December 2007 - security-commits - Fedora Mailing-Lists

fedora-security/audit f8, 1.46, 1.47 f9, 1.41, 1.42 fc7, 1.203, 1.204

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5068/audit Modified Files: f8 f9 fc7 Log Message: clamav first set of wireshark cve ids Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.46 retrieving revision 1.47 diff -u -r1.46 -r1.47 --- f8 18 Dec 2007 14:21:24 -0000 1.46 +++ f8 19 Dec 2007 13:59:39 -0000 1.47 @@ -32,6 +32,17 @@ CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216] +CVE-2007-6121 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6120 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6119 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6118 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6117 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6116 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6115 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6114 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6113 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6112 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6111 VULNERABLE (wireshark, fixed 0.99.7) CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6061 VULNERABLE (audacity) #393251 @@ -59,6 +70,7 @@ CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 +CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426212 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- f9 18 Dec 2007 14:21:24 -0000 1.41 +++ f9 19 Dec 2007 13:59:39 -0000 1.42 @@ -29,6 +29,17 @@ CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] CVE-2007-6183 VULNERABLE (ruby-gnome2) #405611 +CVE-2007-6121 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6120 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6119 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6118 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6117 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6116 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6115 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6114 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6113 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6112 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6111 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) CVE-2007-6061 VULNERABLE (audacity) #393251 @@ -55,6 +66,7 @@ CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] +CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426213 CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9] @@ -111,7 +123,7 @@ CVE-2007-3919 backport (xen, fixed 3.1.0-13) #362011 CVE-2007-3844 version (firefox, fixed 2.0.0.6) CVE-2007-3843 version (kernel) #246595 No idea which version fixed this -CVE-2007-3568 VULNERABLE (imlib) +CVE-2007-3568 backport (imlib) [since imlib-1.9.15-6.fc9] CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.203 retrieving revision 1.204 diff -u -r1.203 -r1.204 --- fc7 18 Dec 2007 14:21:24 -0000 1.203 +++ fc7 19 Dec 2007 13:59:39 -0000 1.204 @@ -32,6 +32,17 @@ CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229] +CVE-2007-6121 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6120 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6119 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6118 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6117 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6116 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6115 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6114 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6113 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6112 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6111 VULNERABLE (wireshark, fixed 0.99.7) CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] CVE-2007-6061 VULNERABLE (audacity) #393251 @@ -59,6 +70,7 @@ CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019] CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056] CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] +CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426211 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.45, 1.46 f9, 1.40, 1.41 fc7, 1.202, 1.203

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1838/audit Modified Files: f8 f9 fc7 Log Message: httpd xss Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- f8 18 Dec 2007 14:16:46 -0000 1.45 +++ f8 18 Dec 2007 14:21:24 -0000 1.46 @@ -97,6 +97,7 @@ CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 +CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.40 retrieving revision 1.41 diff -u -r1.40 -r1.41 --- f9 18 Dec 2007 14:16:46 -0000 1.40 +++ f9 18 Dec 2007 14:21:24 -0000 1.41 @@ -87,6 +87,7 @@ CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 +CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364291 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.202 retrieving revision 1.203 diff -u -r1.202 -r1.203 --- fc7 18 Dec 2007 14:16:46 -0000 1.202 +++ fc7 18 Dec 2007 14:21:24 -0000 1.203 @@ -130,6 +130,7 @@ CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224] CVE-2007-5007 version (balsa) #297601 [since FEDORA-2007-2302] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 +CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) CVE-2007-4999 version (pidgin, fixed 2.2.2) [since FEDORA-2007-2714] CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368] CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530]

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.44, 1.45 f9, 1.39, 1.40 fc7, 1.201, 1.202

