Author: thoger
Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13250/audit
Modified Files: fc6 fc7 Log Message: note mozilla cve ids
Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.280 retrieving revision 1.281 diff -u -r1.280 -r1.281 --- fc6 18 Oct 2007 11:48:50 -0000 1.280 +++ fc6 23 Oct 2007 14:25:40 -0000 1.281 @@ -7,6 +7,21 @@ # Up to date CVE as of CVE email 20071015 # Up to date FC6 as of 20071017
+CVE-2007-5340 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-5340 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-5340 VULNERABLE (seamonkey, fixed 1.1.5) +CVE-2007-5339 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-5339 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-5339 VULNERABLE (seamonkey, fixed 1.1.5) +CVE-2007-5338 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-5338 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-5338 VULNERABLE (seamonkey, fixed 1.1.5) +CVE-2007-5337 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-5337 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-5337 VULNERABLE (seamonkey, fixed 1.1.5) +CVE-2007-5334 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-5334 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-5334 VULNERABLE (seamonkey, fixed 1.1.5) CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337471 CVE-2007-5268 ignore (libpng) shipped version too old and not affected CVE-2007-5267 ignore (libpng) shipped version too old and not affected @@ -23,6 +38,7 @@ CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561 CVE-2007-4897 VULNERABLE (opal, fixed 2.2.8) #297561 CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137 +CVE-2007-4841 ignore (mozilla suite) Windows only CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315331 CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) #315301 CVE-2007-4752 backport (openssh) #280471 [since FEDORA-2007-715] @@ -68,7 +84,7 @@ CVE-2007-3848 version (kernel) [since FEDORA-2007-679] CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707] CVE-2007-3845 ignore (firefox) windows specific -CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" +CVE-2007-3844 VULNERABLE (firefox, fixed 2.0.0.6) #250648 "fixed on next update" CVE-2007-3843 VULNERABLE (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-716] @@ -78,6 +94,9 @@ CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44) CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44) CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655] +CVE-2007-3511 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-3511 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-3511 VULNERABLE (seamonkey, fixed 1.1.5) CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] CVE-2007-3478 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] @@ -128,6 +147,9 @@ CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600] CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529] CVE-2007-2438 version (vim, fixed 7.0.235) #238734 [since FEDORA-2007-492] +CVE-2007-2292 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-2292 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-2292 VULNERABLE (seamonkey, fixed 1.1.5) CVE-2007-2242 version (kernel) [since FEDORA-2007-482] CVE-2007-2138 version (postgresql, fixed 8.1.9) [since FEDORA-2007-565] CVE-2007-2028 backport (freeradius) [since FEDORA-2007-499] @@ -162,6 +184,9 @@ CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505] CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] +CVE-2007-1095 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-1095 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-1095 VULNERABLE (seamonkey, fixed 1.1.5) CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] CVE-2007-1004 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390627 CVE-2007-1003 backport (xorg-x11-server, fixed > X11R7.2) #235263 [since FEDORA-2007-425] @@ -300,6 +325,8 @@ CVE-2006-5051 backport (openssh, fixed 4.4) CVE-2006-4997 version (kernel, fixed 2.6.18) CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA +CVE-2006-4965 ignore (firefox, fixed 2.0.0.7) windows only +CVE-2006-4965 ignore (seamonkey) windows only CVE-2006-4925 ignore (openssh) client crash only CVE-2006-4924 backport (openssh, fixed 4.4) CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr @@ -479,7 +506,8 @@ CVE-2006-2932 ignore (kernel) no 4G/4G split support CVE-2006-2916 ignore (arts) not shipped setuid CVE-2006-2906 backport (gd) from changelog -CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236 +CVE-2006-2894 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2006-2894 VULNERABLE (seamonkey, fixed 1.1.5) #194511 CVE-2006-2842 version (squirrelmail, fixed 1.4.6) CVE-2006-2789 version (evolution, fixed 2.4.X) CVE-2006-2788 version (firefox, fixed 1.5.0.4)
Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.147 retrieving revision 1.148 diff -u -r1.147 -r1.148 --- fc7 22 Oct 2007 12:19:17 -0000 1.147 +++ fc7 23 Oct 2007 14:25:40 -0000 1.148 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20071015 # Up to date FC7 as of 20071017
+GENERIC-MAP-NOMATCH VULNERABLE (nagios-plugins) #348731 check_snmp overflow CVE-2007-5597 VULNERABLE (drupal, fixed 5.3) CVE-2007-5596 VULNERABLE (drupal, fixed 5.3) CVE-2007-5595 VULNERABLE (drupal, fixed 5.3) @@ -17,6 +18,21 @@ CVE-2007-5585 (tempest) #336331 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe CVE-2007-5386 VULNERABLE (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 +CVE-2007-5340 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-5340 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-5340 VULNERABLE (seamonkey, fixed 1.1.5) +CVE-2007-5339 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-5339 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-5339 VULNERABLE (seamonkey, fixed 1.1.5) +CVE-2007-5338 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-5338 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-5338 VULNERABLE (seamonkey, fixed 1.1.5) +CVE-2007-5337 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-5337 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-5337 VULNERABLE (seamonkey, fixed 1.1.5) +CVE-2007-5334 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-5334 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-5334 VULNERABLE (seamonkey, fixed 1.1.5) CVE-2007-5269 VULNERABLE (libpng10) update pending CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337461 CVE-2007-5268 ignore (libpng) shipped version too old and not affected @@ -133,7 +149,7 @@ CVE-2007-3848 version (kernel) [since FEDORA-2007-1785] CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214] CVE-2007-3845 ignore (firefox) windows specific -CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" +CVE-2007-3844 VULNERABLE (firefox, fixed 2.0.0.6) #250648 "fixed on next update" CVE-2007-3843 VULNERABLE (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699] @@ -158,6 +174,9 @@ CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904] CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 CVE-2007-3543 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] +CVE-2007-3511 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-3511 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-3511 VULNERABLE (seamonkey, fixed 1.1.5) CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033] CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045] @@ -278,6 +297,9 @@ CVE-2007-2381 ignore (MochiKit) #238616 *CVE-2007-2356 ** (gimp) *CVE-2007-2353 ** (axis) +CVE-2007-2292 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-2292 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-2292 VULNERABLE (seamonkey, fixed 1.1.5) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped. CVE-2007-2241 backport (bind) [since FEDORA-2007-0300] @@ -398,6 +420,9 @@ *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] CVE-2007-1216 version (krb5, fixed 1.6-3) #231537 *CVE-2007-1103 VULNERABLE (tor) #230927 +CVE-2007-1095 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2007-1095 VULNERABLE (thunderbird, fixed 2.0.0.6) +CVE-2007-1095 VULNERABLE (seamonkey, fixed 1.1.5) CVE-2007-1092 version (seamonkey, fixed 1.0.8) CVE-2007-1055 version (mediawiki, fixed 1.8.3) CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] @@ -700,6 +725,8 @@ CVE-2006-4997 version (kernel, fixed 2.6.18) CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA *CVE-2006-4976 ** (php-adodb) #208299 +CVE-2006-4965 ignore (firefox, fixed 2.0.0.7) windows only +CVE-2006-4965 ignore (seamonkey) windows only CVE-2006-4943 version (moodle, fixed 1.6.3) #206516 CVE-2006-4942 version (moodle, fixed 1.6.3) #206516 CVE-2006-4941 version (moodle, fixed 1.6.3) #206516 @@ -925,8 +952,8 @@ CVE-2006-2920 version (sylpheed-claws, fixed 2.2.2) CVE-2006-2916 ignore (arts) not shipped setuid CVE-2006-2906 backport (gd) from changelog -CVE-2006-2894 VULNERABLE (seamonkey) #194511 -CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236 +CVE-2006-2894 VULNERABLE (firefox, fixed 2.0.0.8) +CVE-2006-2894 VULNERABLE (seamonkey, fixed 1.1.5) #194511 CVE-2006-2842 version (squirrelmail, fixed 1.4.6) CVE-2006-2789 version (evolution, fixed 2.4.X) CVE-2006-2788 version (firefox, fixed 1.5.0.4)
security-commits@lists.fedoraproject.org