From bugzilla at redhat.com Thu Nov 1 14:44:13 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Nov 2007 10:44:13 -0400 Subject: [Bug 230927] CVE-2007-1103: tor information disclosure In-Reply-To: Message-ID: <200711011444.lA1EiDLw022990@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1103: tor information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=230927 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CANTFIX ------- Additional Comments From lkundrak at redhat.com 2007-11-01 10:44 EST ------- Closing: I believe this is a design issue and relatively well documented: "Feb 25 16:16:02.628 [notice] Tor v0.1.1.xx. This is experimental software. Do not rely on it for strong anonymity." -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Nov 1 20:32:24 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Nov 2007 16:32:24 -0400 Subject: [Bug 245211] Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities In-Reply-To: Message-ID: <200711012032.lA1KWOwQ020717@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities Alias: CVE-2007-3544 https://bugzilla.redhat.com/show_bug.cgi?id=245211 ------- Additional Comments From lkundrak at redhat.com 2007-11-01 16:32 EST ------- John: That practically means that Wordpress upstream is dead, right? I don't feel comfortable about having an unfixed vulnerability in distribution, do you? Please do your best to solve the situation. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Nov 1 20:34:34 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Nov 2007 16:34:34 -0400 Subject: [Bug 245219] clamav < 0.90.3 multiple vulnerabilities In-Reply-To: Message-ID: <200711012034.lA1KYYQi020895@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: clamav < 0.90.3 multiple vulnerabilities Alias: CVE-2007-3123 https://bugzilla.redhat.com/show_bug.cgi?id=245219 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Fixed In Version| |clamav-0.91.2-3.fc7 Resolution| |CURRENTRELEASE -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Nov 1 20:39:21 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Nov 2007 16:39:21 -0400 Subject: [Bug 237882] CVE-2007-2245: phpMyAdmin < 2.10.1 XSS vulnerabilities In-Reply-To: Message-ID: <200711012039.lA1KdLSr021771@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2245: phpMyAdmin < 2.10.1 XSS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=237882 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Fixed In Version| |phpMyAdmin-2.11.2-1.fc7 Resolution| |CURRENTRELEASE -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Nov 1 20:49:55 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Nov 2007 16:49:55 -0400 Subject: [Bug 245211] Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities In-Reply-To: Message-ID: <200711012049.lA1KntpB020090@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities Alias: CVE-2007-3544 https://bugzilla.redhat.com/show_bug.cgi?id=245211 ------- Additional Comments From john at ncphotography.com 2007-11-01 16:49 EST ------- Wordpress upstream is far from dead, they simply did not respond to my inquiry regarding this specific vulnerability. They have made additional releases, and we currently have version 2.2.3 available in FC7, 2.3.1 in devel. I'm as comfortable having wordpress in the distro as I am with having various bugs I've reported in RHEL still be open after multiple years, or closed with a WONTFIX from PM. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Nov 1 22:25:06 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Nov 2007 18:25:06 -0400 Subject: [Bug 357051] CVE-2007-5712 Django 0.96 i18n DoS In-Reply-To: Message-ID: <200711012225.lA1MP6X8004505@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5712 Django 0.96 i18n DoS Alias: CVE-2007-5712 https://bugzilla.redhat.com/show_bug.cgi?id=357051 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Django |vulnerability Product|Fedora |Security Response Version|f7 |unspecified -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Nov 1 22:34:56 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Nov 2007 18:34:56 -0400 Subject: [Bug 357051] CVE-2007-5712 Django 0.96 i18n DoS In-Reply-To: Message-ID: <200711012234.lA1MYuLs005719@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5712 Django 0.96 i18n DoS Alias: CVE-2007-5712 https://bugzilla.redhat.com/show_bug.cgi?id=357051 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |michel.sylvan at gmail.com AssignedTo|michel.sylvan at gmail.com |security-response- | |team at redhat.com -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Nov 2 03:35:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Nov 2007 23:35:23 -0400 Subject: [Bug 357051] CVE-2007-5712 Django 0.96 i18n DoS In-Reply-To: Message-ID: <200711020335.lA23ZN4N018445@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5712 Django 0.96 i18n DoS Alias: CVE-2007-5712 https://bugzilla.redhat.com/show_bug.cgi?id=357051 Bug 357051 depends on bug 362781, which changed state. Bug 362781 Summary: CVE-2007-5712 Django 0.96 i18n DoS [Fdevel] https://bugzilla.redhat.com/show_bug.cgi?id=362781 What |Old Value |New Value ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Nov 2 17:02:59 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 2 Nov 2007 13:02:59 -0400 Subject: [Bug 245211] Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities In-Reply-To: Message-ID: <200711021702.lA2H2xB0007228@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities Alias: CVE-2007-3544 https://bugzilla.redhat.com/show_bug.cgi?id=245211 ------- Additional Comments From lkundrak at redhat.com 2007-11-02 13:02 EST ------- RHEL is a different operating system with a different development model and different expectations from users. Not a good analogy. I understand that you can not do anything about fixing this anyways without more specific information other than the advisory. I mailed the guy who discovered the flaw and asked for more information. In case we won't learn more, we may consider the issue non{public,existent}. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Nov 2 17:31:53 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 2 Nov 2007 13:31:53 -0400 Subject: [Bug 194511] CVE-2006-2894 arbitrary file read vulnerability In-Reply-To: Message-ID: <200711021731.lA2HVrxI012682@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2894 arbitrary file read vulnerability Alias: CVE-2006-2894 https://bugzilla.redhat.com/show_bug.cgi?id=194511 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lkundrak at redhat.com Alias| |CVE-2006-2894 Status|CLOSED |ASSIGNED Resolution|INSUFFICIENT_DATA | Version|fc5 |devel ------- Additional Comments From lkundrak at redhat.com 2007-11-02 13:31 EST ------- Matej: Please never close bugs with "Security" keyword unless you are condfident they are fixed. The sample exploit from https://bugzilla.mozilla.org/show_bug.cgi?id=258875 works with seamonkey-1.1.3-8.fc8, though the upstream bug was recently closed. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 15:10:57 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 10:10:57 -0500 Subject: [Bug 237533] CVE-2007-2165: proftpd auth bypass vulnerability In-Reply-To: Message-ID: <200711051510.lA5FAviw016859@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=237533 ------- Additional Comments From updates at fedoraproject.org 2007-11-05 10:10 EST ------- proftpd-1.3.1-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 15:10:59 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 10:10:59 -0500 Subject: [Bug 237533] CVE-2007-2165: proftpd auth bypass vulnerability In-Reply-To: Message-ID: <200711051510.lA5FAxIO016389@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=237533 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |1.3.1-2.fc7 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 15:57:16 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 10:57:16 -0500 Subject: [Bug 237533] CVE-2007-2165: proftpd auth bypass vulnerability In-Reply-To: Message-ID: <200711051557.lA5FvGYC024905@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=237533 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |ASSIGNED Keywords| |Reopened Resolution|ERRATA | Version|fc6 |f8test3 ------- Additional Comments From lkundrak at redhat.com 2007-11-05 10:57 EST ------- Reopening for Werewolf. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 17:50:15 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 12:50:15 -0500 Subject: [Bug 237533] CVE-2007-2165: proftpd auth bypass vulnerability In-Reply-To: Message-ID: <200711051750.lA5HoF5O011874@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability Alias: CVE-2007-2165 https://bugzilla.redhat.com/show_bug.cgi?id=237533 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2007-2165 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 20:42:36 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 15:42:36 -0500 Subject: [Bug 237533] CVE-2007-2165: proftpd auth bypass vulnerability In-Reply-To: Message-ID: <200711052042.lA5KgawH014111@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability Alias: CVE-2007-2165 https://bugzilla.redhat.com/show_bug.cgi?id=237533 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |367431 Bug 237533 depends on bug 367431, which changed state. Bug 367431 Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=367431 What |Old Value |New Value ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NOTABUG -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 20:43:15 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 15:43:15 -0500 Subject: [Bug 237533] CVE-2007-2165: proftpd auth bypass vulnerability In-Reply-To: Message-ID: <200711052043.lA5KhFG3013583@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability Alias: CVE-2007-2165 https://bugzilla.redhat.com/show_bug.cgi?id=237533 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn|367431 | -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 20:42:17 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 15:42:17 -0500 Subject: [Bug 237533] CVE-2007-2165: proftpd auth bypass vulnerability In-Reply-To: Message-ID: <200711052042.lA5KgHUr013510@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability Alias: CVE-2007-2165 https://bugzilla.redhat.com/show_bug.cgi?id=237533 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn|367431 | -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 20:40:33 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 15:40:33 -0500 Subject: [Bug 237533] CVE-2007-2165: proftpd auth bypass vulnerability In-Reply-To: Message-ID: <200711052040.lA5KeXDe013252@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability Alias: CVE-2007-2165 https://bugzilla.redhat.com/show_bug.cgi?id=237533 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |367431 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 21:09:04 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 16:09:04 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711052109.lA5L943l018199@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2007-5197 