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1756/audit Modified Files: f8 f9 fc7 Log Message: imlib fedora update Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- f8 17 Dec 2007 10:49:13 -0000 1.44 +++ f8 18 Dec 2007 14:16:46 -0000 1.45 @@ -4,7 +4,7 @@ # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) -# Up to date CVE as of CVE email 20071211 +# Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20071212 CVE-2007-6353 VULNERABLE (exiv2) #425923 @@ -16,13 +16,13 @@ CVE-2007-6321 VULNERABLE (roundcubemail) #423291 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built -CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424931 +CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 -GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761 -GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761 -GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412761 +GENERIC-MAP-NOMATCH version (libxfcegui4) #412761 [since FEDORA-2007-4368] +GENERIC-MAP-NOMATCH version (libxfce4util) #412761 [since FEDORA-2007-4368] +GENERIC-MAP-NOMATCH version (xfce-panel) #412761 [since FEDORA-2007-4368] CVE-2007-6283 VULNERABLE (bind) #423071 -CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412391 +CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176] CVE-2007-6209 ignore (zsh) #409871 We don't ship the script CVE-2007-6208 ignore (claws) We don't ship the script @@ -41,8 +41,8 @@ CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning -CVE-2007-5969 VULNERABLE (mysql, fixed 5.0.51) #424931 -CVE-2007-5964 VULNERABLE (autofs) #409701 +CVE-2007-5969 backport (mysql, fixed 5.0.51) #424931 [since FEDORA-2007-4465] +CVE-2007-5964 backport (autofs) #409701 [since FEDORA-2007-4532] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] @@ -53,7 +53,7 @@ CVE-2007-5934 backport (php-pear-MDB2) #379101 [since FEDORA-2007-3376] CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379131 [since FEDORA-2007-3376] CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379161 [since FEDORA-2007-3376] -CVE-2007-5925 VULNERABLE (mysql, fixed 5.0.54) #424931 +CVE-2007-5925 backport (mysql, fixed 5.0.54) #424931 [since FEDORA-2007-4465] CVE-2007-5907 VULNERABLE (xen) #390111 CVE-2007-5906 VULNERABLE (xen) #390111 CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] @@ -126,6 +126,7 @@ CVE-2007-3919 backport (xen, fixed 3.1.0-13) #361991 CVE-2007-3844 version (firefox, fixed 2.0.0.6) CVE-2007-3843 version (kernel) #246595 No idea which version fixed this +CVE-2007-3568 VULNERABLE (imlib) CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 CVE-2007-3386 version (tomcat5) [since FEDORA-2007-3474] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.39 retrieving revision 1.40 diff -u -r1.39 -r1.40 --- f9 17 Dec 2007 10:49:14 -0000 1.39 +++ f9 18 Dec 2007 14:16:46 -0000 1.40 @@ -7,9 +7,9 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 -CVE-2007-6353 VULNERABLE (exiv2) #425924 -CVE-2007-6352 VULNERABLE (libexif) #425641 -CVE-2007-6351 VULNERABLE (libexif) #425641 +CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9] +CVE-2007-6352 backport (libexif) #425641 [since libexif-0.6.15-5.fc9] +CVE-2007-6351 backport (libexif) #425641 [since libexif-0.6.15-5.fc9] CVE-2007-6350 backport (scponly) [since scponly-4.6-8.fc9] rsync support disabled CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 VULNERABLE (dosbox) design decision @@ -83,7 +83,7 @@ CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9] CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901 CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367551 -CVE-2007-5116 VULNERABLE (perl) #378151 +CVE-2007-5116 backport (perl) #378151 [since perl-5.8.8-31.fc9] CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 @@ -110,6 +110,7 @@ CVE-2007-3919 backport (xen, fixed 3.1.0-13) #362011 CVE-2007-3844 version (firefox, fixed 2.0.0.6) CVE-2007-3843 version (kernel) #246595 No idea which version fixed this +CVE-2007-3568 VULNERABLE (imlib) CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.201 retrieving revision 1.202 diff -u -r1.201 -r1.202 --- fc7 17 Dec 2007 10:49:14 -0000 1.201 +++ fc7 18 Dec 2007 14:16:46 -0000 1.202 @@ -5,7 +5,7 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Up to date CVE as of CVE email 200711211 +# Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20071212 CVE-2007-6353 VULNERABLE (exiv2) #425922 @@ -17,13 +17,13 @@ CVE-2007-6321 VULNERABLE (roundcubemail) #423281 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built -CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424921 +CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 -GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751 -GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751 -GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412751 +GENERIC-MAP-NOMATCH version (libxfcegui4) #412751 [since FEDORA-2007-4385] +GENERIC-MAP-NOMATCH version (libxfce4util) #412751 [since FEDORA-2007-4385] +GENERIC-MAP-NOMATCH version (xfce-panel) #412751 [since FEDORA-2007-4385] CVE-2007-6283 VULNERABLE (bind) #423061 -CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412381 +CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160] CVE-2007-6209 ignore (zsh) #409871 We don't ship the script CVE-2007-6208 ignore (claws) We don't ship the script @@ -41,8 +41,8 @@ CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning -CVE-2007-5969 VULNERABLE (mysql, fixed 5.0.51) #424921 -CVE-2007-5964 VULNERABLE (autofs) #421351 +CVE-2007-5969 backport (mysql, fixed 5.0.51) #424921 [since FEDORA-2007-4471] +CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] @@ -53,7 +53,7 @@ CVE-2007-5934 backport (php-pear-MDB2) #379091 [since FEDORA-2007-3369] CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379121 [since FEDORA-2007-3369] CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379151 [since FEDORA-2007-3369] -CVE-2007-5925 VULNERABLE (mysql, fixed 5.0.54) #424921 +CVE-2007-5925 backport (mysql, fixed 5.0.54) #424921 [since FEDORA-2007-4471] CVE-2007-5907 VULNERABLE (xen) #390101 CVE-2007-5906 VULNERABLE (xen) #390101 CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019] @@ -263,6 +263,7 @@ CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130] CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) +CVE-2007-3568 VULNERABLE (imlib) CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445] CVE-2007-3546 ignore (nessus-core) Windows only CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904]

