fedora-security/audit f8, 1.46, 1.47 f9, 1.41, 1.42 fc7, 1.203, 1.204
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5068/audit
Modified Files:
f8 f9 fc7
Log Message:
clamav
first set of wireshark cve ids
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- f8 18 Dec 2007 14:21:24 -0000 1.46
+++ f8 19 Dec 2007 13:59:39 -0000 1.47
@@ -32,6 +32,17 @@
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216]
+CVE-2007-6121 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6120 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6119 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6118 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6117 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6116 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6115 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6114 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6113 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6112 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6111 VULNERABLE (wireshark, fixed 0.99.7)
CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
CVE-2007-6061 VULNERABLE (audacity) #393251
@@ -59,6 +70,7 @@
CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
+CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426212
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- f9 18 Dec 2007 14:21:24 -0000 1.41
+++ f9 19 Dec 2007 13:59:39 -0000 1.42
@@ -29,6 +29,17 @@
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
CVE-2007-6183 VULNERABLE (ruby-gnome2) #405611
+CVE-2007-6121 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6120 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6119 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6118 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6117 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6116 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6115 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6114 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6113 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6112 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6111 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2)
CVE-2007-6061 VULNERABLE (audacity) #393251
@@ -55,6 +66,7 @@
CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1]
+CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426213
CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9]
@@ -111,7 +123,7 @@
CVE-2007-3919 backport (xen, fixed 3.1.0-13) #362011
CVE-2007-3844 version (firefox, fixed 2.0.0.6)
CVE-2007-3843 version (kernel) #246595 No idea which version fixed this
-CVE-2007-3568 VULNERABLE (imlib)
+CVE-2007-3568 backport (imlib) [since imlib-1.9.15-6.fc9]
CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
CVE-2007-3387 version (poppler, fixed 0.5.91) #251512
CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.203
retrieving revision 1.204
diff -u -r1.203 -r1.204
--- fc7 18 Dec 2007 14:21:24 -0000 1.203
+++ fc7 19 Dec 2007 13:59:39 -0000 1.204
@@ -32,6 +32,17 @@
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229]
+CVE-2007-6121 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6120 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6119 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6118 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6117 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6116 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6115 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6114 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6113 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6112 VULNERABLE (wireshark, fixed 0.99.7)
+CVE-2007-6111 VULNERABLE (wireshark, fixed 0.99.7)
CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
CVE-2007-6061 VULNERABLE (audacity) #393251
@@ -59,6 +70,7 @@
CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
+CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426211
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
16 years, 4 months
fedora-security/audit f8, 1.45, 1.46 f9, 1.40, 1.41 fc7, 1.202, 1.203
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1838/audit
