Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16700/audit
Modified Files:
fc6 fc7
Log Message:
xen issue
fedora updates
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.283
retrieving revision 1.284
diff -u -r1.283 -r1.284
--- fc6 24 Oct 2007 12:25:12 -0000 1.283
+++ fc6 29 Oct 2007 12:38:04 -0000 1.284
@@ -5,7 +5,7 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# Up to date CVE as of CVE email 20071015
-# Up to date FC6 as of 20071017
+# Up to date FC6 as of 20071025
CVE-2007-5340 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
CVE-2007-5339 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
@@ -72,6 +72,7 @@
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3920 VULNERABLE (gnome-screensaver) #350271
+CVE-2007-3919 VULNERABLE (xen)
CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675]
CVE-2007-3848 version (kernel) [since FEDORA-2007-679]
CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.154
retrieving revision 1.155
diff -u -r1.154 -r1.155
--- fc7 25 Oct 2007 07:34:05 -0000 1.154
+++ fc7 29 Oct 2007 12:38:04 -0000 1.155
@@ -6,28 +6,29 @@
# A couple of first F7 updates were marked as FEDORA-2007-0001
# Up to date CVE as of CVE email 20071015
-# Up to date FC7 as of 20071017
+# Up to date FC7 as of 20071025
CVE-2007-5626 ignore (bacula) known, documented limitation
CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #349011
CVE-2007-5623 VULNERABLE (nagios-plugins) #348731
-CVE-2007-5597 VULNERABLE (drupal, fixed 5.3)
-CVE-2007-5596 VULNERABLE (drupal, fixed 5.3)
-CVE-2007-5595 VULNERABLE (drupal, fixed 5.3)
-CVE-2007-5594 VULNERABLE (drupal, fixed 5.3)
-CVE-2007-5593 VULNERABLE (drupal, fixed 5.3)
+CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
+CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
+CVE-2007-5595 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
+CVE-2007-5594 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
+CVE-2007-5593 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
CVE-2007-5589 VULNERABLE (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6
-CVE-2007-5585 (tempest) #336331
+CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652]
+CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652]
CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe
CVE-2007-5386 VULNERABLE (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
-CVE-2007-5340 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
-CVE-2007-5339 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
-CVE-2007-5338 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
-CVE-2007-5337 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
-CVE-2007-5335 VULNERABLE (mozilla) ff 2.0.0.8, does not affect ff1.5
-CVE-2007-5334 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
-CVE-2007-5269 VULNERABLE (libpng10) update pending
-CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337461
+CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
+CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
+CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
+CVE-2007-5337 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
+CVE-2007-5335 version (mozilla) ff 2.0.0.8, does not affect ff1.5 [since FEDORA-2007-2664]
+CVE-2007-5334 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
+CVE-2007-5269 version (libpng10) [since FEDORA-2007-2521]
+CVE-2007-5269 version (libpng, fixed 1.2.21) #337461 [since FEDORA-2007-2666]
CVE-2007-5268 ignore (libpng) shipped version too old and not affected
CVE-2007-5267 ignore (libpng) shipped version too old and not affected
CVE-2007-5266 ignore (libpng) shipped version too old and not affected
@@ -140,6 +141,7 @@
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
+CVE-2007-3919 VULNERABLE (xen)
CVE-2007-3917 version (wesnoth, fixed 1.2.7) #324841 [since FEDORA-2007-2496]
CVE-2007-3848 version (kernel) [since FEDORA-2007-1785]
CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214]
@@ -169,7 +171,7 @@
CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904]
CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
CVE-2007-3543 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
-CVE-2007-3511 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
+CVE-2007-3511 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033]
CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045]
@@ -290,7 +292,7 @@
CVE-2007-2381 ignore (MochiKit) #238616
*CVE-2007-2356 ** (gimp)
*CVE-2007-2353 ** (axis)
-CVE-2007-2292 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
+CVE-2007-2292 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped.
CVE-2007-2241 backport (bind) [since FEDORA-2007-0300]
@@ -411,7 +413,7 @@
*CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
CVE-2007-1216 version (krb5, fixed 1.6-3) #231537
*CVE-2007-1103 VULNERABLE (tor) #230927
-CVE-2007-1095 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
+CVE-2007-1095 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
CVE-2007-1092 version (seamonkey, fixed 1.0.8)
CVE-2007-1055 version (mediawiki, fixed 1.8.3)
CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
@@ -431,7 +433,7 @@
CVE-2007-0996 version (seamonkey, fixed 1.0.8)
CVE-2007-0995 version (seamonkey, fixed 1.0.8)
CVE-2007-0988 version (php, fixed 5.2.1)
-CVE-2007-0981 VULNERABLE (mozilla)
+CVE-2007-0981 version (mozilla)
CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253
CVE-2007-0957 backport (krb5, fixed 1.6-3) #231528
CVE-2007-0956 backport (krb5, fixed 1.6-3) #229782