Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32280/audit
Modified Files:
fc6 fc7
Log Message:
Add fsplib issues affecting gftp 2.0.18 - see NVD for explanation of ignore
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.235
retrieving revision 1.236
diff -u -r1.235 -r1.236
--- fc6 9 Aug 2007 16:00:14 -0000 1.235
+++ fc6 10 Aug 2007 14:48:41 -0000 1.236
@@ -15,6 +15,8 @@
CVE-2007-4211 VULNERABLE (dovecot, fixed 1.0.3) #251009
CVE-2007-4029 VULNERABLE (libvorbis) #250600
CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
+CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
+CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3845 VULNERABLE (firefox)
https://bugzilla.mozilla.org/show_bug.cgi?id=389580
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3841 ignore (pidgin) ethically disclosed
@@ -126,6 +128,7 @@
CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226]
CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
+CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib
CVE-2006-6939 version (ed, fixed 0.3) #223075 [since FEDORA-2007-100]
CVE-2006-6899 version (bluez-utils, fixed 2.23)
CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- fc7 10 Aug 2007 11:38:12 -0000 1.65
+++ fc7 10 Aug 2007 14:48:41 -0000 1.66
@@ -21,6 +21,8 @@
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 VULNERABLE (wordpress) #250751
CVE-2007-4029 VULNERABLE (libvorbis) #245991
+CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
+CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
@@ -401,6 +403,7 @@
CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected
+CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib
CVE-2006-7205 ignore (php) See NVD
CVE-2006-7204 ignore (php) See NVD
*CVE-2006-7197 (tomcat)
--
fedora-extras-commits mailing list
fedora-extras-commits(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits