From fedora-extras-commits at redhat.com Sat Sep 1 06:21:27 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Sat, 1 Sep 2007 02:21:27 -0400 Subject: fedora-security/audit fc7,1.87,1.88 Message-ID: <200709010621.l816LRYD007602@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7532 Modified Files: fc7 Log Message: CVE for qgit Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.87 retrieving revision 1.88 diff -u -r1.87 -r1.88 --- fc7 31 Aug 2007 16:23:03 -0000 1.87 +++ fc7 1 Sep 2007 06:21:24 -0000 1.88 @@ -5,11 +5,11 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Up to date CVE as of CVE email 20070823 -# Up to date FC7 as of 20070827 +# Up to date CVE as of CVE email 20070829 +# Up to date FC7 as of 20070829 CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 -GENERIC-MAP-NOMATCH VULNERABLE (qgit) #268381 +CVE-2007-4631 VULNERABLE (qgit) #268381 CVE-2007-4565 VULNERABLE (fetchmail) #260861 CVE-2007-4560 VULNERABLE (clamav) #260583 CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Sat Sep 1 18:12:30 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Sat, 1 Sep 2007 14:12:30 -0400 Subject: fedora-security/audit fc7,1.88,1.89 Message-ID: <200709011812.l81ICU1V006286@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6162 Modified Files: fc7 Log Message: Fix some typos Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.88 retrieving revision 1.89 diff -u -r1.88 -r1.89 --- fc7 1 Sep 2007 06:21:24 -0000 1.88 +++ fc7 1 Sep 2007 18:12:28 -0000 1.89 @@ -365,7 +365,7 @@ CVE-2007-0777 version (seamonkey, fixed 1.0.8) CVE-2007-0775 version (seamonkey, fixed 1.0.8) *CVE-2007-0774 (mod_jk) -VE-2007-0772 version (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] +CVE-2007-0772 version (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952 CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 @@ -608,7 +608,7 @@ CVE-2006-5330 ignore, no-ship (flash-plugin) *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] -VE-2006-5295 version (clamav, fixed 0.88.5) #210973 +CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 *CVE-2006-5276 VULNERABLE (snort) #229265 CVE-2006-5229 ignore (openssh) not reproduced CVE-2006-5215 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-1409] @@ -1242,7 +1242,7 @@ *CVE-2006-0017 (fedora directory server) *CVE-2006-0016 (fedora directory server) *CVE-2005-4838 (tomcat) -VE-2005-4837 version (net-snmp, fixed 5.2.2) +CVE-2005-4837 version (net-snmp, fixed 5.2.2) *CVE-2005-4836 (tomcat) CVE-2005-4811 version (kernel, fixed 2.6.13) CVE-2005-4809 VULNERABLE (firefox) @@ -1381,7 +1381,7 @@ *CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch CVE-2005-3191 version (poppler, fixed 0.4.4) CVE-2005-3191 version (kdegraphics, fixed 3.5.1) -VE-2005-3191 version (cups, fixed 1.2.0) +CVE-2005-3191 version (cups, fixed 1.2.0) *CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch CVE-2005-3186 version (gtk2, fixed 2.8.7 at least) CVE-2005-3185 version (wget, fixed 1.10.2 at least) @@ -1400,7 +1400,7 @@ CVE-2005-3107 version (kernel, fixed 2.6.11) CVE-2005-3106 version (kernel, fixed 2.6.11) CVE-2005-3105 version (kernel, fixed 2.6.12) -VE-2005-3089 version (firefox, fixed 1.0.7) +CVE-2005-3089 version (firefox, fixed 1.0.7) CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped CVE-2005-3055 version (kernel, fixed 2.6.14) CVE-2005-3054 ignore (php) @@ -2724,7 +2724,7 @@ CVE-2002-0069 version (squid, fixed 2.4STABLE4) CVE-2002-0068 version (squid, fixed 2.4STABLE4) CVE-2002-0067 version (squid, fixed 2.4STABLE4) -VE-2002-0063 version (cups, fixed 1.1.14) +CVE-2002-0063 version (cups, fixed 1.1.14) CVE-2002-0062 version (ncurses, only 5.0) CVE-2002-0060 version (kernel, fixed 2.5.5) *CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Sat Sep 1 18:49:39 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Sat, 1 Sep 2007 14:49:39 -0400 Subject: fedora-security/audit epel4,NONE,1.1 epel5,NONE,1.1 Message-ID: <200709011849.l81IndoP007028@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7006 Added Files: epel4 epel5 Log Message: Initial epel4 and epel5 audit files to check. --- NEW FILE epel4 --- # # ** are items that need attention # *CVE are items that need verification for EPEL-4 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # Up to date CVE as of CVE email 20070829 # Up to date EPEL4 as of # *CVE-2007-4631 VULNERABLE (qgit) #268381 *CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 *CVE-2007-4560 VULNERABLE (clamav) #260583 *CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561 *CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 *CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] *CVE-2007-4400 VULNERABLE (konversation) #253545 *CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] *CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643 *CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] *CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] *CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] *CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] *CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] *CVE-2007-3725 ** (clamav) *CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445] *CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) *CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] *CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] *CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 *CVE-2007-3025 ignore (clamav, Solaris only) *CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-2958 VULNERABLE (claws-mail) #254121 *CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469] *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 *CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] *CVE-2007-2637 patch (moin, fixed 1.5.7-2) *CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 *CVE-2007-2165 VULNERABLE (proftpd) #237533 *CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) *CVE-2007-1997 version (clamav, fixed in 0.90.2) *CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 *CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 *CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 *CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 *CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 *CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) *CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] *CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0898 version (clamav, fixed 0.90) #229202 *CVE-2007-0897 version (clamav, fixed 0.90) #229202 *CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 *CVE-2007-0857 version (moin, fixed 1.5.7) #228139 *CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 *CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 *CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 *CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 *CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 *CVE-2006-6481 version (clamav, fixed 0.88.7) *CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 *CVE-2006-6374 ** (phpMyAdmin) #218853 *CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-5874 version (clamav, fixed 0.88.1) *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 *CVE-2006-5602 version (xsupplicant, fixed 1.2.6) *CVE-2006-5601 version (xsupplicant, fixed 1.2.8) #212700 *CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5454 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 *CVE-2006-5129 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4943 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4942 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4941 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4940 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4939 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4938 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4937 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4936 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4935 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4786 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4785 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4784 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4249 patch (plone, fixed 2.5.1-3) #213983 *CVE-2006-4248 ignore (thttpd, Debian specific issue) *CVE-2006-4247 patch (plone, fixed 2.5-4) #209163 *CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 *CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 *CVE-2006-3458 patch (zope, fixed 2.9.3-3) #198106 *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) *CVE-2006-2489 version (nagios, fixed 2.3.1) *CVE-2006-2427 ignore (clamav) not an issue bz#192076 *CVE-2006-2237 backport (awstats, fixed 6.5-5) bz#190923 *CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612 *CVE-2006-2017 version (dnsmasq, fixed 2.30) *CVE-2006-1989 version (clamav, fixed 0.88.2) *CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch *CVE-2006-1711 version (plone, fixed 2.1.2) bz#188886 *CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 *CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050 *CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 *CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 *CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) *CVE-2006-1498 version (mediawiki, fixed 1.5.8) bz#188122 *CVE-2006-1079 patch (thttpd, fixed 2.25b-11) bz#191095 *CVE-2006-1078 patch (thttpd, fixed 2.25b-11) bz#191095 *CVE-2006-0814 ignore (lighttpd, Windows-specific problem) *CVE-2006-0760 version (lighttpd, fixed 1.4.10) *CVE-2006-0458 version (irssi, fixed 0.8.10) bz#184509 *CVE-2006-0322 version (mediawiki, fixed 1.5.8) *CVE-2006-0162 version (clamav, fixed 0.88) *CVE-2006-0126 version (rxvt-unicode, fixed 7.5) *CVE-2006-0106 version (wine, fixed 0.9.10) *CVE-2006-0071 ignore (pinentry, Gentoo-specific problem) *CVE-2005-4803 version (graphviz, fixed 2.2.1) *CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14) --- NEW FILE epel5 --- # # ** are items that need attention # *CVE are items that need verification for EPEL-5 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # Up to date CVE as of CVE email 20070829 # Up to date EPEL5 as of # *CVE-2007-4631 VULNERABLE (qgit) #268381 *CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 *CVE-2007-4560 VULNERABLE (clamav) #260583 *CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561 *CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 *CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] *CVE-2007-4400 VULNERABLE (konversation) #253545 *CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] *CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643 *CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] *CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] *CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] *CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] *CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] *CVE-2007-3725 ** (clamav) *CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) *CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445] *CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904] *CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383] *CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) *CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] *CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] *CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 *CVE-2007-3025 ignore (clamav, Solaris only) *CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469] *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 *CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] *CVE-2007-2637 patch (moin, fixed 1.5.7-2) *CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 *CVE-2007-2165 VULNERABLE (proftpd) #237533 *CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) *CVE-2007-1997 version (clamav, fixed in 0.90.2) *CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 *CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 *CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1515 version (imp, fixed 4.1.4) *CVE-2007-1474 version (horde, fixed 3.1.4) *CVE-2007-1474 ignore (imp, < 4.x only) *CVE-2007-1473 version (horde, fixed 3.1.4) *CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 *CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 *CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) *CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 *CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1263 version (gpgme, fixed 1.1.4) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) *CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] *CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0898 version (clamav, fixed 0.90) #229202 *CVE-2007-0897 version (clamav, fixed 0.90) #229202 *CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 *CVE-2007-0857 version (moin, fixed 1.5.7) #228139 *CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 *CVE-2007-0469 version (rubygems, fixed 0.9.1) *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 *CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 *CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 *CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 *CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 *CVE-2006-6481 version (clamav, fixed 0.88.7) *CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 *CVE-2006-6374 ** (phpMyAdmin) #218853 *CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950 *CVE-2006-6085 version (kile, fixed 1.9.3) #217238 *CVE-2006-5874 version (clamav, fixed 0.88.1) *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 *CVE-2006-5602 version (xsupplicant, fixed 1.2.6) *CVE-2006-5601 version (xsupplicant, fixed 1.2.8) #212700 *CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5454 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 *CVE-2006-5129 version (moodle, fixed 1.6.3) #206516 *CVE-2006-5111 version (libksba, fixed 0.9.14) *CVE-2006-4943 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4942 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4941 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4940 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4939 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4938 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4937 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4936 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4935 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4786 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4785 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4784 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4249 patch (plone, fixed 2.5.1-3) #213983 *CVE-2006-4248 ignore (thttpd, Debian specific issue) *CVE-2006-4247 patch (plone, fixed 2.5-4) #209163 *CVE-2006-4192 patch (libmodplug, fixed 0.8-3) *CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 *CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 *CVE-2006-3458 patch (zope, fixed 2.9.3-3) #198106 *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) *CVE-2006-2489 version (nagios, fixed 2.3.1) *CVE-2006-2427 ignore (clamav) not an issue bz#192076 *CVE-2006-2237 backport (awstats, fixed 6.5-5) bz#190923 *CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612 *CVE-2006-2017 version (dnsmasq, fixed 2.30) *CVE-2006-1989 version (clamav, fixed 0.88.2) *CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch *CVE-2006-1711 version (plone, fixed 2.1.2) bz#188886 *CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 *CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050 *CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 *CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 *CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) *CVE-2006-1498 version (mediawiki, fixed 1.5.8) bz#188122 *CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353 *CVE-2006-1079 patch (thttpd, fixed 2.25b-11) bz#191095 *CVE-2006-1078 patch (thttpd, fixed 2.25b-11) bz#191095 *CVE-2006-0847 version (python-cherrypy, fixed 2.1.1) *CVE-2006-0814 ignore (lighttpd, Windows-specific problem) *CVE-2006-0760 version (lighttpd, fixed 1.4.10) *CVE-2006-0458 version (irssi, fixed 0.8.10) bz#184509 *CVE-2006-0322 version (mediawiki, fixed 1.5.8) *CVE-2006-0162 version (clamav, fixed 0.88) *CVE-2006-0106 version (wine, fixed 0.9.10) *CVE-2006-0071 ignore (pinentry, Gentoo-specific problem) *CVE-2005-4803 version (graphviz, fixed 2.2.1) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Tue Sep 4 12:44:11 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Tue, 4 Sep 2007 08:44:11 -0400 Subject: fedora-security/audit fc7,1.89,1.90 Message-ID: <200709041244.l84CiB56030854@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30461 Modified Files: fc7 Log Message: Gallery2 WebdAv problems Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.89 retrieving revision 1.90 diff -u -r1.89 -r1.90 --- fc7 1 Sep 2007 18:12:28 -0000 1.89 +++ fc7 4 Sep 2007 12:44:08 -0000 1.90 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070829 # Up to date FC7 as of 20070829 +CVE-MAP-NOMATCH VULNERABLE (gallery2) #267421 CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 CVE-2007-4631 VULNERABLE (qgit) #268381 CVE-2007-4565 VULNERABLE (fetchmail) #260861 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Tue Sep 4 17:00:54 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Tue, 4 Sep 2007 13:00:54 -0400 Subject: fedora-security/audit fc7,1.90,1.91 Message-ID: <200709041700.l84H0sBt007794@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7775 Modified Files: fc7 Log Message: CVE for gallery2 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.90 retrieving revision 1.91 diff -u -r1.90 -r1.91 --- fc7 4 Sep 2007 12:44:08 -0000 1.90 +++ fc7 4 Sep 2007 17:00:52 -0000 1.91 @@ -8,7 +8,7 @@ # Up to date CVE as of CVE email 20070829 # Up to date FC7 as of 20070829 -CVE-MAP-NOMATCH VULNERABLE (gallery2) #267421 +CVE-2007-4650 VULNERABLE (gallery2) #267421 CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 CVE-2007-4631 VULNERABLE (qgit) #268381 CVE-2007-4565 VULNERABLE (fetchmail) #260861 