Author: lkundrak
Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28345
Modified Files: fc7 Log Message: Formatting fixes, to prepare for automatic parsing
Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.135 retrieving revision 1.136 diff -u -r1.135 -r1.136 --- fc7 9 Oct 2007 13:22:16 -0000 1.135 +++ fc7 9 Oct 2007 22:49:05 -0000 1.136 @@ -29,7 +29,7 @@ CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236] CVE-2007-4965 VULNERABLE (python) imageop module heap overflow CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297551 -CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8 +CVE-2007-4897 version (opal, fixed 2.2.9) CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137 @@ -128,7 +128,7 @@ CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3735 version (mozilla) #248518 [since FEDORA-2007-1138] -CVE-2007-3728 ignore (libsilc, 1.1.1 only) +CVE-2007-3728 ignore (libsilc, only 1.1.1) CVE-2007-3725 version (clamav) [since FEDORA-2007-2050] CVE-2007-3713 backport (centericq) #247979 [since FEDORA-2007-1160] CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138] @@ -176,7 +176,7 @@ CVE-2007-3239 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3238 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366] -CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) +CVE-2007-3209 ignore (mail-notification) shipped with SSL enabled CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674] CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] @@ -197,7 +197,7 @@ CVE-2007-3024 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] CVE-2007-3023 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] CVE-2007-3007 ignore (php) safe mode isn't safe -*CVE-2007-2975 (openfire) +*CVE-2007-2975 ** (openfire) CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009] CVE-2007-2958 backport (sylpheed) #254123 [since FEDORA-2007-1841] CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581] @@ -207,7 +207,7 @@ CVE-2007-2894 backport (bochs) #241799 [since FEDORA-2007-1778] CVE-2007-2893 backport (bochs, fixed 2.3-5) #241799 [since FEDORA-2007-1153] CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] -CVE-2007-2874 remove-patch (wpa_supplicant) #242455 [since FEDORA-2007-0185] +CVE-2007-2874 backport (wpa_supplicant) #242455 [since FEDORA-2007-0185] CVE-2007-2873 version (spamassassin, fixed 3.2.1) [since FEDORA-2007-0390] CVE-2007-2871 version (mozilla) #241840 CVE-2007-2870 version (mozilla) #241840 @@ -220,45 +220,45 @@ CVE-2007-2834 backport (openoffice.org, fixed 2.3) #293361 [since FEDORA-2007-2372] CVE-2007-2821 version (wordpress, fixed 2.2) #245211 [since FEDORA-2007-0894] CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-0836] -CVE-2007-2798 version (krb5, 1.6.1) [since FEDORA-2007-0740] +CVE-2007-2798 version (krb5, fixed 1.6.1) [since FEDORA-2007-0740] CVE-2007-2797 version (xterm) fixed in fc5 and fc6 before f7 release CVE-2007-2768 ignore (openssh) needs pam OPIE which is not shipped. CVE-2007-2756 ignore (gd) DoS only CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033] -CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 +CVE-2007-2721 backport (jasper, fixed 1.900.1-2) #240397 CVE-2007-2683 backport (mutt) CVE-2007-2654 version (xfsdump) #240396 CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] CVE-2007-2645 backport (libexif) #240055 [since FEDORA-2007-0414] -*CVE-2007-2637 patch (moin, fixed 1.5.7-2) +*CVE-2007-2637 backport (moin, fixed 1.5.7-2) CVE-2007-2627 version (wordpress, fixed 2.2.1) #239904 [since FEDORA-2007-0894] -*CVE-2007-2589 (squirrelmail) -*CVE-2007-2583 (mysql) +*CVE-2007-2589 ** (squirrelmail) +*CVE-2007-2583 ** (mysql) CVE-2007-2519 ignore (php-pear) no trust boundary is crossed CVE-2007-2511 ignore (php) #239011 see the bug CVE-2007-2510 version (php, fixed 5.2.2) CVE-2007-2509 version (php, fixed 5.2.2) -*CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213 +*CVE-2007-2500 backport (gnash, fixed 0.7.2-2) #239213 CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] -*CVE-2007-2452 (locate) +*CVE-2007-2452 ** (locate) CVE-2007-2450 VULNERABLE (tomcat5) #244810 CVE-2007-2449 VULNERABLE (tomcat5) #244810 CVE-2007-2448 VULNERABLE (subversion, fixed 1.4.4) #243856 -*CVE-2007-2447 (samba) -*CVE-2007-2446 (samba) +*CVE-2007-2447 ** (samba) +*CVE-2007-2446 ** (samba) CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398 -*CVE-2007-2444 (samba) -CVE-2007-2443 version (krb5, 1.6.1) [since FEDORA-2007-0740] -CVE-2007-2442 version (krb5, 1.6.1) [since FEDORA-2007-0740] -CVE-2007-2438 version (vim, 7.0.235) #238734 [since FEDORA-2007-492] +*CVE-2007-2444 ** (samba) +CVE-2007-2443 version (krb5, fixed 1.6.1) [since FEDORA-2007-0740] +CVE-2007-2442 version (krb5, fixed 1.6.1) [since FEDORA-2007-0740] +CVE-2007-2438 version (vim, fixed 7.0.235) #238734 [since FEDORA-2007-492] CVE-2007-2437 ignore (xorg-x11) DoS only -*CVE-2007-2435 (java) -*CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 +*CVE-2007-2435 ** (java) +*CVE-2007-2423 backport (moin, fixed 1.5.7-2) #238722 CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 CVE-2007-2381 ignore (MochiKit) #238616 -*CVE-2007-2356 (gimp) -*CVE-2007-2353 (axis) +*CVE-2007-2356 ** (gimp) +*CVE-2007-2353 ** (axis) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped. CVE-2007-2241 backport (bind) [since FEDORA-2007-0300] @@ -269,8 +269,8 @@ CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] CVE-2007-2028 version (freeradius) -*CVE-2007-2026 (file) -CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) +*CVE-2007-2026 ** (file) +CVE-2007-2016 ignore (phpMyAdmin) < 2.8.0.2 never shipped CVE-2007-1997 version (clamav, fixed in 0.90.2) CVE-2007-1995 version (quagga, fixed CVE-2007-1995) #240488 CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 @@ -281,24 +281,24 @@ CVE-2007-1864 version (php, fixed 5.2.2) CVE-2007-1863 backport (httpd) #244665 [since FEDORA-2007-0704] CVE-2007-1862 backport (httpd) #242606 [since FEDORA-2007-0704] -*CVE-2007-1859 (xscreensaver) -*CVE-2007-1858 (tomcat) +*CVE-2007-1859 ** (xscreensaver) +*CVE-2007-1858 ** (tomcat) CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 CVE-2007-1797 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340] CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 -*CVE-2007-1743 (httpd) -*CVE-2007-1742 (httpd) -*CVE-2007-1741 (httpd) +*CVE-2007-1743 ** (httpd) +*CVE-2007-1742 ** (httpd) +*CVE-2007-1741 ** (httpd) CVE-2007-1732 ignore (wordpress) #235015 CVE-2007-1718 version (php, fixed 5.2.2) CVE-2007-1717 version (php, fixed 5.2.2) CVE-2007-1711 version (php, 4.4.5 and 4.4.6 only) CVE-2007-1710 version (php, fixed 5.2.2) CVE-2007-1709 ignore (php) no security impact -*CVE-2007-1667 (xorg-x11) +*CVE-2007-1667 ** (xorg-x11) CVE-2007-1665 version (ekg) #246034 [since FEDORA-2007-0791] CVE-2007-1664 