fedora-security/audit fc5,1.64,1.65

Mark Cox (mjc) fedora-extras-commits at redhat.com
Mon Feb 20 15:45:10 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16746

Modified Files:
	fc5 
Log Message:
Bring the tracking file up to test3, out today, by going through
each entry marked "backport" and "vulnerable" manually to see if we
upgraded the package and it now contains an upstream fix or if we've
added a new backport.



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -r1.64 -r1.65
--- fc5	17 Feb 2006 09:18:01 -0000	1.64
+++ fc5	20 Feb 2006 15:45:02 -0000	1.65
@@ -1,86 +1,88 @@
-Up to date CVE as of CVE email 20060216
-Up to date FC5 as of FC5-Test2-RC
+Up to date CVE as of CVE email 20060219
+Up to date FC5 as of FC5-Test3
 
 1. Removed packages with security issues that are no longer in FC5 
 (iiimf, libungif, slocate)
 2. Verified all marked as 'version', inc tricky packages like openssl 
 and httpd
-3. Looked at those markedbackport where we ship a newer version, manually
-looked at rest marked  backport
+3. Looked at those marked backport where we ship a newer version, manually
+looked at rest marked backport
 4. Looked at CVE for any new packages added to FC5
 5. Filed tracking bugs for vulnerable issues
 6. Looked at extra packages in test2 which have had security issues
 (mono, nss, php-pear)
 7. Double check vulnerables and file fc5test2 bugs
+8. Deal with new/removed packages in fc5test3
+9. Check all marked as backport/vulnerable to see what changed in test3
 
 ** are items that need attention
 
 CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert
-CVE-2006-0645 VULNERABLE (gnutls)
-CVE-2006-0591 VULNERABLE (postgresql)
-CVE-2006-0576 VULNERABLE (oprofile)
-CVE-2006-0553 VULNERABLE (postgresql, only 8.1)
-CVE-2006-0528 ** evolution [under investigation]
+CVE-2006-0645 version (gnutls, fixed 1.2.10)
+CVE-2006-0591 version (postgresql, fixed 8.0.6)
+CVE-2006-0576 backport (oprofile) oprofile_opcontrol.patch
+CVE-2006-0553 version (postgresql, only 8.1, fixed 8.1.3)
+CVE-2006-0528 VULNERABLE (evolution) [still under investigation]
 CVE-2006-0496 VULNERABLE (mozilla) not fixed upstream
 CVE-2006-0496 VULNERABLE (firefox) not fixed upstream
 CVE-2006-0482 ignore (kernel) sparc only
 CVE-2006-0481 version (libpng, 1.2.7 only)
-CVE-2006-0455 VULNERABLE (gnupg, fixed 1.4.2.1)
-CVE-2006-0454 VULNERABLE (kernel, fixed 2.6.15.3)
+CVE-2006-0455 version (gnupg, fixed 1.4.2.1)
+CVE-2006-0454 backport (kernel, fixed 2.6.15.3) patch-2.6.16-rc3
 CVE-2006-0405 version (libtiff, 3.8.0 only)
 CVE-2006-0369 ignore (mysql) this is not a security issue
-CVE-2006-0321 VULNERABLE (fetchmail, fixed 6.3.2) bz#178724:rawhide
-CVE-2006-0301 VULNERABLE (xpdf) bz#179423:rawhide
-CVE-2006-0301 VULNERABLE (poppler, fixed 0.4.5) bz#179424:rawhide
-CVE-2006-0301 VULNERABLE (kdegraphics) bz#179425:rawhide
