fedora-security/audit fc6,1.71,1.72

Mon Sep 11 14:20:57 UTC 2006

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20448

Modified Files:
	fc6 
Log Message:
Clear up a few older issues.  The AT issue from 2002 was interesting as
the flaw wasn't in upstream at-3.1.8 but in a patch many distributions
used.  Another patch corrects the flaw in the first patch.



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72

--- fc6	11 Sep 2006 11:45:20 -0000	1.71
+++ fc6	11 Sep 2006 14:20:54 -0000	1.72
@@ -6,7 +6,7 @@
 CVE-2006-4663 ignore (kernel) not a vulnerability
 CVE-2006-4624 VULNERABLE (mailman, fixed 2.1.9rc1)
 CVE-2006-4600 version (openldap, fixed 2.3.25)
-CVE-2006-4561 ** firefox
+CVE-2006-4561 VULNERABLE (firefox)
 CVE-2006-4538 VULNERABLE (kernel, fixed after 2.6.18-rc6)
 CVE-2006-4535 version (kernel, fixed 2.6.18-rc6)
 CVE-2006-4507 ignore (libtiff) can't reproduce
@@ -411,8 +411,7 @@
 CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15)
 CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
 CVE-2006-0019 version (kdelibs, fixed 3.5.1)
-CVE-2005-4809 ** firefox
-CVE-2005-4809 ** thunderbird
+CVE-2005-4809 version (firefox, not 1.0.5.4 at least)
 CVE-2005-4798 version (kernel, not 2.6)
 CVE-2005-4784 ignore (glibc) struct dirent is big enough
 CVE-2005-4746 version (freeradius, fixed 1.0.5)
@@ -1874,7 +1873,7 @@
 CVE-2002-0013 version (net-snmp, fixed 4.2.3)
 CVE-2002-0012 version (net-snmp, fixed 4.2.3)
 CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong
-CVE-2002-0004 ** at http://zoe:10080/message/2002/1/1/76237344
+CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-lexer.patch
 CVE-2002-0003 version (groff, fixed 1.17.2)
 CVE-2002-0002 version (stunnel, fixed 3.22)
 CVE-2002-0001 version (mutt, fixed 1.3.25)


