fedora-security/audit fc4,1.79,1.80

Mark Cox (mjc) fedora-extras-commits at redhat.com
Tue Nov 8 09:15:54 UTC 2005 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7953

Modified Files:
	fc4 
Log Message:
Catch up with issues over the last week



Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- fc4	30 Oct 2005 16:32:20 -0000	1.79
+++ fc4	8 Nov 2005 09:15:38 -0000	1.80
@@ -1,10 +1,19 @@
-Up to date CVE as of CVE email 20051030
-Up to date FC4 as of 200501030
+Up to date CVE as of CVE email 20051107
+Up to date FC4 as of 200501107
 
 ** are items that need attention
 
+CVE-2005-3402 ** thunderbird
+CVE-2005-3392 ignore (php) safe mode isn't safe
+CVE-2005-3391 ignore (php) safe mode isn't safe
+CVE-2005-3390 VULNERABLE (php) bz#172208
+CVE-2005-3389 VULNERABLE (php) bz#172211
+CVE-2005-3388 VULNERABLE (php) bz#172213
+CVE-2005-3353 VULNERABLE (php) bz#172590
+CVE-2005-3350 version (libungif, fixed 4.1.3) [since FEDORA-2005-1046]
 CVE-2005-3322 version (squid, not upstream) SUSE only
 CVE-2005-3319 ** mod_php
+CVE-2005-3313 VULNERABLE (ethereal)
 CVE-2005-3276 version (kernel, fixed 2.6.12.4) [since FEDORA-2005-949] was backport since FEDORA-2005-820
 CVE-2005-3275 version (kernel, fixed 2.6.13) [since FEDORA-2005-949] was backport since FEDORA-2005-820
 CVE-2005-3274 version (kernel, fixed 2.6.13) [since FEDORA-2005-949]
@@ -48,6 +57,7 @@
 CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
 CVE-2005-2978 version (netpbm, fixed 10.25)
 CVE-2005-2977 backport (pam) [since FEDORA-2005-1031]
+CVE-2005-2974 version (libungif, fixed 4.1.3) [since FEDORA-2005-1046]
 CVE-2005-2973 VULNERABLE (kernel)
 CVE-2005-2970 VULNERABLE (httpd) bz#171759
 CVE-2005-2969 backport (openssl, fixed 0.9.7h) [since FEDORA-2005-986]
@@ -98,7 +108,7 @@
 CVE-2005-2701 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
 CVE-2005-2700 backport (httpd, fixed 2.0.55-dev) [since FEDORA-2005-849]
 CVE-2005-2693 backport (cvs) [since FEDORA-2005-790]
-CVE-2005-2672 VULNERABLE (lm_sensors) bz#166673
+CVE-2005-2672 backport (lm_sensors) [since FEDORA-2005-1053]
 CVE-2005-2666 ** openssh (hmm)
 CVE-2005-2642 version (mutt, openbsd only)
 CVE-2005-2641 VULNERABLE (pam_ldap) bz#166164
@@ -135,7 +145,7 @@
 CVE-2005-2452 version (libtiff, fixed 3.7.0)
 CVE-2005-2448 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
 CVE-2005-2414 ignore (mozilla) not being fixed upstream, just a crash
-CVE-2005-2410 backport (NetworkManager) [since FEDORA-2005-680]
+CVE-2005-2410 version (NetworkManager, fixed 5.0) [since FEDORA-2005-1027] was backport since FEDORA-2005-680
 CVE-2005-2395 ** firefox
 CVE-2005-2370 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
 CVE-2005-2370 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
@@ -215,7 +225,7 @@
 CVE-2005-1762 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
 CVE-2005-1761 version (kernel, fixed 2.6.12.2) [since FEDORA-2005-510]
 CVE-2005-1760 VULNERABLE (sysreport)
-CVE-2005-1759 VULNERABLE (nmap)
+CVE-2005-1759 ignore (openldap, fixed shtool 2.0.2) flawed code path not used
 CVE-2005-1759 VULNERABLE (openldap)
 CVE-2005-1759 VULNERABLE (php)
 CVE-2005-1751 VULNERABLE (nmap, fixed shtool 2.0.2) #158996

More information about the fedora-extras-commits mailing list