2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] July 2007

security@lists.fedoraproject.org

9 participants
61 discussions

Start a nNew thread

[Bug 247528] CVE-2007-3555: moodle cross site scripting vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3555: moodle cross site scripting vulnerability Alias: CVE-2007-3555 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247528 limb(a)jcomserv.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From limb(a)jcomserv.net 2007-07-25 19:52 EST ------- Built 1.8.2 for rawhide, which addresses this. Will push to 7, etc after testing. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 9 months

1
0
0 / 0

[Bug 247528] CVE-2007-3555: moodle cross site scripting vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3555: moodle cross site scripting vulnerability Alias: CVE-2007-3555 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247528 limb(a)jcomserv.net changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|loganjerry(a)gmail.com |limb(a)jcomserv.net -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc7,1.51,1.52

by fedora-extras-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4568 Modified Files: fc7 Log Message: Lighttpd. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.51 retrieving revision 1.52 diff -u -r1.51 -r1.52 --- fc7 24 Jul 2007 00:38:07 -0000 1.51 +++ fc7 25 Jul 2007 13:09:29 -0000 1.52 @@ -4,7 +4,11 @@ *CVE are items that need verification for Fedora 7 -CVE-NOID VULNERABLE (lighttpd) #249162 +CVE-2007-3946 VULNERABLE (lighttpd) #249162 +CVE-2007-3947 VULNERABLE (lighttpd) #249162 +CVE-2007-3948 VULNERABLE (lighttpd) #249162 +CVE-2007-3949 VULNERABLE (lighttpd) #249162 +CVE-2007-3950 VULNERABLE (lighttpd) #249162 CVE-2007-4168 VULNERABLE (libexif) #243890 CVE-2007-3841 WTF (pidgin) CVE-2007-3820 ** (kdebase) #248537 -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc7,1.50,1.51

by fedora-extras-commits＠redhat.com

Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31294 Modified Files: fc7 Log Message: Removed CVE-2005-3888 to CVE-2005-3891 which apply to Gadu-Gadu for Windows. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.50 retrieving revision 1.51 diff -u -r1.50 -r1.51 --- fc7 24 Jul 2007 00:25:47 -0000 1.50 +++ fc7 24 Jul 2007 00:38:07 -0000 1.51 @@ -1204,10 +1204,6 @@ *CVE-2005-3964 (openmotif) CVE-2005-3962 version (perl, fixed 5.8.8) CVE-2005-3896 (firefox,seamonkey,thunderbird) -*CVE-2005-3891 (pidgin) -*CVE-2005-3890 (pidgin) -*CVE-2005-3889 (pidgin) -*CVE-2005-3888 (pidgin) CVE-2005-3883 version (php, fixed 5.1.1 at least) CVE-2005-3858 version (kernel, fixed 2.6.13) CVE-2005-3857 version (kernel, fixed 2.6.15) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc7,1.49,1.50