Modified Files:
f8 f9 fc7
Log Message:
httpd xss
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- f8 18 Dec 2007 14:16:46 -0000 1.45
+++ f8 18 Dec 2007 14:21:24 -0000 1.46
@@ -97,6 +97,7 @@
CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem
CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
CVE-2007-5007 version (balsa, before 2.3.20) #297601
+CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7)
CVE-2007-4999 version (pidgin, fixed 2.2.2)
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- f9 18 Dec 2007 14:16:46 -0000 1.40
+++ f9 18 Dec 2007 14:21:24 -0000 1.41
@@ -87,6 +87,7 @@
CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
CVE-2007-5007 version (balsa, before 2.3.20) #297601
+CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7)
CVE-2007-4999 version (pidgin, fixed 2.2.2)
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364291
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.202
retrieving revision 1.203
diff -u -r1.202 -r1.203
--- fc7 18 Dec 2007 14:16:46 -0000 1.202
+++ fc7 18 Dec 2007 14:21:24 -0000 1.203
@@ -130,6 +130,7 @@
CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224]
CVE-2007-5007 version (balsa) #297601 [since FEDORA-2007-2302]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
+CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7)
CVE-2007-4999 version (pidgin, fixed 2.2.2) [since FEDORA-2007-2714]
CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368]
CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530]
16 years, 4 months
fedora-security/audit f8, 1.44, 1.45 f9, 1.39, 1.40 fc7, 1.201, 1.202
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1756/audit
Modified Files:
f8 f9 fc7
Log Message:
imlib
fedora update
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- f8 17 Dec 2007 10:49:13 -0000 1.44
+++ f8 18 Dec 2007 14:16:46 -0000 1.45
@@ -4,7 +4,7 @@
# *CVE are items that need verification for Fedora 8
# (mozilla) = (gecko-libs dependent stuff)
-# Up to date CVE as of CVE email 20071211
+# Up to date CVE as of CVE email 20071215
# Up to date F8 as of 20071212
CVE-2007-6353 VULNERABLE (exiv2) #425923
@@ -16,13 +16,13 @@
CVE-2007-6321 VULNERABLE (roundcubemail) #423291
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
-CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424931
+CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465]
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
-GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761
-GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761
-GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412761
+GENERIC-MAP-NOMATCH version (libxfcegui4) #412761 [since FEDORA-2007-4368]
+GENERIC-MAP-NOMATCH version (libxfce4util) #412761 [since FEDORA-2007-4368]
+GENERIC-MAP-NOMATCH version (xfce-panel) #412761 [since FEDORA-2007-4368]
CVE-2007-6283 VULNERABLE (bind) #423071
-CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412391
+CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170]
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
@@ -41,8 +41,8 @@
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
-CVE-2007-5969 VULNERABLE (mysql, fixed 5.0.51) #424931
-CVE-2007-5964 VULNERABLE (autofs) #409701
+CVE-2007-5969 backport (mysql, fixed 5.0.51) #424931 [since FEDORA-2007-4465]
+CVE-2007-5964 backport (autofs) #409701 [since FEDORA-2007-4532]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
@@ -53,7 +53,7 @@
CVE-2007-5934 backport (php-pear-MDB2) #379101 [since FEDORA-2007-3376]
CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379131 [since FEDORA-2007-3376]
CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379161 [since FEDORA-2007-3376]
-CVE-2007-5925 VULNERABLE (mysql, fixed 5.0.54) #424931
+CVE-2007-5925 backport (mysql, fixed 5.0.54) #424931 [since FEDORA-2007-4465]
CVE-2007-5907 VULNERABLE (xen) #390111
CVE-2007-5906 VULNERABLE (xen) #390111
CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
@@ -126,6 +126,7 @@
CVE-2007-3919 backport (xen, fixed 3.1.0-13) #361991
CVE-2007-3844 version (firefox, fixed 2.0.0.6)
CVE-2007-3843 version (kernel) #246595 No idea which version fixed this
