Author: thoger
Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4724/audit
Modified Files: f8 f9 fc7 Log Message: add htdig, ruby-gnome2 fedora updates
Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- f8 27 Nov 2007 15:14:08 -0000 1.28 +++ f8 30 Nov 2007 12:18:11 -0000 1.29 @@ -7,11 +7,16 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029
+CVE-2007-6183 VULNERABLE (ruby-gnome2) #405601 +CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] +CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] +CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] +CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows CVE-2007-5936 backport (tetex) #379861 [since FEDORA-2007-3308] dviljk uses insecure temporary file @@ -26,6 +31,7 @@ CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] +CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8) CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788] CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] CVE-2007-5707 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] @@ -137,7 +143,7 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways -CVE-2005-4791 VULNERABLE (liferea) #393301 +CVE-2005-4791 version (liferea, fixed 1.4.8) #393301 [since FEDORA-2007-3701] CVE-2005-4790 backport (blam, fixed 1.8.4) #395761 [since FEDORA-2007-3798] CVE-2005-4790 backport (tomboy) #362951 [since FEDORA-2007-3253] CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness
Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- f9 27 Nov 2007 15:14:08 -0000 1.24 +++ f9 30 Nov 2007 12:18:11 -0000 1.25 @@ -7,11 +7,16 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029
+CVE-2007-6183 VULNERABLE (ruby-gnome2) #405611 +CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] +CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) +CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) +CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9] CVE-2007-5936 backport (tetex) #379851 dviljk uses insecure temporary file [since tetex-3.0-48.fc9] CVE-2007-5935 backport (tetex) #379851 dvips -z buffer overflow with long href [since tetex-3.0-48.fc9] @@ -25,6 +30,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] +CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8) CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9] CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9] CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9] @@ -121,8 +127,8 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways -CVE-2005-4791 VULNERABLE (liferea) #393311 -CVE-2005-4790 VULNERABLE (blam, fixed 1.8.4) #395771 +CVE-2005-4791 version (liferea, fixed 1.4.8) #393311 [since liferea-1.4.8-1.fc9] +CVE-2005-4790 backport (blam, fixed 1.8.4) #395771 [since blam-1.8.3-11.fc9] CVE-2005-4790 backport (tomboy) #362961 [since tomboy-0.8.1-2.fc9] CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.185 retrieving revision 1.186 diff -u -r1.185 -r1.186 --- fc7 27 Nov 2007 11:37:56 -0000 1.185 +++ fc7 30 Nov 2007 12:18:11 -0000 1.186 @@ -8,11 +8,16 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029
+CVE-2007-6183 VULNERABLE (ruby-gnome2) #405591 +CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] +CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] +CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] +CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows CVE-2007-5936 backport (tetex) #379831 [since FEDORA-2007-3390] dviljk uses insecure temporary file @@ -27,6 +32,7 @@ CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056] CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] +CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8) CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago CVE-2007-5712 version (Django, fixed 0.96.1) #362761 [since FEDORA-2007-3157] @@ -1387,7 +1393,7 @@ CVE-2006-0019 version (kdelibs, fixed 3.5.1) *CVE-2006-0017 ** (fedora-ds-base) Publish CVE! *CVE-2006-0016 ** (fedora-ds-base) Publish CVE! -CVE-2005-4791 VULNERABLE (liferea) #393291 +CVE-2005-4791 version (liferea, fixed 1.2.8) #393291 [since FEDORA-2007-3733] *CVE-2005-4838 ** (tomcat) CVE-2005-4837 version (net-snmp, fixed 5.2.2) *CVE-2005-4836 ** (tomcat)