version (ekg) #246034 [since FEDORA-2007-0791] CVE-2007-1663 version (ekg) #246034 [since FEDORA-2007-0791] @@ -320,7 +320,7 @@ CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1536 (file) +*CVE-2007-1536 ** (file) CVE-2007-1521 ignore (php) See NVD CVE-2007-1515 version (imp, fixed 4.1.4) CVE-2007-1496 version (kernel, fixed 2.6.20.3) @@ -329,7 +329,7 @@ CVE-2007-1474 version (horde, fixed 3.1.4) CVE-2007-1474 ignore (imp, < 4.x only) CVE-2007-1473 version (horde, fixed 3.1.4) -*CVE-2007-1466 (openoffice.org) +*CVE-2007-1466 ** (openoffice.org) CVE-2007-1464 version (inkscape, fixed 0.45.1) CVE-2007-1463 version (inkscape, fixed 0.45.1) CVE-2007-1460 version (php, fixed 5.2.2) @@ -345,15 +345,15 @@ CVE-2007-1398 ignore (snort, inline mode not shipped) #232109, new upstream [since FEDORA-2007-2060] CVE-2007-1396 ignore (php) feature, not a flaw *CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) -*CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3) +*CVE-2007-1387 backport (xine-lib, fixed 1.1.4-3) *CVE-2007-1385 version (ktorrent, fixed 2.1.2) *CVE-2007-1384 version (ktorrent, fixed 2.1.2) CVE-2007-1375 version (php, fixed 5.2.2) *CVE-2007-1366 ** (qemu) #238723 CVE-2007-1362 version (seamonkey, fixed 1.0.9) #241840 -*CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 +*CVE-2007-1359 backport (mod_security, fixed 2.1.0-3) #231728 CVE-2007-1358 ** (tomcat5) #244810 -*CVE-2007-1354 (jboss) +*CVE-2007-1354 ** (jboss) *CVE-2007-1352 VULNERABLE (libXfont) #235265 *CVE-2007-1351 VULNERABLE (libXfont) #235265 CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-0316] @@ -365,15 +365,15 @@ CVE-2007-1308 version (kdelibs) CVE-2007-1287 ignore (php) See NVD CVE-2007-1286 version (php, PHP4 only) -CVE-2007-1285 version (php, 5.2.2) +CVE-2007-1285 version (php, fixed 5.2.2) CVE-2007-1282 version (seamonkey, fixed 1.0.8) CVE-2007-1277 version (wordpress, fixed 2.1.2) -CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733 +CVE-2007-1267 ignore (sylpheed) uses gpgme #231733 CVE-2007-1263 version (gpgme, fixed 1.1.4) CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] -*CVE-2007-1262 (squirrelmail) -*CVE-2007-1253 patch (blender, fixed 2.42a-21) #239338 -*CVE-2007-1246 patch (xine-lib, fixed 1.1.4-3) +*CVE-2007-1262 ** (squirrelmail) +*CVE-2007-1253 backport (blender, fixed 2.42a-21) #239338 +*CVE-2007-1246 backport (xine-lib, fixed 1.1.4-3) CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] @@ -383,25 +383,25 @@ CVE-2007-1055 version (mediawiki, fixed 1.8.3) CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991 -*CVE-2007-1036 (jboss) -*CVE-2007-1030 (libevent) -*CVE-2007-1007 (ekiga) +*CVE-2007-1036 ** (jboss) +*CVE-2007-1030 ** (libevent) +*CVE-2007-1007 ** (ekiga) *CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] -CVE-2007-1004 VULNERABLE (firefox, ...) +CVE-2007-1004 VULNERABLE (mozilla) *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 *CVE-2007-1002 VULNERABLE (evolution) #233587 CVE-2007-1001 version (php, fixed 5.2.2) CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335] -*CVE-2007-0999 (ekiga) +*CVE-2007-0999 ** (ekiga) CVE-2007-0998 version (qemu, fixed 0.8.2) *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] CVE-2007-0996 version (seamonkey, fixed 1.0.8) CVE-2007-0995 version (seamonkey, fixed 1.0.8) CVE-2007-0988 version (php, fixed 5.2.1) -CVE-2007-0981 VULNERABLE (firefox, ...) +CVE-2007-0981 VULNERABLE (mozilla) CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 -CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 -CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782 +CVE-2007-0957 backport (krb5, fixed 1.6-3) #231528 +CVE-2007-0956 backport (krb5, fixed 1.6-3) #229782 CVE-2007-0911 version (php, 5.2.1 only) CVE-2007-0910 version (php, fixed 5.2.1) CVE-2007-0909 version (php, fixed 5.2.1) @@ -409,8 +409,8 @@ CVE-2007-0907 version (php, fixed 5.2.1) CVE-2007-0906 version (php, fixed 5.2.1) CVE-2007-0903 version (ejabberd, fixed 1.1.3) -*CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 -*CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 +*CVE-2007-0902 backport (moin, fixed 1.5.7-2) #228764 +*CVE-2007-0901 backport (moin, fixed 1.5.7-2) #228764 CVE-2007-0898 version (clamav, fixed 0.90) #229202 CVE-2007-0897 version (clamav, fixed 0.90) #229202 CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 @@ -424,10 +424,10 @@ CVE-2007-0778 version (seamonkey, fixed 1.0.8) CVE-2007-0777 version (seamonkey, fixed 1.0.8) CVE-2007-0775 version (seamonkey, fixed 1.0.8) -*CVE-2007-0774 (mod_jk) +*CVE-2007-0774 ** (mod_jk) CVE-2007-0772 version (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] -CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952 -CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 +CVE-2007-0771 backport (kernel, fixed 2.6.20-1.2933) #227952 +CVE-2007-0770 backport (GraphicsMagick, fixed 1.1.7-7) #228758 CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated CVE-2007-0657 ignore (nexuiz, 2.2.2 only (not shipped), fixed 2.2.3) @@ -435,8 +435,8 @@ *CVE-2007-0653 VULNERABLE (xmms) #233705 *CVE-2007-0650 ignore (tetex) needs user's assistance CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 -*CVE-2007-0578 (mpg321) -*CVE-2007-0555 (postgresql) +*CVE-2007-0578 ** (mpg321) +*CVE-2007-0555 ** (postgresql) CVE-2007-0541 version (wordpress, fixed 2.1-0) #225469 CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469 CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469 @@ -453,10 +453,10 @@ CVE-2007-0457 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0456 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0455 version (gd, fixed 2.0.34) #224610 -*CVE-2007-0454 (samba) -*CVE-2007-0452 (samba) +*CVE-2007-0454 ** (samba) +*CVE-2007-0452 ** (samba) CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] -*CVE-2007-0450 (tomcat) +*CVE-2007-0450 ** (tomcat) CVE-2007-0448 ignore (php) safe mode isn't safe CVE-2007-0405 version (Django, fixed 0.95.1) CVE-2007-0404 version (Django, fixed 0.95.1) @@ -465,16 +465,15 @@ CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] CVE-2007-0245 backport (openoffice.org) [since FEDORA-2007-0410] -CVE-2007-0243 ignore, no-ship (java-ibm) -*CVE-2007-0242 patch (qt4, fixed 4.2.3-7) -*CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 -*CVE-2007-0239 (openoffice.org) -*CVE-2007-0238 (openoffice.org) +*CVE-2007-0242 backport (qt4, fixed 4.2.3-7) +*CVE-2007-0240 backport (zope, fixed 2.9.6-2) #233378 +*CVE-2007-0239 ** (openoffice.org) +*CVE-2007-0238 ** (openoffice.org) *CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage -*CVE-2007-0227 (slocate) +*CVE-2007-0227 ** (slocate) CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 -*CVE-2007-0160 patch (centericq, fixed 4.21.0-9) #227791 -*CVE-2007-0157 (neon) +*CVE-2007-0160 backport (centericq, fixed 4.21.0-9) #227791 +*CVE-2007-0157 ** (neon) CVE-2007-0109 version (wordpress, fixed 2.1-0) #223101 CVE-2007-0107 version (wordpress, fixed 2.1-0) #223101 CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101 @@ -482,16 +481,10 @@ CVE-2007-0104 ignore (kdegraphics) only client DoS *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 CVE-2007-0086 ignore (apache) not a security issue -*CVE-2007-0080 (freeradius) -CVE-2007-0048 ignore, no-ship (acroread) -CVE-2007-0046 ignore, no-ship (acroread) -CVE-2007-0045 ignore, no-ship (acroread) -CVE-2007-0044 ignore, no-ship (acroread) -*CVE-2007-0010 (gtk2) +*CVE-2007-0080 ** (freeradius) +*CVE-2007-0010 ** (gtk2) CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] -CVE-2007-0009 ignore (seamonkey, uses system NSS) CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] -CVE-2007-0008 ignore (seamonkey, uses system NSS) CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] @@ -500,19 +493,19 @@ CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib CVE-2006-7205 ignore (php) See NVD CVE-2006-7204 ignore (php) See NVD -*CVE-2006-7197 (tomcat) -*CVE-2006-7196 (tomcat) -*CVE-2006-7195 (tomcat) -*CVE-2006-7195 (tomcat) -CVE-2006-7193 ignore (php-Smarty, SMARTY_DIR is a constant) -*CVE-2006-7176 (sendmail) -*CVE-2006-7175 (sendmail) +*CVE-2006-7197 ** (tomcat) +*CVE-2006-7196 ** (tomcat) +*CVE-2006-7195 ** (tomcat) +*CVE-2006-7195 ** (tomcat) +CVE-2006-7193 ignore (php-Smarty) SMARTY_DIR is a constant +*CVE-2006-7176 ** (sendmail) +*CVE-2006-7175 ** (sendmail) CVE-2006-7162 version (putty, fixed 0.59) #231726 -*CVE-2006-7151 (libtool) -*CVE-2006-7139 (kmail) -*CVE-2006-7108 (util-linux) +*CVE-2006-7151 ** (libtool) +*CVE-2006-7139 ** (kmail) +*CVE-2006-7108 ** (util-linux) *CVE-2006-6979 backport (amarok, fixed 1.4.5-2) #228138 -*CVE-2006-6948 (myodbc) +*CVE-2006-6948 ** (myodbc) CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) @@ -521,24 +514,24 @@ CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019] CVE-2006-6811 ignore (ksirc) DoS only CVE-2006-6808 version (wordpress, fixed 2.1-0) #221023 -*CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 +*CVE-2006-6799 backport (cacti, fixed 0.8.6i-5) #222410 *CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077] -*CVE-2006-6745 (java-ibm) -*CVE-2006-6736 (java-ibm) -*CVE-2006-6731 (java-ibm) +*CVE-2006-6745 ** (java-ibm) +*CVE-2006-6736 ** (java-ibm) +*CVE-2006-6731 ** (java-ibm) *CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043] *CVE-2006-6698 VULNERABLE (GConf2) #219280 CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible -*CVE-2006-6628 (openoffice.org) +*CVE-2006-6628 ** (openoffice.org) CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 CVE-2006-6610 version (nexuiz, fixed 2.2.1) #220034 CVE-2006-6609 version (nexuiz, fixed 2.2.1) #220034 *CVE-2006-6574 backport (mantis, fixed 1.0.6-2) #219937 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 -*CVE-2006-6561 (openoffice.org) +*CVE-2006-6561 ** (openoffice.org) CVE-2006-6515 version (mantis, fixed 1.0.6) #219720 CVE-2006-6505 version (seamonkey, fixed 1.0.7) #220516 CVE-2006-6504 version (seamonkey, fixed 1.0.7) #220516 @@ -549,7 +542,7 @@ CVE-2006-6499 version (seamonkey, fixed 1.0.7) #220516 CVE-2006-6498 version (seamonkey, fixed 1.0.7) #220516 CVE-2006-6497 version (seamonkey, fixed 1.0.7) #220516 -*CVE-2006-6493 (openldap) +*CVE-2006-6493 ** (openldap) CVE-2006-6481 version (clamav, fixed 0.88.7) CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 CVE-2006-6385 ignore (kernel) windows only @@ -563,16 +556,15 @@ CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441] CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 CVE-2006-6297 ignore (kdegraphics) just a crash -CVE-2006-6238 (konqueror) probably safari only -CVE-2006-6236 ignore, no-ship (acroread) -*CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 +CVE-2006-6238 ignore (konqueror) safari only +*CVE-2006-6235 backport (gnupg2, fixed 2.0.1-2) #218821 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] -*CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 -*CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 +*CVE-2006-6171 backport (proftpd, fixed 1.3.0a-1) #214820 +*CVE-2006-6170 backport (proftpd, fixed 1.3.0a-1) #214820 CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950 *CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] -CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456 -CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456 +CVE-2006-6144 backport (krb5, fixed 1.5-14) #218456 +CVE-2006-6143 backport (krb5, fixed 1.5-14) #218456 *CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] CVE-2006-6128 VULNERABLE (kernel, fixed **) CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped) @@ -581,9 +573,9 @@ CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067] -*CVE-2006-6103 (xorg-x11) -*CVE-2006-6102 (xorg-x11) -*CVE-2006-6101 (xorg-x11) +*CVE-2006-6103 ** (xorg-x11) +*CVE-2006-6102 ** (xorg-x11) +*CVE-2006-6101 ** (xorg-x11) *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] CVE-2006-6085 version (kile, fixed 1.9.3) #217238 CVE-2006-6077 VULNERABLE (firefox) @@ -593,24 +585,22 @@ CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 -CVE-2006-6027 ignore, no-ship (acroread) -*CVE-2006-6015 (pcre) +*CVE-2006-6015 ** (pcre) CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6 CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 CVE-2006-5973 version (dovecot, fixed 1.0.rc15) #216508 [since ???] -*CVE-2006-5969 (fvwm) +*CVE-2006-5969 ** (fvwm) CVE-2006-5941 ignore (net-snmp) dupe CVE-2005-2177 *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4) CVE-2006-5874 version (clamav, fixed 0.88.1) CVE-2006-5871 version (kernel, fixed 2.6.10) -*CVE-2006-5870 (openoffice.org) +*CVE-2006-5870 ** (openoffice.org) *CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560 CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] *CVE-2006-5864 VULNERABLE (evince) #217672 -*CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 -CVE-2006-5857 ignore, no-ship (acroread) +*CVE-2006-5864 backport (gv, fixed 3.6.2-2) #215136 CVE-2006-5848 version (trac, fixed 0.10.1) #215077 CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 @@ -618,13 +608,13 @@ CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263 CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash CVE-2006-5783 ignore (firefox) disputed -*CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768 +*CVE-2006-5779 VULNERABLE (openldap, fixed 2.3.29) #214768 CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 -*CVE-2006-5754 (kernel) +*CVE-2006-5754 ** (kernel) *CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] CVE-2006-5752 backport (httpd) #244665 [since FEDORA-2007-0704] CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471] -*CVE-2006-5750 (jboss) +*CVE-2006-5750 ** (jboss) *CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2) CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822 @@ -660,12 +650,11 @@ *CVE-2006-5461 VULNERABLE (avahi, fixed 0.6.15) *CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285] CVE-2006-5456 version (GraphicsMagick, fixed 1.1.7) [since FEDORA-2007-1340] -*CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355 -*CVE-2006-5454 patch (bugzilla, fixed 2.22-7) #212355 -*CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 +*CVE-2006-5455 backport (bugzilla, fixed 2.22-7) #212355 +*CVE-2006-5454 backport (bugzilla, fixed 2.22-7) #212355 +*CVE-2006-5453 backport (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280 CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] -CVE-2006-5330 ignore, no-ship (flash-plugin) *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 @@ -704,25 +693,24 @@ CVE-2006-4925 ignore (openssh) client crash only CVE-2006-4924 version (openssh, fixed 4.4) #207957 *CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr -*CVE-2006-4816 (php) +*CVE-2006-4816 ** (php) CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] CVE-2006-4813 version (kernel, fixed 2.6.13) CVE-2006-4812 version (php, fixed 5.2) CVE-2006-4811 version (qt, fixed 3.3.7) [since FEDORA-2006-1055] *CVE-2006-4810 backport (texinfo) [since FEDORA-2006-1203] -*CVE-2006-4809 patch (imlib2, fixed 1.3.0-3) #214676 -*CVE-2006-4808 patch (imlib2, fixed 1.3.0-3) #214676 -*CVE-2006-4807 patch (imlib2, fixed 1.3.0-3) #214676 -*CVE-2006-4806 patch (imlib2, fixed 1.3.0-3) #214676 +*CVE-2006-4809 backport (imlib2, fixed 1.3.0-3) #214676 +*CVE-2006-4808 backport (imlib2, fixed 1.3.0-3) #214676 +*CVE-2006-4807 backport (imlib2, fixed 1.3.0-3) #214676 +*CVE-2006-4806 backport (imlib2, fixed 1.3.0-3) #214676 CVE-2006-4805 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] *CVE-2006-4790 backport (gnutls, fixed 1.4.4) CVE-2006-4786 version (moodle, fixed 1.6.3) #206516 CVE-2006-4785 version (moodle, fixed 1.6.3) #206516 CVE-2006-4784 version (moodle, fixed 1.6.3) #206516 -CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514 +CVE-2006-4743 ignore (wordpress) dupe of an old non-issue #206514 CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4663 ignore (kernel) not a vulnerability -CVE-2006-4640 ignore, no-ship (flash-plugin) CVE-2006-4625 ignore (php) safe mode isn't safe CVE-2006-4624 version (mailman, fixed 2.1.9rc1) CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) @@ -784,23 +772,22 @@ CVE-2006-4330 version (wireshark, fixed 0.99.3) CVE-2006-4310 ignore (firefox) crash only *CVE-2006-4262 backport (cscope) -CVE-2006-4261 (firefox) CVE-2006-4253 version (thunderbird, fixed 1.5.0.7) CVE-2006-4253 version (seamonkey, fixed 1.0.5) #209167 CVE-2006-4253 version (firefox, fixed 1.5.0.7) -*CVE-2006-4249 patch (plone, fixed 2.5.1-3) #213983 -CVE-2006-4248 ignore (thttpd, Debian specific issue) -*CVE-2006-4247 patch (plone, fixed 2.5-4) #209163 +*CVE-2006-4249 backport (plone, fixed 2.5.1-3) #213983 +CVE-2006-4248 ignore (thttpd) Debian specific issue +*CVE-2006-4247 backport (plone, fixed 2.5-4) #209163 CVE-2006-4227 version (mysql, fixed 5.0.26,5.1.12) #203434 [since FEDORA-2006-1297] CVE-2006-4226 version (mysql, fixed 5.0.26,5.1.12) #203428 [since FEDORA-2006-1297] -*CVE-2006-4192 patch (libmodplug, fixed 0.8-3) +*CVE-2006-4192 backport (libmodplug, fixed 0.8-3) CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 -*CVE-2006-4181 (gnuradius) +*CVE-2006-4181 ** (gnuradius) CVE-2006-4146 backport (gdb) CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) CVE-2006-4144 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340] -*CVE-2006-4124 (lesstif) +*CVE-2006-4124 ** (lesstif) CVE-2006-4096 version (bind, fixed 9.3.2-P1) CVE-2006-4095 version (bind, fixed 9.3.2-P1) CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5) @@ -810,7 +797,7 @@ CVE-2006-4019 version (squirrelmail, fixed 1.4.8) CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 CVE-2006-3918 version (httpd, fixed 2.2.2) -CVE-2006-3913 patch (freeciv, fixed 2.0.9) #200545 +CVE-2006-3913 backport (freeciv, fixed 2.0.9) #200545 CVE-2006-3879 version (libmikmod, loaders/load_gt2 not in bundled libmikmod-3.1.11) CVE-2006-3835 version (tomcat, fixed 5.5.17) CVE-2006-3816 version (krusader, fixed 1.70.1) #200323 @@ -847,7 +834,7 @@ CVE-2006-3677 version (seamonkey, fixed 1.0.4) #200455 CVE-2006-3677 version (firefox, fixed 1.5.0.5) CVE-2006-3672 ignore (konqueror) just a crash -*CVE-2006-3668 patch (dumb, fixed 0.9.3-4) #200370 +*CVE-2006-3668 backport (dumb, fixed 0.9.3-4) #200370 CVE-2006-3665 ignore (squirrelmail) don't enable register_globals! CVE-2006-3636 version (mailman, fixed 2.1.9) CVE-2006-3634 ignore (kernel, fixed 2.6.17.8) s390 only @@ -859,7 +846,6 @@ CVE-2006-3627 version (wireshark, fixed 0.99.2) CVE-2006-3626 version (kernel, fixed 2.6.17.6) CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least) -CVE-2006-3587 ignore, no-ship (flash-plugin) CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108 CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108 CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable @@ -875,7 +861,7 @@ *CVE-2006-3461 backport (libtiff) libtiff-3.8.2-ormandy.patch *CVE-2006-3460 backport (libtiff) libtiff-3.8.2-ormandy.patch *CVE-2006-3459 backport (libtiff) libtiff-3.8.2-ormandy.patch -*CVE-2006-3458 patch (zope, fixed 2.9.3-3) #198106 +*CVE-2006-3458 backport (zope, fixed 2.9.3-3) #198106 CVE-2006-3404 version (gimp, fixed 2.2.12) CVE-2006-3403 version (samba, fixed 3.0.23) CVE-2006-3390 ignore (wordpress, not an issue) #198107 @@ -883,8 +869,7 @@ *CVE-2006-3376 backport (libwmf) from changelog CVE-2006-3352 ignore (firefox) not a vulnerability CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable -CVE-2006-3311 ignore, no-ship (flash-plugin) -*CVE-2006-3276 (helixplayer) +*CVE-2006-3276 ** (helixplayer) CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12) CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) CVE-2006-3174 version (squirrelmail, fixed 1.4.7) @@ -892,7 +877,7 @@ CVE-2006-3127 version (nss, only affected 3.11) CVE-2006-3122 version (dhcp, only 2.x) CVE-2006-3121 version (heartbeat, fixed 2.0.7) -*CVE-2006-3119 patch (fbida, fixed 2.0.3-12) #200321 +*CVE-2006-3119 backport (fbida, fixed 2.0.3-12) #200321 CVE-2006-3117 version (openoffice.org, fixed 2.0.3) CVE-2006-3113 version (thunderbird, fixed 1.5.0.5) CVE-2006-3113 version (seamonkey, fixed 1.0.4) #200455 @@ -949,34 +934,33 @@ CVE-2006-2776 version (firefox, fixed 1.5.0.4) CVE-2006-2775 version (thunderbird, fixed 1.5.0.4) CVE-2006-2775 version (firefox, fixed 1.5.0.4) -CVE-2006-2769 patch (snort, fixed 2.4.4-4) #193809 +CVE-2006-2769 backport (snort, fixed 2.4.4-4) #193809 CVE-2006-2754 ignore (openldap) This issue is not exploitable CVE-2006-2753 version (mysql, fixed 5.0.22) CVE-2006-2723 ignore (firefox) disputed CVE-2006-2661 version (freetype, fixed 2.2.1) CVE-2006-2660 ignore (php) see #195539 CVE-2006-2658 version (xsp, fixed 1.1.14) #206510 -CVE-2006-2657 (php) DUPE CVE-2006-3017 *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC CVE-2006-2613 ignore (firefox) This isn't an issue on FC CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_48-security.patch -*CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983 +*CVE-2006-2575 backport (netpanzer, fixed 0.8-4) bz#192983 CVE-2006-2563 ignore (php) safe mode isn't safe -*CVE-2006-2502 (cyrus-imapd) +*CVE-2006-2502 ** (cyrus-imapd) CVE-2006-2489 version (nagios, fixed 2.3.1) -*CVE-2006-2480 patch (dia, fixed 0.95-2) bz#192535 -*CVE-2006-2453 patch (dia, fixed 0.95-3) #192830 +*CVE-2006-2480 backport (dia, fixed 0.95-2) bz#192535 +*CVE-2006-2453 backport (dia, fixed 0.95-3) #192830 CVE-2006-2452 version (gdm) CVE-2006-2451 version (kernel, fixed 2.6.17.4) -*CVE-2006-2450 (vnc) +*CVE-2006-2450 ** (vnc) CVE-2006-2449 version (kdebase, fixed 3.5.4) CVE-2006-2448 version (kernel, fixed 2.6.17) CVE-2006-2447 version (spamassassin, fixed 3.1.3) CVE-2006-2446 version (kernel, fixed 2.6.11) CVE-2006-2445 version (kernel, fixed 2.6.17) CVE-2006-2444 version (kernel, fixed 2.6.17) -*CVE-2006-2442 patch (kphone, fixed 4.2-9) bz#192202 +*CVE-2006-2442 backport (kphone, fixed 4.2-9) bz#192202 CVE-2006-2440 version (ImageMagick, fixed 6.2.8 at least) CVE-2006-2427 ignore (clamav) not an issue bz#192076 CVE-2006-2414 version (dovecot, fixed 1.0.beta8) not a security issue @@ -992,7 +976,7 @@ CVE-2006-2272 version (kernel, fixed 2.6.16.15) CVE-2006-2271 version (kernel, fixed 2.6.16.15) *CVE-2006-2237 backport (awstats, fixed 6.5-5) bz#190923 -*CVE-2006-2229 ** openvpn +*CVE-2006-2229 ** (openvpn) CVE-2006-2224 version (quagga, fixed 0.98.6) CVE-2006-2223 version (quagga, fixed 0.98.6) CVE-2006-2199 version (openoffice.org, fixed 2.0.3) @@ -1001,7 +985,7 @@ CVE-2006-2194 ignore (ppp) pppd not suid *CVE-2006-2193 backport (libtiff) libtiff-3.8.2-CVE-2006-2193.patch CVE-2006-2191 ignore (mailman) disputed -*CVE-2006-2169 ** rt3 +*CVE-2006-2169 ** (rt3) CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612 CVE-2006-2120 version (libtiff, fixed 3.8.2 at least) CVE-2006-2093 version (nessus, fixed 2.2.7) bz#191053 @@ -1104,7 +1088,7 @@ CVE-2006-1721 version (cyrus-sasl, fixed 2.1.21) CVE-2006-1712 version (mailman, only 2.1.7) CVE-2006-1711 version (plone, fixed 2.1.2) bz#188886 -*CVE-2006-1695 patch (fbida, fixed 2.03-11) bz#189721 +*CVE-2006-1695 backport (fbida, fixed 2.03-11) bz#189721 CVE-2006-1656 version (util-vserver, fixed 0.30.210) CVE-2006-1650 ignore (firefox) a number of reports don't confirm this CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon @@ -1115,14 +1099,14 @@ CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 CVE-2006-1608 ignore (php) safe mode isn't safe CVE-2006-1577 version (mantis, fixed 1.0.5) bz#191089 -CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) +CVE-2006-1566 ignore (libtunepimp) Debian-specific problem CVE-2006-1550 version (dia, fixed 0.95) bz#187556 CVE-2006-1549 ignore (php) this is not a security issue CVE-2006-1548 version (struts, fixed 1.2.9) CVE-2006-1547 version (struts, fixed 1.2.9) CVE-2006-1546 version (struts, fixed 1.2.9) *CVE-2006-1542 backport (python) python-2.4.1-canonicalize.patch -CVE-2006-1539 ignore (bsd-games, Gentoo-specific problem) +CVE-2006-1539 ignore (bsd-games) Gentoo-specific problem CVE-2006-1531 version (thunderbird, fixed 1.5.0.2) CVE-2006-1531 version (seamonkey, fixed 1.0.1) CVE-2006-1531 version (firefox, fixed 1.5.0.2) @@ -1146,8 +1130,8 @@ CVE-2006-1494 version (php, fixed 5.1.3) CVE-2006-1490 version (php, fixed 5.1.4) CVE-2006-1470 version (openldap, not 2.3.24 at least) -CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353 -*CVE-2006-1370 (helixplayer) +CVE-2006-1390 ignore (nethack) Gentoo-specific problem bz#187353 +*CVE-2006-1370 ** (helixplayer) CVE-2006-1368 version (kernel, fixed 2.6.16) CVE-2006-1354 version (freeradius, fixed 1.1.2 at least) CVE-2006-1343 version (kernel, fixed 2.6.16.19) @@ -1156,16 +1140,16 @@ CVE-2006-1329 version (jabberd, fixed 2.0s11) CVE-2006-1296 version (beagle, fixed 0.2.4) CVE-2006-1273 ignore (firefox) this issue only affects IE -*CVE-2006-1269 patch (zoo, fixed 2.10-7) bz#183109 +*CVE-2006-1269 backport (zoo, fixed 2.10-7) bz#183109 CVE-2006-1251 ignore (exim-sa, configuration not vulnerable) bz#191082 CVE-2006-1242 version (kernel, fixed 2.6.16.1) CVE-2006-1174 version (shadow-utils, fixed 4.0.3) CVE-2006-1173 version (sendmail, fixed 8.13.7) *CVE-2006-1168 backport (ncompress) ncompress-4.2.4-bssUnderflow.patch CVE-2006-1095 version (mod_python, 3.2.7 only) -*CVE-2006-1079 patch (thttpd, fixed 2.25b-11) bz#191095 +*CVE-2006-1079 backport (thttpd, fixed 2.25b-11) bz#191095 CVE-2006-1079 ignore (httpd) not a vulnerability -*CVE-2006-1078 patch (thttpd, fixed 2.25b-11) bz#191095 +*CVE-2006-1078 backport (thttpd, fixed 2.25b-11) bz#191095 CVE-2006-1078 ignore (httpd) not a vulnerability CVE-2006-1066 version (kernel, fixed 2.6.16) CVE-2006-1061 version (curl, fixed 7.15.3) @@ -1174,23 +1158,23 @@ CVE-2006-1057 version (gdm, fixed 2.14.1) CVE-2006-1056 version (kernel, fixed 2.6.16.9) CVE-2006-1055 version (kernel, fixed 2.6.17) -*CVE-2006-1053 (fedora directory server) +*CVE-2006-1053 ** (fedora directory server) CVE-2006-1052 version (kernel, fixed 2.6.16) CVE-2006-1045 version (thunderbird, fixed 1.5.0.2) CVE-2006-1015 ignore (php) safe mode isn't safe CVE-2006-1014 ignore (php) safe mode isn't safe CVE-2006-0996 version (php, fixed 5.1.4) CVE-2006-0987 VULNERABLE (bind) example config file only -CVE-2006-0903 version (mysql, 4.1.19) +CVE-2006-0903 version (mysql, fixed 4.1.19) CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) CVE-2006-0883 version (openssh, fixed 3.8.1p1) -*CVE-2006-0855 patch (zoo, patched in OpenSUSE "upstream", fixed 2.10-7) +*CVE-2006-0855 backport (zoo, patched in OpenSUSE "upstream", fixed 2.10-7) CVE-2006-0847 version (python-cherrypy, fixed 2.1.1) CVE-2006-0841 version (mantis, fixed 1.0.1) CVE-2006-0840 version (mantis, fixed 1.0.1) CVE-2006-0839 version (snort, fixed in 2.4.4) bz#183297 CVE-2006-0836 ignore (thunderbird) only crash on manual import -CVE-2006-0814 ignore (lighttpd, Windows-specific problem) +CVE-2006-0814 ignore (lighttpd) Windows-specific problem CVE-2006-0804 ignore (tin, <= 1.8.0 not shipped) CVE-2006-0760 version (lighttpd, fixed 1.4.10) CVE-2006-0749 version (thunderbird, fixed 1.5.0.2) @@ -1203,11 +1187,11 @@ CVE-2006-0746 version (kdegraphics, fixed 3.4) CVE-2006-0745 version (xorg-x11-server, fixed 1.1.1 at least) CVE-2006-0744 version (kernel, fixed 