fedora-security/audit fc5,1.310,1.311 fc6,1.63,1.64

Mark Cox (mjc) fedora-extras-commits at redhat.com
Tue Sep 5 12:23:12 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20888

Modified Files:
	fc5 fc6 
Log Message:
The final 5 2002 CVE are left



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.310
retrieving revision 1.311
diff -u -r1.310 -r1.311
--- fc5	4 Sep 2006 12:56:46 -0000	1.310
+++ fc5	5 Sep 2006 12:23:09 -0000	1.311
@@ -1104,7 +1104,7 @@
 CVE-2005-0064 version (xpdf, fixed 3.0.1)
 CVE-2005-0064 version (tetex, fixed 3.0)
 CVE-2005-0064 version (kdegraphics, not 3.4)
-CVE-2005-0064 backport (cups) cups-CAN-2005-0064.patch
+CVE-2005-0064 version (cups, fixed 1.2.2) [since FEDORA-2006-776] was backport cups-CAN-2005-0064.patch since GA
 CVE-2005-0039 ignore (kernel) not a vulnerability: don't do this says the rfc
 CVE-2005-0034 version (bind, fixed after 9.3.0)
 CVE-2005-0033 version (bind, not 9)


Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- fc6	5 Sep 2006 10:32:44 -0000	1.63
+++ fc6	5 Sep 2006 12:23:09 -0000	1.64
@@ -1621,7 +1621,7 @@
 CVE-2003-0001 version (kernel, not 2.6)
 CVE-2002-2215 version (php, fixed 4.3.0)
 CVE-2002-2214 version (php, fixed 4.2.2)
-CVE-2002-2211 ** bind
+CVE-2002-2211 ignore (bind) see http://www.kb.cert.org/vuls/id/457875
 CVE-2002-2210 ignore (openoffice) binary install only (not rpm install)
 CVE-2002-2204 ignore (rpm) by design
 CVE-2002-2196 version (samba, fixed 2.2.5)
@@ -1630,10 +1630,10 @@
 CVE-2002-2060 version (links, fixed after 2.0pre4)
 CVE-2002-2043 ignore (cyrus-sasl) patch against cyrus-sasl
 CVE-2002-2012 ignore (httpd) not upstream version
-CVE-2002-2010 ** htdig
+CVE-2002-2010 version (htdig, fixed 3.1.6)
 CVE-2002-2009 version (tomcat, fixed 4.0.3)
-CVE-2002-2007 ** tomcat
-CVE-2002-2006 ** tomcat
+CVE-2002-2007 version (tomcat, not 5)
+CVE-2002-2006 version (tomcat, not 5)
 CVE-2002-1976 ignore (ifconfig) "use ip"
 CVE-2002-1963 version (kernel, not 2.6)
 CVE-2002-1914 version (dump, fixed 0.4b29)
@@ -1670,7 +1670,7 @@
 CVE-2002-1471 version (evolution, fixed 1.1.1 at least)
 CVE-2002-1405 version (lynx, fixed 2.8.5dev9)
 CVE-2002-1402 version (postgresql, fixed 7.2.2)
-CVE-2002-1401 ** postgresql (note wasn't fixed in 7.2.3)
+CVE-2002-1401 version (postgresql, fixed 7.2.4)
 CVE-2002-1400 version (postgresql, fixed 7.2.2)
 CVE-2002-1399 version (postgresql, fixed 7.2.3)
 CVE-2002-1398 version (postgresql, fixed 7.2.2)
@@ -1738,7 +1738,8 @@
 CVE-2002-1152 version (kdenetwork, fixed 3.0.3)
 CVE-2002-1151 version (kdenetwork, fixed 3.0.3a)
 CVE-2002-1148 version (tomcat, fixed 4.0.5)
-CVE-2002-1146 ** bind
+CVE-2002-1146 version (bind, not 8.3+)
+CVE-2002-1146 version (glibc, fixed 2.2.6)
 CVE-2002-1131 version (squirrelmail, fixed 1.2.8)
 CVE-2002-1119 version (python, fixed 2.2.2)
 CVE-2002-0989 version (gaim, fixed 0.59.1)
@@ -1756,9 +1757,9 @@
 CVE-2002-0838 version (ggv, fixed 20030119, 2.8.0 at least)
 CVE-2002-0838 version (kdegraphics, fixed 3.0.4)
 CVE-2002-0837 version (wordtrans, fixed 1.1pre13 at least)
-CVE-2002-0836 ** tetex
+CVE-2002-0836 version (tetex, fixed 2.0.2 at least)
 CVE-2002-0834 version (wireshark)
-CVE-2002-0825 ** nss_ldap
+CVE-2002-0825 version (nss_ldap, fixed nss_ldap-198)
 CVE-2002-0822 version (wireshark)
 CVE-2002-0821 version (wireshark)
 CVE-2002-0819 version (arts, fixed cvs 20020707)
@@ -1772,8 +1773,8 @@
 CVE-2002-0714 version (squid, fixed 2.4.STABLE6)
 CVE-2002-0713 version (squid, fixed 2.4.STABLE6)
 CVE-2002-0704 ** kernel
-CVE-2002-0702 ** dhcpd
-CVE-2002-0684 ** bind
+CVE-2002-0702 version (dhcpd, fixed 3.0.1)
+CVE-2002-0684 version (glibc, fixed afted 2.2.5)
 CVE-2002-0682 version (tomcat, fixed 4.1.3)
 CVE-2002-0662 version (scrollkeeper, fixed after 0.3.11)
 CVE-2002-0660 version (libpng, fixed 1.0.14)
@@ -1787,10 +1788,9 @@
 CVE-2002-0655 version (openssl097a, not 0.9.7)
 CVE-2002-0653 version (mod_ssl, not httpd 2.2)
 CVE-2002-0651 version (bind, not 9)
-CVE-2002-0651 ** resolvers
 CVE-2002-0640 version (openssh, fixed after 3.3)
 CVE-2002-0639 version (openssh, fixed after 3.3)
-CVE-2002-0638 ** util-linux
+CVE-2002-0638 version (util-linux, fixed 2.13 at least)
 CVE-2002-0575 version (openssh, fixed 3.2.1)
 CVE-2002-0570 ignore (kernel) not a vulnerability
 CVE-2002-0517 version (XFree86) didn't affect Linux
@@ -1807,9 +1807,10 @@
 CVE-2002-0402 version (wireshark, fixed ethereal 0.9.3)
 CVE-2002-0401 version (wireshark, fixed ethereal 0.9.3)
 CVE-2002-0400 version (bind, fixed 9.2.1)
-CVE-2002-0399 ** tar
+CVE-2002-0399 version (tar, fixed 1.13.26)
 CVE-2002-0392 version (httpd, not 2.2)
-CVE-2002-0391 ** resolvers
+CVE-2002-0391 version (glibc, fixed after 2.2.5)
+CVE-2002-0391 version (krb5, fixed after 1.2.5)
 CVE-2002-0389 ignore (mailman) upstream say not a vulnerability
 CVE-2002-0388 version (mailman, fixed 2.0.11)
 CVE-2002-0384 version (gaim, fixed 0.58)
@@ -1843,7 +1844,7 @@
 CVE-2002-0083 version (openssh, fixed 3.1)
 CVE-2002-0082 version (mod_ssl, not httpd 2.2)
 CVE-2002-0081 version (php, not 4.2+)
-CVE-2002-0080 ** rsync
+CVE-2002-0080 version (rsync, fixed 2.5.3)
 CVE-2002-0069 version (squid, fixed 2.4STABLE4)
 CVE-2002-0068 version (squid, fixed 2.4STABLE4)
 CVE-2002-0067 version (squid, fixed 2.4STABLE4)

More information about the scm-commits mailing list