From fedora-extras-commits at redhat.com Sun Jul 1 09:03:04 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Sun, 1 Jul 2007 05:03:04 -0400 Subject: fedora-security/audit fc5,1.461,1.462 Message-ID: <200707010903.l619347Z000681@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv663 Modified Files: fc5 Log Message: Goodbye Fedora Core 5! Index: fc5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc5,v retrieving revision 1.461 retrieving revision 1.462 diff -u -r1.461 -r1.462 --- fc5 18 Jun 2007 17:59:55 -0000 1.461 +++ fc5 1 Jul 2007 09:03:02 -0000 1.462 @@ -1,6 +1,10 @@ Up to date CVE as of CVE email 20061123 Up to date FC5 as of 20061123 +This list is no longer maintained by the Red Hat security +response team as of 29th June 2007 (two months after the +release date of Fedora 7) + ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243891 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From peak at argo.troja.mff.cuni.cz Sun Jul 1 16:14:31 2007 From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky) Date: Sun, 1 Jul 2007 18:14:31 +0200 (CEST) Subject: Need some security advice for systemtap In-Reply-To: <46783FA3.8060704@intel.com> Message-ID: <20070701172628.13DE.0@paddy.troja.mff.cuni.cz> On Mon, 18 Jun 2007, David Smith wrote: > > This might work but be very careful when you do it while multiple threads > > are running. > > I believe I see what you mean here - if one thread raises privilegs > while another thread performs a security-sensitive operation, we've got > a problem. Exactly. On Mon, 18 Jun 2007, Martin Hunt wrote: > "-x pid "doesn't actually do anything except cause target() to return > pid. So disabling it would be pointless. It exists as a convenient way > to pass a value to scripts that wish to filter based on pid. It depends on the script. I can imagine a script that is safe as long as the pid is yours but becomes dangerous when you can give it other pids. E.g. a strace-like script peeking into data being read and written. You need to establish a policy: either the blessed must never leak potentially sensitive data (and the strace-like script is not eligible to be blessed) or -x must be disabled. > So, while the module loads its probes, we kill the start_cmd() process > and create enough new processes to recycle the pid? Then staprun sends > either SIGKILL or SIGUSR1 to the wrong process? Theoretically, if we set > tens of thousands of probes, we would have a few milliseconds to do > this. Unless the parent process is stopped at the right moment... > Run with sudo or root: > >sudo /sbin/insmod close.ko > >sudo chown hunt.hunt /sys/kernel/debug/systemtap/close/* The idea of granting access to systemtap control channel to mortals gives me the creeps and I won't feel better unless you can prove it is not possible to cause any harm when untrusted data is written to the control channel. What about STP_SYMBOLS? On Tue, 19 Jun 2007, Stone, Joshua I wrote: > This should be manageable. When a child process exits, it sends a > SIGCHLD and sits as a zombie until the parent has wait()ed for it. As > long as it's a zombie, the pid won't be recycled. > > We just need to notice in our sig handler that the start_cmd process > died, and make sure we don't try to kill the pid after that. There's still a race condition there: 1. the parent process checks the flag, the child is still alive and flag is reset, ok, let's kill the child 2. the child dies spontaneously, SIGCHLD handler sets a flag and reaps the child's zombie 3. the parent send a signal...oops! It might help to block SIGCHLD temporarily. Or to take waitpid() away from the signal handler and reap zombies synchronously in the main loop. BTW: Is it always safe to call send_request() in a signal handler? And fprintf()? (See ) --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." From bressers at redhat.com Mon Jul 2 12:56:16 2007 From: bressers at redhat.com (Josh Bressers) Date: Mon, 02 Jul 2007 08:56:16 -0400 Subject: Security Response product in Bugzilla, add-tracking-bugs? In-Reply-To: <200706301109.26616.ville.skytta@iki.fi> References: <200706301109.26616.ville.skytta@iki.fi> Message-ID: <13124.1183380976@devserv.devel.redhat.com> > Hi, > > Is the "Security Response" product in Bugzilla and the add-tracking-bugs > functionality for creating dependency trees available for use to people who > are not in the Red Hat security response team? > > Example: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244808 and its > dependencies. > The Fedora team can use it if we so desire. I've mentioned it before in some mails with little response. So far this has been working out really well inside Red Hat for tracking the various bugs we need to use. We have a small perl script that we use to generate the bug dependencies. I'll see about adding it to the Fedora CVS in the near future. Does anyone else have an opinion of this? Thanks. -- JB From fedora-extras-commits at redhat.com Mon Jul 2 19:25:53 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Mon, 2 Jul 2007 15:25:53 -0400 Subject: fedora-security/audit fe5,1.210,1.211 Message-ID: <200707021925.l62JPrFt001667@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1648 Modified Files: fe5 Log Message: FC5 is EOL. Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.210 retrieving revision 1.211 diff -u -r1.210 -r1.211 --- fe5 30 Jun 2007 08:27:52 -0000 1.210 +++ fe5 2 Jul 2007 19:25:50 -0000 1.211 @@ -1,5 +1,8 @@ # $Id$ +This list is no longer maintained by the Fedora Security Response Team +as of 2nd July 2007 (the Fedora Core 5 EOL date). + ** are items that need attention CVE-NOID VULNERABLE (flac123, fixed 0.0.10) #246322 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Jul 2 19:29:41 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Mon, 2 Jul 2007 15:29:41 -0400 Subject: fedora-security/audit fc7,1.31,1.32 Message-ID: <200707021929.l62JTfWj002184@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2162 Modified Files: fc7 Log Message: cve for flac123 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- fc7 30 Jun 2007 08:28:36 -0000 1.31 +++ fc7 2 Jul 2007 19:29:39 -0000 1.32 @@ -4,7 +4,7 @@ *CVE are items that need verification for Fedora 7 -CVE-NOID VULNERABLE (flac123, fixed 0.0.10) #246322 +CVE-2007-3507 VULNERABLE (flac123, fixed 0.0.10) #246322 CVE-2007-4168 VULNERABLE (libexif) #243890 CVE-2007-3478 ** (gd) CVE-2007-3477 ** (gd) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Mon Jul 2 19:31:12 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 Jul 2007 15:31:12 -0400 Subject: [Bug 246322] CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow In-Reply-To: Message-ID: <200707021931.l62JVCJu009172@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow Alias: CVE-2007-3507 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|flac123 0.0.9 vorbis comment|CVE-2007-3507 flac123 0.0.9 |parsing buffer overflow |vorbis comment parsing | |buffer overflow Alias| |CVE-2007-3507 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Wed Jul 4 15:57:52 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Wed, 4 Jul 2007 11:57:52 -0400 Subject: fedora-security/audit fc7,1.32,1.33 Message-ID: <200707041557.l64Fvq5P007640@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7617 Modified Files: fc7 Log Message: Wordpress Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.32 retrieving revision 1.33 diff -u -r1.32 -r1.33 --- fc7 2 Jul 2007 19:29:39 -0000 1.32 +++ fc7 4 Jul 2007 15:57:49 -0000 1.33 @@ -4,6 +4,9 @@ *CVE are items that need verification for Fedora 7 +CVE-2007-3543 ** (wordpress) +CVE-2007-3544 ** (wordpress) +CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3507 VULNERABLE (flac123, fixed 0.0.10) #246322 CVE-2007-4168 VULNERABLE (libexif) #243890 CVE-2007-3478 ** (gd) @@ -19,6 +22,7 @@ CVE-2007-3391 VULNERABLE (wireshark) CVE-2007-3390 VULNERABLE (wireshark) CVE-2007-3389 VULNERABLE (wireshark) +CVE-2007-3378 ignore (php) safe mode escape CVE-2007-3241 ** (wordpress) #245211 CVE-2007-3240 ** (wordpress) #245211 CVE-2007-3239 ** (wordpress) #245211 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Wed Jul 4 17:15:33 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Jul 2007 13:15:33 -0400 Subject: [Bug 246760] New: CVE-2007-3528 dar Blowfish-CBC weakness Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246760 Summary: CVE-2007-3528 dar Blowfish-CBC weakness Product: Fedora Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: low Priority: low Component: dar AssignedTo: lists at forevermore.net ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3528 "The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files." 2.3.4 is in CVS for F-7+, FC-6 appears untreated at the moment. Please mark the F-7 update as a security one in the updates system and add the CVE reference to it (I have no permissions to do that). -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Jul 4 17:15:59 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Jul 2007 13:15:59 -0400 Subject: [Bug 246760] CVE-2007-3528 dar Blowfish-CBC weakness In-Reply-To: Message-ID: <200707041715.l64HFxUa016439@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3528 dar Blowfish-CBC weakness Alias: CVE-2007-3528 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246760 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2007-3528 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Jul 4 17:20:44 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Jul 2007 13:20:44 -0400 Subject: [Bug 245211] Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities In-Reply-To: Message-ID: <200707041720.l64HKij2016815@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245211 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Wordpress 2.2: SQL |Wordpress 2.2(.1): SQL |injection, XSS |injection, XSS, unrestricted |vulnerabilities |file upload vulnerabilities ------- Additional Comments From ville.skytta at iki.fi 2007-07-04 13:20 EST ------- Additional unrestricted file upload issues: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3544 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Wed Jul 4 17:24:41 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Wed, 4 Jul 2007 13:24:41 -0400 Subject: fedora-security/audit fe6,1.124,1.125 Message-ID: <200707041724.l64HOfJe031830@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31812 Modified Files: fe6 Log Message: +nessus-core, dar, wordpress Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.124 retrieving revision 1.125 diff -u -r1.124 -r1.125 --- fe6 30 Jun 2007 08:27:52 -0000 1.124 +++ fe6 4 Jul 2007 17:24:39 -0000 1.125 @@ -2,7 +2,11 @@ ** are items that need attention -CVE-NOID VULNERABLE (flac123, fixed 0.0.10) #246322 +CVE-2007-3546 ignore (nessus-core) Windows only +CVE-2007-3544 ** (wordpress) #245211 +CVE-2007-3543 ** (wordpress) #245211 +CVE-2007-3528 VULNERABLE (dar, fixed 2.3.4) #246760 +CVE-2007-3507 VULNERABLE (flac123, fixed 0.0.10) #246322 CVE-2007-3241 ** (wordpress) #245211 CVE-2007-3240 ** (wordpress) #245211 CVE-2007-3239 ** (wordpress) #245211 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Jul 4 17:24:57 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Wed, 4 Jul 2007 13:24:57 -0400 Subject: fedora-security/audit fc7,1.33,1.34 Message-ID: <200707041724.l64HOv8b031854@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31836 Modified Files: fc7 Log Message: +nessus-core, dar Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.33 retrieving revision 1.34 diff -u -r1.33 -r1.34 --- fc7 4 Jul 2007 15:57:49 -0000 1.33 +++ fc7 4 Jul 2007 17:24:55 -0000 1.34 @@ -4,11 +4,13 @@ *CVE are items that need verification for Fedora 7 -CVE-2007-3543 ** (wordpress) -CVE-2007-3544 ** (wordpress) +CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3546 ignore (nessus-core) Windows only +CVE-2007-3528 VULNERABLE (dar, fixed 2.3.4) #246760 +CVE-2007-3544 ** (wordpress) #245211 +CVE-2007-3543 ** (wordpress) #245211 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3507 VULNERABLE (flac123, fixed 0.0.10) #246322 -CVE-2007-4168 VULNERABLE (libexif) #243890 CVE-2007-3478 ** (gd) CVE-2007-3477 ** (gd) CVE-2007-3476 ** (gd) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Wed Jul 4 17:41:22 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Jul 2007 13:41:22 -0400 Subject: [Bug 246760] CVE-2007-3528 dar Blowfish-CBC weakness In-Reply-To: Message-ID: <200707041741.l64HfMtk018153@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3528 dar Blowfish-CBC weakness Alias: CVE-2007-3528 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246760 ------- Additional Comments From lists at forevermore.net 2007-07-04 13:41 EST ------- Updated in bodhi, should roll out asap. Also updated FC-6 and Epel. This bug should auto-close when F-7 rolls out. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Wed Jul 4 17:46:05 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Wed, 4 Jul 2007 13:46:05 -0400 Subject: fedora-security/audit fc6,1.219,1.220 Message-ID: <200707041746.l64Hk5hV002978@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2958 Modified Files: fc6 Log Message: These were forgotten about. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.219 retrieving revision 1.220 diff -u -r1.219 -r1.220 --- fc6 18 Jun 2007 17:59:55 -0000 1.219 +++ fc6 4 Jul 2007 17:46:02 -0000 1.220 @@ -4,6 +4,13 @@ ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243892 +CVE-2007-3508 ignore (glibc) not an issue +CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] +CVE-2007-3378 ignore (php) safe mode escape +CVE-2007-3126 ignore (gimp) just a crash +*CVE-2007-2894 VULNERABLE (bochs) #241799 +CVE-2007-2876 version (kernel, fixed 2.6.21.5?) [since ?] +*CVE-2007-2874 (wpa_supplicant) #242455 CVE-2007-2873 version (spamassassin, fixed 3.1.9) CVE-2007-2438 VULNERABLE (vim) #238734 CVE-2007-1856 VULNERABLE (vixie-cron) #235882 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Jul 4 17:47:52 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Wed, 4 Jul 2007 13:47:52 -0400 Subject: fedora-security/audit fc7,1.34,1.35 Message-ID: <200707041747.l64HlqCs003093@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3043 Modified Files: fc7 Log Message: Freetype Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- fc7 4 Jul 2007 17:24:55 -0000 1.34 +++ fc7 4 Jul 2007 17:47:49 -0000 1.35 @@ -10,6 +10,7 @@ CVE-2007-3544 ** (wordpress) #245211 CVE-2007-3543 ** (wordpress) #245211 CVE-2007-3508 ignore (glibc) not an issue +CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033] CVE-2007-3507 VULNERABLE (flac123, fixed 0.0.10) #246322 CVE-2007-3478 ** (gd) CVE-2007-3477 ** (gd) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From pierre.monlong at cnes.fr Thu Jul 5 18:19:36 2007 From: pierre.monlong at cnes.fr (Monlong Pierre) Date: Thu, 5 Jul 2007 20:19:36 +0200 Subject: Information page about last security advisories Message-ID: Hi all, I'm new with fedora, and i'm looking for a security information page/site about latest security advisories, Like debian secu. Page : www.debian.org/security/ where I can find : -lastest advisories, with pb classification, description, CVE ref, and of course links to individual patches ... -security repositories, where I can find patches only related to security concerns. I searched these type informations on fedora homepage and wiki but I don't find it. Indeed, if I install critical app on a fedora server , each patches/updates must be qualified before applying, I can't patches these server without assessing impact of Each patches. As some servers are not connected to Internet, I need too to be able to download patches on media (CDROM, USB key,...)... (I think it's possible with yum to make a local repository) Note that RedHat solution is not suitable, as even if the rhn is useful to extract only security updates, it's not possible to easily update server offline, nor to update Package list of a server without connecting it to Internet. Thank for your help. == Pierre Monlong - Antiope/IF/IE Tel : +594 (0)5 94 33 47 53 / Fax : +594 (0)5 94 33 42 59 pierre.monlong at cnes.fr == -------------- next part -------------- An HTML attachment was scrubbed... URL: From bugzilla at redhat.com Thu Jul 5 19:22:46 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jul 2007 15:22:46 -0400 Subject: [Bug 239904] CVE-2007-2627: wordpress sidebar.php XSS In-Reply-To: Message-ID: <200707051922.l65JMk3j014838@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2627: wordpress sidebar.php XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239904 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora ------- Additional Comments From updates at fedoraproject.org 2007-07-05 15:22 EST ------- wordpress-2.2.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 5 19:22:48 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jul 2007 15:22:48 -0400 Subject: [Bug 245211] Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities In-Reply-To: Message-ID: <200707051922.l65JMmEN014866@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245211 ------- Additional Comments From updates at fedoraproject.org 2007-07-05 15:22 EST ------- wordpress-2.2.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 5 19:22:50 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jul 2007 15:22:50 -0400 Subject: [Bug 240970] CVE-2007-2821: wordpress < 2.2 admin-ajax.php SQL injection In-Reply-To: Message-ID: <200707051922.l65JMown014892@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2821: wordpress < 2.2 admin-ajax.php SQL injection https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240970 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora ------- Additional Comments From updates at fedoraproject.org 2007-07-05 15:22 EST ------- wordpress-2.2.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 5 19:22:52 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jul 2007 15:22:52 -0400 Subject: [Bug 239904] CVE-2007-2627: wordpress sidebar.php XSS In-Reply-To: Message-ID: <200707051922.l65JMqh3014920@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2627: wordpress sidebar.php XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239904 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |2.2.1-1.fc7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 5 19:22:54 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jul 2007 15:22:54 -0400 Subject: [Bug 245211] Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities In-Reply-To: Message-ID: <200707051922.l65JMstU014947@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245211 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |2.2.1-1.fc7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 5 19:22:57 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jul 2007 15:22:57 -0400 Subject: [Bug 240970] CVE-2007-2821: wordpress < 2.2 admin-ajax.php SQL injection In-Reply-To: Message-ID: <200707051922.l65JMvB2014973@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2821: wordpress < 2.2 admin-ajax.php SQL injection https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240970 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |2.2.1-1.fc7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 5 19:24:44 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jul 2007 15:24:44 -0400 Subject: [Bug 246760] CVE-2007-3528 dar Blowfish-CBC weakness In-Reply-To: Message-ID: <200707051924.l65JOi3X015572@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3528 dar Blowfish-CBC weakness Alias: CVE-2007-3528 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246760 ------- Additional Comments From updates at fedoraproject.org 2007-07-05 15:24 EST ------- dar-2.3.4-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 5 19:24:46 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jul 2007 15:24:46 -0400 Subject: [Bug 246760] CVE-2007-3528 dar Blowfish-CBC weakness In-Reply-To: Message-ID: <200707051924.l65JOkH8015603@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3528 dar Blowfish-CBC weakness Alias: CVE-2007-3528 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246760 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |2.3.4-1.fc7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 5 19:30:07 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Jul 2007 15:30:07 -0400 Subject: [Bug 245211] Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities In-Reply-To: Message-ID: <200707051930.l65JU7Go016424@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities Alias: CVE-2007-3544 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245211 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |ASSIGNED Keywords| |Reopened Resolution|ERRATA | Alias| |CVE-2007-3544 ------- Additional Comments From ville.skytta at iki.fi 2007-07-05 15:30 EST ------- CVE-2007-3544 is reported against 2.2.1, reopening for verification whether this update is still vulnerable. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Jul 9 19:11:38 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 9 Jul 2007 15:11:38 -0400 Subject: [Bug 247528] CVE-2007-3555: moodle cross site scripting vulnerability In-Reply-To: Message-ID: <200707091911.l69JBcx8011531@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3555: moodle cross site scripting vulnerability Alias: CVE-2007-3555 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247528 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fedora-security- | |list at redhat.com Alias| |CVE-2007-3555 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Mon Jul 9 19:12:53 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Mon, 9 Jul 2007 15:12:53 -0400 Subject: fedora-security/audit fc7,1.35,1.36 fe6,1.125,1.126 Message-ID: <200707091912.l69JCr1Z021711@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21691 Modified Files: fc7 fe6 Log Message: +php-pear-Structures-DataGrid-DataSource-MDB2,moodle Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.35 retrieving revision 1.36 diff -u -r1.35 -r1.36 --- fc7 4 Jul 2007 17:47:49 -0000 1.35 +++ fc7 9 Jul 2007 19:12:51 -0000 1.36 @@ -5,6 +5,8 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) +CVE-2007-3555 VULNERABLE (moodle) #247528 CVE-2007-3546 ignore (nessus-core) Windows only CVE-2007-3528 VULNERABLE (dar, fixed 2.3.4) #246760 CVE-2007-3544 ** (wordpress) #245211 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.125 retrieving revision 1.126 diff -u -r1.125 -r1.126 --- fe6 4 Jul 2007 17:24:39 -0000 1.125 +++ fe6 9 Jul 2007 19:12:51 -0000 1.126 @@ -2,6 +2,8 @@ ** are items that need attention +CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) +CVE-2007-3555 VULNERABLE (moodle) #247528 CVE-2007-3546 ignore (nessus-core) Windows only CVE-2007-3544 ** (wordpress) #245211 CVE-2007-3543 ** (wordpress) #245211 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From emanuele at nettirrena.it Tue Jul 10 18:14:34 2007 From: emanuele at nettirrena.it (emanuele maiarelli) Date: Tue, 10 Jul 2007 20:14:34 +0200 Subject: rpmverify output Message-ID: <4693CC8A.702@nettirrena.it> i'm running rpmverify its return a strange output: rpmverify -a|grep bin ........C /usr/share/locale/en_GB/LC_MESSAGES/kgreet_winbind.mo ........C /usr/share/locale/fi/LC_MESSAGES/kabcformat_binary.mo ........C /usr/share/locale/fi/LC_MESSAGES/kbinaryclock.mo ........C /usr/share/locale/fi/LC_MESSAGES/kgreet_winbind.mo ........C /usr/share/locale/ja/LC_MESSAGES/kabcformat_binary.mo ........C /usr/share/locale/ja/LC_MESSAGES/kbinaryclock.mo ........C /usr/share/locale/ja/LC_MESSAGES/kgreet_winbind.mo ........C /usr/share/locale/sk/LC_MESSAGES/kabcformat_binary.mo ........C /usr/share/locale/sk/LC_MESSAGES/kbinaryclock.mo ........C /usr/share/locale/sk/LC_MESSAGES/kgreet_winbind.mo ........C /usr/bin/firefox ........C /usr/lib/firefox-1.0.7/components/libinspector.so ........C /usr/lib/firefox-1.0.7/firefox-bin ........C /usr/lib/firefox-1.0.7/libgtkxtbin.so ........C /usr/lib/firefox-1.0.7/res/html/gopher-binary.gif ........C /usr/bin/viewfax ........C /usr/sbin/openldap/back_sql-2.2.so.7 ........C /usr/sbin/openldap/back_sql-2.2.so.7.0.22 ........C /usr/sbin/openldap/back_sql.la ........C /usr/bin/amstex ........C /usr/bin/bamstex ........C /usr/bin/bplain ........C /usr/bin/lambda what's mean ........C ? isn't reported in rpm manpages thanks in advice Emanuele Maiarelli From kevin at tummy.com Tue Jul 10 20:06:23 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Tue, 10 Jul 2007 14:06:23 -0600 Subject: rpmverify output In-Reply-To: <4693CC8A.702@nettirrena.it> References: <4693CC8A.702@nettirrena.it> Message-ID: <20070710140623.5fb36e21@ghistelwchlohm.scrye.com> On Tue, 10 Jul 2007 20:14:34 +0200 emanuele maiarelli wrote: > i'm running rpmverify its return a strange output: > > rpmverify -a|grep bin > > ........C /usr/share/locale/en_GB/LC_MESSAGES/kgreet_winbind.mo ...snipp... > ........C /usr/bin/lambda > > > what's mean ........C ? isn't reported in rpm manpages Yeah, not sure why thats not in the man page. Perhaps file a bug against rpm? It means "C selinux Context differs". Are you running with selinux disabled? Somehow the selinux context on those files is now wrong. You can do a 'fixfiles relabel' or a 'touch /.autorelabel' and reboot to try and fix them. > > thanks in advice > > Emanuele Maiarelli kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From emanuele at nettirrena.it Tue Jul 10 20:49:36 2007 From: emanuele at nettirrena.it (Emanuele Maiarelli) Date: Tue, 10 Jul 2007 22:49:36 +0200 (CEST) Subject: rpmverify output In-Reply-To: <20070710140623.5fb36e21@ghistelwchlohm.scrye.com> References: <4693CC8A.702@nettirrena.it> <20070710140623.5fb36e21@ghistelwchlohm.scrye.com> Message-ID: <3699.217.220.195.222.1184100576.squirrel@mail.nettirrena.it> after running 'fixfiles relabel' rpmverify still report the flag, have it to reboot? > On Tue, 10 Jul 2007 20:14:34 +0200 > emanuele maiarelli wrote: > >> i'm running rpmverify its return a strange output: >> >> rpmverify -a|grep bin >> >> ........C /usr/share/locale/en_GB/LC_MESSAGES/kgreet_winbind.mo > > ...snipp... > >> ........C /usr/bin/lambda >> >> >> what's mean ........C ? isn't reported in rpm manpages > > Yeah, not sure why thats not in the man page. Perhaps file a bug > against rpm? > > It means "C selinux Context differs". > > Are you running with selinux disabled? Somehow the selinux context on > those files is now wrong. You can do a 'fixfiles relabel' or a > 'touch /.autorelabel' and reboot to try and fix them. > >> >> thanks in advice >> >> Emanuele Maiarelli > > kevin > -- Emanuele Maiarelli Nettirrena s.r.l. LUCCA IT http://www.nettirrena.it emanuele at nettirrena.it tel. +39 0583 312257 fax. +39 0583 316373 From kevin at tummy.com Tue Jul 10 22:13:37 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Tue, 10 Jul 2007 16:13:37 -0600 Subject: rpmverify output In-Reply-To: <3699.217.220.195.222.1184100576.squirrel@mail.nettirrena.it> References: <4693CC8A.702@nettirrena.it> <20070710140623.5fb36e21@ghistelwchlohm.scrye.com> <3699.217.220.195.222.1184100576.squirrel@mail.nettirrena.it> Message-ID: <20070710161337.347aa06b@ghistelwchlohm.scrye.com> On Tue, 10 Jul 2007 22:49:36 +0200 (CEST) "Emanuele Maiarelli" wrote: > after running 'fixfiles relabel' rpmverify still report the flag, > have it to reboot? It's typically better to use the 'touch /.autorelabel' and reboot than to use fixfiles. I suppose you could also try the 'fixfiles -Ra restore' command. That should restore selinux contexts from the rpm database. Do you have selinux enabled? If you are disabling it (see /etc/sysconfig/selinux) then it's not going to be able to relabel the files since it's turned off. kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From fedora-extras-commits at redhat.com Tue Jul 10 23:54:06 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Tue, 10 Jul 2007 19:54:06 -0400 Subject: fedora-security/audit fc6,1.220,1.221 fc7,1.36,1.37 Message-ID: <200707102354.l6ANs6iF019674@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19654 Modified Files: fc6 fc7 Log Message: Note a gimp flaw Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.220 retrieving revision 1.221 diff -u -r1.220 -r1.221 --- fc6 4 Jul 2007 17:46:02 -0000 1.220 +++ fc6 10 Jul 2007 23:54:03 -0000 1.221 @@ -195,6 +195,7 @@ CVE-2006-4561 VULNERABLE (firefox) CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6) CVE-2006-4535 version (kernel, fixed 2.6.18-rc6) +CVE-2006-4519 VULNERABLE (gimp) #247567 CVE-2006-4514 backport (libgsf) [since FEDORA-2006-1417] CVE-2006-4507 ignore (libtiff) can't reproduce CVE-2006-4486 version (php, fixed 5.1.6) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- fc7 9 Jul 2007 19:12:51 -0000 1.36 +++ fc7 10 Jul 2007 23:54:03 -0000 1.37 @@ -60,7 +60,7 @@ *CVE-2007-2869 (firefox) *CVE-2007-2868 version (seamonkey, fixed 1.0.9) *CVE-2007-2867 version (seamonkey, fixed 1.0.9) -*CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 +CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 CVE-2007-2844 ignore (php) #241641 *CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 @@ -578,6 +578,7 @@ *CVE-2006-4561 VULNERABLE (firefox) *CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6) *CVE-2006-4535 version (kernel, fixed 2.6.18-rc6) +CVE-2006-4519 VULNERABLE (gimp) #247566 *CVE-2006-4514 backport (libgsf) [since FEDORA-2006-1417] *CVE-2006-4513 version (wv, fixed 1.2.4) #212696 *CVE-2006-4513 ** (abiword) #212698 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Jul 11 00:08:01 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Tue, 10 Jul 2007 20:08:01 -0400 Subject: fedora-security/audit fc7,1.37,1.38 Message-ID: <200707110008.l6B081ue028383@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28365 Modified Files: fc7 Log Message: Sort out wireshark and the Mozilla products Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- fc7 10 Jul 2007 23:54:03 -0000 1.37 +++ fc7 11 Jul 2007 00:07:58 -0000 1.38 @@ -55,11 +55,11 @@ CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] *CVE-2007-2874 (wpa_supplicant) #242455 CVE-2007-2873 version (spamassassin, fixed 3.2.1) -*CVE-2007-2871 version (seamonkey, fixed 1.0.9) -*CVE-2007-2870 version (seamonkey, fixed 1.0.9) -*CVE-2007-2869 (firefox) -*CVE-2007-2868 version (seamonkey, fixed 1.0.9) -*CVE-2007-2867 version (seamonkey, fixed 1.0.9) +CVE-2007-2871 version (seamonkey, fixed 1.0.9) +CVE-2007-2870 version (seamonkey, fixed 1.0.9) +CVE-2007-2869 (firefox) +CVE-2007-2868 version (seamonkey, fixed 1.0.9) +CVE-2007-2867 version (seamonkey, fixed 1.0.9) CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 CVE-2007-2844 ignore (php) #241641 *CVE-2007-2843 ignore (konqueror) safari specific @@ -103,7 +103,7 @@ *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped. *CVE-2007-2241 (bind) -*CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction +CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction CVE-2007-2172 version (kernel, fixed 2.6.21-rc6) *CVE-2007-2165 VULNERABLE (proftpd) #237533 *CVE-2007-2138 (postgresql) @@ -146,9 +146,9 @@ *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 CVE-2007-1583 version (php, fixed 5.2.2) -*CVE-2007-1565 ignore (konqueror) client crash +CVE-2007-1565 ignore (konqueror) client crash *CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] -*CVE-2007-1562 (firefox, seamonkey, thunderbird) +CVE-2007-1562 (firefox, seamonkey, thunderbird) CVE-2007-1560 version (squid, fixed 2.6.STABLE12) *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) @@ -221,7 +221,7 @@ *CVE-2007-1030 (libevent) *CVE-2007-1007 (ekiga) *CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] -*CVE-2007-1004 VULNERABLE (firefox, ...) +CVE-2007-1004 VULNERABLE (firefox, ...) *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 *CVE-2007-1002 VULNERABLE (evolution) #233587 CVE-2007-1001 version (php, fixed 5.2.2) @@ -232,7 +232,7 @@ *CVE-2007-0996 version (seamonkey, fixed 1.0.8) *CVE-2007-0995 version (seamonkey, fixed 1.0.8) CVE-2007-0988 version (php, fixed 5.2.1) -*CVE-2007-0981 VULNERABLE (firefox, ...) +CVE-2007-0981 VULNERABLE (firefox, ...) *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782 @@ -281,10 +281,10 @@ *CVE-2007-0473 version (smb4k, fixed 0.8.0) *CVE-2007-0472 version (smb4k, fixed 0.8.0) *CVE-2007-0469 version (rubygems, fixed 0.9.1) -*CVE-2007-0459 VULNERABLE (wireshark, fixed 0.99.5) #227140 -*CVE-2007-0458 VULNERABLE (wireshark, fixed 0.99.5) #227140 -*CVE-2007-0457 VULNERABLE (wireshark, fixed 0.99.5) #227140 -*CVE-2007-0456 VULNERABLE (wireshark, fixed 0.99.5) #227140 +CVE-2007-0459 version (wireshark, fixed 0.99.5) #227140 +CVE-2007-0458 version (wireshark, fixed 0.99.5) #227140 +CVE-2007-0457 version (wireshark, fixed 0.99.5) #227140 +CVE-2007-0456 version (wireshark, fixed 0.99.5) #227140 *CVE-2007-0455 VULNERABLE (gd) #224610 *CVE-2007-0454 (samba) *CVE-2007-0452 (samba) @@ -417,7 +417,7 @@ *CVE-2006-6101 (xorg-x11) *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] *CVE-2006-6085 version (kile, fixed 1.9.3) #217238 -*CVE-2006-6077 VULNERABLE (firefox) +CVE-2006-6077 VULNERABLE (firefox) CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support CVE-2006-6058 VULNERABLE (kernel, fixed **) CVE-2006-6057 VULNERABLE (kernel, fixed **) @@ -448,7 +448,7 @@ CVE-2006-5794 version (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215] CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263 *CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash -*CVE-2006-5783 ignore (firefox) disputed +CVE-2006-5783 ignore (firefox) disputed *CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768 *CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5754 (kernel) @@ -456,37 +456,37 @@ *CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471] *CVE-2006-5750 (jboss) *CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2) -*CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] -*CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822 -*CVE-2006-5748 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] -*CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] -*CVE-2006-5747 version (seamonkey, fixed 1.0.6) #214822 -*CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] +CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] +CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822 +CVE-2006-5748 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] +CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] +CVE-2006-5747 version (seamonkey, fixed 1.0.6) #214822 +CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe *CVE-2006-5705 backport (wordpress, fixed 2.0.4-3) #213985 *CVE-2006-5701 VULNERABLE (kernel) squashfs is not included upstream -*CVE-2006-5633 ignore (firefox) just a client DoS +CVE-2006-5633 ignore (firefox) just a client DoS *CVE-2006-5619 version (kernel, fixed 2.6.18.2, fixed 2.6.19-rc4) [since FEDORA-2006-1223] *CVE-2006-5602 version (xsupplicant, fixed 1.2.6) *CVE-2006-5601 version (xsupplicant, fixed 1.2.8) #212700 -*CVE-2006-5595 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] +CVE-2006-5595 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] *CVE-2006-5542 version (postgresql, fixed 8.1.5) #212360 [since FEDORA-2007-053] *CVE-2006-5541 version (postgresql, fixed 8.1.5) #212360 [since FEDORA-2007-053] *CVE-2006-5540 version (postgresql, fixed 8.1.5) #212360 [since FEDORA-2007-053] -*CVE-2006-5470 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] -*CVE-2006-5469 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] -*CVE-2006-5468 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] +CVE-2006-5470 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] +CVE-2006-5469 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] +CVE-2006-5468 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] *CVE-2006-5467 backport (ruby) #212396 [since FEDORA-2006-1109] *CVE-2006-5466 VULNERABLE (rpm) #212833 CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169] -*CVE-2006-5464 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] -*CVE-2006-5464 version (seamonkey, fixed 1.0.6) #214822 -*CVE-2006-5464 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] -*CVE-2006-5463 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] -*CVE-2006-5463 version (seamonkey, fixed 1.0.6) #214822 -*CVE-2006-5463 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] -*CVE-2006-5462 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] -*CVE-2006-5462 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] +CVE-2006-5464 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] +CVE-2006-5464 version (seamonkey, fixed 1.0.6) #214822 +CVE-2006-5464 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] +CVE-2006-5463 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] +CVE-2006-5463 version (seamonkey, fixed 1.0.6) #214822 +CVE-2006-5463 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] +CVE-2006-5462 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] +CVE-2006-5462 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] *CVE-2006-5461 VULNERABLE (avahi, fixed 0.6.15) *CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285] *CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355 @@ -510,8 +510,8 @@ *CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only *CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield *CVE-2006-5170 VULNERABLE (nss_ldap, fixed 183) -*CVE-2006-5160 ignore (firefox) unverified -*CVE-2006-5159 ignore (firefox) unverified +CVE-2006-5160 ignore (firefox) unverified +CVE-2006-5159 ignore (firefox) unverified *CVE-2006-5158 version (kernel, fixed 2.6.15) *CVE-2006-5129 version (moodle, fixed 1.6.3) #206516 *CVE-2006-5111 version (libksba, fixed 0.9.14) @@ -543,7 +543,7 @@ *CVE-2006-4808 patch (imlib2, fixed 1.3.0-3) #214676 *CVE-2006-4807 patch (imlib2, fixed 1.3.0-3) #214676 *CVE-2006-4806 patch (imlib2, fixed 1.3.0-3) #214676 -*CVE-2006-4805 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] +CVE-2006-4805 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] *CVE-2006-4790 backport (gnutls, fixed 1.4.4) *CVE-2006-4786 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4785 version (moodle, fixed 1.6.3) #206516 @@ -556,26 +556,26 @@ *CVE-2006-4624 version (mailman, fixed 2.1.9rc1) *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) *CVE-2006-4600 version (openldap, fixed 2.3.25) -*CVE-2006-4574 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] +CVE-2006-4574 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] *CVE-2006-4573 VULNERABLE (screen) #212057 *CVE-2006-4572 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] -*CVE-2006-4571 version (thunderbird, fixed 1.5.0.7) -*CVE-2006-4571 version (seamonkey, fixed 1.0.5) #209167 -*CVE-2006-4571 version (firefox, fixed 1.5.0.7) -*CVE-2006-4570 version (thunderbird, fixed 1.5.0.7) -*CVE-2006-4570 version (seamonkey, fixed 1.0.5) #209167 -*CVE-2006-4569 version (firefox, fixed 1.5.0.7) -*CVE-2006-4568 version (seamonkey, fixed 1.0.5) #209167 -*CVE-2006-4568 version (firefox, fixed 1.5.0.7) -*CVE-2006-4567 version (thunderbird, fixed 1.5.0.7) -*CVE-2006-4567 version (firefox, fixed 1.5.0.7) -*CVE-2006-4566 version (thunderbird, fixed 1.5.0.7) -*CVE-2006-4566 version (seamonkey, fixed 1.0.5) #209167 -*CVE-2006-4566 version (firefox, fixed 1.5.0.7) -*CVE-2006-4565 version (thunderbird, fixed 1.5.0.7) -*CVE-2006-4565 version (seamonkey, fixed 1.0.5) #209167 -*CVE-2006-4565 version (firefox, fixed 1.5.0.7) -*CVE-2006-4561 VULNERABLE (firefox) +CVE-2006-4571 version (thunderbird, fixed 1.5.0.7) +CVE-2006-4571 version (seamonkey, fixed 1.0.5) #209167 +CVE-2006-4571 version (firefox, fixed 1.5.0.7) +CVE-2006-4570 version (thunderbird, fixed 1.5.0.7) +CVE-2006-4570 version (seamonkey, fixed 1.0.5) #209167 +CVE-2006-4569 version (firefox, fixed 1.5.0.7) +CVE-2006-4568 version (seamonkey, fixed 1.0.5) #209167 +CVE-2006-4568 version (firefox, fixed 1.5.0.7) +CVE-2006-4567 version (thunderbird, fixed 1.5.0.7) +CVE-2006-4567 version (firefox, fixed 1.5.0.7) +CVE-2006-4566 version (thunderbird, fixed 1.5.0.7) +CVE-2006-4566 version (seamonkey, fixed 1.0.5) #209167 +CVE-2006-4566 version (firefox, fixed 1.5.0.7) +CVE-2006-4565 version (thunderbird, fixed 1.5.0.7) +CVE-2006-4565 version (seamonkey, fixed 1.0.5) #209167 +CVE-2006-4565 version (firefox, fixed 1.5.0.7) +CVE-2006-4561 VULNERABLE (firefox) *CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6) *CVE-2006-4535 version (kernel, fixed 2.6.18-rc6) CVE-2006-4519 VULNERABLE (gimp) #247566 @@ -607,16 +607,16 @@ *CVE-2006-4336 backport (gzip) *CVE-2006-4335 backport (gzip) lha still VULNERABLE to the same flaw *CVE-2006-4334 backport (gzip) -*CVE-2006-4333 version (wireshark, fixed 0.99.3) -*CVE-2006-4332 version (wireshark, fixed 0.99.3) -*CVE-2006-4331 version (wireshark, fixed 0.99.3) -*CVE-2006-4330 version (wireshark, fixed 0.99.3) -*CVE-2006-4310 ignore (firefox) crash only +CVE-2006-4333 version (wireshark, fixed 0.99.3) +CVE-2006-4332 version (wireshark, fixed 0.99.3) +CVE-2006-4331 version (wireshark, fixed 0.99.3) +CVE-2006-4330 version (wireshark, fixed 0.99.3) +CVE-2006-4310 ignore (firefox) crash only *CVE-2006-4262 backport (cscope) -*CVE-2006-4261 (firefox) -*CVE-2006-4253 version (thunderbird, fixed 1.5.0.7) -*CVE-2006-4253 version (seamonkey, fixed 1.0.5) #209167 -*CVE-2006-4253 version (firefox, fixed 1.5.0.7) +CVE-2006-4261 (firefox) +CVE-2006-4253 version (thunderbird, fixed 1.5.0.7) +CVE-2006-4253 version (seamonkey, fixed 1.0.5) #209167 +CVE-2006-4253 version (firefox, fixed 1.5.0.7) *CVE-2006-4249 patch (plone, fixed 2.5.1-3) #213983 *CVE-2006-4248 ignore (thttpd, Debian specific issue) *CVE-2006-4247 patch (plone, fixed 2.5-4) #209163 @@ -644,42 +644,42 @@ *CVE-2006-3816 version (krusader, fixed 1.70.1) #200323 *CVE-2006-3815 version (heartbeat, fixed 2.0.6) *CVE-2006-3813 version (perl) only Red Hat Enterprise Linux affected -*CVE-2006-3812 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3812 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3812 version (firefox, fixed 1.5.0.5) -*CVE-2006-3811 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3811 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3811 version (firefox, fixed 1.5.0.5) -*CVE-2006-3810 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3810 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3810 version (firefox, fixed 1.5.0.5) -*CVE-2006-3809 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3809 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3809 version (firefox, fixed 1.5.0.5) -*CVE-2006-3808 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3808 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3808 version (firefox, fixed 1.5.0.5) -*CVE-2006-3807 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3807 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3807 version (firefox, fixed 1.5.0.5) -*CVE-2006-3806 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3806 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3806 version (firefox, fixed 1.5.0.5) -*CVE-2006-3805 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3805 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3805 version (firefox, fixed 1.5.0.5) -*CVE-2006-3804 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3804 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3804 version (firefox, fixed 1.5.0.5) -*CVE-2006-3803 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3803 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3803 version (firefox, fixed 1.5.0.5) -*CVE-2006-3802 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3802 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3802 version (firefox, fixed 1.5.0.5) -*CVE-2006-3801 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3801 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3801 version (firefox, fixed 1.5.0.5) +CVE-2006-3812 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3812 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3812 version (firefox, fixed 1.5.0.5) +CVE-2006-3811 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3811 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3811 version (firefox, fixed 1.5.0.5) +CVE-2006-3810 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3810 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3810 version (firefox, fixed 1.5.0.5) +CVE-2006-3809 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3809 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3809 version (firefox, fixed 1.5.0.5) +CVE-2006-3808 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3808 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3808 version (firefox, fixed 1.5.0.5) +CVE-2006-3807 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3807 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3807 version (firefox, fixed 1.5.0.5) +CVE-2006-3806 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3806 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3806 version (firefox, fixed 1.5.0.5) +CVE-2006-3805 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3805 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3805 version (firefox, fixed 1.5.0.5) +CVE-2006-3804 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3804 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3804 version (firefox, fixed 1.5.0.5) +CVE-2006-3803 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3803 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3803 version (firefox, fixed 1.5.0.5) +CVE-2006-3802 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3802 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3802 version (firefox, fixed 1.5.0.5) +CVE-2006-3801 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3801 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3801 version (firefox, fixed 1.5.0.5) *CVE-2006-3747 version (httpd, fixed 2.2.3) *CVE-2006-3746 version (gnupg, fixed 1.4.5) *CVE-2006-3745 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) @@ -691,22 +691,22 @@ *CVE-2006-3739 version (libXfont, fixed 1.2.2) *CVE-2006-3738 backport (openssl, fixed 0.9.8d) *CVE-2006-3733 ignore (jboss) cisco only -*CVE-2006-3731 ignore (firefox) just a user complicit crash +CVE-2006-3731 ignore (firefox) just a user complicit crash *CVE-2006-3694 version (ruby, fixed 1.8.5) -*CVE-2006-3677 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3677 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3677 version (firefox, fixed 1.5.0.5) -*CVE-2006-3672 ignore (konqueror) just