fedora-security/audit fc6,1.67,1.68

Mark Cox (mjc) fedora-extras-commits at redhat.com
Thu Sep 7 13:44:49 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19294

Modified Files:
	fc6 
Log Message:
Bring up to date as of rawhide yesterday; anything marked ** i've not
done yet



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.67
retrieving revision 1.68
diff -u -r1.67 -r1.68
--- fc6	6 Sep 2006 09:06:11 -0000	1.67
+++ fc6	7 Sep 2006 13:44:46 -0000	1.68
@@ -1,87 +1,89 @@
-Up to date CVE as of CVE email 20060905
-Up to date FC6 as of Test2
+iUp to date CVE as of CVE email 20060906
+Up to date FC6 as of Test3-re20060906.0
 
 ** are items that need attention
 
+CVE-2006-4600 version (openldap, fixed 2.3.25)
 CVE-2006-4561 ** firefox
-CVE-2006-4538 VULNERABLE (kernel)
-CVE-2006-4535 VULNERABLE (kernel)
+CVE-2006-4538 VULNERABLE (kernel) **
+CVE-2006-4535 VULNERABLE (kernel) **
 CVE-2006-4507 ignore (libtiff) can't reproduce
-CVE-2006-4486 VULNERABLE (php, fixed 5.1.6)
-CVE-2006-4485 VULNERABLE (php, fixed 5.1.5)
-CVE-2006-4484 ignore (php, fixed 5.1.5)
+CVE-2006-4486 version (php, fixed 5.1.6)
+CVE-2006-4485 version (php, fixed 5.1.5)
+CVE-2006-4484 version (php, fixed 5.1.5)
 CVE-2006-4484 ignore (gd)
 CVE-2006-4483 ignore (php) not linux
-CVE-2006-4482 VULNERABLE (php, fixed 5.1.5) fc5#204995
+CVE-2006-4482 version (php, fixed 5.1.5)
 CVE-2006-4481 ignore (php) safe mode isn't safe
 CVE-2006-4455 ignore (xchat) client DoS
 CVE-2006-4447 ignore (xorg) not a security issue
 CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable
 CVE-2006-4433 version (php, fixed 5.1.4)
 CVE-2006-4380 version (mysql, fixed 4.1.13)
-CVE-2006-4339 VULNERABLE (openssl)
-CVE-2006-4333 VULNERABLE (wireshark, fixed 0.99.3) bz#204046 [fixed rawhide]
-CVE-2006-4332 VULNERABLE (wireshark, fixed 0.99.3) bz#204046 [fixed rawhide]
-CVE-2006-4331 VULNERABLE (wireshark, fixed 0.99.3) bz#204046 [fixed rawhide]
-CVE-2006-4330 VULNERABLE (wireshark, fixed 0.99.3) bz#204046 [fixed rawhide]
+CVE-2006-4339 backport (openssl, fixed 0.9.8c)
+CVE-2006-4339 backport (openssl097)
+CVE-2006-4333 version (wireshark, fixed 0.99.3)
+CVE-2006-4332 version (wireshark, fixed 0.99.3)
+CVE-2006-4331 version (wireshark, fixed 0.99.3)
+CVE-2006-4330 version (wireshark, fixed 0.99.3)
 CVE-2006-4310 VULNERABLE (firefox)
-CVE-2006-4262 VULNERABLE (cscope) bz#203651 [fixed rawhide]
+CVE-2006-4262 backport (cscope) 
 CVE-2006-4261 VULNERABLE (firefox)
 CVE-2006-4253 VULNERABLE (firefox)
 CVE-2006-4226 VULNERABLE (mysql, fixed 5.0.25,5.1.12) bz#203428
 CVE-2006-4227 VULNERABLE (mysql, fixed 5.0.25,5.1.12) bz#203434
 CVE-2006-4808 ignore (binutils, gas fixed 20050714) this is a bug
 CVE-2006-4807 ignore (binutils, gas fixed 20050721) this is a bug
-CVE-2006-4146 VULNERABLE (gdb) fc5#204845
-CVE-2006-4145 VULNERABLE (kernel, fixed 2.6.17.10)
-CVE-2006-4144 VULNERABLE (ImageMagick, fixed 6.2.9) bz#202775 [fixed rawhide]
-CVE-2006-4096 ** bind
-CVE-2006-4095 ** bind
-CVE-2006-4093 VULERNABLE (kernel, fixed 2.6.17.9)
+CVE-2006-4146 backport (gdb)
+CVE-2006-4145 VULNERABLE (kernel, fixed 2.6.17.10) **
+CVE-2006-4144 backport (ImageMagick, fixed 6.2.9)
+CVE-2006-4096 VULNERABLE (bind)
+CVE-2006-4095 VULNERABLE (bind)
+CVE-2006-4093 VULNERABLE (kernel, fixed 2.6.17.9) **
 CVE-2006-4031 VULNERABLE (mysql, fixed 5.0.24) bz#202675
-CVE-2006-4020 VULNERABLE (php) bz#202676
-CVE-2006-4019 VULNERABLE (squirrelmail, fixed 1.4.8) bz#202677 [fixed rawhide]
+CVE-2006-4020 version (php, fixed 5.1.5)
+CVE-2006-4019 version (squirrelmail, fixed 1.4.8)
 CVE-2006-3918 version (httpd, fixed 2.2.2)
 CVE-2006-3879 version (mikmod, not 3.1.6)
 CVE-2006-3835 version (tomcat, fixed 5.5.17)
 CVE-2006-3813 version (perl) only Red Hat Enterprise Linux affected
 CVE-2006-3812 version (firefox, fixed 1.5.0.5)
-CVE-2006-3812 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3812 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3811 version (firefox, fixed 1.5.0.5)
-CVE-2006-3811 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3811 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3810 version (firefox, fixed 1.5.0.5)
-CVE-2006-3810 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3810 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3809 version (firefox, fixed 1.5.0.5)
-CVE-2006-3809 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3809 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3808 version (firefox, fixed 1.5.0.5)
-CVE-2006-3808 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3808 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3807 version (firefox, fixed 1.5.0.5)
-CVE-2006-3807 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3807 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3806 version (firefox, fixed 1.5.0.5)
-CVE-2006-3806 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3806 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3805 version (firefox, fixed 1.5.0.5)
-CVE-2006-3805 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3805 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3804 version (firefox, fixed 1.5.0.5)
-CVE-2006-3804 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3804 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3803 version (firefox, fixed 1.5.0.5)
-CVE-2006-3803 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3803 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3802 version (firefox, fixed 1.5.0.5)
-CVE-2006-3802 VULNERBALE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3802 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3801 version (firefox, fixed 1.5.0.5)
-CVE-2006-3801 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
-CVE-2006-3747 VULNERABLE (httpd, fixed 2.2.3) bz#202679 [fixed rawhide]
+CVE-2006-3801 version (thunderbird, fixed 1.5.0.5)
+CVE-2006-3747 version (httpd, fixed 2.2.3)
 CVE-2006-3746 version (gnupg, fixed 1.4.5)
-CVE-2006-3745 VULNERABLE (kernel, fixed 2.6.17.10)
-CVE-2006-3744 VULNERABLE (ImageMagick) fc5#202193 [fixed rawhide]
-CVE-2006-3743 VULNERABLE (ImageMagick) fc5#202193 [fixed rawhide]
-CVE-2006-3742 ** (kdebase) fc5#201507
+CVE-2006-3745 VULNERABLE (kernel, fixed 2.6.17.10) **
+CVE-2006-3744 backport (ImageMagick)
+CVE-2006-3743 backport (ImageMagick)
+CVE-2006-3742 ** (kdebase) fc5#201507 **
 CVE-2006-3731 ignore (firefox) just a user complicit crash
-CVE-2006-3694 backport (ruby, fixed 1.8.5)
+CVE-2006-3694 version (ruby, fixed 1.8.5)
 CVE-2006-3677 version (firefox, fixed 1.5.0.5)
-CVE-2006-3677 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3677 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3672 ignore (konqueror) just a crash
 CVE-2006-3665 ignore (squirrelmail) don't enable register_globals!
-CVE-2006-3636 ** mailman
+CVE-2006-3636 VULNERABLE (mailman, fixed 2.1.9)
 CVE-2006-3634 ignore (kernel, fixed 2.6.17.8) s390 only
 CVE-2006-3632 version (wireshark, fixed 0.99.2)
 CVE-2006-3631 version (wireshark, fixed 0.99.2)
@@ -90,13 +92,13 @@
 CVE-2006-3628 version (wireshark, fixed 0.99.2)
 CVE-2006-3627 version (wireshark, fixed 0.99.2)
 CVE-2006-3626 version (kernel, fixed 2.6.17.6)
-CVE-2006-3619 backport (libgcj/fastjar 0.93) gcc41-CVE-2006-3619.patch
+CVE-2006-3619 backport (libgcj/fastjar 0.93) gcc41-CVE-2006-3619.patch **
 CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
 CVE-2006-3469 version (mysql)
-CVE-2006-3468 VULNERABLE (kernel, fixed 2.6.17.8) not fixed upstream
+CVE-2006-3468 VULNERABLE (kernel, fixed 2.6.17.8) not fixed upstream **
 CVE-2006-3467 version (freetype, fixed 2.2)
 CVE-2006-3467 ignore (vnc) bz#204052 not a vulnerability
-CVE-2006-3467 VULNERABLE (libXfont) bz#202683 [fixed backport rawhide]
+CVE-2006-3467 backport (libXfont) fdo-7535.patch
 CVE-2006-3465 backport (libtiff) libtiff-3.8.2-ormandy.patch
 CVE-2006-3464 backport (libtiff) libtiff-3.8.2-ormandy.patch
 CVE-2006-3463 backport (libtiff) libtiff-3.8.2-ormandy.patch