+CVE-2007-3568 VULNERABLE (imlib)
CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
CVE-2007-3387 version (poppler, fixed 0.5.91) #251512
CVE-2007-3386 version (tomcat5) [since FEDORA-2007-3474]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- f9 17 Dec 2007 10:49:14 -0000 1.39
+++ f9 18 Dec 2007 14:16:46 -0000 1.40
@@ -7,9 +7,9 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
-CVE-2007-6353 VULNERABLE (exiv2) #425924
-CVE-2007-6352 VULNERABLE (libexif) #425641
-CVE-2007-6351 VULNERABLE (libexif) #425641
+CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9]
+CVE-2007-6352 backport (libexif) #425641 [since libexif-0.6.15-5.fc9]
+CVE-2007-6351 backport (libexif) #425641 [since libexif-0.6.15-5.fc9]
CVE-2007-6350 backport (scponly) [since scponly-4.6-8.fc9] rsync support disabled
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 VULNERABLE (dosbox) design decision
@@ -83,7 +83,7 @@
CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9]
CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901
CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367551
-CVE-2007-5116 VULNERABLE (perl) #378151
+CVE-2007-5116 backport (perl) #378151 [since perl-5.8.8-31.fc9]
CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
CVE-2007-5007 version (balsa, before 2.3.20) #297601
@@ -110,6 +110,7 @@
CVE-2007-3919 backport (xen, fixed 3.1.0-13) #362011
CVE-2007-3844 version (firefox, fixed 2.0.0.6)
CVE-2007-3843 version (kernel) #246595 No idea which version fixed this
+CVE-2007-3568 VULNERABLE (imlib)
CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
CVE-2007-3387 version (poppler, fixed 0.5.91) #251512
CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.201
retrieving revision 1.202
diff -u -r1.201 -r1.202
--- fc7 17 Dec 2007 10:49:14 -0000 1.201
+++ fc7 18 Dec 2007 14:16:46 -0000 1.202
@@ -5,7 +5,7 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 200711211
+# Up to date CVE as of CVE email 200711215
# Up to date FC7 as of 20071212
CVE-2007-6353 VULNERABLE (exiv2) #425922
@@ -17,13 +17,13 @@
CVE-2007-6321 VULNERABLE (roundcubemail) #423281
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
-CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424921
+CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471]
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
-GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751
-GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751
-GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412751
+GENERIC-MAP-NOMATCH version (libxfcegui4) #412751 [since FEDORA-2007-4385]
+GENERIC-MAP-NOMATCH version (libxfce4util) #412751 [since FEDORA-2007-4385]
+GENERIC-MAP-NOMATCH version (xfce-panel) #412751 [since FEDORA-2007-4385]
CVE-2007-6283 VULNERABLE (bind) #423061
-CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412381
+CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161]
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
@@ -41,8 +41,8 @@
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
-CVE-2007-5969 VULNERABLE (mysql, fixed 5.0.51) #424921
-CVE-2007-5964 VULNERABLE (autofs) #421351
+CVE-2007-5969 backport (mysql, fixed 5.0.51) #424921 [since FEDORA-2007-4471]
+CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
@@ -53,7 +53,7 @@
CVE-2007-5934 backport (php-pear-MDB2) #379091 [since FEDORA-2007-3369]
CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379121 [since FEDORA-2007-3369]
CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379151 [since FEDORA-2007-3369]
-CVE-2007-5925 VULNERABLE (mysql, fixed 5.0.54) #424921
+CVE-2007-5925 backport (mysql, fixed 5.0.54) #424921 [since FEDORA-2007-4471]
CVE-2007-5907 VULNERABLE (xen) #390101
CVE-2007-5906 VULNERABLE (xen) #390101
CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
@@ -263,6 +263,7 @@
CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130]
CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10)
+CVE-2007-3568 VULNERABLE (imlib)
CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445]
CVE-2007-3546 ignore (nessus-core) Windows only
CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904]
