fedora-security/audit fc6,1.112,1.113

Mark Cox (mjc) fedora-extras-commits at redhat.com
Sun Oct 15 13:50:04 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2130

Modified Files:
	fc6 
Log Message:
Bring up to date with latest rawhide spin; xpdf, openmotif, lha, kon2 have
all been removed.  A couple of bits left to investigate and then make sure
we sync with FC6 final package list



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.112
retrieving revision 1.113
diff -u -r1.112 -r1.113
--- fc6	12 Oct 2006 22:07:26 -0000	1.112
+++ fc6	15 Oct 2006 13:50:02 -0000	1.113
@@ -1,47 +1,47 @@
-p to date CVE as of CVE email 20061009
-Up to date FC6 as of Test3
-Up to date dist-fc6 rawhide as of 20060929
+Up to date CVE as of CVE email 20061014
+Up to date FC6 as of re20061014.0
 
 ** are items that need attention
 
+CVE-2006-5229 ** openssh
 CVE-2006-5215 ** (X.org, fixed 20060225?)
 CVE-2006-5214 ** (X.org, fixed 20060225?)
 CVE-2006-5178 VULNERABLE (php) can't be fixed
 CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only
 CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield
-CVE-2006-5170 VULNERABLE (nss_ldap)
+CVE-2006-5170 VULNERABLE (nss_ldap) **check rawhide version
 CVE-2006-5160 ignore (firefox) unverified
 CVE-2006-5159 ignore (firefox) unverified
 CVE-2006-5158 version (kernel, fixed 2.6.15)
-CVE-2006-5072 VULNERABLE (mono) bz#209467
-CVE-2006-5052 VULNERABLE (openssh, fixed 4.4) bz#208459 [FC6Blocker]
-CVE-2006-5051 VULNERABLE (openssh, fixed 4.4) bz#208459 [FC6Blocker]
-CVE-2006-4997 VULNERABLE (kernel, fixed 2.6.18) [in rawhide]
-CVE-2006-4980 VULNERABLE (python) [backport in rawhide]
+CVE-2006-5072 backport (mono)
+CVE-2006-5052 VULNERABLE (openssh, fixed 4.4)
+CVE-2006-5051 backport (openssh, fixed 4.4)
+CVE-2006-4997 version (kernel, fixed 2.6.18)
+CVE-2006-4980 backport (python)
 CVE-2006-4925 ignore (openssh) client crash only
-CVE-2006-4924 VULNERABLE (openssh, fixed 4.4) bz#208459 [FC6Blocker]
+CVE-2006-4924 backport (openssh, fixed 4.4)
 CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr
 CVE-2006-4813 version (kernel, fixed 2.6.13)
 CVE-2006-4812 VULNERABLE (php)
-CVE-2006-4790 VULNERABLE (gnutls, fixed 1.4.4) [backported to 1.4.1-2 in rawhide]
+CVE-2006-4790 backport (gnutls, fixed 1.4.4)
 CVE-2006-4663 ignore (kernel) not a vulnerability
 CVE-2006-4625 ignore (php) safe mode isn't safe
-CVE-2006-4624 VULNERABLE (mailman, fixed 2.1.9rc1) bz#206607 [in rawhide]
+CVE-2006-4624 version (mailman, fixed 2.1.9rc1)
 CVE-2006-4623 version (kernel, fixed 2.6.18-rc1)
 CVE-2006-4600 version (openldap, fixed 2.3.25)
-CVE-2006-4571 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
-CVE-2006-4571 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
-CVE-2006-4570 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
-CVE-2006-4569 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
-CVE-2006-4568 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
-CVE-2006-4567 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
-CVE-2006-4567 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
-CVE-2006-4566 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
-CVE-2006-4566 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
-CVE-2006-4565 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
-CVE-2006-4565 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
+CVE-2006-4571 version (thunderbird, fixed 1.5.0.7)
+CVE-2006-4571 version (firefox, fixed 1.5.0.7)
+CVE-2006-4570 version (thunderbird, fixed 1.5.0.7)
+CVE-2006-4569 version (firefox, fixed 1.5.0.7)
+CVE-2006-4568 version (firefox, fixed 1.5.0.7)
+CVE-2006-4567 version (firefox, fixed 1.5.0.7)
+CVE-2006-4567 version (thunderbird, fixed 1.5.0.7)
+CVE-2006-4566 version (firefox, fixed 1.5.0.7)
+CVE-2006-4566 version (thunderbird, fixed 1.5.0.7)
+CVE-2006-4565 version (firefox, fixed 1.5.0.7)
+CVE-2006-4565 version (thunderbird, fixed 1.5.0.7)
 CVE-2006-4561 VULNERABLE (firefox)
-CVE-2006-4538 VULNERABLE (kernel, fixed after 2.6.18-rc6) [in rawhide]
+CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6)
 CVE-2006-4535 version (kernel, fixed 2.6.18-rc6)
 CVE-2006-4507 ignore (libtiff) can't reproduce
 CVE-2006-4486 version (php, fixed 5.1.6)
@@ -56,15 +56,15 @@
 CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable
 CVE-2006-4433 version (php, fixed 5.1.4)
 CVE-2006-4380 version (mysql, fixed 4.1.13)
-CVE-2006-4343 VULNERABLE (openssl, fixed 0.9.8d) [rawhide]
-CVE-2006-4340 VULNERABLE (nss, fixed 3.11.3) bz#206608 [in rawhide]
+CVE-2006-4343 backport (openssl, fixed 0.9.8d)
+CVE-2006-4340 version (nss, fixed 3.11.3)
 CVE-2006-4339 backport (openssl, fixed 0.9.8c)
 CVE-2006-4339 backport (openssl097)
-CVE-2006-4338 VULNERABLE (gzip) [in rawhide]
-CVE-2006-4337 VULNERABLE (gzip) [in rawhide]
-CVE-2006-4336 VULNERABLE (gzip) [in rawhide]
-CVE-2006-4335 VULNERABLE (gzip) [in rawhide]
-CVE-2006-4334 VULNERABLE (gzip) [in rawhide]
+CVE-2006-4338 backport (gzip)
+CVE-2006-4337 backport (gzip)
+CVE-2006-4336 backport (gzip)
+CVE-2006-4335 backport (gzip)
+CVE-2006-4334 backport (gzip)
 CVE-2006-4433 version (php, fixed 5.1.4)
 CVE-2006-4333 version (wireshark, fixed 0.99.3)
 CVE-2006-4332 version (wireshark, fixed 0.99.3)
@@ -72,8 +72,8 @@
 CVE-2006-4330 version (wireshark, fixed 0.99.3)
 CVE-2006-4310 ignore (firefox) crash only
 CVE-2006-4262 backport (cscope) 
-CVE-2006-4253 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
-CVE-2006-4253 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
+CVE-2006-4253 version (firefox, fixed 1.5.0.7)
+CVE-2006-4253 version (thunderbird, fixed 1.5.0.7)
 CVE-2006-4226 VULNERABLE (mysql, fixed 5.0.26,5.1.12) bz#203428
 CVE-2006-4227 VULNERABLE (mysql, fixed 5.0.26,5.1.12) bz#203434
 CVE-2006-4146 backport (gdb)
@@ -120,16 +120,16 @@
 CVE-2006-3743 backport (ImageMagick)
 CVE-2006-3742 backport (kdebase) inside kdebase-3.5.4-2-redhat.patch
 CVE-2006-3741 ignore (kernel, fixed 2.6.18-rc7) ia64 only
-CVE-2006-3740 VULNERABLE (libXfont, fixed 1.2.2) bz#206609 [in rawhide]
-CVE-2006-3739 VULNERABLE (libXfont, fixed 1.2.2) bz#206609 [in rawhide]
-CVE-2006-3738 VULNERABLE (openssl, fixed 0.9.8d) [in rawhide]
+CVE-2006-3740 version (libXfont, fixed 1.2.2)
+CVE-2006-3739 version (libXfont, fixed 1.2.2)
+CVE-2006-3738 backport (openssl, fixed 0.9.8d)
 CVE-2006-3731 ignore (firefox) just a user complicit crash
 CVE-2006-3694 version (ruby, fixed 1.8.5)
 CVE-2006-3677 version (firefox, fixed 1.5.0.5)
 CVE-2006-3677 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3672 ignore (konqueror) just a crash
 CVE-2006-3665 ignore (squirrelmail) don't enable register_globals!
-CVE-2006-3636 VULNERABLE (mailman, fixed 2.1.9) bz#206607 [in rawhide]
+CVE-2006-3636 version (mailman, fixed 2.1.9)
 CVE-2006-3634 ignore (kernel, fixed 2.6.17.8) s390 only
 CVE-2006-3632 version (wireshark, fixed 0.99.2)
 CVE-2006-3631 version (wireshark, fixed 0.99.2)
@@ -177,9 +177,9 @@
 CVE-2006-3016 version (php, fixed 5.1.3)
 CVE-2006-3011 ignore (php) safe mode isn't safe
 CVE-2006-3005 ignore (libjpeg) not a vuln
-CVE-2006-2941 VULNERABLE (mailman, fixed 2.1.9) bz#206607 [in rawhide]
-CVE-2006-2940 VULNERABLE (openssl, fixed 0.9.8d) [in rawhide]
-CVE-2006-2937 VULNERABLE (openssl, fixed 0.9.8d) [in rawhide]
+CVE-2006-2941 version (mailman, fixed 2.1.9)
+CVE-2006-2940 backport (openssl, fixed 0.9.8d)
+CVE-2006-2937 backport (openssl, fixed 0.9.8d)
 CVE-2006-2936 version (kernel, fixed 2.6.17.7)
 CVE-2006-2935 version (kernel, fixed 2.6.17.7)
 CVE-2006-2934 version (kernel, fixed 2.6.17.3)
@@ -359,7 +359,6 @@
 CVE-2006-1335 version (gnome-screensaver, fixed 2.14)
 CVE-2006-1296 version (beagle, fixed 0.2.4)
 CVE-2006-1273 ignore (firefox) this issue only affects IE
-CVE-2006-1244 ignore (xpdf) duplicate of other cve named issues
 CVE-2006-1242 version (kernel, fixed 2.6.16.1)
 CVE-2006-1174 version (shadow-utils, fixed 4.0.3)
 CVE-2006-1173 version (sendmail, fixed 8.13.7)
@@ -417,7 +416,6 @@
 CVE-2006-0369 ignore (mysql) this is not a security issue
 CVE-2006-0321 version (fetchmail, fixed 6.3.2)
 CVE-2006-0301 version (poppler, fixed 0.4.5)
-CVE-2006-0301 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2006-0301 version (kdegraphics, fixed 3.5.2)
 CVE-2006-0300 version (tar, fixed 1.15.90 at least)
 CVE-2006-0299 version (thunderbird, fixed 1.5)
@@ -487,7 +485,6 @@
 CVE-2005-4153 version (mailman)
 CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html
 CVE-2005-4077 version (curl, fixed 7.15.1)
-CVE-2005-3964 backport (openmotif) from changelog
 CVE-2005-3962 version (perl, fixed 5.8.8)
 CVE-2005-3883 version (php, fixed 5.1.1 at least)
 CVE-2005-3858 version (kernel, fixed 2.6.13)
@@ -515,27 +512,22 @@
 CVE-2005-3629 version (initscripts, fixed 8.29 at least)
 CVE-2005-3628 version (poppler, fixed 0.4.4)
 CVE-2005-3628 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3628 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch
 CVE-2005-3628 version (cups, fixed 1.2.0)
 CVE-2005-3627 version (poppler, fixed 0.4.4)
 CVE-2005-3627 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3627 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3627 backport (tetex)
 CVE-2005-3627 version (cups, fixed 1.2.0)
 CVE-2005-3626 version (poppler, fixed 0.4.4)
 CVE-2005-3626 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3626 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3626 backport (tetex)
 CVE-2005-3626 version (cups, fixed 1.2.0)
 CVE-2005-3625 version (poppler, fixed 0.4.4)
 CVE-2005-3625 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3625 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3625 backport (tetex)
 CVE-2005-3625 version (cups, fixed 1.2.0)
 CVE-2005-3624 version (poppler, fixed 0.4.4)
 CVE-2005-3624 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3624 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3624 backport (tetex)
 CVE-2005-3624 version (cups, fixed 1.2.0)
 CVE-2005-3623 version (kernel, fixed 2.6.14.5)
@@ -577,17 +569,14 @@
 CVE-2005-3241 version (wireshark, fixed 0.10.13)
 CVE-2005-3193 version (poppler, fixed 0.4.4)
 CVE-2005-3193 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3193 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3193 backport (tetex) tetex-3.0-CVE-2005-3193.patch
 CVE-2005-3193 version (cups, fixed 1.2.0)
 CVE-2005-3192 version (poppler, fixed 0.4.4)
 CVE-2005-3192 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3192 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch
 CVE-2005-3192 version (cups, fixed 1.2.0)
 CVE-2005-3191 version (poppler, fixed 0.4.4)
 CVE-2005-3191 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3191 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch
 CVE-2005-3191 version (cups, fixed 1.2.0)
 CVE-2005-3186 version (gtk2, fixed 2.8.7 at least)
@@ -736,7 +725,6 @@
 CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4
 CVE-2005-2099 version (kernel, fixed 2.6.12.5)
 CVE-2005-2098 version (kernel, fixed 2.6.12.5)
-CVE-2005-2097 version (xpdf, fixed 3.0.1)
 CVE-2005-2097 version (cups)
 CVE-2005-2096 version (rpm, fixed 4.4.2)
 CVE-2005-2096 backport (zlib, fixed 1.2.2.4)
@@ -901,7 +889,6 @@
 CVE-2005-0627 version (qt, fixed 3.3.4)
 CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
 CVE-2005-0605 version (libXpm, fixed 3.5.4 at least)
-CVE-2005-0605 backport (openmotif)
 CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour
 CVE-2005-0596 version (php, fixed 5.0)
 CVE-2005-0593 version (firefox)
@@ -974,7 +961,6 @@
 CVE-2005-0209 version (kernel, fixed 2.6.11)
 CVE-2005-0208 version (gaim, fixed 1.1.4)
 CVE-2005-0207 version (kernel, fixed 2.6.11)
-CVE-2005-0206 version (xpdf) only bad patch for 2004-0888
 CVE-2005-0205 version (kdenetwork, not 3.3+)
 CVE-2005-0204 version (kernel) didn't affect upstream
 CVE-2005-0202 version (mailman, fixed 2.1.6)
@@ -1030,7 +1016,6 @@
 CVE-2005-0077 version (perl-DBI, fixed 1.48 at least)
 CVE-2005-0075 version (squirrelmail, fixed 1.4.4)
 CVE-2005-0069 version (vim, fixed 7.0 at least)
-CVE-2005-0064 version (xpdf, fixed 3.0.1)
 CVE-2005-0064 version (tetex, fixed 3.0)
 CVE-2005-0064 version (kdegraphics, not 3.4)
 CVE-2005-0064 version (cups, fixed 1.2.2)
@@ -1152,7 +1137,6 @@
 CVE-2004-1139 version (wireshark, fixed 0.10.8)
 CVE-2004-1138 version (vim, fixed 6.3)
 CVE-2004-1137 version (kernel, fixed 2.6.10)
-CVE-2004-1125 version (xpdf, fixed 3.0.1)
 CVE-2004-1125 version (tetex, at least 3.0)
 CVE-2004-1125 version (kdegraphics, not 3.4)
 CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14)
@@ -1223,7 +1207,6 @@
 CVE-2004-0923 version (cups, fixed 1.2.22)
 CVE-2004-0918 version (squid, fixed 2.4.STABLE7)
 CVE-2004-0914 version (xorg-x11, fixed after 6.8.1)
-CVE-2004-0914 backport (openmotif)
 CVE-2004-0909 version (thunderbird)
 CVE-2004-0909 version (firefox)
 CVE-2004-0907 version (thunderbird)
@@ -1231,8 +1214,6 @@
 CVE-2004-0906 version (thunderbird)
 CVE-2004-0906 version (firefox)
 CVE-2004-0891 version (gaim, fixed 1.0.2)
-CVE-2004-0889 version (xpdf, fixed 3.0.1)
-CVE-2004-0888 version (xpdf, fixed 3.0.1)
 CVE-2004-0888 version (tetex, fixed 3.0)
 CVE-2004-0888 version (kdegraphics, not 3.4)
 CVE-2004-0888 version (cups)
@@ -1285,8 +1266,6 @@
 CVE-2004-0779 version (firefox)
 CVE-2004-0778 version (cvs, fixed 1.11.17)
 CVE-2004-0772 version (krb5, fixed after 1.2.8)
-CVE-2004-0771 backport (lha) changelog
-CVE-2004-0769 backport (lha) changelog
 CVE-2004-0768 version (libpng, fixed 1.2.6)
 CVE-2004-0755 version (ruby, fixed 1.8.1)
 CVE-2004-0754 version (gaim, fixed 0.82)
@@ -1298,17 +1277,13 @@
 CVE-2004-0748 version (httpd, not 2.2)
 CVE-2004-0747 version (httpd, not 2.2)
 CVE-2004-0746 version (kde, fixed 3.3)
-CVE-2004-0745 backport (lha) changelog
 CVE-2004-0721 version (kdelibs, fixed 3.3)
 CVE-2004-0700 version (httpd, not 2.2)
-CVE-2004-0694 backport (lha) changelog
 CVE-2004-0693 version (qt, fixed 3.3.3)
 CVE-2004-0692 version (qt, fixed 3.3.3)
 CVE-2004-0691 version (qt, fixed 3.3.3)
 CVE-2004-0690 version (kdelibs, fixed after 3.2.3)
 CVE-2004-0689 version (kdelibs, fixed 3.3.0)
-CVE-2004-0688 version (openmotif)
-CVE-2004-0687 version (openmotif)
 CVE-2004-0686 version (samba, fixed 3.0.6)
 CVE-2004-0685 version (kernel, not 2.6)
 CVE-2004-0658 ignore (kernel) not a security issue
@@ -1392,8 +1367,6 @@
 CVE-2004-0365 version (wireshark, fixed 0.10.3)
 CVE-2004-0263 version (php, fixed 4.3.5)
 CVE-2004-0256 version (libtool, fixed 1.5.2)
-CVE-2004-0235 backport (lha) changelog
-CVE-2004-0234 backport (lha) changelog
 CVE-2004-0233 version (libutempter, fixed 0.5.5)
 CVE-2004-0232 version (mc, fixed 4.6.0)
 CVE-2004-0231 version (mc, fixed 4.6.0)
@@ -1577,7 +1550,6 @@
 CVE-2003-0459 version (kdelibs, not 3.2)
 CVE-2003-0455 version (ImageMagick)
 CVE-2003-0442 version (php, fixed 4.3.2)
-CVE-2003-0434 version (xpdf, fixed 2.02pl1)
 CVE-2003-0432 version (wireshark, fixed after 0.9.12)
 CVE-2003-0431 version (wireshark, fixed after 0.9.12)
 CVE-2003-0430 version (wireshark, fixed after 0.9.12)
@@ -1740,7 +1712,6 @@
 CVE-2002-1393 version (kde, fixed 3.0.5a)
 CVE-2002-1392 version (mgetty, fixed 1.1.29)
 CVE-2002-1391 version (mgetty, fixed 1.1.29)
-CVE-2002-1384 version (xpdf, fixed 2.02)
 CVE-2002-1384 version (cups, fixed 1.1.18)
 CVE-2002-1383 version (cups, fixed 1.1.18)
 CVE-2002-1380 version (kernel, not 2.6)
@@ -1794,7 +1765,6 @@
 CVE-2002-1160 version (pam) was our config
 CVE-2002-1157 version (httpd, not 2.0)
 CVE-2002-1156 version (httpd, fixed 2.0.43)
-CVE-2002-1155 backport (kon2) kon2-0.3.9b-bufover-fix.patch
 CVE-2002-1152 version (kdenetwork, fixed 3.0.3)
 CVE-2002-1151 version (kdenetwork, fixed 3.0.3a)
 CVE-2002-1148 version (tomcat, fixed 4.0.5)

More information about the scm-commits mailing list