Author: lkundrak
Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30876
Modified Files: fc6 fc7 Log Message: Up to date as of today
Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.269 retrieving revision 1.270 diff -u -r1.269 -r1.270 --- fc6 1 Oct 2007 13:55:03 -0000 1.269 +++ fc6 2 Oct 2007 15:00:30 -0000 1.270 @@ -4,31 +4,31 @@ # *CVE are items that need verification for Fedora Core 6 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070914 -# Up to date FC6 as of 20070926 +# Up to date CVE as of CVE email 20071002 +# Up to date FC6 as of 20071002
CVE-2007-5162 VULNERABLE (ruby) #313801 -CVE-2007-5034 VULNERABLE (elinks) #297611 +CVE-2007-5034 version (elinks) #297611 [since ???] CVE-2007-4965 VULNERABLE (python) imageop module heap overflow -CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297561 -CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 #297561 -CVE-2007-4829 VULNERABLE (perl-Archive-Tar) -CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) +CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561 +CVE-2007-4897 VULNERABLE (opal, fixed 2.2.8) #297561 +CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315331 +CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) #315301 CVE-2007-4752 VULNERABLE (openssh) #280471 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] -CVE-2007-4730 VULNERABLE (xorg-x11) #286061 +CVE-2007-4730 ignore (xorg-x11) #286061 ajax says FC6 is not vulnerable CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-4670 backport (php) [since FEDORA-2007-709] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix -CVE-2007-4660 VULNERABLE (php, fixed 5.2.4) +CVE-2007-4660 ignore (php, fixed 5.2.4) CVE-2007-4661 duplicate, jorton mailed Mitre CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only) CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709] -CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) +CVE-2007-4657 ingore (php, fixed 5.2.4) arbitrary read not remotly triggerable CVE-2007-4569 VULNERABLE (kdebase) #299741 CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] -CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal +CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315291 CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4465 version (httpd) [since FEDORA-2007-707] CVE-2007-4357 ignore (firefox) status bar can be overwrittten
Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.127 retrieving revision 1.128 diff -u -r1.127 -r1.128 --- fc7 2 Oct 2007 08:25:51 -0000 1.127 +++ fc7 2 Oct 2007 15:00:30 -0000 1.128 @@ -5,8 +5,8 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20070914 -# Up to date FC7 as of 20070930 +# Up to date CVE as of CVE email 20071002 +# Up to date FC7 as of 20071002
GENERIC-MAP-NOMATCH VULNERABLE (nagios-plugins, fixed 1.4.10) #315101 CVE-2007-5162 VULNERABLE (ruby) #313791 @@ -21,35 +21,36 @@ GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236] CVE-2007-4965 VULNERABLE (python) imageop module heap overflow -CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297551 +CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297551 CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8 CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4841 ignore (mozilla suite) Windows only CVE-2007-4840 ignore (php) -CVE-2007-4829 VULNERABLE (perl-Archive-Tar) +CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189] CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196] CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] -CVE-2007-4730 VULNERABLE (xorg-x11) #286051 +CVE-2007-4730 ignore (xorg-x11) #286051 ajax says F7 is not vulnerable CVE-2007-4727 version (lighttpd) #284511 [since FEDORA-2007-2132] CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix -CVE-2007-4660 VULNERABLE (php, fixed 5.2.4) -CVE-2007-4659 VULNERABLE (php, fixed 5.2.4) #276531 Tracking bug! -CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011 -CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) +CVE-2007-4660 version (php, fixed 5.2.4) [since FEDORA-2007-2215] +CVE-2007-4659 version (php, fixed 5.2.4) #276531 [since FEDORA-2007-2215] +CVE-2007-4658 version (php, fixed 5.2.4) #278011 [since FEDORA-2007-2215] +CVE-2007-4657 version (php, fixed 5.2.4) [since FEDORA-2007-2215] CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020] CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108] CVE-2007-4573 version (kernel) [since FEDORA-2007-2298] +CVE-2007-4571 version (kernel) [since FEDORA-2007-2349] CVE-2007-4569 VULNERABLE (kdebase) #299731 CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] -CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal +CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315291 CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]
security-commits@lists.fedoraproject.org