16 years, 4 months
fedora-security/audit f8, 1.43, 1.44 f9, 1.38, 1.39 fc7, 1.200, 1.201
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28883/audit
Modified Files:
f8 f9 fc7
Log Message:
scponly
fix exiv2 cve id typo
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- f8 17 Dec 2007 09:16:46 -0000 1.43
+++ f8 17 Dec 2007 10:49:13 -0000 1.44
@@ -7,9 +7,10 @@
# Up to date CVE as of CVE email 20071211
# Up to date F8 as of 20071212
-CVE-2007-6352 VULNERABLE (exiv2) #425923
+CVE-2007-6353 VULNERABLE (exiv2) #425923
CVE-2007-6352 VULNERABLE (libexif) #425631
CVE-2007-6351 VULNERABLE (libexif) #425631
+CVE-2007-6350 VULNERABLE (scponly) rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 VULNERABLE (dosbox) design decision
CVE-2007-6321 VULNERABLE (roundcubemail) #423291
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- f9 17 Dec 2007 09:16:46 -0000 1.38
+++ f9 17 Dec 2007 10:49:14 -0000 1.39
@@ -7,9 +7,10 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
-CVE-2007-6352 VULNERABLE (exiv2) #425924
+CVE-2007-6353 VULNERABLE (exiv2) #425924
CVE-2007-6352 VULNERABLE (libexif) #425641
CVE-2007-6351 VULNERABLE (libexif) #425641
+CVE-2007-6350 backport (scponly) [since scponly-4.6-8.fc9] rsync support disabled
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 VULNERABLE (dosbox) design decision
CVE-2007-6321 VULNERABLE (roundcubemail) #423301
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.200
retrieving revision 1.201
diff -u -r1.200 -r1.201
--- fc7 17 Dec 2007 09:16:46 -0000 1.200
+++ fc7 17 Dec 2007 10:49:14 -0000 1.201
@@ -8,9 +8,10 @@
# Up to date CVE as of CVE email 200711211
# Up to date FC7 as of 20071212
-CVE-2007-6352 VULNERABLE (exiv2) #425922
+CVE-2007-6353 VULNERABLE (exiv2) #425922
CVE-2007-6352 VULNERABLE (libexif) #425621
CVE-2007-6351 VULNERABLE (libexif) #425621
+CVE-2007-6350 VULNERABLE (scponly) rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 VULNERABLE (dosbox) design decision
CVE-2007-6321 VULNERABLE (roundcubemail) #423281
16 years, 4 months
fedora-security/audit f8, 1.42, 1.43 f9, 1.37, 1.38 fc7, 1.199, 1.200
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20201/audit
Modified Files:
f8 f9 fc7
Log Message:
dosbox, e2fsprogs, squirrelmail, libexif, exiv2
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- f8 14 Dec 2007 13:55:49 -0000 1.42
+++ f8 17 Dec 2007 09:16:46 -0000 1.43
@@ -7,7 +7,12 @@
# Up to date CVE as of CVE email 20071211
# Up to date F8 as of 20071212
-CVE-2007-6321 VULENERABLE (roundcubemail) #423291
+CVE-2007-6352 VULNERABLE (exiv2) #425923
+CVE-2007-6352 VULNERABLE (libexif) #425631
+CVE-2007-6351 VULNERABLE (libexif) #425631
+CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
+CVE-2007-6328 VULNERABLE (dosbox) design decision
+CVE-2007-6321 VULNERABLE (roundcubemail) #423291
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424931
@@ -64,6 +69,7 @@
CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-3636]
CVE-2007-5501 version (kernel) [since FEDORA-2007-3837]
CVE-2007-5500 version (kernel) [since FEDORA-2007-3837]
+CVE-2007-5497 VULNERABLE (e2fsprogs) #414581
CVE-2007-5461 version (tomcat5) #363001 [since FEDORA-2007-3474]
CVE-2007-5398 version (samba) [since FEDORA-2007-3403]
CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- f9 14 Dec 2007 13:55:49 -0000 1.37
+++ f9 17 Dec 2007 09:16:46 -0000 1.38
@@ -7,7 +7,12 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
-CVE-2007-6321 VULENERABLE (roundcubemail) #423301
+CVE-2007-6352 VULNERABLE (exiv2) #425924
+CVE-2007-6352 VULNERABLE (libexif) #425641
+CVE-2007-6351 VULNERABLE (libexif) #425641
+CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
+CVE-2007-6328 VULNERABLE (dosbox) design decision
+CVE-2007-6321 VULNERABLE (roundcubemail) #423301
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9]
@@ -33,7 +38,7 @@
CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
CVE-2007-5969 backport (mysql, fixed 5.0.51) [since mysql-5.0.45-6.fc9]
-CVE-2007-5964 VULNERABLE (autofs) #421371
+CVE-2007-5964 backport (autofs) #421371 [since autofs-5.0.2-21]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
@@ -57,6 +62,7 @@
CVE-2007-5624 version (nagios, fixed 2.10) #362811 [since nagios-2.10-3.fc9]
CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731
CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
+CVE-2007-5497 backport (e2fsprogs) #414591 [since e2fsprogs-1.40.2-14.fc9]
CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531
CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9]
CVE-2007-5393 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.199
retrieving revision 1.200
diff -u -r1.199 -r1.200
--- fc7 14 Dec 2007 13:55:49 -0000 1.199
+++ fc7 17 Dec 2007 09:16:46 -0000 1.200
@@ -8,7 +8,12 @@
# Up to date CVE as of CVE email 200711211
# Up to date FC7 as of 20071212
-CVE-2007-6321 VULENERABLE (roundcubemail) #423281
+CVE-2007-6352 VULNERABLE (exiv2) #425922
+CVE-2007-6352 VULNERABLE (libexif) #425621
+CVE-2007-6351 VULNERABLE (libexif) #425621
+CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
+CVE-2007-6328 VULNERABLE (dosbox) design decision
+CVE-2007-6321 VULNERABLE (roundcubemail) #423281
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424921
@@ -74,6 +79,7 @@
CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652]
CVE-2007-5501 version (kernel) [since FEDORA-2007-3751]
CVE-2007-5500 version (kernel) [since FEDORA-2007-3751]
+CVE-2007-5497 VULNERABLE (e2fsprogs) #414571
CVE-2007-5461 version (tomcat5) #334511 [since FEDORA-2007-3456]
CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe
CVE-2007-5398 version (samba) [since FEDORA-2007-3402]
16 years, 4 months
fedora-security/audit f8, 1.41, 1.42 f9, 1.36, 1.37 fc7, 1.198, 1.199
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29581/audit
Modified Files:
f8 f9 fc7
Log Message:
mysql cleanup
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- f8 13 Dec 2007 12:41:06 -0000 1.41
+++ f8 14 Dec 2007 13:55:49 -0000 1.42
@@ -9,6 +9,8 @@
CVE-2007-6321 VULENERABLE (roundcubemail) #423291
CVE-2007-6318 VULNERABLE (wordpress)
+CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
+CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424931
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761
GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761
@@ -32,6 +34,8 @@
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
+CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
+CVE-2007-5969 VULNERABLE (mysql, fixed 5.0.51) #424931
CVE-2007-5964 VULNERABLE (autofs) #409701
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
@@ -43,7 +47,7 @@
CVE-2007-5934 backport (php-pear-MDB2) #379101 [since FEDORA-2007-3376]
CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379131 [since FEDORA-2007-3376]
CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379161 [since FEDORA-2007-3376]
-CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql.
+CVE-2007-5925 VULNERABLE (mysql, fixed 5.0.54) #424931
CVE-2007-5907 VULNERABLE (xen) #390111
CVE-2007-5906 VULNERABLE (xen) #390111
CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- f9 13 Dec 2007 12:41:06 -0000 1.36
+++ f9 14 Dec 2007 13:55:49 -0000 1.37
@@ -9,6 +9,8 @@
CVE-2007-6321 VULENERABLE (roundcubemail) #423301
CVE-2007-6318 VULNERABLE (wordpress)
+CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
+CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9]
CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031
CVE-2007-6283 VULNERABLE (bind) #423081
CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9]
@@ -29,6 +31,8 @@
CVE-2007-6013 VULNERABLE (wordpress)
CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
+CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
+CVE-2007-5969 backport (mysql, fixed 5.0.51) [since mysql-5.0.45-6.fc9]
CVE-2007-5964 VULNERABLE (autofs) #421371
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
@@ -39,7 +43,7 @@
CVE-2007-5934 version (php-pear-MDB2) #379111 [since php-pear-MDB2-2.4.1-2.fc9]
CVE-2007-5934 version (php-pear-MDB2-Driver-mysql) #379141 [since php-pear-MDB2-Driver-mysql-1.4.1-3.fc9]
CVE-2007-5934 version (php-pear-MDB2-Driver-mysqli) #379171 [since php-pear-MDB2-Driver-mysqli-1.4.1-3.fc9]
-CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql.
+CVE-2007-5925 backport (mysql, fixed 5.0.54) [since mysql-5.0.45-6.fc9]
CVE-2007-5907 VULNERABLE (xen) #390121
CVE-2007-5906 VULNERABLE (xen) #390121
CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.198
retrieving revision 1.199
diff -u -r1.198 -r1.199
--- fc7 13 Dec 2007 12:41:06 -0000 1.198
+++ fc7 14 Dec 2007 13:55:49 -0000 1.199
@@ -10,6 +10,8 @@
CVE-2007-6321 VULENERABLE (roundcubemail) #423281
CVE-2007-6318 VULNERABLE (wordpress)
+CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
+CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424921
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751
GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751
@@ -22,7 +24,6 @@
CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
-CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229]
CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
@@ -33,6 +34,8 @@
CVE-2007-6013 VULNERABLE (wordpress)
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
+CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
+CVE-2007-5969 VULNERABLE (mysql, fixed 5.0.51) #424921
CVE-2007-5964 VULNERABLE (autofs) #421351
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
@@ -44,7 +47,7 @@
CVE-2007-5934 backport (php-pear-MDB2) #379091 [since FEDORA-2007-3369]
CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379121 [since FEDORA-2007-3369]
CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379151 [since FEDORA-2007-3369]
-CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql.
+CVE-2007-5925 VULNERABLE (mysql, fixed 5.0.54) #424921
CVE-2007-5907 VULNERABLE (xen) #390101
CVE-2007-5906 VULNERABLE (xen) #390101
CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
@@ -239,8 +242,8 @@
CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699]
CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700]
CVE-2007-3799 ** (php)
-CVE-2007-3781 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
CVE-2007-3782 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
+CVE-2007-3781 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
CVE-2007-3780 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620]
CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138]
@@ -350,6 +353,9 @@
CVE-2007-2756 ignore (gd) DoS only
CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033]
CVE-2007-2721 backport (jasper, fixed 1.900.1-2) #240397
+CVE-2007-2693 ignore (mysql, fixed 5.1.18) mysql 5.1+ only, requires partitioning
+CVE-2007-2692 version (mysql, fixed 5.0.45) [since FEDORA-2007-1197]
+CVE-2007-2691 version (mysql, fixed 5.0.45) [since FEDORA-2007-1197]
CVE-2007-2683 backport (mutt)
CVE-2007-2654 version (xfsdump) #240396
CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154]
@@ -357,7 +363,7 @@
*CVE-2007-2637 backport (moin, fixed 1.5.7-2)
CVE-2007-2627 version (wordpress, fixed 2.2.1) #239904 [since FEDORA-2007-0894]
*CVE-2007-2589 ** (squirrelmail)
-*CVE-2007-2583 ** (mysql)
+CVE-2007-2583 version (mysql, fixed 5.0.41)
CVE-2007-2519 ignore (php-pear) no trust boundary is crossed
CVE-2007-2511 ignore (php) #239011 see the bug
CVE-2007-2510 version (php, fixed 5.2.2)
16 years, 4 months
fedora-security/tools get-bodhi-update, NONE, 1.1.2.1
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12955
Added Files:
Tag: lkundrak-tools-ng
get-bodhi-update
Log Message:
We can talk to bodhi now
***** Error reading new file: [Errno 2] No such file or directory: 'get-bodhi-update'
16 years, 4 months
fedora-security/audit f8, 1.40, 1.41 f9, 1.35, 1.36 fc7, 1.197, 1.198
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6435/audit
Modified Files:
f8 f9 fc7
Log Message:
bind, roundcubemail
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- f8 12 Dec 2007 13:31:37 -0000 1.40
+++ f8 13 Dec 2007 12:41:06 -0000 1.41
@@ -4,14 +4,16 @@
# *CVE are items that need verification for Fedora 8
# (mozilla) = (gecko-libs dependent stuff)
-# Up to date CVE as of CVE email 20071030
-# Up to date F8 as of 20071029
+# Up to date CVE as of CVE email 20071211
+# Up to date F8 as of 20071212
+CVE-2007-6321 VULENERABLE (roundcubemail) #423291
