Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4724/audit
Modified Files:
f8 f9 fc7
Log Message:
add htdig, ruby-gnome2
fedora updates
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- f8 27 Nov 2007 15:14:08 -0000 1.28
+++ f8 30 Nov 2007 12:18:11 -0000 1.29
@@ -7,11 +7,16 @@
# Up to date CVE as of CVE email 20071030
# Up to date F8 as of 20071029
+CVE-2007-6183 VULNERABLE (ruby-gnome2) #405601
+CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
+CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
+CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
+CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows
CVE-2007-5936 backport (tetex) #379861 [since FEDORA-2007-3308] dviljk uses insecure temporary file
@@ -26,6 +31,7 @@
CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
+CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8)
CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788]
CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
CVE-2007-5707 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
@@ -137,7 +143,7 @@
CVE-2006-0987 ignore (bind) example config file only
CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253
CVE-2005-4809 ignore (firefox) Status bar can be modified anyways
-CVE-2005-4791 VULNERABLE (liferea) #393301
+CVE-2005-4791 version (liferea, fixed 1.4.8) #393301 [since FEDORA-2007-3701]
CVE-2005-4790 backport (blam, fixed 1.8.4) #395761 [since FEDORA-2007-3798]
CVE-2005-4790 backport (tomboy) #362951 [since FEDORA-2007-3253]
CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- f9 27 Nov 2007 15:14:08 -0000 1.24
+++ f9 30 Nov 2007 12:18:11 -0000 1.25
@@ -7,11 +7,16 @@
# Up to date CVE as of CVE email 20071030
# Up to date F9 as of 20071029
+CVE-2007-6183 VULNERABLE (ruby-gnome2) #405611
+CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2)
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9]
CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
+CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
+CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
+CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9]
CVE-2007-5936 backport (tetex) #379851 dviljk uses insecure temporary file [since tetex-3.0-48.fc9]
CVE-2007-5935 backport (tetex) #379851 dvips -z buffer overflow with long href [since tetex-3.0-48.fc9]
@@ -25,6 +30,7 @@
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1]
CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9]
+CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8)
CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9]
CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
@@ -121,8 +127,8 @@
CVE-2006-0987 ignore (bind) example config file only
CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253
CVE-2005-4809 ignore (firefox) Status bar can be modified anyways
-CVE-2005-4791 VULNERABLE (liferea) #393311
-CVE-2005-4790 VULNERABLE (blam, fixed 1.8.4) #395771
+CVE-2005-4791 version (liferea, fixed 1.4.8) #393311 [since liferea-1.4.8-1.fc9]
+CVE-2005-4790 backport (blam, fixed 1.8.4) #395771 [since blam-1.8.3-11.fc9]
CVE-2005-4790 backport (tomboy) #362961 [since tomboy-0.8.1-2.fc9]
CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness
CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.185
retrieving revision 1.186
diff -u -r1.185 -r1.186
--- fc7 27 Nov 2007 11:37:56 -0000 1.185
+++ fc7 30 Nov 2007 12:18:11 -0000 1.186
@@ -8,11 +8,16 @@
# Up to date CVE as of CVE email 20071030
# Up to date FC7 as of 20071029
+CVE-2007-6183 VULNERABLE (ruby-gnome2) #405591
+CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
+CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
+CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
+CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows
CVE-2007-5936 backport (tetex) #379831 [since FEDORA-2007-3390] dviljk uses insecure temporary file
@@ -27,6 +32,7 @@
CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
+CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8)
CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
CVE-2007-5715 backport (denyhosts) fixed long ago
CVE-2007-5712 version (Django, fixed 0.96.1) #362761 [since FEDORA-2007-3157]
@@ -1387,7 +1393,7 @@
CVE-2006-0019 version (kdelibs, fixed 3.5.1)
*CVE-2006-0017 ** (fedora-ds-base) Publish CVE!
*CVE-2006-0016 ** (fedora-ds-base) Publish CVE!
-CVE-2005-4791 VULNERABLE (liferea) #393291
+CVE-2005-4791 version (liferea, fixed 1.2.8) #393291 [since FEDORA-2007-3733]
*CVE-2005-4838 ** (tomcat)
CVE-2005-4837 version (net-snmp, fixed 5.2.2)
*CVE-2005-4836 ** (tomcat)