-CVE-2006-0299 VULNERABLE (firefox, fixed 1.5.0.1)
+CVE-2006-0321 version (fetchmail, fixed 6.3.2)
+CVE-2006-0301 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2006-0301 version (poppler, fixed 0.4.5)
+CVE-2006-0301 backport (kdegraphics) post-3.5.1-kdegraphics-CVE-2006-0301.diff
+CVE-2006-0299 version (firefox, fixed 1.5.0.1)
 CVE-2006-0299 version (mozilla, 1.8 branch only)
-CVE-2006-0299 VULNERABLE (thunderbird)
-CVE-2006-0298 VULNERABLE (firefox, fixed 1.5.0.1)
+CVE-2006-0299 version (thunderbird, fixed 1.5)
+CVE-2006-0298 version (firefox, fixed 1.5.0.1)
 CVE-2006-0298 version (mozilla, 1.8 branch only)
-CVE-2006-0298 VULNERABLE (thunderbird)
-CVE-2006-0297 VULNERABLE (firefox, fixed 1.5.0.1)
+CVE-2006-0298 version (thunderbird, fixed 1.5)
+CVE-2006-0297 version (firefox, fixed 1.5.0.1)
 CVE-2006-0297 version (mozilla, 1.8 branch only)
-CVE-2006-0297 VULNERABLE (thunderbird)
-CVE-2006-0296 VULNERABLE (firefox, fixed 1.5.0.1)
-CVE-2006-0296 VULNERABLE (mozilla)
-CVE-2006-0296 VULNERABLE (thunderbird)
-CVE-2006-0295 VULNERABLE (firefox, fixed 1.5.0.1)
+CVE-2006-0297 version (thunderbird, fixed 1.5)
+CVE-2006-0296 version (firefox, fixed 1.5.0.1)
+CVE-2006-0296 backport (mozilla) mozilla-1.7.12-CVE-2006-0296-XULDocument.persist.patch
+CVE-2006-0296 version (thunderbird, fixed 1.5)
+CVE-2006-0295 version (firefox, fixed 1.5.0.1)
 CVE-2006-0295 version (mozilla, 1.8 branch only)
-CVE-2006-0295 VULNERABLE (thunderbird)
-CVE-2006-0294 VULNERABLE (firefox, fixed 1.5.0.1)
+CVE-2006-0295 version (thunderbird, fixed 1.5)
+CVE-2006-0294 version (firefox, fixed 1.5.0.1)
 CVE-2006-0294 version (mozilla, 1.8 branch only)
-CVE-2006-0294 VULNERABLE (thunderbird)
-CVE-2006-0293 VULNERABLE (firefox, fixed 1.5.0.1)
+CVE-2006-0294 version (thunderbird, fixed 1.5)
+CVE-2006-0293 version (firefox, fixed 1.5.0.1)
 CVE-2006-0293 version (mozilla, 1.8 branch only)
-CVE-2006-0293 VULNERABLE (thunderbird)
-CVE-2006-0292 VULNERABLE (firefox, fixed 1.5.1)
-CVE-2006-0292 VULNERABLE (mozilla)
-CVE-2006-0292 VULNERABLE (thunderbird)
-CVE-2006-0254 VULNERABLE (tomcat5, fixed 5.5.16) bz#178179:rawhide
+CVE-2006-0293 version (thunderbird, fixed 1.5)
+CVE-2006-0292 version (firefox, fixed 1.5.1)
+CVE-2006-0292 backport (mozilla) mozilla-1.7.12-CVE-2006-0292-javascript-unrooted.patch
+CVE-2006-0292 version (thunderbird, fixed 1.5)
+CVE-2006-0254 backport (tomcat5, fixed 5.5.16)
 CVE-2006-0236 ignore (thunderbird) windows only
-CVE-2006-0225 VULNERABLE (openssh) fc4 bz#168167
-CVE-2006-0208 VULNERABLE (php) fc4 bz#178036
-CVE-2006-0207 VULNERABLE (php, fixed 5.1.2)
-CVE-2006-0200 VULNERABLE (php, fixed 5.1.2)
+CVE-2006-0225 version (openssh, fixed 4.3p2)
+CVE-2006-0208 version (php, fixed 5.1.2)
+CVE-2006-0207 version (php, fixed 5.1.2)
+CVE-2006-0200 version (php, fixed 5.1.2)
 CVE-2006-0197 ignore (xorg-x11) not an issue
