Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227415
Summary: CVE-2007-0657 - vulnerability in Nexuiz 2.2.2
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: nexuiz
AssignedTo: adrian(a)lisas.de
ReportedBy: deisenst(a)gtw.net
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
According to http://www.alientrap.org/devwiki/index.php?n=Nexuiz.Patch,
Nexuiz 2.2.3 fixes a remote file read/write security hole: "fix severe remote
file read/overwrite security hole in 'gamedir' command (2.2.1 was NOT affected
as the command was new in 2.2.2)." It is CVE-2007-0657.
Although it claims 2.2.1 (the current Fedora Extras release) is not affected, we
may want to upgrade anyway?
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214820
Summary: CVE-2006-5815: proftpd unspecified vulnerability
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: proftpd
AssignedTo: matthias(a)rpmforge.net
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5815
Very little information available at the moment.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2006-2894 arbitrary file read vulnerability
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194511
------- Additional Comments From kengert(a)redhat.com 2007-02-02 14:26 EST -------
Adding reference to Mozilla bug.
Looks like nobody is working on backporting the fix to the branch.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225919
Summary: CVE-2007-0619: chmlib < 0.3.9 arbitrary code execution
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: chmlib
AssignedTo: lemenkov(a)gmail.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0619
"chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary
code via a crafted page block length in a CHM file, which triggers memory
corruption."
FC5+ seemingly affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=221023
Summary: CVE-2006-6808: wordpress 2.0.5 XSS vulnerability
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: high
Priority: normal
Component: wordpress
AssignedTo: jwb(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6808
"Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress
2.0.5 allows remote attackers to inject arbitrary web script or HTML via the
file parameter."
All FE4+ releases affected. This is supposedly fixed in 2.0.6, but it looks
like it hasn't been released yet. Patch at http://trac.wordpress.org/changeset/4665
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.