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.43, 1.44 f9, 1.38, 1.39 fc7, 1.200, 1.201

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28883/audit Modified Files: f8 f9 fc7 Log Message: scponly fix exiv2 cve id typo Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- f8 17 Dec 2007 09:16:46 -0000 1.43 +++ f8 17 Dec 2007 10:49:13 -0000 1.44 @@ -7,9 +7,10 @@ # Up to date CVE as of CVE email 20071211 # Up to date F8 as of 20071212 -CVE-2007-6352 VULNERABLE (exiv2) #425923 +CVE-2007-6353 VULNERABLE (exiv2) #425923 CVE-2007-6352 VULNERABLE (libexif) #425631 CVE-2007-6351 VULNERABLE (libexif) #425631 +CVE-2007-6350 VULNERABLE (scponly) rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 VULNERABLE (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423291 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.38 retrieving revision 1.39 diff -u -r1.38 -r1.39 --- f9 17 Dec 2007 09:16:46 -0000 1.38 +++ f9 17 Dec 2007 10:49:14 -0000 1.39 @@ -7,9 +7,10 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 -CVE-2007-6352 VULNERABLE (exiv2) #425924 +CVE-2007-6353 VULNERABLE (exiv2) #425924 CVE-2007-6352 VULNERABLE (libexif) #425641 CVE-2007-6351 VULNERABLE (libexif) #425641 +CVE-2007-6350 backport (scponly) [since scponly-4.6-8.fc9] rsync support disabled CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 VULNERABLE (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423301 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.200 retrieving revision 1.201 diff -u -r1.200 -r1.201 --- fc7 17 Dec 2007 09:16:46 -0000 1.200 +++ fc7 17 Dec 2007 10:49:14 -0000 1.201 @@ -8,9 +8,10 @@ # Up to date CVE as of CVE email 200711211 # Up to date FC7 as of 20071212 -CVE-2007-6352 VULNERABLE (exiv2) #425922 +CVE-2007-6353 VULNERABLE (exiv2) #425922 CVE-2007-6352 VULNERABLE (libexif) #425621 CVE-2007-6351 VULNERABLE (libexif) #425621 +CVE-2007-6350 VULNERABLE (scponly) rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 VULNERABLE (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423281

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.42, 1.43 f9, 1.37, 1.38 fc7, 1.199, 1.200