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761
GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761
GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412761
+CVE-2007-6283 VULNERABLE (bind) #423071
CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412391
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- f9 12 Dec 2007 13:31:37 -0000 1.35
+++ f9 13 Dec 2007 12:41:06 -0000 1.36
@@ -4,11 +4,13 @@
# *CVE are items that need verification for Fedora 9
# (mozilla) = (gecko-libs dependent stuff)
-# Up to date CVE as of CVE email 20071030
+# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
+CVE-2007-6321 VULENERABLE (roundcubemail) #423301
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031
+CVE-2007-6283 VULNERABLE (bind) #423081
CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9]
CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.197
retrieving revision 1.198
diff -u -r1.197 -r1.198
--- fc7 12 Dec 2007 13:31:37 -0000 1.197
+++ fc7 13 Dec 2007 12:41:06 -0000 1.198
@@ -5,14 +5,16 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20071030
-# Up to date FC7 as of 20071029
+# Up to date CVE as of CVE email 200711211
+# Up to date FC7 as of 20071212
+CVE-2007-6321 VULENERABLE (roundcubemail) #423281
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751
GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751
GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412751
+CVE-2007-6283 VULNERABLE (bind) #423061
CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412381
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
16 years, 4 months
fedora-security/audit f8, 1.39, 1.40 f9, 1.34, 1.35 fc7, 1.196, 1.197
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25199/audit
Modified Files:
f8 f9 fc7
Log Message:
autofs
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- f8 12 Dec 2007 10:26:57 -0000 1.39
+++ f8 12 Dec 2007 13:31:37 -0000 1.40
@@ -30,6 +30,7 @@
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
+CVE-2007-5964 VULNERABLE (autofs) #409701
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- f9 12 Dec 2007 10:26:57 -0000 1.34
+++ f9 12 Dec 2007 13:31:37 -0000 1.35
@@ -27,6 +27,7 @@
CVE-2007-6013 VULNERABLE (wordpress)
CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
+CVE-2007-5964 VULNERABLE (autofs) #421371
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.196
retrieving revision 1.197
diff -u -r1.196 -r1.197
--- fc7 12 Dec 2007 10:26:57 -0000 1.196
+++ fc7 12 Dec 2007 13:31:37 -0000 1.197
@@ -31,6 +31,7 @@
CVE-2007-6013 VULNERABLE (wordpress)
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
+CVE-2007-5964 VULNERABLE (autofs) #421351
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
16 years, 4 months
fedora-security/audit f8, 1.38, 1.39 f9, 1.33, 1.34 fc7, 1.195, 1.196
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27199/audit
Modified Files:
f8 f9 fc7
Log Message:
fedora updates
wordpress
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -r1.38 -r1.39
--- f8 10 Dec 2007 19:23:30 -0000 1.38
+++ f8 12 Dec 2007 10:26:57 -0000 1.39
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20071030
# Up to date F8 as of 20071029
+CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761
GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761
@@ -24,7 +25,8 @@
CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
CVE-2007-6061 VULNERABLE (audacity) #393251
-CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28)
+CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275]
+CVE-2007-6013 VULNERABLE (wordpress)
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
@@ -116,6 +118,7 @@
CVE-2007-3385 version (tomcat5) [since FEDORA-2007-3474]
CVE-2007-3382 version (tomcat5) [since FEDORA-2007-3474]
CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
+CVE-2007-2807 backport (eggdrop) [since FEDORA-2007-4305]
CVE-2007-2450 version (tomcat5) #363081 [since FEDORA-2007-3474]
CVE-2007-2449 version (tomcat5) #363081 [since FEDORA-2007-3474]
CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
@@ -135,7 +138,7 @@