2.6.16.5) -*CVE-2006-0743 (log4net) +*CVE-2006-0743 ** (log4net) CVE-2006-0742 version (kernel, fixed 2.6.16) CVE-2006-0741 version (kernel, fixed 2.6.15.5) CVE-2006-0730 version (dovecot, 1.0beta[12] only) -*CVE-2006-0709 (metamail) +*CVE-2006-0709 ** (metamail) CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert CVE-2006-0670 version (bluez-hcidump, fixed 1.30) CVE-2006-0665 version (mantis, fixed 1.0.1) @@ -1231,13 +1215,13 @@ CVE-2006-0456 ignore (kernel) s390 only CVE-2006-0455 version (gnupg, fixed 1.4.2.1) CVE-2006-0454 version (kernel, fixed 2.6.15.3) -*CVE-2006-0453 (fedora directory server) -*CVE-2006-0452 (fedora directory server) -*CVE-2006-0451 (fedora directory server) +*CVE-2006-0453 ** (fedora directory server) +*CVE-2006-0452 ** (fedora directory server) +*CVE-2006-0451 ** (fedora directory server) CVE-2006-0405 version (libtiff, 3.8.0 only) CVE-2006-0377 version (squirrelmail, fixed 1.4.6) CVE-2006-0369 ignore (mysql) this is not a security issue -*CVE-2006-0323 (helixplayer) +*CVE-2006-0323 ** (helixplayer) CVE-2006-0322 version (mediawiki, fixed 1.5.8) CVE-2006-0321 version (fetchmail, fixed 6.3.2) CVE-2006-0301 version (poppler, fixed 0.4.5) @@ -1276,17 +1260,17 @@ CVE-2006-0188 version (squirrelmail, fixed 1.4.6) CVE-2006-0162 version (clamav, fixed 0.88) CVE-2006-0151 ignore (sudo) only env_reset will properly clean the environment -*CVE-2006-0150 (auth_ldap) +*CVE-2006-0150 ** (auth_ldap) CVE-2006-0144 version (php-pear, not 1.4.4) CVE-2006-0126 version (rxvt-unicode, fixed 7.5) CVE-2006-0106 version (wine, fixed 0.9.10) -*CVE-2006-0105 (postgresql) +*CVE-2006-0105 ** (postgresql) CVE-2006-0097 ignore (php) Windows only CVE-2006-0096 ignore (kernel) minor and requires root CVE-2006-0095 version (kernel, fixed 2.6.16) CVE-2006-0082 version (ImageMagick, not 6.2.5.4) CVE-2006-0082 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340] -CVE-2006-0071 ignore (pinentry, Gentoo-specific problem) +CVE-2006-0071 ignore (pinentry) Gentoo-specific problem CVE-2006-0058 version (sendmail, fixed 8.13.6) CVE-2006-0052 version (mailman, fixed 2.1.6) CVE-2006-0049 version (gnupg, fixed 1.4.2.2) @@ -1297,13 +1281,12 @@ CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15) CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) -CVE-2006-0024 ignore, no-ship (flash-plugin) CVE-2006-0019 version (kdelibs, fixed 3.5.1) -*CVE-2006-0017 (fedora directory server) -*CVE-2006-0016 (fedora directory server) -*CVE-2005-4838 (tomcat) +*CVE-2006-0017 ** (fedora directory server) +*CVE-2006-0016 ** (fedora directory server) +*CVE-2005-4838 ** (tomcat) CVE-2005-4837 version (net-snmp, fixed 5.2.2) -*CVE-2005-4836 (tomcat) +*CVE-2005-4836 ** (tomcat) CVE-2005-4811 version (kernel, fixed 2.6.13) CVE-2005-4809 VULNERABLE (firefox) CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug @@ -1326,7 +1309,7 @@ CVE-2005-4635 version (kernel, fixed 2.6.15) CVE-2005-4618 version (kernel, fixed 2.6.15) CVE-2005-4605 version (kernel, fixed 2.6.15) -*CVE-2005-4601 (ImageMagick) +*CVE-2005-4601 ** (ImageMagick) CVE-2005-4601 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340] CVE-2005-4585 version (wireshark, fixed 0.10.14) CVE-2005-4442 version (openldap) gentoo only @@ -1337,18 +1320,17 @@ CVE-2005-4154 ignore (php) don't install untrusted pear packages *CVE-2005-4153 version (mailman) CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html -*CVE-2005-4130 (helixplayer) -*CVE-2005-4126 (helixplayer) +*CVE-2005-4130 ** (helixplayer) +*CVE-2005-4126 ** (helixplayer) CVE-2005-4077 version (curl, fixed 7.15.1) -*CVE-2005-3964 (openmotif) +*CVE-2005-3964 ** (openmotif) CVE-2005-3962 version (perl, fixed 5.8.8) -CVE-2005-3896 (firefox,seamonkey,thunderbird) +CVE-2005-3896 ignore (mozilla) client DoS CVE-2005-3883 version (php, fixed 5.1.1 at least) CVE-2005-3858 version (kernel, fixed 2.6.13) CVE-2005-3857 version (kernel, fixed 2.6.15) CVE-2005-3848 version (kernel, fixed 2.6.13) CVE-2005-3847 version (kernel, fixed 2.6.12.6) -CVE-2005-3812 (firefox,seamonkey,thunderbird) CVE-2005-3810 version (kernel, fixed 2.6.15) CVE-2005-3809 version (kernel, fixed 2.6.15) CVE-2005-3808 version (kernel, fixed 2.6.15) @@ -1367,7 +1349,7 @@ CVE-2005-3651 version (wireshark, fixed 0.10.14) *CVE-2005-3632 version (netpbm) *CVE-2005-3631 version (udev) -*CVE-2005-3630 (fedora directory server) +*CVE-2005-3630 ** (fedora directory server) CVE-2005-3629 version (initscripts, fixed 8.29 at least) CVE-2005-3628 version (poppler, fixed 0.4.4) CVE-2005-3628 version (kdegraphics, fixed 3.5.1) @@ -1390,11 +1372,10 @@ CVE-2005-3624 version (cups, fixed 1.2.0) *CVE-2005-3624 backport (tetex) CVE-2005-3623 version (kernel, fixed 2.6.14.5) -CVE-2005-3591 ignore, no-ship (flash-plugin) CVE-2005-3582 version (ImageMagick) gentoo only CVE-2005-3573 version (mailman, fixed 2.1.7) CVE-2005-3527 version (kernel, fixed 2.6.14) -*CVE-2005-3510 (tomcat) +*CVE-2005-3510 ** (tomcat) CVE-2005-3402 ignore (thunderbird) mozilla say by design CVE-2005-3392 version (php, not 5.0) CVE-2005-3391 version (php, not 5.0) @@ -1405,11 +1386,11 @@ CVE-2005-3358 version (kernel, fixed 2.6.11) CVE-2005-3357 version (httpd, fixed 2.2.1) CVE-2005-3356 version (kernel, fixed 2.6.16) -*CVE-2005-3354 (sylpheed) +*CVE-2005-3354 ** (sylpheed) CVE-2005-3353 version (php, not 5.0) CVE-2005-3352 version (httpd, fixed 2.2.1) CVE-2005-3351 version (spamassassin, fixed 3.1.0) -*CVE-2005-3350 (libungif) +*CVE-2005-3350 ** (libungif) CVE-2005-3322 version (squid) not upstream, SUSE only CVE-2005-3319 ignore (mod_php) no security consequence CVE-2005-3313 version (wireshark, fixed after 0.10.13) @@ -1419,7 +1400,7 @@ CVE-2005-3273 version (kernel, fixed 2.6.12) CVE-2005-3272 version (kernel, fixed 2.6.13) CVE-2005-3271 version (kernel, fixed 2.6.9) -*CVE-2005-3269 (fedora directory server) +*CVE-2005-3269 ** (fedora directory server) CVE-2005-3258 version (squid, fixed 2.5STABLE12) CVE-2005-3257 version (kernel, fixed 2.6.15) CVE-2005-3249 version (wireshark, fixed 0.10.13) @@ -1447,7 +1428,7 @@ CVE-2005-3185 version (wget, fixed 1.10.2 at least) CVE-2005-3185 version (curl, fixed 7.15) CVE-2005-3184 version (wireshark, fixed 0.10.13) -*CVE-2005-3183 (w3c-libwww) +*CVE-2005-3183 ** (w3c-libwww) CVE-2005-3181 version (kernel, fixed 2.6.13.4) CVE-2005-3180 version (kernel, fixed 2.6.13.4) CVE-2005-3179 version (kernel, fixed 2.6.13.4) @@ -1470,9 +1451,9 @@ CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts CVE-2005-2978 version (netpbm, fixed 10.25) CVE-2005-2977 version (pam, fixed 0.99.2.1 at least) -*CVE-2005-2976 (gdk-pixbuf) +*CVE-2005-2976 ** (gdk-pixbuf) CVE-2005-2975 version (gtk2, fixed 2.8.7) -*CVE-2005-2974 (libungif) +*CVE-2005-2974 ** (libungif) CVE-2005-2973 version (kernel, fixed 2.6.14) CVE-2005-2970 version (httpd, not 2.2) CVE-2005-2969 version (openssl, fixed 0.9.8a) @@ -1480,11 +1461,11 @@ CVE-2005-2968 version (thunderbird) CVE-2005-2968 version (firefox) CVE-2005-2959 ignore (sudo) not a vulnerability -*CVE-2005-2958 (libgda) +*CVE-2005-2958 ** (libgda) CVE-2005-2946 version (openssl, fixed 0.9.8) *CVE-2005-2933 version (libc-client, fixed 2004g at least) *CVE-2005-2929 backport (lynx) changelog -*CVE-2005-2922 (helixplayer) +*CVE-2005-2922 ** (helixplayer) CVE-2005-2917 version (squid, fixed 2.5.STABLE11) CVE-2005-2876 version (util-linux, fixed 2.13-pre3) CVE-2005-2874 version (cups, fixed 1.1.23) @@ -1500,7 +1481,7 @@ CVE-2005-2796 version (squid, fixed 2.5.STABLE11) CVE-2005-2794 version (squid, fixed 2.5.STABLE11) CVE-2005-2728 version (httpd, not 2.2) -*CVE-2005-2710 (helixplayer) +*CVE-2005-2710 ** (helixplayer) CVE-2005-2709 version (kernel, fixed 2.6.14.3) CVE-2005-2708 ignore (kernel) not reproducable on x86_64 CVE-2005-2707 version (thunderbird) @@ -1522,8 +1503,7 @@ CVE-2005-2666 version (openssh, fixed 4.0p1) CVE-2005-2642 version (mutt) openbsd only *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180) -*CVE-2005-2629 (helixplayer) -CVE-2005-2628 ignore, no-ship (flash-plugin) +*CVE-2005-2629 ** (helixplayer) CVE-2005-2617 version (kernel, fixed 2.6.12.5) CVE-2005-2602 ignore (thunderbird) probably CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085 @@ -1572,7 +1552,7 @@ CVE-2005-2353 ignore (thunderbird) debug mode only CVE-2005-2337 version (ruby, fixed 1.8.3) CVE-2005-2335 version (fetchmail, fixed 6.2.5.2) -*CVE-2005-2295 patch (netpanzer, fixed 0.8-4) bz#192990 +*CVE-2005-2295 backport (netpanzer, fixed 0.8-4) bz#192990 CVE-2005-2270 version (thunderbird, fixed 1.0.5) CVE-2005-2270 version (firefox, fixed 1.0.5) CVE-2005-2269 version (thunderbird, fixed 1.0.5) @@ -1602,7 +1582,7 @@ CVE-2005-2096 version (rpm, fixed 4.4.2) CVE-2005-2096 backport (zlib, fixed 1.2.2.4) CVE-2005-2095 version (squirrelmail, fixed 1.4.5) -*CVE-2005-2090 (tomcat) +*CVE-2005-2090 ** (tomcat) CVE-2005-2088 version (httpd, not 2.2) CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch @@ -1629,13 +1609,13 @@ CVE-2005-1760 version (sysreport, fixed 1.4.1-3) CVE-2005-1759 ignore (php) dead code path CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used -*CVE-2005-1753 (tomcat) +*CVE-2005-1753 ** (tomcat) CVE-2005-1751 version (nmap, fixed 3.93 at least) CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least) CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3) -*CVE-2005-1730 (openssl) +*CVE-2005-1730 ** (openssl) *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least) *CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch @@ -1649,7 +1629,7 @@ CVE-2005-1532 version (firefox, fixed 1.0.4) CVE-2005-1531 version (firefox, fixed 1.0.4) CVE-2005-1519 version (squid, fixed 2.5.STABLE10) -CVE-2005-1476 (firefox,seamonkey,thunderbird) +CVE-2005-1476 version (mozilla) CVE-2005-1470 version (wireshark, fixed 0.10.11) CVE-2005-1469 version (wireshark, fixed 0.10.11) CVE-2005-1468 version (wireshark, fixed 0.10.11) @@ -1766,9 +1746,9 @@ *CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless CVE-2005-0627 version (qt, fixed 3.3.4) CVE-2005-0626 version (squid, fixed 2.5.STABLE10) -*CVE-2005-0611 (helixplayer) +*CVE-2005-0611 ** (helixplayer) CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) -*CVE-2005-0605 (lesstif) +*CVE-2005-0605 ** (lesstif) CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour CVE-2005-0596 version (php, fixed 5.0) CVE-2005-0593 version (firefox) @@ -1785,7 +1765,7 @@ CVE-2005-0584 version (firefox) CVE-2005-0578 version (firefox) CVE-2005-0565 version (kernel, not 2.6) -*CVE-2005-0546 (cyrus-imapd) +*CVE-2005-0546 ** (cyrus-imapd) CVE-2005-0532 version (kernel, fixed 2.6.11) CVE-2005-0531 version (kernel, fixed 2.6.11) CVE-2005-0530 version (kernel, fixed 2.6.11) @@ -1806,8 +1786,8 @@ *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch CVE-2005-0468 version (krb5, fixed 1.4.1) *CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch -*CVE-2005-0455 (helixplayer) -*CVE-2005-0452 (perl) +*CVE-2005-0455 ** (helixplayer) +*CVE-2005-0452 ** (perl) CVE-2005-0449 version (kernel, fixed 2.6.11) CVE-2005-0448 version (perl, fixed 5.8.6) CVE-2005-0446 version (squid, fixed 2.5.STABLE9) @@ -1850,8 +1830,8 @@ CVE-2005-0202 version (mailman, fixed 2.1.6) CVE-2005-0201 version (dbus, fixed 0.36.1) CVE-2005-0194 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0191 (helixplayer) -*CVE-2005-0189 (helixplayer) +*CVE-2005-0191 ** (helixplayer) +*CVE-2005-0189 ** (helixplayer) CVE-2005-0180 version (kernel, fixed 2.6.11) CVE-2005-0179 version (kernel, fixed 2.6.11) CVE-2005-0178 version (kernel, fixed 2.6.11) @@ -1910,7 +1890,7 @@ CVE-2005-0034 version (bind, fixed after 9.3.0) CVE-2005-0033 version (bind, not 9) CVE-2005-0023 ignore (libvte) not a security risk -*CVE-2005-0022 (exim) +*CVE-2005-0022 ** (exim) CVE-2005-0014 version (ncpfs, fixed 2.2.6) CVE-2005-0013 version (ncpfs, fixed 2.2.6) CVE-2005-0011 version (kdeedu, not 3.4) @@ -1925,10 +1905,10 @@ CVE-2005-0001 version (kernel, fixed 2.6.10) CVE-2004-2660 version (kernel, fixed 2.6.10) CVE-2004-2657 ignore (firefox) windows only -*CVE-2004-2655 (xscreensaver) +*CVE-2004-2655 ** (xscreensaver) CVE-2004-2654 version (squid, fixed 2.6STABLE6) -*CVE-2004-2645 (asn1c) -*CVE-2004-2644 (asn1c) +*CVE-2004-2645 ** (asn1c) +*CVE-2004-2644 ** (asn1c) CVE-2004-2607 version (kernel, fixed 2.6.5) CVE-2004-2589 version (pidgin, fixed pidgin:0.82.1) CVE-2004-2546 version (samba, fixed 3.0.6) @@ -1999,7 +1979,7 @@ CVE-2004-1235 version (kernel, fixed 2.6.11) CVE-2004-1234 version (kernel, not 2.6) CVE-2004-1224 version (mtr, fixed 0.66) -CVE-2004-1200 ignore (firefox, mozilla) not a security issue +CVE-2004-1200 ignore (mozilla) not a security issue CVE-2004-1191 version (kernel, fixed 2.6.9) CVE-2004-1190 version (kernel, fixed 2.6.10) CVE-2004-1189 version (krb5, fixed 1.4) @@ -2008,7 +1988,7 @@ CVE-2004-1184 version (enscript, fixed 1.6.4 at least) CVE-2004-1183 version (libtiff, fixed 3.7.2) CVE-2004-1180 version (rwho, fixed 0.17) -*CVE-2004-1178 (mailman) +*CVE-2004-1178 ** (mailman) CVE-2004-1177 version (mailman, fixed 2.1.6) CVE-2004-1176 version (mc, fixed 4.6.0) CVE-2004-1175 version (mc, fixed 4.6.0) @@ -2029,7 +2009,7 @@ CVE-2004-1139 version (wireshark, fixed 0.10.8) CVE-2004-1138 version (vim, fixed 6.3) CVE-2004-1137 version (kernel, fixed 2.6.10) -CVE-2004-1125 version (tetex, at least 3.0) +CVE-2004-1125 version (tetex, fixed 3.0) CVE-2004-1125 version (kdegraphics, not 3.4) CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14) CVE-2004-1093 version (mc, fixed 4.6.0) @@ -2053,8 +2033,8 @@ CVE-2004-1056 version (kernel, fixed 2.6.10) CVE-2004-1051 version (sudo, fixed 1.6.8p2) CVE-2004-1036 version (squirrelmail, fixed 1.4.4) -*CVE-2004-1026 