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20201/audit Modified Files: f8 f9 fc7 Log Message: dosbox, e2fsprogs, squirrelmail, libexif, exiv2 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- f8 14 Dec 2007 13:55:49 -0000 1.42 +++ f8 17 Dec 2007 09:16:46 -0000 1.43 @@ -7,7 +7,12 @@ # Up to date CVE as of CVE email 20071211 # Up to date F8 as of 20071212 -CVE-2007-6321 VULENERABLE (roundcubemail) #423291 +CVE-2007-6352 VULNERABLE (exiv2) #425923 +CVE-2007-6352 VULNERABLE (libexif) #425631 +CVE-2007-6351 VULNERABLE (libexif) #425631 +CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped +CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6321 VULNERABLE (roundcubemail) #423291 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424931 @@ -64,6 +69,7 @@ CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-3636] CVE-2007-5501 version (kernel) [since FEDORA-2007-3837] CVE-2007-5500 version (kernel) [since FEDORA-2007-3837] +CVE-2007-5497 VULNERABLE (e2fsprogs) #414581 CVE-2007-5461 version (tomcat5) #363001 [since FEDORA-2007-3474] CVE-2007-5398 version (samba) [since FEDORA-2007-3403] CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- f9 14 Dec 2007 13:55:49 -0000 1.37 +++ f9 17 Dec 2007 09:16:46 -0000 1.38 @@ -7,7 +7,12 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 -CVE-2007-6321 VULENERABLE (roundcubemail) #423301 +CVE-2007-6352 VULNERABLE (exiv2) #425924 +CVE-2007-6352 VULNERABLE (libexif) #425641 +CVE-2007-6351 VULNERABLE (libexif) #425641 +CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped +CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6321 VULNERABLE (roundcubemail) #423301 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9] @@ -33,7 +38,7 @@ CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning CVE-2007-5969 backport (mysql, fixed 5.0.51) [since mysql-5.0.45-6.fc9] -CVE-2007-5964 VULNERABLE (autofs) #421371 +CVE-2007-5964 backport (autofs) #421371 [since autofs-5.0.2-21] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) @@ -57,6 +62,7 @@ CVE-2007-5624 version (nagios, fixed 2.10) #362811 [since nagios-2.10-3.fc9] CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 +CVE-2007-5497 backport (e2fsprogs) #414591 [since e2fsprogs-1.40.2-14.fc9] CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531 CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9] CVE-2007-5393 backport (xpdf) #372481 [since xpdf-3.02-4.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.199 retrieving revision 1.200 diff -u -r1.199 -r1.200 --- fc7 14 Dec 2007 13:55:49 -0000 1.199 +++ fc7 17 Dec 2007 09:16:46 -0000 1.200 @@ -8,7 +8,12 @@ # Up to date CVE as of CVE email 200711211 # Up to date FC7 as of 20071212 -CVE-2007-6321 VULENERABLE (roundcubemail) #423281 +CVE-2007-6352 VULNERABLE (exiv2) #425922 +CVE-2007-6352 VULNERABLE (libexif) #425621 +CVE-2007-6351 VULNERABLE (libexif) #425621 +CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped +CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6321 VULNERABLE (roundcubemail) #423281 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424921 @@ -74,6 +79,7 @@ CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652] CVE-2007-5501 version (kernel) [since FEDORA-2007-3751] CVE-2007-5500 version (kernel) [since FEDORA-2007-3751] +CVE-2007-5497 VULNERABLE (e2fsprogs) #414571 CVE-2007-5461 version (tomcat5) #334511 [since FEDORA-2007-3456] CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe CVE-2007-5398 version (samba) [since FEDORA-2007-3402]

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.41, 1.42 f9, 1.36, 1.37 fc7, 1.198, 1.199