a crash +CVE-2006-3677 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3677 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3677 version (firefox, fixed 1.5.0.5) +CVE-2006-3672 ignore (konqueror) just a crash *CVE-2006-3668 patch (dumb, fixed 0.9.3-4) #200370 *CVE-2006-3665 ignore (squirrelmail) don't enable register_globals! *CVE-2006-3636 version (mailman, fixed 2.1.9) *CVE-2006-3634 ignore (kernel, fixed 2.6.17.8) s390 only -*CVE-2006-3632 version (wireshark, fixed 0.99.2) -*CVE-2006-3631 version (wireshark, fixed 0.99.2) -*CVE-2006-3630 version (wireshark, fixed 0.99.2) -*CVE-2006-3629 version (wireshark, fixed 0.99.2) -*CVE-2006-3628 version (wireshark, fixed 0.99.2) -*CVE-2006-3627 version (wireshark, fixed 0.99.2) +CVE-2006-3632 version (wireshark, fixed 0.99.2) +CVE-2006-3631 version (wireshark, fixed 0.99.2) +CVE-2006-3630 version (wireshark, fixed 0.99.2) +CVE-2006-3629 version (wireshark, fixed 0.99.2) +CVE-2006-3628 version (wireshark, fixed 0.99.2) +CVE-2006-3627 version (wireshark, fixed 0.99.2) *CVE-2006-3626 version (kernel, fixed 2.6.17.6) *CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least) CVE-2006-3587 ignore, no-ship (flash-plugin) @@ -731,7 +731,7 @@ *CVE-2006-3390 ignore (wordpress, not an issue) #198107 *CVE-2006-3378 ignore (shadow-utils) we don't ship passwd from shadow-utils *CVE-2006-3376 backport (libwmf) from changelog -*CVE-2006-3352 ignore (firefox) not a vulnerability +CVE-2006-3352 ignore (firefox) not a vulnerability *CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable CVE-2006-3311 ignore, no-ship (flash-plugin) *CVE-2006-3276 (helixplayer) @@ -744,10 +744,10 @@ *CVE-2006-3121 version (heartbeat, fixed 2.0.7) *CVE-2006-3119 patch (fbida, fixed 2.0.3-12) #200321 *CVE-2006-3117 version (openoffice.org, fixed 2.0.3) -*CVE-2006-3113 version (thunderbird, fixed 1.5.0.5) -*CVE-2006-3113 version (seamonkey, fixed 1.0.4) #200455 -*CVE-2006-3113 version (firefox, fixed 1.5.0.5) -*CVE-2006-3093 ignore (acroread) windows only +CVE-2006-3113 version (thunderbird, fixed 1.5.0.5) +CVE-2006-3113 version (seamonkey, fixed 1.0.4) #200455 +CVE-2006-3113 version (firefox, fixed 1.5.0.5) +CVE-2006-3093 ignore (acroread) windows only *CVE-2006-3085 version (kernel, fixed 2.6.17.1) CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) @@ -771,45 +771,45 @@ *CVE-2006-2920 version (sylpheed-claws, fixed 2.2.2) *CVE-2006-2916 ignore (arts) not shipped setuid *CVE-2006-2906 backport (gd) from changelog -*CVE-2006-2894 VULNERABLE (seamonkey) #194511 -*CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236 -*CVE-2006-2842 version (squirrelmail, fixed 1.4.6) -*CVE-2006-2789 version (evolution, fixed 2.4.X) -*CVE-2006-2788 version (firefox, fixed 1.5.0.4) -*CVE-2006-2787 version (thunderbird, fixed 1.5.0.4) -*CVE-2006-2787 version (firefox, fixed 1.5.0.4) -*CVE-2006-2786 version (thunderbird, fixed 1.5.0.4) -*CVE-2006-2786 version (firefox, fixed 1.5.0.4) -*CVE-2006-2785 version (firefox, fixed 1.5.0.4) -*CVE-2006-2784 version (firefox, fixed 1.5.0.4) -*CVE-2006-2783 version (thunderbird, fixed 1.5.0.4) -*CVE-2006-2783 version (firefox, fixed 1.5.0.4) -*CVE-2006-2782 version (firefox, fixed 1.5.0.4) -*CVE-2006-2781 version (thunderbird, fixed 1.5.0.4) -*CVE-2006-2781 version (seamonkey, fixed 1.0.2-1) #193963 -*CVE-2006-2780 version (thunderbird, fixed 1.5.0.4) -*CVE-2006-2780 version (firefox, fixed 1.5.0.4) -*CVE-2006-2779 version (thunderbird, fixed 1.5.0.4) -*CVE-2006-2779 version (firefox, fixed 1.5.0.4) -*CVE-2006-2778 version (thunderbird, fixed 1.5.0.4) -*CVE-2006-2778 version (firefox, fixed 1.5.0.4) -*CVE-2006-2777 version (seamonkey, fixed 1.0.2-1) #193962 -*CVE-2006-2777 version (firefox, fixed 1.5.0.4) -*CVE-2006-2776 version (thunderbird, fixed 1.5.0.4) -*CVE-2006-2776 version (firefox, fixed 1.5.0.4) -*CVE-2006-2775 version (thunderbird, fixed 1.5.0.4) -*CVE-2006-2775 version (firefox, fixed 1.5.0.4) +CVE-2006-2894 VULNERABLE (seamonkey) #194511 +CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236 +CVE-2006-2842 version (squirrelmail, fixed 1.4.6) +CVE-2006-2789 version (evolution, fixed 2.4.X) +CVE-2006-2788 version (firefox, fixed 1.5.0.4) +CVE-2006-2787 version (thunderbird, fixed 1.5.0.4) +CVE-2006-2787 version (firefox, fixed 1.5.0.4) +CVE-2006-2786 version (thunderbird, fixed 1.5.0.4) +CVE-2006-2786 version (firefox, fixed 1.5.0.4) +CVE-2006-2785 version (firefox, fixed 1.5.0.4) +CVE-2006-2784 version (firefox, fixed 1.5.0.4) +CVE-2006-2783 version (thunderbird, fixed 1.5.0.4) +CVE-2006-2783 version (firefox, fixed 1.5.0.4) +CVE-2006-2782 version (firefox, fixed 1.5.0.4) +CVE-2006-2781 version (thunderbird, fixed 1.5.0.4) +CVE-2006-2781 version (seamonkey, fixed 1.0.2-1) #193963 +CVE-2006-2780 version (thunderbird, fixed 1.5.0.4) +CVE-2006-2780 version (firefox, fixed 1.5.0.4) +CVE-2006-2779 version (thunderbird, fixed 1.5.0.4) +CVE-2006-2779 version (firefox, fixed 1.5.0.4) +CVE-2006-2778 version (thunderbird, fixed 1.5.0.4) +CVE-2006-2778 version (firefox, fixed 1.5.0.4) +CVE-2006-2777 version (seamonkey, fixed 1.0.2-1) #193962 +CVE-2006-2777 version (firefox, fixed 1.5.0.4) +CVE-2006-2776 version (thunderbird, fixed 1.5.0.4) +CVE-2006-2776 version (firefox, fixed 1.5.0.4) +CVE-2006-2775 version (thunderbird, fixed 1.5.0.4) +CVE-2006-2775 version (firefox, fixed 1.5.0.4) *CVE-2006-2769 patch (snort, fixed 2.4.4-4) #193809 *CVE-2006-2754 ignore (openldap) This issue is not exploitable *CVE-2006-2753 version (mysql, fixed 5.0.22) -*CVE-2006-2723 ignore (firefox) disputed -*CVE-2006-2661 version (freetype, fixed 2.2.1) +CVE-2006-2723 ignore (firefox) disputed +CVE-2006-2661 version (freetype, fixed 2.2.1) CVE-2006-2660 ignore (php) see #195539 *CVE-2006-2658 version (xsp, fixed 1.1.14) #206510 CVE-2006-2657 (php) DUPE CVE-2006-3017 *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch -*CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC -*CVE-2006-2613 ignore (firefox) This isn't an issue on FC +CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC +CVE-2006-2613 ignore (firefox) This isn't an issue on FC CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_48-security.patch *CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983 CVE-2006-2563 ignore (php) safe mode isn't safe @@ -833,7 +833,7 @@ *CVE-2006-2369 version (vnc, fixed 4.1.2) *CVE-2006-2366 ignore (openobex) we don't ship ircp *CVE-2006-2362 ignore (binutils) minor crash (not exploitable) -*CVE-2006-2332 ignore (firefox) disputed +CVE-2006-2332 ignore (firefox) disputed *CVE-2006-2314 version (postgresql, fixed 8.1.4) *CVE-2006-2313 version (postgresql, fixed 8.1.4) *CVE-2006-2276 version (quagga, fixed 0.98.6) @@ -858,27 +858,27 @@ CVE-2006-2083 version (rsync, fixed 2.6.8) CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP *CVE-2006-2071 version (kernel, fixed 2.6.16.6) -*CVE-2006-2057 ignore (firefox) not Linux -*CVE-2006-2026 version (libtiff, fixed 3.8.1) -*CVE-2006-2025 version (libtiff, fixed 3.8.1) -*CVE-2006-2024 version (libtiff, fixed 3.8.1) -*CVE-2006-2017 version (dnsmasq, fixed 2.30) +CVE-2006-2057 ignore (firefox) not Linux +CVE-2006-2026 version (libtiff, fixed 3.8.1) +CVE-2006-2025 version (libtiff, fixed 3.8.1) +CVE-2006-2024 version (libtiff, fixed 3.8.1) +CVE-2006-2017 version (dnsmasq, fixed 2.30) CVE-2006-2016 version (phpldapadmin, fixed 0.9.8.1) -*CVE-2006-1993 version (firefox, fixed 1.5.0.3) +CVE-2006-1993 version (firefox, fixed 1.5.0.3) CVE-2006-1991 version (php, fixed 5.1.3) CVE-2006-1990 version (php, fixed 5.1.3) CVE-2006-1989 version (clamav, fixed 0.88.2) *CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch -*CVE-2006-1942 version (firefox, fixed 1.5.0.4) -*CVE-2006-1940 version (wireshark, fixed 0.99.0) -*CVE-2006-1939 version (wireshark, fixed 0.99.0) -*CVE-2006-1938 version (wireshark, fixed 0.99.0) -*CVE-2006-1937 version (wireshark, fixed 0.99.0) -*CVE-2006-1936 version (wireshark, fixed 0.99.0) -*CVE-2006-1935 version (wireshark, fixed 0.99.0) -*CVE-2006-1934 version (wireshark, fixed 0.99.0) -*CVE-2006-1933 version (wireshark, fixed 0.99.0) -*CVE-2006-1932 version (wireshark, fixed 0.99.0) +CVE-2006-1942 version (firefox, fixed 1.5.0.4) +CVE-2006-1940 version (wireshark, fixed 0.99.0) +CVE-2006-1939 version (wireshark, fixed 0.99.0) +CVE-2006-1938 version (wireshark, fixed 0.99.0) +CVE-2006-1937 version (wireshark, fixed 0.99.0) +CVE-2006-1936 version (wireshark, fixed 0.99.0) +CVE-2006-1935 version (wireshark, fixed 0.99.0) +CVE-2006-1934 version (wireshark, fixed 0.99.0) +CVE-2006-1933 version (wireshark, fixed 0.99.0) +CVE-2006-1932 version (wireshark, fixed 0.99.0) *CVE-2006-1931 version (ruby, fixed 1.8.3) *CVE-2006-1902 ignore (gcc) not a vulnerability *CVE-2006-1900 version (amaya, fixed 9.5) bz#190324 @@ -893,70 +893,70 @@ *CVE-2006-1857 version (kernel, fixed 2.6.16.17) *CVE-2006-1856 version (kernel, fixed 2.6.16.12) *CVE-2006-1855 version (kernel, fixed 2.6.11.12) -*CVE-2006-1790 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1790 version (firefox, fixed 1.5.0.2) -*CVE-2006-1742 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1742 version (seamonkey, fixed 1.0) -*CVE-2006-1742 version (firefox, fixed 1.5.0.2) -*CVE-2006-1741 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1741 version (seamonkey, fixed 1.0) -*CVE-2006-1741 version (firefox, fixed 1.5.0.2) -*CVE-2006-1740 version (seamonkey, fixed 1.0) -*CVE-2006-1740 version (firefox, fixed 1.5.0.2) -*CVE-2006-1739 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1739 version (seamonkey, fixed 1.0) -*CVE-2006-1739 version (firefox, fixed 1.5.0.2) -*CVE-2006-1738 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1738 version (seamonkey, fixed 1.0) -*CVE-2006-1738 version (firefox, fixed 1.5.0.2) -*CVE-2006-1737 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1737 version (seamonkey, fixed 1.0) -*CVE-2006-1737 version (firefox, fixed 1.5.0.2) -*CVE-2006-1736 version (seamonkey, fixed 1.0) -*CVE-2006-1736 version (firefox, fixed 1.5.0.2) -*CVE-2006-1735 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1735 version (seamonkey, fixed 1.0) -*CVE-2006-1735 version (firefox, fixed 1.5.0.2) -*CVE-2006-1734 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1734 version (seamonkey, fixed 1.0) -*CVE-2006-1734 version (firefox, fixed 1.5.0.2) -*CVE-2006-1733 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1733 version (seamonkey, fixed 1.0) -*CVE-2006-1733 version (firefox, fixed 1.5.0.2) -*CVE-2006-1732 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1732 version (seamonkey, fixed 1.0) -*CVE-2006-1732 version (firefox, fixed 1.5.0.2) -*CVE-2006-1731 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1731 version (seamonkey, fixed 1.0) -*CVE-2006-1731 version (firefox, fixed 1.5.0.2) -*CVE-2006-1730 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1730 version (seamonkey, fixed 1.0.1) -*CVE-2006-1730 version (firefox, fixed 1.5.0.2) -*CVE-2006-1729 version (seamonkey, fixed 1.0.1) -*CVE-2006-1729 version (firefox, fixed 1.5.0.2) -*CVE-2006-1728 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1728 version (seamonkey, fixed 1.0.1) -*CVE-2006-1728 version (firefox, fixed 1.5.0.2) -*CVE-2006-1727 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1727 version (seamonkey, fixed 1.0.1) -*CVE-2006-1727 version (firefox, fixed 1.5.0.2) -*CVE-2006-1726 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1726 version (seamonkey, fixed 1.0.1) -*CVE-2006-1726 version (firefox, fixed 1.5.0.2) -*CVE-2006-1725 version (seamonkey, fixed 1.0.1) -*CVE-2006-1725 version (firefox, fixed 1.5.0.2) -*CVE-2006-1724 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1724 version (seamonkey, fixed 1.0.1) -*CVE-2006-1724 version (firefox, fixed 1.5.0.2) -*CVE-2006-1723 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1723 version (seamonkey, fixed 1.0.1) -*CVE-2006-1723 version (firefox, fixed 1.5.0.2) +CVE-2006-1790 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1790 version (firefox, fixed 1.5.0.2) +CVE-2006-1742 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1742 version (seamonkey, fixed 1.0) +CVE-2006-1742 version (firefox, fixed 1.5.0.2) +CVE-2006-1741 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1741 version (seamonkey, fixed 1.0) +CVE-2006-1741 version (firefox, fixed 1.5.0.2) +CVE-2006-1740 version (seamonkey, fixed 1.0) +CVE-2006-1740 version (firefox, fixed 1.5.0.2) +CVE-2006-1739 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1739 version (seamonkey, fixed 1.0) +CVE-2006-1739 version (firefox, fixed 1.5.0.2) +CVE-2006-1738 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1738 version (seamonkey, fixed 1.0) +CVE-2006-1738 version (firefox, fixed 1.5.0.2) +CVE-2006-1737 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1737 version (seamonkey, fixed 1.0) +CVE-2006-1737 version (firefox, fixed 1.5.0.2) +CVE-2006-1736 version (seamonkey, fixed 1.0) +CVE-2006-1736 version (firefox, fixed 1.5.0.2) +CVE-2006-1735 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1735 version (seamonkey, fixed 1.0) +CVE-2006-1735 version (firefox, fixed 1.5.0.2) +CVE-2006-1734 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1734 version (seamonkey, fixed 1.0) +CVE-2006-1734 version (firefox, fixed 1.5.0.2) +CVE-2006-1733 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1733 version (seamonkey, fixed 1.0) +CVE-2006-1733 version (firefox, fixed 1.5.0.2) +CVE-2006-1732 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1732 version (seamonkey, fixed 1.0) +CVE-2006-1732 version (firefox, fixed 1.5.0.2) +CVE-2006-1731 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1731 version (seamonkey, fixed 1.0) +CVE-2006-1731 version (firefox, fixed 1.5.0.2) +CVE-2006-1730 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1730 version (seamonkey, fixed 1.0.1) +CVE-2006-1730 version (firefox, fixed 1.5.0.2) +CVE-2006-1729 version (seamonkey, fixed 1.0.1) +CVE-2006-1729 version (firefox, fixed 1.5.0.2) +CVE-2006-1728 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1728 version (seamonkey, fixed 1.0.1) +CVE-2006-1728 version (firefox, fixed 1.5.0.2) +CVE-2006-1727 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1727 version (seamonkey, fixed 1.0.1) +CVE-2006-1727 version (firefox, fixed 1.5.0.2) +CVE-2006-1726 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1726 version (seamonkey, fixed 1.0.1) +CVE-2006-1726 version (firefox, fixed 1.5.0.2) +CVE-2006-1725 version (seamonkey, fixed 1.0.1) +CVE-2006-1725 version (firefox, fixed 1.5.0.2) +CVE-2006-1724 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1724 version (seamonkey, fixed 1.0.1) +CVE-2006-1724 version (firefox, fixed 1.5.0.2) +CVE-2006-1723 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1723 version (seamonkey, fixed 1.0.1) +CVE-2006-1723 version (firefox, fixed 1.5.0.2) *CVE-2006-1721 version (cyrus-sasl, fixed 2.1.21) *CVE-2006-1712 version (mailman, only 2.1.7) *CVE-2006-1711 version (plone, fixed 2.1.2) bz#188886 *CVE-2006-1695 patch (fbida, fixed 2.03-11) bz#189721 *CVE-2006-1656 version (util-vserver, fixed 0.30.210) -*CVE-2006-1650 ignore (firefox) a number of reports don't confirm this +CVE-2006-1650 ignore (firefox) a number of reports don't confirm this *CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 *CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050 @@ -972,18 +972,18 @@ *CVE-2006-1547 version (struts, fixed 1.2.9) *CVE-2006-1546 version (struts, fixed 1.2.9) *CVE-2006-1542 backport (python) python-2.4.1-canonicalize.patch -*CVE-2006-1539 ignore (bsd-games, Gentoo-specific problem) -*CVE-2006-1531 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1531 version (seamonkey, fixed 1.0.1) -*CVE-2006-1531 version (firefox, fixed 1.5.0.2) -*CVE-2006-1530 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1530 version (seamonkey, fixed 1.0.1) -*CVE-2006-1530 version (firefox, fixed 1.5.0.2) -*CVE-2006-1529 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1529 version (seamonkey, fixed 1.0.1) -*CVE-2006-1529 version (firefox, fixed 1.5.0.2) -*CVE-2006-1528 version (kernel, fixed 2.6.13) -*CVE-2006-1527 version (kernel, fixed 2.6.17) +CVE-2006-1539 ignore (bsd-games, Gentoo-specific problem) +CVE-2006-1531 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1531 version (seamonkey, fixed 1.0.1) +CVE-2006-1531 version (firefox, fixed 1.5.0.2) +CVE-2006-1530 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1530 version (seamonkey, fixed 1.0.1) +CVE-2006-1530 version (firefox, fixed 1.5.0.2) +CVE-2006-1529 version (thunderbird, fixed 1.5.0.2) +CVE-2006-1529 version (seamonkey, fixed 1.0.1) +CVE-2006-1529 version (firefox, fixed 1.5.0.2) +CVE-2006-1528 version (kernel, fixed 2.6.13) +CVE-2006-1527 version (kernel, fixed 2.6.17) *CVE-2006-1526 version (xorg-x11-server, fixed 1.1.1 at least) *CVE-2006-1525 version (kernel, fixed 2.6.16.8) *CVE-2006-1524 version (kernel, fixed 2.6.16.7) @@ -1005,7 +1005,7 @@ *CVE-2006-1335 version (gnome-screensaver, fixed 2.14) *CVE-2006-1329 version (jabberd, fixed 2.0s11) *CVE-2006-1296 version (beagle, fixed 0.2.4) -*CVE-2006-1273 ignore (firefox) this issue only affects IE +CVE-2006-1273 ignore (firefox) this issue only affects IE *CVE-2006-1269 patch (zoo, fixed 2.10-7) bz#183109 *CVE-2006-1251 ignore (exim-sa, configuration not vulnerable) bz#191082 *CVE-2006-1242 version (kernel, fixed 2.6.16.1) @@ -1043,14 +1043,14 @@ *CVE-2006-0814 ignore (lighttpd, Windows-specific problem) *CVE-2006-0804 ignore (tin, <= 1.8.0 not shipped) *CVE-2006-0760 version (lighttpd, fixed 1.4.10) -*CVE-2006-0749 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-0749 version (seamonkey, fixed 1.0) -*CVE-2006-0749 version (firefox, fixed 1.5.0.2) -*CVE-2006-0748 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-0748 version (seamonkey, fixed 1.0.1) -*CVE-2006-0748 version (firefox, fixed 1.5.0.2) -*CVE-2006-0747 version (freetype, fixed 2.2.1) -*CVE-2006-0746 version (kdegraphics, fixed 3.4) +CVE-2006-0749 version (thunderbird, fixed 1.5.0.2) +CVE-2006-0749 version (seamonkey, fixed 1.0) +CVE-2006-0749 version (firefox, fixed 1.5.0.2) +CVE-2006-0748 version (thunderbird, fixed 1.5.0.2) +CVE-2006-0748 version (seamonkey, fixed 1.0.1) +CVE-2006-0748 version (firefox, fixed 1.5.0.2) +CVE-2006-0747 version (freetype, fixed 2.2.1) +CVE-2006-0746 version (kdegraphics, fixed 3.4) *CVE-2006-0745 version (xorg-x11-server, fixed 1.1.1 at least) *CVE-2006-0744 version (kernel, fixed 2.6.16.5) *CVE-2006-0743 (log4net) @@ -1072,7 +1072,7 @@ *CVE-2006-0554 version (kernel, fixed 2.6.16) *CVE-2006-0553 version (postgresql, only 8.1, fixed 8.1.3) *CVE-2006-0528 version (cairo, fixed 1.0.4) -*CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253 +CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253 *CVE-2006-0482 ignore (kernel) sparc only *CVE-2006-0481 version (libpng, 1.2.7 only) *CVE-2006-0459 version (flex) by inspection @@ -1093,30 +1093,30 @@ *CVE-2006-0301 version (poppler, fixed 0.4.5) *CVE-2006-0301 version (kdegraphics, fixed 3.5.2) *CVE-2006-0300 version (tar, fixed 1.15.90 at least) -*CVE-2006-0299 version (thunderbird, fixed 1.5) -*CVE-2006-0299 version (seamonkey, fixed 1.0) -*CVE-2006-0299 version (firefox, fixed 1.5.0.1) -*CVE-2006-0298 version (thunderbird, fixed 1.5) -*CVE-2006-0298 version (seamonkey, fixed 1.0) -*CVE-2006-0298 version (firefox, fixed 1.5.0.1) -*CVE-2006-0297 version (thunderbird, fixed 1.5) -*CVE-2006-0297 version (seamonkey, fixed 1.0) -*CVE-2006-0297 version (firefox, fixed 1.5.0.1) -*CVE-2006-0296 version (thunderbird, fixed 1.5) -*CVE-2006-0296 version (seamonkey, fixed 1.0) -*CVE-2006-0296 version (firefox, fixed 1.5.0.1) -*CVE-2006-0295 version (thunderbird, fixed 1.5) -*CVE-2006-0295 version (seamonkey, fixed 1.0) -*CVE-2006-0295 version (firefox, fixed 1.5.0.1) -*CVE-2006-0294 version (thunderbird, fixed 1.5) -*CVE-2006-0294 version (seamonkey, fixed 1.0) -*CVE-2006-0294 version (firefox, fixed 1.5.0.1) -*CVE-2006-0293 version (thunderbird, fixed 1.5) -*CVE-2006-0293 version (firefox, fixed 1.5.0.1) -*CVE-2006-0292 version (thunderbird, fixed 1.5) -*CVE-2006-0292 version (firefox, fixed 1.5.1) +CVE-2006-0299 version (thunderbird, fixed 1.5) +CVE-2006-0299 version (seamonkey, fixed 1.0) +CVE-2006-0299 version (firefox, fixed 1.5.0.1) +CVE-2006-0298 version (thunderbird, fixed 1.5) +CVE-2006-0298 version (seamonkey, fixed 1.0) +CVE-2006-0298 version (firefox, fixed 1.5.0.1) +CVE-2006-0297 version (thunderbird, fixed 1.5) +CVE-2006-0297 version (seamonkey, fixed 1.0) +CVE-2006-0297 version (firefox, fixed 1.5.0.1) +CVE-2006-0296 version (thunderbird, fixed 1.5) +CVE-2006-0296 version (seamonkey, fixed 1.0) +CVE-2006-0296 version (firefox, fixed 1.5.0.1) +CVE-2006-0295 version (thunderbird, fixed 1.5) +CVE-2006-0295 version (seamonkey, fixed 1.0) +CVE-2006-0295 version (firefox, fixed 1.5.0.1) +CVE-2006-0294 version (thunderbird, fixed 1.5) +CVE-2006-0294 version (seamonkey, fixed 1.0) +CVE-2006-0294 version (firefox, fixed 1.5.0.1) +CVE-2006-0293 version (thunderbird, fixed 1.5) +CVE-2006-0293 version (firefox, fixed 1.5.0.1) +CVE-2006-0292 version (thunderbird, fixed 1.5) +CVE-2006-0292 version (firefox, fixed 1.5.1) *CVE-2006-0254 version (tomcat5, fixed 5.5.16) -*CVE-2006-0236 ignore (thunderbird) windows only +CVE-2006-0236 ignore (thunderbird) windows only CVE-2006-0225 version (openssh, fixed 4.3p2) #168167 CVE-2006-0208 version (php, fixed 5.1.2) CVE-2006-0207 version (php, fixed 5.1.2) @@ -1154,7 +1154,7 @@ CVE-2005-4837 version (net-snmp, fixed 5.2.2) *CVE-2005-4836 (tomcat) *CVE-2005-4811 version (kernel, fixed 2.6.13) -*CVE-2005-4809 VULNERABLE (firefox) +CVE-2005-4809 VULNERABLE (firefox) *CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug *CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug *CVE-2005-4803 version (graphviz, fixed 2.2.1) @@ -1163,11 +1163,11 @@ *CVE-2005-4746 version (freeradius, fixed 1.0.5) *CVE-2005-4745 version (freeradius, fixed 1.0.5) *CVE-2005-4744 version (freeradius, fixed 1.0.5) -*CVE-2005-4720 version (thunderbird, fixed 1.5) -*CVE-2005-4720 version (firefox, fixed 1.5) +CVE-2005-4720 version (thunderbird, fixed 1.5) +CVE-2005-4720 version (firefox, fixed 1.5) *CVE-2005-4703 ignore (tomcat) windows only -*CVE-2005-4685 ignore (firefox) not fixed upstream, low, can't fix -*CVE-2005-4684 ignore (kdebase) not fixed upstream, low, can't fix +CVE-2005-4685 ignore (firefox) not fixed upstream, low, can't fix +CVE-2005-4684 ignore (kdebase) not fixed upstream, low, can't fix *CVE-2005-4667 backport (unzip) changelog *CVE-2005-4639 version (kernel, fixed 2.6.15) *CVE-2005-4636 version (openoffice.org, fixed 2.0.1) @@ -1175,7 +1175,7 @@ *CVE-2005-4618 version (kernel, fixed 2.6.15) *CVE-2005-4605 version (kernel, fixed 2.6.15) *CVE-2005-4601 (ImageMagick) -*CVE-2005-4585 version (wireshark, fixed 0.10.14) +CVE-2005-4585 version (wireshark, fixed 0.10.14) *CVE-2005-4442 version (openldap) gentoo only *CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471] *CVE-2005-4348 version (fetchmail, fixed 6.3.1) @@ -1183,13 +1183,13 @@ CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment CVE-2005-4154 ignore (php) don't install untrusted pear packages *CVE-2005-4153 version (mailman) -*CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html +CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html *CVE-2005-4130 (helixplayer) *CVE-2005-4126 (helixplayer) *CVE-2005-4077 version (curl, fixed 7.15.1) *CVE-2005-3964 (openmotif) *CVE-2005-3962 version (perl, fixed 5.8.8) -*CVE-2005-3896 (firefox,seamonkey,thunderbird) +CVE-2005-3896 (firefox,seamonkey,thunderbird) *CVE-2005-3891 (pidgin) *CVE-2005-3890 (pidgin) *CVE-2005-3889 (pidgin) @@ -1199,7 +1199,7 @@ *CVE-2005-3857 version (kernel, fixed 2.6.15) *CVE-2005-3848 version (kernel, fixed 2.6.13) *CVE-2005-3847 version (kernel, fixed 2.6.12.6) -*CVE-2005-3812 (firefox,seamonkey,thunderbird) +CVE-2005-3812 (firefox,seamonkey,thunderbird) *CVE-2005-3810 version (kernel, fixed 2.6.15) *CVE-2005-3809 version (kernel, fixed 2.6.15) *CVE-2005-3808 version (kernel, fixed 2.6.15) @@ -1215,7 +1215,7 @@ *CVE-2005-3671 version (openswan, fixed 2.4.4) *CVE-2005-3662 version (netpbm) *CVE-2005-3656 version (mod_auth_pgsql, fixed 2.0.3) -*CVE-2005-3651 version (wireshark, fixed 0.10.14) +CVE-2005-3651 version (wireshark, fixed 0.10.14) *CVE-2005-3632 version (netpbm) *CVE-2005-3631 version (udev) *CVE-2005-3630 (fedora directory server) @@ -1263,7 +1263,7 @@ *CVE-2005-3350 (libungif) CVE-2005-3322 version (squid) not upstream, SUSE only CVE-2005-3319 ignore (mod_php) no security consequence -*CVE-2005-3313 version (wireshark, fixed after 0.10.13) +CVE-2005-3313 version (wireshark, fixed after 0.10.13) *CVE-2005-3276 version (kernel, fixed 2.6.12.4) *CVE-2005-3275 version (kernel, fixed 2.6.13) *CVE-2005-3274 version (kernel, fixed 2.6.13) @@ -1273,15 +1273,15 @@ *CVE-2005-3269 (fedora directory server) CVE-2005-3258 version (squid, fixed 2.5STABLE12) *CVE-2005-3257 version (kernel, fixed 2.6.15) -*CVE-2005-3249 version (wireshark, fixed 0.10.13) -*CVE-2005-3248 version (wireshark, fixed 0.10.13) -*CVE-2005-3247 version (wireshark, fixed 0.10.13) -*CVE-2005-3246 version (wireshark, fixed 0.10.13) -*CVE-2005-3245 version (wireshark, fixed 0.10.13) -*CVE-2005-3244 version (wireshark, fixed 0.10.13) -*CVE-2005-3243 version (wireshark, fixed 0.10.13) -*CVE-2005-3242 version (wireshark, fixed 0.10.13) -*CVE-2005-3241 version (wireshark, fixed 0.10.13) +CVE-2005-3249 version (wireshark, fixed 0.10.13) +CVE-2005-3248 version (wireshark, fixed 0.10.13) +CVE-2005-3247 version (wireshark, fixed 0.10.13) +CVE-2005-3246 version (wireshark, fixed 0.10.13) +CVE-2005-3245 version (wireshark, fixed 0.10.13) +CVE-2005-3244 version (wireshark, fixed 0.10.13) +CVE-2005-3243 version (wireshark, fixed 0.10.13) +CVE-2005-3242 version (wireshark, fixed 0.10.13) +CVE-2005-3241 version (wireshark, fixed 0.10.13) *CVE-2005-3193 version (poppler, fixed 0.4.4) *CVE-2005-3193 version (kdegraphics, fixed 3.5.1) CVE-2005-3193 version (cups, fixed 1.2.0) @@ -1297,7 +1297,7 @@ *CVE-2005-3186 version (gtk2, fixed 2.8.7 at least) *CVE-2005-3185 version (wget, fixed 1.10.2 at least) *CVE-2005-3185 version (curl, fixed 7.15) -*CVE-2005-3184 version (wireshark, fixed 0.10.13) +CVE-2005-3184 version (wireshark, fixed 0.10.13) *CVE-2005-3183 (w3c-libwww) *CVE-2005-3181 version (kernel, fixed 2.6.13.4) *CVE-2005-3180 version (kernel, fixed 2.6.13.4) @@ -1311,7 +1311,7 @@ *CVE-2005-3107 version (kernel, fixed 2.6.11) *CVE-2005-3106 version (kernel, fixed 2.6.11) *CVE-2005-3105 version (kernel, fixed 2.6.12) -*CVE-2005-3089 version (firefox, fixed 1.0.7) +CVE-2005-3089 version (firefox, fixed 1.0.7) *CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped *CVE-2005-3055 version (kernel, fixed 2.6.14) CVE-2005-3054 ignore (php) @@ -1328,8 +1328,8 @@ *CVE-2005-2970 version (httpd, not 2.2) *CVE-2005-2969 version (openssl, fixed 0.9.8a) *CVE-2005-2969 backport (openssl097a, fixed 0.9.7h) -*CVE-2005-2968 version (thunderbird) -*CVE-2005-2968 version (firefox) +CVE-2005-2968 version (thunderbird) +CVE-2005-2968 version (firefox) CVE-2005-2959 ignore (sudo) not a vulnerability *CVE-2005-2958 (libgda) *CVE-2005-2946 version (openssl, fixed 0.9.8) @@ -1341,8 +1341,8 @@ CVE-2005-2874 version (cups, fixed 1.1.23) *CVE-2005-2873 version (kernel, fixed 2.6.18-rc1) *CVE-2005-2872 version (kernel, fixed 2.6.12) -*CVE-2005-2871 version (thunderbird) -*CVE-2005-2871 version (firefox, fixed 1.0.7) +CVE-2005-2871 version (thunderbird) +CVE-2005-2871 version (firefox, fixed 1.0.7) CVE-2005-2811 version (net-snmp) not upstream, gentoo only *CVE-2005-2801 version (kernel, fixed 2.6.11) *CVE-2005-2800 version (kernel, fixed 2.6.12.6) @@ -1354,19 +1354,19 @@ *CVE-2005-2710 (helixplayer) *CVE-2005-2709 version (kernel, fixed 2.6.14.3) *CVE-2005-2708 ignore (kernel) not reproducable on x86_64 -*CVE-2005-2707 version (thunderbird) -*CVE-2005-2707 version (firefox, fixed 1.0.7) -*CVE-2005-2706 version (thunderbird) -*CVE-2005-2706 version (firefox, fixed 1.0.7) -*CVE-2005-2705 version (thunderbird) -*CVE-2005-2705 version (firefox, fixed 1.0.7) -*CVE-2005-2704 version (thunderbird) -*CVE-2005-2704 version (firefox, fixed 1.0.7) -*CVE-2005-2703 version (thunderbird) -*CVE-2005-2703 version (firefox, fixed 1.0.7) -*CVE-2005-2702 version (thunderbird) -*CVE-2005-2702 version (firefox, fixed 1.0.7) -*CVE-2005-2701 version (firefox, fixed 1.0.7) +CVE-2005-2707 version (thunderbird) +CVE-2005-2707 version (firefox, fixed 1.0.7) +CVE-2005-2706 version (thunderbird) +CVE-2005-2706 version (firefox, fixed 1.0.7) +CVE-2005-2705 version (thunderbird) +CVE-2005-2705 version (firefox, fixed 1.0.7) +CVE-2005-2704 version (thunderbird) +CVE-2005-2704 version (firefox, fixed 1.0.7) +CVE-2005-2703 version (thunderbird) +CVE-2005-2703 version (firefox, fixed 1.0.7) +CVE-2005-2702 version (thunderbird) +CVE-2005-2702 version (firefox, fixed 1.0.7) +CVE-2005-2701 version (firefox, fixed 1.0.7) *CVE-2005-2700 version (httpd, not 2.2) *CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch *CVE-2005-2672 version (lm_sensors, fixed 2.9.2) @@ -1376,8 +1376,8 @@ *CVE-2005-2629 (helixplayer) CVE-2005-2628 ignore, no-ship (flash-plugin) *CVE-2005-2617 version (kernel, fixed 2.6.12.5) -*CVE-2005-2602 ignore (thunderbird) probably -*CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085 +CVE-2005-2602 ignore (thunderbird) probably +CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085 *CVE-2005-2558 version (mysql, fixed 4.1.13) *CVE-2005-2558 ignore (mysql) not an issue *CVE-2005-2555 version (kernel, fixed 2.6.12.6) @@ -1407,39 +1407,39 @@ *CVE-2005-2452 version (libtiff, fixed 3.7.0) *CVE-2005-2448 version (kdenetwork, fixed 3.4.2) *CVE-2005-2410 version (NetworkManager, fixed 5.0) -*CVE-2005-2395 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=281851 +CVE-2005-2395 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=281851 *CVE-2005-2370 version (kdenetwork, fixed 3.4.2) CVE-2005-2370 version (gaim, fixed gaim:1.5.0) *CVE-2005-2369 version (kdenetwork, fixed 3.4.2) *CVE-2005-2368 version (vim, fixed 6.3.086 at least) -*CVE-2005-2367 version (wireshark, fixed 0.10.12) -*CVE-2005-2366 version (wireshark, fixed 0.10.12) -*CVE-2005-2365 version (wireshark, fixed 0.10.12) -*CVE-2005-2364 version (wireshark, fixed 0.10.12) -*CVE-2005-2363 version (wireshark, fixed 0.10.12) -*CVE-2005-2362 version (wireshark, fixed 0.10.12) -*CVE-2005-2361 version (wireshark, fixed 0.10.12) -*CVE-2005-2360 version (wireshark, fixed 0.10.12) +CVE-2005-2367 version (wireshark, fixed 0.10.12) +CVE-2005-2366 version (wireshark, fixed 0.10.12) +CVE-2005-2365 version (wireshark, fixed 0.10.12) +CVE-2005-2364 version (wireshark, fixed 0.10.12) +CVE-2005-2363 version (wireshark, fixed 0.10.12) +CVE-2005-2362 version (wireshark, fixed 0.10.12) +CVE-2005-2361 version (wireshark, fixed 0.10.12) +CVE-2005-2360 version (wireshark, fixed 0.10.12) *CVE-2005-2353 ignore (thunderbird) debug mode only *CVE-2005-2337 version (ruby, fixed 1.8.3) *CVE-2005-2335 version (fetchmail, fixed 6.2.5.2) *CVE-2005-2295 patch (netpanzer, fixed 0.8-4) bz#192990 -*CVE-2005-2270 version (thunderbird, fixed 1.0.5) -*CVE-2005-2270 version (firefox, fixed 1.0.5) -*CVE-2005-2269 version (thunderbird, fixed 1.0.5) -*CVE-2005-2269 version (firefox, fixed 1.0.5) -*CVE-2005-2268 version (firefox, fixed 1.0.5) -*CVE-2005-2267 version (firefox, fixed 1.0.5) -*CVE-2005-2266 version (thunderbird, fixed 1.0.5) -*CVE-2005-2266 version (firefox, fixed 1.0.5) -*CVE-2005-2265 version (thunderbird, fixed 1.0.5) -*CVE-2005-2265 version (firefox, fixed 1.0.5) -*CVE-2005-2264 version (firefox, fixed 1.0.5) -*CVE-2005-2263 version (firefox, fixed 1.0.5) -*CVE-2005-2262 version (firefox, fixed 1.0.5) -*CVE-2005-2261 version (thunderbird, fixed 1.0.5) -*CVE-2005-2261 version (firefox, fixed 1.0.5) -*CVE-2005-2260 version (firefox, fixed 1.0.5) +CVE-2005-2270 version (thunderbird, fixed 1.0.5) +CVE-2005-2270 version (firefox, fixed 1.0.5) +CVE-2005-2269 version (thunderbird, fixed 1.0.5) +CVE-2005-2269 version (firefox, fixed 1.0.5) +CVE-2005-2268 version (firefox, fixed 1.0.5) +CVE-2005-2267 version (firefox, fixed 1.0.5) +CVE-2005-2266 version (thunderbird, fixed 1.0.5) +CVE-2005-2266 version (firefox, fixed 1.0.5) +CVE-2005-2265 version (thunderbird, fixed 1.0.5) +CVE-2005-2265 version (firefox, fixed 1.0.5) +CVE-2005-2264 version (firefox, fixed 1.0.5) +CVE-2005-2263 version (firefox, fixed 1.0.5) +CVE-2005-2262 version (firefox, fixed 1.0.5) +CVE-2005-2261 version (thunderbird, fixed 1.0.5) +CVE-2005-2261 version (firefox, fixed 1.0.5) +CVE-2005-2260 version (firefox, fixed 1.0.5) CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) *CVE-2005-2114 version (firefox, fixed 1.0.5) *CVE-2005-2104 version (sysreport, fixed 1.4.1-5) @@ -1460,7 +1460,7 @@ *CVE-2005-2023 version (gnupg, only 1.9.14) CVE-2005-1993 version (sudo, fixed 1.6.8p9) *CVE-2005-1992 version (ruby, fixed 1.8.3 at least) -*CVE-2005-1937 version (firefox, fixed 1.0.5) +CVE-2005-1937 version (firefox, fixed 1.0.5) CVE-2005-1934 version (gaim, fixed gaim:1.5.0) CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) *CVE-2005-1920 version (kdelibs, fixed 3.4.1) @@ -1497,27 +1497,27 @@ CVE-2005-1571 version (php, fixed shtool 2.0.2) *CVE-2005-1544 version (libtiff, fixed 3.7.1 at least) *CVE-2005-1532 version (thunderbird) -*CVE-2005-1532 version (firefox, fixed 1.0.4) -*CVE-2005-1531 version (firefox, fixed 1.0.4) +CVE-2005-1532 version (firefox, fixed 1.0.4) +CVE-2005-1531 version (firefox, fixed 1.0.4) CVE-2005-1519 version (squid, fixed 2.5.STABLE10) -*CVE-2005-1476 (firefox,seamonkey,thunderbird) -*CVE-2005-1470 version (wireshark, fixed 0.10.11) -*CVE-2005-1469 version (wireshark, fixed 0.10.11) -*CVE-2005-1468 version (wireshark, fixed 0.10.11) -*CVE-2005-1467 version (wireshark, fixed 0.10.11) -*CVE-2005-1466 version (wireshark, fixed 0.10.11) -*CVE-2005-1465 version (wireshark, fixed 0.10.11) -*CVE-2005-1464 version (wireshark, fixed 0.10.11) -*CVE-2005-1463 version (wireshark, fixed 0.10.11) -*CVE-2005-1462 version (wireshark, fixed 0.10.11) -*CVE-2005-1461 version (wireshark, fixed 0.10.11) -*CVE-2005-1460 version (wireshark, fixed 0.10.11) -*CVE-2005-1459 version (wireshark, fixed 0.10.11) -*CVE-2005-1458 version (wireshark, fixed 0.10.11) -*CVE-2005-1457 version (wireshark, fixed 0.10.11) -*CVE-2005-1456 version (wireshark, fixed 0.10.11) -*CVE-2005-1455 version (freeradius, fixed 1.0.3) -*CVE-2005-1454 version (freeradius, fixed 1.0.3) +CVE-2005-1476 (firefox,seamonkey,thunderbird) +CVE-2005-1470 version (wireshark, fixed 0.10.11) +CVE-2005-1469 version (wireshark, fixed 0.10.11) +CVE-2005-1468 version (wireshark, fixed 0.10.11) +CVE-2005-1467 version (wireshark, fixed 0.10.11) +CVE-2005-1466 version (wireshark, fixed 0.10.11) +CVE-2005-1465 version (wireshark, fixed 0.10.11) +CVE-2005-1464 version (wireshark, fixed 0.10.11) +CVE-2005-1463 version (wireshark, fixed 0.10.11) +CVE-2005-1462 version (wireshark, fixed 0.10.11) +CVE-2005-1461 version (wireshark, fixed 0.10.11) +CVE-2005-1460 version (wireshark, fixed 0.10.11) +CVE-2005-1459 version (wireshark, fixed 0.10.11) +CVE-2005-1458 version (wireshark, fixed 0.10.11) +CVE-2005-1457 version (wireshark, fixed 0.10.11) +CVE-2005-1456 version (wireshark, fixed 0.10.11) +CVE-2005-1455 version (freeradius, fixed 1.0.3) +CVE-2005-1454 version (freeradius, fixed 1.0.3) *CVE-2005-1431 version (gnutls, fixed 1.0.25) *CVE-2005-1410 version (postgresql, fixed 8.0.2) *CVE-2005-1409 version (postgresql, fixed 8.0.1) @@ -1525,7 +1525,7 @@ *CVE-2005-1368 version (kernel, fixed 2.6.12) CVE-2005-1345 version (squid, fixed 2.5.STABLE10) *CVE-2005-1344 ignore (httpd) not a vulnerability -*CVE-2005-1281 version (wireshark, fixed 0.10.11) +CVE-2005-1281 version (wireshark, fixed 0.10.11) *CVE-2005-1280 version (tcpdump, fixed 3.9.2) *CVE-2005-1279 version (tcpdump, fixed 3.9.2) *CVE-2005-1278 version (tcpdump, fixed 3.9.2) @@ -1547,16 +1547,16 @@ *CVE-2005-1184 ignore (kernel) expected to not be an issue CVE-2005-1175 version (krb5, fixed 1.4.2) CVE-2005-1174 version (krb5, fixed 1.4.2) -*CVE-2005-1160 version (thunderbird) -*CVE-2005-1160 version (firefox) -*CVE-2005-1159 version (thunderbird) -*CVE-2005-1159 version (firefox) -*CVE-2005-1158 version (firefox, fixed 1.0.3) -*CVE-2005-1157 version (firefox) -*CVE-2005-1156 version (firefox) -*CVE-2005-1155 version (firefox) -*CVE-2005-1154 version (firefox) -*CVE-2005-1153 version (firefox) +CVE-2005-1160 version (thunderbird) +CVE-2005-1160 version (firefox) +CVE-2005-1159 version (thunderbird) +CVE-2005-1159 version (firefox) +CVE-2005-1158 version (firefox, fixed 1.0.3) +CVE-2005-1157 version (firefox) +CVE-2005-1156 version (firefox) +CVE-2005-1155 version (firefox) +CVE-2005-1154 version (firefox) +CVE-2005-1153 version (firefox) CVE-2005-1111 backport (cpio) cpio-2.6-chmodRaceC.patch *CVE-2005-1065 version (tetex) not upstream version *CVE-2005-1061 version (logwatch, fixed 4.3.2 at least) @@ -1567,8 +1567,8 @@ *CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue CVE-2005-1038 backport (vixie-cron) vixie-cron-4.1-CAN-2005-1038-fix-race.patch *CVE-2005-0990 version (sharutils, fixed 4.6 at least) -*CVE-2005-0989 version (thunderbird) -*CVE-2005-0989 version (firefox, fixed 1.0.3) +CVE-2005-0989 version (thunderbird) +CVE-2005-0989 version (firefox, fixed 1.0.3) *CVE-2005-0988 backport (gzip) changelog *CVE-2005-0977 version (kernel, fixed 2.6.11) CVE-2005-0967 version (gaim, fixed gaim:1.5.0) @@ -1587,8 +1587,8 @@ *CVE-2005-0806 version (evolution, fixed 2.0.4) *CVE-2005-0799 version (mysql) not linux *CVE-2005-0767 version (kernel, fixed 2.6.11) -*CVE-2005-0766 version (wireshark, fixed after 0.10.9) -*CVE-2005-0765 version (wireshark, fixed after 0.10.9) +CVE-2005-0766 version (wireshark, fixed after 0.10.9) +CVE-2005-0765 version (wireshark, fixed after 0.10.9) *CVE-2005-0763 version (mc, fixed 4.6.0) *CVE-2005-0762 version (ImageMagick, fixed 6.0) *CVE-2005-0761 version (ImageMagick, fixed 6.1.8) @@ -1600,19 +1600,19 @@ *CVE-2005-0756 version (kernel, fixed 2.6.12) *CVE-2005-0754 version (kdewebdev, fixed after 3.4.0) *CVE-2005-0753 version (cvs, fixed 1.11.20) -*CVE-2005-0752 version (firefox, fixed 1.0.3) +CVE-2005-0752 version (firefox, fixed 1.0.3) *CVE-2005-0750 version (kernel, fixed 2.6.11.6) *CVE-2005-0749 version (kernel, fixed 2.6.11.6) -*CVE-2005-0739 version (wireshark, fixed after 0.10.9) +CVE-2005-0739 version (wireshark, fixed after 0.10.9) *CVE-2005-0736 version (kernel, fixed 2.6.11) CVE-2005-0718 version (squid, fixed 2.5.STABLE8) *CVE-2005-0711 version (mysql, fixed 4.1.11) *CVE-2005-0710 version (mysql, fixed 4.1.11) *CVE-2005-0709 version (mysql, fixed 4.1.11) -*CVE-2005-0705 version (wireshark, fixed after 0.10.9) -*CVE-2005-0704 version (wireshark, fixed after 0.10.9) -*CVE-2005-0699 (wireshark) -*CVE-2005-0698 version (wireshark, fixed after 0.10.9) +CVE-2005-0705 version (wireshark, fixed after 0.10.9) +CVE-2005-0704 version (wireshark, fixed after 0.10.9) +CVE-2005-0699 version (wireshark, fixed after 0.10.9) +CVE-2005-0698 version (wireshark, fixed after 0.10.9) *CVE-2005-0664 version (libexif, fixed 0.6.12) *CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless *CVE-2005-0627 version (qt, fixed 3.3.4) @@ -1621,26 +1621,26 @@ *CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) *CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour CVE-2005-0596 version (php, fixed 5.0) -*CVE-2005-0593 version (firefox) -*CVE-2005-0592 version (firefox) -*CVE-2005-0591 version (firefox, fixed 1.0.1) -*CVE-2005-0590 version (thunderbird) +CVE-2005-0593 version (firefox) +CVE-2005-0592 version (firefox) +CVE-2005-0591 version (firefox, fixed 1.0.1) +CVE-2005-0590 version (thunderbird) *CVE-2005-0590 version (openswan, fixed 2.1.4) -*CVE-2005-0590 version (firefox) -*CVE-2005-0589 version (firefox, fixed 1.0.1) -*CVE-2005-0588 version (firefox) -*CVE-2005-0587 version (firefox) -*CVE-2005-0586 version (firefox) -*CVE-2005-0585 version (firefox) -*CVE-2005-0584 version (firefox) -*CVE-2005-0578 version (firefox) +CVE-2005-0590 version (firefox) +CVE-2005-0589 version (firefox, fixed 1.0.1) +CVE-2005-0588 version (firefox) +CVE-2005-0587 version (firefox) +CVE-2005-0586 version (firefox) +CVE-2005-0585 version (firefox) +CVE-2005-0584 version (firefox) +CVE-2005-0578 version (firefox) *CVE-2005-0565 version (kernel, not 2.6) *CVE-2005-0546 (cyrus-imapd) *CVE-2005-0532 version (kernel, fixed 2.6.11) *CVE-2005-0531 version (kernel, fixed 2.6.11) *CVE-2005-0530 version (kernel, fixed 2.6.11) *CVE-2005-0529 version (kernel, fixed 2.6.11) -*CVE-2005-0527 version (firefox, fixed 1.0.1) +CVE-2005-0527 version (firefox, fixed 1.0.1) CVE-2005-0525 version (php, fixed 5.0.4) CVE-2005-0524 version (php, fixed 5.0.4) *CVE-2005-0509 version (mono, not after 1.0.5) @@ -1663,11 +1663,11 @@ CVE-2005-0446 version (squid, fixed 2.5.STABLE9) *CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020 *CVE-2005-0403 version (kernel) not upstream -*CVE-2005-0402 version (firefox, fixed 1.0.2) -*CVE-2005-0401 version (firefox, fixed 1.0.2) +CVE-2005-0402 version (firefox, fixed 1.0.2) +CVE-2005-0401 version (firefox, fixed 1.0.2) *CVE-2005-0400 version (kernel, fixed 2.6.11.6) -*CVE-2005-0399 version (thunderbird) -*CVE-2005-0399 version (firefox) +CVE-2005-0399 version (thunderbird) +CVE-2005-0399 version (firefox) *CVE-2005-0398 version (ipsec-tools, fixed 0.5) *CVE-2005-0397 version (ImageMagick, fixed 6.0.2.5) *CVE-2005-0396 version (kdelibs, fixed 3.4.0) @@ -1675,8 +1675,8 @@ *CVE-2005-0372 version (gftp, fixed 2.0.18 at least) *CVE-2005-0365 version (kdelibs, not 3.4) *CVE-2005-0337 version (postfix, fixed 2.1.4) -*CVE-2005-0255 version (thunderbird, fixed 1.0.2) -*CVE-2005-0255 version (firefox, fixed 1.0.1) +CVE-2005-0255 version (thunderbird, fixed 1.0.2) +CVE-2005-0255 version (firefox, fixed 1.0.1) *CVE-2005-0247 version (postgresql, fixed after 8.0) *CVE-2005-0246 version (postgresql, fixed 8.0.1) *CVE-2005-0245 version (postgresql, fixed 8.0.1) @@ -1684,11 +1684,11 @@ CVE-2005-0241 version (squid, fixed 2.5.STABLE8) *CVE-2005-0238 version (epiphany, fixed since mozilla 1.7.6) *CVE-2005-0237 version (kdelibs, fixed 3.4.0) -*CVE-2005-0233 version (firefox, fixed 1.0.1) -*CVE-2005-0232 version (firefox, fixed 1.0.1) -*CVE-2005-0231 version (firefox, fixed 1.0.1) -*CVE-2005-0230 version (thunderbird, fixed 1.0.2) -*CVE-2005-0230 version (firefox, fixed 1.0.1) +CVE-2005-0233 version (firefox, fixed 1.0.1) +CVE-2005-0232 version (firefox, fixed 1.0.1) +CVE-2005-0231 version (firefox, fixed 1.0.1) +CVE-2005-0230 version (thunderbird, fixed 1.0.2) +CVE-2005-0230 version (firefox, fixed 1.0.1) *CVE-2005-0227 version (postgresql, fixed 8.0.1) CVE-2005-0211 version (squid, fixed 2.5.STABLE8) *CVE-2005-0210 version (kernel, fixed 2.6.11) @@ -1714,16 +1714,16 @@ *CVE-2005-0156 version (perl, fixed 5.8.8) *CVE-2005-0155 version (perl, fixed 5.8.8) *CVE-2005-0152 version (squirrelmail, not 1.4) -*CVE-2005-0150 version (firefox, fixed 1.0) -*CVE-2005-0149 version (firefox) -*CVE-2005-0147 version (firefox) -*CVE-2005-0146 version (firefox) -*CVE-2005-0145 version (firefox, fixed 1.0) -*CVE-2005-0144 version (firefox) -*CVE-2005-0143 version (firefox) -*CVE-2005-0142 version (thunderbird) -*CVE-2005-0142 version (firefox) -*CVE-2005-0141 version (firefox) +CVE-2005-0150 version (firefox, fixed 1.0) +CVE-2005-0149 version (firefox) +CVE-2005-0147 version (firefox) +CVE-2005-0146 version (firefox) +CVE-2005-0145 version (firefox, fixed 1.0) +CVE-2005-0144 version (firefox) +CVE-2005-0143 version (firefox) +CVE-2005-0142 version (thunderbird) +CVE-2005-0142 version (firefox) +CVE-2005-0141 version (firefox) *CVE-2005-0137 version (kernel, not 2.6) *CVE-2005-0136 version (kernel, fixed 2.6.11) *CVE-2005-0135 version (kernel, fixed 2.6.11) @@ -1747,7 +1747,7 @@ *CVE-2005-0087 version (alsa-lib, fixed 1.0.9) *CVE-2005-0086 version (less) didn't affect upstream CVE-2005-0085 version (htdig, fixed 3.1.6-r7) -*CVE-2005-0084 version (wireshark, fixed 0.10.9) +CVE-2005-0084 version (wireshark, fixed 0.10.9) *CVE-2005-0080 version (mailman) not upstream *CVE-2005-0078 version (kde, fixed 3.0.5) *CVE-2005-0077 version (perl-DBI, fixed 1.48 at least) @@ -1764,17 +1764,17 @@ *CVE-2005-0014 version (ncpfs, fixed 2.2.6) *CVE-2005-0013 version (ncpfs, fixed 2.2.6) *CVE-2005-0011 version (kdeedu, not 3.4) -*CVE-2005-0010 version (wireshark, fixed 0.10.9) -*CVE-2005-0009 version (wireshark, fixed 0.10.9) -*CVE-2005-0008 version (wireshark, fixed 0.10.9) -*CVE-2005-0007 version (wireshark, fixed 0.10.9) -*CVE-2005-0006 version (wireshark, fixed 0.10.9) +CVE-2005-0010 version (wireshark, fixed 0.10.9) +CVE-2005-0009 version (wireshark, fixed 0.10.9) +CVE-2005-0008 version (wireshark, fixed 0.10.9) +CVE-2005-0007 version (wireshark, fixed 0.10.9) +CVE-2005-0006 version (wireshark, fixed 0.10.9) *CVE-2005-0005 version (ImageMagick, fixed after 6.1.7) *CVE-2005-0004 version (mysql, fixed 4.1.10) *CVE-2005-0003 version (kernel, fixed 2.6.10) *CVE-2005-0001 version (kernel, fixed 2.6.10) *CVE-2004-2660 version (kernel, fixed 2.6.10) -*CVE-2004-2657 ignore (firefox) windows only +CVE-2004-2657 ignore (firefox) windows only *CVE-2004-2655 (xscreensaver) CVE-2004-2654 version (squid, fixed 2.6STABLE6) *CVE-2004-2645 (asn1c) @@ -1794,9 +1794,9 @@ *CVE-2004-2343 ignore (httpd) not a security issue *CVE-2004-2302 version (kernel, fixed 2.6.10) *CVE-2004-2259 version (vsftpd, fixed 1.2.2) -*CVE-2004-2228 version (firefox, fixed 1.0) -*CVE-2004-2227 version (firefox, fixed 1.0) -*CVE-2004-2225 version (firefox, fixed 0.10.1) +CVE-2004-2228 version (firefox, fixed 1.0) +CVE-2004-2227 version (firefox, fixed 1.0) +CVE-2004-2225 version (firefox, fixed 0.10.1) CVE-2004-2154 version (cups, fixed 1.1.21rc1) *CVE-2004-2149 version (mysql, fixed 4.1.5) *CVE-2004-2136 ignore (dm-crypt) design @@ -1810,25 +1810,25 @@ *CVE-2004-1834 version (httpd, not 2.2) *CVE-2004-1773 version (sharutils, not 4.6) *CVE-2004-1772 version (sharutils, not 4.6) -*CVE-2004-1761 version (wireshark, fixed 0.10.3) +CVE-2004-1761 version (wireshark, fixed 0.10.3) CVE-2004-1689 version (sudo, fixed 1.6.8p1) CVE-2004-1653 ignore (openssh) -*CVE-2004-1639 version (firefox) +CVE-2004-1639 version (firefox) *CVE-2004-1617 ignore (lynx) not able to verify flaw *CVE-2004-1488 version (wget, fixed 1.10.1) *CVE-2004-1471 version (cvs, fixed 1.12.9) *CVE-2004-1453 version (glibc, fixed 2.3.5) *CVE-2004-1452 version (tomcat, fixed 5.0.27-r3) -*CVE-2004-1451 version (thunderbird) -*CVE-2004-1451 version (firefox) -*CVE-2004-1450 version (thunderbird) -*CVE-2004-1450 version (firefox) -*CVE-2004-1449 version (thunderbird) -*CVE-2004-1449 version (firefox) +CVE-2004-1451 version (thunderbird) +CVE-2004-1451 version (firefox) +CVE-2004-1450 version (thunderbird) +CVE-2004-1450 version (firefox) +CVE-2004-1449 version (thunderbird) +CVE-2004-1449 version (firefox) CVE-2004-1392 version (php, fixed 5.0.4) *CVE-2004-1382 version (glibc, not 2.3.5) -*CVE-2004-1381 version (firefox) -*CVE-2004-1380 version (firefox) +CVE-2004-1381 version (firefox) +CVE-2004-1380 version (firefox) *CVE-2004-1377 backport (a2ps) a2ps-4.13-security.patch *CVE-2004-1337 version (kernel, fixed 2.6.11) *CVE-2004-1336 version (tetex, fixed 3.0 at least) @@ -1849,7 +1849,7 @@ *CVE-2004-1235 version (kernel, fixed 2.6.11) *CVE-2004-1234 version (kernel, not 2.6) *CVE-2004-1224 version (mtr, fixed after 0.65) -*CVE-2004-1200 ignore (firefox, mozilla) not a security issue +CVE-2004-1200 ignore (firefox, mozilla) not a security issue *CVE-2004-1191 version (kernel, fixed 2.6.9) *CVE-2004-1190 version (kernel, fixed 2.6.10) CVE-2004-1189 version (krb5, fixed 1.4) @@ -1867,16 +1867,16 @@ *CVE-2004-1170 backport (a2ps) a2ps-shell.patch *CVE-2004-1165 version (kdelibs, not 3.4) *CVE-2004-1158 version (kdelibs, not 3.4) -*CVE-2004-1156 version (firefox) +CVE-2004-1156 version (firefox) *CVE-2004-1154 version (samba, fixed 3.0.10) *CVE-2004-1151 version (kernel, fixed 2.6.10) *CVE-2004-1145 version (kde, not 3.4) *CVE-2004-1144 version (kernel, not 2.6) *CVE-2004-1143 version (mailman, fixed 2.1.5) -*CVE-2004-1142 version (wireshark, fixed 0.10.8) -*CVE-2004-1141 version (wireshark, fixed 0.10.8) -*CVE-2004-1140 version (wireshark, fixed 0.10.8) -*CVE-2004-1139 version (wireshark, fixed 0.10.8) +CVE-2004-1142 version (wireshark, fixed 0.10.8) +CVE-2004-1141 version (wireshark, fixed 0.10.8) +CVE-2004-1140 version (wireshark, fixed 0.10.8) +CVE-2004-1139 version (wireshark, fixed 0.10.8) *CVE-2004-1138 version (vim, fixed 6.3) *CVE-2004-1137 version (kernel, fixed 2.6.10) *CVE-2004-1125 version (tetex, at least 3.0) @@ -1952,11 +1952,11 @@ CVE-2004-0918 version (squid, fixed 2.4.STABLE7) *CVE-2004-0914 version (xorg-x11, fixed after 6.8.1) *CVE-2004-0909 version (thunderbird) -*CVE-2004-0909 version (firefox) -*CVE-2004-0907 version (thunderbird) -*CVE-2004-0907 version (firefox) -*CVE-2004-0906 version (thunderbird) -*CVE-2004-0906 version (firefox) +CVE-2004-0909 version (firefox) +CVE-2004-0907 version (thunderbird) +CVE-2004-0907 version (firefox) +CVE-2004-0906 version (thunderbird) +CVE-2004-0906 version (firefox) CVE-2004-0891 version (gaim, fixed gaim:1.0.2) *CVE-2004-0888 version (tetex, fixed 3.0) *CVE-2004-0888 version (kdegraphics, not 3.4) @@ -1970,7 +1970,7 @@ *CVE-2004-0883 version (kernel, fixed 2.6.11) *CVE-2004-0882 version (samba, fixed 3.0.8) *CVE-2004-0870 ignore (kde) upstream won't fix -*CVE-2004-0867 version (firefox, fixed after 0.9.2) +CVE-2004-0867 version (firefox, fixed after 0.9.2) *CVE-2004-0837 version (mysql, fixed 4.0.21) *CVE-2004-0836 version (mysql, fixed 4.0.21) *CVE-2004-0835 version (mysql, fixed 4.1.2) @@ -2007,7 +2007,7 @@ *CVE-2004-0783 version (gtk2, fixed 2.6.7 at least) *CVE-2004-0782 version (gtk2, fixed 2.6.7 at least) *CVE-2004-0779 version (thunderbird) -*CVE-2004-0779 version (firefox) +CVE-2004-0779 version (firefox) *CVE-2004-0778 version (cvs, fixed 1.11.17) CVE-2004-0772 version (krb5, fixed after 1.2.8) *CVE-2004-0768 version (libpng, fixed 1.2.6) @@ -2031,15 +2031,15 @@ *CVE-2004-0686 version (samba, fixed 3.0.6) *CVE-2004-0685 version (kernel, not 2.6) *CVE-2004-0658 ignore (kernel) not a security issue -*CVE-2004-0648 version (thunderbird) -*CVE-2004-0648 version (firefox) +CVE-2004-0648 version (thunderbird) +CVE-2004-0648 version (firefox) CVE-2004-0644 version (krb5, fixed after 1.3.4) CVE-2004-0643 version (krb5, fixed after 1.3.1) CVE-2004-0642 version (krb5, fixed after 1.3.4) *CVE-2004-0639 version (squirrelmail, fixed after 1.2.10) -*CVE-2004-0635 version (wireshark, fixed 0.10.5) -*CVE-2004-0634 version (wireshark, fixed 0.10.5) -*CVE-2004-0633 version (wireshark, fixed 0.10.5) +CVE-2004-0635 version (wireshark, fixed 0.10.5) +CVE-2004-0634 version (wireshark, fixed 0.10.5) +CVE-2004-0633 version (wireshark, fixed 0.10.5) *CVE-2004-0628 version (mysql, fixed 4.1.3) *CVE-2004-0627 version (mysql, fixed 4.1.3) *CVE-2004-0626 version (kernel, fixed 2.6.8) @@ -2067,10 +2067,10 @@ *CVE-2004-0521 version (squirrelmail, fixed 1.4.3a) *CVE-2004-0520 version (squirrelmail, fixed 1.4.3a) *CVE-2004-0519 version (squirrelmail, fixed 1.4.3a) -*CVE-2004-0507 version (wireshark, fixed 0.10.4) -*CVE-2004-0506 version (wireshark, fixed 0.10.4) -*CVE-2004-0505 version (wireshark, fixed 0.10.4) -*CVE-2004-0504 version (wireshark, fixed 0.10.4) +CVE-2004-0507 version (wireshark, fixed 0.10.4) +CVE-2004-0506 version (wireshark, fixed 0.10.4) +CVE-2004-0505 version (wireshark, fixed 0.10.4) +CVE-2004-0504 version (wireshark, fixed 0.10.4) CVE-2004-0500 version (gaim, fixed gaim:0.82.1) *CVE-2004-0497 version (kernel, fixed 2.6.8) *CVE-2004-0496 version (kernel, fixed 2.6.8) @@ -2109,8 +2109,8 @@ *CVE-2004-0388 version (mysql, fixed 4.1.11 at least) *CVE-2004-0387 (helixplayer) *CVE-2004-0381 version (mysql, fixed 4.1.11 at least) -*CVE-2004-0367 version (wireshark, fixed 0.10.3) -*CVE-2004-0365 version (wireshark, fixed 0.10.3) +CVE-2004-0367 version (wireshark, fixed 0.10.3) +CVE-2004-0365 version (wireshark, fixed 0.10.3) CVE-2004-0263 version (php, fixed 4.3.5) *CVE-2004-0256 version (libtool, fixed 1.5.2) *CVE-2004-0233 version (libutempter, fixed 0.5.5) @@ -2132,7 +2132,7 @@ *CVE-2004-0179 version (neon, fixed 0.24.5) *CVE-2004-0178 version (kernel, not 2.6) *CVE-2004-0177 version (kernel, fixed 2.6.6) -*CVE-2004-0176 version (wireshark, fixed 0.10.3) +CVE-2004-0176 version (wireshark, fixed 0.10.3) CVE-2004-0175 version (openssh, fixed 3.4p1) CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch *CVE-2004-0174 version (httpd, not 2.2) @@ -2183,16 +2183,16 @@ CVE-2003-1302 version (php, fixed 4.3.1) *CVE-2003-1295 (xscreensaver) *CVE-2003-1294 (xscreensaver) -*CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 -*CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 +CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 +CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 *CVE-2003-1232 version (emacs, fixed 21.3) *CVE-2003-1201 version (openldap, not 2.2) *CVE-2003-1161 version (kernel, not released version) *CVE-2003-1138 backport (httpd, Red Hat only) contains /+ now *CVE-2003-1029 version (tcpdump, fixed after 3.8.1) *CVE-2003-1023 version (mc, 4.6.1) -*CVE-2003-1013 version (wireshark, fixed 0.10.0) -*CVE-2003-1012 version (wireshark, fixed 0.10.0) +CVE-2003-1013 version (wireshark, fixed 0.10.0) +CVE-2003-1012 version (wireshark, fixed 0.10.0) *CVE-2003-0993 version (httpd, not 2.2) *CVE-2003-0992 version (mailman, fixed 2.1.4) *CVE-2003-0992 version (mailman, fixed 2.1.3) @@ -2219,9 +2219,9 @@ *CVE-2003-0959 version (kernel, fixed 2.4.21) *CVE-2003-0956 version (kernel, fixed 2.4.22) CVE-2003-0935 version (net-snmp, fixed 5.0.9) -*CVE-2003-0927 version (wireshark, fixed 0.9.16) -*CVE-2003-0926 version (wireshark, fixed 0.9.16) -*CVE-2003-0925 version (wireshark, fixed 0.9.16) +CVE-2003-0927 version (wireshark, fixed 0.9.16) +CVE-2003-0926 version (wireshark, fixed 0.9.16) +CVE-2003-0925 version (wireshark, fixed 0.9.16) *CVE-2003-0924 version (netpbm, fixed 9.26) CVE-2003-0914 version (bind, not 9) *CVE-2003-0901 version (postgresql, not 8) @@ -2303,11 +2303,11 @@ *CVE-2003-0459 version (kdelibs, not 3.2) *CVE-2003-0455 version (ImageMagick) CVE-2003-0442 version (php, fixed 4.3.2) -*CVE-2003-0432 version (wireshark, fixed after 0.9.12) -*CVE-2003-0431 version (wireshark, fixed after 0.9.12) -*CVE-2003-0430 version (wireshark, fixed after 0.9.12) -*CVE-2003-0429 version (wireshark, fixed after 0.9.12) -*CVE-2003-0428 version (wireshark, fixed after 0.9.12) +CVE-2003-0432 version (wireshark, fixed after 0.9.12) +CVE-2003-0431 version (wireshark, fixed after 0.9.12) +CVE-2003-0430 version (wireshark, fixed after 0.9.12) +CVE-2003-0429 version (wireshark, fixed after 0.9.12) +CVE-2003-0428 version (wireshark, fixed after 0.9.12) *CVE-2003-0427 backport (mikmod) from changelog *CVE-2003-0418 version (kernel, not 2.6) *CVE-2003-0388 version (pam, fixed 0.78) @@ -2315,8 +2315,8 @@ *CVE-2003-0370 version (kde, fixed 3.0) *CVE-2003-0367 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch *CVE-2003-0364 version (kernel, not 2.6) -*CVE-2003-0357 version (wireshark, fixed after 0.9.11) -*CVE-2003-0356 version (wireshark, fixed after 0.9.11) +CVE-2003-0357 version (wireshark, fixed after 0.9.11) +CVE-2003-0356 version (wireshark, fixed after 0.9.11) *CVE-2003-0354 version (ghostscript, fixed 7.07) *CVE-2003-0328 version (epic, fixed epic4-2.2 at least) *CVE-2003-0300 ignore (sylpheed) only a crasher @@ -2351,7 +2351,7 @@ *CVE-2003-0165 version (eog, fixed 2.2.2) *CVE-2003-0161 version (sendmail, fixed 8.12.9) *CVE-2003-0160 version (squirrelmail, fixed 1.2.11) -*CVE-2003-0159 version (wireshark, fixed after 0.9.9) +CVE-2003-0159 version (wireshark, fixed after 0.9.9) *CVE-2003-0150 version (mysql, fixed 3.23.56) *CVE-2003-0147 version (openssl, not 0.9.8) *CVE-2003-0147 backport (openssl097a, fixed 0.9.7b) @@ -2379,7 +2379,7 @@ *CVE-2003-0085 version (samba, fixed 2.2.8) *CVE-2003-0083 version (httpd, not 2.2) CVE-2003-0082 version (krb5, fixed after 1.2.7) -*CVE-2003-0081 version (wireshark, fixed after 0.9.9) +CVE-2003-0081 version (wireshark, fixed after 0.9.9) *CVE-2003-0078 version (openssl, not 0.9.8) *CVE-2003-0078 version (openssl097a, fixed 0.9.7a) *CVE-2003-0073 version (mysql, fixed 3.23.55) @@ -2483,8 +2483,8 @@ CVE-2002-1366 version (cups, fixed 1.1.18) *CVE-2002-1365 version (fetchmail, fixed 6.2.0) *CVE-2002-1363 version (libpng, fixed 1.2.6) -*CVE-2002-1356 version (wireshark, fixed after 0.9.7) -*CVE-2002-1355 version (wireshark, fixed after 0.9.7) +CVE-2002-1356 version (wireshark, fixed after 0.9.7) +CVE-2002-1355 version (wireshark, fixed after 0.9.7) *CVE-2002-1350 version (tcpdump, fixed 3.7) *CVE-2002-1348 version (w3m, fixed 0.3.2.2) *CVE-2002-1347 version (cyrus-sasl, fixed 2.1.10) @@ -2541,10 +2541,10 @@ *CVE-2002-0838 version (ggv, fixed 20030119, 2.8.0 at least) *CVE-2002-0837 version (wordtrans, fixed 1.1pre13 at least) *CVE-2002-0836 version (tetex, fixed 2.0.2 at least) -*CVE-2002-0834 version (wireshark) +CVE-2002-0834 version (wireshark, fixed after 0.9.5) *CVE-2002-0825 version (nss_ldap, fixed nss_ldap-198) -*CVE-2002-0822 version (wireshark) -*CVE-2002-0821 version (wireshark) +CVE-2002-0822 version (wireshark, fixed 0.9.5) +CVE-2002-0821 version (wireshark, fixed 0.9.5) *CVE-2002-0819 version (arts, fixed cvs 20020707) *CVE-2002-0802 version (postgresql, fixed 7.2) *CVE-2002-0761 version (bzip2, fixed 1.0.2) @@ -2585,10 +2585,10 @@ *CVE-2002-0493 version (tomcat, fixed 4.1.12) *CVE-2002-0435 version (fileutils, fixed 4.1.7) *CVE-2002-0429 version (kernel, not 2.6) -*CVE-2002-0404 version (wireshark, fixed ethereal 0.9.3) -*CVE-2002-0403 version (wireshark, fixed ethereal 0.9.3) -*CVE-2002-0402 version (wireshark, fixed ethereal 0.9.3) -*CVE-2002-0401 version (wireshark, fixed ethereal 0.9.3) +CVE-2002-0404 version (wireshark, fixed 0.9.3) +CVE-2002-0403 version (wireshark, fixed 0.9.3) +CVE-2002-0402 version (wireshark, fixed 0.9.3) +CVE-2002-0401 version (wireshark, fixed 0.9.3) CVE-2002-0400 version (bind, fixed 9.2.1) *CVE-2002-0399 version (tar, fixed 1.13.26) *CVE-2002-0392 version (httpd, not 2.2) @@ -2603,7 +2603,7 @@ CVE-2002-0377 version (gaim, fixed gaim:0.58) *CVE-2002-0374 version (pam_ldap, fixed 144) *CVE-2002-0363 version (ghostscript, fixed 6.53) -*CVE-2002-0353 version (wireshark, fixed ethereal 0.9.3) +CVE-2002-0353 version (wireshark, fixed 0.9.3) *CVE-2002-0342 version (kde, not 2.2+) *CVE-2002-0318 version (freeradius, fixed 0.7) CVE-2002-0253 ignore (php) not a vulnerability -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From emanuele at nettirrena.it Wed Jul 11 11:47:52 2007 From: emanuele at nettirrena.it (Emanuele Maiarelli) Date: Wed, 11 Jul 2007 13:47:52 +0200 (CEST) Subject: rpmverify output In-Reply-To: <20070710161337.347aa06b@ghistelwchlohm.scrye.com> References: <4693CC8A.702@nettirrena.it> <20070710140623.5fb36e21@ghistelwchlohm.scrye.com> <3699.217.220.195.222.1184100576.squirrel@mail.nettirrena.it> <20070710161337.347aa06b@ghistelwchlohm.scrye.com> Message-ID: <1891.192.168.1.144.1184154472.squirrel@mail.nettirrena.it> i try both ways (fixfiles / touch /.autorelabel n reboot), but rpmverify still state ........C. SELinux is actived, i post the conffile ---/etc/sysconfig/selinux--- # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=permissive # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted ---------------------------- maybe is dued by the SELINUXTYPE=targeted ? > On Tue, 10 Jul 2007 22:49:36 +0200 (CEST) > "Emanuele Maiarelli" wrote: > >> after running 'fixfiles relabel' rpmverify still report the flag, >> have it to reboot? > > It's typically better to use the 'touch /.autorelabel' and reboot than > to use fixfiles. I suppose you could also try the 'fixfiles -Ra > restore' command. That should restore selinux contexts from the rpm > database. > > Do you have selinux enabled? If you are disabling it > (see /etc/sysconfig/selinux) then it's not going to be able to relabel > the files since it's turned off. > > kevin > > -- Emanuele Maiarelli Nettirrena s.r.l. LUCCA IT http://www.nettirrena.it emanuele at nettirrena.it tel. +39 0583 312257 fax. +39 0583 316373 From kevin at tummy.com Wed Jul 11 16:50:24 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Wed, 11 Jul 2007 10:50:24 -0600 Subject: rpmverify output In-Reply-To: <1891.192.168.1.144.1184154472.squirrel@mail.nettirrena.it> References: <4693CC8A.702@nettirrena.it> <20070710140623.5fb36e21@ghistelwchlohm.scrye.com> <3699.217.220.195.222.1184100576.squirrel@mail.nettirrena.it> <20070710161337.347aa06b@ghistelwchlohm.scrye.com> <1891.192.168.1.144.1184154472.squirrel@mail.nettirrena.it> Message-ID: <20070711105024.1c2033aa@ghistelwchlohm.scrye.com> On Wed, 11 Jul 2007 13:47:52 +0200 (CEST) "Emanuele Maiarelli" wrote: > i try both ways (fixfiles / touch /.autorelabel n reboot), > but rpmverify still state ........C. Odd. Not sure what could cause that. Perhaps you can post to the selinux list? https://www.redhat.com/mailman/listinfo/fedora-selinux-list kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From bressers at redhat.com Wed Jul 11 20:08:25 2007 From: bressers at redhat.com (Josh Bressers) Date: Wed, 11 Jul 2007 16:08:25 -0400 Subject: Information page about last security advisories In-Reply-To: References: Message-ID: <13401.1184184505@devserv.devel.redhat.com> Sorry for the terrible lag in this reply. It's been a long couple of weeks. > > I'm new with fedora, and i'm looking for a security information > page/site about latest security advisories, > Like debian secu. Page : www.debian.org/security/ where I can find : Such a page does not yet exist. It will at some point in the future, but I don't know exactly when this will be. > > -lastest advisories, with pb classification, description, CVE ref, and > of course links to individual patches ... > -security repositories, where I can find patches only related to > security concerns. This should be possible with some combination of reposync and the yum-security plugin. > > I searched these type informations on fedora homepage and wiki but I > don't find it. > > Indeed, if I install critical app on a fedora server , each > patches/updates must be qualified before applying, I can't patches these > server without assessing impact of > Each patches. Right now your best bet is going to be to keep an eye on the fedora package announce list: http://www.redhat.com/mailman/listinfo/fedora-package-announce > > As some servers are not connected to Internet, I need too to be able to > download patches on media (CDROM, USB key,...)...=20 > (I think it's possible with yum to make a local repository) Yes this is very possible. Take a look at the yum-utils package. > > Note that RedHat solution is not suitable, as even if the rhn is useful > to extract only security updates, it's not possible to easily update > server offline, nor to update=20 > Package list of a server without connecting it to Internet. > This isn't an option. Red Hat Network is only available to Red Hat Enterprise Linux Subscribers. I hope this helps. -- JB From tchung at fedoraproject.org Wed Jul 11 20:18:04 2007 From: tchung at fedoraproject.org (Thomas Chung) Date: Wed, 11 Jul 2007 13:18:04 -0700 Subject: Information page about last security advisories In-Reply-To: <13401.1184184505@devserv.devel.redhat.com> References: <13401.1184184505@devserv.devel.redhat.com> Message-ID: <369bce3b0707111318j101938f3o6453bfa2e5bc56d5@mail.gmail.com> On 7/11/07, Josh Bressers wrote: > Sorry for the terrible lag in this reply. It's been a long couple of > weeks. > > > > > I'm new with fedora, and i'm looking for a security information > > page/site about latest security advisories, > > Like debian secu. Page : www.debian.org/security/ where I can find : > > Such a page does not yet exist. It will at some point in the future, but I > don't know exactly when this will be. > > > > > -lastest advisories, with pb classification, description, CVE ref, and > > of course links to individual patches ... > > -security repositories, where I can find patches only related to > > security concerns. > > This should be possible with some combination of reposync and the > yum-security plugin. > > > > > I searched these type informations on fedora homepage and wiki but I > > don't find it. > > > > Indeed, if I install critical app on a fedora server , each > > patches/updates must be qualified before applying, I can't patches these > > server without assessing impact of > > Each patches. > > Right now your best bet is going to be to keep an eye on the fedora package > announce list: > http://www.redhat.com/mailman/listinfo/fedora-package-announce > > > > > As some servers are not connected to Internet, I need too to be able to > > download patches on media (CDROM, USB key,...)...=20 > > (I think it's possible with yum to make a local repository) > > Yes this is very possible. Take a look at the yum-utils package. > > > > > Note that RedHat solution is not suitable, as even if the rhn is useful > > to extract only security updates, it's not possible to easily update > > server offline, nor to update=20 > > Package list of a server without connecting it to Internet. > > > > This isn't an option. Red Hat Network is only available to Red Hat > Enterprise Linux Subscribers. > > I hope this helps. > > -- > JB Thank you Josh, In addition, we're in the process[1] of getting anonymous access to Bodhi (Fedora Update System) which will replace current FSA[2] wiki page which is a manual and endless efforts. :) [1] https://www.redhat.com/archives/fedora-maintainers/2007-June/msg00384.html [2] http://fedoraproject.org/wiki/FSA Regards, -- Thomas Chung http://fedoraproject.org/wiki/ThomasChung From bugzilla at redhat.com Thu Jul 12 00:16:34 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Jul 2007 20:16:34 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707120016.l6C0GYiX018417@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From bojan at rexursive.com 2007-07-11 20:16 EST ------- What's the status of this? Do you need any help building stuff? If your FC6 installation is broken, could you at least do it for F7? I see 0.90.3 is in Rawhide, so it should not be difficult to push the build. If there is no way you can build this, could you at least ask one of the senior folks like Ville to expand the maintainers list for this package, so that others can do it? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Jul 12 00:52:22 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Wed, 11 Jul 2007 20:52:22 -0400 Subject: fedora-security/audit fc7,1.38,1.39 Message-ID: <200707120052.l6C0qMsf005557@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5528 Modified Files: fc7 Log Message: Deal with gd and gdm Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.38 retrieving revision 1.39 diff -u -r1.38 -r1.39 --- fc7 11 Jul 2007 00:07:58 -0000 1.38 +++ fc7 12 Jul 2007 00:52:20 -0000 1.39 @@ -62,11 +62,11 @@ CVE-2007-2867 version (seamonkey, fixed 1.0.9) CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 CVE-2007-2844 ignore (php) #241641 -*CVE-2007-2843 ignore (konqueror) safari specific +CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 *CVE-2007-2799 (file) CVE-2007-2768 ignore (openssh) needs pam OPIE which is not shipped. -*CVE-2007-2756 ignore (gd) DoS only +CVE-2007-2756 ignore (gd) DoS only *CVE-2007-2754 (freetype) CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 *CVE-2007-2683 (mutt) @@ -147,7 +147,7 @@ *CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 CVE-2007-1583 version (php, fixed 5.2.2) CVE-2007-1565 ignore (konqueror) client crash -*CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] +CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] CVE-2007-1562 (firefox, seamonkey, thunderbird) CVE-2007-1560 version (squid, fixed 2.6.STABLE12) *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 @@ -285,7 +285,7 @@ CVE-2007-0458 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0457 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0456 version (wireshark, fixed 0.99.5) #227140 -*CVE-2007-0455 VULNERABLE (gd) #224610 +CVE-2007-0455 version (gd, fixed 2.0.34) #224610 *CVE-2007-0454 (samba) *CVE-2007-0452 (samba) *CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] @@ -394,7 +394,7 @@ *CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441] *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6297 ignore (kdegraphics) just a crash -*CVE-2006-6238 (konqueror) probably safari only +CVE-2006-6238 (konqueror) probably safari only CVE-2006-6236 ignore, no-ship (acroread) *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] @@ -410,7 +410,7 @@ *CVE-2006-6120 version (koffice, fixed 1.6.1) #218030 *CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2) #219665 CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] -*CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] +CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067] *CVE-2006-6103 (xorg-x11) *CVE-2006-6102 (xorg-x11) @@ -586,7 +586,7 @@ CVE-2006-4486 version (php, fixed 5.1.6) CVE-2006-4485 version (php, fixed 5.1.5) CVE-2006-4484 version (php, fixed 5.1.5) -*CVE-2006-4484 ignore (gd) +CVE-2006-4484 ignore (gd) CVE-2006-4483 ignore (php) not linux CVE-2006-4482 version (php, fixed 5.1.5) CVE-2006-4481 ignore (php) safe mode isn't safe @@ -625,7 +625,7 @@ *CVE-2006-4192 patch (libmodplug, fixed 0.8-3) CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 *CVE-2006-4181 (gnuradius) -*CVE-2006-4146 backport (gdb) +CVE-2006-4146 backport (gdb) *CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) *CVE-2006-4124 (lesstif) @@ -770,7 +770,7 @@ *CVE-2006-2932 ignore (kernel) no 4G/4G split support *CVE-2006-2920 version (sylpheed-claws, fixed 2.2.2) *CVE-2006-2916 ignore (arts) not shipped setuid -*CVE-2006-2906 backport (gd) from changelog +CVE-2006-2906 backport (gd) from changelog CVE-2006-2894 VULNERABLE (seamonkey) #194511 CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236 CVE-2006-2842 version (squirrelmail, fixed 1.4.6) @@ -817,7 +817,7 @@ *CVE-2006-2489 version (nagios, fixed 2.3.1) *CVE-2006-2480 patch (dia, fixed 0.95-2) bz#192535 *CVE-2006-2453 patch (dia, fixed 0.95-3) #192830 -*CVE-2006-2452 version (gdm) +CVE-2006-2452 version (gdm) *CVE-2006-2451 version (kernel, fixed 2.6.17.4) *CVE-2006-2450 (vnc) *CVE-2006-2449 version (kdebase, fixed 3.5.4) @@ -1021,7 +1021,7 @@ *CVE-2006-1061 version (curl, fixed 7.15.3) *CVE-2006-1059 version (samba, fixed 3.0.22 at least) *CVE-2006-1058 version (busybox, fixed 1.2.x) -*CVE-2006-1057 version (gdm, fixed 2.14.1) +CVE-2006-1057 version (gdm, fixed 2.14.1) *CVE-2006-1056 version (kernel, fixed 2.6.16.9) *CVE-2006-1055 version (kernel, fixed 2.6.17) *CVE-2006-1053 (fedora directory server) @@ -1918,7 +1918,7 @@ *CVE-2004-1002 ignore (ppp) not a security issue *CVE-2004-0997 version (kernel, not 2.6) *CVE-2004-0996 backport (cscope) not fixed in 15.5 -*CVE-2004-0990 version (gd, fixed 2.0.33 at least) +CVE-2004-0990 version (gd, fixed 2.0.33 at least) *CVE-2004-0989 version (libxml2, fixed 2.6.15) *CVE-2004-0986 version (iptables, fixed 1.2.12) *CVE-2004-0983 version (ruby, fixed 1.8.2) @@ -1943,7 +1943,7 @@ *CVE-2004-0956 version (mysql, fixed 4.0.20) *CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6) *CVE-2004-0942 version (httpd, not 2.2) -*CVE-2004-0941 backport (gd) +CVE-2004-0941 backport (gd) *CVE-2004-0940 version (httpd, not 2.2) *CVE-2004-0938 version (freeradius, fixed 1.0.1) *CVE-2004-0930 version (samba, fixed 3.0.8) @@ -2062,7 +2062,7 @@ *CVE-2004-0547 version (postgresql, fixed 7.2.1) CVE-2004-0541 version (squid, fixed 2.5.STABLE6) *CVE-2004-0535 version (kernel, fixed 2.6.6) -*CVE-2004-0527 version (konqueror, not 3+) +CVE-2004-0527 version (konqueror, not 3+) CVE-2004-0523 version (krb5, fixed 1.3.4) *CVE-2004-0521 version (squirrelmail, fixed 1.4.3a) *CVE-2004-0520 version (squirrelmail, fixed 1.4.3a) @@ -2239,8 +2239,8 @@ *CVE-2003-0851 version (openssl, not 0.9.8) *CVE-2003-0851 version (openssl097a, not 0.9.7) *CVE-2003-0795 version (quagga, fixed 0.96.4) -*CVE-2003-0794 version (gdm, fixed 2.4.1.7) -*CVE-2003-0793 version (gdm, fixed 2.4.1.7) +CVE-2003-0794 version (gdm, fixed 2.4.1.7) +CVE-2003-0793 version (gdm, fixed 2.4.1.7) *CVE-2003-0792 version (fetchmail, 6.2.4 only) *CVE-2003-0789 version (httpd, not 2.2) CVE-2003-0788 version (cups, fixed 1.1.19) @@ -2277,9 +2277,9 @@ *CVE-2003-0552 version (kernel, not 2.6) *CVE-2003-0551 version (kernel, not 2.6) *CVE-2003-0550 version (kernel, not 2.6) -*CVE-2003-0549 version (gdm, fixed 2.4.1.6) -*CVE-2003-0548 version (gdm, fixed 2.4.1.6) -*CVE-2003-0547 version (gdm, fixed 2.4.1.6) +CVE-2003-0549 version (gdm, fixed 2.4.1.6) +CVE-2003-0548 version (gdm, fixed 2.4.1.6) +CVE-2003-0547 version (gdm, fixed 2.4.1.6) *CVE-2003-0545 version (openssl, not 0.9.8) *CVE-2003-0545 backport (openssl097a, fixed 0.9.7c) *CVE-2003-0544 version (openssl, not 0.9.8) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Thu Jul 12 06:29:04 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Jul 2007 02:29:04 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707120629.l6C6T4Gi014445@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From enrico.scholz at informatik.tu-chemnitz.de 2007-07-12 02:29 EST ------- FC7 was built some weeks ago. Dunno, in which queue it is stuck... -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 12 07:05:59 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Jul 2007 03:05:59 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707120705.l6C75xJh018410@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 enrico.scholz at informatik.tu-chemnitz.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.88.7-3 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 12 07:37:51 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Jul 2007 03:37:51 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707120737.l6C7bpOZ020923@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From bojan at rexursive.com 2007-07-12 03:37 EST ------- Did you go to https://admin.fedoraproject.org/updates/ to push it through? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 12 10:59:19 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Jul 2007 06:59:19 -0400 Subject: [Bug 241489] CVE-2007-2865: phpPgAdmin 4.1.1 XSS vulnerability In-Reply-To: Message-ID: <200707121059.l6CAxJlP012626@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2865: phpPgAdmin 4.1.1 XSS vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241489 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora devrim at commandprompt.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |4.1.2-1 ------- Additional Comments From devrim at commandprompt.com 2007-07-12 06:59 EST ------- This is already done, forgot to close the ticket. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Jul 12 11:12:19 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Thu, 12 Jul 2007 07:12:19 -0400 Subject: fedora-security/audit fc7,1.39,1.40 Message-ID: <200707121112.l6CBCJwi013461@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13430 Modified Files: fc7 Log Message: Clean up the low hanging fruit. View full diff with command: /usr/bin/cvs -f diff -kk -u -N -r 1.39 -r 1.40 fc7 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.39 retrieving revision 1.40 diff -u -r1.39 -r1.40 --- fc7 12 Jul 2007 00:52:20 -0000 1.39 +++ fc7 12 Jul 2007 11:12:17 -0000 1.40 @@ -43,7 +43,7 @@ CVE-2007-3126 ignore (gimp) just a crash CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3121 version (zvbi, fixed 0.2.25) +CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 CVE-2007-3025 ignore (clamav, Solaris only) @@ -72,7 +72,7 @@ *CVE-2007-2683 (mutt) *CVE-2007-2654 VULNERABLE (xfsdump) #240396 CVE-2007-2650 VULNERABLE (clamav, fixed in 0.90.3) #240395 -*CVE-2007-2645 ignore (libexif) #240055 DoS only +CVE-2007-2645 ignore (libexif) #240055 DoS only *CVE-2007-2637 patch (moin, fixed 1.5.7-2) *CVE-2007-2627 ** (wordpress) #239904 *CVE-2007-2589 (squirrelmail) @@ -93,11 +93,11 @@ CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398 *CVE-2007-2444 (samba) *CVE-2007-2438 VULNERABLE (vim) #238734 -*CVE-2007-2437 ignore (xorg-x11) DoS only +CVE-2007-2437 ignore (xorg-x11) DoS only *CVE-2007-2435 (java) *CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 -*CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 -*CVE-2007-2381 ignore (MochiKit) #238616 +CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 +CVE-2007-2381 ignore (MochiKit) #238616 *CVE-2007-2356 (gimp) *CVE-2007-2353 (axis) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 @@ -107,18 +107,18 @@ CVE-2007-2172 version (kernel, fixed 2.6.21-rc6) *CVE-2007-2165 VULNERABLE (proftpd) #237533 *CVE-2007-2138 (postgresql) -*CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) +CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) *CVE-2007-2028 (freeradius) *CVE-2007-2026 (file) CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) CVE-2007-1997 version (clamav, fixed in 0.90.2) *CVE-2007-1995 (quagga) #240488 -*CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 -*CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2) -*CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912 -*CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 +CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2) +CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912 +CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 CVE-2007-1864 version (php, fixed 5.2.2) *CVE-2007-1862 (httpd) *CVE-2007-1859 (xscreensaver) @@ -126,12 +126,12 @@ CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 -*CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 +CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 *CVE-2007-1743 (httpd) *CVE-2007-1742 (httpd) *CVE-2007-1741 (httpd) -*CVE-2007-1732 ignore (wordpress) #235015 +CVE-2007-1732 ignore (wordpress) #235015 CVE-2007-1718 version (php, fixed 5.2.2) CVE-2007-1717 version (php, fixed 5.2.2) CVE-2007-1711 version (php, 4.4.5 and 4.4.6 only) @@ -142,41 +142,41 @@ CVE-2007-1664 VULNERABLE (ekg) #246034 CVE-2007-1663 VULNERABLE (ekg) #246034 CVE-2007-1649 version (php, fixed 5.2.2) -*CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 -*CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 -*CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 +CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 +CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 +CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 CVE-2007-1583 version (php, fixed 5.2.2) CVE-2007-1565 ignore (konqueror) client crash CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] CVE-2007-1562 (firefox, seamonkey, thunderbird) CVE-2007-1560 version (squid, fixed 2.6.STABLE12) -*CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 +CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) -*CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1536 (file) CVE-2007-1521 ignore (php) See NVD -*CVE-2007-1515 version (imp, fixed 4.1.4) +CVE-2007-1515 version (imp, fixed 4.1.4) CVE-2007-1496 version (kernel, fixed 2.6.20.3) CVE-2007-1484 ignore (php) See NVD CVE-2007-1475 ignore (php) unshipped ibase extension -*CVE-2007-1474 version (horde, fixed 3.1.4) -*CVE-2007-1474 ignore (imp, < 4.x only) -*CVE-2007-1473 version (horde, fixed 3.1.4) +CVE-2007-1474 version (horde, fixed 3.1.4) +CVE-2007-1474 ignore (imp, < 4.x only) +CVE-2007-1473 version (horde, fixed 3.1.4) *CVE-2007-1466 (openoffice.org) -*CVE-2007-1464 version (inkscape, fixed 0.45.1) -*CVE-2007-1463 version (inkscape, fixed 0.45.1) +CVE-2007-1464 version (inkscape, fixed 0.45.1) +CVE-2007-1463 version (inkscape, fixed 0.45.1) CVE-2007-1460 version (php, fixed 5.2.2) -*CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 +CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 CVE-2007-1413 ignore (php) Windows NT SNMP specific CVE-2007-1412 ignore (php) unshipped cpdf extension CVE-2007-1411 ignore (php) unshipped mssql extension -*CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 -*CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 +CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 +CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 CVE-2007-1401 ignore (php) unshipped cracklib extension CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) *CVE-2007-1398 ignore (snort, inline mode not shipped) #232109 @@ -193,30 +193,30 @@ *CVE-2007-1354 (jboss) *CVE-2007-1352 VULNERABLE (libXfont) #235265 *CVE-2007-1351 VULNERABLE (libXfont) #235265 -*CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) +CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 *CVE-2007-1320 ** (qemu) #238723 CVE-2007-1287 ignore (php) See NVD CVE-2007-1286 version (php, PHP4 only) CVE-2007-1285 version (php, 5.2.2) -*CVE-2007-1282 version (seamonkey, fixed 1.0.8) -*CVE-2007-1277 version (wordpress, fixed 2.1.2) -*CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733 -*CVE-2007-1263 version (gpgme, fixed 1.1.4) -*CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] +CVE-2007-1282 version (seamonkey, fixed 1.0.8) +CVE-2007-1277 version (wordpress, fixed 2.1.2) +CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733 +CVE-2007-1263 version (gpgme, fixed 1.1.4) +CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] *CVE-2007-1262 (squirrelmail) *CVE-2007-1253 patch (blender, fixed 2.42a-21) #239338 *CVE-2007-1246 patch (xine-lib, fixed 1.1.4-3) -*CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 -*CVE-2007-1230 version (wordpress, fixed 2.1.2) +CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 +CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] CVE-2007-1216 version (krb5, fixed 1.6-3) #231537 *CVE-2007-1103 VULNERABLE (tor) #230927 -*CVE-2007-1092 version (seamonkey, fixed 1.0.8) -*CVE-2007-1055 version (mediawiki, fixed 1.8.3) -*CVE-2007-1054 version (mediawiki, fixed 1.8.4) -*CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991 +CVE-2007-1092 version (seamonkey, fixed 1.0.8) +CVE-2007-1055 version (mediawiki, fixed 1.8.3) +CVE-2007-1054 version (mediawiki, fixed 1.8.4) +CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991 *CVE-2007-1036 (jboss) *CVE-2007-1030 (libevent) *CVE-2007-1007 (ekiga) @@ -227,13 +227,13 @@ CVE-2007-1001 version (php, fixed 5.2.2) CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335] *CVE-2007-0999 (ekiga) -*CVE-2007-0998 version (qemu, fixed 0.8.2) +CVE-2007-0998 version (qemu, fixed 0.8.2) *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] -*CVE-2007-0996 version (seamonkey, fixed 1.0.8) -*CVE-2007-0995 version (seamonkey, fixed 1.0.8) +CVE-2007-0996 version (seamonkey, fixed 1.0.8) +CVE-2007-0995 version (seamonkey, fixed 1.0.8) CVE-2007-0988 version (php, fixed 5.2.1) CVE-2007-0981 VULNERABLE (firefox, ...) -*CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 +CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 [...3251 lines suppressed...] -*CVE-2002-0839 version (httpd, not 2.2) -*CVE-2002-0838 version (kdegraphics, fixed 3.0.4) -*CVE-2002-0838 version (ggv, fixed 20030119, 2.8.0 at least) -*CVE-2002-0837 version (wordtrans, fixed 1.1pre13 at least) -*CVE-2002-0836 version (tetex, fixed 2.0.2 at least) +CVE-2002-0972 version (postgresql, fixed 7.2.2) +CVE-2002-0970 version (kdenetwork, fixed 3.0.3) +CVE-2002-0935 version (tomcat, fixed 4.1.3) +CVE-2002-0906 version (sendmail, fxied 8.12.5) +CVE-2002-0871 version (xinetd, fixed 2.3.7) +CVE-2002-0855 version (mailman, fixed 2.0.12) +CVE-2002-0843 version (httpd, not 2.2) +CVE-2002-0840 version (httpd, not 2.2) +CVE-2002-0839 version (httpd, not 2.2) +CVE-2002-0838 version (kdegraphics, fixed 3.0.4) +CVE-2002-0838 version (ggv, fixed 20030119, 2.8.0 at least) +CVE-2002-0837 version (wordtrans, fixed 1.1pre13 at least) +CVE-2002-0836 version (tetex, fixed 2.0.2 at least) CVE-2002-0834 version (wireshark, fixed after 0.9.5) -*CVE-2002-0825 version (nss_ldap, fixed nss_ldap-198) +CVE-2002-0825 version (nss_ldap, fixed nss_ldap-198) CVE-2002-0822 version (wireshark, fixed 0.9.5) CVE-2002-0821 version (wireshark, fixed 0.9.5) -*CVE-2002-0819 version (arts, fixed cvs 20020707) -*CVE-2002-0802 version (postgresql, fixed 7.2) -*CVE-2002-0761 version (bzip2, fixed 1.0.2) -*CVE-2002-0760 version (bzip2, fixed 1.0.2) -*CVE-2002-0759 version (bzip2, fixed 1.0.2) -*CVE-2002-0728 version (libpng, fixed 1.2.4) +CVE-2002-0819 version (arts, fixed cvs 20020707) +CVE-2002-0802 version (postgresql, fixed 7.2) +CVE-2002-0761 version (bzip2, fixed 1.0.2) +CVE-2002-0760 version (bzip2, fixed 1.0.2) +CVE-2002-0759 version (bzip2, fixed 1.0.2) +CVE-2002-0728 version (libpng, fixed 1.2.4) CVE-2002-0717 version (php, fixed 4.2.2) CVE-2002-0715 version (squid, fixed 2.4.STABLE6) CVE-2002-0714 version (squid, fixed 2.4.STABLE6) CVE-2002-0713 version (squid, fixed 2.4.STABLE6) -*CVE-2002-0704 version (kernel, fixed 2.6.11) -*CVE-2002-0702 version (dhcpd, fixed 3.0.1) -*CVE-2002-0684 version (glibc, fixed afted 2.2.5) -*CVE-2002-0682 version (tomcat, fixed 4.1.3) -*CVE-2002-0662 version (scrollkeeper, fixed after 0.3.11) -*CVE-2002-0660 version (libpng, fixed 1.0.14) -*CVE-2002-0659 version (openssl, not 0.9.8) -*CVE-2002-0659 version (openssl097a, not 0.9.7) -*CVE-2002-0657 version (openssl, not 0.9.8) -*CVE-2002-0657 version (openssl097a, not 0.9.7) -*CVE-2002-0656 version (openssl, not 0.9.8) -*CVE-2002-0656 version (openssl097a, not 0.9.7) -*CVE-2002-0655 version (openssl, not 0.9.8) -*CVE-2002-0655 version (openssl097a, not 0.9.7) -*CVE-2002-0653 version (mod_ssl, not httpd 2.2) +CVE-2002-0704 version (kernel, fixed 2.6.11) +CVE-2002-0702 version (dhcpd, fixed 3.0.1) +CVE-2002-0684 version (glibc, fixed afted 2.2.5) +CVE-2002-0682 version (tomcat, fixed 4.1.3) +CVE-2002-0662 version (scrollkeeper, fixed after 0.3.11) +CVE-2002-0660 version (libpng, fixed 1.0.14) +CVE-2002-0659 version (openssl, not 0.9.8) +CVE-2002-0659 version (openssl097a, not 0.9.7) +CVE-2002-0657 version (openssl, not 0.9.8) +CVE-2002-0657 version (openssl097a, not 0.9.7) +CVE-2002-0656 version (openssl, not 0.9.8) +CVE-2002-0656 version (openssl097a, not 0.9.7) +CVE-2002-0655 version (openssl, not 0.9.8) +CVE-2002-0655 version (openssl097a, not 0.9.7) +CVE-2002-0653 version (mod_ssl, not httpd 2.2) CVE-2002-0651 version (bind, not 9) CVE-2002-0640 version (openssh, fixed after 3.3) CVE-2002-0639 version (openssh, fixed after 3.3) -*CVE-2002-0638 version (util-linux, fixed 2.13 at least) +CVE-2002-0638 version (util-linux, fixed 2.13 at least) CVE-2002-0575 version (openssh, fixed 3.2.1) -*CVE-2002-0570 ignore (kernel) not a vulnerability -*CVE-2002-0517 version (XFree86) didn't affect Linux -*CVE-2002-0516 version (squirrelmail, fixed 1.2.6) -*CVE-2002-0510 ignore (kernel) see cve -*CVE-2002-0506 version (newt, not 0.5.22 at least) -*CVE-2002-0499 version (kernel, not 2.6) +CVE-2002-0570 ignore (kernel) not a vulnerability +CVE-2002-0517 version (XFree86) didn't affect Linux +CVE-2002-0516 version (squirrelmail, fixed 1.2.6) +CVE-2002-0510 ignore (kernel) see cve +CVE-2002-0506 version (newt, not 0.5.22 at least) +CVE-2002-0499 version (kernel, not 2.6) *CVE-2002-0497 backport (mtr) mtr-0.69-CVE-2002-0497.patch -*CVE-2002-0493 version (tomcat, fixed 4.1.12) -*CVE-2002-0435 version (fileutils, fixed 4.1.7) -*CVE-2002-0429 version (kernel, not 2.6) +CVE-2002-0493 version (tomcat, fixed 4.1.12) +CVE-2002-0435 version (fileutils, fixed 4.1.7) +CVE-2002-0429 version (kernel, not 2.6) CVE-2002-0404 version (wireshark, fixed 0.9.3) CVE-2002-0403 version (wireshark, fixed 0.9.3) CVE-2002-0402 version (wireshark, fixed 0.9.3) CVE-2002-0401 version (wireshark, fixed 0.9.3) CVE-2002-0400 version (bind, fixed 9.2.1) -*CVE-2002-0399 version (tar, fixed 1.13.26) -*CVE-2002-0392 version (httpd, not 2.2) +CVE-2002-0399 version (tar, fixed 1.13.26) +CVE-2002-0392 version (httpd, not 2.2) CVE-2002-0391 version (krb5, fixed after 1.2.5) -*CVE-2002-0391 version (glibc, fixed after 2.2.5) -*CVE-2002-0389 ignore (mailman) upstream say not a vulnerability -*CVE-2002-0388 version (mailman, fixed 2.0.11) +CVE-2002-0391 version (glibc, fixed after 2.2.5) +CVE-2002-0389 ignore (mailman) upstream say not a vulnerability +CVE-2002-0388 version (mailman, fixed 2.0.11) CVE-2002-0384 version (gaim, fixed gaim:0.58) CVE-2002-0382 version (xchat, fixed 1.9.1) -*CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) -*CVE-2002-0379 version (imap, vuln code removed imap-2002) +CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) +CVE-2002-0379 version (imap, vuln code removed imap-2002) CVE-2002-0377 version (gaim, fixed gaim:0.58) -*CVE-2002-0374 version (pam_ldap, fixed 144) -*CVE-2002-0363 version (ghostscript, fixed 6.53) +CVE-2002-0374 version (pam_ldap, fixed 144) +CVE-2002-0363 version (ghostscript, fixed 6.53) CVE-2002-0353 version (wireshark, fixed 0.9.3) -*CVE-2002-0342 version (kde, not 2.2+) -*CVE-2002-0318 version (freeradius, fixed 0.7) +CVE-2002-0342 version (kde, not 2.2+) +CVE-2002-0318 version (freeradius, fixed 0.7) CVE-2002-0253 ignore (php) not a vulnerability CVE-2002-0240 ignore (php) windows only -*CVE-2002-0232 version (mrtg, not 2.11.1 at least) +CVE-2002-0232 version (mrtg, not 2.11.1 at least) CVE-2002-0229 ignore (php) safe mode isn't safe -*CVE-2002-0185 version (mod_python, fixed 2.7.7) +CVE-2002-0185 version (mod_python, fixed 2.7.7) CVE-2002-0184 version (sudo, fixed 1.6.6) -*CVE-2002-0180 version (webalizer, fixed 2.01-10) -*CVE-2002-0169 ignore (docbook) was RHL only -*CVE-2002-0165 version (logwatch, fixed 2.6) -*CVE-2002-0164 version (XFree86, fixed 4.2.1) +CVE-2002-0180 version (webalizer, fixed 2.01-10) +CVE-2002-0169 ignore (docbook) was RHL only +CVE-2002-0165 version (logwatch, fixed 2.6) +CVE-2002-0164 version (XFree86, fixed 4.2.1) CVE-2002-0163 version (squid, fixed 2.4.STABLE6) -*CVE-2002-0162 version (logwatch, fixed 2.5) -*CVE-2002-0157 version (nautilus) -*CVE-2002-0146 version (fetchmail, fixed 5.9.10) -*CVE-2002-0130 ignore (efax) not setuid root -*CVE-2002-0129 ignore (efax) not setuid root +CVE-2002-0162 version (logwatch, fixed 2.5) +CVE-2002-0157 version (nautilus) +CVE-2002-0146 version (fetchmail, fixed 5.9.10) +CVE-2002-0130 ignore (efax) not setuid root +CVE-2002-0129 ignore (efax) not setuid root CVE-2002-0121 version (php, fixed after 4.1.1) -*CVE-2002-0092 version (cve, fixed 1.10.8) +CVE-2002-0092 version (cve, fixed 1.10.8) CVE-2002-0083 version (openssh, fixed 3.1) -*CVE-2002-0082 version (mod_ssl, not httpd 2.2) +CVE-2002-0082 version (mod_ssl, not httpd 2.2) CVE-2002-0081 version (php, not 4.2+) CVE-2002-0080 version (rsync, fixed 2.5.3) CVE-2002-0069 version (squid, fixed 2.4STABLE4) CVE-2002-0068 version (squid, fixed 2.4STABLE4) CVE-2002-0067 version (squid, fixed 2.4STABLE4) -CVE-2002-0063 version (cups, fixed 1.1.14) -*CVE-2002-0062 version (ncurses, only 5.0) -*CVE-2002-0060 version (kernel, fixed 2.5.5) +VE-2002-0063 version (cups, fixed 1.1.14) +CVE-2002-0062 version (ncurses, only 5.0) +CVE-2002-0060 version (kernel, fixed 2.5.5) *CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc) CVE-2002-0059 version (rsync, fixed 2.5.4/2.6.6) -*CVE-2002-0059 version (zlib, fixed 1.1.4) +CVE-2002-0059 version (zlib, fixed 1.1.4) CVE-2002-0048 version (rsync, fixed 2.5.2) -*CVE-2002-0046 version (kernel, fixed 2.4.0) -*CVE-2002-0045 version (openldap, fixed 2.0.20) -*CVE-2002-0044 version (enscript, fixed 1.6.4 at least) +CVE-2002-0046 version (kernel, fixed 2.4.0) +CVE-2002-0045 version (openldap, fixed 2.0.20) +CVE-2002-0044 version (enscript, fixed 1.6.4 at least) CVE-2002-0043 version (sudo, fixed 1.6.4) CVE-2002-0036 version (krb5, fixed 1.2.5) CVE-2002-0029 version (bind, not 9) @@ -2649,11 +2649,11 @@ CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-11-lexer-parser.diff CVE-2002-0003 version (groff, fixed 1.17.2) -*CVE-2002-0002 version (stunnel, fixed 3.22) -*CVE-2002-0001 version (mutt, fixed 1.3.25) -*CVE-2001-1494 version (util-linux, fixed 2.11n) +CVE-2002-0002 version (stunnel, fixed 3.22) +CVE-2002-0001 version (mutt, fixed 1.3.25) +CVE-2001-1494 version (util-linux, fixed 2.11n) *CVE-2001-1429 (mc) -*CVE-2001-0955 version (XFree86, fixed 4.2.0) +CVE-2001-0955 version (XFree86, fixed 4.2.0) CVE-2001-0935 ignore, no-ship (wu-ftpd) CVE-2001-0474 version (mesa, fixed 3.3-14) CVE-2001-0310 ignore (sort) mkstemp is now being used -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Thu Jul 12 13:35:19 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Jul 2007 09:35:19 -0400 Subject: [Bug 246322] CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow In-Reply-To: Message-ID: <200707121335.l6CDZJRt028003@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow Alias: CVE-2007-3507 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322 foolish at guezz.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 12 13:36:34 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Jul 2007 09:36:34 -0400 Subject: [Bug 246322] CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow In-Reply-To: Message-ID: <200707121336.l6CDaYus028268@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow Alias: CVE-2007-3507 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322 ------- Additional Comments From foolish at guezz.net 2007-07-12 09:36 EST ------- Updated flac123 to 0.0.11, submitted update for updates-testing for F-7. Will go into updates shortly if there's no trouble. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Jul 12 14:09:46 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Thu, 12 Jul 2007 10:09:46 -0400 Subject: fedora-security/audit fc6,1.221,1.222 fc7,1.40,1.41 Message-ID: <200707121409.l6CE9kYJ019404@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19334 Modified Files: fc6 fc7 Log Message: centericq Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.221 retrieving revision 1.222 diff -u -r1.221 -r1.222 --- fc6 10 Jul 2007 23:54:03 -0000 1.221 +++ fc6 12 Jul 2007 14:09:44 -0000 1.222 @@ -4,6 +4,7 @@ ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243892 +CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] CVE-2007-3378 ignore (php) safe mode escape Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.40 retrieving revision 1.41 diff -u -r1.40 -r1.41 --- fc7 12 Jul 2007 11:12:17 -0000 1.40 +++ fc7 12 Jul 2007 14:09:44 -0000 1.41 @@ -5,6 +5,7 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) CVE-2007-3555 VULNERABLE (moodle) #247528 CVE-2007-3546 ignore (nessus-core) Windows only -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Thu Jul 12 19:11:16 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Jul 2007 15:11:16 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707121911.l6CJBGm6003205@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS Alias: CVE-2007-2650 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Version|fc6 |f7 Status|CLOSED |ASSIGNED Keywords| |Reopened Resolution|CURRENTRELEASE | Alias| |CVE-2007-2650 ------- Additional Comments From ville.skytta at iki.fi 2007-07-12 15:11 EST ------- Reopening and adjusting release as there's no update for F7 yet. Searching for clamav in bodhi (URL in comment 8) produces no hits. If you're not up to date with how to push updates for F7+, see http://fedoraproject.org/wiki/PackageMaintainers/UpdatingPackageHowTo -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Jul 12 19:17:08 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Thu, 12 Jul 2007 15:17:08 -0400 Subject: fedora-security/audit fc7, 1.41, 1.42 fe5, 1.211, 1.212 fe6, 1.126, 1.127 Message-ID: <200707121917.l6CJH8Du029469@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29446 Modified Files: fc7 fe5 fe6 Log Message: Note phpPgAdmin and clamav fixes. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.41 retrieving revision 1.42 diff -u -r1.41 -r1.42 --- fc7 12 Jul 2007 14:09:44 -0000 1.41 +++ fc7 12 Jul 2007 19:17:05 -0000 1.42 @@ -61,7 +61,7 @@ CVE-2007-2869 (firefox) CVE-2007-2868 version (seamonkey, fixed 1.0.9) CVE-2007-2867 version (seamonkey, fixed 1.0.9) -CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 +CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 CVE-2007-2844 ignore (php) #241641 CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.211 retrieving revision 1.212 diff -u -r1.211 -r1.212 --- fe5 2 Jul 2007 19:25:50 -0000 1.211 +++ fe5 12 Jul 2007 19:17:05 -0000 1.212 @@ -24,7 +24,7 @@ CVE-2007-3024 ** (clamav, fixed 0.90.3) #245219 CVE-2007-3023 ** (clamav, fixed 0.90.3) #245219 CVE-2007-2894 VULNERABLE (bochs) #241799 -CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 +CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 CVE-2007-2654 VULNERABLE (xfsdump) #240396 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.126 retrieving revision 1.127 diff -u -r1.126 -r1.127 --- fe6 9 Jul 2007 19:12:51 -0000 1.126 +++ fe6 12 Jul 2007 19:17:05 -0000 1.127 @@ -31,11 +31,11 @@ CVE-2007-2870 version (seamonkey, fixed 1.0.9) CVE-2007-2868 version (seamonkey, fixed 1.0.9) CVE-2007-2867 version (seamonkey, fixed 1.0.9) -CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 +CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 CVE-2007-2654 VULNERABLE (xfsdump) #240396 -CVE-2007-2650 ** (clamav) #240395 +CVE-2007-2650 patch (clamav, fixed 0.88.7-3) #240395 CVE-2007-2637 patch (moin, fixed 1.5.7-2) CVE-2007-2627 ** (wordpress) #239904 CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Thu Jul 12 19:40:21 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Jul 2007 15:40:21 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707121940.l6CJeL34006186@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS Alias: CVE-2007-2650 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From enrico.scholz at informatik.tu-chemnitz.de 2007-07-12 15:40 EST ------- at comment #9: exactly... I do not have a clue how to use bodi; the "My updates" and to other lists are all empty and do not show http://koji.fedoraproject.org/koji/buildinfo?buildID=9624 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From pierre.monlong at cnes.fr Thu Jul 12 19:48:45 2007 From: pierre.monlong at cnes.fr (Monlong Pierre) Date: Thu, 12 Jul 2007 21:48:45 +0200 Subject: Maintenance and support policy Message-ID: Hi all, Where i can find these informations about fedora : -Duration of support and maintenance for a particular release. With eventually distinction between security support, fonctionnal bugs support ,.... I note that the releases of FC are spaced of about 6 to 7 months. Is it a coincidence or a rule ? Thank you for your help. == Pierre Monlong - Antiope/IF/IE Tel : +594 (0)5 94 33 47 53 / Fax : +594 (0)5 94 33 42 59 pierre.monlong at cnes.fr == -------------- next part -------------- An HTML attachment was scrubbed... URL: From rstaaf at bellsouth.net Thu Jul 12 20:39:38 2007 From: rstaaf at bellsouth.net (rstaaf at bellsouth.net) Date: Thu, 12 Jul 2007 16:39:38 -0400 Subject: Maintenance and support policy Message-ID: <20070712203938.MZVK22154.ibm70aec.bellsouth.net@mail.bellsouth.net> > From: "Monlong Pierre" > Date: 2007/07/12 Thu PM 03:48:45 EDT > To: > Subject: Maintenance and support policy > > Hi all, > Where i can find these informations about fedora : > -Duration of support and maintenance for a particular release. > With eventually distinction between security support, fonctionnal bugs > support ,.... > I note that the releases of FC are spaced of about 6 to 7 months. Is it > a coincidence or a rule ? > Thank you for your help. > http://fedoraproject.org/wiki/LifeCycle -------------- next part -------------- -- Fedora-security-list mailing list Fedora-security-list at redhat.com https://www.redhat.com/mailman/listinfo/fedora-security-list -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: replyAll URL: From bugzilla at redhat.com Thu Jul 12 22:24:10 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Jul 2007 18:24:10 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707122224.l6CMOAPk023674@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS Alias: CVE-2007-2650 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From bojan at rexursive.com 2007-07-12 18:24 EST ------- When I go to New Updates and type in clamav, I get a list of packages, including clamav-0.90.3-1.fc7. Have you tried that? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 12 23:38:04 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Jul 2007 19:38:04 -0400 Subject: [Bug 246322] CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow In-Reply-To: Message-ID: <200707122338.l6CNc4Yv029673@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow Alias: CVE-2007-3507 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322 ------- Additional Comments From updates at fedoraproject.org 2007-07-12 19:38 EST ------- flac123-0.0.11-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 12 23:38:07 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 12 Jul 2007 19:38:07 -0400 Subject: [Bug 246322] CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow In-Reply-To: Message-ID: <200707122338.l6CNc7mE029699@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3507 flac123 0.0.9 vorbis comment parsing buffer overflow Alias: CVE-2007-3507 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |0.0.11-1.fc7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Sat Jul 14 09:07:03 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Sat, 14 Jul 2007 05:07:03 -0400 Subject: fedora-security/audit fc7,1.42,1.43 fe6,1.127,1.128 Message-ID: <200707140907.l6E973Eq004401@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4381 Modified Files: fc7 fe6 Log Message: flac123 fixed Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- fc7 12 Jul 2007 19:17:05 -0000 1.42 +++ fc7 14 Jul 2007 09:07:01 -0000 1.43 @@ -14,7 +14,7 @@ CVE-2007-3543 ** (wordpress) #245211 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033] -CVE-2007-3507 VULNERABLE (flac123, fixed 0.0.10) #246322 +CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 CVE-2007-3478 ** (gd) CVE-2007-3477 ** (gd) CVE-2007-3476 ** (gd) Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.127 retrieving revision 1.128 diff -u -r1.127 -r1.128 --- fe6 12 Jul 2007 19:17:05 -0000 1.127 +++ fe6 14 Jul 2007 09:07:01 -0000 1.128 @@ -8,7 +8,7 @@ CVE-2007-3544 ** (wordpress) #245211 CVE-2007-3543 ** (wordpress) #245211 CVE-2007-3528 VULNERABLE (dar, fixed 2.3.4) #246760 -CVE-2007-3507 VULNERABLE (flac123, fixed 0.0.10) #246322 +CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 CVE-2007-3241 ** (wordpress) #245211 CVE-2007-3240 ** (wordpress) #245211 CVE-2007-3239 ** (wordpress) #245211 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Mon Jul 16 21:35:13 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Jul 2007 17:35:13 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707162135.l6GLZDDL010273@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS Alias: CVE-2007-2650 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From bojan at rexursive.com 2007-07-16 17:35 EST ------- Ping... -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Tue Jul 17 10:15:48 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Tue, 17 Jul 2007 06:15:48 -0400 Subject: fedora-security/audit fc6,1.222,1.223 fc7,1.43,1.44 Message-ID: <200707171015.l6HAFmDl013674@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13567 Modified Files: fc6 fc7 Log Message: Today's new stuff. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.222 retrieving revision 1.223 diff -u -r1.222 -r1.223 --- fc6 12 Jul 2007 14:09:44 -0000 1.222 +++ fc6 17 Jul 2007 10:15:46 -0000 1.223 @@ -4,6 +4,10 @@ ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243892 +CVE-2007-3820 ** (kdebase) +CVE-2007-3799 ** (php) +CVE-2007-3782 ** (mysql) +CVE-2007-3781 ** (mysql) CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- fc7 14 Jul 2007 09:07:01 -0000 1.43 +++ fc7 17 Jul 2007 10:15:46 -0000 1.44 @@ -5,6 +5,12 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3820 ** (kdebase) +CVE-2007-3799 ** (php) +CVE-2007-3781 ** (mysql) +CVE-2007-3782 ** (mysql) +CVE-2007-3770 ** (xfce-utils) +CVE-2007-3725 ** (clamav) CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) CVE-2007-3555 VULNERABLE (moodle) #247528 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Jul 18 14:15:43 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Wed, 18 Jul 2007 10:15:43 -0400 Subject: fedora-security/audit fc6,1.223,1.224 fc7,1.44,1.45 Message-ID: <200707181415.l6IEFhHn001005@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv703 Modified Files: fc6 fc7 Log Message: pidgin Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.223 retrieving revision 1.224 diff -u -r1.223 -r1.224 --- fc6 17 Jul 2007 10:15:46 -0000 1.223 +++ fc6 18 Jul 2007 14:15:40 -0000 1.224 @@ -4,7 +4,8 @@ ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243892 -CVE-2007-3820 ** (kdebase) +CVE-2007-3841 WTF (pidgin) +CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) CVE-2007-3782 ** (mysql) CVE-2007-3781 ** (mysql) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- fc7 17 Jul 2007 10:15:46 -0000 1.44 +++ fc7 18 Jul 2007 14:15:40 -0000 1.45 @@ -5,7 +5,8 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 -CVE-2007-3820 ** (kdebase) +CVE-2007-3841 WTF (pidgin) +CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) CVE-2007-3781 ** (mysql) CVE-2007-3782 ** (mysql) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Wed Jul 18 17:28:32 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Jul 2007 13:28:32 -0400 Subject: [Bug 194511] CVE-2006-2894 arbitrary file read vulnerability In-Reply-To: Message-ID: <200707181728.l6IHSWeU030928@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2894 arbitrary file read vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194511 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |medium Priority|normal |medium Product|Fedora Extras |Fedora mcepl at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |mcepl at redhat.com ------- Additional Comments From mcepl at redhat.com 2007-07-18 13:28 EST ------- Fedora Core 5 is no longer supported, could you please reproduce this with the updated version of the currently supported distribution (Fedora Core 6, or Fedora 7, or Rawhide)? If this issue turns out to still be reproducible, please let us know in this bug report. If after a month's time we have not heard back from you, we will have to close this bug as CANTFIX. Setting status to NEEDINFO, and awaiting information from the reporter. Thanks in advance. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Jul 18 17:37:11 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Jul 2007 13:37:11 -0400 Subject: [Bug 241799] CVE-2007-2894: bochs guest OS local user DoS In-Reply-To: Message-ID: <200707181737.l6IHbBk8002526@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2894: bochs guest OS local user DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora ------- Additional Comments From j.w.r.degoede at hhs.nl 2007-07-18 13:37 EST ------- Since upstream isn't making any progress with regards to this, I've investigated this a bit further. This CVS stems from someone doing virtual machine / pc research and the original report mentions not one but 2 vulnerabilities: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2894 2893 is a reproducible, most likely exploitable, buffer overflow in the ne2000 driver. For which a fix is in CVS, I will issue a fixed package for this shortly 2894 is a report of a divide by zero error in the floppy, which the researcher managed to trigger once by feeding random bytes to the emulated floppy controller. This is not reproducable, and upstream has audited the code and can not find any divide by zero conditions, so I'm assuming this issue is moot. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Jul 18 21:26:37 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Jul 2007 17:26:37 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707182126.l6ILQbAH032400@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS Alias: CVE-2007-2650 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From bojan at rexursive.com 2007-07-18 17:26 EST ------- Just requested that this new package be pushed to stable updates of F7. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 19 16:45:19 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jul 2007 12:45:19 -0400 Subject: [Bug 241799] CVE-2007-2894: bochs guest OS local user DoS In-Reply-To: Message-ID: <200707191645.l6JGjJof007615@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2894: bochs guest OS local user DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799 ------- Additional Comments From updates at fedoraproject.org 2007-07-19 12:45 EST ------- bochs-2.3-5.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 19 16:45:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jul 2007 12:45:23 -0400 Subject: [Bug 241799] CVE-2007-2894: bochs guest OS local user DoS In-Reply-To: Message-ID: <200707191645.l6JGjNow007641@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2894: bochs guest OS local user DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |2.3-5.fc7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 19 16:45:34 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jul 2007 12:45:34 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707191645.l6JGjYS4007715@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS Alias: CVE-2007-2650 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From updates at fedoraproject.org 2007-07-19 12:45 EST ------- clamav-0.90.3-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 19 16:45:37 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jul 2007 12:45:37 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707191645.l6JGjbVK007758@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS Alias: CVE-2007-2650 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version|0.88.7-3 |0.90.3-1.fc7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 19 18:01:26 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jul 2007 14:01:26 -0400 Subject: [Bug 245219] clamav < 0.90.3 multiple vulnerabilities In-Reply-To: Message-ID: <200707191801.l6JI1QTS017149@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: clamav < 0.90.3 multiple vulnerabilities Alias: CVE-2007-3123 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245219 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2007-3123 ------- Additional Comments From ville.skytta at iki.fi 2007-07-19 14:01 EST ------- One more that I didn't find in Bugzilla and apparently affects 0.90.x series earlier than 0.90.3: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2029 "File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 19 18:03:29 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 19 Jul 2007 14:03:29 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200707191803.l6JI3TOx017719@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS Alias: CVE-2007-2650 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From ville.skytta at iki.fi 2007-07-19 14:03 EST ------- Thanks, Bojan. Could someone familiar with clamav also check whether this update fixes the bunch of issues in bug 245219 as well? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Jul 19 18:04:24 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Thu, 19 Jul 2007 14:04:24 -0400 Subject: fedora-security/audit fc7,1.45,1.46 fe6,1.128,1.129 Message-ID: <200707191804.l6JI4OsT000353@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv333 Modified Files: fc7 fe6 Log Message: libsilc, clamav, bochs Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- fc7 18 Jul 2007 14:15:40 -0000 1.45 +++ fc7 19 Jul 2007 18:04:22 -0000 1.46 @@ -11,6 +11,7 @@ CVE-2007-3781 ** (mysql) CVE-2007-3782 ** (mysql) CVE-2007-3770 ** (xfce-utils) +CVE-2007-3728 ignore (libsilc, 1.1.1 only) CVE-2007-3725 ** (clamav) CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) @@ -60,6 +61,8 @@ CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 +CVE-2007-2894 ignore (bochs, unreproducible) #241799 +CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] *CVE-2007-2874 (wpa_supplicant) #242455 CVE-2007-2873 version (spamassassin, fixed 3.2.1) @@ -79,7 +82,7 @@ CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 *CVE-2007-2683 (mutt) *CVE-2007-2654 VULNERABLE (xfsdump) #240396 -CVE-2007-2650 VULNERABLE (clamav, fixed in 0.90.3) #240395 +CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 CVE-2007-2645 ignore (libexif) #240055 DoS only *CVE-2007-2637 patch (moin, fixed 1.5.7-2) *CVE-2007-2627 ** (wordpress) #239904 @@ -116,7 +119,7 @@ *CVE-2007-2165 VULNERABLE (proftpd) #237533 *CVE-2007-2138 (postgresql) CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) -CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) +CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-2028 (freeradius) *CVE-2007-2026 (file) CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.128 retrieving revision 1.129 diff -u -r1.128 -r1.129 --- fe6 14 Jul 2007 09:07:01 -0000 1.128 +++ fe6 19 Jul 2007 18:04:22 -0000 1.129 @@ -26,7 +26,8 @@ CVE-2007-3025 ignore (clamav, Solaris only) CVE-2007-3024 ** (clamav, fixed 0.90.3) #245219 CVE-2007-3023 ** (clamav, fixed 0.90.3) #245219 -CVE-2007-2894 VULNERABLE (bochs) #241799 +CVE-2007-2894 ignore (bochs, unreproducible) #241799 +CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799 CVE-2007-2871 version (seamonkey, fixed 1.0.9) CVE-2007-2870 version (seamonkey, fixed 1.0.9) CVE-2007-2868 version (seamonkey, fixed 1.0.9) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Fri Jul 20 18:13:05 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 20 Jul 2007 14:13:05 -0400 Subject: [Bug 244502] CVE-2007-3165: tor < 0.1.2.14 information disclosure In-Reply-To: Message-ID: <200707201813.l6KID5Ag001813@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3165: tor < 0.1.2.14 information disclosure https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244502 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora ------- Additional Comments From opensource at till.name 2007-07-20 14:13 EST ------- It is already built: http://koji.fedoraproject.org/koji/buildinfo?buildID=7651 But I cannot find it in bodhi. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Jul 20 18:13:47 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 20 Jul 2007 14:13:47 -0400 Subject: [Bug 244502] CVE-2007-3165: tor < 0.1.2.14 information disclosure In-Reply-To: Message-ID: <200707201813.l6KIDlBE002018@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3165: tor < 0.1.2.14 information disclosure https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244502 opensource at till.name changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |opensource at till.name -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Jul 21 19:21:02 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 21 Jul 2007 15:21:02 -0400 Subject: [Bug 249162] New: lighttpd 1.4.15 multiple vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249162 Summary: lighttpd 1.4.15 multiple vulnerabilities Product: Fedora Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: lighttpd AssignedTo: matthias at rpmforge.net ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://www.vuxml.org/freebsd/fc9c217e-3791-11dc-bb1a-000fea449b8a.html "Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service)." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Sat Jul 21 19:27:16 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Sat, 21 Jul 2007 15:27:16 -0400 Subject: fedora-security/audit fc6, 1.224, 1.225 fc7, 1.46, 1.47 fe6, 1.129, 1.130 Message-ID: <200707211927.l6LJRG9g018546@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18524 Modified Files: fc6 fc7 fe6 Log Message: lighttpd, perl-Net-DNS Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.224 retrieving revision 1.225 diff -u -r1.224 -r1.225 --- fc6 18 Jul 2007 14:15:40 -0000 1.224 +++ fc6 21 Jul 2007 19:27:14 -0000 1.225 @@ -12,7 +12,9 @@ CVE-2007-3713 VULNERABLE (centericq) #247979 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] +CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809 CVE-2007-3378 ignore (php) safe mode escape +CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 CVE-2007-3126 ignore (gimp) just a crash *CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5?) [since ?] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.46 retrieving revision 1.47 diff -u -r1.46 -r1.47 --- fc7 19 Jul 2007 18:04:22 -0000 1.46 +++ fc7 21 Jul 2007 19:27:14 -0000 1.47 @@ -4,6 +4,7 @@ *CVE are items that need verification for Fedora 7 +CVE-NOID VULNERABLE (lighttpd) #249162 CVE-2007-4168 VULNERABLE (libexif) #243890 CVE-2007-3841 WTF (pidgin) CVE-2007-3820 ** (kdebase) #248537 @@ -31,12 +32,14 @@ CVE-2007-3473 ** (gd) CVE-2007-3472 ** (gd) CVE-2007-3410 VULNERABLE (HelixPlayer) #245838 +CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807 CVE-2007-3393 VULNERABLE (wireshark) CVE-2007-3392 VULNERABLE (wireshark) CVE-2007-3391 VULNERABLE (wireshark) CVE-2007-3390 VULNERABLE (wireshark) CVE-2007-3389 VULNERABLE (wireshark) CVE-2007-3378 ignore (php) safe mode escape +CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 CVE-2007-3241 ** (wordpress) #245211 CVE-2007-3240 ** (wordpress) #245211 CVE-2007-3239 ** (wordpress) #245211 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.129 retrieving revision 1.130 diff -u -r1.129 -r1.130 --- fe6 19 Jul 2007 18:04:22 -0000 1.129 +++ fe6 21 Jul 2007 19:27:14 -0000 1.130 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-NOID VULNERABLE (lighttpd) #249162 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) CVE-2007-3555 VULNERABLE (moodle) #247528 CVE-2007-3546 ignore (nessus-core) Windows only -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Jul 23 19:24:09 2007 From: fedora-extras-commits at redhat.com (Christoph Trassl (trassl)) Date: Mon, 23 Jul 2007 15:24:09 -0400 Subject: fedora-security/audit fc7,1.47,1.48 Message-ID: <200707231924.l6NJO9it027052@cvs-int.fedora.redhat.com> Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27007 Modified Files: fc7 Log Message: Renamed gaim to pidgin. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.47 retrieving revision 1.48 diff -u -r1.47 -r1.48 --- fc7 21 Jul 2007 19:27:14 -0000 1.47 +++ fc7 23 Jul 2007 19:24:06 -0000 1.48 @@ -1423,7 +1423,7 @@ CVE-2005-2410 version (NetworkManager, fixed 5.0) CVE-2005-2395 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=281851 CVE-2005-2370 version (kdenetwork, fixed 3.4.2) -CVE-2005-2370 version (gaim, fixed gaim:1.5.0) +CVE-2005-2370 version (pidgin, fixed pidgin:1.5.0) CVE-2005-2369 version (kdenetwork, fixed 3.4.2) CVE-2005-2368 version (vim, fixed 6.3.086 at least) CVE-2005-2367 version (wireshark, fixed 0.10.12) @@ -1457,8 +1457,8 @@ CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) CVE-2005-2114 version (firefox, fixed 1.0.5) CVE-2005-2104 version (sysreport, fixed 1.4.1-5) -CVE-2005-2103 version (gaim, fixed gaim:1.5.0) -CVE-2005-2102 version (gaim, fixed gaim:1.5.0) +CVE-2005-2103 version (pidgin, fixed pidgin:1.5.0) +CVE-2005-2102 version (pidgin, fixed pidgin:1.5.0) CVE-2005-2101 version (kdeedu, fixed after 3.4.2) CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4 CVE-2005-2099 version (kernel, fixed 2.6.12.5) @@ -1475,7 +1475,7 @@ CVE-2005-1993 version (sudo, fixed 1.6.8p9) CVE-2005-1992 version (ruby, fixed 1.8.3 at least) CVE-2005-1937 version (firefox, fixed 1.0.5) -CVE-2005-1934 version (gaim, fixed gaim:1.5.0) +CVE-2005-1934 version (pidgin, fixed pidgin:1.5.0) CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) CVE-2005-1920 version (kdelibs, fixed 3.4.1) *CVE-2005-1918 version (tar) @@ -1545,15 +1545,15 @@ CVE-2005-1278 version (tcpdump, fixed 3.9.2) CVE-2005-1277 ignore (dupe) CVE-2005-1275 version (ImageMagick, fixed 6.2.2) -CVE-2005-1269 version (gaim, gaim:fixed 1.5.0) +CVE-2005-1269 version (pidgin, pidgin:fixed 1.5.0) CVE-2005-1268 version (httpd, not 2.2) CVE-2005-1267 version (tcpdump, fixed 3.9.4 at least) CVE-2005-1266 version (spamassassin, fixed 3.0.4) *CVE-2005-1265 version (kernel) *CVE-2005-1264 version (kernel) *CVE-2005-1263 version (kernel) -CVE-2005-1262 version (gaim, fixed gaim:1.5.0) -CVE-2005-1261 version (gaim, fixed gaim:1.5.0) +CVE-2005-1262 version (pidgin, fixed pidgin:1.5.0) +CVE-2005-1261 version (pidgin, fixed pidgin:1.5.0) *CVE-2005-1260 version (bzip2, fixed 1.0.3) CVE-2005-1229 backport (cpio) cpio-2.6-dirTraversal.patch *CVE-2005-1228 backport (gzip) changelog @@ -1585,9 +1585,9 @@ CVE-2005-0989 version (firefox, fixed 1.0.3) *CVE-2005-0988 backport (gzip) changelog CVE-2005-0977 version (kernel, fixed 2.6.11) -CVE-2005-0967 version (gaim, fixed gaim:1.5.0) -CVE-2005-0966 version (gaim, fixed gaim:1.5.0) -CVE-2005-0965 version (gaim, fixed gaim:1.5.0) +CVE-2005-0967 version (pidgin, fixed pidgin:1.5.0) +CVE-2005-0966 version (pidgin, fixed pidgin:1.5.0) +CVE-2005-0965 version (pidgin, fixed pidgin:1.5.0) *CVE-2005-0953 backport (bzip2) bzip2-1.0.2-chmod.patch CVE-2005-0941 version (openoffice.org, fixed 1.9 m95) CVE-2005-0937 version (kernel, fixed 2.6.11) @@ -1663,8 +1663,8 @@ CVE-2005-0489 version (kernel, not 2.6) *CVE-2005-0488 backport (telnet) CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch -CVE-2005-0473 version (gaim, fixed gaim:1.5.0) -CVE-2005-0472 version (gaim, fixed gaim:1.5.0) +CVE-2005-0473 version (pidgin, fixed pidgin:1.5.0) +CVE-2005-0472 version (pidgin, fixed pidgin:1.5.0) CVE-2005-0470 version (wpa_supplicant, fixed 0.2.7) CVE-2005-0469 version (krb5, fixed 1.4.1) *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch @@ -1707,7 +1707,7 @@ CVE-2005-0211 version (squid, fixed 2.5.STABLE8) CVE-2005-0210 version (kernel, fixed 2.6.11) CVE-2005-0209 version (kernel, fixed 2.6.11) -CVE-2005-0208 version (gaim, fixed gaim:1.5.0) +CVE-2005-0208 version (pidgin, fixed pidgin:1.5.0) CVE-2005-0207 version (kernel, fixed 2.6.11) CVE-2005-0205 version (kdenetwork, not 3.3+) CVE-2005-0204 version (kernel) didn't affect upstream @@ -1794,7 +1794,7 @@ *CVE-2004-2645 (asn1c) *CVE-2004-2644 (asn1c) CVE-2004-2607 version (kernel, fixed 2.6.5) -CVE-2004-2589 version (gaim, fixed gaim:0.82.1) +CVE-2004-2589 version (pidgin, fixed pidgin:0.82.1) CVE-2004-2546 version (samba, fixed 3.0.6) CVE-2004-2541 ignore (cscope) blocked by FORTIFY_SOURCE CVE-2004-2536 version (kernel, fixed 2.6.7) @@ -1971,7 +1971,7 @@ CVE-2004-0907 version (firefox) CVE-2004-0906 version (thunderbird) CVE-2004-0906 version (firefox) -CVE-2004-0891 version (gaim, fixed gaim:1.0.2) +CVE-2004-0891 version (pidgin, fixed pidgin:1.0.2) CVE-2004-0888 version (tetex, fixed 3.0) CVE-2004-0888 version (kdegraphics, not 3.4) CVE-2004-0888 version (cups, fixed 1.2) @@ -2016,8 +2016,8 @@ CVE-2004-0790 version (kernel, not 2.6) CVE-2004-0788 version (gtk2, fixed 2.6.7 at least) CVE-2004-0786 version (apr-util, not httpd-2.2) -CVE-2004-0785 version (gaim, fixed gaim:0.82.1) -CVE-2004-0784 version (gaim, fixed gaim:0.82.1) +CVE-2004-0785 version (pidgin, fixed pidgin:0.82.1) +CVE-2004-0784 version (pidgin, fixed pidgin:0.82.1) CVE-2004-0783 version (gtk2, fixed 2.6.7 at least) CVE-2004-0782 version (gtk2, fixed 2.6.7 at least) CVE-2004-0779 version (thunderbird) @@ -2026,7 +2026,7 @@ CVE-2004-0772 version (krb5, fixed after 1.2.8) CVE-2004-0768 version (libpng, fixed 1.2.6) CVE-2004-0755 version (ruby, fixed 1.8.1) -CVE-2004-0754 version (gaim, fixed gaim:0.82.1) +CVE-2004-0754 version (pidgin, fixed pidgin:0.82.1) CVE-2004-0753 version (gtk2, fixed after 2.2.4) CVE-2004-0752 version (openoffice.org, fixed after 1.1.2) CVE-2004-0751 version (httpd, not 2.2) @@ -2085,7 +2085,7 @@ CVE-2004-0506 version (wireshark, fixed 0.10.4) CVE-2004-0505 version (wireshark, fixed 0.10.4) CVE-2004-0504 version (wireshark, fixed 0.10.4) -CVE-2004-0500 version (gaim, fixed gaim:0.82.1) +CVE-2004-0500 version (pidgin, fixed pidgin:0.82.1) CVE-2004-0497 version (kernel, fixed 2.6.8) CVE-2004-0496 version (kernel, fixed 2.6.8) CVE-2004-0495 version (kernel, fixed 2.6.8) @@ -2185,10 +2185,10 @@ CVE-2004-0055 version (tcpdump, fixed 3.8.2) CVE-2004-0042 ignore (vsftpd) disputed CVE-2004-0010 version (kernel, not 2.6) -CVE-2004-0008 version (gaim, fixed gaim:0.76) -CVE-2004-0007 version (gaim, fixed gaim:0.76) -CVE-2004-0006 version (gaim, fixed gaim:0.76) -CVE-2004-0005 version (gaim, fixed gaim:0.76) +CVE-2004-0008 version (pidgin, fixed pidgin:0.76) +CVE-2004-0007 version (pidgin, fixed pidgin:0.76) +CVE-2004-0006 version (pidgin, fixed pidgin:0.76) +CVE-2004-0005 version (pidgin, fixed pidgin:0.76) CVE-2004-0003 version (kernel, not 2.6) CVE-2004-0001 version (kernel, not 2.6) CVE-2003-1329 ignore, no-ship (wu-ftpd) @@ -2539,7 +2539,7 @@ CVE-2002-1146 version (bind, not 8.3+) CVE-2002-1131 version (squirrelmail, fixed 1.2.8) CVE-2002-1119 version (python, fixed 2.2.2) -CVE-2002-0989 version (gaim, fixed gaim:0.59.1) +CVE-2002-0989 version (pidgin, fixed pidgin:0.59.1) CVE-2002-0986 version (php, fixed 4.2.3) CVE-2002-0985 version (php, fixed 4.2.3) CVE-2002-0972 version (postgresql, fixed 7.2.2) @@ -2610,11 +2610,11 @@ CVE-2002-0391 version (glibc, fixed after 2.2.5) CVE-2002-0389 ignore (mailman) upstream say not a vulnerability CVE-2002-0388 version (mailman, fixed 2.0.11) -CVE-2002-0384 version (gaim, fixed gaim:0.58) +CVE-2002-0384 version (pidgin, fixed pidgin:0.58) CVE-2002-0382 version (xchat, fixed 1.9.1) CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) CVE-2002-0379 version (imap, vuln code removed imap-2002) -CVE-2002-0377 version (gaim, fixed gaim:0.58) +CVE-2002-0377 version (pidgin, fixed pidgin:0.58) CVE-2002-0374 version (pam_ldap, fixed 144) CVE-2002-0363 version (ghostscript, fixed 6.53) CVE-2002-0353 version (wireshark, fixed 0.9.3) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Jul 23 23:30:45 2007 From: fedora-extras-commits at redhat.com (Christoph Trassl (trassl)) Date: Mon, 23 Jul 2007 19:30:45 -0400 Subject: fedora-security/audit fc7,1.48,1.49 Message-ID: <200707232330.l6NNUj1R017132@cvs-int.fedora.redhat.com> Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17109 Modified Files: fc7 Log Message: Processed mtr. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- fc7 23 Jul 2007 19:24:06 -0000 1.48 +++ fc7 23 Jul 2007 23:30:43 -0000 1.49 @@ -1862,7 +1862,7 @@ CVE-2004-1237 version (kernel, not 2.6) not upstream CVE-2004-1235 version (kernel, fixed 2.6.11) CVE-2004-1234 version (kernel, not 2.6) -CVE-2004-1224 version (mtr, fixed after 0.65) +CVE-2004-1224 version (mtr, fixed 0.66) CVE-2004-1200 ignore (firefox, mozilla) not a security issue CVE-2004-1191 version (kernel, fixed 2.6.9) CVE-2004-1190 version (kernel, fixed 2.6.10) @@ -2595,7 +2595,7 @@ CVE-2002-0510 ignore (kernel) see cve CVE-2002-0506 version (newt, not 0.5.22 at least) CVE-2002-0499 version (kernel, not 2.6) -*CVE-2002-0497 backport (mtr) mtr-0.69-CVE-2002-0497.patch +CVE-2002-0497 backport (mtr) mtr-0.69-CVE-2002-0497.patch CVE-2002-0493 version (tomcat, fixed 4.1.12) CVE-2002-0435 version (fileutils, fixed 4.1.7) CVE-2002-0429 version (kernel, not 2.6) @@ -2677,6 +2677,7 @@ CVE-2000-1137 version (ed, fixed 0.2-18.1) *CVE-2000-0992 (krb5) CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) +CVE-2000-0172 version (mtr, fixed 0.42) CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Tue Jul 24 00:25:50 2007 From: fedora-extras-commits at redhat.com (Christoph Trassl (trassl)) Date: Mon, 23 Jul 2007 20:25:50 -0400 Subject: fedora-security/audit fc7,1.49,1.50 Message-ID: <200707240025.l6O0PoZq028822@cvs-int.fedora.redhat.com> Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28793 Modified Files: fc7 Log Message: Added lesstif CVEs. Processed freeciv, mikmod/libmikmod. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.49 retrieving revision 1.50 diff -u -r1.49 -r1.50 --- fc7 23 Jul 2007 23:30:43 -0000 1.49 +++ fc7 24 Jul 2007 00:25:47 -0000 1.50 @@ -652,8 +652,8 @@ CVE-2006-4019 version (squirrelmail, fixed 1.4.8) CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 CVE-2006-3918 version (httpd, fixed 2.2.2) -*CVE-2006-3913 patch (freeciv, fixed 2.0.8-5) #200545 -CVE-2006-3879 version (mikmod, not 3.1.6) +CVE-2006-3913 patch (freeciv, fixed 2.0.9) #200545 +CVE-2006-3879 version (libmikmod, loaders/load_gt2 not in bundled libmikmod-3.1.11) CVE-2006-3835 version (tomcat, fixed 5.5.17) CVE-2006-3816 version (krusader, fixed 1.70.1) #200323 CVE-2006-3815 version (heartbeat, fixed 2.0.6) @@ -1633,6 +1633,7 @@ CVE-2005-0626 version (squid, fixed 2.5.STABLE10) *CVE-2005-0611 (helixplayer) CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) +*CVE-2005-0605 (lesstif) CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour CVE-2005-0596 version (php, fixed 5.0) CVE-2005-0593 version (firefox) @@ -1964,6 +1965,7 @@ CVE-2004-0929 version (libtiff, fixed 3.7.0) CVE-2004-0923 version (cups, fixed 1.1.22) CVE-2004-0918 version (squid, fixed 2.4.STABLE7) +*CVE-2004-0914 (lesstif) CVE-2004-0914 version (xorg-x11, fixed after 6.8.1) CVE-2004-0909 version (thunderbird) CVE-2004-0909 version (firefox) @@ -2042,6 +2044,8 @@ CVE-2004-0691 version (qt, fixed 3.3.3) CVE-2004-0690 version (kdelibs, fixed after 3.2.3) CVE-2004-0689 version (kdelibs, fixed 3.3.0) +*CVE-2004-0688 (lesstif) +*CVE-2004-0687 (lesstif) CVE-2004-0686 version (samba, fixed 3.0.6) CVE-2004-0685 version (kernel, not 2.6) CVE-2004-0658 ignore (kernel) not a security issue @@ -2322,7 +2326,7 @@ CVE-2003-0430 version (wireshark, fixed after 0.9.12) CVE-2003-0429 version (wireshark, fixed after 0.9.12) CVE-2003-0428 version (wireshark, fixed after 0.9.12) -*CVE-2003-0427 backport (mikmod) from changelog +CVE-2003-0427 version (mikmod, fixed 3.2.0) CVE-2003-0418 version (kernel, not 2.6) CVE-2003-0388 version (pam, fixed 0.78) CVE-2003-0386 version (openssh, fixed after 3.6.1) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Tue Jul 24 00:38:10 2007 From: fedora-extras-commits at redhat.com (Christoph Trassl (trassl)) Date: Mon, 23 Jul 2007 20:38:10 -0400 Subject: fedora-security/audit fc7,1.50,1.51 Message-ID: <200707240038.l6O0cA9X031346@cvs-int.fedora.redhat.com> Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31294 Modified Files: fc7 Log Message: Removed CVE-2005-3888 to CVE-2005-3891 which apply to Gadu-Gadu for Windows. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.50 retrieving revision 1.51 diff -u -r1.50 -r1.51 --- fc7 24 Jul 2007 00:25:47 -0000 1.50 +++ fc7 24 Jul 2007 00:38:07 -0000 1.51 @@ -1204,10 +1204,6 @@ *CVE-2005-3964 (openmotif) CVE-2005-3962 version (perl, fixed 5.8.8) CVE-2005-3896 (firefox,seamonkey,thunderbird) -*CVE-2005-3891 (pidgin) -*CVE-2005-3890 (pidgin) -*CVE-2005-3889 (pidgin) -*CVE-2005-3888 (pidgin) CVE-2005-3883 version (php, fixed 5.1.1 at least) CVE-2005-3858 version (kernel, fixed 2.6.13) CVE-2005-3857 version (kernel, fixed 2.6.15) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Wed Jul 25 13:08:01 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Jul 2007 09:08:01 -0400 Subject: [Bug 249162] CVE-2007-394{6-9} lighttpd 1.4.15 multiple vulnerabilities In-Reply-To: Message-ID: <200707251308.l6PD81Jp023970@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-394{6-9} lighttpd 1.4.15 multiple vulnerabilities Alias: CVE-2007-3946 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249162 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|lighttpd 1.4.15 multiple |CVE-2007-394{6-9} lighttpd |vulnerabilities |1.4.15 multiple | |vulnerabilities Alias| |CVE-2007-3946 ------- Additional Comments From lkundrak at redhat.com 2007-07-25 09:07 EST ------- CVE-2007-3946 Lighttpd SA 2007:04-07 CVE-2007-3947 Lighttpd SA 2007:03 CVE-2007-3948 ? CVE-2007-3949 Lighttpd SA 2007:08 (patch: CVE-2007-3950 ? ? Lighttpd SA 2007:09 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Wed Jul 25 13:09:31 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Wed, 25 Jul 2007 09:09:31 -0400 Subject: fedora-security/audit fc7,1.51,1.52 Message-ID: <200707251309.l6PD9VQ6004593@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4568 Modified Files: fc7 Log Message: Lighttpd. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.51 retrieving revision 1.52 diff -u -r1.51 -r1.52 --- fc7 24 Jul 2007 00:38:07 -0000 1.51 +++ fc7 25 Jul 2007 13:09:29 -0000 1.52 @@ -4,7 +4,11 @@ *CVE are items that need verification for Fedora 7 -CVE-NOID VULNERABLE (lighttpd) #249162 +CVE-2007-3946 VULNERABLE (lighttpd) #249162 +CVE-2007-3947 VULNERABLE (lighttpd) #249162 +CVE-2007-3948 VULNERABLE (lighttpd) #249162 +CVE-2007-3949 VULNERABLE (lighttpd) #249162 +CVE-2007-3950 VULNERABLE (lighttpd) #249162 CVE-2007-4168 VULNERABLE (libexif) #243890 CVE-2007-3841 WTF (pidgin) CVE-2007-3820 ** (kdebase) #248537 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Wed Jul 25 18:02:02 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Jul 2007 14:02:02 -0400 Subject: [Bug 247528] CVE-2007-3555: moodle cross site scripting vulnerability In-Reply-To: Message-ID: <200707251802.l6PI22kd027563@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3555: moodle cross site scripting vulnerability Alias: CVE-2007-3555 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247528 limb at jcomserv.net changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|loganjerry at gmail.com |limb at jcomserv.net -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Jul 25 23:52:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Jul 2007 19:52:23 -0400 Subject: [Bug 247528] CVE-2007-3555: moodle cross site scripting vulnerability In-Reply-To: Message-ID: <200707252352.l6PNqNc3031091@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3555: moodle cross site scripting vulnerability Alias: CVE-2007-3555 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247528 limb at jcomserv.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From limb at jcomserv.net 2007-07-25 19:52 EST ------- Built 1.8.2 for rawhide, which addresses this. Will push to 7, etc after testing. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jul 26 08:38:02 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 26 Jul 2007 04:38:02 -0400 Subject: [Bug 249162] CVE-2007-394{6-9} lighttpd 1.4.15 multiple vulnerabilities In-Reply-To: Message-ID: <200707260838.l6Q8c2Pk000921@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-394{6-9} lighttpd 1.4.15 multiple vulnerabilities Alias: CVE-2007-3946 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249162 matthias at rpmforge.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From matthias at rpmforge.net 2007-07-26 04:37 EST ------- Lighttpd 1.4.16 has just been released, and rebuilt for all current Fedora and EPEL branches. Packages are waiting to be pushed. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Jul 27 05:54:26 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 27 Jul 2007 01:54:26 -0400 Subject: [Bug 249162] CVE-2007-394{6-9} lighttpd 1.4.15 multiple vulnerabilities In-Reply-To: Message-ID: <200707270554.l6R5sP7T018958@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-394{6-9} lighttpd 1.4.15 multiple vulnerabilities Alias: CVE-2007-3946 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249162 ------- Additional Comments From updates at fedoraproject.org 2007-07-27 01:54 EST ------- lighttpd-1.4.16-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Jul 27 05:54:28 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 27 Jul 2007 01:54:28 -0400 Subject: [Bug 249162] CVE-2007-394{6-9} lighttpd 1.4.15 multiple vulnerabilities In-Reply-To: Message-ID: <200707270554.l6R5sS5G018983@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-394{6-9} lighttpd 1.4.15 multiple vulnerabilities Alias: CVE-2007-3946 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249162 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |1.4.16-1.fc7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Fri Jul 27 12:57:06 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Fri, 27 Jul 2007 08:57:06 -0400 Subject: fedora-security/audit fc6,1.225,1.226 fc7,1.52,1.53 Message-ID: <200707271257.l6RCv6xT022602@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22578 Modified Files: fc6 fc7 Log Message: libvorbis, tor Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.225 retrieving revision 1.226 diff -u -r1.225 -r1.226 --- fc6 21 Jul 2007 19:27:14 -0000 1.225 +++ fc6 27 Jul 2007 12:57:04 -0000 1.226 @@ -3,6 +3,7 @@ ** are items that need attention +CVE-2007-4029 VULNERABLE (libvorbis) #245991 CVE-2007-4168 VULNERABLE (libexif) #243892 CVE-2007-3841 WTF (pidgin) CVE-2007-3820 ** (kdebase) #248537 @@ -16,6 +17,7 @@ CVE-2007-3378 ignore (php) safe mode escape CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 CVE-2007-3126 ignore (gimp) just a crash +CVE-2007-3106 VULNERABLE (libvorbis) #245991 *CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5?) [since ?] *CVE-2007-2874 (wpa_supplicant) #242455 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.52 retrieving revision 1.53 diff -u -r1.52 -r1.53 --- fc7 25 Jul 2007 13:09:29 -0000 1.52 +++ fc7 27 Jul 2007 12:57:04 -0000 1.53 @@ -4,6 +4,8 @@ *CVE are items that need verification for Fedora 7 +CVE-2007-4029 VULNERABLE (libvorbis) #245991 +CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840 CVE-2007-3946 VULNERABLE (lighttpd) #249162 CVE-2007-3947 VULNERABLE (lighttpd) #249162 CVE-2007-3948 VULNERABLE (lighttpd) #249162 @@ -49,6 +51,7 @@ CVE-2007-3239 ** (wordpress) #245211 CVE-2007-3238 ** (wordpress) #245211 CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) +CVE-2007-3106 VULNERABLE (libvorbis) #245991 CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Fri Jul 27 15:56:56 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Fri, 27 Jul 2007 11:56:56 -0400 Subject: fedora-security/audit fc7,1.53,1.54 fe6,1.130,1.131 Message-ID: <200707271556.l6RFuujn031976@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31866 Modified Files: fc7 fe6 Log Message: lighttpd updated Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.53 retrieving revision 1.54 diff -u -r1.53 -r1.54 --- fc7 27 Jul 2007 12:57:04 -0000 1.53 +++ fc7 27 Jul 2007 15:56:53 -0000 1.54 @@ -4,14 +4,14 @@ *CVE are items that need verification for Fedora 7 -CVE-2007-4029 VULNERABLE (libvorbis) #245991 CVE-NOID VULNERABLE (tor, fixed 0.1.2.15) #249840 -CVE-2007-3946 VULNERABLE (lighttpd) #249162 -CVE-2007-3947 VULNERABLE (lighttpd) #249162 -CVE-2007-3948 VULNERABLE (lighttpd) #249162 -CVE-2007-3949 VULNERABLE (lighttpd) #249162 -CVE-2007-3950 VULNERABLE (lighttpd) #249162 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-4029 VULNERABLE (libvorbis) #245991 +CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 CVE-2007-3841 WTF (pidgin) CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.130 retrieving revision 1.131 diff -u -r1.130 -r1.131 --- fe6 21 Jul 2007 19:27:14 -0000 1.130 +++ fe6 27 Jul 2007 15:56:53 -0000 1.131 @@ -2,7 +2,11 @@ ** are items that need attention -CVE-NOID VULNERABLE (lighttpd) #249162 +CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) CVE-2007-3555 VULNERABLE (moodle) #247528 CVE-2007-3546 ignore (nessus-core) Windows only -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits