fedora-security/audit fc4,1.300,1.301 fc5,1.215,1.216

Mark Cox (mjc) fedora-extras-commits at redhat.com
Tue Jun 20 08:56:08 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4281

Modified Files:
	fc4 fc5 
Log Message:
Email updates



Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -r1.300 -r1.301
--- fc4	19 Jun 2006 20:44:00 -0000	1.300
+++ fc4	20 Jun 2006 08:56:06 -0000	1.301
@@ -1,5 +1,5 @@
-Up to date CVE as of CVE email 20060615
-Up to date FC4 as of 20060615
+Up to date CVE as of CVE email 20060619
+Up to date FC4 as of 20060619
 
 ** are items that need attention
 
@@ -51,18 +51,18 @@
 CVE-2006-2775 ** mozilla
 CVE-2006-2754 ignore (openldap) This issue is not exploitable
 CVE-2006-2753 verson (mysql, fixed 4.1.20) #193828 [since FEDORA-2006-703]
-CVE-2006-2723 ** firefox (probably ignore)
+CVE-2006-2723 ignore (firefox) disputed
 CVE-2006-2661 VULNERABLE (freetype, fixed 2.2.1) #183677
 CVE-2006-2660 VULNERABLE (php) #195539
 CVE-2006-2656 backport (libtiff) [since FEDORA-2006-591]
-CVE-2006-2629 ** kernel
+CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC
 CVE-2006-2613 ignore (firefox) This isn't an issue on FC
 CVE-2006-2607 backport (vixie-cron) #178431
 CVE-2006-2563 ignore (php) safe mode isn't safe
 CVE-2006-2480 backport (dia) #192538 [since FEDORA-2006-580]
 CVE-2006-2453 backport (dia) #192538 [since FEDORA-2006-580]
 CVE-2006-2452 version (gdm, 2.8.X >= X < 2.15)
-CVE-2006-2449 VULNERABLE (kdebase)
+CVE-2006-2449 backport (kdebase) [since FEDORA-2006-725]
 CVE-2006-2447 version (spamassassin, fixed 3.0.6) #194290 [since FEDORA-2006-658]
 CVE-2006-2444 version (kernel, fixed 2.6.16.18) [since FEDORA-2006-697]
 CVE-2006-2440 backport (ImageMagick) #192279 [since FEDORA-2006-587]
@@ -70,7 +70,7 @@
 CVE-2006-2369 backport (vnc, fixed 4.1.2) #191692 [since FEDORA-2006-557]
 CVE-2006-2366 VULNERABLE (openobex) #192087
 CVE-2006-2362 ignore (binutils) minor crash (not exploitable)
-CVE-2006-2332 ** firefox
+CVE-2006-2332 ignore (firefox) disputed
 CVE-2006-2314 version (postgresql, fixed 8.0.8) [since FEODRA-2006-579]
 CVE-2006-2313 version (postgresql, fixed 8.0.8) [since FEODRA-2006-579]
 CVE-2006-2276 VULNERABLE (quagga) #191377
@@ -85,14 +85,14 @@
 CVE-2006-2073 VULNERABLE (bind)
 CVE-2006-2083 version (rsync, fixed 2.6.8) #190208 [since FEDORA-2006-601]
 CVE-2006-2071 version (kernel, fixed 2.6.16.6) [since FEDORA-2006-423]
-CVE-2006-2057 ** firefox
+CVE-2006-2057 ignore (firefox) not Linux
 CVE-2006-2026 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-474]
 CVE-2006-2025 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-474]
 CVE-2006-2024 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-474]
 CVE-2006-1993 version (firefox, 1.5 only)
 CVE-2006-1991 VULNERABLE (php) #190034
 CVE-2006-1990 VULNERABLE (php) #190034
-CVE-2006-1942 ** firefox
+CVE-2006-1942 ** firefox, fixed 1.5.0.4
 CVE-2006-1940 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
 CVE-2006-1939 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
 CVE-2006-1938 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
@@ -106,7 +106,7 @@
 CVE-2006-1902 ignore (gcc) not a vulnerability
 CVE-2006-1864 version (kernel, fixed 2.6.16.14) [since FEDORA-2006-517]
 CVE-2006-1863 version (kernel, fixed 2.6.16.11) [since FEDORA-2006-500]
-CVE-2006-1862 ** kernel
+CVE-2006-1862 version (kernel) not upstream kernels, only RHEL
 CVE-2006-1861 VULNERABLE (freetype, fixed 2.2.1) #191771
 CVE-2006-1860 version (kernel, fixed 2.6.16.16) [since FEDORA-2006-573]
 CVE-2006-1859 version (kernel, fixed 2.6.16.16) [since FEDORA-2006-573]
@@ -172,7 +172,7 @@
 CVE-2006-1723 VULNERABLE (firefox, fixed 1.0.8)
 CVE-2006-1721 backport (cyrus-sasl, fixd 2.1.21) #189815 [since FEDORA-2006-515]
 CVE-2006-1712 version (mailman, only 2.1.7)
-CVE-2006-1650 ** firefox
+CVE-2006-1650 ignore (firefox) a number of reports don't confirm this
 CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon
 CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue
 CVE-2006-1608 ignore (php) safe mode isn't safe


Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.215
retrieving revision 1.216
diff -u -r1.215 -r1.216
--- fc5	19 Jun 2006 20:44:00 -0000	1.215
+++ fc5	20 Jun 2006 08:56:06 -0000	1.216
@@ -1,5 +1,5 @@
-Up to date CVE as of CVE email 20060615
-Up to date FC5 as of 20060615
+Up to date CVE as of CVE email 20060619
+Up to date FC5 as of 20060619
 
 ** are items that need attention
 
@@ -59,7 +59,7 @@
 CVE-2006-2607 backport (vixie-cron) #177476
 CVE-2006-2563 ignore (php) safe mode isn't safe
 CVE-2006-2452 version (gdm) [since FEDORA-2006-674]
-CVE-2006-2449 VULNERABLE (kdebase)
+CVE-2006-2449 backport (kdebase) #194659 [since FEDORA-2006-726]
 CVE-2006-2447 version (spamassassin, fixed 3.1.3) #194290 [since FEDORA-2006-598]
 CVE-2006-2444 version (kernel, fixed 2.6.16.18) [since FEDORA-2006-698]
 CVE-2006-2440 backport (ImageMagick) #192279 [since FEDORA-2006-588]

More information about the scm-commits mailing list