From bugzilla at redhat.com Tue Aug 1 02:22:19 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 31 Jul 2006 22:22:19 -0400 Subject: [Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 In-Reply-To: Message-ID: <200608010222.k712MJ5d010811@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 morioka at at.wakwak.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |morioka at at.wakwak.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Aug 1 17:07:31 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Aug 2006 13:07:31 -0400 Subject: [Bug 200545] CVE-2006-3913, freeciv: server buffer overflow issues In-Reply-To: Message-ID: <200608011707.k71H7V9c003954@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-3913, freeciv: server buffer overflow issues https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200545 bdpepple at ameritech.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From bdpepple at ameritech.net 2006-08-01 12:58 EST ------- Thanks for the bug report. Packages should be available after the next signing/push. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Aug 1 22:42:50 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Aug 2006 18:42:50 -0400 Subject: [Bug 200794] zope: world writable files In-Reply-To: Message-ID: <200608012242.k71Mgo9h002392@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: zope: world writable files https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200794 ------- Additional Comments From seg at haxxed.com 2006-08-01 18:33 EST ------- The packaging guidelines should probably be updated to recommend not using cp, rather than the approval it currently gives: http://fedoraproject.org/wiki/Packaging/Guidelines#head-0239576e441f9ef53d175c4aec8c12868dffb5ab -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Aug 1 22:57:58 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 Aug 2006 18:57:58 -0400 Subject: [Bug 200794] zope: world writable files In-Reply-To: Message-ID: <200608012257.k71Mvw57002981@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: zope: world writable files https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200794 cweyl at alumni.drew.edu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cweyl at alumni.drew.edu ------- Additional Comments From cweyl at alumni.drew.edu 2006-08-01 18:48 EST ------- A liberal use of %{_fixperms} also helps catch things. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Aug 2 12:15:25 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Aug 2006 08:15:25 -0400 Subject: [Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 In-Reply-To: Message-ID: <200608021215.k72CFPei010230@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 djuran at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djuran at redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Aug 2 14:33:02 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Aug 2006 10:33:02 -0400 Subject: [Bug 191089] multiple vulnerabilities In-Reply-To: Message-ID: <200608021433.k72EX2tY017830@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191089 tibbs at math.uh.edu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fedora-security- | |list at redhat.com ------- Additional Comments From tibbs at math.uh.edu 2006-08-02 10:23 EST ------- Note that Debian has released an update to their stable distro which supposedly fixes 2006-0664, 2006-0665, 2006-0841 and 2006-1577. While the versions don't quite match up (they're at 0.19.2; FE4 has 0.19.4), there might be something which can be used. I'm not sure about 2006-0840. http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00222.html -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Aug 2 18:06:00 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Aug 2006 14:06:00 -0400 Subject: [Bug 200545] CVE-2006-3913, freeciv: server buffer overflow issues In-Reply-To: Message-ID: <200608021806.k72I601a005481@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-3913, freeciv: server buffer overflow issues https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200545 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |NEW Keywords| |Reopened Resolution|NEXTRELEASE | ------- Additional Comments From ville.skytta at iki.fi 2006-08-02 13:56 EST ------- The CVE description of the vulnerability mentions three bugs, but the patch applied in latest freeciv package revisions appears to address only two of them. Maybe this is the missing piece? http://svn.gna.org/viewcvs/freeciv?rev=12146&view=rev -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Aug 2 18:36:01 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Aug 2006 14:36:01 -0400 Subject: [Bug 200793] gallery2: world writable .htaccess In-Reply-To: Message-ID: <200608021836.k72Ia1ci010940@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: gallery2: world writable .htaccess https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200793 jwb at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |2.1-0.23.svn20060524 ------- Additional Comments From jwb at redhat.com 2006-08-02 14:26 EST ------- Fixed in FC-4, FC-5, devel, new package builds requested. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Aug 2 19:38:24 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Aug 2006 15:38:24 -0400 Subject: [Bug 200795] xboard: world writable chess.png In-Reply-To: Message-ID: <200608021938.k72JcOZx020623@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: xboard: world writable chess.png https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200795 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kaboom at oobleck.net |ville.skytta at iki.fi CC| |kaboom at oobleck.net ------- Additional Comments From ville.skytta at iki.fi 2006-08-02 15:29 EST ------- Fixed (FC-4, FC-5, devel) and built (FC-5, devel), will be in the next push. http://buildsys.fedoraproject.org/build-status/job.psp?uid=13622 http://buildsys.fedoraproject.org/build-status/job.psp?uid=13621 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Aug 2 19:40:21 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Aug 2006 15:40:21 -0400 Subject: [Bug 200794] zope: world writable files In-Reply-To: Message-ID: <200608021940.k72JeLd6020871@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: zope: world writable files https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200794 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|gauret at free.fr |ville.skytta at iki.fi CC| |gauret at free.fr ------- Additional Comments From ville.skytta at iki.fi 2006-08-02 15:30 EST ------- Fixed and built for all dists, will be in the next push. http://buildsys.fedoraproject.org/build-status/job.psp?uid=13617 http://buildsys.fedoraproject.org/build-status/job.psp?uid=13618 http://buildsys.fedoraproject.org/build-status/job.psp?uid=13619 http://buildsys.fedoraproject.org/build-status/job.psp?uid=13620 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Aug 2 22:45:57 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 Aug 2006 18:45:57 -0400 Subject: [Bug 200545] CVE-2006-3913, freeciv: server buffer overflow issues In-Reply-To: Message-ID: <200608022245.k72MjvdA032102@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-3913, freeciv: server buffer overflow issues https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200545 ------- Additional Comments From bdpepple at ameritech.net 2006-08-02 18:36 EST ------- Yeah, that should be added to my patch. The report stated this was corrected on July 16th, but the changes you referenced weren't applied to svn until July 24th. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 3 11:13:57 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Aug 2006 07:13:57 -0400 Subject: [Bug 198652] Please pull v0.27 In-Reply-To: Message-ID: <200608031113.k73BDvE7000806@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Please pull v0.27 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198652 ------- Additional Comments From moschny at ipd.uni-karlsruhe.de 2006-08-03 07:04 EST ------- Meanwhile, 0.28 is available, containing new features, enhancements, and bugfixes, see http://venge.net/monotone/NEWS. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 3 23:20:31 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 3 Aug 2006 19:20:31 -0400 Subject: [Bug 198652] Please pull v0.27 In-Reply-To: Message-ID: <200608032320.k73NKVdj018085@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Please pull v0.27 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198652 roland at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.28-2.fc5 ------- Additional Comments From roland at redhat.com 2006-08-03 19:11 EST ------- I've built 0.28 and it should propagate as soon as it gets signed and such. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Aug 4 18:51:03 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 4 Aug 2006 14:51:03 -0400 Subject: [Bug 200794] zope: world writable files In-Reply-To: Message-ID: <200608041851.k74Ip3dV012904@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: zope: world writable files https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200794 gauret at free.fr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |2.3.9-4 ------- Additional Comments From gauret at free.fr 2006-08-04 14:41 EST ------- Thanks for dealing with this while I was on vacation. I confirm that the updated version has correct permissions. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Aug 4 21:43:44 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 4 Aug 2006 17:43:44 -0400 Subject: [Bug 200795] xboard: world writable chess.png In-Reply-To: Message-ID: <200608042143.k74LhiwR023832@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: xboard: world writable chess.png https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200795 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |4.2.7-12.fc5.1 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Aug 7 17:12:57 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Aug 2006 13:12:57 -0400 Subject: [Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 In-Reply-To: Message-ID: <200608071712.k77HCv4n027451@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 ------- Additional Comments From mattdm at mattdm.org 2006-08-07 13:03 EST ------- Can we have an update on this, please? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Aug 7 19:22:42 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Aug 2006 15:22:42 -0400 Subject: [Bug 200545] CVE-2006-3913, freeciv: server buffer overflow issues In-Reply-To: Message-ID: <200608071922.k77JMgMU012465@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-3913, freeciv: server buffer overflow issues https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200545 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA ------- Additional Comments From ville.skytta at iki.fi 2006-08-07 15:13 EST ------- Seems to be fixed now, thanks. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Aug 7 19:30:44 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Aug 2006 15:30:44 -0400 Subject: [Bug 200455] Seamonkey multiple vulnerabilities: CVE-2006-{3113, 3677, 3801-3812} In-Reply-To: Message-ID: <200608071930.k77JUiQ1013486@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Seamonkey multiple vulnerabilities: CVE-2006-{3113,3677,3801-3812} https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200455 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |1.0.4 ------- Additional Comments From ville.skytta at iki.fi 2006-08-07 15:21 EST ------- Fixed in 1.0.3+ according to upstream. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Aug 7 19:44:46 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Aug 2006 15:44:46 -0400 Subject: [Bug 191095] multiple vulnerabilities in thttpds htpasswd utility In-Reply-To: Message-ID: <200608071944.k77JikNq014776@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: multiple vulnerabilities in thttpds htpasswd utility https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191095 ------- Additional Comments From tibbs at math.uh.edu 2006-08-07 15:35 EST ------- Any reason these fixes couldn't go to the FC3 package as well? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Aug 7 20:05:32 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 Aug 2006 16:05:32 -0400 Subject: [Bug 194511] CVE-2006-2894 arbitrary file read vulnerability In-Reply-To: Message-ID: <200608072005.k77K5WRP017301@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2894 arbitrary file read vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194511 ------- Additional Comments From ville.skytta at iki.fi 2006-08-07 15:56 EST ------- I did not find a reference to this CVE in Mozilla advisories, assuming still vulnerable in 1.0.4. Kai, could you investigate? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Aug 8 16:35:30 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Aug 2006 12:35:30 -0400 Subject: [Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 In-Reply-To: Message-ID: <200608081635.k78GZUri018132@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 gilboad at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gilboad at gmail.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Aug 8 16:40:47 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Aug 2006 12:40:47 -0400 Subject: [Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 In-Reply-To: Message-ID: <200608081640.k78GelAn018613@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 icon at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |icon at fedoraproject.org ------- Additional Comments From icon at fedoraproject.org 2006-08-08 12:31 EST ------- Why are we still on 1.5.0.4? Unaddressed security problems in a major network applications generate lots of bad publicity for the project. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Aug 8 16:49:33 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Aug 2006 12:49:33 -0400 Subject: [Bug 201688] Clam AntiVirus Win32-UPX Heap Overflow In-Reply-To: Message-ID: <200608081649.k78GnXN6019202@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Clam AntiVirus Win32-UPX Heap Overflow https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201688 tibbs at math.uh.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Security CC| |fedora-security- | |list at redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Aug 8 17:42:02 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Aug 2006 13:42:02 -0400 Subject: [Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 In-Reply-To: Message-ID: <200608081742.k78Hg2d1022212@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 ------- Additional Comments From fedora at leemhuis.info 2006-08-08 13:32 EST ------- (In reply to comment #4) > Why are we still on 1.5.0.4? We still are AFAICS -- 1.5.0.5 was commited to CVS some days ago (thx Kai!) afaics, but not published yet. That's why I made noise on f-a-b today. See: https://www.redhat.com/archives/fedora-advisory-board/2006-August/msg00051.html -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Aug 8 18:00:03 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Aug 2006 14:00:03 -0400 Subject: [Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 In-Reply-To: Message-ID: <200608081800.k78I038U023271@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 ------- Additional Comments From jkeating at redhat.com 2006-08-08 13:50 EST ------- It had failed to build on s390, an arch I thought I had disabled for FC5 updates building. I've fixed the glitch and attempting to build the update now for publishing later today. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Aug 8 22:37:35 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 Aug 2006 18:37:35 -0400 Subject: [Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 In-Reply-To: Message-ID: <200608082237.k78MbZss008724@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 ------- Additional Comments From updates at fedora.redhat.com 2006-08-08 18:27 EST ------- firefox-1.5.0.6-2.fc5 has been pushed for fc5, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 10 08:31:46 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Aug 2006 04:31:46 -0400 Subject: [Bug 201989] New: CVE-2006-4028, wordpress: multiple vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201989 Summary: CVE-2006-4028, wordpress: multiple vulnerabilities Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: wordpress AssignedTo: jwb at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: extras-qa at fedoraproject.org,fedora-security- list at redhat.com CVE-2006-4028: Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. http://wordpress.org/development/2006/07/wordpress-204/: WordPress 2.0.4, the latest stable release in our Duke series, is available for immediate download. This release contains several important security fixes, so it?s highly recommended for all users. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 10 13:13:01 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Aug 2006 09:13:01 -0400 Subject: [Bug 202019] New: CVE-2006-4028, wordpress: multiple vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=202019 Summary: CVE-2006-4028, wordpress: multiple vulnerabilities Product: Fedora Extras Version: fc4 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: wordpress AssignedTo: jwb at redhat.com ReportedBy: mattdm at mattdm.org QAContact: extras-qa at fedoraproject.org CC: extras-qa at fedoraproject.org,fedora-security- list at redhat.com This also affects FE4. +++ This bug was initially created as a clone of Bug #201989 +++ CVE-2006-4028: Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. http://wordpress.org/development/2006/07/wordpress-204/: WordPress 2.0.4, the latest stable release in our Duke series, is available for immediate download. This release contains several important security fixes, so it?s highly recommended for all users. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 10 13:13:02 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Aug 2006 09:13:02 -0400 Subject: [Bug 201989] CVE-2006-4028, wordpress: multiple vulnerabilities In-Reply-To: Message-ID: <200608101313.k7ADD2kS001563@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4028, wordpress: multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201989 mattdm at mattdm.org changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |202019 nThis| | -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 10 14:50:55 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Aug 2006 10:50:55 -0400 Subject: [Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 In-Reply-To: Message-ID: <200608101450.k7AEotN1008881@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 djuran at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |FC5 ------- Additional Comments From djuran at redhat.com 2006-08-10 10:41 EST ------- So I guess this issue can (finally) be closed. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 10 15:31:03 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Aug 2006 11:31:03 -0400 Subject: [Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 In-Reply-To: Message-ID: <200608101531.k7AFV3hS011957@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 ------- Additional Comments From icon at fedoraproject.org 2006-08-10 11:21 EST ------- Thanks for your hard work! -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 10 19:15:03 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 10 Aug 2006 15:15:03 -0400 Subject: [Bug 194511] CVE-2006-2894 arbitrary file read vulnerability In-Reply-To: Message-ID: <200608101915.k7AJF3pB030400@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2894 arbitrary file read vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194511 ------- Additional Comments From kengert at redhat.com 2006-08-10 15:05 EST ------- I believe this issue is still open. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Aug 12 21:49:34 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 12 Aug 2006 17:49:34 -0400 Subject: [Bug 202019] CVE-2006-4028, wordpress: multiple vulnerabilities In-Reply-To: Message-ID: <200608122149.k7CLnYE0019981@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4028, wordpress: multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=202019 jwb at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |DUPLICATE ------- Additional Comments From jwb at redhat.com 2006-08-12 17:39 EST ------- *** This bug has been marked as a duplicate of 201989 *** -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Aug 12 21:49:45 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 12 Aug 2006 17:49:45 -0400 Subject: [Bug 201989] CVE-2006-4028, wordpress: multiple vulnerabilities In-Reply-To: Message-ID: <200608122149.k7CLnjrh020003@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4028, wordpress: multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201989 jwb at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mattdm at mattdm.org ------- Additional Comments From jwb at redhat.com 2006-08-12 17:40 EST ------- *** Bug 202019 has been marked as a duplicate of this bug. *** -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Aug 12 22:44:43 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 12 Aug 2006 18:44:43 -0400 Subject: [Bug 201989] CVE-2006-4028, wordpress: multiple vulnerabilities In-Reply-To: Message-ID: <200608122244.k7CMih1c021341@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4028, wordpress: multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201989 jwb at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |2.0.4-0 ------- Additional Comments From jwb at redhat.com 2006-08-12 18:34 EST ------- Package updated to 2.0.4 upstream, closing. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Aug 12 22:45:05 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 12 Aug 2006 18:45:05 -0400 Subject: [Bug 202019] CVE-2006-4028, wordpress: multiple vulnerabilities In-Reply-To: Message-ID: <200608122245.k7CMj56I021380@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-4028, wordpress: multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=202019 Bug 202019 depends on bug 201989, which changed state. Bug 201989 Summary: CVE-2006-4028, wordpress: multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201989 What |Old Value |New Value ---------------------------------------------------------------------------- Resolution| |CURRENTRELEASE Status|NEW |CLOSED -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From paul at all-the-johnsons.co.uk Sun Aug 20 10:47:19 2006 From: paul at all-the-johnsons.co.uk (Paul) Date: Sun, 20 Aug 2006 11:47:19 +0100 Subject: A package in review causing me some concern Message-ID: <1156070839.5205.15.camel@T7.Linux> Hi, I think this is the correct list to email this problem to, if it isn't, please forgive me. I have a package in review (BZ #203257 - jfbterm) which I have some concerns about - namely the following 8--> %{__cat} > 60-jfbterm.perms < 0660 /dev/tty0 0660 root 0600 /dev/console 0600 root EOF %{__mkdir_p} -m 755 %{buildroot}%{_sysconfdir}/security/console.perms.d %{__install} -m 644 60-jfbterm.perms \ %{buildroot}%{_sysconfdir}/security/console.perms.d/ <--8 I'm not overly happy with this, but would appreciate some advice on it - I'm not letting the package through due to this concern. TTFN Paul -- "Ist du meine Mutter?" - der leerkinde -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From bressers at redhat.com Wed Aug 23 15:14:48 2006 From: bressers at redhat.com (Josh Bressers) Date: Wed, 23 Aug 2006 11:14:48 -0400 Subject: A package in review causing me some concern In-Reply-To: Your message of "Sun, 20 Aug 2006 11:47:19 BST." <1156070839.5205.15.camel@T7.Linux> Message-ID: <200608231514.k7NFEmp8017017@devserv.devel.redhat.com> > > Hi, > > I think this is the correct list to email this problem to, if it isn't, > please forgive me. This list is the appropriate venue for such a question. I'm sorry about the delay, I've been annoyingly busy lately. > > I have a package in review (BZ #203257 - jfbterm) which I have some > concerns about - namely the following=20 That bugzilla # isn't right (I'm looking on bugzilla.redhat.com) > > 8--> > %{__cat} > 60-jfbterm.perms < # permission definitions 0660 /dev/tty0 0660 root > 0600 /dev/console 0600 root > EOF > > %{__mkdir_p} -m 755 %{buildroot}%{_sysconfdir}/security/console.perms.d > %{__install} -m 644 60-jfbterm.perms \ > %{buildroot}%{_sysconfdir}/security/console.perms.d/ > <--8 > > I'm not overly happy with this, but would appreciate some advice on it - > I'm not letting the package through due to this concern. I see no reason for this package to try adding redundant data to console.perms.d. The packager should be able to to just leave that out and have the package work perfectly. The permissions are already being set elsewhere. Even if jfbterm does need this file, it would be prudent to consider it a bug and leave such things to pam. Thanks. -- JB From ville.skytta at iki.fi Wed Aug 23 16:24:53 2006 From: ville.skytta at iki.fi (Ville =?ISO-8859-1?Q?Skytt=E4?=) Date: Wed, 23 Aug 2006 19:24:53 +0300 Subject: A package in review causing me some concern In-Reply-To: <200608231514.k7NFEmp8017017@devserv.devel.redhat.com> References: <200608231514.k7NFEmp8017017@devserv.devel.redhat.com> Message-ID: <1156350293.2791.9.camel@viper.local> On Wed, 2006-08-23 at 11:14 -0400, Josh Bressers wrote: > > I have a package in review (BZ #203257 - jfbterm) which I have some > > concerns about - namely the following=20 > > That bugzilla # isn't right (I'm looking on bugzilla.redhat.com) Maybe #201170. > > 8--> > > %{__cat} > 60-jfbterm.perms < > # permission definitions > 0660 /dev/tty0 0660 root > > 0600 /dev/console 0600 root > > EOF > > > > %{__mkdir_p} -m 755 %{buildroot}%{_sysconfdir}/security/console.perms.d > > %{__install} -m 644 60-jfbterm.perms \ > > %{buildroot}%{_sysconfdir}/security/console.perms.d/ > > <--8 > > > > I'm not overly happy with this, but would appreciate some advice on it - > > I'm not letting the package through due to this concern. > > I see no reason for this package to try adding redundant data to > console.perms.d. The packager should be able to to just leave that out and > have the package work perfectly. The permissions are already being set > elsewhere. Hmm. I don't see /dev/console or /dev/tty0 being assigned anything in console.perms.d/50-default.perms in FC5. And when I'm logged in at a console of my FC5 box, /dev/console is 0600 scop:root (scop == me), but /dev/tty0 is 0660 root:root. So the /dev/console part seems redundant indeed (with whatever sets it, not 50-default.perms?), but the /dev/tty0 part does not seem so to me. From opensource at till.name Wed Aug 23 23:29:20 2006 From: opensource at till.name (Till Maas) Date: Thu, 24 Aug 2006 01:29:20 +0200 Subject: moodle not up-to-date, missing security fixes Message-ID: <200608240129.42890.opensource@till.name> Aloa, I just noticed that moodle is not up-to-date and misses security fixes, see: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844 I presume that the maintainer will not fix this shortly because he has a lot of outdated packages, see https://www.redhat.com/archives/fedora-extras-list/2006-August/msg00564.html Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From tibbs at math.uh.edu Thu Aug 24 00:10:47 2006 From: tibbs at math.uh.edu (Jason L Tibbitts III) Date: Wed, 23 Aug 2006 19:10:47 -0500 Subject: moodle not up-to-date, missing security fixes In-Reply-To: <200608240129.42890.opensource@till.name> (Till Maas's message of "Thu, 24 Aug 2006 01:29:20 +0200") References: <200608240129.42890.opensource@till.name> Message-ID: >>>>> "TM" == Till Maas writes: TM> Aloa, I just noticed that moodle is not up-to-date and misses TM> security fixes, see: TM> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844 There's not a whole lot of information in that bug report. I see CVE-2006-3951 as being related to this. Is there something else? Do you have a link to the moodle release information that might supply more details? - J< From tibbs at math.uh.edu Thu Aug 24 00:14:48 2006 From: tibbs at math.uh.edu (Jason L Tibbitts III) Date: Wed, 23 Aug 2006 19:14:48 -0500 Subject: moodle not up-to-date, missing security fixes In-Reply-To: (Jason L. Tibbitts, III's message of "Wed, 23 Aug 2006 19:10:47 -0500") References: <200608240129.42890.opensource@till.name> Message-ID: >>>>> "JLT" == Jason L Tibbitts, writes: JLT> I see CVE-2006-3951 as being related to this. Well, maybe not. It seems to be an issue with a separately-distributed add-on to Moodle which isn't in the Fedora package. - J< From opensource at till.name Thu Aug 24 00:22:58 2006 From: opensource at till.name (Till Maas) Date: Thu, 24 Aug 2006 02:22:58 +0200 Subject: moodle not up-to-date, missing security fixes In-Reply-To: References: <200608240129.42890.opensource@till.name> Message-ID: <200608240222.58468.opensource@till.name> On Thursday 24 August 2006 02:10, Jason L Tibbitts III wrote: > >>>>> "TM" == Till Maas writes: > > TM> Aloa, I just noticed that moodle is not up-to-date and misses > TM> security fixes, see: > > TM> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844 > > There's not a whole lot of information in that bug report. > > I see CVE-2006-3951 as being related to this. Is there something > else? Do you have a link to the moodle release information that might > supply more details? The link to the release information is in the URL-Field of the bug report but I added it as a comment because it is easy to overlook - I needed to search for it though I knew it was there ;-) Here is the information: Changelog: http://docs.moodle.org/en/Release_Notes#Various_fixes ----9<---- Moodle 1.5.4 21st May, 2006 (Because this release contains important security fixes, we highly advise that sites using any previous version of Moodle upgrade to this version as soon as possible.) Various fixes Security Improved kses cleaning of html SC#204 Prevent unwanted password change here SC#225 Fix for Secunia Advisory SA18267, plus some logging of suspicious activity. AdoDB tests cleanup after Secunia Advisory SA18267 Fixed $cfg->forceloginforprofiles logic SC#207. Backported from HEAD ---->8---- I did not look into the details. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From tibbs at math.uh.edu Thu Aug 24 00:38:24 2006 From: tibbs at math.uh.edu (Jason L Tibbitts III) Date: Wed, 23 Aug 2006 19:38:24 -0500 Subject: moodle not up-to-date, missing security fixes In-Reply-To: <200608240222.58468.opensource@till.name> (Till Maas's message of "Thu, 24 Aug 2006 02:22:58 +0200") References: <200608240129.42890.opensource@till.name> <200608240222.58468.opensource@till.name> Message-ID: Wow, May 21. Obviously something needs to be done here. I can prep a new release but I have no real way to test it. Do you happen to have a Moodle installation or were you just checking into Ignacio's packages? - J< From opensource at till.name Thu Aug 24 00:47:42 2006 From: opensource at till.name (Till Maas) Date: Thu, 24 Aug 2006 02:47:42 +0200 Subject: moodle not up-to-date, missing security fixes In-Reply-To: References: <200608240129.42890.opensource@till.name> <200608240222.58468.opensource@till.name> Message-ID: <200608240247.51675.opensource@till.name> On Thursday 24 August 2006 02:38, Jason L Tibbitts III wrote: > new release but I have no real way to test it. Do you happen to have > a Moodle installation or were you just checking into Ignacio's > packages? I only looked through his packages, there may be more security updates missing in the list I posted on fedora-extras-list, but because of this beeing a webapp I looked more carefully and it was easy to spot. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From bugzilla at redhat.com Thu Aug 24 19:36:53 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Aug 2006 15:36:53 -0400 Subject: [Bug 200845] roundup: world writable docs In-Reply-To: Message-ID: <200608241936.k7OJarUx027058@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: roundup: world writable docs https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200845 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Keywords| |Security Resolution| |ERRATA CC| |fedora-security- | |list at redhat.com Fixed In Version| |0.8.4-8 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 24 19:37:31 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Aug 2006 15:37:31 -0400 Subject: [Bug 200832] pikdev: world writable docs In-Reply-To: Message-ID: <200608241937.k7OJbV8x027186@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: pikdev: world writable docs https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200832 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Security CC| |fedora-security- | |list at redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 24 19:38:11 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Aug 2006 15:38:11 -0400 Subject: [Bug 200834] fcron: world writable docs In-Reply-To: Message-ID: <200608241938.k7OJcBTt027306@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: fcron: world writable docs https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200834 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Security CC| |fedora-security- | |list at redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 24 19:52:23 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Aug 2006 15:52:23 -0400 Subject: [Bug 203844] New version with security fixes available In-Reply-To: Message-ID: <200608241952.k7OJqNH6028253@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: New version with security fixes available https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844 opensource at till.name changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fedora-security- | |list at redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 24 19:56:52 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Aug 2006 15:56:52 -0400 Subject: [Bug 203844] New version with security fixes available In-Reply-To: Message-ID: <200608241956.k7OJuqdT028749@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: New version with security fixes available https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844 ------- Additional Comments From lmacken at redhat.com 2006-08-24 15:46 EST ------- Ignacio has been MIA for quite some time now, so it's best if someone else can step up and take care of this. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Aug 24 20:05:52 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Aug 2006 16:05:52 -0400 Subject: [Bug 203844] New version with security fixes available In-Reply-To: Message-ID: <200608242005.k7OK5q4i029312@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: New version with security fixes available https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844 tibbs at math.uh.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|ivazquez at ivazquez.net |tibbs at math.uh.edu ------- Additional Comments From tibbs at math.uh.edu 2006-08-24 15:55 EST ------- I'm pushing 1.5.4 through the buildsystem now, on the devel branch. The process is going quite slowly for some reason. If the build goes OK, I will set up a basic installation and test that an upgrade goes smoothly and then push to FC4 and FC5. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Aug 25 03:39:42 2006 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 24 Aug 2006 23:39:42 -0400 Subject: [Bug 203844] New version with security fixes available In-Reply-To: Message-ID: <200608250339.k7P3dgjG021867@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: New version with security fixes available https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203844 tibbs at math.uh.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |1.5.4-1 ------- Additional Comments From tibbs at math.uh.edu 2006-08-24 23:29 EST ------- I have built 1.5.4 for FC4, FC5 and devel; it should appear on the mirrors with the next push. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From j.w.r.degoede at hhs.nl Thu Aug 31 06:20:39 2006 From: j.w.r.degoede at hhs.nl (Hans de Goede) Date: Thu, 31 Aug 2006 08:20:39 +0200 Subject: lesstif security vulnerability Message-ID: <44F67FB7.5020904@hhs.nl> Hi all, Not using bugzilla as lesstif doesn't have a component there (yet), see: http://lwn.net/Alerts/197396/ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4124 Regards, Hans From lmacken at redhat.com Thu Aug 31 06:46:26 2006 From: lmacken at redhat.com (Luke Macken) Date: Thu, 31 Aug 2006 02:46:26 -0400 Subject: lesstif security vulnerability In-Reply-To: <44F67FB7.5020904@hhs.nl> References: <44F67FB7.5020904@hhs.nl> Message-ID: <20060831064626.GA3051@crow.nc.rr.com> On Thu, Aug 31, 2006 at 08:20:39AM +0200, Hans de Goede wrote: > Hi all, > > Not using bugzilla as lesstif doesn't have a component there (yet), see: > http://lwn.net/Alerts/197396/ > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4124 There seems to be a lesstif component under the Fedora Core product. luke From dumas at centre-cired.fr Thu Aug 31 06:41:54 2006 From: dumas at centre-cired.fr (Patrice Dumas) Date: Thu, 31 Aug 2006 08:41:54 +0200 Subject: lesstif security vulnerability In-Reply-To: <44F67FB7.5020904@hhs.nl> References: <44F67FB7.5020904@hhs.nl> Message-ID: <20060831064154.GA2455@centre-cired.fr> On Thu, Aug 31, 2006 at 08:20:39AM +0200, Hans de Goede wrote: > Hi all, > > Not using bugzilla as lesstif doesn't have a component there (yet), see: > http://lwn.net/Alerts/197396/ > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4124 lesstif is built with --enable-production, so should not be vulnerable. I added a comment in the spec. -- Pat