 CVE-2006-0144 version (php-pear, not 1.4.4)
 CVE-2006-0097 ignore (php) Windows only
 CVE-2006-0096 ignore (kernel) minor and requires root
-CVE-2006-0095 VULNERABLE (kernel) bz#177916
+CVE-2006-0095 backport (kernel) patch-2.6.16-rc3
 CVE-2006-0082 version (ImageMagick, not 6.2.5.4)
-CVE-2006-0037 VULNERABLE (kernel, only 2.6.14 and 2.6.15) bz#177916
-CVE-2006-0036 VULNERABLE (kernel, only 2.6.14 and 2.6.15) bz#177916
-CVE-2006-0035 VULNERABLE (kernel, only 2.6.14 and 2.6.15) bz#177916
-CVE-2006-0019 VULNERABLE (kdelibs, fixed 3.5.1)
+CVE-2006-0037 backport (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc3
+CVE-2006-0036 backport (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc3
+CVE-2006-0035 backport (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc3
+CVE-2006-0019 version (kdelibs, fixed 3.5.1)
 CVE-2005-4703 ignore (tomcat) windows only
-CVE-2005-4720 VULNERABLE (mozilla)
+CVE-2005-4720 VULNERABLE (mozilla) not fixed upstream plus only DoS
 CVE-2005-4720 version (firefox, fixed 1.5)
 CVE-2005-4720 versoin (thunderbird, fixed 1.5)
 CVE-2005-4685 VULNERABLE (mozilla)
 CVE-2005-4685 VULNERABLE (firefox)
 CVE-2005-4684 VULNERABLE (kdebase) not fixed upstream
-CVE-2005-4667 VULNERABLE (unzip) fc4 bz#178961
+CVE-2005-4667 backport (unzip)
 CVE-2005-4639 version (kernel, fixed 2.6.15)
 CVE-2005-4636 version (openoffice.org, fixed 2.0.1)
 CVE-2005-4635 version (kernel, fixed 2.6.15)
@@ -93,13 +95,13 @@
 CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment
 CVE-2005-4154 ignore (php) don't install untrusted pear packages
 CVE-2005-4153 backport (mailman) mailman-2.1.5-date_overflows.patch
-CVE-2005-4134 ignore (mozilla) http://www.mozilla.org/security/history-title.html
+CVE-2005-4134 backport (mozilla) mozilla-1.7.12-CVE-2005-4134-long-history-dos.patch
 CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html
 CVE-2005-4130 ** (HelixPlayer) no information yet available
 CVE-2005-4126 ** (HelixPlayer) no information yet available
 CVE-2005-4077 version (curl, fixed 7.15.1)
-CVE-2005-3964 VULNERABLE (openmotif) bz#177915:rawhide
-CVE-2005-3962 backport (perl) perl-5.8.7-CVE-2005-3962-bz174684.patch
+CVE-2005-3964 backport (openmotif)
+CVE-2005-3962 version (perl, fixed 5.8.8)
 CVE-2005-3896 ignore (mozilla) recoverable DoS only
 CVE-2005-3883 version (php, fixed 5.1.1 at least)
 CVE-2005-3858 version (kernel, fixed 2.6.13)
@@ -124,46 +126,46 @@
 CVE-2005-3651 version (ethereal, fixed 0.10.14)
 CVE-2005-3632 version (netpbm)
 CVE-2005-3631 version (udev)
-CVE-2005-3628 VULNERABLE (xpdf) bz#177911:rawhide
+CVE-2005-3628 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch
-CVE-2005-3628 VULNERABLE (poppler, fixed 0.4.4) bz#177910:rawhide
-CVE-2005-3628 VULNERABLE (kdegraphics, fixed 3.5.1) bz#177908:rawhide
+CVE-2005-3628 version (poppler, fixed 0.4.4)
+CVE-2005-3628 version (kdegraphics, fixed 3.5.1)
 CVE-2005-3628 backport (cups) cups-CVE-2005-3625,6,7.patch
-CVE-2005-3627 VULNERABLE (xpdf) bz#177911:rawhide
-CVE-2005-3627 VULNERABLE (tetex) bz#177912:rawhide
-CVE-2005-3627 VULNERABLE (poppler, fixed 0.4.4) bz#177910:rawhide
-CVE-2005-3627 VULNERABLE (kdegraphics, fixed 3.5.1) bz#177908:rawhide
+CVE-2005-3627 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3627 backport (tetex)
+CVE-2005-3627 version (poppler, fixed 0.4.4)
+CVE-2005-3627 version (kdegraphics, fixed 3.5.1)
 CVE-2005-3627 backport (cups) cups-CVE-2005-3625,6,7.patch
-CVE-2005-3626 VULNERABLE (xpdf) bz#177911:rawhide
-CVE-2005-3626 VULNERABLE (tetex) bz#177912:rawhide
-CVE-2005-3626 VULNERABLE (poppler, fixed 0.4.4) bz#177910:rawhide
-CVE-2005-3626 VULNERABLE (kdegraphics, fixed 3.5.1) bz#177908:rawhide
+CVE-2005-3626 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3626 backport (tetex)
+CVE-2005-3626 version (poppler, fixed 0.4.4)
+CVE-2005-3626 version (kdegraphics, fixed 3.5.1)
 CVE-2005-3626 backport (cups) cups-CVE-2005-3625,6,7.patch
-CVE-2005-3625 VULNERABLE (xpdf) bz#177911:rawhide
-CVE-2005-3625 VULNERABLE (tetex) bz#177912:rawhide
-CVE-2005-3625 VULNERABLE (poppler, fixed 0.4.4) bz#177910:rawhide
-CVE-2005-3625 VULNERABLE (kdegraphics, fixed 3.5.1) bz#177908:rawhide
+CVE-2005-3625 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3625 backport (tetex)
+CVE-2005-3625 version (poppler, fixed 0.4.4)
+CVE-2005-3625 version (kdegraphics, fixed 3.5.1)
 CVE-2005-3625 backport (cups) cups-CVE-2005-3625,6,7.patch
-CVE-2005-3624 VULNERABLE (xpdf) bz#177911:rawhide
-CVE-2005-3624 VULNERABLE (tetex) bz#177912:rawhide
-CVE-2005-3624 VULNERABLE (poppler, fixed 0.4.4) bz#177910:rawhide
-CVE-2005-3624 VULNERABLE (kdegraphics, fixed 3.5.1) bz#177908:rawhide
+CVE-2005-3624 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3624 backport (tetex)
+CVE-2005-3624 version (poppler, fixed 0.4.4)
+CVE-2005-3624 version (kdegraphics, fixed 3.5.1)
 CVE-2005-3624 backport (cups) cups-CVE-2005-3625,6,7.patch
 CVE-2005-3623 version (kernel, fixed 2.6.14.5)
 CVE-2005-3582 version (ImageMagick) gentoo only
-CVE-2005-3573 VULNERABLE (mailman, fixed 2.1.7) bz#174166:rawhide
+CVE-2005-3573 version (mailman, fixed 2.1.7)
 CVE-2005-3527 version (kernel, fixed 2.6.14 at least)
 CVE-2005-3402 ignore (thunderbird) mozilla say by design
 CVE-2005-3392 version (php, not 5.0)
 CVE-2005-3391 version (php, not 5.0)
-CVE-2005-3390 VULNERABLE (php) bz#174167
+CVE-2005-3390 version (php, fixed 5.1.0)
 CVE-2005-3389 version (php, fixed 5.1.1)
 CVE-2005-3388 version (php, fixed 5.1.1)
 CVE-2005-3358 version (kernel, fixed 2.6.11)
-CVE-2005-3357 VULNERABLE (httpd, affects 2.2.0) bz#177914:rawhide
-CVE-2005-3356 VULNERABLE (kernel)
+CVE-2005-3357 backport (httpd, affects 2.2.0)
+CVE-2005-3356 backport (kernel) patch-2.6.16-rc3
 CVE-2005-3353 version (php, not 5.0)
-CVE-2005-3352 VULNERABLE (httpd, fixed 2.2.1) bz#177913:rawhide
+CVE-2005-3352 backport (httpd, fixed 2.2.1)
 CVE-2005-3351 version (spamassassin, fixed 3.1.0)
 CVE-2005-3322 version (squid) not upstream, SUSE only
 CVE-2005-3319 ignore (mod_php) no security consequence
@@ -185,21 +187,21 @@
 CVE-2005-3243 version (ethereal, fixed 0.10.13)
 CVE-2005-3242 version (ethereal, fixed 0.10.13)
 CVE-2005-3241 version (ethereal, fixed 0.10.13)
-CVE-2005-3193 VULNERABLE (xpdf, fixed 3.0.1pl1) bz#177911:rawhide
+CVE-2005-3193 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3193 backport (tetex) tetex-3.0-CVE-2005-3193.patch
 CVE-2005-3193 backport (cups) cups-CVE-2005-3625,6,7.patch
-CVE-2005-3193 VULNERABLE (poppler, fixed 0.4.4) bz#177910:rawhide
-CVE-2005-3193 VULNERABLE (kdegraphics, fixed 3.5.1) bz#177908:rawhide
-CVE-2005-3192 VULNERABLE (xpdf, fixed 3.0.1pl1) bz#177911:rawhide
+CVE-2005-3193 version (poppler, fixed 0.4.4)
+CVE-2005-3193 version (kdegraphics, fixed 3.5.1)
+CVE-2005-3192 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch
 CVE-2005-3192 backport (cups) cups-CVE-2005-3625,6,7.patch
-CVE-2005-3192 VULNERABLE (poppler, fixed 0.4.4) bz#177910:rawhide
-CVE-2005-3192 VULNERABLE (kdegraphics, fixed 3.5.1) bz#177908:rawhide
-CVE-2005-3191 VULNERABLE (xpdf, fixed 3.0.1pl1) bz#177911:rawhide
+CVE-2005-3192 version (poppler, fixed 0.4.4)
+CVE-2005-3192 version (kdegraphics, fixed 3.5.1)
+CVE-2005-3191 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch
 CVE-2005-3191 backport (cups) cups-CVE-2005-3625,6,7.patch
-CVE-2005-3191 VULNERABLE (poppler, fixed 0.4.4) bz#177910:rawhide
-CVE-2005-3191 VULNERABLE (kdegraphics, fixed 3.5.1) bz#177908:rawhide
+CVE-2005-3191 version (poppler, fixed 0.4.4)
+CVE-2005-3191 version (kdegraphics, fixed 3.5.1)
 CVE-2005-3186 version (gtk2, fixed 2.8.7 at least)
 CVE-2005-3186 backport (gdk-pixbuf)
 CVE-2005-3185 version (wget, fixed 1.10.2 at least)
@@ -223,7 +225,7 @@
 CVE-2005-3054 ignore (php) see bz#169857
 CVE-2005-3053 version (kernel)
 CVE-2005-3044 version (kernel, fixed 2.6.13.2)
-CVE-2005-3011 backport (texinfo)
+CVE-2005-3011 backport (texinfo) texinfo-CAN-2005-3011.patch
 CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
 CVE-2005-2978 version (netpbm, fixed 10.25)
 CVE-2005-2977 version (pam, fixed 0.99.2.1 at least)
@@ -244,7 +246,7 @@
 CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
 CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
 CVE-2005-2874 version (cups, fixed 1.1.23)
-CVE-2005-2873 VULNERABLE (kernel) not fixed upstream
+CVE-2005-2873 VULNERABLE (kernel) not fixed upstream 
 CVE-2005-2872 version (kernel, fixed 2.6.12)
 CVE-2005-2871 version (thunderbird)
 CVE-2005-2871 version (mozilla, fixed 1.7.12)
@@ -282,7 +284,7 @@
 CVE-2005-2701 version (firefox, fixed 1.0.7)
 CVE-2005-2700 version (httpd, fixed 2.0.55) 
 CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch
-CVE-2005-2672 backport (lm_sensors)
+CVE-2005-2672 version (lm_sensors, fixed 2.9.2)
 CVE-2005-2666 version (openssh, fixed 4.0p1)
 CVE-2005-2642 version (mutt) openbsd only
 CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
@@ -372,7 +374,7 @@
 CVE-2005-2099 version (kernel, fixed 2.6.12.5)
 CVE-2005-2098 version (kernel, fixed 2.6.12.5)
 CVE-2005-2097 version (xpdf, fixed 3.0.1)
-CVE-2005-2097 backport (cups)
+CVE-2005-2097 backport (cups) cups-CAN-2005-2097.patch
 CVE-2005-2096 version (rpm, fixed 4.4.2)
 CVE-2005-2096 backport (zlib, fixed 1.2.2.4)
 CVE-2005-2095 version (squirrelmail, fixed 1.4.5)
@@ -653,8 +655,8 @@
 CVE-2005-0174 version (squid, fixed 2.5.STABLE8)
 CVE-2005-0173 version (squid, fixed 2.5.STABLE8)
 CVE-2005-0162 version (openswan, fixed 2.3.0)
-CVE-2005-0156 backport (perl) perl-5.8.5-CAN-2005-0155+0156.patch
-CVE-2005-0155 backport (perl) perl-5.8.5-CAN-2005-0155+0156.patch
+CVE-2005-0156 version (perl, fixed 5.8.8)
+CVE-2005-0155 version (perl, fixed 5.8.8)
 CVE-2005-0152 version (squirrelmail, not 1.4)
 CVE-2005-0150 version (firefox, fixed 1.0)
 CVE-2005-0149 version (mozilla)
@@ -703,7 +705,7 @@
 CVE-2005-0064 version (xpdf, fixed 3.0.1)
 CVE-2005-0064 version (tetex, fixed 3.0)
 CVE-2005-0064 version (kpdf, not 3.4)
-CVE-2005-0064 backport (cups)
+CVE-2005-0064 backport (cups) cups-CAN-2005-0064.patch
 CVE-2005-0039 ignore (kernel) not a vulnerability: don't do this says the rfc
 CVE-2005-0034 version (bind, fixed after 9.3.0)
 CVE-2005-0033 version (bind, not 9)
@@ -892,7 +894,7 @@
 CVE-2004-0956 version (mysql, fixed 4.0.20)
 CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6)
 CVE-2004-0942 version (httpd, fixed 2.0.53)
-CVE-2004-0941 VULNERABLE (gd) bz#177907:rawhide
+CVE-2004-0941 backport (gd)
 CVE-2004-0940 version (httpd, not 2.0)
 CVE-2004-0938 version (freeradius, fixed 1.0.1)
 CVE-2004-0930 version (samba, fixed 3.0.8)
@@ -920,7 +922,7 @@
 CVE-2004-0888 version (xpdf, fixed 3.0.1)
 CVE-2004-0888 version (tetex, fixed 3.0)
 CVE-2004-0888 version (kpdegraphics, not 3.4)
-CVE-2004-0888 backport (cups)
+CVE-2004-0888 backport (cups) cups-CAN-2004-0888.patch
 CVE-2004-0887 version (kernel, fixed 2.6.10)
 CVE-2004-0886 version (libtiff, fixed 3.7.1 at least)
 CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109)
@@ -1074,7 +1076,7 @@
 CVE-2004-0461 version (dhcp, fixed after 3.0.1rc13)
 CVE-2004-0460 version (dhcp, fixed after 3.0.1rc13)
 CVE-2004-0457 version (mysql, fixed after 4.0.20)
-CVE-2004-0452 backport (perl) perl-5.8.5-CAN-2005-0155+0156.patch
+CVE-2004-0452 version (perl, fixed 5.8.8)
 CVE-2004-0447 version (kernel, fixed 2.6.5)
 CVE-2004-0427 version (kernel, fixed 2.6.6)
 CVE-2004-0426 version (rsync, fixed 2.6.1)

More information about the scm-commits mailing list