fedora-security/audit fc5,NONE,1.1
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Tue Nov 22 11:39:31 UTC 2005
- Previous message (by thread): rpms/perl-Pod-Simple/devel .cvsignore, 1.2, 1.3 perl-Pod-Simple.spec, 1.6, 1.7 sources, 1.2, 1.3
- Next message (by thread): rpms/mod_security/FC-3 .cvsignore, 1.2, 1.3 mod_security.spec, 1.6, 1.7 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6531
Added Files:
fc5
Log Message:
Commit the first chunk of work on the FC5 audit, starting with the FC4
data, the easiest ones to verify are those 'version' or backport with
a trusted known upstream version, after that it's quite a bit of manual
work to verify this. Based on the FC5 tree *prior* to test1
--- NEW FILE fc5 ---
Up to date CVE as of CVE email 20051120
Up to date FC5 as of FC5-Test1-RC
1. Removed packages with security issues that are no longer in FC5
(iiimf, libungif, slocate)
2. Verified all marked as 'version', inc tricky packages like openssl
and httpd
3. Looked at those marked backport where we ship a newer version, manually
looked at rest marked backport
[todo: finish this, 93 CVE left]
[todo: CVE from new packages added to FC5]
[todo: file bugs for anything vulnerable]
** are items that need attention
CVE-2005-3582 version (ImageMagick) gentoo only
**CVE-2005-3675 ** kernel (optack)
**CVE-2005-3671 VULNERABLE (openswan, fixed 2.4.4)
**CVE-2005-3573 VULNERABLE (mailman)
CVE-2005-3527 version (kernel, fixed 2.6.14 at least)
CVE-2005-3402 ignore (thunderbird) mozilla say by design
CVE-2005-3392 version (php, not 5.0)
CVE-2005-3391 version (php, not 5.0)
**CVE-2005-3390 backport (php)
**CVE-2005-3389 backport (php)
**CVE-2005-3388 backport (php)
CVE-2005-3353 version (php, not 5.0)
CVE-2005-3351 version (spamassassin, fixed 3.1.0)
CVE-2005-3322 version (squid, not upstream) SUSE only
CVE-2005-3319 ignore (mod_php) no security consequence
CVE-2005-3313 backport (ethereal, fixed after 0.10.13)
CVE-2005-3276 version (kernel, fixed 2.6.12.4)
CVE-2005-3275 version (kernel, fixed 2.6.13)
CVE-2005-3274 version (kernel, fixed 2.6.13)
CVE-2005-3273 version (kernel, fixed 2.6.12)
CVE-2005-3272 version (kernel, fixed 2.6.13)
CVE-2005-3271 version (kernel, fixed 2.6.9)
CVE-2005-3258 version (squid, fixed 2.5STABLE12)
**CVE-2005-3257 VULNERABLE (kernel)
CVE-2005-3249 version (ethereal, fixed 0.10.13)
CVE-2005-3248 version (ethereal, fixed 0.10.13)
CVE-2005-3247 version (ethereal, fixed 0.10.13)
CVE-2005-3246 version (ethereal, fixed 0.10.13)
CVE-2005-3245 version (ethereal, fixed 0.10.13)
CVE-2005-3244 version (ethereal, fixed 0.10.13)
CVE-2005-3243 version (ethereal, fixed 0.10.13)
CVE-2005-3242 version (ethereal, fixed 0.10.13)
CVE-2005-3241 version (ethereal, fixed 0.10.13)
**CVE-2005-3186 backport (gdk-pixbuf)
**CVE-2005-3186 backport (gtk2)
**CVE-2005-3185 blocked (curl) by FORTIFY_SOURCE
**CVE-2005-3185 blocked (wget) by FORTIFY_SOURCE
CVE-2005-3184 version (ethereal, fixed 0.10.13)
**CVE-2005-3183 backport (w3c-libwww)
CVE-2005-3181 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3180 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3179 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3164 version (tomcat, not 5)
**CVE-2005-3120 backport (lynx)
CVE-2005-3119 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3110 version (kernel, fixed 2.6.12)
CVE-2005-3109 version (kernel, fixed 2.6.12)
CVE-2005-3108 version (kernel, fixed 2.6.12)
CVE-2005-3107 version (kernel, fixed 2.6.11)
CVE-2005-3106 version (kernel, fixed 2.6.11)
CVE-2005-3105 version (kernel, fixed 2.6.12)
CVE-2005-3089 version (firefox, fixed 1.0.7)
**CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped
CVE-2005-3055 version (kernel, fixed 2.6.14 at least)
CVE-2005-3054 ignore (php) see bz#169857
CVE-2005-3053 version (kernel)
CVE-2005-3044 version (kernel, fixed 2.6.13.2)
**CVE-2005-3011 backport (texinfo)
CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
CVE-2005-2978 version (netpbm, fixed 10.25)
**CVE-2005-2977 backport (pam)
**CVE-2005-2976 backport (gdk-pixbuf)
**CVE-2005-2975 backport (gdk-pixbuf)
**CVE-2005-2975 backport (gtk2)
CVE-2005-2973 version (kernel, 2.6.14 at least)
CVE-2005-2970 VULNERABLE (httpd, fixed 2.0.55)
CVE-2005-2969 version (openssl, fixed 0.9.8a)
CVE-2005-2969 backport (openssl097a, fixed 0.9.7h)
CVE-2005-2968 version (mozilla, not 1.7.10)
CVE-2005-2968 version (firefox)
CVE-2005-2968 version (thunderbird)
CVE-2005-2959 ignore (sudo) not a vulnerability
CVE-2005-2946 version (openssl, fixed 0.9.8)
**CVE-2005-2933 VULNERABLE (uw-imap) bz#171345
**CVE-2005-2929 backport (lynx)
CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
**CVE-2005-2876 backport (util-linux)
CVE-2005-2874 version (cups, fixed 1.1.23)
**CVE-2005-2873 VULNERABLE (kernel) not upstream fixed
CVE-2005-2872 version (kernel, fixed 2.6.12)
CVE-2005-2871 version (firefox, fixed 1.0.7)
CVE-2005-2871 version (mozilla, fixed 1.7.12)
CVE-2005-2871 version (thunderbird)
CVE-2005-2811 version (net-snmp, not upstream) gentoo only
CVE-2005-2801 version (kernel, fixed 2.6.11)
CVE-2005-2800 version (kernel, fixed 2.6.12.6)
CVE-2005-2798 version (openssh, fixed 4.2)
CVE-2005-2797 version (openssh, fixed 4.2)
CVE-2005-2796 version (squid, fixed 2.5.STABLE11)
CVE-2005-2794 version (squid, fixed 2.5.STABLE11)
CVE-2005-2728 backport (httpd, fixed 2.0.55)
CVE-2005-2710 version (HelixPlayer, fixed 1.0.6)
CVE-2005-2708 ignore (kernel) not reproducable on x86_64
CVE-2005-2707 version (thunderbird)
CVE-2005-2707 version (firefox, fixed 1.0.7)
CVE-2005-2707 version (mozilla, fixed 1.7.12)
CVE-2005-2706 version (thunderbird)
CVE-2005-2706 version (firefox, fixed 1.0.7)
CVE-2005-2706 version (mozilla, fixed 1.7.12)
CVE-2005-2705 version (thunderbird)
CVE-2005-2705 version (firefox, fixed 1.0.7)
CVE-2005-2705 version (mozilla, fixed 1.7.12)
CVE-2005-2704 version (thunderbird)
CVE-2005-2704 version (firefox, fixed 1.0.7)
CVE-2005-2704 version (mozilla, fixed 1.7.12)
CVE-2005-2703 version (thunderbird)
CVE-2005-2703 version (firefox, fixed 1.0.7)
CVE-2005-2703 version (mozilla, fixed 1.7.12)
CVE-2005-2702 version (thunderbird)
CVE-2005-2702 version (firefox, fixed 1.0.7)
CVE-2005-2702 version (mozilla, fixed 1.7.12)
CVE-2005-2701 version (firefox, fixed 1.0.7)
CVE-2005-2701 version (mozilla, fixed 1.7.12)
CVE-2005-2700 backport (httpd, fixed 2.0.55)
**CVE-2005-2693 backport (cvs) [since FEDORA-2005-790]
**CVE-2005-2672 backport (lm_sensors) [since FEDORA-2005-1053]
**CVE-2005-2666 VULNERABLE (openssh) see bz#162681
CVE-2005-2642 version (mutt, openbsd only)
**CVE-2005-2641 VULNERABLE (pam_ldap) bz#166164
CVE-2005-2629 version (HelixPlayer, fixed 1.0.6)
CVE-2005-2617 version (kernel, fixed 2.6.12.5)
**CVE-2005-2602 VULNERABLE (firefox) probably
**CVE-2005-2602 VULNERABLE (thunderbird) probably
CVE-2005-2558 ignore (mysql) not an issue
CVE-2005-2558 version (mysql, fixed 4.1.13)
CVE-2005-2555 version (kernel, fixed 2.6.12.6pre)
CVE-2005-2553 version (kernel, not 2.6)
CVE-2005-2550 version (evolution, fixed after 2.3.6.1)
CVE-2005-2549 version (evolution, fixed after 2.3.6.1)
CVE-2005-2548 version (kernel, fixed 2.6.9) only affected 2.6.8
CVE-2005-2547 version (bluez-pin, fixed 2.19) not before 2.16
CVE-2005-2541 ignore (tar) is documented behaviour
CVE-2005-2500 version (kernel, fixed 2.6.13)
CVE-2005-2498 version (php xml_rpc, fixed 1.4.0)
CVE-2005-2496 backport (ntp, fixed 4.2.0b) ...0a-20040617-ntpd_guid.patch
**CVE-2005-2495 backport (xorg-x11) [since FEDORA-2005-894]
CVE-2005-2494 version (kdebase, fixed after 3.4.2)
CVE-2005-2491 ignore (python, fc4 python does not contain pcre)
CVE-2005-2491 version (pcre, fixed 6.2)
CVE-2005-2491 ignore (httpd, pcre uses system pcre)
CVE-2005-2491 ignore (php, pcre uses system pcre)
CVE-2005-2492 version (kernel, fixed 2.6.13.1)
CVE-2005-2490 version (kernel, fixed 2.6.13.1)
**CVE-2005-2475 VULNERABLE (unzip) bz#164928
**CVE-2005-2471 backport (netpbm) [since FEDORA-2005-728]
CVE-2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible
CVE-2005-2458 version (kernel, fixed 2.6.12.5)
CVE-2005-2457 version (kernel, fixed 2.6.12.5)
CVE-2005-2456 version (kernel, fixed 2.6.12.5)
CVE-2005-2452 version (libtiff, fixed 3.7.0)
CVE-2005-2448 version (kdenetwork, fixed 3.4.2)
CVE-2005-2414 ignore (mozilla) not being fixed upstream, just a crash
CVE-2005-2410 version (NetworkManager, fixed 5.0)
**CVE-2005-2395 VULNERABLE (firefox) not fixed upstream, maybe not security
CVE-2005-2370 version (kdenetwork, fixed 3.4.2)
CVE-2005-2370 version (gaim, fixed 1.5.0)
CVE-2005-2369 version (kdenetwork, fixed 3.4.2)
CVE-2005-2368 version (vim, fixed 6.3.086 at least)
CVE-2005-2367 version (ethereal, fixed 0.10.12)
CVE-2005-2366 version (ethereal, fixed 0.10.12)
CVE-2005-2365 version (ethereal, fixed 0.10.12)
CVE-2005-2364 version (ethereal, fixed 0.10.12)
CVE-2005-2363 version (ethereal, fixed 0.10.12)
CVE-2005-2362 version (ethereal, fixed 0.10.12)
CVE-2005-2361 version (ethereal, fixed 0.10.12)
CVE-2005-2360 version (ethereal, fixed 0.10.12)
CVE-2005-2353 ignore (thunderbird) debug mode only
CVE-2005-2337 version (ruby, fixed 1.8.3)
**CVE-2005-2335 backport (fetchmail) [since FEDORA-2005-613]
CVE-2005-2270 version (firefox, fixed 1.0.5)
CVE-2005-2270 version (mozilla, fixed 1.7.9)
CVE-2005-2270 version (thunderbird, fixed 1.0.5)
CVE-2005-2269 version (firefox, fixed 1.0.5)
CVE-2005-2269 version (mozilla, fixed 1.7.9)
CVE-2005-2269 version (thunderbird, fixed 1.0.5)
CVE-2005-2268 version (firefox, fixed 1.0.5)
CVE-2005-2268 version (mozilla, fixed 1.7.9)
CVE-2005-2267 version (mozilla, fixed 1.7.9)
CVE-2005-2267 version (firefox, fixed 1.0.5)
CVE-2005-2266 version (firefox, fixed 1.0.5)
CVE-2005-2266 version (mozilla, fixed 1.7.9)
CVE-2005-2266 version (thunderbird, fixed 1.0.5)
CVE-2005-2265 version (firefox, fixed 1.0.5)
CVE-2005-2265 version (mozilla, fixed 1.7.9)
CVE-2005-2265 version (thunderbird, fixed 1.0.5)
CVE-2005-2264 version (firefox, fixed 1.0.5)
CVE-2005-2263 version (firefox, fixed 1.0.5)
CVE-2005-2263 version (mozilla, fixed 1.7.9)
CVE-2005-2262 version (firefox, fixed 1.0.5)
CVE-2005-2261 version (thunderbird, fixed 1.0.5)
CVE-2005-2261 version (firefox, fixed 1.0.5)
CVE-2005-2261 version (mozilla, fixed 1.7.9)
CVE-2005-2260 version (firefox, fixed 1.0.5)
CVE-2005-2260 version (mozilla, fixed 1.7.9)
CVE-2005-2177 version (net-snmp, fixed 5.2.1.2)
CVE-2005-2114 version (firefox, fixed 1.0.5)
CVE-2005-2114 version (mozilla, fixed 1.7.9)
CVE-2005-2104 version (sysreport, fixed 1.4.1-5)
CVE-2005-2103 version (gaim, fixed 1.5.0)
CVE-2005-2102 version (gaim, fixed 1.5.0)
**CVE-2005-2101 backport (kdeedu) [since FEDORA-2005-744]
CVE-2005-2100 version (kernel, not upstream) only RHEL4
CVE-2005-2099 version (kernel, fixed 2.6.12.5)
CVE-2005-2098 version (kernel, fixed 2.6.12.5)
**CVE-2005-2097 backport (cups) [since FEDORA-2005-732]
CVE-2005-2097 version (xpdf, fixed 3.0.1)
**CVE-2005-2096 backport (zlib) [since FEDORA-2005-523]
**CVE-2005-2096 backport (rpm) [since FEDORA-2005-565]
CVE-2005-2095 version (squirrelmail, fixed 1.4.5) since
CVE-2005-2088 backport (httpd, fixed 2.0.55)
**CVE-2005-2069 backport (openldap) [since FEDORA-2005-992]
**CVE-2005-2069 VULNERABLE (nss_ldap) http://bugzilla.padl.com/attachment.cgi?id=10&action=view
CVE-2005-2023 version (gnupg, fixed 1.9.15)
CVE-2005-1993 version (sudo, fixed 1.6.8p9)
CVE-2005-1992 version (ruby, fixed 1.8.3 at least)
CVE-2005-1937 version (firefox, fixed 1.0.5)
CVE-2005-1937 version (mozilla, fixed 1.7.9)
CVE-2005-1934 version (gaim, fixed 1.3.1)
CVE-2005-1921 version (php, fixed xml_rpm 1.3.1)
CVE-2005-1920 version (kdelibs, fixed 3.4.1)
CVE-2005-1913 version (kernel, fixed 2.6.12.2)
CVE-2005-1852 version (kdenetwork, fixed 3.4.2)
CVE-2005-1849 version (zlib, fixed 1.2.3)
CVE-2005-1831 ignore (sudo) unsubstantiated report
CVE-2005-1769 version (squirrelmail, fixed 1.4.5) since
CVE-2005-1768 version (kernel, fixed 2.6.6)
CVE-2005-1767 version (kernel, fixed 2.6.7)
CVE-2005-1766 version (HelixPlayer, fixed 1.0.5)
CVE-2005-1765 version (kernel, fixed 2.6.12)
CVE-2005-1764 version (kernel, fixed 2.6.12)
CVE-2005-1763 version (kernel, fixed 2.6.12)
CVE-2005-1762 version (kernel, fixed 2.6.12)
CVE-2005-1761 version (kernel, fixed 2.6.12.2)
**CVE-2005-1760 VULNERABLE (sysreport)
CVE-2005-1759 ignore (openldap, fixed shtool 2.0.2) flawed code path not used
**CVE-2005-1759 VULNERABLE (openldap)
**CVE-2005-1759 VULNERABLE (php)
**CVE-2005-1751 VULNERABLE (nmap, fixed shtool 2.0.2) #158996
CVE-2005-1751 ignore (openldap, fixed shtool 2.0.2) flawed code path not used
CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
**CVE-2005-1740 backport (net-snmp, not fixed)
CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
**CVE-2005-1705 backport (gdb) [since FEDORA-2005-1033]
**CVE-2005-1704 backport (gdb) [since FEDORA-2005-1033]
**CVE-2005-1704 backport (binutils) ...eadelf-overflows.patch [since FEDORA-2005-498]
**CVE-2005-1689 backport (krb5) [since FEDORA-2005-553]
CVE-2005-1686 ignore (gedit, not a vulnerability)
CVE-2005-1636 version (mysql, fixed 4.1.12)
CVE-2005-1589 version (kernel, fixed 2.6.11.10)
CVE-2005-1571 version (php, fixed shtool 2.0.2)
CVE-2005-1544 version (libtiff, fixed 3.7.1 at least)
CVE-2005-1532 version (firefox, fixed 1.0.4)
CVE-2005-1532 version (thunderbird)
CVE-2005-1532 version (mozilla, fixed 1.7.8)
