fedora-security/audit fc4,1.49,1.50
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Wed Aug 24 10:53:36 UTC 2005
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16361
Modified Files:
fc4
Log Message:
More updates to finish off some of the things that needed attention, and
add new things from CVE and FC pushes today. Not dealt with xpdf yet
Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- fc4 23 Aug 2005 08:25:30 -0000 1.49
+++ fc4 24 Aug 2005 10:53:34 -0000 1.50
@@ -3,19 +3,19 @@
** are items that need attention
+2005-2672 ** lm_sensors
+2005-2666 ** openssh (hmm)
2005-2499 backport (slocate) [since FEDORA-2005-770]
-2005-2491 ** python pcre
+2005-2491 VULNERABLE (python pcre)
2005-2491 VULNERABLE (pcre, fixed 6.2)
2005-2491 ignore (httpd, pcre uses system pcre)
2005-2491 ignore (php, pcre uses system pcre)
-2005-2480 VULNERABLE (squid, fixed 2.5.STABLE8) bz#166523
-2005-2479 ** squid not affected
2005-2642 version (mutt, openbsd only)
2005-2641 VULNERABLE (pam_ldap) bz#166164
2005-2617 VULNERABLE (kernel, fixed 20050715)
-2005-2602 ** firefox
-2005-2602 ** thunderbird
-2005-2558 ** mysql
+2005-2602 VULNERABLE (firefox) probably
+2005-2602 VULNERABLE (thunderbird) probably
+2005-2558 VULNERABLE (mysql, fixed 4.1.13) probably
2005-2555 VULNERABLE (kernel, fixed 20050806)
2005-2553 version (kernel, not 2.6)
2005-2550 backport (evolution) [since FEDORA-2005-743]
@@ -23,7 +23,6 @@
2005-2548 version (kernel, fixed 2.6.9) only affected 2.6.8
2005-2547 version (bluez-pin, fixed 2.19) not before 2.16
2005-2541 ignore (tar) is documented behaviour
-2005-2536 ** pstotext
2005-2500 version (kernel, flaw introduced after 2.6.12)
2005-2498 VULNERABLE (php xmlrpc) bz#165847
2005-2475 VULNERABLE (unzip) bz#164928
@@ -32,15 +31,13 @@
2005-2458 VULNERABLE (kernel, fixed 20050805)
2005-2457 ignore (kernel) this is just a bug
2005-2456 VULNERABLE (kernel, fixed after 20050726)
-2005-2452 ** libtiff
-2005-2448 ** libgadu in kdenetwork
-2005-2447 ** libgadu in kdenetwork
-2005-2446 ** libgadu in kdenetwork
+2005-2452 version (libtiff, fixed 3.7.0)
+2005-2448 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
2005-2414 ignore (mozilla) not being fixed upstream, just a crash
2005-2410 backport (NetworkManager) [since FEDORA-2005-680]
2005-2395 ** firefox
2005-2370 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
-2005-2370 ** gaim [since FEDORA-2005-751]
+2005-2370 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
2005-2369 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
2005-2368 version (vim, fixed 6.3.086 at least) [since FEDORA-2005-737]
2005-2367 version (ethereal, fixed 0.10.12) [since FEDORA-2005-655]
@@ -80,8 +77,8 @@
2005-2260 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
2005-2177 version (net-snmp, fixed 5.2.1.2) [since FEDORA-2005-561]
2005-2114 ** mozilla, can't find out when this was fixed upstream
-2005-2103 ** gaim [since FEDORA-2005-751]
-2005-2102 ** gaim [since FEDORA-2005-751]
+2005-2103 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
+2005-2102 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
2005-2101 backport (kdeedu) [since FEDORA-2005-744]
2005-2100 version (kernel, not upstream)
2005-2099 VULNERABLE (kernel, fixed 20050804) bz#164989
@@ -402,6 +399,8 @@
2005-0004 version (mysql, fixed 4.1.10)
2005-0003 version (kernel, fixed 2.6.10)
2005-0001 version (kernel, fixed 2.6.10)
+2005-2480 VULNERABLE (squid) bz#166523
+2005-2479 version (squid, fixed 2.5.STABLE8)
2004-2396 version (passwd, fixed 0.69) verified in source
2004-2395 version (passwd, fixed 0.69) verified in source
2004-2394 version (passwd, fixed 0.69) verified in source
More information about the scm-commits
mailing list