fedora-security/audit fc5,1.54,1.55

Mark Cox (mjc) fedora-extras-commits at redhat.com
Mon Feb 6 10:12:27 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4597

Modified Files:
	fc5 
Log Message:
Deal with some fc5 work; reping on some bz's and check rawhide,
check some marked **



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- fc5	3 Feb 2006 19:54:01 -0000	1.54
+++ fc5	6 Feb 2006 10:12:02 -0000	1.55
@@ -1,4 +1,4 @@
-Up to date CVE as of CVE email 20060202
+Up to date CVE as of CVE email 20060205
 Up to date FC5 as of FC5-Test2-RC
 
 1. Removed packages with security issues that are no longer in FC5 
@@ -15,9 +15,9 @@
 
 ** are items that need attention
 
-CVE-2006-0528 **evolution
-CVE-2006-0496 VULNERABLE (mozilla)
-CVE-2006-0496 VULNERABLE (firefox)
+CVE-2006-0528 ** evolution [under investigation]
+CVE-2006-0496 VULNERABLE (mozilla) not fixed upstream
+CVE-2006-0496 VULNERABLE (firefox) not fixed upstream
 CVE-2006-0482 ignore (kernel) sparc only
 CVE-2006-0481 version (libpng, 1.2.7 only)
 CVE-2006-0405 version (libtiff, 3.8.0 only)
@@ -51,13 +51,13 @@
 CVE-2006-0292 VULNERABLE (mozilla)
 CVE-2006-0292 VULNERABLE (thunderbird)
 CVE-2006-0254 VULNERABLE (tomcat5, fixed 5.5.16) bz#178179
-CVE-2006-0236 ignore (thunderbird) windows only flaw
-CVE-2006-0225 VULNERABLE (openssh)
-CVE-2006-0208 VULNERABLE (php)
-CVE-2006-0207 VULNERABLE (php)
-CVE-2006-0200 VULNERABLE (php)
-CVE-2006-0197 ** xorg-x11
-CVE-2006-0144 ** php-pear
+CVE-2006-0236 ignore (thunderbird) windows only
+CVE-2006-0225 VULNERABLE (openssh) fc4 bz#168167
+CVE-2006-0208 VULNERABLE (php) fc4 bz#178036
+CVE-2006-0207 VULNERABLE (php, fixed 5.1.2)
+CVE-2006-0200 VULNERABLE (php, fixed 5.1.2)
+CVE-2006-0197 ignore (xorg-x11) not an issue
+CVE-2006-0144 version (php-pear, not 1.4.4)
 CVE-2006-0097 ignore (php) Windows only
 CVE-2006-0096 ignore (kernel) minor and requires root
 CVE-2006-0095 VULNERABLE (kernel) bz#177916
@@ -70,7 +70,7 @@
 CVE-2005-4685 VULNERABLE (mozilla)
 CVE-2005-4685 VULNERABLE (firefox)
 CVE-2005-4684 VULNERABLE (kdebase) not fixed upstream
-CVE-2005-4667 VULNERABLE (unzip) bz#178961
+CVE-2005-4667 VULNERABLE (unzip) fc4 bz#178961
 CVE-2005-4639 version (kernel, fixed 2.6.15)
 CVE-2005-4636 version (openoffice.org, fixed 2.0.1)
 CVE-2005-4635 version (kernel, fixed 2.6.15)
@@ -85,10 +85,10 @@
 CVE-2005-4153 backport (mailman) mailman-2.1.5-date_overflows.patch
 CVE-2005-4134 ignore (mozilla) http://www.mozilla.org/security/history-title.html
 CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html
-CVE-2005-4130 ** (HelixPlayer) no information available
-CVE-2005-4126 ** (HelixPlayer) no information available
+CVE-2005-4130 ** (HelixPlayer) no information yet available
+CVE-2005-4126 ** (HelixPlayer) no information yet available
 CVE-2005-4077 version (curl, fixed 7.15.1)
-CVE-2005-3964 VULNERABLE (openmotif) bz#177915
+CVE-2005-3964 VULNERABLE (openmotif) bz#177915:rawhide
 CVE-2005-3962 backport (perl) perl-5.8.7-CVE-2005-3962-bz174684.patch
 CVE-2005-3896 ignore (mozilla) recoverable DoS only
 CVE-2005-3883 version (php, fixed 5.1.1 at least)
@@ -141,7 +141,7 @@
 CVE-2005-3624 backport (cups) cups-CVE-2005-3625,6,7.patch
 CVE-2005-3623 version (kernel, fixed 2.6.14.5)
 CVE-2005-3582 version (ImageMagick) gentoo only
-CVE-2005-3573 VULNERABLE (mailman, not fixed 2.1.6) bz#174166
+CVE-2005-3573 VULNERABLE (mailman, fixed 2.1.7) bz#174166:rawhide
 CVE-2005-3527 version (kernel, fixed 2.6.14 at least)
 CVE-2005-3402 ignore (thunderbird) mozilla say by design
 CVE-2005-3392 version (php, not 5.0)

More information about the scm-commits mailing list