by fedora-extras-commits＠redhat.com

Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28793 Modified Files: fc7 Log Message: Added lesstif CVEs. Processed freeciv, mikmod/libmikmod. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.49 retrieving revision 1.50 diff -u -r1.49 -r1.50 --- fc7 23 Jul 2007 23:30:43 -0000 1.49 +++ fc7 24 Jul 2007 00:25:47 -0000 1.50 @@ -652,8 +652,8 @@ CVE-2006-4019 version (squirrelmail, fixed 1.4.8) CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 CVE-2006-3918 version (httpd, fixed 2.2.2) -*CVE-2006-3913 patch (freeciv, fixed 2.0.8-5) #200545 -CVE-2006-3879 version (mikmod, not 3.1.6) +CVE-2006-3913 patch (freeciv, fixed 2.0.9) #200545 +CVE-2006-3879 version (libmikmod, loaders/load_gt2 not in bundled libmikmod-3.1.11) CVE-2006-3835 version (tomcat, fixed 5.5.17) CVE-2006-3816 version (krusader, fixed 1.70.1) #200323 CVE-2006-3815 version (heartbeat, fixed 2.0.6) @@ -1633,6 +1633,7 @@ CVE-2005-0626 version (squid, fixed 2.5.STABLE10) *CVE-2005-0611 (helixplayer) CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) +*CVE-2005-0605 (lesstif) CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour CVE-2005-0596 version (php, fixed 5.0) CVE-2005-0593 version (firefox) @@ -1964,6 +1965,7 @@ CVE-2004-0929 version (libtiff, fixed 3.7.0) CVE-2004-0923 version (cups, fixed 1.1.22) CVE-2004-0918 version (squid, fixed 2.4.STABLE7) +*CVE-2004-0914 (lesstif) CVE-2004-0914 version (xorg-x11, fixed after 6.8.1) CVE-2004-0909 version (thunderbird) CVE-2004-0909 version (firefox) @@ -2042,6 +2044,8 @@ CVE-2004-0691 version (qt, fixed 3.3.3) CVE-2004-0690 version (kdelibs, fixed after 3.2.3) CVE-2004-0689 version (kdelibs, fixed 3.3.0) +*CVE-2004-0688 (lesstif) +*CVE-2004-0687 (lesstif) CVE-2004-0686 version (samba, fixed 3.0.6) CVE-2004-0685 version (kernel, not 2.6) CVE-2004-0658 ignore (kernel) not a security issue @@ -2322,7 +2326,7 @@ CVE-2003-0430 version (wireshark, fixed after 0.9.12) CVE-2003-0429 version (wireshark, fixed after 0.9.12) CVE-2003-0428 version (wireshark, fixed after 0.9.12) -*CVE-2003-0427 backport (mikmod) from changelog +CVE-2003-0427 version (mikmod, fixed 3.2.0) CVE-2003-0418 version (kernel, not 2.6) CVE-2003-0388 version (pam, fixed 0.78) CVE-2003-0386 version (openssh, fixed after 3.6.1) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc7,1.48,1.49

by fedora-extras-commits＠redhat.com

Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17109 Modified Files: fc7 Log Message: Processed mtr. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- fc7 23 Jul 2007 19:24:06 -0000 1.48 +++ fc7 23 Jul 2007 23:30:43 -0000 1.49 @@ -1862,7 +1862,7 @@ CVE-2004-1237 version (kernel, not 2.6) not upstream CVE-2004-1235 version (kernel, fixed 2.6.11) CVE-2004-1234 version (kernel, not 2.6) -CVE-2004-1224 version (mtr, fixed after 0.65) +CVE-2004-1224 version (mtr, fixed 0.66) CVE-2004-1200 ignore (firefox, mozilla) not a security issue CVE-2004-1191 version (kernel, fixed 2.6.9) CVE-2004-1190 version (kernel, fixed 2.6.10) @@ -2595,7 +2595,7 @@ CVE-2002-0510 ignore (kernel) see cve CVE-2002-0506 version (newt, not 0.5.22 at least) CVE-2002-0499 version (kernel, not 2.6) -*CVE-2002-0497 backport (mtr) mtr-0.69-CVE-2002-0497.patch +CVE-2002-0497 backport (mtr) mtr-0.69-CVE-2002-0497.patch CVE-2002-0493 version (tomcat, fixed 4.1.12) CVE-2002-0435 version (fileutils, fixed 4.1.7) CVE-2002-0429 version (kernel, not 2.6) @@ -2677,6 +2677,7 @@ CVE-2000-1137 version (ed, fixed 0.2-18.1) *CVE-2000-0992 (krb5) CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) +CVE-2000-0172 version (mtr, fixed 0.42) CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc7,1.47,1.48