patch (imlib, fixed 1.9.15-2) #235416 -*CVE-2004-1025 patch (imlib, fixed 1.9.15-2) #235416 +*CVE-2004-1026 backport (imlib, fixed 1.9.15-2) #235416 +*CVE-2004-1025 backport (imlib, fixed 1.9.15-2) #235416 CVE-2004-1020 version (php, fixed after 5.0.2) CVE-2004-1019 version (php, fixed after 5.0.2) CVE-2004-1018 version (php, fixed after 5.0.2) @@ -2100,7 +2080,7 @@ CVE-2004-0929 version (libtiff, fixed 3.7.0) CVE-2004-0923 version (cups, fixed 1.1.22) CVE-2004-0918 version (squid, fixed 2.4.STABLE7) -*CVE-2004-0914 (lesstif) +*CVE-2004-0914 ** (lesstif) CVE-2004-0914 version (xorg-x11, fixed after 6.8.1) CVE-2004-0909 version (thunderbird) CVE-2004-0909 version (firefox) @@ -2179,8 +2159,8 @@ CVE-2004-0691 version (qt, fixed 3.3.3) CVE-2004-0690 version (kdelibs, fixed after 3.2.3) CVE-2004-0689 version (kdelibs, fixed 3.3.0) -*CVE-2004-0688 (lesstif) -*CVE-2004-0687 (lesstif) +*CVE-2004-0688 ** (lesstif) +*CVE-2004-0687 ** (lesstif) CVE-2004-0686 version (samba, fixed 3.0.6) CVE-2004-0685 version (kernel, not 2.6) CVE-2004-0658 ignore (kernel) not a security issue @@ -2210,7 +2190,7 @@ CVE-2004-0558 version (cups, fixed 1.1.21) CVE-2004-0557 version (sox, fixed after 12.17.4) CVE-2004-0554 version (kernel, fixed 2.6.7) -*CVE-2004-0550 (helixplayer) +*CVE-2004-0550 ** (helixplayer) CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue CVE-2004-0547 version (postgresql, fixed 7.2.1) CVE-2004-0541 version (squid, fixed 2.5.STABLE6) @@ -2260,7 +2240,7 @@ CVE-2004-0394 version (kernel, not 2.6) also not a vulnerability CVE-2004-0392 version (racoon, fixed 20040407b) CVE-2004-0388 version (mysql, fixed 4.1.11 at least) -*CVE-2004-0387 (helixplayer) +*CVE-2004-0387 ** (helixplayer) CVE-2004-0381 version (mysql, fixed 4.1.11 at least) CVE-2004-0367 version (wireshark, fixed 0.10.3) CVE-2004-0365 version (wireshark, fixed 0.10.3) @@ -2269,13 +2249,12 @@ CVE-2004-0233 version (libutempter, fixed 0.5.5) CVE-2004-0232 version (mc, fixed 4.6.0) CVE-2004-0231 version (mc, fixed 4.6.0) -*CVE-2004-0230 (kernel) +*CVE-2004-0230 ** (kernel) CVE-2004-0229 version (kernel, fixed 2.6.6) CVE-2004-0228 version (kernel, fixed 2.6.6) CVE-2004-0226 version (mc, fixed 4.6.0) CVE-2004-0189 version (squid, fixed 2.5.STABLE5) CVE-2004-0186 version (samba, not 3.0.2a) -CVE-2004-0185 ignore, no-ship (wu-ftpd) CVE-2004-0184 version (tcpdump, fixed 3.8.2) CVE-2004-0183 version (tcpdump, fixed 3.8.2) CVE-2004-0182 version (mailman) only affected Red Hat packages @@ -2330,12 +2309,11 @@ CVE-2004-0005 version (pidgin, fixed pidgin:0.76) CVE-2004-0003 version (kernel, not 2.6) CVE-2004-0001 version (kernel, not 2.6) -CVE-2003-1329 ignore, no-ship (wu-ftpd) CVE-2003-1307 ignore (mod_php) not a vulnerability CVE-2003-1303 version (php, fixed 4.3.3) CVE-2003-1302 version (php, fixed 4.3.1) -*CVE-2003-1295 (xscreensaver) -*CVE-2003-1294 (xscreensaver) +*CVE-2003-1295 ** (xscreensaver) +*CVE-2003-1294 ** (xscreensaver) CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 CVE-2003-1232 version (emacs, fixed 21.3) @@ -2343,7 +2321,7 @@ CVE-2003-1161 version (kernel, not released version) *CVE-2003-1138 backport (httpd, Red Hat only) contains /+ now CVE-2003-1029 version (tcpdump, fixed after 3.8.1) -CVE-2003-1023 version (mc, 4.6.1) +CVE-2003-1023 version (mc, fixed 4.6.1) CVE-2003-1013 version (wireshark, fixed 0.10.0) CVE-2003-1012 version (wireshark, fixed 0.10.0) CVE-2003-0993 version (httpd, not 2.2) @@ -2379,12 +2357,12 @@ CVE-2003-0914 version (bind, not 9) CVE-2003-0901 version (postgresql, not 8) CVE-2003-0900 version (perl, only 5.8.1) -*CVE-2003-0885 (xscreensaver) +*CVE-2003-0885 ** (xscreensaver) CVE-2003-0865 version (tomcat, fixed after 4.0.3) CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html CVE-2003-0861 version (php, fixed 4.3.3) CVE-2003-0860 version (php, fixed 4.3.3) -*CVE-2003-0859 version (glibc, checked fc5 source) +*CVE-2003-0859 version (glibc) checked fc5 source CVE-2003-0858 version (quagga, fixed 0.95) *CVE-2003-0856 version (iproute) CVE-2003-0854 version (coreutils, fixed 5.1.3) @@ -2684,7 +2662,7 @@ CVE-2002-0972 version (postgresql, fixed 7.2.2) CVE-2002-0970 version (kdenetwork, fixed 3.0.3) CVE-2002-0935 version (tomcat, fixed 4.1.3) -CVE-2002-0906 version (sendmail, fxied 8.12.5) +CVE-2002-0906 version (sendmail, fixed 8.12.5) CVE-2002-0871 version (xinetd, fixed 2.3.7) CVE-2002-0855 version (mailman, fixed 2.0.12) CVE-2002-0843 version (httpd, not 2.2) @@ -2752,7 +2730,7 @@ CVE-2002-0384 version (pidgin, fixed pidgin:0.58) CVE-2002-0382 version (xchat, fixed 1.9.1) CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) -CVE-2002-0379 version (imap, vuln code removed imap-2002) +CVE-2002-0379 version (imap) vuln code removed imap-2002 CVE-2002-0377 version (pidgin, fixed pidgin:0.58) CVE-2002-0374 version (pam_ldap, fixed 144) CVE-2002-0363 version (ghostscript, fixed 6.53) @@ -2787,7 +2765,7 @@ CVE-2002-0063 version (cups, fixed 1.1.14) CVE-2002-0062 version (ncurses, only 5.0) CVE-2002-0060 version (kernel, fixed 2.5.5) -*CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc) +*CVE-2002-0059 ** (zlib) cvs, dump, gcc, libgcj, kernel, vnc CVE-2002-0059 version (rsync, fixed 2.5.4/2.6.6) CVE-2002-0059 version (zlib, fixed 1.1.4) CVE-2002-0048 version (rsync, fixed 2.5.2) @@ -2799,27 +2777,24 @@ CVE-2002-0029 version (bind, not 9) CVE-2002-0013 version (net-snmp, fixed 4.2.3) CVE-2002-0012 version (net-snmp, fixed 4.2.3) -CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong +CVE-2002-0006 version (xchat, fixed 1.8.7) cve is wrong CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-11-lexer-parser.diff CVE-2002-0003 version (groff, fixed 1.17.2) CVE-2002-0002 version (stunnel, fixed 3.22) CVE-2002-0001 version (mutt, fixed 1.3.25) CVE-2001-1494 version (util-linux, fixed 2.11n) -*CVE-2001-1429 (mc) +*CVE-2001-1429 ** (mc) CVE-2001-0955 version (XFree86, fixed 4.2.0) -CVE-2001-0935 ignore, no-ship (wu-ftpd) CVE-2001-0474 version (mesa, fixed 3.3-14) CVE-2001-0310 ignore (sort) mkstemp is now being used -CVE-2001-0235 (vixie-cron) ** Is this really CVE-2005-1038? -CVE-2001-0187 ignore, no-ship (wu-ftpd) +CVE-2001-0235 ignore (vixie-cron) if anything crontabs are visible anyways -- via shell's argv[0] CVE-2000-1191 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch CVE-2000-1137 version (ed, fixed 0.2-18.1) -*CVE-2000-0992 (krb5) +*CVE-2000-0992 ** (krb5) CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) CVE-2000-0172 version (mtr, fixed 0.42) CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch -*CVE-1999-1332 (gzip) -CVE-1999-0997 ignore, no-ship (wu-ftpd) +*CVE-1999-1332 ** (gzip) CVE-1999-0710 version (squid, fixed 2.5.STABLE10) CVE-1999-0473 version (rsync, fixed 2.3.1) CVE-1999-0103 ignore (bind) this is the nature of UDP
security-commits@lists.fedoraproject.org