Author: lkundrak
Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23913
Modified Files: fc6 fc7 Log Message: Up to date as of today
Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.273 retrieving revision 1.274 diff -u -r1.273 -r1.274 --- fc6 9 Oct 2007 06:58:08 -0000 1.273 +++ fc6 10 Oct 2007 19:45:15 -0000 1.274 @@ -4,13 +4,14 @@ # *CVE are items that need verification for Fedora Core 6 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20071004 -# Up to date FC6 as of 20071003 +# Up to date CVE as of CVE email 20071010 +# Up to date FC6 as of 20071010
CVE-2007-5191 VULNERABLE (util-linux) #320141 -CVE-2007-5162 VULNERABLE (ruby) #313801 +CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718] CVE-2007-5137 VULNERABLE (tk, fixed 8.4.16) -CVE-2007-5034 version (elinks) #297611 [since ???] +CVE-2007-5034 version (elinks) #297611 [since FEDORA-2007-710] +CVE-2007-4993 backport (xen) [since FEDORA-2007-713] CVE-2007-4965 VULNERABLE (python) imageop module heap overflow CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561 CVE-2007-4897 VULNERABLE (opal, fixed 2.2.8) #297561 @@ -29,7 +30,8 @@ CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only) CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709] CVE-2007-4657 ingore (php, fixed 5.2.4) arbitrary read not remotly triggerable -CVE-2007-4569 VULNERABLE (kdebase) #299741 +CVE-2007-4571 version (kernel) [since FEDORA-2007-714] +CVE-2007-4569 backport (kdebase) #299741 [since FEDORA-2007-716] CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315291 CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 @@ -39,7 +41,7 @@ CVE-2007-4251 ignore (openoffice.org) just a crash CVE-2007-4229 ignore (kdebase) just an ASSERT fail CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped -CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity +CVE-2007-4224 backport (kdebase) too obvious -- mouse pointer indicates script activity [since FEDORA-2007-716] CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664] CVE-2007-4137 backport (qt) #292951 [since FEDORA-2007-703] CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254129 @@ -61,7 +63,7 @@ CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" CVE-2007-3843 VULNERABLE (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed -CVE-2007-3820 ** (kdebase) #248537 +CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-716] CVE-2007-3799 backport (php) [since FEDORA-2007-709] CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654] CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44) @@ -145,6 +147,8 @@ CVE-2007-1352 fixed (libXfont) #235265 [since FEDORA-2007-423] CVE-2007-1351 fixed (libXfont) #235265 [since FEDORA-2007-423] CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-577] +CVE-2007-1321 backport (xen) #238723 [since FEDORA-2007-713] +CVE-2007-1320 backport (xen) #238723 [since FEDORA-2007-713] CVE-2007-1308 version (kdelibs) CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505]
Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.136 retrieving revision 1.137 diff -u -r1.136 -r1.137 --- fc7 9 Oct 2007 22:49:05 -0000 1.136 +++ fc7 10 Oct 2007 19:45:15 -0000 1.137 @@ -11,8 +11,8 @@ CVE-2007-5226 VULNERABLE (dircproxy) #319301 CVE-2007-5201 VULNERABLE (duplicity) #293081 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #315101 -CVE-2007-5191 VULNERABLE (util-linux) #320131 -CVE-2007-5162 VULNERABLE (ruby) #313791 +CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462] +CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406] CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295] CVE-2007-5137 VULNERABLE (tk, fixed 8.4.16) CVE-2007-5106 ignore (wordpress) affects old 2.0.x versions
security-commits@lists.fedoraproject.org