CVE-2007-0653 backport (xmms) #233705 -//-
CVE-2007-0537 version (kdebase, fixed 3.5.6) #225420
CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage
-CVE-2007-0095 ignore (phpMyAdmin) #221694 "Reveals path"
+CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since FEDORA-2007-4334]
CVE-2006-6698 VULNERABLE (GConf2) #219280
CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB
CVE-2006-6107 version (dbus, fixed 1.0.2) #219665
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- f9 10 Dec 2007 19:23:30 -0000 1.33
+++ f9 12 Dec 2007 10:26:57 -0000 1.34
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20071030
# Up to date F9 as of 20071029
+CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031
CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9]
CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9]
@@ -23,6 +24,7 @@
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9]
CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28)
+CVE-2007-6013 VULNERABLE (wordpress)
CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
@@ -114,7 +116,7 @@
CVE-2007-0653 backport (xmms) #233705 -//-
CVE-2007-0537 version (kdebase, fixed 3.5.6) #225420
CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage
-CVE-2007-0095 ignore (phpMyAdmin) #221694 "Reveals path"
+CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since phpMyAdmin-2.11.3-1.fc9]
CVE-2006-6698 VULNERABLE (GConf2) #219280
CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB
CVE-2006-6107 version (dbus, fixed 1.0.2) #219665
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.195
retrieving revision 1.196
diff -u -r1.195 -r1.196
--- fc7 10 Dec 2007 19:23:30 -0000 1.195
+++ fc7 12 Dec 2007 10:26:57 -0000 1.196
@@ -8,6 +8,7 @@
# Up to date CVE as of CVE email 20071030
# Up to date FC7 as of 20071029
+CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751
GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751
@@ -26,7 +27,8 @@
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
-CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28)
+CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269]
+CVE-2007-6013 VULNERABLE (wordpress)
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
@@ -119,7 +121,7 @@
CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368]
CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530]
CVE-2007-4993 backport (xen) [since FEDORA-2007-2270]
-CVE-2007-4990 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373331
+CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) #373331 [since FEDORA-2007-4263]
CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236]
CVE-2007-4965 backport (python) imageop module heap overflow [since FEDORA-2007-2663]
CVE-2007-4924 version (opal, fixed 2.2.10) #297551 [since FEDORA-2007-2245]
@@ -157,7 +159,7 @@
CVE-2007-4572 version (samba) [since FEDORA-2007-3402]
CVE-2007-4571 version (kernel) [since FEDORA-2007-2349]
CVE-2007-4569 backport (kdebase) #299731 [since FEDORA-2007-2361]
-CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373261
+CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) #373261 [since FEDORA-2007-4263]
CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
@@ -337,6 +339,7 @@
CVE-2007-2843 ignore (konqueror) safari specific
CVE-2007-2834 backport (openoffice.org, fixed 2.3) #293361 [since FEDORA-2007-2372]
CVE-2007-2821 version (wordpress, fixed 2.2) #245211 [since FEDORA-2007-0894]
+CVE-2007-2807 backport (eggdrop) [since FEDORA-2007-4325]
CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-0836]
CVE-2007-2798 version (krb5, fixed 1.6.1) [since FEDORA-2007-0740]
CVE-2007-2797 version (xterm) fixed in fc5 and fc6 before f7 release
@@ -602,7 +605,7 @@
CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101
CVE-2007-0104 ignore (poppler) only client DoS
CVE-2007-0104 ignore (kdegraphics) only client DoS
-CVE-2007-0095 version (phpMyAdmin) #221694
+CVE-2007-0095 backport (phpMyAdmin) #221694 [since FEDORA-2007-4298]
CVE-2007-0086 ignore (apache) not a security issue
*CVE-2007-0080 ** (freeradius)
*CVE-2007-0010 ** (gtk2)
16 years, 4 months