Author: thoger
Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9755/audit
Modified Files: f8 f9 fc7 Log Message: note some old krb5 ids upstream statement regarding those issues can be found here: http://marc.info/?l=full-disclosure&m=119743235325151&w=2
Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.124 retrieving revision 1.125 diff -u -r1.124 -r1.125 --- f8 18 Feb 2008 09:42:04 -0000 1.124 +++ f8 18 Feb 2008 14:07:05 -0000 1.125 @@ -178,6 +178,8 @@ CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] +CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable +CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning CVE-2007-5969 backport (mysql, fixed 5.0.51) #424931 [since FEDORA-2007-4465] CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4285] @@ -197,6 +199,9 @@ CVE-2007-5925 backport (mysql, fixed 5.0.54) #424931 [since FEDORA-2007-4465] CVE-2007-5907 VULNERABLE (xen) #390111 CVE-2007-5906 VULNERABLE (xen) #390111 +CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable +CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) +CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131 CVE-2007-5848 version (cups, fixed 1.2.0) CVE-2007-5846 version (net-snmp, fixed 5.4.1)
Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.114 retrieving revision 1.115 diff -u -r1.114 -r1.115 --- f9 18 Feb 2008 09:42:04 -0000 1.114 +++ f9 18 Feb 2008 14:07:05 -0000 1.115 @@ -176,6 +176,8 @@ CVE-2007-6013 VULNERABLE (wordpress) #426434 CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] +CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable +CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning CVE-2007-5969 backport (mysql, fixed 5.0.51) [since mysql-5.0.45-6.fc9] CVE-2007-5965 version (qt4, fixed 4.3.3) [since qt4-4.3.3-1.fc9] @@ -195,6 +197,9 @@ CVE-2007-5925 backport (mysql, fixed 5.0.54) [since mysql-5.0.45-6.fc9] CVE-2007-5907 VULNERABLE (xen) #390121 CVE-2007-5906 VULNERABLE (xen) #390121 +CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable +CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) +CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9] CVE-2007-5848 version (cups, fixed 1.2.0) CVE-2007-5846 version (net-snmp, fixed 5.4.1)
Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.280 retrieving revision 1.281 diff -u -r1.280 -r1.281 --- fc7 18 Feb 2008 09:42:04 -0000 1.280 +++ fc7 18 Feb 2008 14:07:05 -0000 1.281 @@ -177,6 +177,8 @@ CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] +CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable +CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning CVE-2007-5969 backport (mysql, fixed 5.0.51) #424921 [since FEDORA-2007-4471] CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4354] @@ -196,6 +198,9 @@ CVE-2007-5925 backport (mysql, fixed 5.0.54) #424921 [since FEDORA-2007-4471] CVE-2007-5907 VULNERABLE (xen) #390101 CVE-2007-5906 VULNERABLE (xen) #390101 +CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable +CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) +CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131 CVE-2007-5848 version (cups, fixed 1.2.0) CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
security-commits@lists.fedoraproject.org