security [ARCHIVED] June 2007

security@lists.fedoraproject.org

16 participants
60 discussions

fedora-security/audit fc7,1.26,1.27
by fedora-extras-commits＠redhat.com 28 Jun '07

28 Jun '07

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32136 Modified Files: fc7 Log Message: c-ares updated Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- fc7 27 Jun 2007 21:22:48 -0000 1.26 +++ fc7 28 Jun 2007 17:33:47 -0000 1.27 @@ -14,8 +14,8 @@ CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 -CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 -CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 CVE-2007-3145 VULNERABLE (galeon) ** CVE-2007-3140 ** (wordpress) #245211 CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

1 0

[Bug 243591] New: c-ares < 1.4.0 DNS cache poisoning vulnerability
by Red Hat Bugzilla 27 Jun '07

27 Jun '07

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591 Summary: c-ares < 1.4.0 DNS cache poisoning vulnerability Product: Fedora Extras Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: c-ares AssignedTo: tcallawa(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://www.vuxml.org/freebsd/70ae62b0-16b0-11dc-b803-0016179b2dd5.html "The vulnerability is caused due to predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 4

fedora-security/audit fc7,1.25,1.26
by fedora-extras-commits＠redhat.com 27 Jun '07

27 Jun '07

Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24517 Modified Files: fc7 Log Message: Deal with some ids Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- fc7 27 Jun 2007 20:12:10 -0000 1.25 +++ fc7 27 Jun 2007 21:22:48 -0000 1.26 @@ -26,7 +26,7 @@ CVE-2007-3025 ignore (clamav, Solaris only) CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3007 ignore (php) safe mode isn't safe +CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] @@ -38,7 +38,7 @@ *CVE-2007-2868 version (seamonkey, fixed 1.0.9) *CVE-2007-2867 version (seamonkey, fixed 1.0.9) *CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 -*CVE-2007-2844 ignore (php) #241641 +CVE-2007-2844 ignore (php) #241641 *CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 *CVE-2007-2799 (file) @@ -54,10 +54,10 @@ *CVE-2007-2627 ** (wordpress) #239904 *CVE-2007-2589 (squirrelmail) *CVE-2007-2583 (mysql) -*CVE-2007-2519 ignore (php-pear) no trust boundary is crossed -*CVE-2007-2511 ignore (php) #239011 see the bug -*CVE-2007-2510 (php) -*CVE-2007-2509 (php) +CVE-2007-2519 ignore (php-pear) no trust boundary is crossed +CVE-2007-2511 ignore (php) #239011 see the bug +CVE-2007-2510 version (php, fixed 5.2.2) +CVE-2007-2509 version (php, fixed 5.2.2) *CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213 CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] @@ -88,7 +88,7 @@ CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) *CVE-2007-2028 (freeradius) *CVE-2007-2026 (file) -*CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) +CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) CVE-2007-1997 version (clamav, fixed in 0.90.2) *CVE-2007-1995 (quagga) #240488 *CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 @@ -96,7 +96,7 @@ *CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912 *CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 *CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1864 (php) +CVE-2007-1864 version (php, fixed 5.2.2) *CVE-2007-1862 (httpd) *CVE-2007-1859 (xscreensaver) *CVE-2007-1858 (tomcat) @@ -109,17 +109,17 @@ *CVE-2007-1742 (httpd) *CVE-2007-1741 (httpd) *CVE-2007-1732 ignore (wordpress) #235015 -*CVE-2007-1718 (php) -*CVE-2007-1717 (php) -*CVE-2007-1711 (php) -*CVE-2007-1710 (php) -*CVE-2007-1709 (php) +CVE-2007-1718 version (php, fixed 5.2.2) +CVE-2007-1717 version (php, fixed 5.2.2) +CVE-2007-1711 version (php, 4.4.5 and 4.4.6 only) +CVE-2007-1710 version (php, fixed 5.2.2) +CVE-2007-1709 ignore (php) no security impact *CVE-2007-1667 (xorg-x11) -*CVE-2007-1649 (php) +CVE-2007-1649 version (php, fixed 5.2.2) *CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 -*CVE-2007-1583 (php) +CVE-2007-1583 version (php, fixed 5.2.2) *CVE-2007-1565 ignore (konqueror) client crash *CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] *CVE-2007-1562 (firefox, seamonkey, thunderbird) @@ -132,34 +132,34 @@ *CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1536 (file) -*CVE-2007-1521 (php) +CVE-2007-1521 ignore (php) See NVD *CVE-2007-1515 version (imp, fixed 4.1.4) CVE-2007-1496 version (kernel, fixed 2.6.20.3) -*CVE-2007-1484 (php) -*CVE-2007-1475 ignore (php) unshipped ibase extension +CVE-2007-1484 ignore (php) See NVD +CVE-2007-1475 ignore (php) unshipped ibase extension *CVE-2007-1474 version (horde, fixed 3.1.4) *CVE-2007-1474 ignore (imp, < 4.x only) *CVE-2007-1473 version (horde, fixed 3.1.4) *CVE-2007-1466 (openoffice.org) *CVE-2007-1464 version (inkscape, fixed 0.45.1) *CVE-2007-1463 version (inkscape, fixed 0.45.1) -*CVE-2007-1460 (php) +CVE-2007-1460 version (php, fixed 5.2.2) *CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 -*CVE-2007-1413 ignore (php) Windows NT SNMP specific -*CVE-2007-1412 ignore (php) unshipped cpdf extension -*CVE-2007-1411 ignore (php) unshipped mssql extension +CVE-2007-1413 ignore (php) Windows NT SNMP specific +CVE-2007-1412 ignore (php) unshipped cpdf extension +CVE-2007-1411 ignore (php) unshipped mssql extension *CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 *CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 -*CVE-2007-1401 ignore (php) unshipped cracklib extension -*CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) +CVE-2007-1401 ignore (php) unshipped cracklib extension +CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) *CVE-2007-1398 ignore (snort, inline mode not shipped) #232109 -*CVE-2007-1396 ignore (php) feature, not a flaw +CVE-2007-1396 ignore (php) feature, not a flaw *CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3) *CVE-2007-1385 version (ktorrent, fixed 2.1.2) *CVE-2007-1384 version (ktorrent, fixed 2.1.2) -*CVE-2007-1375 (php) +CVE-2007-1375 version (php, fixed 5.2.2) *CVE-2007-1366 ** (qemu) #238723 *CVE-2007-1362 version (seamonkey, fixed 1.0.9) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 @@ -171,9 +171,9 @@ *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 *CVE-2007-1320 ** (qemu) #238723 -*CVE-2007-1287 (php) -*CVE-2007-1286 (php) -*CVE-2007-1285 (php) +CVE-2007-1287 ignore (php) See NVD +CVE-2007-1286 version (php, PHP4 only) +CVE-2007-1285 version (php, 5.2.2) *CVE-2007-1282 version (seamonkey, fixed 1.0.8) *CVE-2007-1277 version (wordpress, fixed 2.1.2) *CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733 @@ -185,7 +185,7 @@ *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 *CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] -CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537 +CVE-2007-1216 version (krb5, fixed 1.6-3) #231537 *CVE-2007-1103 VULNERABLE (tor) #230927 *CVE-2007-1092 version (seamonkey, fixed 1.0.8) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) @@ -198,24 +198,24 @@ *CVE-2007-1004 VULNERABLE (firefox, ...) *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 *CVE-2007-1002 VULNERABLE (evolution) #233587 -*CVE-2007-1001 (php) +CVE-2007-1001 version (php, fixed 5.2.2) CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335] *CVE-2007-0999 (ekiga) *CVE-2007-0998 version (qemu, fixed 0.8.2) *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] *CVE-2007-0996 version (seamonkey, fixed 1.0.8) *CVE-2007-0995 version (seamonkey, fixed 1.0.8) -*CVE-2007-0988 (php) +CVE-2007-0988 version (php, fixed 5.2.1) *CVE-2007-0981 VULNERABLE (firefox, ...) *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782 -*CVE-2007-0911 (php) -*CVE-2007-0910 (php) -*CVE-2007-0909 (php) -*CVE-2007-0908 (php) -*CVE-2007-0907 (php) -*CVE-2007-0906 (php) +CVE-2007-0911 version (php, 5.2.1 only) +CVE-2007-0910 version (php, fixed 5.2.1) +CVE-2007-0909 version (php, fixed 5.2.1) +CVE-2007-0908 version (php, fixed 5.2.1) +CVE-2007-0907 version (php, fixed 5.2.1) +CVE-2007-0906 version (php, fixed 5.2.1) *CVE-2007-0903 version (ejabberd, fixed 1.1.3) *CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 @@ -236,7 +236,7 @@ CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952 *CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 *CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 -*CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated +CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated *CVE-2007-0657 ignore (nexuiz, 2.2.2 only (not shipped), fixed 2.2.3) *CVE-2007-0654 VULNERABLE (xmms) #233705 *CVE-2007-0653 VULNERABLE (xmms) #233705 @@ -248,8 +248,8 @@ *CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0537 VULNERABLE (kdebase) #225420 -*CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147] -*CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147] +CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147] +CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147] *CVE-2007-0475 version (smb4k, fixed 0.8.0) *CVE-2007-0474 version (smb4k, fixed 0.8.0) *CVE-2007-0473 version (smb4k, fixed 0.8.0) @@ -264,7 +264,7 @@ *CVE-2007-0452 (samba) *CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] *CVE-2007-0450 (tomcat) -*CVE-2007-0448 (php) +CVE-2007-0448 ignore (php) safe mode isn't safe *CVE-2007-0405 version (Django, fixed 0.95.1) *CVE-2007-0404 version (Django, fixed 0.95.1) *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) @@ -303,8 +303,8 @@ CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] *CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected -*CVE-2006-7205 (php) -*CVE-2006-7204 (php) +CVE-2006-7205 ignore (php) See NVD +CVE-2006-7204 ignore (php) See NVD *CVE-2006-7197 (tomcat) *CVE-2006-7196 (tomcat) *CVE-2006-7195 (tomcat) @@ -358,7 +358,7 @@ CVE-2006-6481 version (clamav, fixed 0.88.7) CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 CVE-2006-6385 ignore (kernel) windows only -*CVE-2006-6383 ignore (php) safe mode isn't safe +CVE-2006-6383 ignore (php) safe mode isn't safe *CVE-2006-6374 ** (phpMyAdmin) #218853 *CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] @@ -436,7 +436,7 @@ *CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] *CVE-2006-5747 version (seamonkey, fixed 1.0.6) #214822 *CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] -*CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe +CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe *CVE-2006-5705 backport (wordpress, fixed 2.0.4-3) #213985 *CVE-2006-5701 VULNERABLE (kernel) squashfs is not included upstream *CVE-2006-5633 ignore (firefox) just a client DoS @@ -452,7 +452,7 @@ *CVE-2006-5468 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] *CVE-2006-5467 backport (ruby) #212396 [since FEDORA-2006-1109] *CVE-2006-5466 VULNERABLE (rpm) #212833 -*CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169] +CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169] *CVE-2006-5464 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] *CVE-2006-5464 version (seamonkey, fixed 1.0.6) #214822 *CVE-2006-5464 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] @@ -480,7 +480,7 @@ *CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167 *CVE-2006-5214 version (xorg-x11-xdm) *CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession -*CVE-2006-5178 VULNERABLE (php) can't be fixed +CVE-2006-5178 VULNERABLE (php) can't be fixed *CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only *CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield *CVE-2006-5170 VULNERABLE (nss_ldap, fixed 183) @@ -510,7 +510,7 @@ *CVE-2006-4816 (php) *CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-4813 version (kernel, fixed 2.6.13) -*CVE-2006-4812 backport (php) php-5.1.6-ecalloc.patch +CVE-2006-4812 version (php, fixed 5.2) *CVE-2006-4811 version (qt, fixed 3.3.7) [since FEDORA-2006-1055] *CVE-2006-4810 backport (texinfo) [since FEDORA-2006-1203] *CVE-2006-4809 patch (imlib2, fixed 1.3.0-3) #214676 @@ -526,7 +526,7 @@ *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4663 ignore (kernel) not a vulnerability CVE-2006-4640 ignore, no-ship (flash-plugin) -*CVE-2006-4625 ignore (php) safe mode isn't safe +CVE-2006-4625 ignore (php) safe mode isn't safe *CVE-2006-4624 version (mailman, fixed 2.1.9rc1) *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) *CVE-2006-4600 version (openldap, fixed 2.3.25) @@ -556,18 +556,18 @@ *CVE-2006-4513 version (wv, fixed 1.2.4) #212696 *CVE-2006-4513 ** (abiword) #212698 *CVE-2006-4507 ignore (libtiff) can't reproduce -*CVE-2006-4486 version (php, fixed 5.1.6) -*CVE-2006-4485 version (php, fixed 5.1.5) -*CVE-2006-4484 version (php, fixed 5.1.5) +CVE-2006-4486 version (php, fixed 5.1.6) +CVE-2006-4485 version (php, fixed 5.1.5) +CVE-2006-4484 version (php, fixed 5.1.5) *CVE-2006-4484 ignore (gd) -*CVE-2006-4483 ignore (php) not linux -*CVE-2006-4482 version (php, fixed 5.1.5) -*CVE-2006-4481 ignore (php) safe mode isn't safe -*CVE-2006-4455 ignore (xchat) client DoS +CVE-2006-4483 ignore (php) not linux +CVE-2006-4482 version (php, fixed 5.1.5) +CVE-2006-4481 ignore (php) safe mode isn't safe +CVE-2006-4455 ignore (xchat) client DoS *CVE-2006-4447 ignore (xorg) not a security issue *CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable -*CVE-2006-4433 version (php, fixed 5.1.4) -*CVE-2006-4433 version (php, fixed 5.1.4) +CVE-2006-4433 version (php, fixed 5.1.4) +CVE-2006-4433 version (php, fixed 5.1.4) *CVE-2006-4380 version (mysql, fixed 4.1.13) *CVE-2006-4343 backport (openssl, fixed 0.9.8d) *CVE-2006-4342 ignore (kernel) rhel3 only @@ -602,12 +602,12 @@ *CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) *CVE-2006-4124 (lesstif) -*CVE-2006-4096 backport (bind) -*CVE-2006-4095 backport (bind) +CVE-2006-4096 version (bind, fixed 9.3.2-P1) +CVE-2006-4095 version (bind, fixed 9.3.2-P1) *CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5) *CVE-2006-4031 version (mysql, fixed 5.0.24) #202675 [since FEDORA-2006-1297] *CVE-2006-4028 version (wordpress, fixed 2.0.4) #201989 -*CVE-2006-4020 version (php, fixed 5.1.5) +CVE-2006-4020 version (php, fixed 5.1.5) *CVE-2006-4019 version (squirrelmail, fixed 1.4.8) CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 *CVE-2006-3918 version (httpd, fixed 2.2.2) @@ -722,16 +722,16 @@ *CVE-2006-3113 version (firefox, fixed 1.5.0.5) *CVE-2006-3093 ignore (acroread) windows only *CVE-2006-3085 version (kernel, fixed 2.6.17.1) -*CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux -*CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) +CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux +CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) *CVE-2006-3082 version (gnupg, fixed 1.4.4) *CVE-2006-3081 version (mysql, fixed 5.1.18) *CVE-2006-3057 version (dhcdbd, fixed 1.14) -*CVE-2006-3018 version (php, fixed 5.1.3) -*CVE-2006-3017 version (php, fixed 5.1.3) -*CVE-2006-3016 version (php, fixed 5.1.3) +CVE-2006-3018 version (php, fixed 5.1.3) +CVE-2006-3017 version (php, fixed 5.1.3) +CVE-2006-3016 version (php, fixed 5.1.3) *CVE-2006-3014 ignore (flash-plugin) windows only -*CVE-2006-3011 ignore (php) safe mode isn't safe +CVE-2006-3011 ignore (php) safe mode isn't safe *CVE-2006-3005 ignore (libjpeg) not a vuln *CVE-2006-2941 version (mailman, fixed 2.1.9) *CVE-2006-2940 backport (openssl, fixed 0.9.8d) @@ -777,15 +777,15 @@ *CVE-2006-2753 version (mysql, fixed 5.0.22) *CVE-2006-2723 ignore (firefox) disputed *CVE-2006-2661 version (freetype, fixed 2.2.1) -*CVE-2006-2660 ignore (php) see #195539 +CVE-2006-2660 ignore (php) see #195539 *CVE-2006-2658 version (xsp, fixed 1.1.14) #206510 -*CVE-2006-2657 (php) +CVE-2006-2657 (php) DUPE CVE-2006-3017 *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch *CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC *CVE-2006-2613 ignore (firefox) This isn't an issue on FC CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_48-security.patch *CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983 -*CVE-2006-2563 ignore (php) safe mode isn't safe +CVE-2006-2563 ignore (php) safe mode isn't safe *CVE-2006-2502 (cyrus-imapd) *CVE-2006-2489 version (nagios, fixed 2.3.1) *CVE-2006-2480 patch (dia, fixed 0.95-2) bz#192535 @@ -829,17 +829,17 @@ *CVE-2006-2120 version (libtiff, fixed 3.8.2 at least) *CVE-2006-2093 version (nessus, fixed 2.2.7) bz#191053 CVE-2006-2083 version (rsync, fixed 2.6.8) -*CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP +CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP *CVE-2006-2071 version (kernel, fixed 2.6.16.6) *CVE-2006-2057 ignore (firefox) not Linux *CVE-2006-2026 version (libtiff, fixed 3.8.1) *CVE-2006-2025 version (libtiff, fixed 3.8.1) *CVE-2006-2024 version (libtiff, fixed 3.8.1) *CVE-2006-2017 version (dnsmasq, fixed 2.30) -*CVE-2006-2016 version (phpldapadmin, fixed 0.9.8.1) +CVE-2006-2016 version (phpldapadmin, fixed 0.9.8.1) *CVE-2006-1993 version (firefox, fixed 1.5.0.3) -*CVE-2006-1991 version (php) -*CVE-2006-1990 version (php) +CVE-2006-1991 version (php, fixed 5.1.3) +CVE-2006-1990 version (php, fixed 5.1.3) CVE-2006-1989 version (clamav, fixed 0.88.2) *CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch *CVE-2006-1942 version (firefox, fixed 1.5.0.4) @@ -936,11 +936,11 @@ *CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1608 ignore (php) safe mode isn't safe +CVE-2006-1608 ignore (php) safe mode isn't safe *CVE-2006-1577 version (mantis, fixed 1.0.5) bz#191089 *CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) *CVE-2006-1550 version (dia, fixed 0.95) bz#187556 -*CVE-2006-1549 ignore (php) this is not a security issue +CVE-2006-1549 ignore (php) this is not a security issue *CVE-2006-1548 version (struts, fixed 1.2.9) *CVE-2006-1547 version (struts, fixed 1.2.9) *CVE-2006-1546 version (struts, fixed 1.2.9) @@ -966,8 +966,8 @@ *CVE-2006-1517 version (mysql, fixed 5.0.21) *CVE-2006-1516 version (mysql, fixed 5.0.21) *CVE-2006-1498 version (mediawiki, fixed 1.5.8) bz#188122 -*CVE-2006-1494 version (php) -*CVE-2006-1490 version (php, fixed 5.1.4) +CVE-2006-1494 version (php, fixed 5.1.3) +CVE-2006-1490 version (php, fixed 5.1.4) *CVE-2006-1470 version (openldap, not 2.3.24 at least) *CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353 *CVE-2006-1370 (helixplayer) @@ -1000,10 +1000,10 @@ *CVE-2006-1053 (fedora directory server) *CVE-2006-1052 version (kernel, fixed 2.6.16) *CVE-2006-1045 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1015 ignore (php) safe mode isn't safe -*CVE-2006-1014 ignore (php) safe mode isn't safe -*CVE-2006-0996 version (php, fixed 5.1.4) -*CVE-2006-0987 (bind) +CVE-2006-1015 ignore (php) safe mode isn't safe +CVE-2006-1014 ignore (php) safe mode isn't safe +CVE-2006-0996 version (php, fixed 5.1.4) +CVE-2006-0987 VULNERABLE (bind) example config file only *CVE-2006-0903 version (mysql, 4.1.19) *CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) CVE-2006-0883 version (openssh, fixed 3.8.1p1) @@ -1091,20 +1091,20 @@ *CVE-2006-0254 version (tomcat5, fixed 5.5.16) *CVE-2006-0236 ignore (thunderbird) windows only CVE-2006-0225 version (openssh, fixed 4.3p2) #168167 -*CVE-2006-0208 version (php, fixed 5.1.2) -*CVE-2006-0207 version (php, fixed 5.1.2) -*CVE-2006-0200 version (php, fixed 5.1.2) +CVE-2006-0208 version (php, fixed 5.1.2) +CVE-2006-0207 version (php, fixed 5.1.2) +CVE-2006-0200 version (php, fixed 5.1.2) *CVE-2006-0197 ignore (xorg-x11) not an issue *CVE-2006-0195 version (squirrelmail, fixed 1.4.6) *CVE-2006-0188 version (squirrelmail, fixed 1.4.6) CVE-2006-0162 version (clamav, fixed 0.88) -*CVE-2006-0151 (sudo) +CVE-2006-0151 ignore (sudo) only env_reset will properly clean the environment *CVE-2006-0150 (auth_ldap) -*CVE-2006-0144 version (php-pear, not 1.4.4) +CVE-2006-0144 version (php-pear, not 1.4.4) *CVE-2006-0126 version (rxvt-unicode, fixed 7.5) *CVE-2006-0106 version (wine, fixed 0.9.10) *CVE-2006-0105 (postgresql) -*CVE-2006-0097 ignore (php) Windows only +CVE-2006-0097 ignore (php) Windows only *CVE-2006-0096 ignore (kernel) minor and requires root *CVE-2006-0095 version (kernel, fixed 2.6.16) *CVE-2006-0082 version (ImageMagick, not 6.2.5.4) @@ -1153,8 +1153,8 @@ *CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471] *CVE-2005-4348 version (fetchmail, fixed 6.3.1) CVE-2005-4268 backport (cpio) cpio-2.6-writeOutHeaderBufferOverflow.patch -*CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment -*CVE-2005-4154 ignore (php) don't install untrusted pear packages +CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment +CVE-2005-4154 ignore (php) don't install untrusted pear packages *CVE-2005-4153 version (mailman) *CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html *CVE-2005-4130 (helixplayer) @@ -1167,7 +1167,7 @@ *CVE-2005-3890 (pidgin) *CVE-2005-3889 (pidgin) *CVE-2005-3888 (pidgin) -*CVE-2005-3883 version (php, fixed 5.1.1 at least) +CVE-2005-3883 version (php, fixed 5.1.1 at least) *CVE-2005-3858 version (kernel, fixed 2.6.13) *CVE-2005-3857 version (kernel, fixed 2.6.15) *CVE-2005-3848 version (kernel, fixed 2.6.13) @@ -1195,23 +1195,23 @@ *CVE-2005-3629 version (initscripts, fixed 8.29 at least) *CVE-2005-3628 version (poppler, fixed 0.4.4) *CVE-2005-3628 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3628 version (cups, fixed 1.2.0) +CVE-2005-3628 version (cups, fixed 1.2.0) *CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3627 version (poppler, fixed 0.4.4) *CVE-2005-3627 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3627 version (cups, fixed 1.2.0) +CVE-2005-3627 version (cups, fixed 1.2.0) *CVE-2005-3627 backport (tetex) *CVE-2005-3626 version (poppler, fixed 0.4.4) *CVE-2005-3626 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3626 version (cups, fixed 1.2.0) +CVE-2005-3626 version (cups, fixed 1.2.0) *CVE-2005-3626 backport (tetex) *CVE-2005-3625 version (poppler, fixed 0.4.4) *CVE-2005-3625 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3625 version (cups, fixed 1.2.0) +CVE-2005-3625 version (cups, fixed 1.2.0) *CVE-2005-3625 backport (tetex) *CVE-2005-3624 version (poppler, fixed 0.4.4) *CVE-2005-3624 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3624 version (cups, fixed 1.2.0) +CVE-2005-3624 version (cups, fixed 1.2.0) *CVE-2005-3624 backport (tetex) *CVE-2005-3623 version (kernel, fixed 2.6.14.5) CVE-2005-3591 ignore, no-ship (flash-plugin) @@ -1220,22 +1220,22 @@ *CVE-2005-3527 version (kernel, fixed 2.6.14) *CVE-2005-3510 (tomcat) *CVE-2005-3402 ignore (thunderbird) mozilla say by design -*CVE-2005-3392 version (php, not 5.0) -*CVE-2005-3391 version (php, not 5.0) -*CVE-2005-3390 version (php, fixed 5.1.0) -*CVE-2005-3389 version (php, fixed 5.1.1) -*CVE-2005-3388 version (php, fixed 5.1.1) +CVE-2005-3392 version (php, not 5.0) +CVE-2005-3391 version (php, not 5.0) +CVE-2005-3390 version (php, fixed 5.1.0) +CVE-2005-3389 version (php, fixed 5.1.1) +CVE-2005-3388 version (php, fixed 5.1.1) *CVE-2005-3359 version (kernel, fixed 2.6.14) *CVE-2005-3358 version (kernel, fixed 2.6.11) *CVE-2005-3357 version (httpd, fixed 2.2.1) *CVE-2005-3356 version (kernel, fixed 2.6.16) *CVE-2005-3354 (sylpheed) -*CVE-2005-3353 version (php, not 5.0) +CVE-2005-3353 version (php, not 5.0) *CVE-2005-3352 version (httpd, fixed 2.2.1) *CVE-2005-3351 version (spamassassin, fixed 3.1.0) *CVE-2005-3350 (libungif) CVE-2005-3322 version (squid) not upstream, SUSE only -*CVE-2005-3319 ignore (mod_php) no security consequence +CVE-2005-3319 ignore (mod_php) no security consequence *CVE-2005-3313 version (wireshark, fixed after 0.10.13) *CVE-2005-3276 version (kernel, fixed 2.6.12.4) *CVE-2005-3275 version (kernel, fixed 2.6.13) @@ -1257,15 +1257,15 @@ *CVE-2005-3241 version (wireshark, fixed 0.10.13) *CVE-2005-3193 version (poppler, fixed 0.4.4) *CVE-2005-3193 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3193 version (cups, fixed 1.2.0) +CVE-2005-3193 version (cups, fixed 1.2.0) *CVE-2005-3193 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3192 version (poppler, fixed 0.4.4) *CVE-2005-3192 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3192 version (cups, fixed 1.2.0) +CVE-2005-3192 version (cups, fixed 1.2.0) *CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3191 version (poppler, fixed 0.4.4) *CVE-2005-3191 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3191 version (cups, fixed 1.2.0) +CVE-2005-3191 version (cups, fixed 1.2.0) *CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3186 version (gtk2, fixed 2.8.7 at least) *CVE-2005-3185 version (wget, fixed 1.10.2 at least) @@ -1287,7 +1287,7 @@ *CVE-2005-3089 version (firefox, fixed 1.0.7) *CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped *CVE-2005-3055 version (kernel, fixed 2.6.14) -*CVE-2005-3054 ignore (php) +CVE-2005-3054 ignore (php) *CVE-2005-3053 version (kernel, fixed 2.6.12.5) *CVE-2005-3044 version (kernel, fixed 2.6.13.2) *CVE-2005-3011 backport (texinfo) texinfo-CAN-2005-3011.patch @@ -1303,7 +1303,7 @@ *CVE-2005-2969 backport (openssl097a, fixed 0.9.7h) *CVE-2005-2968 version (thunderbird) *CVE-2005-2968 version (firefox) -*CVE-2005-2959 ignore (sudo) not a vulnerability +CVE-2005-2959 ignore (sudo) not a vulnerability *CVE-2005-2958 (libgda) *CVE-2005-2946 version (openssl, fixed 0.9.8) *CVE-2005-2933 version (libc-client, fixed 2004g at least) @@ -1311,7 +1311,7 @@ *CVE-2005-2922 (helixplayer) CVE-2005-2917 version (squid, fixed 2.5.STABLE11) *CVE-2005-2876 version (util-linux, fixed 2.13-pre3) -*CVE-2005-2874 version (cups, fixed 1.1.23) +CVE-2005-2874 version (cups, fixed 1.1.23) *CVE-2005-2873 version (kernel, fixed 2.6.18-rc1) *CVE-2005-2872 version (kernel, fixed 2.6.12) *CVE-2005-2871 version (thunderbird) @@ -1361,14 +1361,14 @@ *CVE-2005-2547 version (bluez-pin, fixed 2.19) not before 2.16 *CVE-2005-2541 ignore (tar) is documented behaviour *CVE-2005-2500 version (kernel, fixed 2.6.13) -*CVE-2005-2498 version (php, fixed xml_rpc:1.4.0) +CVE-2005-2498 version (php, fixed xml_rpc:1.4.0) *CVE-2005-2496 version (ntp, fixed 4.2.0b) *CVE-2005-2495 version (xorg-x11-server, fixed 0.99.3 at least) *CVE-2005-2494 version (kdebase, fixed after 3.4.2) *CVE-2005-2492 version (kernel, fixed 2.6.13.1) *CVE-2005-2491 version (pcre, fixed 6.2) *CVE-2005-2491 ignore (python) fc6 python does not contain pcre -*CVE-2005-2491 ignore (php) php uses system pcre +CVE-2005-2491 ignore (php) php uses system pcre *CVE-2005-2491 ignore (httpd) httpd uses system pcre *CVE-2005-2490 version (kernel, fixed 2.6.13.1) *CVE-2005-2475 backport (unzip) unzip-5.52-toctou.patch @@ -1422,7 +1422,7 @@ *CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4 *CVE-2005-2099 version (kernel, fixed 2.6.12.5) *CVE-2005-2098 version (kernel, fixed 2.6.12.5) -*CVE-2005-2097 version (cups) +CVE-2005-2097 version (cups, fixed 1.2) *CVE-2005-2096 version (rpm, fixed 4.4.2) *CVE-2005-2096 backport (zlib, fixed 1.2.2.4) *CVE-2005-2095 version (squirrelmail, fixed 1.4.5) @@ -1431,17 +1431,17 @@ *CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch *CVE-2005-2023 version (gnupg, only 1.9.14) -*CVE-2005-1993 version (sudo, fixed 1.6.8p9) +CVE-2005-1993 version (sudo, fixed 1.6.8p9) *CVE-2005-1992 version (ruby, fixed 1.8.3 at least) *CVE-2005-1937 version (firefox, fixed 1.0.5) CVE-2005-1934 version (gaim, fixed gaim:1.5.0) -*CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) +CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) *CVE-2005-1920 version (kdelibs, fixed 3.4.1) *CVE-2005-1918 version (tar) *CVE-2005-1913 version (kernel, fixed 2.6.12.2) *CVE-2005-1852 version (kdenetwork, fixed 3.4.2) *CVE-2005-1849 version (zlib, fixed 1.2.3) -*CVE-2005-1831 ignore (sudo) unsubstantiated report +CVE-2005-1831 ignore (sudo) unsubstantiated report *CVE-2005-1769 version (squirrelmail, fixed 1.4.5) *CVE-2005-1768 version (kernel, fixed 2.6.6) *CVE-2005-1767 version (kernel, fixed 2.6.7) @@ -1451,7 +1451,7 @@ *CVE-2005-1762 version (kernel, fixed 2.6.12) *CVE-2005-1761 version (kernel, fixed 2.6.12.2) *CVE-2005-1760 version (sysreport, fixed 1.4.1-3) -*CVE-2005-1759 ignore (php) dead code path +CVE-2005-1759 ignore (php) dead code path *CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used *CVE-2005-1753 (tomcat) *CVE-2005-1751 version (nmap, fixed 3.93 at least) @@ -1463,11 +1463,11 @@ *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch *CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least) *CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch -*CVE-2005-1689 version (krb5, fixed 1.4.2) +CVE-2005-1689 version (krb5, fixed 1.4.2) *CVE-2005-1686 ignore (gedit) not a vulnerability *CVE-2005-1636 version (mysql, fixed 4.1.12) *CVE-2005-1589 version (kernel, fixed 2.6.11.10) -*CVE-2005-1571 version (php, fixed shtool 2.0.2) +CVE-2005-1571 version (php, fixed shtool 2.0.2) *CVE-2005-1544 version (libtiff, fixed 3.7.1 at least) *CVE-2005-1532 version (thunderbird) *CVE-2005-1532 version (firefox, fixed 1.0.4) @@ -1518,8 +1518,8 @@ *CVE-2005-1228 backport (gzip) changelog *CVE-2005-1194 backport (nasm) changelog *CVE-2005-1184 ignore (kernel) expected to not be an issue -*CVE-2005-1175 version (krb5, fixed 1.4.2) -*CVE-2005-1174 version (krb5, fixed 1.4.2) +CVE-2005-1175 version (krb5, fixed 1.4.2) +CVE-2005-1174 version (krb5, fixed 1.4.2) *CVE-2005-1160 version (thunderbird) *CVE-2005-1160 version (firefox) *CVE-2005-1159 version (thunderbird) @@ -1534,8 +1534,8 @@ *CVE-2005-1065 version (tetex) not upstream version *CVE-2005-1061 version (logwatch, fixed 4.3.2 at least) *CVE-2005-1046 version (kdelibs, fixed after 3.4.0) -*CVE-2005-1043 version (php, fixed 4.3.11) -*CVE-2005-1042 version (php, fixed 4.3.11) +CVE-2005-1043 version (php, fixed 4.3.11) +CVE-2005-1042 version (php, fixed 4.3.11) *CVE-2005-1041 version (kernel, fixed 2.6.12) *CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue CVE-2005-1038 backport (vixie-cron) vixie-cron-4.1-CAN-2005-1038-fix-race.patch @@ -1593,7 +1593,7 @@ *CVE-2005-0611 (helixplayer) *CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) *CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour -*CVE-2005-0596 version (php, fixed 5.0) +CVE-2005-0596 version (php, fixed 5.0) *CVE-2005-0593 version (firefox) *CVE-2005-0592 version (firefox) *CVE-2005-0591 version (firefox, fixed 1.0.1) @@ -1614,20 +1614,20 @@ *CVE-2005-0530 version (kernel, fixed 2.6.11) *CVE-2005-0529 version (kernel, fixed 2.6.11) *CVE-2005-0527 version (firefox, fixed 1.0.1) -*CVE-2005-0525 version (php, fixed 5.0.4) -*CVE-2005-0524 version (php, fixed 5.0.4) +CVE-2005-0525 version (php, fixed 5.0.4) +CVE-2005-0524 version (php, fixed 5.0.4) *CVE-2005-0509 version (mono, not after 1.0.5) *CVE-2005-0504 version (kernel, not 2.6) doesn't build in 2.6 *CVE-2005-0490 version (curl, fixed 7.13.1) *CVE-2005-0489 version (kernel, not 2.6) *CVE-2005-0488 backport (telnet) -*CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch +CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch CVE-2005-0473 version (gaim, fixed gaim:1.5.0) CVE-2005-0472 version (gaim, fixed gaim:1.5.0) *CVE-2005-0470 version (wpa_supplicant, fixed 0.2.7) -*CVE-2005-0469 version (krb5, fixed 1.4.1) +CVE-2005-0469 version (krb5, fixed 1.4.1) *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch -*CVE-2005-0468 version (krb5, fixed 1.4.1) +CVE-2005-0468 version (krb5, fixed 1.4.1) *CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch *CVE-2005-0455 (helixplayer) *CVE-2005-0452 (perl) @@ -1728,10 +1728,10 @@ *CVE-2005-0069 version (vim, fixed 7.0 at least) *CVE-2005-0064 version (tetex, fixed 3.0) *CVE-2005-0064 version (kdegraphics, not 3.4) -*CVE-2005-0064 version (cups, fixed 1.2.2) +CVE-2005-0064 version (cups, fixed 1.2.2) *CVE-2005-0039 ignore (kernel) not a vulnerability: don't do this says the rfc -*CVE-2005-0034 version (bind, fixed after 9.3.0) -*CVE-2005-0033 version (bind, not 9) +CVE-2005-0034 version (bind, fixed after 9.3.0) +CVE-2005-0033 version (bind, not 9) *CVE-2005-0023 ignore (libvte) not a security risk *CVE-2005-0022 (exim) *CVE-2005-0014 version (ncpfs, fixed 2.2.6) @@ -1770,7 +1770,7 @@ *CVE-2004-2228 version (firefox, fixed 1.0) *CVE-2004-2227 version (firefox, fixed 1.0) *CVE-2004-2225 version (firefox, fixed 0.10.1) -*CVE-2004-2154 version (cups, fixed 1.2.21rc1) +CVE-2004-2154 version (cups, fixed 1.1.21rc1) *CVE-2004-2149 version (mysql, fixed 4.1.5) *CVE-2004-2136 ignore (dm-crypt) design *CVE-2004-2135 ignore (kernel) design @@ -1784,7 +1784,7 @@ *CVE-2004-1773 version (sharutils, not 4.6) *CVE-2004-1772 version (sharutils, not 4.6) *CVE-2004-1761 version (wireshark, fixed 0.10.3) -*CVE-2004-1689 version (sudo, fixed 1.6.8p1) +CVE-2004-1689 version (sudo, fixed 1.6.8p1) CVE-2004-1653 ignore (openssh) *CVE-2004-1639 version (firefox) *CVE-2004-1617 ignore (lynx) not able to verify flaw @@ -1798,7 +1798,7 @@ *CVE-2004-1450 version (firefox) *CVE-2004-1449 version (thunderbird) *CVE-2004-1449 version (firefox) -*CVE-2004-1392 version (php, fixed 5.0.4) +CVE-2004-1392 version (php, fixed 5.0.4) *CVE-2004-1382 version (glibc, not 2.3.5) *CVE-2004-1381 version (firefox) *CVE-2004-1380 version (firefox) @@ -1812,12 +1812,12 @@ *CVE-2004-1308 version (libtiff, fixed 3.7.1 at least) *CVE-2004-1307 version (libtiff, was already fixed with 0886) *CVE-2004-1304 version (file, fixed 4.12) -*CVE-2004-1296 backport (groff) from srpm +CVE-2004-1296 backport (groff) patch groff-1.18.1.1-tempfile.patch *CVE-2004-1287 backport (nasm) changelog -*CVE-2004-1270 version (cups, fixed 1.1.23) -*CVE-2004-1269 version (cups, fixed 1.1.23) -*CVE-2004-1268 version (cups, fixed 1.1.23) -*CVE-2004-1267 version (cups, fixed 1.1.23) +CVE-2004-1270 version (cups, fixed 1.1.23) +CVE-2004-1269 version (cups, fixed 1.1.23) +CVE-2004-1268 version (cups, fixed 1.1.23) +CVE-2004-1267 version (cups, fixed 1.1.23) *CVE-2004-1237 version (kernel, not 2.6) not upstream *CVE-2004-1235 version (kernel, fixed 2.6.11) *CVE-2004-1234 version (kernel, not 2.6) @@ -1825,7 +1825,7 @@ *CVE-2004-1200 ignore (firefox, mozilla) not a security issue *CVE-2004-1191 version (kernel, fixed 2.6.9) *CVE-2004-1190 version (kernel, fixed 2.6.10) -*CVE-2004-1189 version (krb5, fixed 1.4) +CVE-2004-1189 version (krb5, fixed 1.4) *CVE-2004-1186 backport (enscript) enscript-1.6.1-CAN-2004-1186.patch *CVE-2004-1185 backport (enscript) enscript-1.6.1-CAN-2004-1185.patch *CVE-2004-1184 version (enscript, fixed 1.6.4 at least) @@ -1867,20 +1867,20 @@ *CVE-2004-1070 version (kernel, fixed 2.6.10) *CVE-2004-1069 version (kernel, fixed 2.6.10) *CVE-2004-1068 version (kernel, fixed 2.6.10) -*CVE-2004-1065 version (php, fixed after 5.0.2) -*CVE-2004-1064 version (php, fixed after 5.0.2) -*CVE-2004-1063 version (php, fixed after 5.0.2) +CVE-2004-1065 version (php, fixed after 5.0.2) +CVE-2004-1064 version (php, fixed after 5.0.2) +CVE-2004-1063 version (php, fixed after 5.0.2) *CVE-2004-1060 version (kernel) all verifies sequence number *CVE-2004-1058 version (kernel, fixed 2.6.9) *CVE-2004-1057 version (kernel, fixed 2.6.10) *CVE-2004-1056 version (kernel, fixed 2.6.10) -*CVE-2004-1051 version (sudo, fixed 1.6.8p2) +CVE-2004-1051 version (sudo, fixed 1.6.8p2) *CVE-2004-1036 version (squirrelmail, fixed 1.4.4) *CVE-2004-1026 patch (imlib, fixed 1.9.15-2) #235416 *CVE-2004-1025 patch (imlib, fixed 1.9.15-2) #235416 -*CVE-2004-1020 version (php, fixed after 5.0.2) -*CVE-2004-1019 version (php, fixed after 5.0.2) -*CVE-2004-1018 version (php, fixed after 5.0.2) +CVE-2004-1020 version (php, fixed after 5.0.2) +CVE-2004-1019 version (php, fixed after 5.0.2) +CVE-2004-1018 version (php, fixed after 5.0.2) *CVE-2004-1017 version (kernel, fixed 2.6.10) *CVE-2004-1016 version (kernel, fixed 2.6.10) *CVE-2004-1014 version (nfs-utils, fixed 1.0.7) @@ -1902,16 +1902,16 @@ *CVE-2004-0975 backport (openssl097a, fixed 0.9.7f) *CVE-2004-0974 version (netatalk, fixed 2.0.1) *CVE-2004-0972 version (lvm2, fixed 2.2.01.8 at least) -*CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch +CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch *CVE-2004-0970 version (gzip) -*CVE-2004-0969 version (groff, fixed 1.18.1.1) +CVE-2004-0969 version (groff, fixed 1.18.1.1) *CVE-2004-0968 version (glibc, fixed 2.3.5 at least) *CVE-2004-0967 version (ghostscript, fixed 8.15.1) *CVE-2004-0966 version (gettext, fixed 0.14.3 at least) *CVE-2004-0961 version (freeradius, fixed 1.0.1) *CVE-2004-0960 version (freeradius, fixed 1.0.1) -*CVE-2004-0959 version (php, fixed 4.3.9) -*CVE-2004-0958 version (php, fixed 4.3.9) +CVE-2004-0959 version (php, fixed 4.3.9) +CVE-2004-0958 version (php, fixed 4.3.9) *CVE-2004-0957 version (mysql, fixed 4.0.21) *CVE-2004-0956 version (mysql, fixed 4.0.20) *CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6) @@ -1921,7 +1921,7 @@ *CVE-2004-0938 version (freeradius, fixed 1.0.1) *CVE-2004-0930 version (samba, fixed 3.0.8) *CVE-2004-0929 version (libtiff, fixed 3.7.0) -*CVE-2004-0923 version (cups, fixed 1.2.22) +CVE-2004-0923 version (cups, fixed 1.1.22) CVE-2004-0918 version (squid, fixed 2.4.STABLE7) *CVE-2004-0914 version (xorg-x11, fixed after 6.8.1) *CVE-2004-0909 version (thunderbird) @@ -1933,7 +1933,7 @@ CVE-2004-0891 version (gaim, fixed gaim:1.0.2) *CVE-2004-0888 version (tetex, fixed 3.0) *CVE-2004-0888 version (kdegraphics, not 3.4) -*CVE-2004-0888 version (cups) +*CVE-2004-0888 version (cups, fixed 1.2) *CVE-2004-0887 version (kernel, fixed 2.6.10) *CVE-2004-0886 version (libtiff, fixed 3.7.1 at least) *CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109) @@ -1982,7 +1982,7 @@ *CVE-2004-0779 version (thunderbird) *CVE-2004-0779 version (firefox) *CVE-2004-0778 version (cvs, fixed 1.11.17) -*CVE-2004-0772 version (krb5, fixed after 1.2.8) +CVE-2004-0772 version (krb5, fixed after 1.2.8) *CVE-2004-0768 version (libpng, fixed 1.2.6) *CVE-2004-0755 version (ruby, fixed 1.8.1) CVE-2004-0754 version (gaim, fixed gaim:0.82.1) @@ -2006,9 +2006,9 @@ *CVE-2004-0658 ignore (kernel) not a security issue *CVE-2004-0648 version (thunderbird) *CVE-2004-0648 version (firefox) -*CVE-2004-0644 version (krb5, fixed after 1.3.4) -*CVE-2004-0643 version (krb5, fixed after 1.3.1) -*CVE-2004-0642 version (krb5, fixed after 1.3.4) +CVE-2004-0644 version (krb5, fixed after 1.3.4) +CVE-2004-0643 version (krb5, fixed after 1.3.1) +CVE-2004-0642 version (krb5, fixed after 1.3.4) *CVE-2004-0639 version (squirrelmail, fixed after 1.2.10) *CVE-2004-0635 version (wireshark, fixed 0.10.5) *CVE-2004-0634 version (wireshark, fixed 0.10.5) @@ -2023,11 +2023,11 @@ *CVE-2004-0599 version (libpng, fixed 1.2.6) *CVE-2004-0598 version (libpng, fixed 1.2.6) *CVE-2004-0597 version (libpng, fixed 1.2.6) -*CVE-2004-0595 version (php, fixed 4.3.8) -*CVE-2004-0594 version (php, fixed 4.3.8) +CVE-2004-0595 version (php, fixed 4.3.8) +CVE-2004-0594 version (php, fixed 4.3.8) *CVE-2004-0592 version (kernel) not upstream flaw *CVE-2004-0587 version (kernel) not upstream flaw -*CVE-2004-0558 version (cups, fixed 1.1.21) +CVE-2004-0558 version (cups, fixed 1.1.21) *CVE-2004-0557 version (sox, fixed after 12.17.4) *CVE-2004-0554 version (kernel, fixed 2.6.7) *CVE-2004-0550 (helixplayer) @@ -2036,7 +2036,7 @@ CVE-2004-0541 version (squid, fixed 2.5.STABLE6) *CVE-2004-0535 version (kernel, fixed 2.6.6) *CVE-2004-0527 version (konqueror, not 3+) -*CVE-2004-0523 version (krb5, fixed 1.3.4) +CVE-2004-0523 version (krb5, fixed 1.3.4) *CVE-2004-0521 version (squirrelmail, fixed 1.4.3a) *CVE-2004-0520 version (squirrelmail, fixed 1.4.3a) *CVE-2004-0519 version (squirrelmail, fixed 1.4.3a) @@ -2071,7 +2071,7 @@ *CVE-2004-0413 version (subversion, fixed 1.0.5) *CVE-2004-0412 version (mailman, fixed 2.1.5) *CVE-2004-0411 version (kdelibs, fixed 3.3) -*CVE-2004-0409 version (xchat, fixed 2.0.9) +CVE-2004-0409 version (xchat, fixed 2.0.9) *CVE-2004-0405 version (cvs, fixed 1.11) *CVE-2004-0403 version (racoon, fixed ipsec-tools-0.6.5 at least) *CVE-2004-0398 version (neon, fixed 0.24.6) @@ -2084,7 +2084,7 @@ *CVE-2004-0381 version (mysql, fixed 4.1.11 at least) *CVE-2004-0367 version (wireshark, fixed 0.10.3) *CVE-2004-0365 version (wireshark, fixed 0.10.3) -*CVE-2004-0263 version (php, fixed 4.3.5) +CVE-2004-0263 version (php, fixed 4.3.5) *CVE-2004-0256 version (libtool, fixed 1.5.2) *CVE-2004-0233 version (libutempter, fixed 0.5.5) *CVE-2004-0232 version (mc, fixed 4.6.0) @@ -2107,7 +2107,7 @@ *CVE-2004-0177 version (kernel, fixed 2.6.6) *CVE-2004-0176 version (wireshark, fixed 0.10.3) CVE-2004-0175 version (openssh, fixed 3.4p1) -*CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch +CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch *CVE-2004-0174 version (httpd, not 2.2) *CVE-2004-0173 version (httpd, not 2.2) *CVE-2004-0164 version (racoon) @@ -2124,7 +2124,7 @@ *CVE-2004-0108 version (sysstat) *CVE-2004-0107 version (sysstat, fixed after 4.0.7) *CVE-2004-0106 version (XFree86) -*CVE-2004-0098 version (php) +CVE-2004-0098 ignore (php) no security implications *CVE-2004-0097 version (pwlib, fixed 1.6.0) *CVE-2004-0096 version (mod_python, fixed after 2.7.9) *CVE-2004-0094 version (XFree86, fixed 4.3.0) @@ -2151,9 +2151,9 @@ *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) CVE-2003-1329 ignore, no-ship (wu-ftpd) -*CVE-2003-1307 ignore (mod_php) not a vulnerability -*CVE-2003-1303 version (php, fixed 4.3.3) -*CVE-2003-1302 version (php, fixed 4.3.1) +CVE-2003-1307 ignore (mod_php) not a vulnerability +CVE-2003-1303 version (php, fixed 4.3.3) +CVE-2003-1302 version (php, fixed 4.3.1) *CVE-2003-1295 (xscreensaver) *CVE-2003-1294 (xscreensaver) *CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 @@ -2196,14 +2196,14 @@ *CVE-2003-0926 version (wireshark, fixed 0.9.16) *CVE-2003-0925 version (wireshark, fixed 0.9.16) *CVE-2003-0924 version (netpbm, fixed 9.26) -*CVE-2003-0914 version (bind, not 9) +CVE-2003-0914 version (bind, not 9) *CVE-2003-0901 version (postgresql, not 8) *CVE-2003-0900 version (perl, only 5.8.1) *CVE-2003-0885 (xscreensaver) *CVE-2003-0865 version (tomcat, fixed after 4.0.3) -*CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html -*CVE-2003-0861 version (php, fixed 4.3.3) -*CVE-2003-0860 version (php, fixed 4.3.3) +CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html +CVE-2003-0861 version (php, fixed 4.3.3) +CVE-2003-0860 version (php, fixed 4.3.3) *CVE-2003-0859 version (glibc, checked fc5 source) *CVE-2003-0858 version (quagga, fixed 0.95) *CVE-2003-0856 version (iproute) @@ -2216,7 +2216,7 @@ *CVE-2003-0793 version (gdm, fixed 2.4.1.7) *CVE-2003-0792 version (fetchmail, 6.2.4 only) *CVE-2003-0789 version (httpd, not 2.2) -*CVE-2003-0788 version (cups, fixed 1.1.19) +CVE-2003-0788 version (cups, fixed 1.1.19) CVE-2003-0787 version (openssh, fixed 3.7.1p2) CVE-2003-0786 version (openssh, fixed 3.7.1p2) *CVE-2003-0780 version (mysql, not 4.1) @@ -2275,7 +2275,7 @@ *CVE-2003-0461 version (kernel, fixed 2.6.1) *CVE-2003-0459 version (kdelibs, not 3.2) *CVE-2003-0455 version (ImageMagick) -*CVE-2003-0442 version (php, fixed 4.3.2) +CVE-2003-0442 version (php, fixed 4.3.2) *CVE-2003-0432 version (wireshark, fixed after 0.9.12) *CVE-2003-0431 version (wireshark, fixed after 0.9.12) *CVE-2003-0430 version (wireshark, fixed after 0.9.12) @@ -2301,7 +2301,7 @@ *CVE-2003-0253 version (httpd, not 2.2) *CVE-2003-0252 version (nfs-utils, fixed 1.0.4) *CVE-2003-0251 version (ypserv, fixed 2.7) -*CVE-2003-0249 ignore (php) see CVE +CVE-2003-0249 ignore (php) see CVE *CVE-2003-0248 version (kernel, not 2.6) *CVE-2003-0247 version (kernel, not 2.6) *CVE-2003-0246 version (kernel, not 2.6) @@ -2312,7 +2312,7 @@ *CVE-2003-0204 version (kde, fixed after 3.1.1) *CVE-2003-0201 version (samba, fixed 2.2.8a) *CVE-2003-0196 version (samba, fixed 2.2.8a) -*CVE-2003-0195 version (cups, fixed 1.1.19) +CVE-2003-0195 version (cups, fixed 1.1.19) *CVE-2003-0194 version (tcpdump, not upstream) *CVE-2003-0192 version (httpd, not 2.2) CVE-2003-0190 version (openssh, fixed after 3.6.1p1) @@ -2320,7 +2320,7 @@ *CVE-2003-0188 version (lv, fixed 4.51 at least) *CVE-2003-0187 version (kernel, not 2.6) *CVE-2003-0167 version (mutt, fixed 1.4.1) -*CVE-2003-0166 version (php, fixed 4.3.2) +CVE-2003-0166 version (php, fixed 4.3.2) *CVE-2003-0165 version (eog, fixed 2.2.2) *CVE-2003-0161 version (sendmail, fixed 8.12.9) *CVE-2003-0160 version (squirrelmail, fixed 1.2.11) @@ -2331,8 +2331,8 @@ *CVE-2003-0146 version (netpbm, fixed 10.18) *CVE-2003-0145 version (tcpdump, fixed 3.7.2) *CVE-2003-0140 version (mutt, fixed 1.4.1) -*CVE-2003-0139 version (krb5, fixed 1.3) -*CVE-2003-0138 version (krb5, fixed 1.3) +CVE-2003-0139 version (krb5, fixed 1.3) +CVE-2003-0138 version (krb5, fixed 1.3) *CVE-2003-0135 version (vsftpd, not upstream) *CVE-2003-0133 version (evolution, fixed 1.2.4) *CVE-2003-0132 version (httpd, not 2.2) @@ -2346,28 +2346,28 @@ *CVE-2003-0108 version (tcpdump, fixed after 3.7.1) *CVE-2003-0107 version (zlib, fixed 1.2.0.2 at least) *CVE-2003-0102 version (file, fixed 3.41) -*CVE-2003-0097 version (php, fixed 4.3.1) +CVE-2003-0097 version (php, fixed 4.3.1) *CVE-2003-0093 version (tcpdump, fixed 3.7.2) *CVE-2003-0086 version (samba, fixed 2.2.8) *CVE-2003-0085 version (samba, fixed 2.2.8) *CVE-2003-0083 version (httpd, not 2.2) -*CVE-2003-0082 version (krb5, fixed after 1.2.7) +CVE-2003-0082 version (krb5, fixed after 1.2.7) *CVE-2003-0081 version (wireshark, fixed after 0.9.9) *CVE-2003-0078 version (openssl, not 0.9.8) *CVE-2003-0078 version (openssl097a, fixed 0.9.7a) *CVE-2003-0073 version (mysql, fixed 3.23.55) -*CVE-2003-0072 version (krb5, fixed after 1.2.7) +CVE-2003-0072 version (krb5, fixed after 1.2.7) *CVE-2003-0071 version (xorg-x11, fixed in 6.8.2 at least) *CVE-2003-0070 version (vte, fixed 0.11.1 at least) *CVE-2003-0063 version (xorg-x11, fixed in 4.2.99 at least) -*CVE-2003-0060 version (krb5, fixed 1.2.5) -*CVE-2003-0059 version (krb5, fixed 1.2.5) -*CVE-2003-0058 version (krb5, fixed 1.2.5) +CVE-2003-0060 version (krb5, fixed 1.2.5) +CVE-2003-0059 version (krb5, fixed 1.2.5) +CVE-2003-0058 version (krb5, fixed 