Author: thoger
Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2042/audit
Modified Files: fc6 fc7 Log Message: libpng, phpmyadmin bunch of fedora updates
Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.279 retrieving revision 1.280 diff -u -r1.279 -r1.280 --- fc6 15 Oct 2007 14:37:07 -0000 1.279 +++ fc6 18 Oct 2007 11:48:50 -0000 1.280 @@ -5,15 +5,19 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# Up to date CVE as of CVE email 20071015 -# Up to date FC6 as of 20071010 +# Up to date FC6 as of 20071017
-CVE-2007-5208 VULNERABLE (hplip) #329121 -CVE-2007-5191 VULNERABLE (util-linux) #320141 +CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337471 +CVE-2007-5268 ignore (libpng) shipped version too old and not affected +CVE-2007-5267 ignore (libpng) shipped version too old and not affected +CVE-2007-5266 ignore (libpng) shipped version too old and not affected +CVE-2007-5208 backport (hplip) #329121 [since FEDORA-2007-724] +CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-722] CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718] -CVE-2007-5137 VULNERABLE (tk, fixed 8.4.16) #332071 -CVE-2007-5135 VULNERABLE (openssl, fixed 0.9.8d) +CVE-2007-5137 backport (tk, fixed 8.4.16) #332071 [since FEDORA-2007-728] +CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-725] CVE-2007-5034 version (elinks) #297611 [since FEDORA-2007-710] -CVE-2007-4995 VULNERABLE (openssl, fixed 0.9.8f) +CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-725] CVE-2007-4993 backport (xen) [since FEDORA-2007-713] CVE-2007-4965 VULNERABLE (python) imageop module heap overflow CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561 @@ -21,7 +25,7 @@ CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137 CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315331 CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) #315301 -CVE-2007-4752 VULNERABLE (openssh) #280471 +CVE-2007-4752 backport (openssh) #280471 [since FEDORA-2007-715] CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] CVE-2007-4730 ignore (xorg-x11) #286061 ajax says FC6 is not vulnerable CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] @@ -104,6 +108,7 @@ CVE-2007-3126 ignore (gimp) just a crash CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-661] CVE-2007-3106 VULNERABLE (libvorbis) #250600 +CVE-2007-3102 backport (openssh) [since FEDORA-2007-715] CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647] CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600] CVE-2007-2875 version (kernel) [since FEDORA-2007-600]
Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.144 retrieving revision 1.145 diff -u -r1.144 -r1.145 --- fc7 15 Oct 2007 14:37:07 -0000 1.144 +++ fc7 18 Oct 2007 11:48:50 -0000 1.145 @@ -6,20 +6,26 @@ # A couple of first F7 updates were marked as FEDORA-2007-0001
# Up to date CVE as of CVE email 20071015 -# Up to date FC7 as of 20071003 +# Up to date FC7 as of 20071017
+GENERIC-MAP-NOMATCH VULNERABLE (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe -CVE-2007-5386 ** (phpmyadmin) -CVE-2007-5226 VULNERABLE (dircproxy) #319301 -CVE-2007-5208 VULNERABLE (hplip) #329111 +CVE-2007-5386 VULNERABLE (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 +CVE-2007-5269 VULNERABLE (libpng10) update pending +CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337461 +CVE-2007-5268 ignore (libpng) shipped version too old and not affected +CVE-2007-5267 ignore (libpng) shipped version too old and not affected +CVE-2007-5266 ignore (libpng) shipped version too old and not affected +CVE-2007-5226 backport (dircproxy) #319301 [since FEDORA-2007-2419] +CVE-2007-5208 backport (hplip) #329111 [since FEDORA-2007-2527] CVE-2007-5201 VULNERABLE (duplicity) #293081 CVE-2007-5200 VULNERABLE (hugin) #332401 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #315101 CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462] CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406] CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295] -CVE-2007-5137 VULNERABLE (tk, fixed 8.4.16) #332061 -CVE-2007-5135 VULNERABLE (openssl, fixed 0.9.8d) +CVE-2007-5137 backport (tk, fixed 8.4.16) #332061 [since FEDORA-2007-2564] +CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-2530] CVE-2007-5106 ignore (wordpress) affects old 2.0.x versions CVE-2007-5105 ignore (wordpress) affects old 2.0.x versions CVE-2007-5079 VULNERABLE (gdm) #239820 @@ -29,12 +35,12 @@ CVE-2007-5007 VULNERABLE (balsa) #297601 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368] -CVE-2007-4995 VULNERABLE (openssl, fixed 0.9.8f) +CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530] CVE-2007-4993 backport (xen) [since FEDORA-2007-2270] CVE-2007-4990 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236] CVE-2007-4965 VULNERABLE (python) imageop module heap overflow -CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297551 +CVE-2007-4924 version (opal, fixed 2.2.10) #297551 [since FEDORA-2007-2245] CVE-2007-4897 version (opal, fixed 2.2.9) CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] @@ -117,7 +123,7 @@ CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -CVE-2007-3917 VULNERABLE (wesnoth) #324841 +CVE-2007-3917 version (wesnoth, fixed 1.2.7) #324841 [since FEDORA-2007-2496] CVE-2007-3848 version (kernel) [since FEDORA-2007-1785] CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214] CVE-2007-3845 ignore (firefox) windows specific @@ -127,9 +133,9 @@ CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699] CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700] CVE-2007-3799 ** (php) -CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44) -CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44) -CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3781 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197] +CVE-2007-3782 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197] +CVE-2007-3780 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197] CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620] CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138]
security-commits@lists.fedoraproject.org