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29581/audit Modified Files: f8 f9 fc7 Log Message: mysql cleanup Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- f8 13 Dec 2007 12:41:06 -0000 1.41 +++ f8 14 Dec 2007 13:55:49 -0000 1.42 @@ -9,6 +9,8 @@ CVE-2007-6321 VULENERABLE (roundcubemail) #423291 CVE-2007-6318 VULNERABLE (wordpress) +CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built +CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424931 CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761 GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761 @@ -32,6 +34,8 @@ CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] +CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning +CVE-2007-5969 VULNERABLE (mysql, fixed 5.0.51) #424931 CVE-2007-5964 VULNERABLE (autofs) #409701 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] @@ -43,7 +47,7 @@ CVE-2007-5934 backport (php-pear-MDB2) #379101 [since FEDORA-2007-3376] CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379131 [since FEDORA-2007-3376] CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379161 [since FEDORA-2007-3376] -CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. +CVE-2007-5925 VULNERABLE (mysql, fixed 5.0.54) #424931 CVE-2007-5907 VULNERABLE (xen) #390111 CVE-2007-5906 VULNERABLE (xen) #390111 CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- f9 13 Dec 2007 12:41:06 -0000 1.36 +++ f9 14 Dec 2007 13:55:49 -0000 1.37 @@ -9,6 +9,8 @@ CVE-2007-6321 VULENERABLE (roundcubemail) #423301 CVE-2007-6318 VULNERABLE (wordpress) +CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built +CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9] CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 CVE-2007-6283 VULNERABLE (bind) #423081 CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9] @@ -29,6 +31,8 @@ CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] +CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning +CVE-2007-5969 backport (mysql, fixed 5.0.51) [since mysql-5.0.45-6.fc9] CVE-2007-5964 VULNERABLE (autofs) #421371 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) @@ -39,7 +43,7 @@ CVE-2007-5934 version (php-pear-MDB2) #379111 [since php-pear-MDB2-2.4.1-2.fc9] CVE-2007-5934 version (php-pear-MDB2-Driver-mysql) #379141 [since php-pear-MDB2-Driver-mysql-1.4.1-3.fc9] CVE-2007-5934 version (php-pear-MDB2-Driver-mysqli) #379171 [since php-pear-MDB2-Driver-mysqli-1.4.1-3.fc9] -CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. +CVE-2007-5925 backport (mysql, fixed 5.0.54) [since mysql-5.0.45-6.fc9] CVE-2007-5907 VULNERABLE (xen) #390121 CVE-2007-5906 VULNERABLE (xen) #390121 CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.198 retrieving revision 1.199 diff -u -r1.198 -r1.199 --- fc7 13 Dec 2007 12:41:06 -0000 1.198 +++ fc7 14 Dec 2007 13:55:49 -0000 1.199 @@ -10,6 +10,8 @@ CVE-2007-6321 VULENERABLE (roundcubemail) #423281 CVE-2007-6318 VULNERABLE (wordpress) +CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built +CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424921 CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751 GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751 @@ -22,7 +24,6 @@ CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name -CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] @@ -33,6 +34,8 @@ CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] +CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning +CVE-2007-5969 VULNERABLE (mysql, fixed 5.0.51) #424921 CVE-2007-5964 VULNERABLE (autofs) #421351 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] @@ -44,7 +47,7 @@ CVE-2007-5934 backport (php-pear-MDB2) #379091 [since FEDORA-2007-3369] CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379121 [since FEDORA-2007-3369] CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379151 [since FEDORA-2007-3369] -CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. +CVE-2007-5925 VULNERABLE (mysql, fixed 5.0.54) #424921 CVE-2007-5907 VULNERABLE (xen) #390101 CVE-2007-5906 VULNERABLE (xen) #390101 CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019] @@ -239,8 +242,8 @@ CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699] CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700] CVE-2007-3799 ** (php) -CVE-2007-3781 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197] CVE-2007-3782 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197] +CVE-2007-3781 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197] CVE-2007-3780 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197] CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620] CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138] @@ -350,6 +353,9 @@ CVE-2007-2756 ignore (gd) DoS only CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033] CVE-2007-2721 backport (jasper, fixed 1.900.1-2) #240397 +CVE-2007-2693 ignore (mysql, fixed 5.1.18) mysql 5.1+ only, requires partitioning +CVE-2007-2692 version (mysql, fixed 5.0.45) [since FEDORA-2007-1197] +CVE-2007-2691 version (mysql, fixed 5.0.45) [since FEDORA-2007-1197] CVE-2007-2683 backport (mutt) CVE-2007-2654 version (xfsdump) #240396 CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] @@ -357,7 +363,7 @@ *CVE-2007-2637 backport (moin, fixed 1.5.7-2) CVE-2007-2627 version (wordpress, fixed 2.2.1) #239904 [since FEDORA-2007-0894] *CVE-2007-2589 ** (squirrelmail) -*CVE-2007-2583 ** (mysql) +CVE-2007-2583 version (mysql, fixed 5.0.41) CVE-2007-2519 ignore (php-pear) no trust boundary is crossed CVE-2007-2511 ignore (php) #239011 see the bug CVE-2007-2510 version (php, fixed 5.2.2)

