) #228139
-CVE-2007-0844 VULNERABLE (pam_ssh, fixed 1.92) #253959
+CVE-2007-0844 version (pam_ssh, fixed 1.92) #253959 [since FEDORA-2007-1793]
CVE-2007-0823 ignore (xterm) feature, not a bug
CVE-2007-0822 ignore (util-linux) NULL dereference
CVE-2007-0780 version (seamonkey, fixed 1.0.8)
Index: fe6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fe6,v
retrieving revision 1.132
retrieving revision 1.133
diff -u -r1.132 -r1.133
--- fe6 9 Aug 2007 15:53:20 -0000 1.132
+++ fe6 24 Aug 2007 10:27:37 -0000 1.133
@@ -2,6 +2,7 @@
** are items that need attention
+CVE-2007-4510 VULNERABLE (clamav, 0.91.2) #253780
CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162
CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc6,1.244,1.245 fc7,1.77,1.78
by fedora-extras-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25528/audit
Modified Files:
fc6 fc7
Log Message:
Update - latest CVE feed.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.244
retrieving revision 1.245
diff -u -r1.244 -r1.245
--- fc6 22 Aug 2007 12:49:15 -0000 1.244
+++ fc6 23 Aug 2007 10:30:39 -0000 1.245
@@ -4,7 +4,7 @@
# *CVE are items that need verification for Fedora Core 6
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070820
+# Up to date CVE as of CVE email 20070822
# Up to date FC6 as of 20070820
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -r1.77 -r1.78
--- fc7 22 Aug 2007 12:49:15 -0000 1.77
+++ fc7 23 Aug 2007 10:30:39 -0000 1.78
@@ -5,7 +5,7 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20070820
+# Up to date CVE as of CVE email 20070822
# Up to date FC7 as of 20070820
CVE-2007-4462 VULNERABLE (po4a) #253541
@@ -332,6 +332,7 @@
CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
CVE-2007-0884 ignore (mimedefang 2.59/2.60 not shipped) #228757
CVE-2007-0857 version (moin, fixed 1.5.7) #228139
+CVE-2007-0844 VULNERABLE (pam_ssh, fixed 1.92) #253959
CVE-2007-0823 ignore (xterm) feature, not a bug
CVE-2007-0822 ignore (util-linux) NULL dereference
CVE-2007-0780 version (seamonkey, fixed 1.0.8)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months
fedora-security/audit fc6,1.243,1.244 fc7,1.76,1.77
by fedora-extras-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5806
Modified Files:
fc6 fc7
Log Message:
po4a, tomboy and id3lib got CVE names
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.243
retrieving revision 1.244
diff -u -r1.243 -r1.244
--- fc6 21 Aug 2007 08:39:05 -0000 1.243
+++ fc6 22 Aug 2007 12:49:15 -0000 1.244
@@ -7,7 +7,6 @@
# Up to date CVE as of CVE email 20070820
# Up to date FC6 as of 20070820
-GENERIC-MAP-NOMATCH VULNERABLE (tomboy) #252294
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4255 ignore (php) msql extension not shipped
CVE-2007-4251 ignore (openoffice.org) just a crash
@@ -689,6 +688,7 @@
CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug
CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug
CVE-2005-4798 version (kernel, not 2.6)
+CVE-2005-4790 (tomboy) #252294
CVE-2005-4784 ignore (glibc) struct dirent is big enough
CVE-2005-4746 version (freeradius, fixed 1.0.5)
CVE-2005-4745 version (freeradius, fixed 1.0.5)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -r1.76 -r1.77
--- fc7 21 Aug 2007 08:39:05 -0000 1.76
+++ fc7 22 Aug 2007 12:49:15 -0000 1.77
@@ -8,9 +8,8 @@
# Up to date CVE as of CVE email 20070820
# Up to date FC7 as of 20070820
-GENERIC-MAP-NOMATCH VULNERABLE (id3lib) #253553
-GENERIC-MAP-NOMATCH VULNERABLE (po4a) #253541
-GENERIC-MAP-NOMATCH VULNERABLE (tomboy) #252294
+CVE-2007-4462 VULNERABLE (po4a) #253541
+CVE-2007-4460 VULNERABLE (id3lib) #253553
CVE-2007-4400 VULNERABLE (konversation) #253545
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
@@ -1226,6 +1225,7 @@
CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug
CVE-2005-4803 version (graphviz, fixed 2.2.1)
CVE-2005-4798 version (kernel, not 2.6)
+CVE-2005-4790 VULNERABLE (tomboy) #252294
CVE-2005-4784 ignore (glibc) struct dirent is big enough
CVE-2005-4746 version (freeradius, fixed 1.0.5)
CVE-2005-4745 version (freeradius, fixed 1.0.5)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
16 years, 8 months