Author: lkundrak
Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25504
Modified Files: f8 f9 fc7 Log Message: tomcat
Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.117 retrieving revision 1.118 diff -u -r1.117 -r1.118 --- f8 12 Feb 2008 08:06:40 -0000 1.117 +++ f8 12 Feb 2008 08:47:54 -0000 1.118 @@ -81,6 +81,7 @@ CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.8) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] +CVE-2008-0002 VULNERABLE (tomcat5) #432474 CVE-2007-6698 version (openldap, fixed 2.3.36) CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430241 [since FEDORA-2008-1208] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] @@ -136,6 +137,7 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 +CVE-2007-6286 VULNERABLE (tomcat5) #432474 CVE-2007-6285 backport (autofs) #426400 [since FEDORA-2007-4707] CVE-2007-6284 version (libxml2, fixed 2.6.31) [since FEDORA-2008-0462] CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655] @@ -227,6 +229,7 @@ CVE-2007-5392 backport (tetex) #372661 [since FEDORA-2007-3308] CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5339 version (thunderbird) [since FEDORA-2007-3414] +CVE-2007-5333 VULNERABLE (tomcat5) #428255 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831 CVE-2007-5200 version (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891
Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.109 retrieving revision 1.110 diff -u -r1.109 -r1.110 --- f9 12 Feb 2008 08:06:40 -0000 1.109 +++ f9 12 Feb 2008 08:47:54 -0000 1.110 @@ -81,6 +81,7 @@ CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) +CVE-2008-0002 VULNERABLE (tomcat5) #432476 CVE-2007-6698 version (openldap, fixed 2.3.36) CVE-2007-6697 backport (SDL_image, fixed 1.2.7) #430238 [since SDL_image-1.2.6-4.fc9] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] @@ -136,6 +137,7 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9] CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 +CVE-2007-6286 VULNERABLE (tomcat5) #432476 CVE-2007-6285 backport (autofs) #426401 [since autofs-5.0.2-25] CVE-2007-6284 version (libxml2, fixed 2.6.31) [since libxml2-2.6.31-1] CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9] @@ -222,6 +224,7 @@ CVE-2007-5392 VULNERABLE (koffice) #372611 CVE-2007-5392 version (tetex) #372671 [since tetex-3.0-48.fc9] CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 +CVE-2007-5333 VULNERABLE (tomcat5) #428257 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841 CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9] CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901
Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.273 retrieving revision 1.274 diff -u -r1.273 -r1.274 --- fc7 12 Feb 2008 08:06:40 -0000 1.273 +++ fc7 12 Feb 2008 08:47:54 -0000 1.274 @@ -81,6 +81,7 @@ CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.8) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] +CVE-2008-0002 VULNERABLE (tomcat5) #432475 CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307] CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430239 [since FEDORA-2008-1231] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] @@ -135,6 +136,7 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 +CVE-2007-6286 VULNERABLE (tomcat5) #432475 CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709] CVE-2007-6284 version (libxml2, fixed 2.6.31) [since FEDORA-2008-0477] CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658] @@ -242,6 +244,7 @@ CVE-2007-5337 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-5335 version (mozilla) ff 2.0.0.8, does not affect ff1.5 [since FEDORA-2007-2664] CVE-2007-5334 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] +CVE-2007-5333 VULNERABLE (tomcat5) #428256 CVE-2007-5269 version (libpng10) [since FEDORA-2007-2521] CVE-2007-5269 version (libpng, fixed 1.2.21) #337461 [since FEDORA-2007-2666] CVE-2007-5268 ignore (libpng) shipped version too old and not affected
security-commits@lists.fedoraproject.org