16 years, 4 months

1
0
0 / 0

fedora-security/tools get-bodhi-update, NONE, 1.1.2.1

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12955 Added Files: Tag: lkundrak-tools-ng get-bodhi-update Log Message: We can talk to bodhi now ***** Error reading new file: [Errno 2] No such file or directory: 'get-bodhi-update'

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.40, 1.41 f9, 1.35, 1.36 fc7, 1.197, 1.198

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6435/audit Modified Files: f8 f9 fc7 Log Message: bind, roundcubemail Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.40 retrieving revision 1.41 diff -u -r1.40 -r1.41 --- f8 12 Dec 2007 13:31:37 -0000 1.40 +++ f8 13 Dec 2007 12:41:06 -0000 1.41 @@ -4,14 +4,16 @@ # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) -# Up to date CVE as of CVE email 20071030 -# Up to date F8 as of 20071029 +# Up to date CVE as of CVE email 20071211 +# Up to date F8 as of 20071212 +CVE-2007-6321 VULENERABLE (roundcubemail) #423291 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761 GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761 GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412761 +CVE-2007-6283 VULNERABLE (bind) #423071 CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412391 CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176] CVE-2007-6209 ignore (zsh) #409871 We don't ship the script Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.35 retrieving revision 1.36 diff -u -r1.35 -r1.36 --- f9 12 Dec 2007 13:31:37 -0000 1.35 +++ f9 13 Dec 2007 12:41:06 -0000 1.36 @@ -4,11 +4,13 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) -# Up to date CVE as of CVE email 20071030 +# Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +CVE-2007-6321 VULENERABLE (roundcubemail) #423301 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 +CVE-2007-6283 VULNERABLE (bind) #423081 CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9] CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9] CVE-2007-6209 ignore (zsh) #409871 We don't ship the script Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.197 retrieving revision 1.198 diff -u -r1.197 -r1.198 --- fc7 12 Dec 2007 13:31:37 -0000 1.197 +++ fc7 13 Dec 2007 12:41:06 -0000 1.198 @@ -5,14 +5,16 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Up to date CVE as of CVE email 20071030 -# Up to date FC7 as of 20071029 +# Up to date CVE as of CVE email 200711211 +# Up to date FC7 as of 20071212 +CVE-2007-6321 VULENERABLE (roundcubemail) #423281 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751 GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751 GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412751 +CVE-2007-6283 VULNERABLE (bind) #423061 CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412381 CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160] CVE-2007-6209 ignore (zsh) #409871 We don't ship the script

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.39, 1.40 f9, 1.34, 1.35 fc7, 1.196, 1.197

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25199/audit Modified Files: f8 f9 fc7 Log Message: autofs Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.39 retrieving revision 1.40 diff -u -r1.39 -r1.40 --- f8 12 Dec 2007 10:26:57 -0000 1.39 +++ f8 12 Dec 2007 13:31:37 -0000 1.40 @@ -30,6 +30,7 @@ CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] +CVE-2007-5964 VULNERABLE (autofs) #409701 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- f9 12 Dec 2007 10:26:57 -0000 1.34 +++ f9 12 Dec 2007 13:31:37 -0000 1.35 @@ -27,6 +27,7 @@ CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] +CVE-2007-5964 VULNERABLE (autofs) #421371 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.196 retrieving revision 1.197 diff -u -r1.196 -r1.197 --- fc7 12 Dec 2007 10:26:57 -0000 1.196 +++ fc7 12 Dec 2007 13:31:37 -0000 1.197 @@ -31,6 +31,7 @@ CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] +CVE-2007-5964 VULNERABLE (autofs) #421351 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.38, 1.39 f9, 1.33, 1.34 fc7, 1.195, 1.196

