fedora-security/audit fc7,1.19,1.20
Josh Bressers (bressers)
fedora-extras-commits at redhat.com
Wed Jun 20 20:27:29 UTC 2007
Author: bressers
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22089
Modified Files:
fc7
Log Message:
Deal with a number of CVE ids.
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- fc7 20 Jun 2007 18:59:53 -0000 1.19
+++ fc7 20 Jun 2007 20:27:27 -0000 1.20
@@ -85,7 +85,7 @@
*CVE-2007-1862 (httpd)
*CVE-2007-1859 (xscreensaver)
*CVE-2007-1858 (tomcat)
-*CVE-2007-1856 VULNERABLE (vixie-cron) #235882
+CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch
*CVE-2007-1841 VULNERABLE (ipsec-tools) #238052
*CVE-2007-1804 VULNERABLE (pulseaudio) #235013
*CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014
@@ -347,7 +347,7 @@
*CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
CVE-2006-6332 ignore (kernel) no support for madwifi
-*CVE-2006-6305 ignore (net-snmp) already have the backported patch
+CVE-2006-6305 ignore (net-snmp) already have the backported patch
CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
*CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441]
*CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
@@ -388,7 +388,7 @@
*CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
*CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508
*CVE-2006-5969 (fvwm)
-*CVE-2006-5941 (net-snmp)
+CVE-2006-5941 ignore (net-snmp) dupe CVE-2005-2177
*CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support
*CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109]
*CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4)
@@ -767,7 +767,7 @@
*CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch
*CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC
*CVE-2006-2613 ignore (firefox) This isn't an issue on FC
-*CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_42-bz178431.patch
+CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_48-security.patch
*CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983
*CVE-2006-2563 ignore (php) safe mode isn't safe
*CVE-2006-2502 (cyrus-imapd)
@@ -1108,7 +1108,7 @@
*CVE-2006-0017 (fedora directory server)
*CVE-2006-0016 (fedora directory server)
*CVE-2005-4838 (tomcat)
-*CVE-2005-4837 (net-snmp)
+CVE-2005-4837 version (net-snmp, fixed 5.2.2)
*CVE-2005-4836 (tomcat)
*CVE-2005-4811 version (kernel, fixed 2.6.13)
*CVE-2005-4809 VULNERABLE (firefox)
@@ -1300,7 +1300,7 @@
*CVE-2005-2872 version (kernel, fixed 2.6.12)
*CVE-2005-2871 version (thunderbird)
*CVE-2005-2871 version (firefox, fixed 1.0.7)
-*CVE-2005-2811 version (net-snmp) not upstream, gentoo only
+CVE-2005-2811 version (net-snmp) not upstream, gentoo only
*CVE-2005-2801 version (kernel, fixed 2.6.11)
*CVE-2005-2800 version (kernel, fixed 2.6.12.6)
CVE-2005-2798 version (openssh, fixed 4.2)
@@ -1397,7 +1397,7 @@
*CVE-2005-2261 version (thunderbird, fixed 1.0.5)
*CVE-2005-2261 version (firefox, fixed 1.0.5)
*CVE-2005-2260 version (firefox, fixed 1.0.5)
-*CVE-2005-2177 version (net-snmp, fixed 5.2.1.2)
+CVE-2005-2177 version (net-snmp, fixed 5.2.1.2)
*CVE-2005-2114 version (firefox, fixed 1.0.5)
*CVE-2005-2104 version (sysreport, fixed 1.4.1-5)
CVE-2005-2103 version (gaim, fixed gaim:1.5.0)
@@ -1441,7 +1441,7 @@
*CVE-2005-1751 version (nmap, fixed 3.93 at least)
*CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used
*CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
-*CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least)
+CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least)
*CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
*CVE-2005-1730 (openssl)
*CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch
@@ -1522,7 +1522,7 @@
*CVE-2005-1042 version (php, fixed 4.3.11)
*CVE-2005-1041 version (kernel, fixed 2.6.12)
*CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue
-*CVE-2005-1038 backport (vixie-cron)
+CVE-2005-1038 backport (vixie-cron) vixie-cron-4.1-CAN-2005-1038-fix-race.patch
*CVE-2005-0990 version (sharutils, fixed 4.6 at least)
*CVE-2005-0989 version (thunderbird)
*CVE-2005-0989 version (firefox, fixed 1.0.3)
@@ -1703,7 +1703,7 @@
*CVE-2005-0088 version (mod_python, fixed after 2.7.8)
*CVE-2005-0087 version (alsa-lib, fixed 1.0.9)
*CVE-2005-0086 version (less) didn't affect upstream
-*CVE-2005-0085 version (htdig, fixed 3.1.6-r7)
+CVE-2005-0085 version (htdig, fixed 3.1.6-r7)
*CVE-2005-0084 version (wireshark, fixed 0.10.9)
*CVE-2005-0080 version (mailman) not upstream
*CVE-2005-0078 version (kde, fixed 3.0.5)
@@ -2175,7 +2175,7 @@
*CVE-2003-0961 version (kernel, fixed 2.4.23)
*CVE-2003-0959 version (kernel, fixed 2.4.21)
*CVE-2003-0956 version (kernel, fixed 2.4.22)
-*CVE-2003-0935 version (net-snmp, fixed 5.0.9)
+CVE-2003-0935 version (net-snmp, fixed 5.0.9)
*CVE-2003-0927 version (wireshark, fixed 0.9.16)
*CVE-2003-0926 version (wireshark, fixed 0.9.16)
*CVE-2003-0925 version (wireshark, fixed 0.9.16)
@@ -2372,7 +2372,7 @@
*CVE-2002-2060 version (links, fixed after 2.0pre4)
*CVE-2002-2043 ignore (cyrus-sasl) patch against cyrus-sasl
*CVE-2002-2012 ignore (httpd) not upstream version
-*CVE-2002-2010 version (htdig, fixed 3.1.6)
+CVE-2002-2010 version (htdig, fixed 3.1.6)
*CVE-2002-2009 version (tomcat, fixed 4.0.3)
*CVE-2002-2007 version (tomcat, not 5)
*CVE-2002-2006 version (tomcat, not 5)
@@ -2398,7 +2398,7 @@
*CVE-2002-1573 version (kernel, not 2.6)
*CVE-2002-1572 version (kernel, not 2.6)
*CVE-2002-1571 version (kernel, not 2.6)
-*CVE-2002-1570 version (net-snmp, fixed in 5.0.8 at least)
+CVE-2002-1570 version (net-snmp, fixed in 5.0.8 at least)
*CVE-2002-1568 version (openssl, fixed 0.9.6f)
*CVE-2002-1568 version (openssl097a, fixed 0.9.6f)
*CVE-2002-1567 version (tomcat, fixed 4.1.3)
@@ -2470,7 +2470,7 @@
*CVE-2002-1217 version (tar, fixed 1.13.25)
*CVE-2002-1175 version (fetchmail, fixed 6.2.0)
*CVE-2002-1174 version (fetchmail, fixed 6.2.0)
-*CVE-2002-1170 version (net-snmp, fixed 5.0.6)
+CVE-2002-1170 version (net-snmp, fixed 5.0.6)
*CVE-2002-1165 version (sendmail, fixed 8.12.10 at least)
*CVE-2002-1160 version (pam) was our config
*CVE-2002-1157 version (httpd, not 2.0)
@@ -2601,10 +2601,10 @@
*CVE-2002-0043 version (sudo, fixed 1.6.4)
*CVE-2002-0036 version (krb5, fixed 1.2.5)
*CVE-2002-0029 version (bind, not 9)
-*CVE-2002-0013 version (net-snmp, fixed 4.2.3)
-*CVE-2002-0012 version (net-snmp, fixed 4.2.3)
+CVE-2002-0013 version (net-snmp, fixed 4.2.3)
+CVE-2002-0012 version (net-snmp, fixed 4.2.3)
*CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong
-*CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-lexer.patch
+CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-11-lexer-parser.diff
*CVE-2002-0003 version (groff, fixed 1.17.2)
*CVE-2002-0002 version (stunnel, fixed 3.22)
*CVE-2002-0001 version (mutt, fixed 1.3.25)
@@ -2612,14 +2612,14 @@
*CVE-2001-1429 (mc)
*CVE-2001-0955 version (XFree86, fixed 4.2.0)
CVE-2001-0935 ignore, no-ship (wu-ftpd)
-*CVE-2001-0474 version (mesa, fixed 3.3-14)
-*CVE-2001-0310 (sort)
-*CVE-2001-0235 (vixie-cron)
+CVE-2001-0474 version (mesa, fixed 3.3-14)
+CVE-2001-0310 ignore (sort) mkstemp is now being used
+CVE-2001-0235 (vixie-cron) ** Is this really CVE-2005-1038?
CVE-2001-0187 ignore, no-ship (wu-ftpd)
-*CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch
+CVE-2000-1191 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch
CVE-2000-1137 version (ed, fixed 0.2-18.1)
*CVE-2000-0992 (krb5)
-*CVE-2000-0504 version (libICE, fixed XFree86:4.0.1)
+CVE-2000-0504 version (libICE, fixed XFree86:4.0.1)
CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch
*CVE-1999-1332 (gzip)
CVE-1999-0997 ignore, no-ship (wu-ftpd)
--
fedora-extras-commits mailing list
fedora-extras-commits at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits
More information about the security
mailing list