1.2.5) *CVE-2003-0044 version (tomcat, fixed after 3.3.1a) *CVE-2003-0043 version (tomcat, fixed 3.3.1a) -*CVE-2003-0041 version (krb5, fixed after 1.2.7) +CVE-2003-0041 version (krb5, fixed after 1.2.7) *CVE-2003-0038 version (mailman, fixed 2.0.13 at least) -*CVE-2003-0028 version (krb5, fixed after 1.2.7) +CVE-2003-0028 version (krb5, fixed after 1.2.7) *CVE-2003-0028 version (glibc, fixed after 2.3.1) *CVE-2003-0026 version (dhcp, fixed 3.0.1) *CVE-2003-0020 version (httpd, not 2.2) @@ -2377,9 +2377,9 @@ *CVE-2003-0016 version (httpd, not 2.2) *CVE-2003-0015 version (cvs, fixed 1.11.5) *CVE-2003-0001 version (kernel, not 2.6) -*CVE-2002-2215 version (php, fixed 4.3.0) -*CVE-2002-2214 version (php, fixed 4.2.2) -*CVE-2002-2211 ignore (bind) see http://www.kb.cert.org/vuls/id/457875 +CVE-2002-2215 version (php, fixed 4.3.0) +CVE-2002-2214 version (php, fixed 4.2.2) +CVE-2002-2211 ignore (bind) see http://www.kb.cert.org/vuls/id/457875 *CVE-2002-2210 ignore (openoffice) binary install only (not rpm install) *CVE-2002-2204 ignore (rpm) by design *CVE-2002-2196 version (samba, fixed 2.2.5) @@ -2399,7 +2399,7 @@ *CVE-2002-1827 version (sendmail, fixed after 8.12.3) *CVE-2002-1814 ignore (libbonobo) not shipped setuid *CVE-2002-1793 version (mod_ssl) not upstream, only hp -*CVE-2002-1783 version (php, fixed after 4.2.3) +CVE-2002-1783 version (php, fixed after 4.2.3) *CVE-2002-1765 version (evolution, fixed 1.0.5) *CVE-2002-1658 ignore (httpd) not a vulnerability *CVE-2002-1657 ignore (postgresql) upstream disagree @@ -2433,13 +2433,13 @@ *CVE-2002-1399 version (postgresql, fixed 7.2.3) *CVE-2002-1398 version (postgresql, fixed 7.2.2) *CVE-2002-1397 version (postgresql, fixed 7.2.3) -*CVE-2002-1396 version (php, fixed 4.3.0) +CVE-2002-1396 version (php, fixed 4.3.0) *CVE-2002-1394 version (tomcat, fixed 4.0.6) *CVE-2002-1393 version (kde, fixed 3.0.5a) *CVE-2002-1392 version (mgetty, fixed 1.1.29) *CVE-2002-1391 version (mgetty, fixed 1.1.29) -*CVE-2002-1384 version (cups, fixed 1.1.18) -*CVE-2002-1383 version (cups, fixed 1.1.18) +CVE-2002-1384 version (cups, fixed 1.1.18) +CVE-2002-1383 version (cups, fixed 1.1.18) *CVE-2002-1380 version (kernel, not 2.6) *CVE-2002-1379 version (openldap, not 2.3.24+) *CVE-2002-1378 version (openldap, not 2.3.24+) @@ -2448,12 +2448,12 @@ *CVE-2002-1375 version (mysql, fixed 4.0.6) *CVE-2002-1374 version (mysql, fixed 4.0.6) *CVE-2002-1373 version (mysql, fixed 3.23.54) -*CVE-2002-1372 version (cups, fixed 1.1.18) -*CVE-2002-1371 version (cups, fixed 1.1.18) -*CVE-2002-1369 version (cups, fixed 1.1.18) -*CVE-2002-1368 version (cups, fixed 1.1.18) -*CVE-2002-1367 version (cups, fixed 1.1.18) -*CVE-2002-1366 version (cups, fixed 1.1.18) +CVE-2002-1372 version (cups, fixed 1.1.18) +CVE-2002-1371 version (cups, fixed 1.1.18) +CVE-2002-1369 version (cups, fixed 1.1.18) +CVE-2002-1368 version (cups, fixed 1.1.18) +CVE-2002-1367 version (cups, fixed 1.1.18) +CVE-2002-1366 version (cups, fixed 1.1.18) *CVE-2002-1365 version (fetchmail, fixed 6.2.0) *CVE-2002-1363 version (libpng, fixed 1.2.6) *CVE-2002-1356 version (wireshark, fixed after 0.9.7) @@ -2474,15 +2474,15 @@ *CVE-2002-1281 version (kde, fixed 3.0.5) *CVE-2002-1276 version (squirrelmail, fixed 1.4.2) *CVE-2002-1247 version (kdenetwork, fixed 3.0.5) -*CVE-2002-1235 version (krb5, fixed after 1.2.6) +CVE-2002-1235 version (krb5, fixed after 1.2.6) *CVE-2002-1233 ignore (httpd) Debian regression *CVE-2002-1232 version (ypserv, fixed 2.5) *CVE-2002-1227 version (pam, only 0.76) *CVE-2002-1224 version (kde, fixed 3.0.4) *CVE-2002-1223 version (kdegraphics, fixed 3.0.4) -*CVE-2002-1221 version (bind, not 9) -*CVE-2002-1220 version (bind, not 9) -*CVE-2002-1219 version (bind, not 9) +CVE-2002-1221 version (bind, not 9) +CVE-2002-1220 version (bind, not 9) +CVE-2002-1219 version (bind, not 9) *CVE-2002-1217 version (tar, fixed 1.13.25) *CVE-2002-1175 version (fetchmail, fixed 6.2.0) *CVE-2002-1174 version (fetchmail, fixed 6.2.0) @@ -2495,12 +2495,12 @@ *CVE-2002-1151 version (kdenetwork, fixed 3.0.3a) *CVE-2002-1148 version (tomcat, fixed 4.0.5) *CVE-2002-1146 version (glibc, fixed 2.2.6) -*CVE-2002-1146 version (bind, not 8.3+) +CVE-2002-1146 version (bind, not 8.3+) *CVE-2002-1131 version (squirrelmail, fixed 1.2.8) *CVE-2002-1119 version (python, fixed 2.2.2) CVE-2002-0989 version (gaim, fixed gaim:0.59.1) -*CVE-2002-0986 version (php, fixed 4.2.3) -*CVE-2002-0985 version (php, fixed 4.2.3) +CVE-2002-0986 version (php, fixed 4.2.3) +CVE-2002-0985 version (php, fixed 4.2.3) *CVE-2002-0972 version (postgresql, fixed 7.2.2) *CVE-2002-0970 version (kdenetwork, fixed 3.0.3) *CVE-2002-0935 version (tomcat, fixed 4.1.3) @@ -2524,7 +2524,7 @@ *CVE-2002-0760 version (bzip2, fixed 1.0.2) *CVE-2002-0759 version (bzip2, fixed 1.0.2) *CVE-2002-0728 version (libpng, fixed 1.2.4) -*CVE-2002-0717 version (php, fixed 4.2.2) +CVE-2002-0717 version (php, fixed 4.2.2) CVE-2002-0715 version (squid, fixed 2.4.STABLE6) CVE-2002-0714 version (squid, fixed 2.4.STABLE6) CVE-2002-0713 version (squid, fixed 2.4.STABLE6) @@ -2543,7 +2543,7 @@ *CVE-2002-0655 version (openssl, not 0.9.8) *CVE-2002-0655 version (openssl097a, not 0.9.7) *CVE-2002-0653 version (mod_ssl, not httpd 2.2) -*CVE-2002-0651 version (bind, not 9) +CVE-2002-0651 version (bind, not 9) CVE-2002-0640 version (openssh, fixed after 3.3) CVE-2002-0639 version (openssh, fixed after 3.3) *CVE-2002-0638 version (util-linux, fixed 2.13 at least) @@ -2562,15 +2562,15 @@ *CVE-2002-0403 version (wireshark, fixed ethereal 0.9.3) *CVE-2002-0402 version (wireshark, fixed ethereal 0.9.3) *CVE-2002-0401 version (wireshark, fixed ethereal 0.9.3) -*CVE-2002-0400 version (bind, fixed 9.2.1) +CVE-2002-0400 version (bind, fixed 9.2.1) *CVE-2002-0399 version (tar, fixed 1.13.26) *CVE-2002-0392 version (httpd, not 2.2) -*CVE-2002-0391 version (krb5, fixed after 1.2.5) +CVE-2002-0391 version (krb5, fixed after 1.2.5) *CVE-2002-0391 version (glibc, fixed after 2.2.5) *CVE-2002-0389 ignore (mailman) upstream say not a vulnerability *CVE-2002-0388 version (mailman, fixed 2.0.11) CVE-2002-0384 version (gaim, fixed gaim:0.58) -*CVE-2002-0382 version (xchat, fixed 1.9.1) +CVE-2002-0382 version (xchat, fixed 1.9.1) *CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) *CVE-2002-0379 version (imap, vuln code removed imap-2002) CVE-2002-0377 version (gaim, fixed gaim:0.58) @@ -2579,12 +2579,12 @@ *CVE-2002-0353 version (wireshark, fixed ethereal 0.9.3) *CVE-2002-0342 version (kde, not 2.2+) *CVE-2002-0318 version (freeradius, fixed 0.7) -*CVE-2002-0253 ignore (php) not a vulnerability -*CVE-2002-0240 ignore (php) windows only +CVE-2002-0253 ignore (php) not a vulnerability +CVE-2002-0240 ignore (php) windows only *CVE-2002-0232 version (mrtg, not 2.11.1 at least) -*CVE-2002-0229 version (php) +CVE-2002-0229 ignore (php) safe mode isn't safe *CVE-2002-0185 version (mod_python, fixed 2.7.7) -*CVE-2002-0184 version (sudo, fixed 1.6.6) +CVE-2002-0184 version (sudo, fixed 1.6.6) *CVE-2002-0180 version (webalizer, fixed 2.01-10) *CVE-2002-0169 ignore (docbook) was RHL only *CVE-2002-0165 version (logwatch, fixed 2.6) @@ -2595,16 +2595,16 @@ *CVE-2002-0146 version (fetchmail, fixed 5.9.10) *CVE-2002-0130 ignore (efax) not setuid root *CVE-2002-0129 ignore (efax) not setuid root -*CVE-2002-0121 version (php, fixed after 4.1.1) +CVE-2002-0121 version (php, fixed after 4.1.1) *CVE-2002-0092 version (cve, fixed 1.10.8) CVE-2002-0083 version (openssh, fixed 3.1) *CVE-2002-0082 version (mod_ssl, not httpd 2.2) -*CVE-2002-0081 version (php, not 4.2+) +CVE-2002-0081 version (php, not 4.2+) CVE-2002-0080 version (rsync, fixed 2.5.3) CVE-2002-0069 version (squid, fixed 2.4STABLE4) CVE-2002-0068 version (squid, fixed 2.4STABLE4) CVE-2002-0067 version (squid, fixed 2.4STABLE4) -*CVE-2002-0063 version (cups, fixed 1.1.14) +CVE-2002-0063 version (cups, fixed 1.1.14) *CVE-2002-0062 version (ncurses, only 5.0) *CVE-2002-0060 version (kernel, fixed 2.5.5) *CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc) @@ -2614,14 +2614,14 @@ *CVE-2002-0046 version (kernel, fixed 2.4.0) *CVE-2002-0045 version (openldap, fixed 2.0.20) *CVE-2002-0044 version (enscript, fixed 1.6.4 at least) -*CVE-2002-0043 version (sudo, fixed 1.6.4) -*CVE-2002-0036 version (krb5, fixed 1.2.5) -*CVE-2002-0029 version (bind, not 9) +CVE-2002-0043 version (sudo, fixed 1.6.4) +CVE-2002-0036 version (krb5, fixed 1.2.5) +CVE-2002-0029 version (bind, not 9) CVE-2002-0013 version (net-snmp, fixed 4.2.3) CVE-2002-0012 version (net-snmp, fixed 4.2.3) -*CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong +CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-11-lexer-parser.diff -*CVE-2002-0003 version (groff, fixed 1.17.2) +CVE-2002-0003 version (groff, fixed 1.17.2) *CVE-2002-0002 version (stunnel, fixed 3.22) *CVE-2002-0001 version (mutt, fixed 1.3.25) *CVE-2001-1494 version (util-linux, fixed 2.11n) @@ -2641,4 +2641,4 @@ CVE-1999-0997 ignore, no-ship (wu-ftpd) CVE-1999-0710 version (squid, fixed 2.5.STABLE10) CVE-1999-0473 version (rsync, fixed 2.3.1) -*CVE-1999-0103 (bind) +CVE-1999-0103 ignore (bind) this is the nature of UDP -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