by fedora-extras-commits＠redhat.com

Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27007 Modified Files: fc7 Log Message: Renamed gaim to pidgin. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.47 retrieving revision 1.48 diff -u -r1.47 -r1.48 --- fc7 21 Jul 2007 19:27:14 -0000 1.47 +++ fc7 23 Jul 2007 19:24:06 -0000 1.48 @@ -1423,7 +1423,7 @@ CVE-2005-2410 version (NetworkManager, fixed 5.0) CVE-2005-2395 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=281851 CVE-2005-2370 version (kdenetwork, fixed 3.4.2) -CVE-2005-2370 version (gaim, fixed gaim:1.5.0) +CVE-2005-2370 version (pidgin, fixed pidgin:1.5.0) CVE-2005-2369 version (kdenetwork, fixed 3.4.2) CVE-2005-2368 version (vim, fixed 6.3.086 at least) CVE-2005-2367 version (wireshark, fixed 0.10.12) @@ -1457,8 +1457,8 @@ CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) CVE-2005-2114 version (firefox, fixed 1.0.5) CVE-2005-2104 version (sysreport, fixed 1.4.1-5) -CVE-2005-2103 version (gaim, fixed gaim:1.5.0) -CVE-2005-2102 version (gaim, fixed gaim:1.5.0) +CVE-2005-2103 version (pidgin, fixed pidgin:1.5.0) +CVE-2005-2102 version (pidgin, fixed pidgin:1.5.0) CVE-2005-2101 version (kdeedu, fixed after 3.4.2) CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4 CVE-2005-2099 version (kernel, fixed 2.6.12.5) @@ -1475,7 +1475,7 @@ CVE-2005-1993 version (sudo, fixed 1.6.8p9) CVE-2005-1992 version (ruby, fixed 1.8.3 at least) CVE-2005-1937 version (firefox, fixed 1.0.5) -CVE-2005-1934 version (gaim, fixed gaim:1.5.0) +CVE-2005-1934 version (pidgin, fixed pidgin:1.5.0) CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) CVE-2005-1920 version (kdelibs, fixed 3.4.1) *CVE-2005-1918 version (tar) @@ -1545,15 +1545,15 @@ CVE-2005-1278 version (tcpdump, fixed 3.9.2) CVE-2005-1277 ignore (dupe) CVE-2005-1275 version (ImageMagick, fixed 6.2.2) -CVE-2005-1269 version (gaim, gaim:fixed 1.5.0) +CVE-2005-1269 version (pidgin, pidgin:fixed 1.5.0) CVE-2005-1268 version (httpd, not 2.2) CVE-2005-1267 version (tcpdump, fixed 3.9.4 at least) CVE-2005-1266 version (spamassassin, fixed 3.0.4) *CVE-2005-1265 version (kernel) *CVE-2005-1264 version (kernel) *CVE-2005-1263 version (kernel) -CVE-2005-1262 version (gaim, fixed gaim:1.5.0) -CVE-2005-1261 version (gaim, fixed gaim:1.5.0) +CVE-2005-1262 version (pidgin, fixed pidgin:1.5.0) +CVE-2005-1261 version (pidgin, fixed pidgin:1.5.0) *CVE-2005-1260 version (bzip2, fixed 1.0.3) CVE-2005-1229 backport (cpio) cpio-2.6-dirTraversal.patch *CVE-2005-1228 backport (gzip) changelog @@ -1585,9 +1585,9 @@ CVE-2005-0989 version (firefox, fixed 1.0.3) *CVE-2005-0988 backport (gzip) changelog CVE-2005-0977 version (kernel, fixed 2.6.11) -CVE-2005-0967 version (gaim, fixed gaim:1.5.0) -CVE-2005-0966 version (gaim, fixed gaim:1.5.0) -CVE-2005-0965 version (gaim, fixed gaim:1.5.0) +CVE-2005-0967 version (pidgin, fixed pidgin:1.5.0) +CVE-2005-0966 version (pidgin, fixed pidgin:1.5.0) +CVE-2005-0965 version (pidgin, fixed pidgin:1.5.0) *CVE-2005-0953 backport (bzip2) bzip2-1.0.2-chmod.patch CVE-2005-0941 version (openoffice.org, fixed 1.9 m95) CVE-2005-0937 version (kernel, fixed 2.6.11) @@ -1663,8 +1663,8 @@ CVE-2005-0489 version (kernel, not 2.6) *CVE-2005-0488 backport (telnet) CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch -CVE-2005-0473 version (gaim, fixed gaim:1.5.0) -CVE-2005-0472 version (gaim, fixed gaim:1.5.0) +CVE-2005-0473 version (pidgin, fixed pidgin:1.5.0) +CVE-2005-0472 version (pidgin, fixed pidgin:1.5.0) CVE-2005-0470 version (wpa_supplicant, fixed 0.2.7) CVE-2005-0469 version (krb5, fixed 1.4.1) *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch @@ -1707,7 +1707,7 @@ CVE-2005-0211 version (squid, fixed 2.5.STABLE8) CVE-2005-0210 version (kernel, fixed 2.6.11) CVE-2005-0209 version (kernel, fixed 2.6.11) -CVE-2005-0208 version (gaim, fixed gaim:1.5.0) +CVE-2005-0208 version (pidgin, fixed pidgin:1.5.0) CVE-2005-0207 version (kernel, fixed 2.6.11) CVE-2005-0205 version (kdenetwork, not 3.3+) CVE-2005-0204 version (kernel) didn't affect upstream @@ -1794,7 +1794,7 @@ *CVE-2004-2645 (asn1c) *CVE-2004-2644 (asn1c) CVE-2004-2607 version (kernel, fixed 2.6.5) -CVE-2004-2589 version (gaim, fixed gaim:0.82.1) +CVE-2004-2589 version (pidgin, fixed pidgin:0.82.1) CVE-2004-2546 version (samba, fixed 3.0.6) CVE-2004-2541 ignore (cscope) blocked by FORTIFY_SOURCE CVE-2004-2536 version (kernel, fixed 2.6.7) @@ -1971,7 +1971,7 @@ CVE-2004-0907 version (firefox) CVE-2004-0906 version (thunderbird) CVE-2004-0906 version (firefox) -CVE-2004-0891 version (gaim, fixed gaim:1.0.2) +CVE-2004-0891 version (pidgin, fixed pidgin:1.0.2) CVE-2004-0888 version (tetex, fixed 3.0) CVE-2004-0888 version (kdegraphics, not 3.4) CVE-2004-0888 version (cups, fixed 1.2) @@ -2016,8 +2016,8 @@ CVE-2004-0790 version (kernel, not 2.6) CVE-2004-0788 version (gtk2, fixed 2.6.7 at least) CVE-2004-0786 version (apr-util, not httpd-2.2) -CVE-2004-0785 version (gaim, fixed gaim:0.82.1) -CVE-2004-0784 version (gaim, fixed gaim:0.82.1) +CVE-2004-0785 version (pidgin, fixed pidgin:0.82.1) +CVE-2004-0784 version (pidgin, fixed pidgin:0.82.1) CVE-2004-0783 version (gtk2, fixed 2.6.7 at least) CVE-2004-0782 version (gtk2, fixed 2.6.7 at least) CVE-2004-0779 version (thunderbird) @@ -2026,7 +2026,7 @@ CVE-2004-0772 version (krb5, fixed after 1.2.8) CVE-2004-0768 version (libpng, fixed 1.2.6) CVE-2004-0755 version (ruby, fixed 1.8.1) -CVE-2004-0754 version (gaim, fixed gaim:0.82.1) +CVE-2004-0754 version (pidgin, fixed pidgin:0.82.1) CVE-2004-0753 version (gtk2, fixed after 2.2.4) CVE-2004-0752 version (openoffice.org, fixed after 1.1.2) CVE-2004-0751 version (httpd, not 2.2) @@ -2085,7 +2085,7 @@ CVE-2004-0506 version (wireshark, fixed 0.10.4) CVE-2004-0505 version (wireshark, fixed 0.10.4) CVE-2004-0504 version (wireshark, fixed 0.10.4) -CVE-2004-0500 version (gaim, fixed gaim:0.82.1) +CVE-2004-0500 version (pidgin, fixed pidgin:0.82.1) CVE-2004-0497 version (kernel, fixed 2.6.8) CVE-2004-0496 version (kernel, fixed 2.6.8) CVE-2004-0495 version (kernel, fixed 2.6.8) @@ -2185,10 +2185,10 @@ CVE-2004-0055 version (tcpdump, fixed 3.8.2) CVE-2004-0042 ignore (vsftpd) disputed CVE-2004-0010 version (kernel, not 2.6) -CVE-2004-0008 version (gaim, fixed gaim:0.76) -CVE-2004-0007 version (gaim, fixed gaim:0.76) -CVE-2004-0006 version (gaim, fixed gaim:0.76) -CVE-2004-0005 version (gaim, fixed gaim:0.76) +CVE-2004-0008 version (pidgin, fixed pidgin:0.76) +CVE-2004-0007 version (pidgin, fixed pidgin:0.76) +CVE-2004-0006 version (pidgin, fixed pidgin:0.76) +CVE-2004-0005 version (pidgin, fixed pidgin:0.76) CVE-2004-0003 version (kernel, not 2.6) CVE-2004-0001 version (kernel, not 2.6) CVE-2003-1329 ignore, no-ship (wu-ftpd) @@ -2539,7 +2539,7 @@ CVE-2002-1146 version (bind, not 8.3+) CVE-2002-1131 version (squirrelmail, fixed 1.2.8) CVE-2002-1119 version (python, fixed 2.2.2) -CVE-2002-0989 version (gaim, fixed gaim:0.59.1) +CVE-2002-0989 version (pidgin, fixed pidgin:0.59.1) CVE-2002-0986 version (php, fixed 4.2.3) CVE-2002-0985 version (php, fixed 4.2.3) CVE-2002-0972 version (postgresql, fixed 7.2.2) @@ -2610,11 +2610,11 @@ CVE-2002-0391 version (glibc, fixed after 2.2.5) CVE-2002-0389 ignore (mailman) upstream say not a vulnerability CVE-2002-0388 version (mailman, fixed 2.0.11) -CVE-2002-0384 version (gaim, fixed gaim:0.58) +CVE-2002-0384 version (pidgin, fixed pidgin:0.58) CVE-2002-0382 version (xchat, fixed 1.9.1) CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) CVE-2002-0379 version (imap, vuln code removed imap-2002) -CVE-2002-0377 version (gaim, fixed gaim:0.58) +CVE-2002-0377 version (pidgin, fixed pidgin:0.58) CVE-2002-0374 version (pam_ldap, fixed 144) CVE-2002-0363 version (ghostscript, fixed 6.53) CVE-2002-0353 version (wireshark, fixed 0.9.3) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc6, 1.224, 1.225 fc7, 1.46, 1.47 fe6, 1.129, 1.130

by fedora-extras-commits＠redhat.com

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18524 Modified Files: fc6 fc7 fe6 Log Message: lighttpd, perl-Net-DNS Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.224 retrieving revision 1.225 diff -u -r1.224 -r1.225 --- fc6 18 Jul 2007 14:15:40 -0000 1.224 +++ fc6 21 Jul 2007 19:27:14 -0000 1.225 @@ -12,7 +12,9 @@ CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] +CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809 CVE-2007-3378 ignore (php) safe mode escape +CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 CVE-2007-3126 ignore (gimp) just a crash *CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5?) [since ?] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.46 retrieving revision 1.47 diff -u -r1.46 -r1.47 --- fc7 19 Jul 2007 18:04:22 -0000 1.46 +++ fc7 21 Jul 2007 19:27:14 -0000 1.47 @@ -4,6 +4,7 @@ *CVE are items that need verification for Fedora 7 +CVE-NOID VULNERABLE (lighttpd) #249162 CVE-2007-4168 VULNERABLE (libexif) #243890 CVE-2007-3841 WTF (pidgin) CVE-2007-3820 ** (kdebase) #248537 @@ -31,12 +32,14 @@ CVE-2007-3473 ** (gd) CVE-2007-3472 ** (gd) CVE-2007-3410 VULNERABLE (HelixPlayer) #245838 +CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807 CVE-2007-3393 VULNERABLE (wireshark) CVE-2007-3392 VULNERABLE (wireshark) CVE-2007-3391 VULNERABLE (wireshark) CVE-2007-3390 VULNERABLE (wireshark) CVE-2007-3389 VULNERABLE (wireshark) CVE-2007-3378 ignore (php) safe mode escape +CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 CVE-2007-3241 ** (wordpress) #245211 CVE-2007-3240 ** (wordpress) #245211 CVE-2007-3239 ** (wordpress) #245211 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.129 retrieving revision 1.130 diff -u -r1.129 -r1.130 --- fe6 19 Jul 2007 18:04:22 -0000 1.129 +++ fe6 21 Jul 2007 19:27:14 -0000 1.130 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-NOID VULNERABLE (lighttpd) #249162 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) CVE-2007-3555 VULNERABLE (moodle) #247528 CVE-2007-3546 ignore (nessus-core) Windows only -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

fedora-security/audit fc7,1.45,1.46 fe6,1.128,1.129

by fedora-extras-commits＠redhat.com

Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv333 Modified Files: fc7 fe6 Log Message: libsilc, clamav, bochs Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- fc7 18 Jul 2007 14:15:40 -0000 1.45 +++ fc7 19 Jul 2007 18:04:22 -0000 1.46 @@ -11,6 +11,7 @@ CVE-2007-3781 ** (mysql) CVE-2007-3782 ** (mysql) CVE-2007-3770 ** (xfce-utils) +CVE-2007-3728 ignore (libsilc, 1.1.1 only) CVE-2007-3725 ** (clamav) CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) @@ -60,6 +61,8 @@ CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 +CVE-2007-2894 ignore (bochs, unreproducible) #241799 +CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] *CVE-2007-2874 (wpa_supplicant) #242455 CVE-2007-2873 version (spamassassin, fixed 3.2.1) @@ -79,7 +82,7 @@ CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 *CVE-2007-2683 (mutt) *CVE-2007-2654 VULNERABLE (xfsdump) #240396 -CVE-2007-2650 VULNERABLE (clamav, fixed in 0.90.3) #240395 +CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 CVE-2007-2645 ignore (libexif) #240055 DoS only *CVE-2007-2637 patch (moin, fixed 1.5.7-2) *CVE-2007-2627 ** (wordpress) #239904 @@ -116,7 +119,7 @@ *CVE-2007-2165 VULNERABLE (proftpd) #237533 *CVE-2007-2138 (postgresql) CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) -CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) +CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-2028 (freeradius) *CVE-2007-2026 (file) CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.128 retrieving revision 1.129 diff -u -r1.128 -r1.129 --- fe6 14 Jul 2007 09:07:01 -0000 1.128 +++ fe6 19 Jul 2007 18:04:22 -0000 1.129 @@ -26,7 +26,8 @@ CVE-2007-3025 ignore (clamav, Solaris only) CVE-2007-3024 ** (clamav, fixed 0.90.3) #245219 CVE-2007-3023 ** (clamav, fixed 0.90.3) #245219 -CVE-2007-2894 VULNERABLE (bochs) #241799 +CVE-2007-2894 ignore (bochs, unreproducible) #241799 +CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799 CVE-2007-2871 version (seamonkey, fixed 1.0.9) CVE-2007-2870 version (seamonkey, fixed 1.0.9) CVE-2007-2868 version (seamonkey, fixed 1.0.9) -- fedora-extras-commits mailing list fedora-extras-commits(a)redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits

16 years, 9 months

1
0
0 / 0

[Bug 240395] New: CVE-2007-2650: clamav OLE2 parser DoS

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 Summary: CVE-2007-2650: clamav OLE2 parser DoS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: clamav AssignedTo: enrico.scholz(a)informatik.tu-chemnitz.de ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: fedora-security-list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2650 "The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file." Affected versions unknown. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

16 years, 9 months

1
19
0 / 0

← Newer
1
2
3
4
5
6
7
Older →