Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Clam AntiVirus Win32-UPX Heap Overflow
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201688
tibbs(a)math.uh.edu changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |Security
CC| |fedora-security-
| |list(a)redhat.com
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357
icon(a)fedoraproject.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |icon(a)fedoraproject.org
------- Additional Comments From icon(a)fedoraproject.org 2006-08-08 12:31 EST -------
Why are we still on 1.5.0.4? Unaddressed security problems in a major network
applications generate lots of bad publicity for the project.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357
gilboad(a)gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gilboad(a)gmail.com
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2006-2894 arbitrary file read vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194511
------- Additional Comments From ville.skytta(a)iki.fi 2006-08-07 15:56 EST -------
I did not find a reference to this CVE in Mozilla advisories, assuming still
vulnerable in 1.0.4. Kai, could you investigate?
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: multiple vulnerabilities in thttpds htpasswd utility
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191095
------- Additional Comments From tibbs(a)math.uh.edu 2006-08-07 15:35 EST -------
Any reason these fixes couldn't go to the FC3 package as well?
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200545
Summary: CVE-2006-3913, freeciv: server buffer overflow issues
Product: Fedora Extras
Version: fc5
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3913
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: freeciv
AssignedTo: bdpepple(a)ameritech.net
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
CVE-2006-3913, http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3913 :
Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and
earlier, allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a (1) negative chunk_length or a (2) large
chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the
generic_handle_player_attribute_chunk function in common/packets.c, and (3) a
large packet->length value in the handle_unit_orders function in server/unithand.c.
All FE-[345] and devel are probably affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357
------- Additional Comments From mattdm(a)mattdm.org 2006-08-07 13:03 EST -------
Can we have an update on this, please?
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200795
Summary: xboard: world writable chess.png
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: xboard
AssignedTo: kaboom(a)oobleck.net
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
/usr/share/pixmaps/chess.png is world writable apparently due to bad umask
setting in the FE build system; its maintainers have been notified.
FE5 and devel are affected and this should be fixed in the package anyway, a fix
is to use "install -pm 644" instead of cp to install the file. In the FE4
package the file is 664, not world writable, but I'd recommend fixing this in it
too.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200794
Summary: zope: world writable files
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: high
Priority: urgent
Component: zope
AssignedTo: gauret(a)free.fr
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
The following files in zope are world writable apparently due to bad umask
setting in the FE build system; its maintainers have been notified.
/usr/lib/zope/skel/etc/logrotate.conf.in
/usr/share/doc/zope-2.8.3/README.Fedora
/var/lib/zope/etc/logrotate.conf
FE[345] and devel are affected and this should be fixed in the package anyway, a
fix is to use "install -pm 644" instead of cp when copying files around.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.