fedora-security/audit fc4,1.82,1.83

Thu Nov 10 14:00:34 UTC 2005

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1814

Modified Files:
	fc4 
Log Message:
Finish off fc4 investigations so we are up to date



Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83

--- fc4	10 Nov 2005 10:52:03 -0000	1.82
+++ fc4	10 Nov 2005 14:00:32 -0000	1.83
@@ -49,8 +49,8 @@
 CVE-2005-3107 version (kernel, fixed 2.6.11)
 CVE-2005-3106 version (kernel, fixed 2.6.11)
 CVE-2005-3105 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
-CVE-2005-3089 ** firefox
-CVE-2005-3088 ** fetchmailconf
+CVE-2005-3089 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
+CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped
 CVE-2005-3055 VULNERABLE (kernel)
 CVE-2005-3054 ignore (php) see bz#169857
 CVE-2005-3053 version (kernel) [since FEDORA-2005-949] was backport since FEDORA-2005-820
@@ -75,8 +75,8 @@
 CVE-2005-2874 version (cups, fixed 1.1.23)
 CVE-2005-2873 VULNERABLE (kernel) not upstream fixed
 CVE-2005-2872 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
-CVE-2005-2871 ** backport (firefox) [since FEDORA-2005-871]
-CVE-2005-2871 ** backport (mozilla) [since FEDORA-2005-873]
+CVE-2005-2871 version (firefox, fixed 1.0.7) [since FEDORA-2005-926] was backport [since FEDORA-2005-871]
+CVE-2005-2871 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927] was backport [since FEDORA-2005-873]
 CVE-2005-2871 version (thunderbird) (moderate only) [since FEDORA-2005-963]
 CVE-2005-2811 version (net-snmp, not upstream) gentoo only
 CVE-2005-2801 version (kernel, fixed 2.6.11)
@@ -111,7 +111,7 @@
 CVE-2005-2700 backport (httpd, fixed 2.0.55-dev) [since FEDORA-2005-849]
 CVE-2005-2693 backport (cvs) [since FEDORA-2005-790]
 CVE-2005-2672 backport (lm_sensors) [since FEDORA-2005-1053]
-CVE-2005-2666 ** openssh (hmm)
+CVE-2005-2666 VULNERABLE (openssh) see bz#162681
 CVE-2005-2642 version (mutt, openbsd only)
 CVE-2005-2641 VULNERABLE (pam_ldap) bz#166164
 CVE-2005-2617 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
@@ -148,7 +148,7 @@
 CVE-2005-2448 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
 CVE-2005-2414 ignore (mozilla) not being fixed upstream, just a crash
 CVE-2005-2410 version (NetworkManager, fixed 5.0) [since FEDORA-2005-1027] was backport since FEDORA-2005-680
-CVE-2005-2395 ** firefox
+CVE-2005-2395 VULNERABLE (firefox) not fixed upstream, maybe not security
 CVE-2005-2370 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
 CVE-2005-2370 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
 CVE-2005-2369 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
@@ -162,7 +162,7 @@
 CVE-2005-2361 version (ethereal, fixed 0.10.12) [since FEDORA-2005-655]
 CVE-2005-2360 version (ethereal, fixed 0.10.12) [since FEDORA-2005-655]
 CVE-2005-2353 ignore (thunderbird) debug mode only
-CVE-2005-2337 ** ruby [since FEDORA-2005-936]
+CVE-2005-2337 version (ruby, fixed 1.8.3) [since FEDORA-2005-936]
 CVE-2005-2335 backport (fetchmail) [since FEDORA-2005-613]
 CVE-2005-2270 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
 CVE-2005-2270 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
@@ -191,7 +191,7 @@
 CVE-2005-2260 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
 CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) [since FEDORA-2005-561]
 CVE-2005-2114 ** mozilla, can't find out when this was fixed upstream
-CVE-2005-2104 ** sysreport #162979
+CVE-2005-2104 VULNERABLE (sysreport) #162979
 CVE-2005-2103 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
 CVE-2005-2102 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
 CVE-2005-2101 backport (kdeedu) [since FEDORA-2005-744]
@@ -204,7 +204,7 @@
 CVE-2005-2096 backport (rpm) [since FEDORA-2005-565]
 CVE-2005-2095 version (squirrelmail, fixed 1.4.5) since [FEDORA-2005-780]
 CVE-2005-2088 backport (httpd) [since FEDORA-2005-639]
-CVE-2005-2069 ** (openldap) [since FEDORA-2005-992]
+CVE-2005-2069 backport (openldap) [since FEDORA-2005-992]
 CVE-2005-2069 VULNERABLE (nss_ldap) http://bugzilla.padl.com/attachment.cgi?id=10&action=view
 CVE-2005-2023 version (gnupg, fixed 1.9.15)
 CVE-2005-1993 backport (sudo, fixed 1.6.8p9) [since FEDORA-2005-472]