CVE-2005-1531 version (firefox, fixed 1.0.4)
CVE-2005-1531 version (mozilla, fixed 1.7.8)
CVE-2005-1519 version (squid, fixed 2.5.STABLE10)
CVE-2005-1470 version (ethereal, fixed 0.10.11)
CVE-2005-1469 version (ethereal, fixed 0.10.11)
CVE-2005-1468 version (ethereal, fixed 0.10.11)
CVE-2005-1467 version (ethereal, fixed 0.10.11)
CVE-2005-1466 version (ethereal, fixed 0.10.11)
CVE-2005-1465 version (ethereal, fixed 0.10.11)
CVE-2005-1464 version (ethereal, fixed 0.10.11)
CVE-2005-1463 version (ethereal, fixed 0.10.11)
CVE-2005-1462 version (ethereal, fixed 0.10.11)
CVE-2005-1461 version (ethereal, fixed 0.10.11)
CVE-2005-1460 version (ethereal, fixed 0.10.11)
CVE-2005-1459 version (ethereal, fixed 0.10.11)
CVE-2005-1458 version (ethereal, fixed 0.10.11)
CVE-2005-1457 version (ethereal, fixed 0.10.11)
CVE-2005-1456 version (ethereal, fixed 0.10.11)
CVE-2005-1455 version (freeradius, fixed 1.0.3)
CVE-2005-1454 version (freeradius, fixed 1.0.3)
CVE-2005-1431 version (gnutls, fixed 1.0.25)
CVE-2005-1410 version (postgresql, fixed 8.0.2)
CVE-2005-1409 version (postgresql, fixed 8.0.1)
CVE-2005-1369 version (kernel, fixed 2.6.12)
CVE-2005-1368 version (kernel, fixed 2.6.12)
CVE-2005-1345 version (squid, fixed 2.5.STABLE10)
CVE-2005-1344 ignore (httpd) not a vulnerability
CVE-2005-1281 version (ethereal, fixed 0.10.11)
**CVE-2005-1280 backport (tcpdump, not fixed in 3.8.3) in srpm
**CVE-2005-1279 backport (tcpdump, not fixed in 3.8.3) in srpm
**CVE-2005-1278 backport (tcpdump, not fixed in 3.8.3) in srpm
CVE-2005-1277 ignore (dupe)
CVE-2005-1275 version (ImageMagick, fixed 6.2.2)
CVE-2005-1269 version (gaim, fixed 1.3.1)
CVE-2005-1268 backport (httpd, fixed 2.0.55)
**CVE-2005-1267 backport (tcpdump) [since FEDORA-2005-407]
CVE-2005-1266 version (spamassassin, fixed 3.0.4)
CVE-2005-1265 version (kernel)
CVE-2005-1264 version (kernel)
CVE-2005-1263 version (kernel)
CVE-2005-1262 version (gaim, fixed 1.3.0)
CVE-2005-1261 version (gaim, fixed 1.3.0)
**CVE-2005-1260 backport (bzip2) in srpm [since re0522.0]
**CVE-2005-1229 backport (cpio) from srpm [since re0522.0]
CVE-2005-1228 backport (gzip) from srpm
**CVE-2005-1194 backport (nasm) from srpm
CVE-2005-1184 ignore (kernel) expected to not be an issue
**CVE-2005-1175 backport (krb5) [since FEDORA-2005-553]
**CVE-2005-1174 backport (krb5) [since FEDORA-2005-553]
CVE-2005-1160 version (firefox, mozilla)
CVE-2005-1160 version (thunderbird)
CVE-2005-1159 version (firefox, mozilla)
CVE-2005-1159 version (thunderbird)
CVE-2005-1158 version (firefox, fixed 1.0.3)
CVE-2005-1157 version (firefox, mozilla)
CVE-2005-1156 version (firefox, mozilla)
CVE-2005-1155 version (firefox, mozilla)
CVE-2005-1154 version (firefox, mozilla)
CVE-2005-1153 version (firefox, mozilla)
**CVE-2005-1111 backport (cpio) from srpm
CVE-2005-1065 version (tetex, not upstream)
CVE-2005-1061 version (logwatch, in 4.3.2 at least)
CVE-2005-1046 version (kdelibs, fixed after 3.4.0)
CVE-2005-1043 version (php, fixed 4.3.11)
CVE-2005-1042 version (php, fixed 4.3.11)
CVE-2005-1041 version (kernel, fixed 2.6.12)
CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue
**CVE-2005-1038 backport (vixie-cron) from srpm
**CVE-2005-0990 backport (sharutils) from srpm
CVE-2005-0989 version (mozilla, fixed 1.7.7)
CVE-2005-0989 version (firefox, fixed 1.0.3)
CVE-2005-0989 version (thunderbird)
CVE-2005-0988 backport (gzip) from srpm
CVE-2005-0977 version (kernel, fixed 2.6.11)
CVE-2005-0967 version (gaim, fixed 1.2.1)
CVE-2005-0966 version (gaim, fixed 1.2.1)
CVE-2005-0965 version (gaim, fixed 1.2.1)
**CVE-2005-0953 backport (bzip2) in srpm
CVE-2005-0941 version (ooffice, fixed 1.9 m95)
CVE-2005-0937 version (kernel, fixed 2.6.11)
CVE-2005-0916 version (kernel, fixed 2.6.12)
CVE-2005-0891 version (gtk2, fixed 2.2.4)
CVE-2005-0867 version (kernel, fixed 2.6.11)
CVE-2005-0866 version (cdrecord, DEBUG isn't enabled anyway)
CVE-2005-0839 version (kernel, fixed 2.6.11)
CVE-2005-0815 version (kernel, fixed 2.6.11.6)
CVE-2005-0808 version (tomcat, fixed 5.x)
CVE-2005-0806 version (evolution, fixed 2.0.4)
CVE-2005-0799 version (mysql, not linux)
CVE-2005-0767 version (kernel, fixed 2.6.11)
CVE-2005-0766 version (ethereal, fixed after 0.10.9)
CVE-2005-0765 version (ethereal, fixed after 0.10.9)
CVE-2005-0763 version (mc, fixed 4.6.0)
CVE-2005-0762 version (ImageMagick, fixed 6.0)
CVE-2005-0761 version (ImageMagick, fixed 6.1.8)
CVE-2005-0760 version (ImageMagick, fixed 6.0)