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Tue Sep 4 21:12:27 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Tue, 4 Sep 2007 17:12:27 -0400 Subject: fedora-security/audit fc6,1.250,1.251 fc7,1.91,1.92 Message-ID: <200709042112.l84LCRpQ015323@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15261 Modified Files: fc6 fc7 Log Message: gd Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.250 retrieving revision 1.251 diff -u -r1.250 -r1.251 --- fc6 28 Aug 2007 16:44:20 -0000 1.250 +++ fc6 4 Sep 2007 21:12:24 -0000 1.251 @@ -35,6 +35,13 @@ CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655] CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] +CVE-2007-3478 VULNERABLE (gd, fixed 2.0.35) #277421 +CVE-2007-3477 VULNERABLE (gd, fixed 2.0.35) #277421 +CVE-2007-3476 VULNERABLE (gd, fixed 2.0.35) #277421 +CVE-2007-3475 VULNERABLE (gd, fixed 2.0.35) #277421 +CVE-2007-3474 VULNERABLE (gd, fixed 2.0.35) #277421 +CVE-2007-3473 VULNERABLE (gd, fixed 2.0.35) #277421 +CVE-2007-3472 VULNERABLE (gd, fixed 2.0.35) #277421 CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809 CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3392 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.91 retrieving revision 1.92 diff -u -r1.91 -r1.92 --- fc7 4 Sep 2007 17:00:52 -0000 1.91 +++ fc7 4 Sep 2007 21:12:24 -0000 1.92 @@ -86,13 +86,13 @@ CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033] CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045] -CVE-2007-3478 ** (gd) -CVE-2007-3477 ** (gd) -CVE-2007-3476 ** (gd) -CVE-2007-3475 ** (gd) -CVE-2007-3474 ** (gd) -CVE-2007-3473 ** (gd) -CVE-2007-3472 ** (gd) +CVE-2007-3478 VULNERABLE (gd, fixed 2.0.35) #277411 +CVE-2007-3477 VULNERABLE (gd, fixed 2.0.35) #277411 +CVE-2007-3476 VULNERABLE (gd, fixed 2.0.35) #277411 +CVE-2007-3475 VULNERABLE (gd, fixed 2.0.35) #277411 +CVE-2007-3474 VULNERABLE (gd, fixed 2.0.35) #277411 +CVE-2007-3473 VULNERABLE (gd, fixed 2.0.35) #277411 +CVE-2007-3472 VULNERABLE (gd, fixed 2.0.35) #277411 CVE-2007-3410 backport (HelixPlayer) #245838 [since FEDORA-2007-0756] CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807 CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Sep 5 04:53:06 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Wed, 5 Sep 2007 00:53:06 -0400 Subject: fedora-security/audit epel5,1.1,1.2 Message-ID: <200709050453.l854r6GR016943@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16925 Modified Files: epel5 Log Message: Process a bunch of epel5 entries Index: epel5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel5,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- epel5 1 Sep 2007 18:49:37 -0000 1.1 +++ epel5 5 Sep 2007 04:53:03 -0000 1.2 @@ -109,58 +109,58 @@ *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 -*CVE-2006-5602 version (xsupplicant, fixed 1.2.6) -*CVE-2006-5601 version (xsupplicant, fixed 1.2.8) #212700 -*CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355 -*CVE-2006-5454 patch (bugzilla, fixed 2.22-7) #212355 -*CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 -*CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 -*CVE-2006-5129 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-5111 version (libksba, fixed 0.9.14) -*CVE-2006-4943 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4942 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4941 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4940 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4939 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4938 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4937 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4936 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4935 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4786 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4785 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4784 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4684 version (zope, fixed 2.9.2) -*CVE-2006-4249 patch (plone, fixed 2.5.1-3) #213983 -*CVE-2006-4248 ignore (thttpd, Debian specific issue) -*CVE-2006-4247 patch (plone, fixed 2.5-4) #209163 -*CVE-2006-4192 patch (libmodplug, fixed 0.8-3) -*CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 -*CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 -*CVE-2006-3458 patch (zope, fixed 2.9.3-3) #198106 -*CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) -*CVE-2006-2489 version (nagios, fixed 2.3.1) -*CVE-2006-2427 ignore (clamav) not an issue bz#192076 -*CVE-2006-2237 backport (awstats, fixed 6.5-5) bz#190923 -*CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612 -*CVE-2006-2017 version (dnsmasq, fixed 2.30) -*CVE-2006-1989 version (clamav, fixed 0.88.2) -*CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch -*CVE-2006-1711 version (plone, fixed 2.1.2) bz#188886 -*CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050 -*CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) -*CVE-2006-1498 version (mediawiki, fixed 1.5.8) bz#188122 -*CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353 -*CVE-2006-1079 patch (thttpd, fixed 2.25b-11) bz#191095 -*CVE-2006-1078 patch (thttpd, fixed 2.25b-11) bz#191095 -*CVE-2006-0847 version (python-cherrypy, fixed 2.1.1) -*CVE-2006-0814 ignore (lighttpd, Windows-specific problem) -*CVE-2006-0760 version (lighttpd, fixed 1.4.10) -*CVE-2006-0458 version (irssi, fixed 0.8.10) bz#184509 -*CVE-2006-0322 version (mediawiki, fixed 1.5.8) -*CVE-2006-0162 version (clamav, fixed 0.88) -*CVE-2006-0106 version (wine, fixed 0.9.10) -*CVE-2006-0071 ignore (pinentry, Gentoo-specific problem) -*CVE-2005-4803 version (graphviz, fixed 2.2.1) +CVE-2006-5602 version (xsupplicant, fixed 1.2.6) +CVE-2006-5601 version (xsupplicant, fixed 1.2.8) #212700 +CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355 +CVE-2006-5454 patch (bugzilla, fixed 2.22-7) #212355 +CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 +CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 +CVE-2006-5129 version (moodle, fixed 1.6.3) #206516 +CVE-2006-5111 version (libksba, fixed 0.9.14) +CVE-2006-4943 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4942 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4941 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4940 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4939 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4938 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4937 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4936 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4935 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4786 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4785 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4784 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4684 version (zope, fixed 2.9.2) +CVE-2006-4249 version (plone, fixed 2.5.1-3) #213983 +CVE-2006-4248 ignore (thttpd, Debian specific issue) +CVE-2006-4247 patch (plone, fixed 2.5-4) #209163 +CVE-2006-4192 version (libmodplug, fixed 0.8-3) +CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 +CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 +CVE-2006-3458 version (zope, fixed 2.9.3-3) #198106 +CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) +CVE-2006-2489 version (nagios, fixed 2.3.1) +CVE-2006-2427 ignore (clamav) not an issue bz#192076 +CVE-2006-2237 version (awstats, fixed 6.5-5) bz#190923 +CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612 +CVE-2006-2017 version (dnsmasq, fixed 2.30) +CVE-2006-1989 version (clamav, fixed 0.88.2) +CVE-2006-1945 version (awstats, fixed 6.5-4) bz#190922 +CVE-2006-1711 version (plone, fixed 2.1.2) bz#188886 +CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050 +CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) +CVE-2006-1498 version (mediawiki, fixed 1.5.8) bz#188122 +CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353 +CVE-2006-1079 version (thttpd, fixed 2.25b-11) bz#191095 +CVE-2006-1078 version (thttpd, fixed 2.25b-11) bz#191095 +CVE-2006-0847 version (python-cherrypy, fixed 2.1.1) +CVE-2006-0814 ignore (lighttpd, Windows-specific problem) +CVE-2006-0760 version (lighttpd, fixed 1.4.10) +CVE-2006-0458 version (irssi, fixed 0.8.10) bz#184509 +CVE-2006-0322 version (mediawiki, fixed 1.5.8) +CVE-2006-0162 version (clamav, fixed 0.88) +CVE-2006-0106 version (wine, fixed 0.9.10) +CVE-2006-0071 ignore (pinentry, Gentoo-specific problem) +CVE-2005-4803 version (graphviz, fixed 2.2.1) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Sep 5 08:30:53 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Wed, 5 Sep 2007 04:30:53 -0400 Subject: fedora-security/audit fc6,1.251,1.252 fc7,1.92,1.93 Message-ID: <200709050830.l858UrGT015757@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15692 Modified Files: fc6 fc7 Log Message: releng pushed loooots of stuff Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.251 retrieving revision 1.252 diff -u -r1.251 -r1.252 --- fc6 4 Sep 2007 21:12:24 -0000 1.251 +++ fc6 5 Sep 2007 08:30:51 -0000 1.252 @@ -5,9 +5,9 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # Up to date CVE as of CVE email 20070823 -# Up to date FC6 as of 20070827 +# Up to date FC6 as of 20070905 -CVE-2007-4565 VULNERABLE (fetchmail) #260881 +CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] CVE-2007-4357 ignore (firefox) status bar can be overwrittten CVE-2007-4255 ignore (php) msql extension not shipped CVE-2007-4251 ignore (openoffice.org) just a crash @@ -16,12 +16,15 @@ CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664] CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254129 -CVE-2007-4131 VULNERABLE (tar) #253684 -CVE-2007-4029 VULNERABLE (libvorbis) #250600 +CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-683] +CVE-2007-4029 backport (libvorbis) #250600 [since FEDORA-2007-677] CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] +CVE-2007-4000 backport (krb5) [since FEDORA-2007-690] +CVE-2007-3999 backport (krb5) [since FEDORA-2007-690] CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675] +CVE-2007-3848 version (kernel) [since FEDORA-2007-679] CVE-2007-3847 VULNERABLE (httpd) #250756 CVE-2007-3845 ignore (firefox) windows specific CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" @@ -50,7 +53,7 @@ CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3387 VULNERABLE (poppler) #251513 CVE-2007-3387 backport (tetex) #251515 [since FEDORA-2007-669] -CVE-2007-3387 VULNERABLE (kdegraphics) #251511 +CVE-2007-3387 backport (kdegraphics) #251511 [since FEDORA-2007-685] CVE-2007-3387 backport (cups) #251519 [since FEDORA-2007-644] CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.92 retrieving revision 1.93 diff -u -r1.92 -r1.93 --- fc7 4 Sep 2007 21:12:24 -0000 1.92 +++ fc7 5 Sep 2007 08:30:51 -0000 1.93 @@ -6,22 +6,22 @@ # A couple of first F7 updates were marked as FEDORA-2007-0001 # Up to date CVE as of CVE email 20070829 -# Up to date FC7 as of 20070829 +# Up to date FC7 as of 20070905 -CVE-2007-4650 VULNERABLE (gallery2) #267421 -CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 +CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020] +CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] CVE-2007-4631 VULNERABLE (qgit) #268381 -CVE-2007-4565 VULNERABLE (fetchmail) #260861 +CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] CVE-2007-4560 VULNERABLE (clamav) #260583 CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal CVE-2007-4558 version (star, fixed 1.5a84) [since FEDORA-2007-1852] CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561 +CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018] CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -CVE-2007-4534 VULNERABLE (vavoom) #256621 -CVE-2007-4533 VULNERABLE (vavoom) #256621 -CVE-2007-4532 VULNERABLE (vavoom) #256621 +CVE-2007-4534 backport (vavoom) #256621 [since CVE-2007-4533] +CVE-2007-4533 backport (vavoom) #256621 [since CVE-2007-4533] +CVE-2007-4532 backport (vavoom) #256621 [since CVE-2007-4533] CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774] @@ -42,12 +42,14 @@ CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414] CVE-2007-4153 ignore (wordpress) "remote authenticated administrators" CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" -CVE-2007-4139 VULNERABLE (wordpress) #250751 +CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885] CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852] -CVE-2007-4131 VULNERABLE (tar) #253684 +CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890] CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765] +CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017] +CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017] CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697] @@ -142,7 +144,7 @@ CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) -CVE-2007-2958 VULNERABLE (claws-mail) #254121 +CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009] CVE-2007-2958 backport (sylpheed) #254123 [since FEDORA-2007-1841] CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581] CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Fri Sep 7 08:42:57 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Fri, 7 Sep 2007 04:42:57 -0400 Subject: fedora-security/audit fc6,1.252,1.253 fc7,1.93,1.94 Message-ID: <200709070842.l878gvaJ028628@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28608/audit Modified Files: fc6 fc7 Log Message: PHP wireshark kerberos Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.252 retrieving revision 1.253 diff -u -r1.252 -r1.253 --- fc6 5 Sep 2007 08:30:51 -0000 1.252 +++ fc6 7 Sep 2007 08:42:54 -0000 1.253 @@ -4,9 +4,18 @@ # *CVE are items that need verification for Fedora Core 6 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070823 +# Up to date CVE as of CVE email 20070907 # Up to date FC6 as of 20070905 +CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix +CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] +CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode +CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf +CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix +CVE-2007-4660 VULNERABLE (php, fixed 5.2.4) +CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only) +CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011 +CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] CVE-2007-4357 ignore (firefox) status bar can be overwrittten CVE-2007-4255 ignore (php) msql extension not shipped Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.93 retrieving revision 1.94 diff -u -r1.93 -r1.94 --- fc7 5 Sep 2007 08:30:51 -0000 1.93 +++ fc7 7 Sep 2007 08:42:54 -0000 1.94 @@ -5,9 +5,18 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Up to date CVE as of CVE email 20070829 +# Up to date CVE as of CVE email 20070907 # Up to date FC7 as of 20070905 +CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix +CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] +CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode +CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf +CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix +CVE-2007-4660 VULNERABLE (php, fixed 5.2.4) +CVE-2007-4659 VULNERABLE (php, fixed 5.2.4) #276531 Tracking bug! +CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011 +CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020] CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] CVE-2007-4631 VULNERABLE (qgit) #268381 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Fri Sep 7 10:23:32 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 7 Sep 2007 06:23:32 -0400 Subject: [Bug 235013] CVE-2007-1804: pulseaudio 0.9.5 DoS In-Reply-To: Message-ID: <200709071023.l87ANWUv022050@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1804: pulseaudio 0.9.5 DoS https://bugzilla.redhat.com/show_bug.cgi?id=235013 ------- Additional Comments From lpoetter at redhat.com 2007-09-07 06:23 EST ------- This has been fixed for quite a while in Rawhide. Since these all are issues that only trigger an assert() they are quite a low priority. Also, to trigger them some non-standard modules need to be loaded into the sound server. Thus, I so no need to provide updates for FC5/FC6. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Sep 7 10:24:35 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 7 Sep 2007 06:24:35 -0400 Subject: [Bug 235013] CVE-2007-1804: pulseaudio 0.9.5 DoS In-Reply-To: Message-ID: <200709071024.l87AOZGK022134@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1804: pulseaudio 0.9.5 DoS https://bugzilla.redhat.com/show_bug.cgi?id=235013 lpoetter at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |RAWHIDE -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Sep 7 17:20:24 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 7 Sep 2007 13:20:24 -0400 Subject: [Bug 229265] CVE-2006-5276 Vulnerability in Snort DCE/RPC Preprocessor In-Reply-To: Message-ID: <200709071720.l87HKOMW003233@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-5276 Vulnerability in Snort DCE/RPC Preprocessor https://bugzilla.redhat.com/show_bug.cgi?id=229265 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |2.7.0.1-3.fc7 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Sep 7 17:20:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 7 Sep 2007 13:20:23 -0400 Subject: [Bug 229265] CVE-2006-5276 Vulnerability in Snort DCE/RPC Preprocessor In-Reply-To: Message-ID: <200709071720.l87HKN7S003216@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-5276 Vulnerability in Snort DCE/RPC Preprocessor https://bugzilla.redhat.com/show_bug.cgi?id=229265 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|normal |medium Product|Fedora Extras |Fedora ------- Additional Comments From updates at fedoraproject.org 2007-09-07 13:20 EST ------- snort-2.7.0.1-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Mon Sep 10 12:20:23 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Mon, 10 Sep 2007 08:20:23 -0400 Subject: fedora-security/audit fc7,1.94,1.95 Message-ID: <200709101220.l8ACKNRK024303@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24230 Modified Files: fc7 Log Message: lighttpd Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.94 retrieving revision 1.95 diff -u -r1.94 -r1.95 --- fc7 7 Sep 2007 08:42:54 -0000 1.94 +++ fc7 10 Sep 2007 12:20:21 -0000 1.95 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070907 # Up to date FC7 as of 20070905 +CVE-2007-4727 VULNERABLE (lighttpd) #284511 CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Tue Sep 11 12:59:58 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 11 Sep 2007 08:59:58 -0400 Subject: [Bug 240396] CVE-2007-2654: xfsdump file permissions issue In-Reply-To: Message-ID: <200709111259.l8BCxwCj019569@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2654: xfsdump file permissions issue https://bugzilla.redhat.com/show_bug.cgi?id=240396 esandeen at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Fixed In Version| |xfsdump-2.2.42-2.fc6 Resolution| |CURRENTRELEASE ------- Additional Comments From esandeen at redhat.com 2007-09-11 08:59 EST ------- xfsdump-2.2.42-2.fc6 is now available in Fedora 6 Extras, and it resolves this issue. Thanks, -Eric -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Tue Sep 11 17:24:21 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Tue, 11 Sep 2007 13:24:21 -0400 Subject: fedora-security/audit fc6,1.253,1.254 fc7,1.95,1.96 Message-ID: <200709111724.l8BHOLWE004715@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4695/audit Modified Files: fc6 fc7 Log Message: Note Fedora updates. Clean-up some old stuff. Move few misplaced lines. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.253 retrieving revision 1.254 diff -u -r1.253 -r1.254 --- fc6 7 Sep 2007 08:42:54 -0000 1.253 +++ fc6 11 Sep 2007 17:24:18 -0000 1.254 @@ -4,10 +4,10 @@ # *CVE are items that need verification for Fedora Core 6 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070907 -# Up to date FC6 as of 20070905 +# Up to date CVE as of CVE email 20070910 +# Up to date FC6 as of 20070910 -CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix +CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf @@ -42,8 +42,9 @@ CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654] -CVE-2007-3782 ** (mysql) -CVE-2007-3781 ** (mysql) +CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44) CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655] CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.95 retrieving revision 1.96 diff -u -r1.95 -r1.96 --- fc7 10 Sep 2007 12:20:21 -0000 1.95 +++ fc7 11 Sep 2007 17:24:18 -0000 1.96 @@ -5,11 +5,11 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Up to date CVE as of CVE email 20070907 -# Up to date FC7 as of 20070905 +# Up to date CVE as of CVE email 20070910 +# Up to date FC7 as of 20070910 CVE-2007-4727 VULNERABLE (lighttpd) #284511 -CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix +CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf @@ -20,19 +20,19 @@ CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020] CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] -CVE-2007-4631 VULNERABLE (qgit) #268381 +CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108] CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] -CVE-2007-4560 VULNERABLE (clamav) #260583 +CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal CVE-2007-4558 version (star, fixed 1.5a84) [since FEDORA-2007-1852] CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018] CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -CVE-2007-4534 backport (vavoom) #256621 [since CVE-2007-4533] -CVE-2007-4533 backport (vavoom) #256621 [since CVE-2007-4533] -CVE-2007-4532 backport (vavoom) #256621 [since CVE-2007-4533] -CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 +CVE-2007-4534 backport (vavoom) #256621 [since FEDORA-2007-1977] +CVE-2007-4533 backport (vavoom) #256621 [since FEDORA-2007-1977] +CVE-2007-4532 backport (vavoom) #256621 [since FEDORA-2007-1977] +CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 [since FEDORA-2007-2050] CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774] CVE-2007-4400 VULNERABLE (konversation) #253545 @@ -53,6 +53,7 @@ CVE-2007-4153 ignore (wordpress) "remote authenticated administrators" CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885] +CVE-2007-4138 VULNERABLE (samba, fixed 3.0.26) #286311 CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852] CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890] CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765] @@ -77,15 +78,16 @@ CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699] CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700] CVE-2007-3799 ** (php) -CVE-2007-3781 ** (mysql) -CVE-2007-3782 ** (mysql) +CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44) CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620] CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3735 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3728 ignore (libsilc, 1.1.1 only) -CVE-2007-3725 ** (clamav) +CVE-2007-3725 version (clamav) [since FEDORA-2007-2050] CVE-2007-3713 backport (centericq) #247979 [since FEDORA-2007-1160] CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130] @@ -98,13 +100,13 @@ CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033] CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045] -CVE-2007-3478 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3477 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3476 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3475 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3474 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3473 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3472 VULNERABLE (gd, fixed 2.0.35) #277411 +CVE-2007-3478 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3477 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3476 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3475 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3474 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3473 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3472 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] CVE-2007-3410 backport (HelixPlayer) #245838 [since FEDORA-2007-0756] CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807 CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] @@ -130,28 +132,27 @@ CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3239 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3238 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] -CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366] CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) -CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444] -CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765] -CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] -CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674] CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] CVE-2007-3145 VULNERABLE (galeon) ** CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3126 ignore (gimp) just a crash -CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] +CVE-2007-3122 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] CVE-2007-3121 version (zvbi, fixed 0.2.25) [since FEDORA-2007-0175] *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 +CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444] +CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765] +CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] +CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] CVE-2007-3089 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3025 ignore (clamav, Solaris only) -CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3024 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] +CVE-2007-3023 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009] @@ -182,7 +183,7 @@ CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033] CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 CVE-2007-2683 backport (mutt) -*CVE-2007-2654 VULNERABLE (xfsdump) #240396 +CVE-2007-2654 version (xfsdump) #240396 CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] CVE-2007-2645 backport (libexif) #240055 [since FEDORA-2007-0414] *CVE-2007-2637 patch (moin, fixed 1.5.7-2) @@ -222,8 +223,8 @@ *CVE-2007-2165 VULNERABLE (proftpd) #237533 CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174] CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) -CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-2028 (freeradius) +CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] +CVE-2007-2028 version (freeradius) *CVE-2007-2026 (file) CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) CVE-2007-1997 version (clamav, fixed in 0.90.2) @@ -297,7 +298,7 @@ CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 CVE-2007-1401 ignore (php) unshipped cracklib extension CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) -*CVE-2007-1398 ignore (snort, inline mode not shipped) #232109 +CVE-2007-1398 ignore (snort, inline mode not shipped) #232109, new upstream [since FEDORA-2007-2060] CVE-2007-1396 ignore (php) feature, not a flaw *CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3) @@ -622,7 +623,7 @@ *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 -*CVE-2006-5276 VULNERABLE (snort) #229265 +CVE-2006-5276 version (snort) #229265 [since FEDORA-2007-2060] CVE-2006-5229 ignore (openssh) not reproduced CVE-2006-5215 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-1409] *CVE-2006-5215 version (xorg-x11-xdm) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Tue Sep 11 17:49:32 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Tue, 11 Sep 2007 13:49:32 -0400 Subject: fedora-security/audit fc6,1.254,1.255 fc7,1.96,1.97 Message-ID: <200709111749.l8BHnWWD005401@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5379/audit Modified Files: fc6 fc7 Log Message: Add few more issues Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.254 retrieving revision 1.255 diff -u -r1.254 -r1.255 --- fc6 11 Sep 2007 17:24:18 -0000 1.254 +++ fc6 11 Sep 2007 17:49:30 -0000 1.255 @@ -7,7 +7,9 @@ # Up to date CVE as of CVE email 20070910 # Up to date FC6 as of 20070910 +CVE-2007-4752 VULNERABLE (openssh) #280471 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] +CVE-2007-4730 VULNERABLE (xorg-x11) #286061 CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.96 retrieving revision 1.97 diff -u -r1.96 -r1.97 --- fc7 11 Sep 2007 17:24:18 -0000 1.96 +++ fc7 11 Sep 2007 17:49:30 -0000 1.97 @@ -8,8 +8,10 @@ # Up to date CVE as of CVE email 20070910 # Up to date FC7 as of 20070910 -CVE-2007-4727 VULNERABLE (lighttpd) #284511 +CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] +CVE-2007-4730 VULNERABLE (xorg-x11) #286051 +CVE-2007-4727 VULNERABLE (lighttpd) #284511 CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf @@ -290,7 +292,7 @@ CVE-2007-1463 version (inkscape, fixed 0.45.1) CVE-2007-1460 version (php, fixed 5.2.2) CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 -*CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 +CVE-2007-1420 version (mysql, fixed 5.0.36) #232604 CVE-2007-1413 ignore (php) Windows NT SNMP specific CVE-2007-1412 ignore (php) unshipped cpdf extension CVE-2007-1411 ignore (php) unshipped mssql extension -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Sep 12 16:17:09 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Wed, 12 Sep 2007 12:17:09 -0400 Subject: fedora-security/audit fc7,1.97,1.98 Message-ID: <200709121617.l8CGHACP002359@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2338/audit Modified Files: fc7 Log Message: mediawiki XSS Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.97 retrieving revision 1.98 diff -u -r1.97 -r1.98 --- fc7 11 Sep 2007 17:49:30 -0000 1.97 +++ fc7 12 Sep 2007 16:17:07 -0000 1.98 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070910 # Up to date FC7 as of 20070910 +GENERIC-MAP-NOMATCH VULNERABLE (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4730 VULNERABLE (xorg-x11) #286051 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Sep 12 18:24:11 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Wed, 12 Sep 2007 14:24:11 -0400 Subject: fedora-security/audit fc7,1.98,1.99 Message-ID: <200709121824.l8CIOBi2023876@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23837/audit Modified Files: fc7 Log Message: mediawiki cve name Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.98 retrieving revision 1.99 diff -u -r1.98 -r1.99 --- fc7 12 Sep 2007 16:17:07 -0000 1.98 +++ fc7 12 Sep 2007 18:24:08 -0000 1.99 @@ -8,7 +8,7 @@ # Up to date CVE as of CVE email 20070910 # Up to date FC7 as of 20070910 -GENERIC-MAP-NOMATCH VULNERABLE (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 +CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4730 VULNERABLE (xorg-x11) #286051 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Sep 12 20:26:38 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Wed, 12 Sep 2007 16:26:38 -0400 Subject: fedora-security/audit fc7,1.99,1.100 Message-ID: <200709122026.l8CKQcKn012928@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12905 Modified Files: fc7 Log Message: Add some CVE ids Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.99 retrieving revision 1.100 diff -u -r1.99 -r1.100 --- fc7 12 Sep 2007 18:24:08 -0000 1.99 +++ fc7 12 Sep 2007 20:26:35 -0000 1.100 @@ -8,6 +8,8 @@ # Up to date CVE as of CVE email 20070910 # Up to date FC7 as of 20070910 +CVE-2007-4841 ignore (mozilla suite) Windows only +CVE-2007-4840 ignore (php) CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Fri Sep 14 00:11:55 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Sep 2007 20:11:55 -0400 Subject: [Bug 237533] CVE-2007-2165: proftpd auth bypass vulnerability In-Reply-To: Message-ID: <200709140011.l8E0BtBI021585@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=237533 kevin at tummy.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kevin at tummy.com ------- Additional Comments From kevin at tummy.com 2007-09-13 20:11 EST ------- Any further news here? Also, if the 1.3.1rc3 is working fine in devel, would you consider pushing to epel? or is it too disruptive going from 1.3.0a to 1.3.1rc3? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Sep 14 00:15:04 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 13 Sep 2007 20:15:04 -0400 Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities In-Reply-To: Message-ID: <200709140015.l8E0F4qj026722@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=243592 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora kevin at tummy.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kevin at tummy.com ------- Additional Comments From kevin at tummy.com 2007-09-13 20:15 EST ------- Any further word here? Is 0.8.6j vulnerable? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Fri Sep 14 00:23:21 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Thu, 13 Sep 2007 20:23:21 -0400 Subject: fedora-security/audit epel5,1.2,1.3 Message-ID: <200709140023.l8E0NLRN031469@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31447 Modified Files: epel5 Log Message: Process a bunch more epel5 packages Index: epel5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel5,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- epel5 5 Sep 2007 04:53:03 -0000 1.2 +++ epel5 14 Sep 2007 00:23:19 -0000 1.3 @@ -3,112 +3,115 @@ # *CVE are items that need verification for EPEL-5 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070829 -# Up to date EPEL5 as of +# Up to date CVE as of CVE email 20070910 +# Up to date EPEL5 as of 20070910 # -*CVE-2007-4631 VULNERABLE (qgit) #268381 -*CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 -*CVE-2007-4560 VULNERABLE (clamav) #260583 -*CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -*CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561 -*CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -*CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -*CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 -*CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] -*CVE-2007-4400 VULNERABLE (konversation) #253545 -*CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] -*CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643 -*CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3725 ** (clamav) -*CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) -*CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445] -*CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904] +*CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 +CVE-2007-4727 version (lighttpd, fixed 1.4.18) #284511 +CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 +CVE-2007-4631 version (qgit, fixed 1.5.7) #268381 +CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 +CVE-2007-4560 VULNERABLE (clamav) #260583 +CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 +CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561 +CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 +CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 +CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 +*CVE-2007-4462 version (po4a) #253541 +CVE-2007-4400 VULNERABLE (konversation) #253545 +CVE-2007-4323 backport (denyhosts) #252291 +*CVE-2007-4321 backport (fail2ban) #252290 +CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3725 ** (clamav) +CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) +CVE-2007-3555 version (moodle) #247528 +CVE-2007-3528 version (dar, fixed 2.3.4) #246760 *CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383] -*CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) -*CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] -*CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] -*CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3113 VULNERABLE (cacti) #243592 -*CVE-2007-3112 VULNERABLE (cacti) #243592 -*CVE-2007-3025 ignore (clamav, Solaris only) -*CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469] -*CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 -*CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] -*CVE-2007-2637 patch (moin, fixed 1.5.7-2) -*CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) +CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3113 VULNERABLE (cacti) #243592 +CVE-2007-3112 VULNERABLE (cacti) #243592 +CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 +CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 +CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395 +CVE-2007-2637 patch (moin, fixed 1.5.7-2) +CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 -*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 -*CVE-2007-2165 VULNERABLE (proftpd) #237533 -*CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) -*CVE-2007-1997 version (clamav, fixed in 0.90.2) -*CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 -*CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 -*CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 +CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 +CVE-2007-2165 VULNERABLE (proftpd) #237533 +CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) +CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2) +CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703 +CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 +CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1515 version (imp, fixed 4.1.4) *CVE-2007-1474 version (horde, fixed 3.1.4) *CVE-2007-1474 ignore (imp, < 4.x only) *CVE-2007-1473 version (horde, fixed 3.1.4) -*CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 -*CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 -*CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 -*CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) -*CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) -*CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 -*CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) +CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 +CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 +CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 +CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) +CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) +CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 +CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1263 version (gpgme, fixed 1.1.4) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) *CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] -*CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 -*CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 -*CVE-2007-0898 version (clamav, fixed 0.90) #229202 -*CVE-2007-0897 version (clamav, fixed 0.90) #229202 +CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 +CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 +CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202 +CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202 *CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 -*CVE-2007-0857 version (moin, fixed 1.5.7) #228139 -*CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 +CVE-2007-0857 version (moin, fixed 1.5.7) #228139 +CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 *CVE-2007-0469 version (rubygems, fixed 0.9.1) -*CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) -*CVE-2007-0242 patch (qt4, fixed 4.2.3-7) -*CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 +CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) +CVE-2007-0242 VULNERABLE (qt4, fixed 4.2.3-7) +CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 *CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 -*CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 -*CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 -*CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) -*CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) -*CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 -*CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 -*CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 -*CVE-2006-6481 version (clamav, fixed 0.88.7) -*CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 +CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 +CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 +CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) +CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) +CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 +CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 +CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 +CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7) +CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095 *CVE-2006-6374 ** (phpMyAdmin) #218853 -*CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 -*CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 +CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 +CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 -*CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 -*CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 +CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 +CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950 *CVE-2006-6085 version (kile, fixed 1.9.3) #217238 -*CVE-2006-5874 version (clamav, fixed 0.88.1) -*CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 -*CVE-2006-5848 version (trac, fixed 0.10.1) #215077 -*CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 +CVE-2006-5874 version (clamav, fixed 0.88.1) +CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 +CVE-2006-5848 version (trac, fixed 0.10.1) #215077 +CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 CVE-2006-5602 version (xsupplicant, fixed 1.2.6) CVE-2006-5601 version (xsupplicant, fixed 1.2.8) #212700 CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Fri Sep 14 21:08:25 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 14 Sep 2007 17:08:25 -0400 Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities In-Reply-To: Message-ID: <200709142108.l8EL8Ppi002542@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=243592 ------- Additional Comments From mmcgrath at redhat.com 2007-09-14 17:08 EST ------- Confirmed, it is. I'll apply the patches and push soon. it has been fixed in 0.8.7 already but that is not an official release yet. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Mon Sep 17 07:53:34 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Mon, 17 Sep 2007 03:53:34 -0400 Subject: fedora-security/audit fc6,1.255,1.256 fc7,1.100,1.101 Message-ID: <200709170753.l8H7rYr4025487@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25374/audit Modified Files: fc6 fc7 Log Message: Add ekiga, wordpress Track updates release to FC6 & F7 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.255 retrieving revision 1.256 diff -u -r1.255 -r1.256 --- fc6 11 Sep 2007 17:49:30 -0000 1.255 +++ fc6 17 Sep 2007 07:53:32 -0000 1.256 @@ -4,9 +4,10 @@ # *CVE are items that need verification for Fedora Core 6 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070910 -# Up to date FC6 as of 20070910 +# Up to date CVE as of CVE email 20070914 +# Up to date FC6 as of 20070916 +CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9 ?) CVE-2007-4752 VULNERABLE (openssh) #280471 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] CVE-2007-4730 VULNERABLE (xorg-x11) #286061 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.100 retrieving revision 1.101 diff -u -r1.100 -r1.101 --- fc7 12 Sep 2007 20:26:35 -0000 1.100 +++ fc7 17 Sep 2007 07:53:32 -0000 1.101 @@ -5,16 +5,19 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Up to date CVE as of CVE email 20070910 -# Up to date FC7 as of 20070910 +# Up to date CVE as of CVE email 20070914 +# Up to date FC7 as of 20070916 +CVE-2007-4897 version (ekiga, version 2.0.9 ?) +CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] +CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4841 ignore (mozilla suite) Windows only CVE-2007-4840 ignore (php) CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4730 VULNERABLE (xorg-x11) #286051 -CVE-2007-4727 VULNERABLE (lighttpd) #284511 +CVE-2007-4727 version (lighttpd) #284511 [since FEDORA-2007-2132] CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf @@ -58,7 +61,7 @@ CVE-2007-4153 ignore (wordpress) "remote authenticated administrators" CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885] -CVE-2007-4138 VULNERABLE (samba, fixed 3.0.26) #286311 +CVE-2007-4138 version (samba, fixed 3.0.26) #286311 [since FEDORA-2007-2145] CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852] CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890] CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Sep 17 09:52:57 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Mon, 17 Sep 2007 05:52:57 -0400 Subject: fedora-security/audit fc6,1.256,1.257 fc7,1.101,1.102 Message-ID: <200709170952.l8H9qvd5009322@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9302 Modified Files: fc6 fc7 Log Message: QT is not embargoed anymore, track for fedora Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.256 retrieving revision 1.257 diff -u -r1.256 -r1.257 --- fc6 17 Sep 2007 07:53:32 -0000 1.256 +++ fc6 17 Sep 2007 09:52:54 -0000 1.257 @@ -27,6 +27,7 @@ CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664] +CVE-2007-4137 VULNERABLE (qt) #292951 CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254129 CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-683] CVE-2007-4029 backport (libvorbis) #250600 [since FEDORA-2007-677] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.101 retrieving revision 1.102 diff -u -r1.101 -r1.102 --- fc7 17 Sep 2007 07:53:32 -0000 1.101 +++ fc7 17 Sep 2007 09:52:54 -0000 1.102 @@ -62,6 +62,7 @@ CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885] CVE-2007-4138 version (samba, fixed 3.0.26) #286311 [since FEDORA-2007-2145] +CVE-2007-4137 VULNERABLE (qt) #292941 CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852] CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890] CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Sep 17 10:09:37 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Mon, 17 Sep 2007 06:09:37 -0400 Subject: fedora-security/audit fc6,1.257,1.258 fc7,1.102,1.103 Message-ID: <200709171009.l8HA9bRj015545@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15525 Modified Files: fc6 fc7 Log Message: wpa_supplicant Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.257 retrieving revision 1.258 diff -u -r1.257 -r1.258 --- fc6 17 Sep 2007 09:52:54 -0000 1.257 +++ fc6 17 Sep 2007 10:09:34 -0000 1.258 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC6 as of 20070916 +GENERIC-MAP-NOMATCH VULNERABLE (wpa_supplicant) #293011 CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9 ?) CVE-2007-4752 VULNERABLE (openssh) #280471 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.102 retrieving revision 1.103 diff -u -r1.102 -r1.103 --- fc7 17 Sep 2007 09:52:54 -0000 1.102 +++ fc7 17 Sep 2007 10:09:34 -0000 1.103 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 +GENERIC-MAP-NOMATCH VULNERABLE (wpa_supplicant) #293011 CVE-2007-4897 version (ekiga, version 2.0.9 ?) CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Sep 17 10:41:14 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Mon, 17 Sep 2007 06:41:14 -0400 Subject: fedora-security/audit fc7,1.103,1.104 Message-ID: <200709171041.l8HAfEBj020673@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20654 Modified Files: fc7 Log Message: nx Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.103 retrieving revision 1.104 diff -u -r1.103 -r1.104 --- fc7 17 Sep 2007 10:09:34 -0000 1.103 +++ fc7 17 Sep 2007 10:41:12 -0000 1.104 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 +GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 GENERIC-MAP-NOMATCH VULNERABLE (wpa_supplicant) #293011 CVE-2007-4897 version (ekiga, version 2.0.9 ?) CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Sep 17 11:01:41 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Mon, 17 Sep 2007 07:01:41 -0400 Subject: fedora-security/audit fc7,1.104,1.105 Message-ID: <200709171101.l8HB1f7c029062@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28843 Modified Files: fc7 Log Message: Our libextractor is too new (libextractor-0.5.17a-1.fc7), xpdf code not used since 0.5.12 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.104 retrieving revision 1.105 diff -u -r1.104 -r1.105 --- fc7 17 Sep 2007 10:41:12 -0000 1.104 +++ fc7 17 Sep 2007 11:01:38 -0000 1.105 @@ -132,7 +132,7 @@ CVE-2007-3387 backport (kdegraphics) #251509 [since FEDORA-2007-1594] CVE-2007-3387 backport (koffice) #251522 [since FEDORA-2007-1614] CVE-2007-3387 backport (cups) #251518 [since FEDORA-2007-1541] -CVE-2007-3387 ** (libextractor) +CVE-2007-3387 ignore (libextractor) http://bugs.gentoo.org/show_bug.cgi?id=188169 CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362] CVE-2007-3378 ignore (php) safe mode escape -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Sep 17 12:02:11 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Mon, 17 Sep 2007 08:02:11 -0400 Subject: fedora-security/audit fc7,1.105,1.106 Message-ID: <200709171202.l8HC2B4e004254@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4197 Modified Files: fc7 Log Message: Duplicity Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.105 retrieving revision 1.106 diff -u -r1.105 -r1.106 --- fc7 17 Sep 2007 11:01:38 -0000 1.105 +++ fc7 17 Sep 2007 12:02:09 -0000 1.106 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 +GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 GENERIC-MAP-NOMATCH VULNERABLE (wpa_supplicant) #293011 CVE-2007-4897 version (ekiga, version 2.0.9 ?) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Sep 17 15:03:18 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Mon, 17 Sep 2007 11:03:18 -0400 Subject: fedora-security/audit fc6,1.258,1.259 fc7,1.106,1.107 Message-ID: <200709171503.l8HF3IkC007590@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7566/audit Modified Files: fc6 fc7 Log Message: Add quagga bgpd DoS Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.258 retrieving revision 1.259 diff -u -r1.258 -r1.259 --- fc6 17 Sep 2007 10:09:34 -0000 1.258 +++ fc6 17 Sep 2007 15:03:16 -0000 1.259 @@ -9,6 +9,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (wpa_supplicant) #293011 CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9 ?) +CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) CVE-2007-4752 VULNERABLE (openssh) #280471 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] CVE-2007-4730 VULNERABLE (xorg-x11) #286061 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.106 retrieving revision 1.107 diff -u -r1.106 -r1.107 --- fc7 17 Sep 2007 12:02:09 -0000 1.106 +++ fc7 17 Sep 2007 15:03:16 -0000 1.107 @@ -17,6 +17,7 @@ CVE-2007-4841 ignore (mozilla suite) Windows only CVE-2007-4840 ignore (php) CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 +CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) in updates-testing CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4730 VULNERABLE (xorg-x11) #286051 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From lkundrak at redhat.com Mon Sep 17 15:27:47 2007 From: lkundrak at redhat.com (Lubomir Kundrak) Date: Mon, 17 Sep 2007 17:27:47 +0200 Subject: Separate list for commits Message-ID: <1190042867.7861.22.camel@localhost.localdomain> Hi all, Wit the volume of the commit messagaes and bugzilla mails this list became less suited for discussions. Would anyone mind creating another list, say fedora-security-commits-list, where would that sort of mails go? Regards, -- Lubomir Kundrak (Security Response Team) Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic Registered in Brno under #CZ27690016 From fedora-extras-commits at redhat.com Mon Sep 17 15:42:30 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Mon, 17 Sep 2007 11:42:30 -0400 Subject: fedora-security/audit fc6,1.259,1.260 fc7,1.107,1.108 Message-ID: <200709171542.l8HFgUvp009592@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9548/audit Modified Files: fc6 fc7 Log Message: OOo tiff heap overflow is public now Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.259 retrieving revision 1.260 diff -u -r1.259 -r1.260 --- fc6 17 Sep 2007 15:03:16 -0000 1.259 +++ fc6 17 Sep 2007 15:42:28 -0000 1.260 @@ -91,6 +91,7 @@ CVE-2007-2869 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-2868 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-2867 version (mozilla) #241840 [since FEDORA-2007-549] +CVE-2007-2834 VULNERABLE (openoffice.org, fixed 2.3) #293371 CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-538] CVE-2007-2797 version (xterm) CVE-2007-2453 version (kernel) [since FEDORA-2007-600] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.107 retrieving revision 1.108 diff -u -r1.107 -r1.108 --- fc7 17 Sep 2007 15:03:16 -0000 1.107 +++ fc7 17 Sep 2007 15:42:28 -0000 1.108 @@ -187,6 +187,7 @@ CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469] CVE-2007-2844 ignore (php) #241641 CVE-2007-2843 ignore (konqueror) safari specific +CVE-2007-2834 VULNERABLE (openoffice.org, fixed 2.3) #293361 CVE-2007-2821 version (wordpress, fixed 2.2) #245211 [since FEDORA-2007-0894] CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-0836] CVE-2007-2798 version (krb5, 1.6.1) [since FEDORA-2007-0740] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From kevin at tummy.com Mon Sep 17 21:22:35 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Mon, 17 Sep 2007 15:22:35 -0600 Subject: Separate list for commits In-Reply-To: <1190042867.7861.22.camel@localhost.localdomain> References: <1190042867.7861.22.camel@localhost.localdomain> Message-ID: <20070917152235.22da91ac@ghistelwchlohm.scrye.com> On Mon, 17 Sep 2007 17:27:47 +0200 Lubomir Kundrak wrote: > Hi all, > > Wit the volume of the commit messagaes and bugzilla mails this list > became less suited for discussions. Would anyone mind creating another > list, say fedora-security-commits-list, where would that sort of mails > go? I filter such emails into another box, so discussion shows up just fine here. Perhaps we could use mailman "Topics" support better here? ie, make all bugzilla and commits emails have their own topic. If you just subscribe you get everything, but if you don't want everything you can change your topics so you don't get the things you don't want? Or for that matter, perhaps we could just get the regular commits list to have a security topic for people who only want security commits? Just a thought. > Regards, kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From bugzilla at redhat.com Tue Sep 18 03:24:43 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Sep 2007 23:24:43 -0400 Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities In-Reply-To: Message-ID: <200709180324.l8I3OhYr027222@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=243592 ------- Additional Comments From updates at fedoraproject.org 2007-09-17 23:24 EST ------- cacti-0.8.6j-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Sep 18 03:24:44 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 17 Sep 2007 23:24:44 -0400 Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities In-Reply-To: Message-ID: <200709180324.l8I3OiKS027247@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=243592 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |0.8.6j-8.fc7 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From lkundrak at redhat.com Tue Sep 18 12:49:41 2007 From: lkundrak at redhat.com (Lubomir Kundrak) Date: Tue, 18 Sep 2007 14:49:41 +0200 Subject: Separate list for commits In-Reply-To: <20070917152235.22da91ac@ghistelwchlohm.scrye.com> References: <1190042867.7861.22.camel@localhost.localdomain> <20070917152235.22da91ac@ghistelwchlohm.scrye.com> Message-ID: <1190119781.3341.13.camel@localhost.localdomain> On Mon, 2007-09-17 at 15:22 -0600, Kevin Fenzi wrote: > On Mon, 17 Sep 2007 17:27:47 +0200 > Lubomir Kundrak wrote: > > > Hi all, > > > > Wit the volume of the commit messagaes and bugzilla mails this list > > became less suited for discussions. Would anyone mind creating another > > list, say fedora-security-commits-list, where would that sort of mails > > go? > > I filter such emails into another box, so discussion shows up just > fine here. > > Perhaps we could use mailman "Topics" support better here? > > ie, make all bugzilla and commits emails have their own topic. > If you just subscribe you get everything, but if you don't want > everything you can change your topics so you don't get the things you > don't want? > > Or for that matter, perhaps we could just get the regular commits list > to have a security topic for people who only want security commits? I would want to avoid topics. Most people don't know what they are. I find a separate list much more convenient. -- Lubomir Kundrak (Red Hat Security Response Team) From eugeneteo at kernel.sg Tue Sep 18 14:14:15 2007 From: eugeneteo at kernel.sg (Eugene Teo) Date: Tue, 18 Sep 2007 22:14:15 +0800 Subject: Separate list for commits In-Reply-To: <1190042867.7861.22.camel@localhost.localdomain> References: <1190042867.7861.22.camel@localhost.localdomain> Message-ID: <20070918141415.GA5736@kernel.sg> > Hi all, > > Wit the volume of the commit messagaes and bugzilla mails this list > became less suited for discussions. Would anyone mind creating another > list, say fedora-security-commits-list, where would that sort of mails > go? It makes a lot of sense to do it this way. Generally we want to separate these noise from the actual discussion. It also makes searching for mails in the archive easier. Eugene From lkundrak at redhat.com Tue Sep 18 14:40:22 2007 From: lkundrak at redhat.com (Lubomir Kundrak) Date: Tue, 18 Sep 2007 16:40:22 +0200 Subject: [RFC] Tracking bugs for Fedora; managing security flaws in multiple supported releases Message-ID: <1190126422.3341.25.camel@localhost.localdomain> Aim: To have a flexile way to deal with flaws affecting multiple packages in multiple versions of multiple products. http://fedoraproject.org/wiki/LubomirKundrak/TrackingBugsDraft This should grow into documentation on dealing with security flaws for both package maintainer and SRT member. -- Lubomir Kundrak (Security Response Team) Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic Registered in Brno under #CZ27690016 From fedora-extras-commits at redhat.com Tue Sep 18 15:43:25 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Tue, 18 Sep 2007 11:43:25 -0400 Subject: fedora-security/audit fc6,1.260,1.261 fc7,1.108,1.109 Message-ID: <200709181543.l8IFhPZr023894@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23869/audit Modified Files: fc6 fc7 Log Message: Vulnerable rpc code also part of nfs-utils-lib and libtirpc. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.260 retrieving revision 1.261 diff -u -r1.260 -r1.261 --- fc6 17 Sep 2007 15:42:28 -0000 1.260 +++ fc6 18 Sep 2007 15:43:23 -0000 1.261 @@ -36,6 +36,8 @@ CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] CVE-2007-4000 backport (krb5) [since FEDORA-2007-690] CVE-2007-3999 backport (krb5) [since FEDORA-2007-690] +CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294911 +CVE-2007-3999 VULNERABLE (libtirpc) #294931 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.108 retrieving revision 1.109 diff -u -r1.108 -r1.109 --- fc7 17 Sep 2007 15:42:28 -0000 1.108 +++ fc7 18 Sep 2007 15:43:23 -0000 1.109 @@ -74,6 +74,8 @@ CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017] CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017] +CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294901 +CVE-2007-3999 VULNERABLE (libtirpc) #294921 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From dan.davis at indexengines.com Tue Sep 18 17:42:44 2007 From: dan.davis at indexengines.com (Dan Davis) Date: Tue, 18 Sep 2007 13:42:44 -0400 Subject: Separate list for commits Message-ID: <98A6108AB28CA64FBF8115EDF7C911D060D30F@delaware.indexengines.com> I subscribe to this list so I can get alerted to new CVE related bugs. While the audit files change log was hard to understand at first, I can now easily scan for packages my server relies on, and run yum to get new packages if something is fixed. Is there a better way for me to learn about vulnerabilities? If this is the preferred way, then it would be nice to keep the commit log on this list, so I don't have to subscribe to both. I'd also argue that if this is the preferred way, then a new list for security discussions would be a better way to change things. -----Original Message----- From: fedora-security-list-bounces at redhat.com [mailto:fedora-security-list-bounces at redhat.com] On Behalf Of fedora-security-list-request at redhat.com Sent: Tuesday, September 18, 2007 12:00 PM To: fedora-security-list at redhat.com Subject: Fedora-security-list Digest, Vol 19, Issue 15 Send Fedora-security-list mailing list submissions to fedora-security-list at redhat.com To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/fedora-security-list or, via email, send a message with subject or body 'help' to fedora-security-list-request at redhat.com You can reach the person managing the list at fedora-security-list-owner at redhat.com When replying, please edit your Subject line so it is more specific than "Re: Contents of Fedora-security-list digest..." Today's Topics: 1. Re: Separate list for commits (Kevin Fenzi) 2. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities (bugzilla at redhat.com) 3. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities (bugzilla at redhat.com) 4. Re: Separate list for commits (Lubomir Kundrak) 5. Re: Separate list for commits (Eugene Teo) 6. [RFC] Tracking bugs for Fedora; managing security flaws in multiple supported releases (Lubomir Kundrak) 7. fedora-security/audit fc6,1.260,1.261 fc7,1.108,1.109 (Tomas Hoger (thoger)) ---------------------------------------------------------------------- Message: 1 Date: Mon, 17 Sep 2007 15:22:35 -0600 From: Kevin Fenzi Subject: Re: Separate list for commits To: fedora-security-list at redhat.com Message-ID: <20070917152235.22da91ac at ghistelwchlohm.scrye.com> Keywords: Debian-sarge Content-Type: text/plain; charset="us-ascii" On Mon, 17 Sep 2007 17:27:47 +0200 Lubomir Kundrak wrote: > Hi all, > > Wit the volume of the commit messagaes and bugzilla mails this list > became less suited for discussions. Would anyone mind creating another > list, say fedora-security-commits-list, where would that sort of mails > go? I filter such emails into another box, so discussion shows up just fine here. Perhaps we could use mailman "Topics" support better here? ie, make all bugzilla and commits emails have their own topic. If you just subscribe you get everything, but if you don't want everything you can change your topics so you don't get the things you don't want? Or for that matter, perhaps we could just get the regular commits list to have a security topic for people who only want security commits? Just a thought. > Regards, kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available Url : https://www.redhat.com/archives/fedora-security-list/attachments/2007091 7/e611a15e/signature.bin ------------------------------ Message: 2 Date: Mon, 17 Sep 2007 23:24:43 -0400 From: bugzilla at redhat.com Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities To: fedora-security-list at redhat.com Message-ID: <200709180324.l8I3OhYr027222 at bz-web2.app.phx.redhat.com> Content-Type: text/plain; charset=utf-8 Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=243592 ------- Additional Comments From updates at fedoraproject.org 2007-09-17 23:24 EST ------- cacti-0.8.6j-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ------------------------------ Message: 3 Date: Mon, 17 Sep 2007 23:24:44 -0400 From: bugzilla at redhat.com Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities To: fedora-security-list at redhat.com Message-ID: <200709180324.l8I3OiKS027247 at bz-web2.app.phx.redhat.com> Content-Type: text/plain; charset=utf-8 Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=243592 updates at fedoraproject.org changed: What |Removed |Added ------------------------------------------------------------------------ ---- Status|ASSIGNED |CLOSED Resolution| |ERRATA Fixed In Version| |0.8.6j-8.fc7 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. ------------------------------ Message: 4 Date: Tue, 18 Sep 2007 14:49:41 +0200 From: Lubomir Kundrak Subject: Re: Separate list for commits To: Kevin Fenzi Cc: fedora-security-list at redhat.com Message-ID: <1190119781.3341.13.camel at localhost.localdomain> Content-Type: text/plain On Mon, 2007-09-17 at 15:22 -0600, Kevin Fenzi wrote: > On Mon, 17 Sep 2007 17:27:47 +0200 > Lubomir Kundrak wrote: > > > Hi all, > > > > Wit the volume of the commit messagaes and bugzilla mails this list > > became less suited for discussions. Would anyone mind creating another > > list, say fedora-security-commits-list, where would that sort of mails > > go? > > I filter such emails into another box, so discussion shows up just > fine here. > > Perhaps we could use mailman "Topics" support better here? > > ie, make all bugzilla and commits emails have their own topic. > If you just subscribe you get everything, but if you don't want > everything you can change your topics so you don't get the things you > don't want? > > Or for that matter, perhaps we could just get the regular commits list > to have a security topic for people who only want security commits? I would want to avoid topics. Most people don't know what they are. I find a separate list much more convenient. -- Lubomir Kundrak (Red Hat Security Response Team) ------------------------------ Message: 5 Date: Tue, 18 Sep 2007 22:14:15 +0800 From: Eugene Teo Subject: Re: Separate list for commits To: Lubomir Kundrak Cc: fedora-security-list at redhat.com Message-ID: <20070918141415.GA5736 at kernel.sg> Content-Type: text/plain; charset=us-ascii > Hi all, > > Wit the volume of the commit messagaes and bugzilla mails this list > became less suited for discussions. Would anyone mind creating another > list, say fedora-security-commits-list, where would that sort of mails > go? It makes a lot of sense to do it this way. Generally we want to separate these noise from the actual discussion. It also makes searching for mails in the archive easier. Eugene ------------------------------ Message: 6 Date: Tue, 18 Sep 2007 16:40:22 +0200 From: Lubomir Kundrak Subject: [RFC] Tracking bugs for Fedora; managing security flaws in multiple supported releases To: fedora-security-list at redhat.com Message-ID: <1190126422.3341.25.camel at localhost.localdomain> Content-Type: text/plain Aim: To have a flexile way to deal with flaws affecting multiple packages in multiple versions of multiple products. http://fedoraproject.org/wiki/LubomirKundrak/TrackingBugsDraft This should grow into documentation on dealing with security flaws for both package maintainer and SRT member. -- Lubomir Kundrak (Security Response Team) Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic Registered in Brno under #CZ27690016 ------------------------------ Message: 7 Date: Tue, 18 Sep 2007 11:43:25 -0400 From: "Tomas Hoger" (thoger) Subject: fedora-security/audit fc6,1.260,1.261 fc7,1.108,1.109 To: fedora-extras-commits at redhat.com Message-ID: <200709181543.l8IFhPZr023894 at cvs-int.fedora.redhat.com> Content-Type: TEXT/PLAIN; charset=US-ASCII Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23869/audit Modified Files: fc6 fc7 Log Message: Vulnerable rpc code also part of nfs-utils-lib and libtirpc. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.260 retrieving revision 1.261 diff -u -r1.260 -r1.261 --- fc6 17 Sep 2007 15:42:28 -0000 1.260 +++ fc6 18 Sep 2007 15:43:23 -0000 1.261 @@ -36,6 +36,8 @@ CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] CVE-2007-4000 backport (krb5) [since FEDORA-2007-690] CVE-2007-3999 backport (krb5) [since FEDORA-2007-690] +CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294911 +CVE-2007-3999 VULNERABLE (libtirpc) #294931 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.108 retrieving revision 1.109 diff -u -r1.108 -r1.109 --- fc7 17 Sep 2007 15:42:28 -0000 1.108 +++ fc7 18 Sep 2007 15:43:23 -0000 1.109 @@ -74,6 +74,8 @@ CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017] CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017] +CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294901 +CVE-2007-3999 VULNERABLE (libtirpc) #294921 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits ------------------------------ -- Fedora-security-list mailing list Fedora-security-list at redhat.com https://www.redhat.com/mailman/listinfo/fedora-security-list End of Fedora-security-list Digest, Vol 19, Issue 15 **************************************************** From kevin at tummy.com Tue Sep 18 18:50:03 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Tue, 18 Sep 2007 12:50:03 -0600 Subject: [RFC] Tracking bugs for Fedora; managing security flaws in multiple supported releases In-Reply-To: <1190126422.3341.25.camel@localhost.localdomain> References: <1190126422.3341.25.camel@localhost.localdomain> Message-ID: <20070918125003.7d2c48b9@ghistelwchlohm.scrye.com> On Tue, 18 Sep 2007 16:40:22 +0200 Lubomir Kundrak wrote: > Aim: To have a flexile way to deal with flaws affecting multiple > packages in multiple versions of multiple products. > > http://fedoraproject.org/wiki/LubomirKundrak/TrackingBugsDraft > > This should grow into documentation on dealing with security flaws for > both package maintainer and SRT member. This looks good to me... kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From lkundrak at redhat.com Wed Sep 19 09:01:36 2007 From: lkundrak at redhat.com (Lubomir Kundrak) Date: Wed, 19 Sep 2007 11:01:36 +0200 Subject: Separate list for commits In-Reply-To: <98A6108AB28CA64FBF8115EDF7C911D060D30F@delaware.indexengines.com> References: <98A6108AB28CA64FBF8115EDF7C911D060D30F@delaware.indexengines.com> Message-ID: <1190192496.3341.37.camel@localhost.localdomain> On Tue, 2007-09-18 at 13:42 -0400, Dan Davis wrote: > I subscribe to this list so I can get alerted to new CVE related bugs. > While the audit files change log was hard to understand at first, I > can > now easily scan for packages my server relies on, and run yum to get > new > packages if something is fixed. > > Is there a better way for me to learn about vulnerabilities? If this > is > the preferred way, then it would be nice to keep the commit log on > this > list, so I don't have to subscribe to both. Well, that sounds fair, but be warned, that the audit files are specially for our track and doesn't have to be 100% reliable. Watching the package announce list for [SECURITY] things can be always relied on, though it will have some latency compared to this, as packagers need time to roll updates. Anyways, knowing about the vulnerability and not having the updated package avaliable is not always usable. > I'd also argue that if this > is the preferred way, then a new list for security discussions would > be > a better way to change things. So you are for separating the lists. Is the only issue the name of the list? In that case, the CVS logs traditionally go to -commits mailing lists. I assume it won't be much of an issue for you to subscribe to that one and unsubscribe this one eventually, if you're not interested in discussions, just in raw audit data. > > -----Original Message----- > From: fedora-security-list-bounces at redhat.com > [mailto:fedora-security-list-bounces at redhat.com] On Behalf Of > fedora-security-list-request at redhat.com > Sent: Tuesday, September 18, 2007 12:00 PM > To: fedora-security-list at redhat.com > Subject: Fedora-security-list Digest, Vol 19, Issue 15 > > Send Fedora-security-list mailing list submissions to > fedora-security-list at redhat.com > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.redhat.com/mailman/listinfo/fedora-security-list > or, via email, send a message with subject or body 'help' to > fedora-security-list-request at redhat.com > > You can reach the person managing the list at > fedora-security-list-owner at redhat.com > > When replying, please edit your Subject line so it is more specific than > "Re: Contents of Fedora-security-list digest..." > > > Today's Topics: > > 1. Re: Separate list for commits (Kevin Fenzi) > 2. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS > vulnerabilities (bugzilla at redhat.com) > 3. [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS > vulnerabilities (bugzilla at redhat.com) > 4. Re: Separate list for commits (Lubomir Kundrak) > 5. Re: Separate list for commits (Eugene Teo) > 6. [RFC] Tracking bugs for Fedora; managing security flaws in > multiple supported releases (Lubomir Kundrak) > 7. fedora-security/audit fc6,1.260,1.261 fc7,1.108,1.109 > (Tomas Hoger (thoger)) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 17 Sep 2007 15:22:35 -0600 > From: Kevin Fenzi > Subject: Re: Separate list for commits > To: fedora-security-list at redhat.com > Message-ID: <20070917152235.22da91ac at ghistelwchlohm.scrye.com> > Keywords: Debian-sarge > Content-Type: text/plain; charset="us-ascii" > > On Mon, 17 Sep 2007 17:27:47 +0200 > Lubomir Kundrak wrote: > > > Hi all, > > > > Wit the volume of the commit messagaes and bugzilla mails this list > > became less suited for discussions. Would anyone mind creating another > > > list, say fedora-security-commits-list, where would that sort of mails > > > go? > > I filter such emails into another box, so discussion shows up just fine > here. > > Perhaps we could use mailman "Topics" support better here? > > ie, make all bugzilla and commits emails have their own topic. > If you just subscribe you get everything, but if you don't want > everything you can change your topics so you don't get the things you > don't want? > > Or for that matter, perhaps we could just get the regular commits list > to have a security topic for people who only want security commits? > > Just a thought. > > > Regards, > > kevin > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 189 bytes > Desc: not available > Url : > https://www.redhat.com/archives/fedora-security-list/attachments/2007091 > 7/e611a15e/signature.bin > > ------------------------------ > > Message: 2 > Date: Mon, 17 Sep 2007 23:24:43 -0400 > From: bugzilla at redhat.com > Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS > vulnerabilities > To: fedora-security-list at redhat.com > Message-ID: <200709180324.l8I3OhYr027222 at bz-web2.app.phx.redhat.com> > Content-Type: text/plain; charset=utf-8 > > Please do not reply directly to this email. All additional comments > should be made in the comments box of this bug report. > > Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities > > > https://bugzilla.redhat.com/show_bug.cgi?id=243592 > > > > > > ------- Additional Comments From updates at fedoraproject.org 2007-09-17 > 23:24 EST ------- > cacti-0.8.6j-8.fc7 has been pushed to the Fedora 7 stable repository. > If problems still persist, please make note of it in this bug report. > > -- > Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email > ------- You are receiving this mail because: ------- You are on the CC > list for the bug, or are watching someone who is. > > > > ------------------------------ > > Message: 3 > Date: Mon, 17 Sep 2007 23:24:44 -0400 > From: bugzilla at redhat.com > Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS > vulnerabilities > To: fedora-security-list at redhat.com > Message-ID: <200709180324.l8I3OiKS027247 at bz-web2.app.phx.redhat.com> > Content-Type: text/plain; charset=utf-8 > > Please do not reply directly to this email. All additional > comments should be made in the comments box of this bug report. > > Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities > > > https://bugzilla.redhat.com/show_bug.cgi?id=243592 > > > updates at fedoraproject.org changed: > > What |Removed |Added > ------------------------------------------------------------------------ > ---- > Status|ASSIGNED |CLOSED > Resolution| |ERRATA > Fixed In Version| |0.8.6j-8.fc7 > > > > > -- > Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email > ------- You are receiving this mail because: ------- > You are on the CC list for the bug, or are watching someone who is. > > > > ------------------------------ > > Message: 4 > Date: Tue, 18 Sep 2007 14:49:41 +0200 > From: Lubomir Kundrak > Subject: Re: Separate list for commits > To: Kevin Fenzi > Cc: fedora-security-list at redhat.com > Message-ID: <1190119781.3341.13.camel at localhost.localdomain> > Content-Type: text/plain > > On Mon, 2007-09-17 at 15:22 -0600, Kevin Fenzi wrote: > > On Mon, 17 Sep 2007 17:27:47 +0200 > > Lubomir Kundrak wrote: > > > > > Hi all, > > > > > > Wit the volume of the commit messagaes and bugzilla mails this list > > > became less suited for discussions. Would anyone mind creating > another > > > list, say fedora-security-commits-list, where would that sort of > mails > > > go? > > > > I filter such emails into another box, so discussion shows up just > > fine here. > > > > Perhaps we could use mailman "Topics" support better here? > > > > ie, make all bugzilla and commits emails have their own topic. > > If you just subscribe you get everything, but if you don't want > > everything you can change your topics so you don't get the things you > > don't want? > > > > Or for that matter, perhaps we could just get the regular commits list > > to have a security topic for people who only want security commits? > > I would want to avoid topics. Most people don't know what they are. I > find a separate list much more convenient. > > -- > Lubomir Kundrak (Red Hat Security Response Team) > > > > ------------------------------ > > Message: 5 > Date: Tue, 18 Sep 2007 22:14:15 +0800 > From: Eugene Teo > Subject: Re: Separate list for commits > To: Lubomir Kundrak > Cc: fedora-security-list at redhat.com > Message-ID: <20070918141415.GA5736 at kernel.sg> > Content-Type: text/plain; charset=us-ascii > > > > Hi all, > > > > Wit the volume of the commit messagaes and bugzilla mails this list > > became less suited for discussions. Would anyone mind creating another > > list, say fedora-security-commits-list, where would that sort of mails > > go? > > It makes a lot of sense to do it this way. Generally we want to separate > these noise from the actual discussion. It also makes searching for > mails in the archive easier. > > Eugene > > > > ------------------------------ > > Message: 6 > Date: Tue, 18 Sep 2007 16:40:22 +0200 > From: Lubomir Kundrak > Subject: [RFC] Tracking bugs for Fedora; managing security flaws in > multiple supported releases > To: fedora-security-list at redhat.com > Message-ID: <1190126422.3341.25.camel at localhost.localdomain> > Content-Type: text/plain > > Aim: To have a flexile way to deal with flaws affecting multiple > packages in multiple versions of multiple products. > > http://fedoraproject.org/wiki/LubomirKundrak/TrackingBugsDraft > > This should grow into documentation on dealing with security flaws for > both package maintainer and SRT member. > > -- > Lubomir Kundrak (Security Response Team) > Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic > Registered in Brno under #CZ27690016 > > > > ------------------------------ > > Message: 7 > Date: Tue, 18 Sep 2007 11:43:25 -0400 > From: "Tomas Hoger" (thoger) > Subject: fedora-security/audit fc6,1.260,1.261 fc7,1.108,1.109 > To: fedora-extras-commits at redhat.com > Message-ID: <200709181543.l8IFhPZr023894 at cvs-int.fedora.redhat.com> > Content-Type: TEXT/PLAIN; charset=US-ASCII > > Author: thoger > > Update of /cvs/fedora/fedora-security/audit > In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23869/audit > > Modified Files: > fc6 fc7 > Log Message: > Vulnerable rpc code also part of nfs-utils-lib and libtirpc. > > > > Index: fc6 > =================================================================== > RCS file: /cvs/fedora/fedora-security/audit/fc6,v > retrieving revision 1.260 > retrieving revision 1.261 > diff -u -r1.260 -r1.261 > --- fc6 17 Sep 2007 15:42:28 -0000 1.260 > +++ fc6 18 Sep 2007 15:43:23 -0000 1.261 > @@ -36,6 +36,8 @@ > CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] > CVE-2007-4000 backport (krb5) [since FEDORA-2007-690] > CVE-2007-3999 backport (krb5) [since FEDORA-2007-690] > +CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294911 > +CVE-2007-3999 VULNERABLE (libtirpc) #294931 > CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on > Linux > CVE-2007-3961 ignore (gftp) off-by-one error in fsplib > CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675] > > > Index: fc7 > =================================================================== > RCS file: /cvs/fedora/fedora-security/audit/fc7,v > retrieving revision 1.108 > retrieving revision 1.109 > diff -u -r1.108 -r1.109 > --- fc7 17 Sep 2007 15:42:28 -0000 1.108 > +++ fc7 18 Sep 2007 15:43:23 -0000 1.109 > @@ -74,6 +74,8 @@ > CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765] > CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017] > CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017] > +CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294901 > +CVE-2007-3999 VULNERABLE (libtirpc) #294921 > CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on > Linux > CVE-2007-3961 ignore (gftp) off-by-one error in fsplib > CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697] > -- Lubomir Kundrak (Red Hat Security Response Team) From fedora-extras-commits at redhat.com Wed Sep 19 13:24:53 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Wed, 19 Sep 2007 09:24:53 -0400 Subject: fedora-security/audit fc6,1.261,1.262 fc7,1.109,1.110 Message-ID: <200709191324.l8JDOr93004137@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4111 Modified Files: fc6 fc7 Log Message: wpa_supplicant was no problem. added libsndfile. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.261 retrieving revision 1.262 diff -u -r1.261 -r1.262 --- fc6 18 Sep 2007 15:43:23 -0000 1.261 +++ fc6 19 Sep 2007 13:24:50 -0000 1.262 @@ -7,7 +7,6 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC6 as of 20070916 -GENERIC-MAP-NOMATCH VULNERABLE (wpa_supplicant) #293011 CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9 ?) CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) CVE-2007-4752 VULNERABLE (openssh) #280471 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.109 retrieving revision 1.110 diff -u -r1.109 -r1.110 --- fc7 18 Sep 2007 15:43:23 -0000 1.109 +++ fc7 19 Sep 2007 13:24:50 -0000 1.110 @@ -8,9 +8,9 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 +GENERIC-MAP-NOMATCH VULNERABLE (libsndfile) #296221 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -GENERIC-MAP-NOMATCH VULNERABLE (wpa_supplicant) #293011 CVE-2007-4897 version (ekiga, version 2.0.9 ?) CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From dan.davis at indexengines.com Wed Sep 19 14:36:51 2007 From: dan.davis at indexengines.com (Dan Davis) Date: Wed, 19 Sep 2007 10:36:51 -0400 Subject: Separate list for commits Message-ID: <98A6108AB28CA64FBF8115EDF7C911D060D38D@delaware.indexengines.com> Lubomir Kundrak wrote: > Well, that sounds fair, but be warned, that the audit files are specially for our > track and doesn't have to be 100% reliable. Watching the package announce list > for [SECURITY] things can be always relied on, though it will have some latency > compared to this, as packagers need time to roll updates. Anyways, knowing about > the vulnerability and not having the updated package avaliable is not always usable. I'll be subscribing to the package announce list, and maybe using the commit log less. > So you are for separating the lists. Is the only issue the name of the list? In > that case, the CVS logs traditionally go to -commits mailing lists. I assume it > won't be much of an issue for you to subscribe to that one and unsubscribe this > one eventually, if you're not interested in discussions, just in raw audit data. Not really hard to resubscribe -- I just viewed the discussion as my opportunity to find out what is the best way to keep up to date on Fedora security issues. From fedora-extras-commits at redhat.com Wed Sep 19 15:39:20 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Wed, 19 Sep 2007 11:39:20 -0400 Subject: fedora-security/audit fc6,1.262,1.263 fc7,1.110,1.111 Message-ID: <200709191539.l8JFdKiF024682@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24650/audit Modified Files: fc6 fc7 Log Message: Few more issues. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.262 retrieving revision 1.263 diff -u -r1.262 -r1.263 --- fc6 19 Sep 2007 13:24:50 -0000 1.262 +++ fc6 19 Sep 2007 15:39:17 -0000 1.263 @@ -7,7 +7,10 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC6 as of 20070916 -CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9 ?) +CVE-2007-4965 VULNERABLE (python) imageop module heap overflow +CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 +CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 +CVE-2007-4829 VULNERABLE (perl-Archive-Tar) CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) CVE-2007-4752 VULNERABLE (openssh) #280471 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] @@ -21,6 +24,8 @@ CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011 CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] +CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal +CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4357 ignore (firefox) status bar can be overwrittten CVE-2007-4255 ignore (php) msql extension not shipped CVE-2007-4251 ignore (openoffice.org) just a crash Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.110 retrieving revision 1.111 diff -u -r1.110 -r1.111 --- fc7 19 Sep 2007 13:24:50 -0000 1.110 +++ fc7 19 Sep 2007 15:39:17 -0000 1.111 @@ -11,11 +11,14 @@ GENERIC-MAP-NOMATCH VULNERABLE (libsndfile) #296221 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-4897 version (ekiga, version 2.0.9 ?) +CVE-2007-4965 VULNERABLE (python) imageop module heap overflow +CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 +CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8 CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4841 ignore (mozilla suite) Windows only CVE-2007-4840 ignore (php) +CVE-2007-4829 VULNERABLE (perl-Archive-Tar) CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) in updates-testing CVE-2007-4752 VULNERABLE (openssh) #280461 @@ -36,7 +39,7 @@ CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal -CVE-2007-4558 version (star, fixed 1.5a84) [since FEDORA-2007-1852] +CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018] CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From opensource at till.name Wed Sep 19 17:19:28 2007 From: opensource at till.name (Till Maas) Date: Wed, 19 Sep 2007 19:19:28 +0200 Subject: Separate list for commits In-Reply-To: <1190119781.3341.13.camel@localhost.localdomain> References: <1190042867.7861.22.camel@localhost.localdomain> <20070917152235.22da91ac@ghistelwchlohm.scrye.com> <1190119781.3341.13.camel@localhost.localdomain> Message-ID: <200709191919.35051.opensource@till.name> On Di September 18 2007, Lubomir Kundrak wrote: > I would want to avoid topics. Most people don't know what they are. I > find a separate list much more convenient. You can add topics and create a new list that is subscribed to this list and only receives specific topis. Then you have both the advantages of topics and a workaround for people who do not know what topics are. Regards, Till -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 827 bytes Desc: This is a digitally signed message part. URL: From fedora-extras-commits at redhat.com Thu Sep 20 08:53:37 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Thu, 20 Sep 2007 04:53:37 -0400 Subject: fedora-security/audit fc6,1.263,1.264 fc7,1.111,1.112 Message-ID: <200709200853.l8K8rbU1029405@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29356/audit Modified Files: fc6 fc7 Log Message: ekiga / opal tracking bugs. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.263 retrieving revision 1.264 diff -u -r1.263 -r1.264 --- fc6 19 Sep 2007 15:39:17 -0000 1.263 +++ fc6 20 Sep 2007 08:53:35 -0000 1.264 @@ -8,8 +8,8 @@ # Up to date FC6 as of 20070916 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow -CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 -CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 +CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297561 +CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 #297561 CVE-2007-4829 VULNERABLE (perl-Archive-Tar) CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) CVE-2007-4752 VULNERABLE (openssh) #280471 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.111 retrieving revision 1.112 diff -u -r1.111 -r1.112 --- fc7 19 Sep 2007 15:39:17 -0000 1.111 +++ fc7 20 Sep 2007 08:53:35 -0000 1.112 @@ -12,7 +12,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow -CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 +CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297551 CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8 CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Thu Sep 20 09:28:53 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Thu, 20 Sep 2007 05:28:53 -0400 Subject: fedora-security/audit fc7,1.112,1.113 Message-ID: <200709200928.l8K9Srtb004066@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4025 Modified Files: fc7 Log Message: Libsndfile got a CVE add balsa Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.112 retrieving revision 1.113 diff -u -r1.112 -r1.113 --- fc7 20 Sep 2007 08:53:35 -0000 1.112 +++ fc7 20 Sep 2007 09:28:51 -0000 1.113 @@ -8,9 +8,10 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 -GENERIC-MAP-NOMATCH VULNERABLE (libsndfile) #296221 +GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 +CVE-2007-4974 VULNERABLE (libsndfile) #296221 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297551 CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From lkundrak at redhat.com Thu Sep 20 12:26:49 2007 From: lkundrak at redhat.com (Lubomir Kundrak) Date: Thu, 20 Sep 2007 14:26:49 +0200 Subject: Separate list for commits In-Reply-To: <200709191919.35051.opensource@till.name> References: <1190042867.7861.22.camel@localhost.localdomain> <20070917152235.22da91ac@ghistelwchlohm.scrye.com> <1190119781.3341.13.camel@localhost.localdomain> <200709191919.35051.opensource@till.name> Message-ID: <1190291209.3869.5.camel@localhost.localdomain> On Wed, 2007-09-19 at 19:19 +0200, Till Maas wrote: > On Di September 18 2007, Lubomir Kundrak wrote: > > > I would want to avoid topics. Most people don't know what they are. I > > find a separate list much more convenient. > > You can add topics and create a new list that is subscribed to this list and > only receives specific topis. Then you have both the advantages of topics and > a workaround for people who do not know what topics are. A brilliant idea. I'll do it just that way. > Regards, > Till > -- > Fedora-security-list mailing list > Fedora-security-list at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-security-list -- Lubomir Kundrak (Red Hat Security Response Team) From fedora-extras-commits at redhat.com Fri Sep 21 06:43:49 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Fri, 21 Sep 2007 02:43:49 -0400 Subject: fedora-security/audit fc6,1.264,1.265 fc7,1.113,1.114 Message-ID: <200709210643.l8L6hncB029256@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29230/audit Modified Files: fc6 fc7 Log Message: kdm vulnerability Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.264 retrieving revision 1.265 diff -u -r1.264 -r1.265 --- fc6 20 Sep 2007 08:53:35 -0000 1.264 +++ fc6 21 Sep 2007 06:43:46 -0000 1.265 @@ -23,6 +23,7 @@ CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only) CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011 CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) +CVE-2007-4569 VULNERABLE (kdebase) #299741 CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.113 retrieving revision 1.114 diff -u -r1.113 -r1.114 --- fc7 20 Sep 2007 09:28:51 -0000 1.113 +++ fc7 21 Sep 2007 06:43:46 -0000 1.114 @@ -37,6 +37,7 @@ CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020] CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108] +CVE-2007-4569 VULNERABLE (kdebase) #299731 CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Fri Sep 21 07:40:10 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Fri, 21 Sep 2007 03:40:10 -0400 Subject: fedora-security/audit fc7,1.114,1.115 Message-ID: <200709210740.l8L7eAwa004107@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4085/audit Modified Files: fc7 Log Message: inotify-tools buffer overflow Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.114 retrieving revision 1.115 diff -u -r1.114 -r1.115 --- fc7 21 Sep 2007 06:43:46 -0000 1.114 +++ fc7 21 Sep 2007 07:40:08 -0000 1.115 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 +GENERIC-MAP-NOMATCH VULNERABLE (inotify-tools) #299771 GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Fri Sep 21 14:29:50 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Fri, 21 Sep 2007 10:29:50 -0400 Subject: fedora-security/audit fc6,1.265,1.266 fc7,1.115,1.116 Message-ID: <200709211429.l8LETo34003566@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3532/audit Modified Files: fc6 fc7 Log Message: update on some older kde issues Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.265 retrieving revision 1.266 diff -u -r1.265 -r1.266 --- fc6 21 Sep 2007 06:43:46 -0000 1.265 +++ fc6 21 Sep 2007 14:29:48 -0000 1.266 @@ -133,6 +133,7 @@ CVE-2007-1352 fixed (libXfont) #235265 [since FEDORA-2007-423] CVE-2007-1351 fixed (libXfont) #235265 [since FEDORA-2007-423] CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-577] +CVE-2007-1308 version (kdelibs) CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505] CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.115 retrieving revision 1.116 diff -u -r1.115 -r1.116 --- fc7 21 Sep 2007 07:40:08 -0000 1.115 +++ fc7 21 Sep 2007 14:29:48 -0000 1.116 @@ -285,8 +285,8 @@ CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 CVE-2007-1583 version (php, fixed 5.2.2) -CVE-2007-1565 ignore (konqueror) client crash -CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] +CVE-2007-1565 ignore (konqueror) client crash, duplicate of CVE-2007-1308 +CVE-2007-1564 version (kdelibs) affects konqueror CVE-2007-1562 version (mozilla) #241840 CVE-2007-1560 version (squid, fixed 2.6.STABLE12) CVE-2007-1558 version (balsa) [since FEDORA-2007-1447] @@ -339,6 +339,7 @@ *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 *CVE-2007-1320 ** (qemu) #238723 +CVE-2007-1308 version (kdelibs) CVE-2007-1287 ignore (php) See NVD CVE-2007-1286 version (php, PHP4 only) CVE-2007-1285 version (php, 5.2.2) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Fri Sep 21 21:28:12 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Fri, 21 Sep 2007 17:28:12 -0400 Subject: fedora-security/audit fc6,1.266,1.267 fc7,1.116,1.117 Message-ID: <200709212128.l8LLSClf012717@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12697 Modified Files: fc6 fc7 Log Message: elinks Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.266 retrieving revision 1.267 diff -u -r1.266 -r1.267 --- fc6 21 Sep 2007 14:29:48 -0000 1.266 +++ fc6 21 Sep 2007 21:28:10 -0000 1.267 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC6 as of 20070916 +CVE-2007-5034 VULNERABLE (elinks) #297611 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297561 CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 #297561 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.116 retrieving revision 1.117 diff -u -r1.116 -r1.117 --- fc7 21 Sep 2007 14:29:48 -0000 1.116 +++ fc7 21 Sep 2007 21:28:10 -0000 1.117 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 +CVE-2007-5034 VULNERABLE (elinks) #297981 GENERIC-MAP-NOMATCH VULNERABLE (inotify-tools) #299771 GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Sat Sep 22 03:41:33 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Fri, 21 Sep 2007 23:41:33 -0400 Subject: fedora-security/audit epel5,1.3,1.4 Message-ID: <200709220341.l8M3fXK4029658@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29558 Modified Files: epel5 Log Message: Catch up with new vulnerabilities. remove qt4 (shipped in rhel, not epel) update for cacti update. Index: epel5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel5,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- epel5 14 Sep 2007 00:23:19 -0000 1.3 +++ epel5 22 Sep 2007 03:41:31 -0000 1.4 @@ -3,9 +3,11 @@ # *CVE are items that need verification for EPEL-5 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070910 -# Up to date EPEL5 as of 20070910 +# Up to date CVE as of CVE email 20070914 +# Up to date EPEL5 as of 20070916 # +GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 +*CVE-2007-4829 VULNERABLE (perl-Archive-Tar) *CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 CVE-2007-4727 version (lighttpd, fixed 1.4.18) #284511 CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 @@ -36,8 +38,8 @@ CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3113 VULNERABLE (cacti) #243592 -CVE-2007-3112 VULNERABLE (cacti) #243592 +CVE-2007-3113 patch (cacti, fixed 0.8.7) #243592 +CVE-2007-3112 patch (cacti, fixed 0.8.7) #243592 CVE-2007-3025 ignore (clamav, Solaris only) CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 @@ -84,7 +86,6 @@ CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 *CVE-2007-0469 version (rubygems, fixed 0.9.1) CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) -CVE-2007-0242 VULNERABLE (qt4, fixed 4.2.3-7) CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 *CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Sat Sep 22 04:07:59 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Sat, 22 Sep 2007 00:07:59 -0400 Subject: fedora-security/audit epel4,1.1,1.2 Message-ID: <200709220407.l8M47xlV004410@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4386 Modified Files: epel4 Log Message: Process a ton of epel4 items. Index: epel4 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel4,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- epel4 1 Sep 2007 18:49:37 -0000 1.1 +++ epel4 22 Sep 2007 04:07:57 -0000 1.2 @@ -3,99 +3,102 @@ # *CVE are items that need verification for EPEL-4 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070829 -# Up to date EPEL4 as of +# Up to date CVE as of CVE email 20070914 +# Up to date EPEL4 as of 20070916 # -*CVE-2007-4631 VULNERABLE (qgit) #268381 +GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 +*CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 +CVE-2007-4727 version (lighttpd, fixed 1.4.18) #284511 +*CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] +CVE-2007-4631 version (qgit, fixed 1.5.7) #268381 *CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 -*CVE-2007-4560 VULNERABLE (clamav) #260583 +CVE-2007-4560 VULNERABLE (clamav) #260583 *CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561 *CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -*CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 +CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 *CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] *CVE-2007-4400 VULNERABLE (konversation) #253545 -*CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] +CVE-2007-4323 backport (denyhosts) #252291 *CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643 -*CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3725 ** (clamav) -*CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445] -*CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) -*CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] -*CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] -*CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3113 VULNERABLE (cacti) #243592 -*CVE-2007-3112 VULNERABLE (cacti) #243592 -*CVE-2007-3025 ignore (clamav, Solaris only) -*CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3725 ** (clamav) +CVE-2007-3555 version (moodle, fixed 1.8.2) #247528 +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) +CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3113 patch (cacti, fixed 0.8.7) #243592 +CVE-2007-3112 patch (cacti, fixed 0.8.7) #243592 +CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-2958 VULNERABLE (claws-mail) #254121 -*CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469] -*CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 -*CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] -*CVE-2007-2637 patch (moin, fixed 1.5.7-2) -*CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 +*CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 +CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 +CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395 +CVE-2007-2637 patch (moin, fixed 1.5.7-2) +CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 -*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 +CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 *CVE-2007-2165 VULNERABLE (proftpd) #237533 -*CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) -*CVE-2007-1997 version (clamav, fixed in 0.90.2) -*CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 -*CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 +CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) +CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2) +CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703 +CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 -*CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 +CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 *CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 -*CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) +CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 -*CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) +CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) *CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] -*CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 -*CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 -*CVE-2007-0898 version (clamav, fixed 0.90) #229202 -*CVE-2007-0897 version (clamav, fixed 0.90) #229202 +CVE-2007-0902 version (moin, fixed 1.5.7-2) #228764 +CVE-2007-0901 version (moin, fixed 1.5.7-2) #228764 +CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202 +CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202 *CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 -*CVE-2007-0857 version (moin, fixed 1.5.7) #228139 +CVE-2007-0857 version (moin, fixed 1.5.7) #228139 *CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 -*CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) -*CVE-2007-0242 patch (qt4, fixed 4.2.3-7) +CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 *CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 -*CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 -*CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 -*CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 +CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 +CVE-2007-0007 version (gnucash, fixed 2.0.5) #223233 +CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 *CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) -*CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 -*CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 +CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 +CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 -*CVE-2006-6481 version (clamav, fixed 0.88.7) -*CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 -*CVE-2006-6374 ** (phpMyAdmin) #218853 -*CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 -*CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 +CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7) +CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095 +CVE-2006-6374 ** (phpMyAdmin) #218853 +CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 +CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 -*CVE-2006-5874 version (clamav, fixed 0.88.1) -*CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 +CVE-2006-5874 version (clamav, fixed 0.88.1) +CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 *CVE-2006-5602 version (xsupplicant, fixed 1.2.6) @@ -103,51 +106,51 @@ *CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5454 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 -*CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 -*CVE-2006-5129 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4943 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4942 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4941 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4940 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4939 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4938 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4937 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4936 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4935 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4786 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4785 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4784 version (moodle, fixed 1.6.3) #206516 +CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 +CVE-2006-5129 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4943 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4942 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4941 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4940 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4939 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4938 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4937 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4936 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4935 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4786 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4785 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4784 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4249 patch (plone, fixed 2.5.1-3) #213983 *CVE-2006-4248 ignore (thttpd, Debian specific issue) *CVE-2006-4247 patch (plone, fixed 2.5-4) #209163 -*CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 -*CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 +CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 +CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 *CVE-2006-3458 patch (zope, fixed 2.9.3-3) #198106 *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) -*CVE-2006-2489 version (nagios, fixed 2.3.1) -*CVE-2006-2427 ignore (clamav) not an issue bz#192076 +CVE-2006-2489 version (nagios, fixed 2.3.1) +CVE-2006-2427 ignore (clamav) not an issue bz#192076 *CVE-2006-2237 backport (awstats, fixed 6.5-5) bz#190923 -*CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612 +CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612 *CVE-2006-2017 version (dnsmasq, fixed 2.30) -*CVE-2006-1989 version (clamav, fixed 0.88.2) +CVE-2006-1989 version (clamav, fixed 0.88.2) *CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch *CVE-2006-1711 version (plone, fixed 2.1.2) bz#188886 -*CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050 -*CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) +CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050 +CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) *CVE-2006-1498 version (mediawiki, fixed 1.5.8) bz#188122 *CVE-2006-1079 patch (thttpd, fixed 2.25b-11) bz#191095 *CVE-2006-1078 patch (thttpd, fixed 2.25b-11) bz#191095 -*CVE-2006-0814 ignore (lighttpd, Windows-specific problem) -*CVE-2006-0760 version (lighttpd, fixed 1.4.10) -*CVE-2006-0458 version (irssi, fixed 0.8.10) bz#184509 +CVE-2006-0814 ignore (lighttpd, Windows-specific problem) +CVE-2006-0760 version (lighttpd, fixed 1.4.10) +CVE-2006-0458 VULNERABLE (irssi, fixed 0.8.10) bz#184509 *CVE-2006-0322 version (mediawiki, fixed 1.5.8) -*CVE-2006-0162 version (clamav, fixed 0.88) -*CVE-2006-0126 version (rxvt-unicode, fixed 7.5) -*CVE-2006-0106 version (wine, fixed 0.9.10) -*CVE-2006-0071 ignore (pinentry, Gentoo-specific problem) -*CVE-2005-4803 version (graphviz, fixed 2.2.1) +CVE-2006-0162 version (clamav, fixed 0.88) +CVE-2006-0126 version (rxvt-unicode, fixed 7.5) +CVE-2006-0106 version (wine, fixed 0.9.10) +CVE-2006-0071 ignore (pinentry, Gentoo-specific problem) +CVE-2005-4803 version (graphviz, fixed 2.2.1) *CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Sep 24 13:48:32 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Mon, 24 Sep 2007 09:48:32 -0400 Subject: fedora-security/audit fc7,1.117,1.118 Message-ID: <200709241348.l8ODmWnd025754@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25732/audit Modified Files: fc7 Log Message: t1lib Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.117 retrieving revision 1.118 diff -u -r1.117 -r1.118 --- fc7 21 Sep 2007 21:28:10 -0000 1.117 +++ fc7 24 Sep 2007 13:48:30 -0000 1.118 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20070914 # Up to date FC7 as of 20070916 +GENERIC-MAP-NOMATCH VULNERABLE (t1lib) #303021 CVE-2007-5034 VULNERABLE (elinks) #297981 GENERIC-MAP-NOMATCH VULNERABLE (inotify-tools) #299771 GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Sep 24 13:58:00 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Mon, 24 Sep 2007 09:58:00 -0400 Subject: fedora-security/audit fc7,1.118,1.119 Message-ID: <200709241358.l8ODw0vk026254@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26230/audit Modified Files: fc7 Log Message: inotify-tools cve name Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.118 retrieving revision 1.119 diff -u -r1.118 -r1.119 --- fc7 24 Sep 2007 13:48:30 -0000 1.118 +++ fc7 24 Sep 2007 13:57:58 -0000 1.119 @@ -9,8 +9,8 @@ # Up to date FC7 as of 20070916 GENERIC-MAP-NOMATCH VULNERABLE (t1lib) #303021 +CVE-2007-5037 VULNERABLE (inotify-tools) #299771 CVE-2007-5034 VULNERABLE (elinks) #297981 -GENERIC-MAP-NOMATCH VULNERABLE (inotify-tools) #299771 GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Sep 24 21:02:00 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Mon, 24 Sep 2007 17:02:00 -0400 Subject: fedora-security/audit fc7,1.119,1.120 Message-ID: <200709242102.l8OL20Yn007507@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1187 Modified Files: fc7 Log Message: CVE for something, I forgot for what. Most likely it was for balsa or something like that. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.119 retrieving revision 1.120 diff -u -r1.119 -r1.120 --- fc7 24 Sep 2007 13:57:58 -0000 1.119 +++ fc7 24 Sep 2007 21:01:58 -0000 1.120 @@ -11,7 +11,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (t1lib) #303021 CVE-2007-5037 VULNERABLE (inotify-tools) #299771 CVE-2007-5034 VULNERABLE (elinks) #297981 -GENERIC-MAP-NOMATCH VULNERABLE (balsa) #297601 +CVE-2007-5007 VULNERABLE (balsa) #297601 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-4974 VULNERABLE (libsndfile) #296221 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Tue Sep 25 09:39:22 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Tue, 25 Sep 2007 05:39:22 -0400 Subject: fedora-security/audit fc7,1.120,1.121 Message-ID: <200709250939.l8P9dMZn031536@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31518/audit Modified Files: fc7 Log Message: Forgot to commit note for bugzilla yesterday. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.120 retrieving revision 1.121 diff -u -r1.120 -r1.121 --- fc7 24 Sep 2007 21:01:58 -0000 1.120 +++ fc7 25 Sep 2007 09:39:20 -0000 1.121 @@ -9,6 +9,7 @@ # Up to date FC7 as of 20070916 GENERIC-MAP-NOMATCH VULNERABLE (t1lib) #303021 +CVE-2007-5038 VULNERABLE (bugzilla, fixed 3.0.2, 3.1.2) #299981 CVE-2007-5037 VULNERABLE (inotify-tools) #299771 CVE-2007-5034 VULNERABLE (elinks) #297981 CVE-2007-5007 VULNERABLE (balsa) #297601 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Sep 26 15:57:25 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Wed, 26 Sep 2007 11:57:25 -0400 Subject: fedora-security/audit fc7,1.121,1.122 Message-ID: <200709261557.l8QFvPem021085@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21067/audit Modified Files: fc7 Log Message: php non-issue Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.121 retrieving revision 1.122 diff -u -r1.121 -r1.122 --- fc7 25 Sep 2007 09:39:20 -0000 1.121 +++ fc7 26 Sep 2007 15:57:23 -0000 1.122 @@ -151,6 +151,7 @@ CVE-2007-3378 ignore (php) safe mode escape CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since FEDORA-2007-0668] CVE-2007-3304 backport (httpd) #244665 [since FEDORA-2007-0704] +CVE-2007-3294 ignore (php-extras) win only CVE-2007-3257 backport (evolution) #244283 [since FEDORA-2007-0464] CVE-2007-3241 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Wed Sep 26 17:39:04 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Sep 2007 13:39:04 -0400 Subject: [Bug 238723] CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities In-Reply-To: Message-ID: <200709261739.l8QHd47t031009@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=238723 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora clalance at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |MODIFIED -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Sep 26 17:43:16 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Sep 2007 13:43:16 -0400 Subject: [Bug 238723] CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities In-Reply-To: Message-ID: <200709261743.l8QHhGSj031781@bz-web1.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=238723 clalance at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |307471 nThis| | -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Sep 26 17:43:15 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Sep 2007 13:43:15 -0400 Subject: [Bug 307471] New: CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/show_bug.cgi?id=307471 Summary: CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities Product: Fedora Version: fc6 Platform: All URL: http://www.vuxml.org/freebsd/0ac89b39-f829-11db-b55c- 000e0c6d38a9.html OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: qemu AssignedTo: dwmw2 at infradead.org ReportedBy: clalance at redhat.com QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com,j.w.r.degoede at hhs.nl +++ This bug was initially created as a clone of Bug #238723 +++ Not sure if these affect any qemu versions in Fedora, but here goes: http://www.vuxml.org/freebsd/0ac89b39-f829-11db-b55c-000e0c6d38a9.html "Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1320 Tavis Ormandy discovered that a memory management routine of the Cirrus video driver performs insufficient bounds checking, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1321 Tavis Ormandy discovered that the NE2000 network driver and the socket code perform insufficient input validation, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1322 Tavis Ormandy discovered that the "icebp" instruction can be abused to terminate the emulation, resulting in denial of service. CVE-2007-1323 Tavis Ormandy discovered that the NE2000 network driver and the socket code perform insufficient input validation, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1366 Tavis Ormandy discovered that the "aam" instruction can be abused to crash qemu through a division by zero, resulting in denial of service." -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Sep 26 17:44:00 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Sep 2007 13:44:00 -0400 Subject: [Bug 238723] CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities In-Reply-To: Message-ID: <200709261744.l8QHi0dG000399@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=238723 clalance at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |MODIFIED -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Sep 26 17:41:34 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 26 Sep 2007 13:41:34 -0400 Subject: [Bug 238723] CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities In-Reply-To: Message-ID: <200709261741.l8QHfYiO032690@bz-web2.app.phx.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=238723 clalance at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|dwmw2 at redhat.com |clalance at redhat.com Status|MODIFIED |ASSIGNED Component|qemu |xen ------- Additional Comments From clalance at redhat.com 2007-09-26 13:41 EST ------- Ug. I made a mistake, and thought this bug was for xen. We have the same problem in FC-6 for Xen, so I'm going to change this one to Xen, and then clone it for Qemu, so we continue to track for that. Chris Lalancette -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Sep 27 12:55:42 2007 From: fedora-extras-commits at redhat.com (Tomas Hoger (thoger)) Date: Thu, 27 Sep 2007 08:55:42 -0400 Subject: fedora-security/audit fc6,1.267,1.268 fc7,1.122,1.123 Message-ID: <200709271255.l8RCtgYe019842@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19819/audit Modified Files: fc6 fc7 Log Message: proccess large pile of fedora updates Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.267 retrieving revision 1.268 diff -u -r1.267 -r1.268 --- fc6 21 Sep 2007 21:28:10 -0000 1.267 +++ fc6 27 Sep 2007 12:55:40 -0000 1.268 @@ -5,7 +5,7 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # Up to date CVE as of CVE email 20070914 -# Up to date FC6 as of 20070916 +# Up to date FC6 as of 20070926 CVE-2007-5034 VULNERABLE (elinks) #297611 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow @@ -17,17 +17,19 @@ CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] CVE-2007-4730 VULNERABLE (xorg-x11) #286061 CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] +CVE-2007-4670 backport (php) [since FEDORA-2007-709] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix CVE-2007-4660 VULNERABLE (php, fixed 5.2.4) CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only) -CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011 +CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709] CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) CVE-2007-4569 VULNERABLE (kdebase) #299741 CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 +CVE-2007-4465 version (httpd) [since FEDORA-2007-707] CVE-2007-4357 ignore (firefox) status bar can be overwrittten CVE-2007-4255 ignore (php) msql extension not shipped CVE-2007-4251 ignore (openoffice.org) just a crash @@ -35,7 +37,7 @@ CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664] -CVE-2007-4137 VULNERABLE (qt) #292951 +CVE-2007-4137 backport (qt) #292951 [since FEDORA-2007-703] CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254129 CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-683] CVE-2007-4029 backport (libvorbis) #250600 [since FEDORA-2007-677] @@ -44,17 +46,19 @@ CVE-2007-3999 backport (krb5) [since FEDORA-2007-690] CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294911 CVE-2007-3999 VULNERABLE (libtirpc) #294931 +CVE-2007-3998 backport (php) [since FEDORA-2007-709] +CVE-2007-3996 backport (php) [since FEDORA-2007-709] CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675] CVE-2007-3848 version (kernel) [since FEDORA-2007-679] -CVE-2007-3847 VULNERABLE (httpd) #250756 +CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707] CVE-2007-3845 ignore (firefox) windows specific CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" CVE-2007-3843 VULNERABLE (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 ** (kdebase) #248537 -CVE-2007-3799 ** (php) +CVE-2007-3799 backport (php) [since FEDORA-2007-709] CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654] CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44) CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44) @@ -62,19 +66,20 @@ CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655] CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] -CVE-2007-3478 VULNERABLE (gd, fixed 2.0.35) #277421 -CVE-2007-3477 VULNERABLE (gd, fixed 2.0.35) #277421 -CVE-2007-3476 VULNERABLE (gd, fixed 2.0.35) #277421 -CVE-2007-3475 VULNERABLE (gd, fixed 2.0.35) #277421 -CVE-2007-3474 VULNERABLE (gd, fixed 2.0.35) #277421 -CVE-2007-3473 VULNERABLE (gd, fixed 2.0.35) #277421 -CVE-2007-3472 VULNERABLE (gd, fixed 2.0.35) #277421 +CVE-2007-3478 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] +CVE-2007-3477 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] +CVE-2007-3476 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] +CVE-2007-3475 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] +CVE-2007-3474 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] +CVE-2007-3473 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] +CVE-2007-3472 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809 CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3392 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] +CVE-2007-3388 backport (qt) [since FEDORA-2007-703] CVE-2007-3387 VULNERABLE (poppler) #251513 CVE-2007-3387 backport (tetex) #251515 [since FEDORA-2007-669] CVE-2007-3387 backport (kdegraphics) #251511 [since FEDORA-2007-685] @@ -94,14 +99,16 @@ CVE-2007-2875 version (kernel) [since FEDORA-2007-600] *CVE-2007-2874 (wpa_supplicant) #242455 CVE-2007-2873 version (spamassassin, fixed 3.1.9) [since FEDORA-2007-582] +CVE-2007-2872 backport (php) [since FEDORA-2007-709] CVE-2007-2871 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-2870 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-2869 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-2868 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-2867 version (mozilla) #241840 [since FEDORA-2007-549] -CVE-2007-2834 VULNERABLE (openoffice.org, fixed 2.3) #293371 +CVE-2007-2834 backport (openoffice.org, fixed 2.3) #293371 [since FEDORA-2007-700] CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-538] CVE-2007-2797 version (xterm) +CVE-2007-2756 backport (php) [since FEDORA-2007-709] CVE-2007-2453 version (kernel) [since FEDORA-2007-600] CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600] CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529] @@ -162,6 +169,7 @@ CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] +CVE-2007-0242 backport (qt) [since FEDORA-2007-703] CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since FEDORA-2007-657] CVE-2007-0104 ignore (poppler) only client DoS CVE-2007-0104 ignore (kdegraphics) only client DoS Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.122 retrieving revision 1.123 diff -u -r1.122 -r1.123 --- fc7 26 Sep 2007 15:57:23 -0000 1.122 +++ fc7 27 Sep 2007 12:55:40 -0000 1.123 @@ -6,16 +6,17 @@ # A couple of first F7 updates were marked as FEDORA-2007-0001 # Up to date CVE as of CVE email 20070914 -# Up to date FC7 as of 20070916 +# Up to date FC7 as of 20070926 -GENERIC-MAP-NOMATCH VULNERABLE (t1lib) #303021 -CVE-2007-5038 VULNERABLE (bugzilla, fixed 3.0.2, 3.1.2) #299981 +CVE-2007-5106 version (wordpress) affects old 2.0.x versions +CVE-2007-5105 version (wordpress) affects old 2.0.x versions +CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 [since FEDORA-2007-2299] CVE-2007-5037 VULNERABLE (inotify-tools) #299771 -CVE-2007-5034 VULNERABLE (elinks) #297981 +CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224] CVE-2007-5007 VULNERABLE (balsa) #297601 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-4974 VULNERABLE (libsndfile) #296221 +CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236] CVE-2007-4965 VULNERABLE (python) imageop module heap overflow CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297551 CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8 @@ -24,8 +25,8 @@ CVE-2007-4841 ignore (mozilla suite) Windows only CVE-2007-4840 ignore (php) CVE-2007-4829 VULNERABLE (perl-Archive-Tar) -CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 -CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) in updates-testing +CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189] +CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196] CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4730 VULNERABLE (xorg-x11) #286051 @@ -41,6 +42,7 @@ CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020] CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108] +CVE-2007-4573 version (kernel) [since FEDORA-2007-2298] CVE-2007-4569 VULNERABLE (kdebase) #299731 CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] @@ -54,6 +56,7 @@ CVE-2007-4533 backport (vavoom) #256621 [since FEDORA-2007-1977] CVE-2007-4532 backport (vavoom) #256621 [since FEDORA-2007-1977] CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 [since FEDORA-2007-2050] +CVE-2007-4465 version (httpd) [since FEDORA-2007-2214] CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774] CVE-2007-4400 VULNERABLE (konversation) #253545 @@ -75,11 +78,12 @@ CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885] CVE-2007-4138 version (samba, fixed 3.0.26) #286311 [since FEDORA-2007-2145] -CVE-2007-4137 VULNERABLE (qt) #292941 +CVE-2007-4137 backport (qt) #292941 [since FEDORA-2007-2216] CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852] CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890] CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765] +CVE-2007-4033 VULNERABLE (t1lib) #303021 CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017] CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017] @@ -94,7 +98,7 @@ CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3848 version (kernel) [since FEDORA-2007-1785] -CVE-2007-3847 VULNERABLE (httpd) #250755 +CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214] CVE-2007-3845 ignore (firefox) windows specific CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" CVE-2007-3843 VULNERABLE (kernel) #246595 @@ -138,7 +142,7 @@ CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] -CVE-2007-3388 VULNERABLE (qt, fixed qt-3.3.8-20070727) patch available: 170529.diff +CVE-2007-3388 backport (qt, fixed qt-3.3.8-20070727) patch available: 170529.diff [since FEDORA-2007-2216] CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383] CVE-2007-3387 backport (tetex) #251514 [since FEDORA-2007-1547] CVE-2007-3387 VULNERABLE (poppler) #251512 @@ -168,8 +172,8 @@ CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] CVE-2007-3122 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] CVE-2007-3121 version (zvbi, fixed 0.2.25) [since FEDORA-2007-0175] -*CVE-2007-3113 VULNERABLE (cacti) #243592 -*CVE-2007-3112 VULNERABLE (cacti) #243592 +CVE-2007-3113 backport (cacti) #243592 [since FEDORA-2007-2199] +CVE-2007-3112 backport (cacti) #243592 [since FEDORA-2007-2199] CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444] CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits