fedora-security/audit fc5,1.392,1.393 fc6,1.144,1.145

Mark Cox (mjc) fedora-extras-commits at redhat.com
Wed Nov 15 11:24:10 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13334

Modified Files:
	fc5 fc6 
Log Message:
Deal with the tricky rebases of kdebase, oprofile, python which needed
more auditing at the source code to verify the outstanding vulnerabilities.



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.392
retrieving revision 1.393
diff -u -r1.392 -r1.393
--- fc5	15 Nov 2006 11:02:50 -0000	1.392
+++ fc5	15 Nov 2006 11:24:07 -0000	1.393
@@ -1,4 +1,4 @@
-Up to date CVE as of CVE email 20061112
+Up to date CVE as of CVE email 20061114
 Up to date FC5 as of 20061114
 
 ** are items that need attention
@@ -40,10 +40,10 @@
 CVE-2006-5229 ignore (openssh) reported not an issue
 CVE-2006-5215 VULNERABLE (xorg-x11-xdm) #212167
 CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167
-CVE-2006-5215 VULNERABLE (kdebase) #212166
+CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession
 CVE-2006-5214 VULNERABLE (xorg-x11-xdm) #212167
 CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167
-CVE-2006-5214 VULNERABLE (kdebase) #212166
+CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession
 CVE-2006-5178 VULNERABLE (php) can't be fixed
 CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only
 CVE-2006-5173 version (kernel, fixed 2.6.18) [since FEDORA-2006-1022] protected by exec-shield
@@ -55,7 +55,7 @@
 CVE-2006-5052 VULNERABLE (openssh, fixed 4.4)
 CVE-2006-5051 backport (openssh, fixed 4.4) [since FEDORA-2006-1011]
 CVE-2006-4997 version (kernel, fixed 2.6.18) [since FEDORA-2006-1022]
-CVE-2006-4980 backport (python) #208166 [since FEDORA-2006-1049]
+CVE-2006-4980 backport (python, fixed 2.4.4 at least) #208166 [since FEDORA-2006-1049]
 CVE-2006-4925 ignore (openssh) client crash only
 CVE-2006-4924 backport (openssh) #207957 [since FEDORA-2006-1011]
 CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr
@@ -493,7 +493,7 @@
 CVE-2006-0670 VULNERABLE (bluez-hcidump)
 CVE-2006-0645 version (gnutls, fixed 1.2.10)
 CVE-2006-0591 version (postgresql, fixed 8.0.6)
-CVE-2006-0576 backport (oprofile) oprofile_opcontrol.patch
+CVE-2006-0576 backport (oprofile, fixed 0.9.2 at least) oprofile_opcontrol.patch
 CVE-2006-0558 version (kernel, fixed 2.6.16) [since FEDORA-2006-233]
 CVE-2006-0557 version (kernel, fixed 2.6.15.6) patch-2.6.16-rc6 [since FEDORA-2006-233]
 CVE-2006-0555 version (kernel, fixed 2.6.16) patch-2.6.16-rc6-git3 [since FEDORA-2006-233]


Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.144
retrieving revision 1.145
diff -u -r1.144 -r1.145
--- fc6	15 Nov 2006 11:02:50 -0000	1.144
+++ fc6	15 Nov 2006 11:24:07 -0000	1.145
@@ -1,4 +1,4 @@
-Up to date CVE as of CVE email 20061112
+Up to date CVE as of CVE email 20061114
 Up to date FC6 as of 20061114
 
 ** are items that need attention
@@ -40,10 +40,10 @@
 CVE-2006-5229 ignore (openssh) not reproduced
 CVE-2006-5215 version (xorg-x11-xdm)
 CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167
-CVE-2006-5215 VULNERABLE (kdebase) #212166
+CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession
 CVE-2006-5214 version (xorg-x11-xdm)
 CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167
-CVE-2006-5214 VULNERABLE (kdebase) #212166
+CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession
 CVE-2006-5178 VULNERABLE (php) can't be fixed
 CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only
 CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield
@@ -55,7 +55,7 @@
 CVE-2006-5052 VULNERABLE (openssh, fixed 4.4)
 CVE-2006-5051 backport (openssh, fixed 4.4)
 CVE-2006-4997 version (kernel, fixed 2.6.18)
-CVE-2006-4980 backport (python)
+CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA
 CVE-2006-4925 ignore (openssh) client crash only
 CVE-2006-4924 backport (openssh, fixed 4.4)
 CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr
@@ -163,7 +163,7 @@
 CVE-2006-3745 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5)
 CVE-2006-3744 backport (ImageMagick)
 CVE-2006-3743 backport (ImageMagick)
-CVE-2006-3742 backport (kdebase) inside kdebase-3.5.4-2-redhat.patch
+CVE-2006-3742 backport (kdebase) inside kdebase-3.5.5-redhat-pam.patch
 CVE-2006-3741 ignore (kernel, fixed 2.6.18-rc7) ia64 only
 CVE-2006-3740 version (libXfont, fixed 1.2.2)
 CVE-2006-3739 version (libXfont, fixed 1.2.2)
@@ -441,7 +441,7 @@
 CVE-2006-0670 version (bluez-hcidump, fixed 1.30)
 CVE-2006-0645 version (gnutls, fixed 1.2.10)
 CVE-2006-0591 version (postgresql, fixed 8.0.6)
-CVE-2006-0576 backport (oprofile) oprofile_opcontrol.patch
+CVE-2006-0576 version (oprofile, fixed 0.9.2 at least) [since FEDORA-2006-1172] was backport since GA
 CVE-2006-0558 version (kernel, fixed 2.6.16)
 CVE-2006-0557 version (kernel, fixed 2.6.15.6)
 CVE-2006-0555 version (kernel, fixed 2.6.16)

More information about the scm-commits mailing list