CVE-2005-0759 version (ImageMagick, fixed 6.0)
CVE-2005-0758 version (gzip, fixed 1.3.5)
**CVE-2005-0758 VULNERABLE (bzip2) by inspection bz#159819
CVE-2005-0757 version (kernel, not 2.6)
CVE-2005-0756 version (kernel, fixed 2.6.12)
CVE-2005-0755 version (HelixPlayer, fixed 10.0.4)
CVE-2005-0754 version (kdewebdev, fixed after 3.4.0)
**CVE-2005-0753 backport (cvs, fixed 1.12.12) in cvs-1.11.17-CAN-2005-0753.patch
CVE-2005-0752 version (firefox, fixed 1.0.3)
CVE-2005-0750 version (kernel, fixed 2.6.11.6)
CVE-2005-0749 version (kernel, fixed 2.6.11.6)
CVE-2005-0739 version (ethereal, fixed after 0.10.9)
CVE-2005-0736 version (kernel, fixed 2.6.11)
CVE-2005-0718 version (squid, fixed 2.5.STABLE8)
CVE-2005-0711 version (mysql, fixed 4.1.11)
CVE-2005-0710 version (mysql, fixed 4.1.11)
CVE-2005-0709 version (mysql, fixed 4.1.11)
CVE-2005-0705 version (ethereal, fixed after 0.10.9)
CVE-2005-0704 version (ethereal, fixed after 0.10.9)
CVE-2005-0698 version (ethereal, fixed after 0.10.9)
CVE-2005-0664 version (libexif, fixed 0.6.12)
CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless
CVE-2005-0627 version (qt, fixed 3.3.4)
CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
**CVE-2005-0605 backport (xorg-x11) ...-fix-CAN-2005-0605.patch
**CVE-2005-0602 VULNERABLE (unzip, fixed 5.52) not in srpm
CVE-2005-0596 version (php, fixed 5.0)
CVE-2005-0593 version (firefox, mozilla)
CVE-2005-0592 version (firefox, mozilla)
CVE-2005-0591 version (firefox, fixed 1.0.1)
CVE-2005-0590 version (firefox, mozilla, thunderbird)
CVE-2005-0589 version (firefox, fixed 1.0.1)
CVE-2005-0588 version (firefox, mozilla)
CVE-2005-0587 version (firefox, mozilla)
CVE-2005-0586 version (firefox, mozilla)
CVE-2005-0585 version (firefox, mozilla)
CVE-2005-0584 version (firefox, mozilla)
CVE-2005-0578 version (firefox, mozilla)
CVE-2005-0532 version (kernel, fixed 2.6.11)
CVE-2005-0531 version (kernel, fixed 2.6.11)
CVE-2005-0530 version (kernel, fixed 2.6.11)
CVE-2005-0529 version (kernel, fixed 2.6.11)
CVE-2005-0527 version (mozilla, fixed 1.7.6)
CVE-2005-0527 version (firefox, fixed 1.0.1)
CVE-2005-0525 version (php, fixed 5.0.4)
CVE-2005-0524 version (php, fixed 5.0.4)
CVE-2005-0504 version (kernel, doesn't build in 2.6)
CVE-2005-0490 version (curl, fixed 7.13.1)
**CVE-2005-0488 backport (telnet) since ga
**CVE-2005-0488 backport (krb5) [since FEDORA-2005-553]
CVE-2005-0473 version (gaim, fixed 1.1.3)
CVE-2005-0472 version (gaim, fixed 1.1.3)
CVE-2005-0469 version (krb5, fixed 1.4.1)
**CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
CVE-2005-0468 version (krb5, fixed 1.4.1)
**CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
CVE-2005-0449 version (kernel, fixed 2.6.11)
**CVE-2005-0448 VULNERABLE (perl) bz#173793
CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020
CVE-2005-0403 version (kernel, not upstream)
CVE-2005-0402 version (firefox, fixed 1.0.2)
CVE-2005-0401 version (firefox, fixed 1.0.2)
CVE-2005-0401 version (mozilla, fixed 1.7.7)
CVE-2005-0400 version (kernel, fixed in 2.6.11.6)
CVE-2005-0399 version (mozilla, Firefox, thunderbird)
CVE-2005-0398 version (ipsec-tools, fixed 0.5)
CVE-2005-0397 version (ImageMagick, fixed 6.0.2.5)
CVE-2005-0396 version (kdelibs, fixed 3.4.0)
CVE-2005-0384 version (kernel, fixed 2.6.11.4)
CVE-2005-0372 version (gftp, fixed in 2.0.18 at least)
CVE-2005-0365 version (kdelibs, not 3.4)
CVE-2005-0337 version (postfix, not 2.2)
CVE-2005-0255 version (mozilla, fixed 1.7.6)
CVE-2005-0255 version (thunderbird, fixed 1.0.2)
CVE-2005-0255 version (firefox, fixed 1.0.1)
CVE-2005-0247 version (postgresql, fixed after 8.0)
CVE-2005-0246 version (postgresql, fixed 8.0.1)
CVE-2005-0245 version (postgresql, fixed 8.0.1)
CVE-2005-0244 version (postgresql, fixed 8.0.1)
CVE-2005-0241 version (squid, fixed 2.5.STABLE8)
CVE-2005-0238 version (epiphany, fixed since mozilla 1.7.6)
CVE-2005-0237 version (kdelibs, fixed 3.4.0)
CVE-2005-0233 version (mozilla, fixed 1.7.6)
CVE-2005-0233 version (firefox, fixed 1.0.1)
CVE-2005-0232 version (mozilla, fixed 1.7.6)
CVE-2005-0232 version (firefox, fixed 1.0.1)
CVE-2005-0231 version (mozilla, fixed 1.7.6)
CVE-2005-0231 version (firefox, fixed 1.0.1)
CVE-2005-0230 version (mozilla, fixed 1.7.6)
CVE-2005-0230 version (thunderbird, fixed 1.0.2)
CVE-2005-0230 version (firefox, fixed 1.0.1)
CVE-2005-0227 version (postgresql, fixed 8.0.1)
CVE-2005-0215 version (mozilla)
