fedora-security/audit fc4,1.52,1.53
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Mon Aug 29 13:00:46 UTC 2005
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28794
Modified Files:
fc4
Log Message:
Fix some minor typos
Deal with newly released FC4 kernel. Note that we say that these
are fixed by version 2.6.12.5 even though our kernel SRPM actually
moves from 2.6.12 to 2.6.12.5 by means of a patch
Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- fc4 26 Aug 2005 08:40:22 -0000 1.52
+++ fc4 29 Aug 2005 13:00:44 -0000 1.53
@@ -14,11 +14,11 @@
2005-2491 ignore (php, pcre uses system pcre)
2005-2642 version (mutt, openbsd only)
2005-2641 VULNERABLE (pam_ldap) bz#166164
-2005-2617 VULNERABLE (kernel, fixed 20050715)
+2005-2617 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
2005-2602 VULNERABLE (firefox) probably
2005-2602 VULNERABLE (thunderbird) probably
2005-2558 VULNERABLE (mysql, fixed 4.1.13) probably
-2005-2555 VULNERABLE (kernel, fixed 20050806)
+2005-2555 backport (kernel, fixed 2.6.12.6pre) [since FEDORA-2005-820] patch-2.6.12.6pre.patch
2005-2553 version (kernel, not 2.6)
2005-2550 backport (evolution) [since FEDORA-2005-743]
2005-2549 backport (evolution) [since FEDORA-2005-743]
@@ -29,10 +29,10 @@
2005-2498 version (php xml_rpc, fixed 1.4.0) [since FEDORA-2005-810]
2005-2475 VULNERABLE (unzip) bz#164928
2005-2471 backport (netpbm) [since FEDORA-2005-728]
-2005-2459 VULNERABLE (kernel, fixed 20050805)
-2005-2458 VULNERABLE (kernel, fixed 20050805)
-2005-2457 ignore (kernel) this is just a bug
-2005-2456 VULNERABLE (kernel, fixed after 20050726)
+2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible
+2005-2458 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
+2005-2457 ignore (kernel, fixed 2.6.12.5) this is just a bug
+2005-2456 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
2005-2452 version (libtiff, fixed 3.7.0)
2005-2448 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
2005-2414 ignore (mozilla) not being fixed upstream, just a crash
@@ -83,8 +83,8 @@
2005-2102 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
2005-2101 backport (kdeedu) [since FEDORA-2005-744]
2005-2100 version (kernel, not upstream)
-2005-2099 VULNERABLE (kernel, fixed 20050804) bz#164989
-2005-2098 VULNERABLE (kernel, fixed 20050804) bz#164988
+2005-2099 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
+2005-2098 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
2005-2097 backport (cups) [since FEDORA-2005-732]
2005-2097 version (xpdf, fixed 3.0.1) [since FEDORA-2005-755] was backport since FEDORA-2005-729
2005-2096 backport (zlib) [since FEDORA-2005-523]
@@ -196,7 +196,7 @@
2005-1111 backport (cpio) from srpm
2005-1065 version (tetex, not upstream)
2005-1061 version (logwatch, in 4.3.2 at least)
-2005-1046 version (kdelibs, fixed after 3.4.0) [since FEDORA-2005-437, was backport....delibs-kimgio-fixed.diff]
+2005-1046 version (kdelibs, fixed after 3.4.0) [since FEDORA-2005-437] was backport....delibs-kimgio-fixed.diff
2005-1043 version (php, fixed 4.3.11)
2005-1042 version (php, fixed 4.3.11)
2005-1041 version (kernel, fixed 2.6.12) was backport in patch-2.6.12-rc3
@@ -236,7 +236,7 @@
2005-0757 version (kernel, not 2.6)
2005-0756 version (kernel, fixed 2.6.12) [since FEDORA-2005-510] was backport (kernel) patch-2.6.12-rc5
2005-0755 version (HelixPlayer, fixed 10.0.4)
-2005-0754 version (kdewebdev, fixed after 3.4.0) [since FEDORA-2005-437, was backport....4.0-CAN-2005-0754.patch]
+2005-0754 version (kdewebdev, fixed after 3.4.0) [since FEDORA-2005-437] was backport....4.0-CAN-2005-0754.patch
2005-0753 backport (cvs, fixed 1.12.12) in cvs-1.11.17-CAN-2005-0753.patch
2005-0752 version (firefox, fixed 1.0.3)
2005-0750 version (kernel, fixed 2.6.11.6) was backport in patch-2.6.12-rc3
@@ -373,7 +373,7 @@
2005-0090 version (kernel, not affected)
2005-0089 version (python, fixed 2.4.1 at least)
2005-0088 version (mod_python, fixed after 2.7.8)
-2005-0087 version (alsa-lib, fixed 1.0.9) [since FEDORA-2005-470, was alsa-lib-mixer.patch]
+2005-0087 version (alsa-lib, fixed 1.0.9) [since FEDORA-2005-470] was backport alsa-lib-mixer.patch since GA
2005-0086 version (less, didn't affect upstream)
2005-0085 version (htdig, fixed 3.1.6-r7)
2005-0084 version (ethereal, fixed 0.10.9)
@@ -385,7 +385,7 @@
2005-0064 version (tetex, fixed 3.0)
2005-0064 version (kpdf, not 3.4)
2005-0064 backport (cups) patch in SRPM
-2005-0064 version (xpdf, fixed 3.0.1) [since FEDORA-2005-775] was backport since release
+2005-0064 version (xpdf, fixed 3.0.1) [since FEDORA-2005-775] was backport since GA
2005-0039 ignore (not a vulnerability) don't do this says the rfc
2005-0034 version (bind, fixed after 9.3.0)
2005-0033 version (bind, not 9)
@@ -401,7 +401,7 @@
2005-0004 version (mysql, fixed 4.1.10)
2005-0003 version (kernel, fixed 2.6.10)
2005-0001 version (kernel, fixed 2.6.10)
-2005-2480 VULNERABLE (squid) bz#166523
+2005-2480 ignore (squid) bz#166523, not reproducable
2005-2479 version (squid, fixed 2.5.STABLE8)
2004-2396 version (passwd, fixed 0.69) verified in source
2004-2395 version (passwd, fixed 0.69) verified in source
More information about the scm-commits
mailing list