fedora-security/audit fc4,1.83,1.84
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Fri Nov 11 10:10:03 UTC 2005
- Previous message (by thread): rpms/eet/devel .cvsignore,1.2,1.3 eet.spec,1.3,1.4 sources,1.2,1.3
- Next message (by thread): rpms/sylpheed/devel .cvsignore, 1.14, 1.15 sources, 1.14, 1.15 sylpheed.spec, 1.25, 1.26
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11462
Modified Files:
fc4
Log Message:
Deal with yesterdays updates which included a new upstream kernel, so
verify by code inspection that the issues marked vulnerable or backport
are corrected
Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- fc4 10 Nov 2005 14:00:32 -0000 1.83
+++ fc4 11 Nov 2005 10:09:59 -0000 1.84
@@ -3,7 +3,7 @@
** are items that need attention
-CVE-2005-3527 VULNERABLE (kernel)
+CVE-2005-3527 version (kernel, fixed 2.6.14 at least) [since FEDORA-2005-1067]
CVE-2005-3402 ignore (thunderbird) mozilla say by design
CVE-2005-3392 ignore (php) safe mode isn't safe
CVE-2005-3391 ignore (php) safe mode isn't safe
@@ -37,12 +37,12 @@
CVE-2005-3185 blocked (wget) by FORTIFY_SOURCE
CVE-2005-3184 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
CVE-2005-3183 backport (w3c-libwww) [since FEDORA-2005-952]
-CVE-2005-3181 backport (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1013] patch-2.6.13.4
-CVE-2005-3180 backport (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1013] patch-2.6.13.4
-CVE-2005-3179 backport (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1013] patch-2.6.13.4
+CVE-2005-3181 version (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1067] was backport since FEDORA-2005-1013
+CVE-2005-3180 version (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1067] was backport since FEDORA-2005-1013
+CVE-2005-3179 version (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1067] was backport since FEDORA-2005-1013
CVE-2005-3164 version (tomcat, not 5)
CVE-2005-3120 backport (lynx) [since FEDORA-2005-994]
-CVE-2005-3119 backport (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1013] patch-2.6.13.4
+CVE-2005-3119 version (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1067] was backport since FEDORA-2005-1013
CVE-2005-3110 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
CVE-2005-3109 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
CVE-2005-3108 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
@@ -51,16 +51,16 @@
CVE-2005-3105 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
CVE-2005-3089 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped
-CVE-2005-3055 VULNERABLE (kernel)
+CVE-2005-3055 version (kernel, fixed 2.6.14 at least) [since FEDORA-2005-1067]
CVE-2005-3054 ignore (php) see bz#169857
CVE-2005-3053 version (kernel) [since FEDORA-2005-949] was backport since FEDORA-2005-820
-CVE-2005-3044 backport (kernel, fixed 2.6.13.2) [since FEODRA-2005-949] patch-2.6.13.4
+CVE-2005-3044 version (kernel, fixed 2.6.13.2) [since FEDORA-2005-1067] was backport since FEODRA-2005-949
CVE-2005-3011 backport (texinfo) [since FEDORA-2005-991]
CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
CVE-2005-2978 version (netpbm, fixed 10.25)
CVE-2005-2977 backport (pam) [since FEDORA-2005-1031]
CVE-2005-2974 version (libungif, fixed 4.1.3) [since FEDORA-2005-1046]
-CVE-2005-2973 VULNERABLE (kernel)
+CVE-2005-2973 version (kernel, 2.6.14 at least) [since FEODRA-2005-1067]
CVE-2005-2970 VULNERABLE (httpd) bz#171759
CVE-2005-2969 backport (openssl, fixed 0.9.7h) [since FEDORA-2005-986]
CVE-2005-2969 backport (openssl097a, fixed 0.9.7h) [since FEDORA-2005-986]
@@ -191,7 +191,7 @@
CVE-2005-2260 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) [since FEDORA-2005-561]
CVE-2005-2114 ** mozilla, can't find out when this was fixed upstream
-CVE-2005-2104 VULNERABLE (sysreport) #162979
+CVE-2005-2104 version (sysreport, fixed 1.4.1-5) [since FEDORA-2005-1071]
CVE-2005-2103 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
CVE-2005-2102 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
CVE-2005-2101 backport (kdeedu) [since FEDORA-2005-744]
- Previous message (by thread): rpms/eet/devel .cvsignore,1.2,1.3 eet.spec,1.3,1.4 sources,1.2,1.3
- Next message (by thread): rpms/sylpheed/devel .cvsignore, 1.14, 1.15 sources, 1.14, 1.15 sylpheed.spec, 1.25, 1.26
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list