CVE-2005-0211 version (squid, fixed 2.5.STABLE8)
CVE-2005-0210 version (kernel, fixed 2.6.11)
CVE-2005-0209 version (kernel, fixed 2.6.11)
CVE-2005-0208 version (gaim, fixed 1.1.4)
CVE-2005-0207 version (kernel, fixed 2.6.11)
CVE-2005-0206 version (xpdf, only bad patch for 2004-0888)
CVE-2005-0205 version (kdenetwork, not 3.3 onwards)
CVE-2005-0204 version (kernel, didn't affect upstream)
CVE-2005-0202 version (mailman, fixed 2.1.6)
**CVE-2005-0201 backport (dbus) [since FEDORA-2005-822]
CVE-2005-0194 version (squid, fixed 2.5.STABLE8)
CVE-2005-0180 version (kernel, fixed 2.6.11)
CVE-2005-0179 version (kernel, fixed 2.6.11)
CVE-2005-0178 version (kernel, fixed 2.6.11)
CVE-2005-0177 version (kernel, fixed 2.6.11)
CVE-2005-0176 version (kernel, only affected 2.6.9)
CVE-2005-0175 version (squid, fixed 2.5.STABLE8)
CVE-2005-0174 version (squid, fixed 2.5.STABLE8)
CVE-2005-0173 version (squid, fixed 2.5.STABLE8)
CVE-2005-0162 version (openswan, fixed 2.3.0)
**CVE-2005-0156 backport (perl, not 5.8.6) perl-5.8.5-CAN-2005-0155+0156.patch
**CVE-2005-0155 backport (perl, not 5.8.6) perl-5.8.5-CAN-2005-0155+0156.patch
CVE-2005-0152 version (squirrelmail, not 1.4)
CVE-2005-0150 version (firefox, fixed 1.0)
CVE-2005-0149 version (mozilla, firefox)
CVE-2005-0147 version (mozilla, firefox)
CVE-2005-0146 version (mozilla, firefox)
CVE-2005-0145 version (firefox, fixed 1.0)
CVE-2005-0144 version (mozilla, firefox)
CVE-2005-0143 version (mozilla, firefox)
CVE-2005-0142 version (mozilla, firefox, thunderbird)
CVE-2005-0141 version (mozilla, firefox)
CVE-2005-0137 version (kernel, not 2.6)
CVE-2005-0135 version (kernel, fixed 2.6.11)
CVE-2005-0124 version (kernel, fixed 2.6.11)
CVE-2005-0109 backport (openssl097a)
CVE-2005-0109 version (openssl, not 0.9.8a)
CVE-2005-0104 version (squirrelmail, fixed 1.4.4)
CVE-2005-0103 version (squirrelmail, fixed 1.4.4)
CVE-2005-0102 version (evolution-data-server, fixed 1.2.2 at least)
CVE-2005-0100 version (emacs, fixed 21.4 at least)
CVE-2005-0097 version (squid, fixed 2.5.STABLE8)
CVE-2005-0096 version (squid, fixed 2.5.STABLE8)
CVE-2005-0095 version (squid, fixed 2.5.STABLE8)
CVE-2005-0094 version (squid, fixed 2.5.STABLE8)
CVE-2005-0092 version (kernel, not affected)
CVE-2005-0091 version (kernel, not affected)
CVE-2005-0090 version (kernel, not affected)
CVE-2005-0089 version (python, fixed 2.4.1 at least)
CVE-2005-0088 version (mod_python, fixed after 2.7.8)
CVE-2005-0087 version (alsa-lib, fixed 1.0.9)
CVE-2005-0086 version (less, didn't affect upstream)
CVE-2005-0085 version (htdig, fixed 3.1.6-r7)
CVE-2005-0084 version (ethereal, fixed 0.10.9)
CVE-2005-0080 version (mailman, not upstream)
CVE-2005-0078 version (kde, fixed 3.0.5)
CVE-2005-0077 version (perl-DBI, fixed in 1.48 at least)
CVE-2005-0075 version (squirrelmail, fixed 1.4.4)
**CVE-2005-0069 backport (vim) in vim-6.3-tmpfile.patch
CVE-2005-0064 version (tetex, fixed 3.0)
CVE-2005-0064 version (kpdf, not 3.4)
**CVE-2005-0064 backport (cups) patch in SRPM
CVE-2005-0064 version (xpdf, fixed 3.0.1)
CVE-2005-0039 ignore (not a vulnerability) don't do this says the rfc
CVE-2005-0034 version (bind, fixed after 9.3.0)
CVE-2005-0033 version (bind, not 9)
CVE-2005-0023 ignore (libvte) not a security risk
CVE-2005-0014 version (ncpfs, fixed 2.2.6)
CVE-2005-0013 version (ncpfs, fixed 2.2.6)
CVE-2005-0011 version (kdeedu, not 3.4)
CVE-2005-0010 version (ethereal, fixed 0.10.9)
CVE-2005-0009 version (ethereal, fixed 0.10.9)
CVE-2005-0008 version (ethereal, fixed 0.10.9)
CVE-2005-0007 version (ethereal, fixed 0.10.9)
CVE-2005-0006 version (ethereal, fixed 0.10.9)
CVE-2005-0005 version (ImageMagick, fixed after 6.1.7)
CVE-2005-0004 version (mysql, fixed 4.1.10)
CVE-2005-0003 version (kernel, fixed 2.6.10)
CVE-2005-0001 version (kernel, fixed 2.6.10)
CVE-2004-2546 version (samba, fixed 3.0.6)
**CVE-2004-2541 blocked (cscope) by FORTIFY_SOURCE
CVE-2004-2536 version (kernel, fixed 2.6.7)
CVE-2004-2531 version (gnutls, fixed 1.0.17)
CVE-2004-2480 ignore (squid) bz#166523, not reproducable
CVE-2004-2479 version (squid, fixed 2.5.STABLE8)
CVE-2004-2396 version (passwd, fixed 0.69)
CVE-2004-2395 version (passwd, fixed 0.69)
CVE-2004-2394 version (passwd, fixed 0.69)
CVE-2004-2392 version (libuser, fixed 0.51.10)
CVE-2004-2343 ignore (httpd) not a security issue
CVE-2004-2302 version (kernel, fixed 2.6.10)
CVE-2004-2259 version (vsftpd, fixed 1.2.2)
CVE-2004-2228 version (firefox, fixed 1.0)
