Author: thoger
Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16700/audit
Modified Files: fc6 fc7 Log Message: xen issue fedora updates
Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.283 retrieving revision 1.284 diff -u -r1.283 -r1.284 --- fc6 24 Oct 2007 12:25:12 -0000 1.283 +++ fc6 29 Oct 2007 12:38:04 -0000 1.284 @@ -5,7 +5,7 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# Up to date CVE as of CVE email 20071015 -# Up to date FC6 as of 20071017 +# Up to date FC6 as of 20071025
CVE-2007-5340 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5339 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 @@ -72,6 +72,7 @@ CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3920 VULNERABLE (gnome-screensaver) #350271 +CVE-2007-3919 VULNERABLE (xen) CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675] CVE-2007-3848 version (kernel) [since FEDORA-2007-679] CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707]
Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.154 retrieving revision 1.155 diff -u -r1.154 -r1.155 --- fc7 25 Oct 2007 07:34:05 -0000 1.154 +++ fc7 29 Oct 2007 12:38:04 -0000 1.155 @@ -6,28 +6,29 @@ # A couple of first F7 updates were marked as FEDORA-2007-0001
# Up to date CVE as of CVE email 20071015 -# Up to date FC7 as of 20071017 +# Up to date FC7 as of 20071025
CVE-2007-5626 ignore (bacula) known, documented limitation CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #349011 CVE-2007-5623 VULNERABLE (nagios-plugins) #348731 -CVE-2007-5597 VULNERABLE (drupal, fixed 5.3) -CVE-2007-5596 VULNERABLE (drupal, fixed 5.3) -CVE-2007-5595 VULNERABLE (drupal, fixed 5.3) -CVE-2007-5594 VULNERABLE (drupal, fixed 5.3) -CVE-2007-5593 VULNERABLE (drupal, fixed 5.3) +CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5595 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5594 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5593 version (drupal, fixed 5.3) [since FEDORA-2007-2649] CVE-2007-5589 VULNERABLE (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 -CVE-2007-5585 (tempest) #336331 +CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652] +CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652] CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe CVE-2007-5386 VULNERABLE (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 -CVE-2007-5340 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 -CVE-2007-5339 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 -CVE-2007-5338 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 -CVE-2007-5337 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 -CVE-2007-5335 VULNERABLE (mozilla) ff 2.0.0.8, does not affect ff1.5 -CVE-2007-5334 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 -CVE-2007-5269 VULNERABLE (libpng10) update pending -CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337461 +CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] +CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] +CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] +CVE-2007-5337 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] +CVE-2007-5335 version (mozilla) ff 2.0.0.8, does not affect ff1.5 [since FEDORA-2007-2664] +CVE-2007-5334 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] +CVE-2007-5269 version (libpng10) [since FEDORA-2007-2521] +CVE-2007-5269 version (libpng, fixed 1.2.21) #337461 [since FEDORA-2007-2666] CVE-2007-5268 ignore (libpng) shipped version too old and not affected CVE-2007-5267 ignore (libpng) shipped version too old and not affected CVE-2007-5266 ignore (libpng) shipped version too old and not affected @@ -140,6 +141,7 @@ CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] +CVE-2007-3919 VULNERABLE (xen) CVE-2007-3917 version (wesnoth, fixed 1.2.7) #324841 [since FEDORA-2007-2496] CVE-2007-3848 version (kernel) [since FEDORA-2007-1785] CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214] @@ -169,7 +171,7 @@ CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904] CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 CVE-2007-3543 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] -CVE-2007-3511 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 +CVE-2007-3511 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033] CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045] @@ -290,7 +292,7 @@ CVE-2007-2381 ignore (MochiKit) #238616 *CVE-2007-2356 ** (gimp) *CVE-2007-2353 ** (axis) -CVE-2007-2292 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 +CVE-2007-2292 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped. CVE-2007-2241 backport (bind) [since FEDORA-2007-0300] @@ -411,7 +413,7 @@ *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] CVE-2007-1216 version (krb5, fixed 1.6-3) #231537 *CVE-2007-1103 VULNERABLE (tor) #230927 -CVE-2007-1095 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 +CVE-2007-1095 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-1092 version (seamonkey, fixed 1.0.8) CVE-2007-1055 version (mediawiki, fixed 1.8.3) CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] @@ -431,7 +433,7 @@ CVE-2007-0996 version (seamonkey, fixed 1.0.8) CVE-2007-0995 version (seamonkey, fixed 1.0.8) CVE-2007-0988 version (php, fixed 5.2.1) -CVE-2007-0981 VULNERABLE (mozilla) +CVE-2007-0981 version (mozilla) CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 CVE-2007-0957 backport (krb5, fixed 1.6-3) #231528 CVE-2007-0956 backport (krb5, fixed 1.6-3) #229782
security-commits@lists.fedoraproject.org