1 0

fedora-security/audit fc7,1.24,1.25
by fedora-extras-commits＠redhat.com 27 Jun '07

27 Jun '07

Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1324 Modified Files: fc7 Log Message: Note a new helixplayer flaw Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- fc7 21 Jun 2007 18:54:16 -0000 1.24 +++ fc7 27 Jun 2007 20:12:10 -0000 1.25 @@ -5,6 +5,7 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3410 VULNERABLE (HelixPlayer) #245838 CVE-2007-3241 ** (wordpress) #245211 CVE-2007-3240 ** (wordpress) #245211 CVE-2007-3239 ** (wordpress) #245211 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

1 0

fedora-security/audit fc7,1.23,1.24
by fedora-extras-commits＠redhat.com 21 Jun '07

21 Jun '07

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19540 Modified Files: fc7 Log Message: Note tomcat5, subversion Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- fc7 21 Jun 2007 18:40:46 -0000 1.23 +++ fc7 21 Jun 2007 18:54:16 -0000 1.24 @@ -61,6 +61,9 @@ CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] *CVE-2007-2452 (locate) +CVE-2007-2450 VULNERABLE (tomcat5) #244810 +CVE-2007-2449 VULNERABLE (tomcat5) #244810 +CVE-2007-2448 VULNERABLE (subversion, fixed 1.4.4) #243856 *CVE-2007-2447 (samba) *CVE-2007-2446 (samba) *CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398 @@ -159,6 +162,7 @@ *CVE-2007-1366 ** (qemu) #238723 *CVE-2007-1362 version (seamonkey, fixed 1.0.9) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 +CVE-2007-1358 ** (tomcat5) #244810 *CVE-2007-1354 (jboss) *CVE-2007-1352 VULNERABLE (libXfont) #235265 *CVE-2007-1351 VULNERABLE (libXfont) #235265 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

1 0

fedora-security/audit fc7, 1.22, 1.23 fe5, 1.207, 1.208 fe6, 1.121, 1.122
by fedora-extras-commits＠redhat.com 21 Jun '07

21 Jun '07

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19158 Modified Files: fc7 fe5 fe6 Log Message: Catch up with recent clamav CVEs. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- fc7 21 Jun 2007 18:03:32 -0000 1.22 +++ fc7 21 Jun 2007 18:40:46 -0000 1.23 @@ -17,10 +17,14 @@ CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3145 VULNERABLE (galeon) ** CVE-2007-3140 ** (wordpress) #245211 +CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.207 retrieving revision 1.208 diff -u -r1.207 -r1.208 --- fe5 21 Jun 2007 18:03:32 -0000 1.207 +++ fe5 21 Jun 2007 18:40:46 -0000 1.208 @@ -11,10 +11,14 @@ CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3140 ** (wordpress) #245211 +CVE-2007-3123 ** (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 ** (clamav, fixed 0.90.3) #245219 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3024 ** (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 ** (clamav, fixed 0.90.3) #245219 CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.121 retrieving revision 1.122 diff -u -r1.121 -r1.122 --- fe6 21 Jun 2007 18:03:32 -0000 1.121 +++ fe6 21 Jun 2007 18:40:46 -0000 1.122 @@ -11,10 +11,14 @@ CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3140 ** (wordpress) #245211 +CVE-2007-3123 ** (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 ** (clamav, fixed 0.90.3) #245219 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3024 ** (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 ** (clamav, fixed 0.90.3) #245219 CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2871 version (seamonkey, fixed 1.0.9) CVE-2007-2870 version (seamonkey, fixed 1.0.9) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

1 0

fedora-security/audit fc7, 1.21, 1.22 fe5, 1.206, 1.207 fe6, 1.120, 1.121
by fedora-extras-commits＠redhat.com 21 Jun '07

21 Jun '07

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14850 Modified Files: fc7 fe5 fe6 Log Message: Add new wordpress issues, note iscsi-initiator-utils update. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- fc7 21 Jun 2007 03:32:57 -0000 1.21 +++ fc7 21 Jun 2007 18:03:32 -0000 1.22 @@ -5,11 +5,18 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3241 ** (wordpress) #245211 +CVE-2007-3240 ** (wordpress) #245211 +CVE-2007-3239 ** (wordpress) #245211 +CVE-2007-3238 ** (wordpress) #245211 CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) +CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) +CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3145 VULNERABLE (galeon) ** +CVE-2007-3140 ** (wordpress) #245211 *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.206 retrieving revision 1.207 diff -u -r1.206 -r1.207 --- fe5 17 Jun 2007 07:09:12 -0000 1.206 +++ fe5 21 Jun 2007 18:03:32 -0000 1.207 @@ -2,10 +2,15 @@ ** are items that need attention +CVE-2007-3241 ** (wordpress) #245211 +CVE-2007-3240 ** (wordpress) #245211 +CVE-2007-3239 ** (wordpress) #245211 +CVE-2007-3238 ** (wordpress) #245211 CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3140 ** (wordpress) #245211 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.120 retrieving revision 1.121 diff -u -r1.120 -r1.121 --- fe6 17 Jun 2007 07:09:12 -0000 1.120 +++ fe6 21 Jun 2007 18:03:32 -0000 1.121 @@ -2,10 +2,15 @@ ** are items that need attention +CVE-2007-3241 ** (wordpress) #245211 +CVE-2007-3240 ** (wordpress) #245211 +CVE-2007-3239 ** (wordpress) #245211 +CVE-2007-3238 ** (wordpress) #245211 CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3140 ** (wordpress) #245211 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

1 0

Fedora 7 and the Security Response Team
by Josh Bressers 21 Jun '07

21 Jun '07

As everybody is no doubt aware, Fedora 7 is bringing a number of changes, one of which will be putting the burden of security on the Fedora Security Response Team. Right now it's basically the Red Hat Security Response Team working on Core, and not much of anything happening for Extras. This is going to change. I'm going to be filing a request for some resources sometime this week. I have an IRC bot and an xmlrpc server that will initially run from there. The long term goal is to host the various security related tools that don't yet exist. In the meantime, the task at hand should be to start tracking flaws for Fedora 7. What we usually would do at this point for core, is copy the fc6 file into fc7 in CVS. We then pour over the entries looking for questionable items. I'm thinking what we should do for Fedora 7, is merge the fe6 and fc6 files into a f7 (a better name is welcome) file, then start working through this file. We've never done this in a distributed manner before, so ideas are welcome. -- JB

7 16

fedora-security/audit fc7,1.20,1.21
by fedora-extras-commits＠redhat.com 20 Jun '07

20 Jun '07

Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19370 Modified Files: fc7 Log Message: Process clamav Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- fc7 20 Jun 2007 20:27:27 -0000 1.20 +++ fc7 21 Jun 2007 03:32:57 -0000 1.21 @@ -13,7 +13,7 @@ *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 -*CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3025 ignore (clamav, Solaris only) *CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 @@ -36,7 +36,7 @@ *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 *CVE-2007-2683 (mutt) *CVE-2007-2654 VULNERABLE (xfsdump) #240396 -*CVE-2007-2650 ** (clamav) #240395 +CVE-2007-2650 VULNERABLE (clamav, fixed in 0.90.3) #240395 *CVE-2007-2645 ignore (libexif) #240055 DoS only *CVE-2007-2637 patch (moin, fixed 1.5.7-2) *CVE-2007-2627 ** (wordpress) #239904 @@ -70,11 +70,11 @@ *CVE-2007-2165 VULNERABLE (proftpd) #237533 *CVE-2007-2138 (postgresql) *CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) -*CVE-2007-2029 ignore (clamav, 0.90/0.90.1 only) +CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) *CVE-2007-2028 (freeradius) *CVE-2007-2026 (file) *CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) -*CVE-2007-1997 ignore (clamav, 0.90/0.90.1 only) +CVE-2007-1997 version (clamav, fixed in 0.90.2) *CVE-2007-1995 (quagga) #240488 *CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 *CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2) @@ -89,7 +89,7 @@ *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 *CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 -*CVE-2007-1745 ignore (clamav, 0.90/0.90.1 only) #236703 +CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 *CVE-2007-1743 (httpd) *CVE-2007-1742 (httpd) *CVE-2007-1741 (httpd) @@ -203,8 +203,8 @@ *CVE-2007-0903 version (ejabberd, fixed 1.1.3) *CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 -*CVE-2007-0898 backport (clamav, fixed 0.88.7-2) #229202 -*CVE-2007-0897 backport (clamav, fixed 0.88.7-2) #229202 +CVE-2007-0898 version (clamav, fixed 0.90) #229202 +CVE-2007-0897 version (clamav, fixed 0.90) #229202 *CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 *CVE-2007-0884 ignore (mimedefang 2.59/2.60 not shipped) #228757 *CVE-2007-0857 version (moin, fixed 1.5.7) #228139 @@ -339,8 +339,8 @@ *CVE-2006-6498 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6497 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6493 (openldap) -*CVE-2006-6481 version (clamav, fixed 0.88.7) -*CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 +CVE-2006-6481 version (clamav, fixed 0.88.7) +CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 CVE-2006-6385 ignore (kernel) windows only *CVE-2006-6383 ignore (php) safe mode isn't safe *CVE-2006-6374 ** (phpMyAdmin) #218853 @@ -392,7 +392,7 @@ *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] *CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4) -*CVE-2006-5874 version (clamav, fixed 0.88.1) +CVE-2006-5874 version (clamav, fixed 0.88.1) *CVE-2006-5871 version (kernel, fixed 2.6.10) *CVE-2006-5870 (openoffice.org) *CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560 @@ -455,7 +455,7 @@ CVE-2006-5330 ignore, no-ship (flash-plugin) *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] -*CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 +CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 *CVE-2006-5276 VULNERABLE (snort) #229265 CVE-2006-5229 ignore (openssh) not reproduced *CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167 @@ -580,7 +580,7 @@ *CVE-2006-4227 version (mysql, fixed 5.0.26,5.1.12) #203434 [since FEDORA-2006-1297] *CVE-2006-4226 version (mysql, fixed 5.0.26,5.1.12) #203428 [since FEDORA-2006-1297] *CVE-2006-4192 patch (libmodplug, fixed 0.8-3) -*CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 +CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 *CVE-2006-4181 (gnuradius) *CVE-2006-4146 backport (gdb) *CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix @@ -593,7 +593,7 @@ *CVE-2006-4028 version (wordpress, fixed 2.0.4) #201989 *CVE-2006-4020 version (php, fixed 5.1.5) *CVE-2006-4019 version (squirrelmail, fixed 1.4.8) -*CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 +CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 *CVE-2006-3918 version (httpd, fixed 2.2.2) *CVE-2006-3913 patch (freeciv, fixed 2.0.8-5) #200545 *CVE-2006-3879 version (mikmod, not 3.1.6) @@ -785,7 +785,7 @@ *CVE-2006-2444 version (kernel, fixed 2.6.17) *CVE-2006-2442 patch (kphone, fixed 4.2-9) bz#192202 *CVE-2006-2440 version (ImageMagick, fixed 6.2.8 at least) -*CVE-2006-2427 ignore (clamav) not an issue bz#192076 +CVE-2006-2427 ignore (clamav) not an issue bz#192076 *CVE-2006-2414 version (dovecot, fixed 1.0.beta8) not a security issue *CVE-2006-2369 version (vnc, fixed 4.1.2) *CVE-2006-2366 ignore (openobex) we don't ship ircp @@ -824,7 +824,7 @@ *CVE-2006-1993 version (firefox, fixed 1.5.0.3) *CVE-2006-1991 version (php) *CVE-2006-1990 version (php) -*CVE-2006-1989 version (clamav, fixed 0.88.2) +CVE-2006-1989 version (clamav, fixed 0.88.2) *CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch *CVE-2006-1942 version (firefox, fixed 1.5.0.4) *CVE-2006-1940 version (wireshark, fixed 0.99.0) @@ -915,11 +915,11 @@ *CVE-2006-1656 version (util-vserver, fixed 0.30.210) *CVE-2006-1650 ignore (firefox) a number of reports don't confirm this *CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon -*CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 *CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050 *CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue -*CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 *CVE-2006-1608 ignore (php) safe mode isn't safe *CVE-2006-1577 version (mantis, fixed 1.0.5) bz#191089 *CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) @@ -1081,7 +1081,7 @@ *CVE-2006-0197 ignore (xorg-x11) not an issue *CVE-2006-0195 version (squirrelmail, fixed 1.4.6) *CVE-2006-0188 version (squirrelmail, fixed 1.4.6) -*CVE-2006-0162 version (clamav, fixed 0.88) +CVE-2006-0162 version (clamav, fixed 0.88) *CVE-2006-0151 (sudo) *CVE-2006-0150 (auth_ldap) *CVE-2006-0144 version (php-pear, not 1.4.4) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

1 0

fedora-security/audit fc7,1.19,1.20
by fedora-extras-commits＠redhat.com 20 Jun '07

20 Jun '07

Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22089 Modified Files: fc7 Log Message: Deal with a number of CVE ids. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- fc7 20 Jun 2007 18:59:53 -0000 1.19 +++ fc7 20 Jun 2007 20:27:27 -0000 1.20 @@ -85,7 +85,7 @@ *CVE-2007-1862 (httpd) *CVE-2007-1859 (xscreensaver) *CVE-2007-1858 (tomcat) -*CVE-2007-1856 VULNERABLE (vixie-cron) #235882 +CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 *CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 @@ -347,7 +347,7 @@ *CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] CVE-2006-6332 ignore (kernel) no support for madwifi -*CVE-2006-6305 ignore (net-snmp) already have the backported patch +CVE-2006-6305 ignore (net-snmp) already have the backported patch CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] *CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441] *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 @@ -388,7 +388,7 @@ *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 *CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508 *CVE-2006-5969 (fvwm) -*CVE-2006-5941 (net-snmp) +CVE-2006-5941 ignore (net-snmp) dupe CVE-2005-2177 *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] *CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4) @@ -767,7 +767,7 @@ *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch *CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC *CVE-2006-2613 ignore (firefox) This isn't an issue on FC -*CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_42-bz178431.patch +CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_48-security.patch *CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983 *CVE-2006-2563 ignore (php) safe mode isn't safe *CVE-2006-2502 (cyrus-imapd) @@ -1108,7 +1108,7 @@ *CVE-2006-0017 (fedora directory server) *CVE-2006-0016 (fedora directory server) *CVE-2005-4838 (tomcat) -*CVE-2005-4837 (net-snmp) +CVE-2005-4837 version (net-snmp, fixed 5.2.2) *CVE-2005-4836 (tomcat) *CVE-2005-4811 version (kernel, fixed 2.6.13) *CVE-2005-4809 VULNERABLE (firefox) @@ -1300,7 +1300,7 @@ *CVE-2005-2872 version (kernel, fixed 2.6.12) *CVE-2005-2871 version (thunderbird) *CVE-2005-2871 version (firefox, fixed 1.0.7) -*CVE-2005-2811 version (net-snmp) not upstream, gentoo only +CVE-2005-2811 version (net-snmp) not upstream, gentoo only *CVE-2005-2801 version (kernel, fixed 2.6.11) *CVE-2005-2800 version (kernel, fixed 2.6.12.6) CVE-2005-2798 version (openssh, fixed 4.2) @@ -1397,7 +1397,7 @@ *CVE-2005-2261 version (thunderbird, fixed 1.0.5) *CVE-2005-2261 version (firefox, fixed 1.0.5) *CVE-2005-2260 version (firefox, fixed 1.0.5) -*CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) +CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) *CVE-2005-2114 version (firefox, fixed 1.0.5) *CVE-2005-2104 version (sysreport, fixed 1.4.1-5) CVE-2005-2103 version (gaim, fixed gaim:1.5.0) @@ -1441,7 +1441,7 @@ *CVE-2005-1751 version (nmap, fixed 3.93 at least) *CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used *CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable -*CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least) +CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least) *CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3) *CVE-2005-1730 (openssl) *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch @@ -1522,7 +1522,7 @@ *CVE-2005-1042 version (php, fixed 4.3.11) *CVE-2005-1041 version (kernel, fixed 2.6.12) *CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue -*CVE-2005-1038 backport (vixie-cron) +CVE-2005-1038 backport (vixie-cron) vixie-cron-4.1-CAN-2005-1038-fix-race.patch *CVE-2005-0990 version (sharutils, fixed 4.6 at least) *CVE-2005-0989 version (thunderbird) *CVE-2005-0989 version (firefox, fixed 1.0.3) @@ -1703,7 +1703,7 @@ *CVE-2005-0088 version (mod_python, fixed after 2.7.8) *CVE-2005-0087 version (alsa-lib, fixed 1.0.9) *CVE-2005-0086 version (less) didn't affect upstream -*CVE-2005-0085 version (htdig, fixed 3.1.6-r7) +CVE-2005-0085 version (htdig, fixed 3.1.6-r7) *CVE-2005-0084 version (wireshark, fixed 0.10.9) *CVE-2005-0080 version (mailman) not upstream *CVE-2005-0078 version (kde, fixed 3.0.5) @@ -2175,7 +2175,7 @@ *CVE-2003-0961 version (kernel, fixed 2.4.23) *CVE-2003-0959 version (kernel, fixed 2.4.21) *CVE-2003-0956 version (kernel, fixed 2.4.22) -*CVE-2003-0935 version (net-snmp, fixed 5.0.9) +CVE-2003-0935 version (net-snmp, fixed 5.0.9) *CVE-2003-0927 version (wireshark, fixed 0.9.16) *CVE-2003-0926 version (wireshark, fixed 0.9.16) *CVE-2003-0925 version (wireshark, fixed 0.9.16) @@ -2372,7 +2372,7 @@ *CVE-2002-2060 version (links, fixed after 2.0pre4) *CVE-2002-2043 ignore (cyrus-sasl) patch against cyrus-sasl *CVE-2002-2012 ignore (httpd) not upstream version -*CVE-2002-2010 version (htdig, fixed 3.1.6) +CVE-2002-2010 version (htdig, fixed 3.1.6) *CVE-2002-2009 version (tomcat, fixed 4.0.3) *CVE-2002-2007 version (tomcat, not 5) *CVE-2002-2006 version (tomcat, not 5) @@ -2398,7 +2398,7 @@ *CVE-2002-1573 version (kernel, not 2.6) *CVE-2002-1572 version (kernel, not 2.6) *CVE-2002-1571 version (kernel, not 2.6) -*CVE-2002-1570 version (net-snmp, fixed in 5.0.8 at least) +CVE-2002-1570 version (net-snmp, fixed in 5.0.8 at least) *CVE-2002-1568 version (openssl, fixed 0.9.6f) *CVE-2002-1568 version (openssl097a, fixed 0.9.6f) *CVE-2002-1567 version (tomcat, fixed 4.1.3) @@ -2470,7 +2470,7 @@ *CVE-2002-1217 version (tar, fixed 1.13.25) *CVE-2002-1175 version (fetchmail, fixed 6.2.0) *CVE-2002-1174 version (fetchmail, fixed 6.2.0) -*CVE-2002-1170 version (net-snmp, fixed 5.0.6) +CVE-2002-1170 version (net-snmp, fixed 5.0.6) *CVE-2002-1165 version (sendmail, fixed 8.12.10 at least) *CVE-2002-1160 version (pam) was our config *CVE-2002-1157 version (httpd, not 2.0) @@ -2601,10 +2601,10 @@ *CVE-2002-0043 version (sudo, fixed 1.6.4) *CVE-2002-0036 version (krb5, fixed 1.2.5) *CVE-2002-0029 version (bind, not 9) -*CVE-2002-0013 version (net-snmp, fixed 4.2.3) -*CVE-2002-0012 version (net-snmp, fixed 4.2.3) +CVE-2002-0013 version (net-snmp, fixed 4.2.3) +CVE-2002-0012 version (net-snmp, fixed 4.2.3) *CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong -*CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-lexer.patch +CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-11-lexer-parser.diff *CVE-2002-0003 version (groff, fixed 1.17.2) *CVE-2002-0002 version (stunnel, fixed 3.22) *CVE-2002-0001 version (mutt, fixed 1.3.25) @@ -2612,14 +2612,14 @@ *CVE-2001-1429 (mc) *CVE-2001-0955 version (XFree86, fixed 4.2.0) CVE-2001-0935 ignore, no-ship (wu-ftpd) -*CVE-2001-0474 version (mesa, fixed 3.3-14) -*CVE-2001-0310 (sort) -*CVE-2001-0235 (vixie-cron) +CVE-2001-0474 version (mesa, fixed 3.3-14) +CVE-2001-0310 ignore (sort) mkstemp is now being used +CVE-2001-0235 (vixie-cron) ** Is this really CVE-2005-1038? CVE-2001-0187 ignore, no-ship (wu-ftpd) -*CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch +CVE-2000-1191 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch CVE-2000-1137 version (ed, fixed 0.2-18.1) *CVE-2000-0992 (krb5) -*CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) +CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] June 2007