CVE-2004-2227 version (firefox, fixed 1.0)
CVE-2004-2225 version (firefox, fixed 0.10.1)
CVE-2004-2154 version (cups, fixed 1.2.21rc1)
CVE-2004-2149 version (mysql, fixed 4.1.5)
CVE-2004-2136 ignore (dm-crypt) design
CVE-2004-2135 ignore (kernel) design
CVE-2004-2093 ignore (rsync, not security issue)
CVE-2004-2069 version (openssh, not 4)
CVE-2004-2014 version (wget, fixed 1.10.1)
CVE-2004-2013 ignore (kernel, not 2.6, also not exploitable)
CVE-2004-2004 version (SUSE configuration only)
CVE-2004-1880 version (openldap, fixed 2.2.21)
CVE-2004-1834 version (httpd, fixed 2.0.50)
**CVE-2004-1773 backport (sharutils) from srpm
**CVE-2004-1772 backport (sharutils) from srpm
CVE-2004-1761 version (ethereal, fixed 0.10.3)
CVE-2004-1689 version (sudo, fixed 1.6.8p1)
CVE-2004-1653 ignore (openssh)
CVE-2004-1639 version (mozilla, firefox)
CVE-2004-1617 ignore (lynx) not able to verify flaw
CVE-2004-1614 version (mozilla, fixed 1.7.5)
CVE-2004-1613 version (mozilla, fixed 1.7.5)
CVE-2004-1488 version (wget, fixed 1.10.1)
**CVE-2004-1471 version (cvs, fixed 1.12.9)
CVE-2004-1453 version (glibc, fixed 2.3.5)
CVE-2004-1452 version (tomcat, fixed 5.0.27-r3)
CVE-2004-1451 version (mozilla, firefox, thunderbird)
CVE-2004-1450 version (mozilla, firefox, thunderbird)
CVE-2004-1449 version (mozilla, firefox, thunderbird)
CVE-2004-1392 version (php, fixed 5.0.4)
CVE-2004-1382 version (glibc, not 2.3.5)
CVE-2004-1381 version (firefox, mozilla)
CVE-2004-1380 version (firefox, mozilla)
**CVE-2004-1377 backport (a2ps, fixed 4.13?) patch included in srpm
CVE-2004-1337 version (kernel, fixed 2.6.11)
CVE-2004-1336 version (tetex, fixed 3.0 at least)
CVE-2004-1335 version (kernel, fixed 2.6.10)
CVE-2004-1334 version (kernel, fixed 2.6.10)
CVE-2004-1333 version (kernel, fixed 2.6.10)
CVE-2004-1316 version (thunderbird, fixed 0.9)
CVE-2004-1316 version (mozilla, fixed 1.7.5)
CVE-2004-1308 version (libtiff, fixed in 3.7.1 at least)
CVE-2004-1307 version (libtiff, was already fixed with 0886)
CVE-2004-1304 version (file, fixed 4.12)
CVE-2004-1296 backport (groff) from srpm
CVE-2004-1287 backport (nasm) from srpm
CVE-2004-1270 version (cups, fixed 1.1.23)
CVE-2004-1269 version (cups, fixed 1.1.23)
CVE-2004-1268 version (cups, fixed 1.1.23)
CVE-2004-1267 version (cups, fixed 1.1.23)
CVE-2004-1237 version (kernel, not upstream)
CVE-2004-1235 version (kernel, fixed 2.6.11)
CVE-2004-1234 version (kernel, not 2.6)
CVE-2004-1224 version (mtr, fixed after 0.65)
CVE-2004-1200 ignore (firefox, mozilla) not a security issue
CVE-2004-1191 version (kernel, fixed 2.6.9)
CVE-2004-1190 version (kernel, fixed 2.6.10)
CVE-2004-1189 version (krb5, fixed 1.4)
CVE-2004-1186 backport (enscript) in srpm
CVE-2004-1185 backport (enscript) in srpm
CVE-2004-1184 backport (enscript) in srpm
CVE-2004-1183 version (libtiff, fixed 3.7.2)
CVE-2004-1180 version (rwho, fixed 0.17)
CVE-2004-1177 version (mailman, fixed 2.1.6)
CVE-2004-1176 version (mc, fixed 4.6.0)
CVE-2004-1175 version (mc, fixed 4.6.0)
CVE-2004-1174 version (mc, fixed 4.6.0)
CVE-2004-1171 version (kdelibs, not 3.4)
**CVE-2004-1170 backport (a2ps) fixed 4.13b-40 from srpm
CVE-2004-1165 version (kdelibs, not 3.4)
CVE-2004-1158 version (kdelibs, not 3.4)
CVE-2004-1156 version (mozilla, firefox)
CVE-2004-1154 version (samba, fixed 3.0.10)
CVE-2004-1151 version (kernel, fixed 2.6.10)
CVE-2004-1145 version (kde, not 3.4)
CVE-2004-1144 version (kernel, not 2.6)
CVE-2004-1143 version (mailman, fixed 2.1.5)
CVE-2004-1142 version (ethereal, fixed 0.10.8)
CVE-2004-1141 version (ethereal, fixed 0.10.8)
CVE-2004-1140 version (ethereal, fixed 0.10.8)
CVE-2004-1139 version (ethereal, fixed 0.10.8)
CVE-2004-1138 version (vim, fixed 6.3)
CVE-2004-1137 version (kernel, fixed 2.6.10)
CVE-2004-1125 version (kdegraphics, not 3.4)
CVE-2004-1125 version (tetex, at least 3.0)
CVE-2004-1125 version (xpdf, fixed 3.0.1)
CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14)
CVE-2004-1093 version (mc, fixed 4.6.0)
CVE-2004-1092 version (mc, fixed 4.6.0)
CVE-2004-1091 version (mc, fixed 4.6.0)
CVE-2004-1090 version (mc, fixed 4.6.0)
**CVE-2004-1079 backport (ncpfs) from srpm
CVE-2004-1074 version (kernel, fixed 2.6.10)
CVE-2004-1073 version (kernel, fixed 2.6.10)
CVE-2004-1072 version (kernel, fixed 2.6.10)
CVE-2004-1071 version (kernel, fixed 2.6.10)
CVE-2004-1070 version (kernel, fixed 2.6.10)
CVE-2004-1069 version (kernel, fixed 2.6.10)
CVE-2004-1068 version (kernel, fixed 2.6.10)