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27199/audit Modified Files: f8 f9 fc7 Log Message: fedora updates wordpress Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.38 retrieving revision 1.39 diff -u -r1.38 -r1.39 --- f8 10 Dec 2007 19:23:30 -0000 1.38 +++ f8 12 Dec 2007 10:26:57 -0000 1.39 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 +CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761 GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761 @@ -24,7 +25,8 @@ CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6061 VULNERABLE (audacity) #393251 -CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) +CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] +CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] @@ -116,6 +118,7 @@ CVE-2007-3385 version (tomcat5) [since FEDORA-2007-3474] CVE-2007-3382 version (tomcat5) [since FEDORA-2007-3474] CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length +CVE-2007-2807 backport (eggdrop) [since FEDORA-2007-4305] CVE-2007-2450 version (tomcat5) #363081 [since FEDORA-2007-3474] CVE-2007-2449 version (tomcat5) #363081 [since FEDORA-2007-3474] CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 @@ -135,7 +138,7 @@ CVE-2007-0653 backport (xmms) #233705 -//- CVE-2007-0537 version (kdebase, fixed 3.5.6) #225420 CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage -CVE-2007-0095 ignore (phpMyAdmin) #221694 "Reveals path" +CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since FEDORA-2007-4334] CVE-2006-6698 VULNERABLE (GConf2) #219280 CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB CVE-2006-6107 version (dbus, fixed 1.0.2) #219665 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.33 retrieving revision 1.34 diff -u -r1.33 -r1.34 --- f9 10 Dec 2007 19:23:30 -0000 1.33 +++ f9 12 Dec 2007 10:26:57 -0000 1.34 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 +CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9] CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9] @@ -23,6 +24,7 @@ CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) +CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) @@ -114,7 +116,7 @@ CVE-2007-0653 backport (xmms) #233705 -//- CVE-2007-0537 version (kdebase, fixed 3.5.6) #225420 CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage -CVE-2007-0095 ignore (phpMyAdmin) #221694 "Reveals path" +CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since phpMyAdmin-2.11.3-1.fc9] CVE-2006-6698 VULNERABLE (GConf2) #219280 CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB CVE-2006-6107 version (dbus, fixed 1.0.2) #219665 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.195 retrieving revision 1.196 diff -u -r1.195 -r1.196 --- fc7 10 Dec 2007 19:23:30 -0000 1.195 +++ fc7 12 Dec 2007 10:26:57 -0000 1.196 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 +CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751 GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751 @@ -26,7 +27,8 @@ CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] -CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) +CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] +CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] @@ -119,7 +121,7 @@ CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368] CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530] CVE-2007-4993 backport (xen) [since FEDORA-2007-2270] -CVE-2007-4990 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373331 +CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) #373331 [since FEDORA-2007-4263] CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236] CVE-2007-4965 backport (python) imageop module heap overflow [since FEDORA-2007-2663] CVE-2007-4924 version (opal, fixed 2.2.10) #297551 [since FEDORA-2007-2245] @@ -157,7 +159,7 @@ CVE-2007-4572 version (samba) [since FEDORA-2007-3402] CVE-2007-4571 version (kernel) [since FEDORA-2007-2349] CVE-2007-4569 backport (kdebase) #299731 [since FEDORA-2007-2361] -CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373261 +CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) #373261 [since FEDORA-2007-4263] CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. @@ -337,6 +339,7 @@ CVE-2007-2843 ignore (konqueror) safari specific CVE-2007-2834 backport (openoffice.org, fixed 2.3) #293361 [since FEDORA-2007-2372] CVE-2007-2821 version (wordpress, fixed 2.2) #245211 [since FEDORA-2007-0894] +CVE-2007-2807 backport (eggdrop) [since FEDORA-2007-4325] CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-0836] CVE-2007-2798 version (krb5, fixed 1.6.1) [since FEDORA-2007-0740] CVE-2007-2797 version (xterm) fixed in fc5 and fc6 before f7 release @@ -602,7 +605,7 @@ CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101 CVE-2007-0104 ignore (poppler) only client DoS CVE-2007-0104 ignore (kdegraphics) only client DoS -CVE-2007-0095 version (phpMyAdmin) #221694 +CVE-2007-0095 backport (phpMyAdmin) #221694 [since FEDORA-2007-4298] CVE-2007-0086 ignore (apache) not a security issue *CVE-2007-0080 ** (freeradius) *CVE-2007-0010 ** (gtk2)

16 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

security-commits December 2007