fedora-security/audit fc6,1.253,1.254 fc7,1.95,1.96
Tomas Hoger (thoger)
fedora-extras-commits at redhat.com
Tue Sep 11 17:24:21 UTC 2007
- Previous message: rpms/kernel/devel patch-2.6.23-rc6.bz2.sign, NONE, 1.1 .cvsignore, 1.681, 1.682 kernel.spec, 1.154, 1.155 linux-2.6-utrace-ptrace-compat-ia64.patch, 1.3, 1.4 linux-2.6-utrace-regset.patch, 1.4, 1.5 linux-2.6-utrace-tracehook.patch, 1.9, 1.10 sources, 1.643, 1.644 upstream, 1.565, 1.566 linux-2.6-sched-cfs-fix-mc.patch, 1.1, NONE linux-2.6-x86-fix-hang-on-C7.patch, 1.1, NONE linux-2.6-xen-fix-bootup.patch, 1.1, NONE linux-2.6-xfs-quota-hashtable-allocation-fix.patch, 1.1, NONE linux-2.6-xfs-sane-filestreams-object-timeout.patch, 1.1, NONE patch-2.6.23-rc5-git1.bz2.sign, 1.1, NONE patch-2.6.23-rc5.bz2.sign, 1.1, NONE
- Next message: fedora-security/audit fc6,1.254,1.255 fc7,1.96,1.97
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4695/audit
Modified Files:
fc6 fc7
Log Message:
Note Fedora updates.
Clean-up some old stuff.
Move few misplaced lines.
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.253
retrieving revision 1.254
diff -u -r1.253 -r1.254
--- fc6 7 Sep 2007 08:42:54 -0000 1.253
+++ fc6 11 Sep 2007 17:24:18 -0000 1.254
@@ -4,10 +4,10 @@
# *CVE are items that need verification for Fedora Core 6
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070907
-# Up to date FC6 as of 20070905
+# Up to date CVE as of CVE email 20070910
+# Up to date FC6 as of 20070910
-CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix
+CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694]
CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
@@ -42,8 +42,9 @@
CVE-2007-3820 ** (kdebase) #248537
CVE-2007-3799 ** (php)
CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654]
-CVE-2007-3782 ** (mysql)
-CVE-2007-3781 ** (mysql)
+CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44)
+CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44)
+CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44)
CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655]
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- fc7 10 Sep 2007 12:20:21 -0000 1.95
+++ fc7 11 Sep 2007 17:24:18 -0000 1.96
@@ -5,11 +5,11 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20070907
-# Up to date FC7 as of 20070905
+# Up to date CVE as of CVE email 20070910
+# Up to date FC7 as of 20070910
CVE-2007-4727 VULNERABLE (lighttpd) #284511
-CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix
+CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
@@ -20,19 +20,19 @@
CVE-2007-4657 VULNERABLE (php, fixed 5.2.4)
CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020]
CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
-CVE-2007-4631 VULNERABLE (qgit) #268381
+CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
-CVE-2007-4560 VULNERABLE (clamav) #260583
+CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
CVE-2007-4558 version (star, fixed 1.5a84) [since FEDORA-2007-1852]
CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]
CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
-CVE-2007-4534 backport (vavoom) #256621 [since CVE-2007-4533]
-CVE-2007-4533 backport (vavoom) #256621 [since CVE-2007-4533]
-CVE-2007-4532 backport (vavoom) #256621 [since CVE-2007-4533]
-CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
+CVE-2007-4534 backport (vavoom) #256621 [since FEDORA-2007-1977]
+CVE-2007-4533 backport (vavoom) #256621 [since FEDORA-2007-1977]
+CVE-2007-4532 backport (vavoom) #256621 [since FEDORA-2007-1977]
+CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 [since FEDORA-2007-2050]
CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
CVE-2007-4400 VULNERABLE (konversation) #253545
@@ -53,6 +53,7 @@
CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885]
+CVE-2007-4138 VULNERABLE (samba, fixed 3.0.26) #286311
CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852]
CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890]
CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765]
@@ -77,15 +78,16 @@
CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699]
CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700]
CVE-2007-3799 ** (php)
-CVE-2007-3781 ** (mysql)
-CVE-2007-3782 ** (mysql)
+CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44)
+CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44)
+CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44)
CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620]
CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3735 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3728 ignore (libsilc, 1.1.1 only)
-CVE-2007-3725 ** (clamav)
+CVE-2007-3725 version (clamav) [since FEDORA-2007-2050]
CVE-2007-3713 backport (centericq) #247979 [since FEDORA-2007-1160]
CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130]
@@ -98,13 +100,13 @@
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033]
CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045]
-CVE-2007-3478 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3477 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3476 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3475 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3474 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3473 VULNERABLE (gd, fixed 2.0.35) #277411
-CVE-2007-3472 VULNERABLE (gd, fixed 2.0.35) #277411
+CVE-2007-3478 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3477 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3476 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3475 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3474 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3473 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
+CVE-2007-3472 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
CVE-2007-3410 backport (HelixPlayer) #245838 [since FEDORA-2007-0756]
CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807
CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
@@ -130,28 +132,27 @@
CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3239 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3238 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
-CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366]
CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
-CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444]
-CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765]
-CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
-CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674]
CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
CVE-2007-3145 VULNERABLE (galeon) **
CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3126 ignore (gimp) just a crash
-CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
+CVE-2007-3122 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
CVE-2007-3121 version (zvbi, fixed 0.2.25) [since FEDORA-2007-0175]
*CVE-2007-3113 VULNERABLE (cacti) #243592
*CVE-2007-3112 VULNERABLE (cacti) #243592
+CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444]
+CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765]
+CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
+CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3089 version (mozilla) #248518 [since FEDORA-2007-1138]
CVE-2007-3025 ignore (clamav, Solaris only)
-CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3024 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
+CVE-2007-3023 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
CVE-2007-3007 ignore (php) safe mode isn't safe
*CVE-2007-2975 (openfire)
CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009]
@@ -182,7 +183,7 @@
CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033]
CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
CVE-2007-2683 backport (mutt)
-*CVE-2007-2654 VULNERABLE (xfsdump) #240396
+CVE-2007-2654 version (xfsdump) #240396
CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154]
CVE-2007-2645 backport (libexif) #240055 [since FEDORA-2007-0414]
*CVE-2007-2637 patch (moin, fixed 1.5.7-2)
@@ -222,8 +223,8 @@
*CVE-2007-2165 VULNERABLE (proftpd) #237533
CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174]
CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1)
-CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219
-*CVE-2007-2028 (freeradius)
+CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
+CVE-2007-2028 version (freeradius)
*CVE-2007-2026 (file)
CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
CVE-2007-1997 version (clamav, fixed in 0.90.2)
@@ -297,7 +298,7 @@
CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729
CVE-2007-1401 ignore (php) unshipped cracklib extension
CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5)
-*CVE-2007-1398 ignore (snort, inline mode not shipped) #232109
+CVE-2007-1398 ignore (snort, inline mode not shipped) #232109, new upstream [since FEDORA-2007-2060]
CVE-2007-1396 ignore (php) feature, not a flaw
*CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2)
*CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3)
@@ -622,7 +623,7 @@
*CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
*CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
-*CVE-2006-5276 VULNERABLE (snort) #229265
+CVE-2006-5276 version (snort) #229265 [since FEDORA-2007-2060]
CVE-2006-5229 ignore (openssh) not reproduced
CVE-2006-5215 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-1409]
*CVE-2006-5215 version (xorg-x11-xdm)
- Previous message: rpms/kernel/devel patch-2.6.23-rc6.bz2.sign, NONE, 1.1 .cvsignore, 1.681, 1.682 kernel.spec, 1.154, 1.155 linux-2.6-utrace-ptrace-compat-ia64.patch, 1.3, 1.4 linux-2.6-utrace-regset.patch, 1.4, 1.5 linux-2.6-utrace-tracehook.patch, 1.9, 1.10 sources, 1.643, 1.644 upstream, 1.565, 1.566 linux-2.6-sched-cfs-fix-mc.patch, 1.1, NONE linux-2.6-x86-fix-hang-on-C7.patch, 1.1, NONE linux-2.6-xen-fix-bootup.patch, 1.1, NONE linux-2.6-xfs-quota-hashtable-allocation-fix.patch, 1.1, NONE linux-2.6-xfs-sane-filestreams-object-timeout.patch, 1.1, NONE patch-2.6.23-rc5-git1.bz2.sign, 1.1, NONE patch-2.6.23-rc5.bz2.sign, 1.1, NONE
- Next message: fedora-security/audit fc6,1.254,1.255 fc7,1.96,1.97
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list