fedora-security/audit fc6,1.11,1.12
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Tue Aug 15 10:11:17 UTC 2006
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7328
Modified Files:
fc6
Log Message:
Deal with libtiff by looking at the 3.8.2 upstream source; also some
old firefox issues that are mostly unfixed
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- fc6 15 Aug 2006 09:58:13 -0000 1.11
+++ fc6 15 Aug 2006 10:11:15 -0000 1.12
@@ -103,7 +103,7 @@
CVE-2006-2933 version (kde, not 3.2+)
CVE-2006-2916 ignore (arts) not shipped setuid
CVE-2006-2906 backport (gd) from changelog
-CVE-2006-2894 VULNERABLE (firefox) ###
+CVE-2006-2894 VULNERABLE (firefox)
CVE-2006-2842 version (squirrelmail, fixed 1.4.6)
CVE-2006-2789 version (evolution, fixed 2.4.X)
CVE-2006-2788 version (firefox, fixed 1.5.0.4)
@@ -133,7 +133,7 @@
CVE-2006-2723 ignore (firefox) disputed
CVE-2006-2661 version (freetype, fixed 2.2.1)
CVE-2006-2660 ignore (php) see bz#195539
-CVE-2006-2656 backport (libtiff) [since FEDORA-2006-592] ###
+CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch
CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC
CVE-2006-2613 ignore (firefox) This isn't an issue on FC
CVE-2006-2607 backport (vixie-cron) #177476 ###
@@ -163,8 +163,8 @@
CVE-2006-2199 version (openoffice.org, fixed 2.0.3)
CVE-2006-2198 version (openoffice.org, fixed 2.0.3)
CVE-2006-2194 ignore (ppp) pppd not suid
-CVE-2006-2193 VULNERABLE (libtiff) #194363 ###
-CVE-2006-2120 backport (libtiff) #189976 [since FEDORA-2006-473] ###
+CVE-2006-2193 VULNERABLE (libtiff) fc5#194363
+CVE-2006-2120 version (libtiff, fixed 3.8.2 at least)
CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP
CVE-2006-2083 version (rsync, fixed 2.6.8)
CVE-2006-2071 version (kernel, fixed 2.6.16.6)
@@ -318,7 +318,7 @@
CVE-2006-0554 version (kernel, fixed 2.6.16)
CVE-2006-0553 version (postgresql, only 8.1, fixed 8.1.3)
CVE-2006-0528 version (cairo, fixed 1.0.4)
-CVE-2006-0496 VULNERABLE (firefox) not fixed upstream ###
+CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253
CVE-2006-0482 ignore (kernel) sparc only
CVE-2006-0481 version (libpng, 1.2.7 only)
CVE-2006-0459 version (flex) by inspection
@@ -380,7 +380,7 @@
CVE-2005-4720 version (thunderbird, fixed 1.5)
CVE-2005-4720 version (firefox, fixed 1.5)
CVE-2005-4703 ignore (tomcat) windows only
-CVE-2005-4685 VULNERABLE (firefox) not fixed upstream ###
+CVE-2005-4685 VULNERABLE (firefox) not fixed upstream
CVE-2005-4684 ignore (kdebase) not fixed upstream, low, can't fix
CVE-2005-4667 backport (unzip) changelog
CVE-2005-4639 version (kernel, fixed 2.6.15)
@@ -1368,7 +1368,8 @@
CVE-2004-0001 version (kernel, not 2.6)
CVE-2003-1303 version (php, fixed 4.3.3)
CVE-2003-1302 version (php, fixed 4.3.1)
-CVE-2003-1265 VULNERABLE (firefox) not fixed upstream ###
+CVE-2003-1265 VULNERABLE (firefox)
+CVE-2003-1265 VULNERABLE (thunderbird)
CVE-2003-1232 version (emacs, fixed 21.3)
CVE-2003-1201 version (openldap, not 2.2)
CVE-2003-1161 version (kernel, not released version)
More information about the scm-commits
mailing list