fedora-security/audit fc4,1.48,1.49
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Tue Aug 23 08:25:32 UTC 2005
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3602
Modified Files:
fc4
Log Message:
Deal with things needing attention up to 2005-2100
Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- fc4 23 Aug 2005 07:44:20 -0000 1.48
+++ fc4 23 Aug 2005 08:25:30 -0000 1.49
@@ -402,10 +402,10 @@
2005-0004 version (mysql, fixed 4.1.10)
2005-0003 version (kernel, fixed 2.6.10)
2005-0001 version (kernel, fixed 2.6.10)
-2004-2396 ** passwd
-2004-2395 ** passwd
-2004-2394 ** passwd
-2004-2392 ** libuser
+2004-2396 version (passwd, fixed 0.69) verified in source
+2004-2395 version (passwd, fixed 0.69) verified in source
+2004-2394 version (passwd, fixed 0.69) verified in source
+2004-2392 version (libuser, fixed 0.51.10)
2004-2343 ignore (httpd) not a security issue
2004-2302 version (kernel, fixed 2.6.10)
2004-2259 version (vsftpd, fixed 1.2.2)
@@ -418,7 +418,7 @@
2004-2135 ignore (kernel) design
2004-2093 ignore (rsync, not security issue)
2004-2069 version (openssh, not 4)
-2004-2014 PROBABLY VULNERABLE (wget)
+2004-2014 VULNERABLE (wget) bz#142832
2004-2013 ignore (kernel, not 2.6, also not exploitable)
2004-2004 version (SUSE configuration ponly)
2004-1880 version (openldap, fixed 2.2.21)
@@ -432,7 +432,7 @@
2004-1617 ignore (lynx) not able to verify flaw
2004-1614 version (mozilla, fixed 1.7.5)
2004-1613 version (mozilla, fixed 1.7.5)
-2004-1488 PROBABLY VULNERABLE (wget)
+2004-1488 VULNERABLE (wget) bz#142832
2004-1471 version (cvs, fixed 1.12.9)
2004-1453 version (glibc, fixed 2.3.5)
2004-1452 version (tomcat, fixed 5.0.27-r3)
@@ -542,7 +542,7 @@
2004-0975 backport (openssl097a, fixed 0.9.7f) from srpm
2004-0975 version (openssl, fixed 0.9.7f)
2004-0974 version (netatalk, fixed 2.0.1 says netatalk ChangeLog)
-2004-0972 version (lvm2) version 2.2.01.8 is not vulnerable at least
+2004-0972 version (lvm2, fixed 2.2.01.8 at least)
2004-0971 backport (krb5, see bug 136307) fixed by patch in SRPM
2004-0970 version (gzip) gzip-1.3.5-openbsd-owl-tmp.patch
2004-0969 version (groff, fixed 1.18.1.1)
@@ -771,7 +771,7 @@
2004-0186 version (samba, not 3.0.2a)
2004-0184 version (tcpdump, fixed 3.8.2)
2004-0183 version (tcpdump, fixed 3.8.2)
-2004-0182 version (mailman, only affected RH packages)
+2004-0182 version (mailman, only affected Red Hat packages)
2004-0181 version (kernel, fixed 2.6.5)
2004-0180 version (cvs, fixed 1.11.15)
2004-0179 version (openoffice.org)
@@ -825,7 +825,7 @@
2004-0001 version (kernel, not 2.6)
2003-1201 version (openldap, not 2.2)
2003-1161 version (kernel, not released version)
-2003-1138 backport (httpd, contains /+ now)
+2003-1138 backport (httpd, Red Hat only) contains /+ now
2003-1029 version (tcpdump, fixed after 3.8.1)
2003-1023 version (mc, 4.6.1)
2003-1013 version (ethereal, fixed 0.10.0)
More information about the scm-commits
mailing list