[Bug 209167] New: seamonkey < 1.0.5 multiple vulnerabilities
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167
Summary: seamonkey < 1.0.5 multiple vulnerabilities
Product: Fedora Extras
Version: fc4
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: seamonkey
AssignedTo: kengert(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
seamonkey 1.0.4 in FE4 is probably affected by CVE-2006-4253, CVE-2006-4340,
CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4570 and CVE-2006-4571.
According to upstream, these are fixed in 1.0.5 (FE5+)
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years
[Bug 231728] New: CVE-2007-1359: mod_security <= 2.1.0 request rule bypass
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231728
Summary: CVE-2007-1359: mod_security <= 2.1.0 request rule bypass
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: mod_security
AssignedTo: mfleming+rpm(a)enlartenment.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-list(a)redhat.com,redhat-
bugzilla(a)linuxnetz.de
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1359
"Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows
remote attackers to bypass request rules via application/x-www-form-urlencoded
POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a
terminator even though it is still processed as normal data by some HTTP parsers
including PHP 5.2.0, and possibly parsers in Perl, and Python."
Based on version numbers, all FE releases are affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years
[Bug 228763] New: CVE-2007-0894: mediawiki full path disclosure
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228763
Summary: CVE-2007-0894: mediawiki full path disclosure
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: normal
Component: mediawiki
AssignedTo: Axel.Thimm(a)ATrpms.net
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-
list@redhat.com,fedora@theholbrooks.org,roozbeh(a)farsiweb
.info
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0894
"MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information
via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3)
MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the
installation path in the resulting error message."
1.8.3 (current FE6) in the CVE entry is not listed as vulnerable, don't know if
the omission is intentional. And whether installation path disclosure is an
issue with Fedora packages can also be debated, reporting here just in case
there's more to it.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years