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 21:08:43 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 16:08:43 -0500 Subject: [Bug 367471] New: CVE-2007-5197: mono Math.BigInteger buffer overflow Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/show_bug.cgi?id=367471 Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Product: Fedora Version: f7 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197 OS/Version: Linux Status: NEW Severity: low Priority: low Component: mono AssignedTo: alexl at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com,paul at all-the- johnsons.co.uk http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5197 "Buffer overflow in the Mono.Math.BigInteger class in Mono allows context-dependent attackers to execute arbitrary code via unspecified vectors." Patch extracted from Debian's 1.2.2.1-1etch1 patchkit (attached) seems to apply to 1.2.5.1 in devel with some line offsets, I have done no further analysis. ------- Additional Comments From ville.skytta at iki.fi 2007-11-05 16:08 EST ------- Created an attachment (id=248611) --> (https://bugzilla.redhat.com/attachment.cgi?id=248611&action=view) Patch from Debian -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 21:48:10 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 16:48:10 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711052148.lA5LmA0m025225@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Component|mono |vulnerability Product|Fedora |Security Response Version|f7 |unspecified -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 21:47:11 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 16:47:11 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711052147.lA5LlBTL025083@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 ------- Additional Comments From lkundrak at redhat.com 2007-11-05 16:47 EST ------- Gentoo also has a patch, maybe a different one http://bugs.gentoo.org/show_bug.cgi?id=197067 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 21:48:58 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 16:48:58 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711052148.lA5LmwI7025192@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |367541 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 21:48:53 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 16:48:53 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711052148.lA5LmrxB025336@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |367531 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 21:49:02 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 16:49:02 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711052149.lA5Ln2Dl025403@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |367551 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Nov 5 21:57:59 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 5 Nov 2007 16:57:59 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711052157.lA5LvxNh026859@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- BugsThisDependsOn| |367571 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Nov 6 16:04:12 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 6 Nov 2007 11:04:12 -0500 Subject: [Bug 357051] CVE-2007-5712 Django 0.96 i18n DoS In-Reply-To: Message-ID: <200711061604.lA6G4CPK026545@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5712 Django 0.96 i18n DoS Alias: CVE-2007-5712 https://bugzilla.redhat.com/show_bug.cgi?id=357051 ------- Additional Comments From updates at fedoraproject.org 2007-11-06 11:04 EST ------- Django-0.96.1-1.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update Django' -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Nov 7 16:16:26 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 Nov 2007 11:16:26 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711071616.lA7GGQvL018998@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 Bug 367471 depends on bug 367551, which changed state. Bug 367551 Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow [devel] https://bugzilla.redhat.com/show_bug.cgi?id=367551 What |Old Value |New Value ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Nov 8 06:01:20 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Nov 2007 01:01:20 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711080601.lA861Kxm017784@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 ------- Additional Comments From updates at fedoraproject.org 2007-11-08 01:01 EST ------- mono-1.2.5.1-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Nov 8 06:01:21 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 8 Nov 2007 01:01:21 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711080601.lA861L4U014935@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |1.2.5.1-2.fc8 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Nov 9 12:19:36 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Nov 2007 07:19:36 -0500 Subject: [Bug 194511] CVE-2006-2894 arbitrary file read vulnerability In-Reply-To: Message-ID: <200711091219.lA9CJauD016412@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2894 arbitrary file read vulnerability Alias: CVE-2006-2894 https://bugzilla.redhat.com/show_bug.cgi?id=194511 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Fixed In Version|1.0.2-1 |seamonkey-1.1.6-1.fc8 Resolution| |CURRENTRELEASE ------- Additional Comments From lkundrak at redhat.com 2007-11-09 07:19 EST ------- Fixed with seamonkey-1.1.6-1.fc8 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Nov 9 18:12:41 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Nov 2007 13:12:41 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711091812.lA9ICf41017060@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 lkundrak at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |ASSIGNED Keywords| |Reopened Resolution|ERRATA | -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Nov 9 18:16:24 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Nov 2007 13:16:24 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711091816.lA9IGOnI017748@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 ------- Additional Comments From lkundrak at redhat.com 2007-11-09 13:16 EST ------- Alex: I'd urge this a bit. When are f6 and f7 versions likely to hit the repositories? (I've noticed there was some issue with libs on 64 bit platforms..?) -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Nov 9 18:14:36 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Nov 2007 13:14:36 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711091814.lA9IEani017301@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 Bug 367471 depends on bug 367541, which changed state. Bug 367541 Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow [f8] https://bugzilla.redhat.com/show_bug.cgi?id=367541 What |Old Value |New Value ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution| |CURRENTRELEASE -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Nov 9 23:53:48 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Nov 2007 18:53:48 -0500 Subject: [Bug 357051] CVE-2007-5712 Django 0.96 i18n DoS In-Reply-To: Message-ID: <200711092353.lA9NrmVm010855@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5712 Django 0.96 i18n DoS Alias: CVE-2007-5712 https://bugzilla.redhat.com/show_bug.cgi?id=357051 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |0.96.1-1.fc8 Bug 357051 depends on bug 362771, which changed state. Bug 362771 Summary: CVE-2007-5712 Django 0.96 i18n DoS [F8] https://bugzilla.redhat.com/show_bug.cgi?id=362771 What |Old Value |New Value ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Nov 9 23:53:46 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Nov 2007 18:53:46 -0500 Subject: [Bug 357051] CVE-2007-5712 Django 0.96 i18n DoS In-Reply-To: Message-ID: <200711092353.lA9Nrk3t008186@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5712 Django 0.96 i18n DoS Alias: CVE-2007-5712 https://bugzilla.redhat.com/show_bug.cgi?id=357051 ------- Additional Comments From updates at fedoraproject.org 2007-11-09 18:53 EST ------- Django-0.96.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Nov 9 23:55:05 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Nov 2007 18:55:05 -0500 Subject: [Bug 367471] CVE-2007-5197: mono Math.BigInteger buffer overflow In-Reply-To: Message-ID: <200711092355.lA9Nt5lV008782@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5197: mono Math.BigInteger buffer overflow Alias: CVE-2007-5197 https://bugzilla.redhat.com/show_bug.cgi?id=367471 ------- Additional Comments From updates at fedoraproject.org 2007-11-09 18:55 EST ------- mono-1.2.3-5.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Nov 9 23:58:31 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 9 Nov 2007 18:58:31 -0500 Subject: [Bug 357051] CVE-2007-5712 Django 0.96 i18n DoS In-Reply-To: Message-ID: <200711092358.lA9NwVUX011938@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-5712 Django 0.96 i18n DoS Alias: CVE-2007-5712 https://bugzilla.redhat.com/show_bug.cgi?id=357051 ------- Additional Comments From updates at fedoraproject.org 2007-11-09 18:58 EST ------- Django-0.96.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From lkundrak at redhat.com Mon Nov 19 21:08:32 2007 From: lkundrak at redhat.com (Lubomir Kundrak) Date: Mon, 19 Nov 2007 22:08:32 +0100 Subject: Xalan-c review Message-ID: <1195506512.3568.12.camel@localhost.localdomain> Whis will be needed for OVAL parsing tool (ovaldi), would anyone find a couple of spare minutes and do a review? https://bugzilla.redhat.com/show_bug.cgi?id=xalan-c-review Thanks, -- Lubomir Kundrak (Red Hat Security Response Team) From bugzilla at redhat.com Wed Nov 21 20:45:54 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Nov 2007 15:45:54 -0500 Subject: [Bug 221694] CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure In-Reply-To: Message-ID: <200711212045.lALKjsO0010265@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure Alias: CVE-2007-0095 https://bugzilla.redhat.com/show_bug.cgi?id=221694 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2007-0095 ------- Additional Comments From redhat-bugzilla at linuxnetz.de 2007-11-21 15:45 EST ------- Same problem on phpMyAdmin 2.11.2.2 further on: Fatal error: Call to a member function on a non-object in /srv/www/phpMyAdmin/themes/darkblue_orange/layout.inc.php on line 75 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Nov 21 20:47:16 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Nov 2007 15:47:16 -0500 Subject: [Bug 221694] CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure In-Reply-To: Message-ID: <200711212047.lALKlG6e011166@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure Alias: CVE-2007-0095 https://bugzilla.redhat.com/show_bug.cgi?id=221694 redhat at linuxnetz.de changed: What |Removed |Added ---------------------------------------------------------------------------- Version|fc6 |devel -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.