fedora-security/audit fc4,1.143,1.144 fc5,1.52,1.53

Fri Feb 3 08:45:36 UTC 2006

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2329

Modified Files:
	fc4 fc5 
Log Message:
Deal with FC4 kernel update



Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.143
retrieving revision 1.144
diff -u -r1.143 -r1.144

--- fc4	3 Feb 2006 02:25:34 -0000	1.143
+++ fc4	3 Feb 2006 08:45:28 -0000	1.144
@@ -1,11 +1,12 @@
-Up to date CVE as of CVE email 20060130
-Up to date FC4 as of 20060122
+Up to date CVE as of CVE email 20060202
+Up to date FC4 as of 20060202
 
 ** are items that need attention
 
+CVE-2006-0528 **evolution
 CVE-2006-0496 VULNERABLE (mozilla)
 CVE-2006-0496 VULNERABLE (firefox)
-CVE-2006-0482 ** kernel
+CVE-2006-0482 ignore (kernel) sparc only
 CVE-2006-0481 version (libpng, 1.2.7 only)
 CVE-2006-0405 version (libtiff, 3.8.0 only)
 CVE-2006-0369 ignore (mysql) this is not a security issue
@@ -48,19 +49,20 @@
 CVE-2006-0096 ignore (kernel) minor and requires root
 CVE-2006-0095 VULNERABLE (kernel)
 CVE-2006-0082 version (ImageMagick, not 6.2.2.0)
-CVE-2006-0037 VULNERABLE (kernel, only 2.6.14 and 2.6.15)
-CVE-2006-0036 VULNERABLE (kernel, only 2.6.14 and 2.6.15)
-CVE-2006-0035 VULNERABLE (kernel)
+CVE-2006-0037 backport (kernel, only 2.6.14 and 2.6.15) [since FEDORA-2006-077] patch-2.6.15.2
+CVE-2006-0036 backport (kernel, only 2.6.14 and 2.6.15) [since FEDORA-2006-077] patch-2.6.15.2
+CVE-2006-0035 backport (kernel) [since FEDORA-2006-077] patch-2.6.15.2
 CVE-2006-0019 backport (kdelibs) [since FEDORA-2006-050]
 CVE-2005-4703 ignore (tomcat) windows only
 CVE-2005-4685 VULNERABLE (mozilla)
+CVE-2005-4685 VULNERABLE (firefox)
 CVE-2005-4684 VULNERABLE (kdebase)
 CVE-2005-4667 VULNERABLE (unzip) bz#178961
-CVE-2005-4639 VULNERABLE (kernel)
+CVE-2005-4639 version (kernel, fixed 2.6.15) [since FEDORA-2006-077]
 CVE-2005-4636 version (openoffice.org, fixed 2.0.1)
-CVE-2005-4635 backport (kernel, fixed 2.6.15) [since FEDORA-2006-013]
-CVE-2005-4618 verson (kernel, fixed 2.6.15) [since FEDORA-2006-013]
-CVE-2005-4605 backport (kernel) [since FEDORA-2006-013]
+CVE-2005-4635 version (kernel, fixed 2.6.15) [since FEDORA-2006-077] was backport since FEDORA-2006-013
+CVE-2005-4618 version (kernel, fixed 2.6.15) [since FEDORA-2006-077] was backport since FEDORA-2006-013
+CVE-2005-4605 version (kernel, fixed 2.6.15) [since FEDORA-2006-077] was backport since FEDORA-2006-013
 CVE-2005-4585 version (ethereal, fixed 0.10.14) [since FEDORA-2006-006]
 CVE-2005-4442 version (openldap) gentoo only
 CVE-2005-4348 version (fetchmail, fixed 6.2.5.5) [since FEDORA-2005-1187]
@@ -79,17 +81,17 @@
 CVE-2005-3896 ignore (mozilla) recoverable DoS only
 CVE-2005-3883 VULNERABLE (php)
 CVE-2005-3858 version (kernel, fixed 2.6.13) [since FEDORA-2005-949]
-CVE-2005-3857 VULNERABLE (kernel, fixed 2.6.15)
+CVE-2005-3857 version (kernel, fixed 2.6.15) [since FEDORA-2006-077]
 CVE-2005-3848 version (kernel, fixed 2.6.13) [since FEDORA-2005-949]
 CVE-2005-3847 version (kernel, fixed 2.6.12.6) [since FEDORA-2005-949] was backport since [FEDORA-2005-906]
-CVE-2005-3810 backport (kernel, fixed 2.6.15) [since FEDORA-2005-1104] affects 2.6.14 only [vulnerable since FEDORA-2005-1067]
-CVE-2005-3809 backport (kernel, fixed 2.6.15) [since FEDORA-2005-1104] affects 2.6.14 only [vulnerable since FEDORA-2005-1067]
-CVE-2005-3808 backport (kernel) [since FEDORA-2005-1104]
-CVE-2005-3807 backport (kernel) [since FEDORA-2005-1104]
+CVE-2005-3810 version (kernel, fixed 2.6.15) [since FEDORA-2006-077] was backport since FEDORA-2005-1104 affects 2.6.14 only [vulnerable since FEDORA-2005-1067]
+CVE-2005-3809 version (kernel, fixed 2.6.15) [since FEDORA-2006-077] was backport since FEDORA-2005-1104 affects 2.6.14 only [vulnerable since FEDORA-2005-1067]
+CVE-2005-3808 version (kernel, fixed 2.6.15) was backport since FEDORA-2005-1104
+CVE-2005-3807 version (kernel, fixed 2.6.15) was backport since FEDORA-2005-1104
 CVE-2005-3806 version (kernel, fixed 2.6.14) [since FEDORA-2005-1067]
 CVE-2005-3805 version (kernel, fixed 2.6.14) [since FEDORA-2005-1067]
-CVE-2005-3784 backport (kernel, fixed 2.6.15) [since FEDORA-2005-3784]
-CVE-2005-3783 backport (kernel, fixed 2.6.14.2) [since FEDORA-2005-1104]
+CVE-2005-3784 version (kernel, fixed 2.6.15) [since FEDORA-2006-077] was backport since FEDORA-2005-3784
+CVE-2005-3783 version (kernel, fixed 2.6.14.2) [since FEDORA-2006-077] was backport since FEDORA-2005-1104
 CVE-2005-3753 version (kernel, fixed 2.6.14) also not a vuln
 CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
 CVE-2005-3732 VULNERABLE (ipsec-tools, fixed 0.6.3) bz#173842
@@ -125,7 +127,7 @@
 CVE-2005-3624 backport (kdegraphics) [since FEDORA-2005-1160]
 CVE-2005-3624 version (poppler, fixed 0.4.4) [since FEDORA-2005-026]
 CVE-2005-3624 backport (cups) [since FEDORA-2006-010]
-CVE-2005-3623 backport (kernel, fixed 2.6.14.5) [since FEDORA-2006-013]
+CVE-2005-3623 version (kernel, fixed 2.6.14.5) [since FEDORA-2006-077] was backport since FEDORA-2006-013
 CVE-2005-3582 version (ImageMagick) gentoo only
 CVE-2005-3573 VULNERABLE (mailman)
 CVE-2005-3527 version (kernel, fixed 2.6.14 at least) [since FEDORA-2005-1067]
@@ -137,7 +139,7 @@
 CVE-2005-3388 backport (php) [since FEDORA-2005-1062]
 CVE-2005-3358 version (kernel, fixed 2.6.11)
 CVE-2005-3357 backport (httpd, fixed 2.0.56) [since FEDORA-2006-052]
-CVE-2005-3356 VULNERABLE (kernel)
+CVE-2005-3356 backport (kernel) [since FEDORA-2006-077]
 CVE-2005-3353 backport (php) [since FEDORA-2005-1062]
 CVE-2005-3352 backport (httpd, fixed 2.0.56) [since FEDORA-2006-052]
 CVE-2005-3351 backport (spamassassin) [since FEDORA-2005-1066]
@@ -152,7 +154,7 @@
 CVE-2005-3272 version (kernel, fixed 2.6.13) [since FEDORA-2005-949]
 CVE-2005-3271 version (kernel, fixed 2.6.9) since GA
 CVE-2005-3258 backport (squid) [since FEDORA-2005-1009]
-CVE-2005-3257 backport (kernel, fixed 2.6.15) [since FEDORA-2005-1138]
+CVE-2005-3257 version (kernel, fixed 2.6.15) [since FEDORA-2006-077] was backport since FEDORA-2005-1138
 CVE-2005-3249 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
 CVE-2005-3248 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
 CVE-2005-3247 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
@@ -238,7 +240,7 @@
 CVE-2005-2794 version (squid, fixed 2.5.STABLE11) [since FEDORA-2005-913] was backport since FEDORA-2005-851
 CVE-2005-2728 backport (httpd, fixed 2.0.55-dev) [since FEDORA-2005-849]
 CVE-2005-2710 version (helixplayer, fixed 1.0.6) [since FEDORA-2005-940]
-CVE-2005-2709 backport (kernel, fixed 2.6.14.3) [since FEDORA-2005-1104]
+CVE-2005-2709 version (kernel, fixed 2.6.14.3) [since FEDORA-2006-077] was backport since FEDORA-2005-1104
 CVE-2005-2708 ignore (kernel) not reproducable on x86_64
 CVE-2005-2707 version (thunderbird) [since FEDORA-2005-963]
 CVE-2005-2707 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
@@ -1332,7 +1334,7 @@
 
 CVE-2002-2204 ignore (rpm) by design
 CVE-2002-2196 version (samba, fixed 2.2.5)
-CVE-2002-2185 VULNERABLE (kernel)
+CVE-2002-2185 version (kernel, fixed 2.6.15) [since FEODRA-2006-077]
 CVE-2002-2103 version (apache, not 2.0)
 CVE-2002-1963 version (kernel, not 2.6)
 CVE-2002-1976 ignore (ifconfig) "use ip"


Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- fc5	2 Feb 2006 21:12:05 -0000	1.52
+++ fc5	3 Feb 2006 08:45:28 -0000	1.53
@@ -1,4 +1,4 @@
-Up to date CVE as of CVE email 20060130
+Up to date CVE as of CVE email 20060202
 Up to date FC5 as of FC5-Test2-RC
 
 1. Removed packages with security issues that are no longer in FC5 
@@ -15,9 +15,10 @@
 
 ** are items that need attention
 
+CVE-2006-0528 **evolution
 CVE-2006-0496 VULNERABLE (mozilla)
 CVE-2006-0496 VULNERABLE (firefox)
-CVE-2006-0482 ** kernel
+CVE-2006-0482 ignore (kernel) sparc only
 CVE-2006-0481 version (libpng, 1.2.7 only)
 CVE-2006-0405 version (libtiff, 3.8.0 only)
 CVE-2006-0369 ignore (mysql) this is not a security issue
@@ -25,28 +26,28 @@
 CVE-2006-0301 VULNERABLE (xpdf) bz#179423
 CVE-2006-0301 VULNERABLE (poppler) bz#179424
 CVE-2006-0301 VULNERABLE (kdegraphics) bz#179425
-CVE-2006-0299 VULNERABLE (firefox)
+CVE-2006-0299 VULNERABLE (firefox, fixed 1.5.0.1)
 CVE-2006-0299 version (mozilla, 1.8 branch only)
 CVE-2006-0299 VULNERABLE (thunderbird)
-CVE-2006-0298 VULNERABLE (firefox)
+CVE-2006-0298 VULNERABLE (firefox, fixed 1.5.0.1)
 CVE-2006-0298 version (mozilla, 1.8 branch only)
 CVE-2006-0298 VULNERABLE (thunderbird)
-CVE-2006-0297 VULNERABLE (firefox)
+CVE-2006-0297 VULNERABLE (firefox, fixed 1.5.0.1)
 CVE-2006-0297 version (mozilla, 1.8 branch only)
 CVE-2006-0297 VULNERABLE (thunderbird)
-CVE-2006-0296 VULNERABLE (firefox)
+CVE-2006-0296 VULNERABLE (firefox, fixed 1.5.0.1)
 CVE-2006-0296 VULNERABLE (mozilla)
 CVE-2006-0296 VULNERABLE (thunderbird)
-CVE-2006-0295 VULNERABLE (firefox)
+CVE-2006-0295 VULNERABLE (firefox, fixed 1.5.0.1)
 CVE-2006-0295 version (mozilla, 1.8 branch only)
 CVE-2006-0295 VULNERABLE (thunderbird)
-CVE-2006-0294 VULNERABLE (firefox)
+CVE-2006-0294 VULNERABLE (firefox, fixed 1.5.0.1)
 CVE-2006-0294 version (mozilla, 1.8 branch only)
 CVE-2006-0294 VULNERABLE (thunderbird)
-CVE-2006-0293 VULNERABLE (firefox)
+CVE-2006-0293 VULNERABLE (firefox, fixed 1.5.0.1)
 CVE-2006-0293 version (mozilla, 1.8 branch only)
 CVE-2006-0293 VULNERABLE (thunderbird)
-CVE-2006-0292 VULNERABLE (firefox)
+CVE-2006-0292 VULNERABLE (firefox, fixed 1.5.1)
 CVE-2006-0292 VULNERABLE (mozilla)
 CVE-2006-0292 VULNERABLE (thunderbird)
 CVE-2006-0254 VULNERABLE (tomcat5, fixed 5.5.16) bz#178179
@@ -67,6 +68,7 @@
 CVE-2006-0019 VULNERABLE (kdelibs)
 CVE-2005-4703 ignore (tomcat) windows only
 CVE-2005-4685 VULNERABLE (mozilla)
+CVE-2005-4685 VULNERABLE (firefox)
 CVE-2005-4684 VULNERABLE (kdebase)
 CVE-2005-4667 VULNERABLE (unzip) bz#178961
 CVE-2005-4639 version (kernel, fixed 2.6.15)