@@ -117,10 +119,10 @@
 CVE-2006-3122 version (dhcp, only 2.x)
 CVE-2006-3117 version (openoffice.org, fixed 2.0.3)
 CVE-2006-3113 version (firefox, fixed 1.5.0.5)
-CVE-2006-3113 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
+CVE-2006-3113 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3085 version (kernel, fixed 2.6.17.1)
 CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux
-CVE-2006-3083 VULNERABLE (krb5, fixed 1.5.1, 1.4.4) bz#202688 [fixed rawhide]
+CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4)
 CVE-2006-3082 version (gnupg, fixed 1.4.4)
 CVE-2006-3081 version (mysql, fixed 5.1.18)
 CVE-2006-3057 version (dhcdbd, fixed 1.14)
@@ -129,7 +131,7 @@
 CVE-2006-3016 version (php, fixed 5.1.3)
 CVE-2006-3011 ignore (php) safe mode isn't safe
 CVE-2006-3005 ignore (libjpeg) not a vuln
-CVE-2006-2941 ** mailman
+CVE-2006-2941 VULNERABLE (mailman, fixed 2.1.9)
 CVE-2006-2936 version (kernel, fixed 2.6.17.7)
 CVE-2006-2935 version (kernel, fixed 2.6.17.7)
 CVE-2006-2934 version (kernel, fixed 2.6.17.3)
@@ -198,7 +200,7 @@
 CVE-2006-2199 version (openoffice.org, fixed 2.0.3)
 CVE-2006-2198 version (openoffice.org, fixed 2.0.3)
 CVE-2006-2194 ignore (ppp) pppd not suid
-CVE-2006-2193 VULNERABLE (libtiff) bz#202690 [fixed rawhide 3.8.2-6.fc6]
+CVE-2006-2193 backport (libtiff) libtiff-3.8.2-CVE-2006-2193.patch
 CVE-2006-2120 version (libtiff, fixed 3.8.2 at least)
 CVE-2006-2083 version (rsync, fixed 2.6.8)
 CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP
@@ -278,9 +280,9 @@
 CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue
 CVE-2006-1608 ignore (php) safe mode isn't safe
 CVE-2006-1549 ignore (php) this is not a security issue
-CVE-2006-1548 VULNERABLE (struts, fixed 1.2.9) bz#202692 [fixed rawhide]
-CVE-2006-1547 VULNERABLE (struts, fixed 1.2.9) bz#202692 [fixed rawhide]
-CVE-2006-1546 VULNERABLE (struts, fixed 1.2.9) bz#202692 [fixed rawhide]
+CVE-2006-1548 version (struts, fixed 1.2.9)
+CVE-2006-1547 version (struts, fixed 1.2.9)
+CVE-2006-1546 version (struts, fixed 1.2.9)
 CVE-2006-1542 backport (python) python-2.4.1-canonicalize.patch
 CVE-2006-1531 version (thunderbird, fixed 1.5.0.2)
 CVE-2006-1531 version (firefox, fixed 1.5.0.2)
@@ -300,7 +302,7 @@
 CVE-2006-1516 version (mysql, fixed 5.0.21)
 CVE-2006-1494 version (php)
 CVE-2006-1490 version (php, fixed 5.1.4)
-CVE-2006-1470 VULNERABLE (openldap) bz#202691
+CVE-2006-1470 VULNERABLE (openldap) bz#202691 **
 CVE-2006-1368 version (kernel, fixed 2.6.16)
 CVE-2006-1354 version (freeradius, fixed 1.1.2 at least)
 CVE-2006-1343 version (kernel, fixed 2.6.16.19)
@@ -312,7 +314,7 @@
 CVE-2006-1242 version (kernel, fixed 2.6.16.1)
 CVE-2006-1174 version (shadow-utils, fixed 4.0.3)
 CVE-2006-1173 version (sendmail, fixed 8.13.7)
-CVE-2006-1168 VULNERABLE (ncompress) bz#202693 [fixed rawhide]
+CVE-2006-1168 backport (ncompress) ncompress-4.2.4-bssUnderflow.patch
 CVE-2006-1095 version (mod_python, 3.2.7 only)
 CVE-2006-1079 ignore (httpd) not a vulnerability
 CVE-2006-1078 ignore (httpd) not a vulnerability
@@ -577,7 +579,7 @@
 CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
 CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
 CVE-2005-2874 version (cups, fixed 1.1.23)
-CVE-2005-2873 VULNERABLE (kernel, fixed 2.6.18-rc1) not fixed upstream
+CVE-2005-2873 VULNERABLE (kernel, fixed 2.6.18-rc1) not fixed upstream **
 CVE-2005-2872 version (kernel, fixed 2.6.12)
 CVE-2005-2871 version (thunderbird)
 CVE-2005-2871 version (firefox, fixed 1.0.7)
@@ -1805,7 +1807,7 @@
 CVE-2002-0510 ignore (kernel) see cve
 CVE-2002-0506 version (newt, not 0.5.22 at least)
 CVE-2002-0499 ** kernel
-CVE-2002-0497 backport (mtr) mtr-0.69-CVE-2002-0497.patch  
+CVE-2002-0497 backport (mtr) mtr-0.69-CVE-2002-0497.patch
 CVE-2002-0493 version (tomcat, fixed 4.1.12)
 CVE-2002-0435 version (fileutils, fixed 4.1.7)
 CVE-2002-0429 ** kernel

More information about the scm-commits mailing list