CVE-2004-1065 version (php, fixed after 5.0.2)
CVE-2004-1064 version (php, fixed after 5.0.2)
CVE-2004-1063 version (php, fixed after 5.0.2)
CVE-2004-1060 version (kernel, all verifies sequence number)
CVE-2004-1058 version (kernel, fixed 2.6.9)
CVE-2004-1057 version (kernel, fixed 2.6.10)
CVE-2004-1056 version (kernel, fixed 2.6.10)
CVE-2004-1051 version (sudo, fixed 1.6.8p2)
CVE-2004-1036 version (squirrelmail, fixed 1.4.4)
CVE-2004-1026 backport (imlib) imlib-1.9.14-bounds.patch
CVE-2004-1025 backport (imlib) imlib-1.9.14-bounds.patch
CVE-2004-1020 version (php, fixed after 5.0.2)
CVE-2004-1019 version (php, fixed after 5.0.2)
CVE-2004-1018 version (php, fixed after 5.0.2)
CVE-2004-1017 version (kernel, fixed 2.6.10)
CVE-2004-1016 version (kernel, fixed 2.6.10)
CVE-2004-1014 version (nfs-utils, fixed 1.0.7)
CVE-2004-1009 version (mc, fixed 4.6.0)
CVE-2004-1006 version (dhcp, not 3)
CVE-2004-1005 version (mc, fixed 4.6.0)
CVE-2004-1004 version (mc, fixed 4.6.0)
CVE-2004-1002 ignore (ppp) not a security issue
CVE-2004-0996 backport (cscope, not fixed in 15.5)
CVE-2004-0990 version (gd, fixed 2.0.29)
CVE-2004-0989 version (libxml2, fixed 2.6.15)
CVE-2004-0986 version (iptables, fixed 1.2.12)
CVE-2004-0983 version (ruby, fixed 1.8.2)
CVE-2004-0981 version (ImageMagick, fixed 6.1.0)
CVE-2004-0977 version (postgresql, fixed after 7.4.6)
**CVE-2004-0976 backport (perl) [since FEDORA-2005-1077]
CVE-2004-0975 backport (openssl097a, fixed 0.9.7f) from srpm
CVE-2004-0975 version (openssl, not 0.9.8)
CVE-2004-0974 version (netatalk, fixed 2.0.1)
CVE-2004-0972 version (lvm2, fixed 2.2.01.8 at least)
**CVE-2004-0971 backport (krb5, see bug 136307) fixed by patch in SRPM
CVE-2004-0970 version (gzip)
CVE-2004-0969 version (groff, fixed 1.18.1.1)
CVE-2004-0968 version (glibc, fixed in 2.3.5 at least)
**CVE-2004-0967 backport (ghostscript) srpm
CVE-2004-0966 version (gettext, fixed in 0.14.3 at least)
CVE-2004-0961 version (freeradius, fixed 1.0.1)
CVE-2004-0960 version (freeradius, fixed 1.0.1)
CVE-2004-0959 version (php, fixed 4.3.9)
CVE-2004-0958 version (php, fixed 4.3.9)
CVE-2004-0957 version (mysql, fixed 4.0.21)
CVE-2004-0956 version (mysql, fixed 4.0.20)
CVE-2004-0883 version (kernel, fixed 2.6.11)
CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6)
CVE-2004-0942 version (httpd, fixed 2.0.53)
CVE-2004-0941 version (gd, fixed 2.0.22)
CVE-2004-0940 version (httpd, not 2.0)
CVE-2004-0938 version (freeradius, fixed 1.0.1)
CVE-2004-0930 version (samba, fixed 3.0.8)
CVE-2004-0929 verison (libtiff, fixed 3.7.0)
CVE-2004-0923 version (cups, fixed 1.2.22)
CVE-2004-0918 version (squid, fixed 2.4.STABLE7)
CVE-2004-0914 version (xorg-x11, fixed after 6.8.1)
CVE-2004-0909 version (mozilla, thunderbird, firefox)
CVE-2004-0908 version (mozilla, fixed 1.7.3)
CVE-2004-0907 version (mozilla, thunderbird, firefox)
CVE-2004-0906 version (mozilla, thunderbird, firefox)
CVE-2004-0905 version (mozilla, fixed 1.7.3)
CVE-2004-0904 version (mozilla, fixed 1.7.3)
CVE-2004-0903 version (mozilla, fixed 1.7.3)
CVE-2004-0902 version (mozilla, fixed 1.7.3)
CVE-2004-0891 version (gaim, fixed 1.0.2)
CVE-2004-0889 version (xpdf, fixed 3.0.1)
CVE-2004-0888 version (kpdegraphics, not 3.4)
CVE-2004-0888 version (tetex, fixed 3.0)
**CVE-2004-0888 backport (cups) patch in SRPM
CVE-2004-0888 version (xpdf, fixed 3.0.1)
CVE-2004-0887 version (kernel, fixed 2.6.10)
CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109)
CVE-2004-0886 version (libtiff, fixed 3.7.1 at least)
CVE-2004-0885 version (httpd, fixed after 2.0.52)
CVE-2004-0884 version (cyrus-sasl, fixed 2.1.20)
CVE-2004-0883 version (kernel, fixed 2.6.11)
CVE-2004-0882 version (samba, fixed 3.0.8)
CVE-2004-0871 ignore (mozilla, unfixed upstream with no patch)
CVE-2004-0870 ignore (kde) upstream won't fix
CVE-2004-0867 version (firefox, after 0.9.2)
CVE-2004-0837 version (mysql, fixed 4.0.21)
CVE-2004-0836 version (mysql, fixed 4.0.21)
CVE-2004-0835 version (mysql, fixed 4.1.2)
CVE-2004-0832 version (squid, fixed 2.5.STABLE7)
CVE-2004-0829 version (samba, fixed 2.2.11)
CVE-2004-0827 version (ImageMagick, fixed 6.0.6.2)
CVE-2004-0823 version (openldap, fixed after 2.1.19)
CVE-2004-0817 version (imlib, fixed at least by 2.1.20)
CVE-2004-0816 version (kernel, fixed 2.6.8)
CVE-2004-0815 version (samba, fixed 3.0.2a)
CVE-2004-0814 version (kernel, fixed 2.6.9)
CVE-2004-0813 version (kernel, fixed 2.6.8)
CVE-2004-0812 version (kernel, not 2.6)
CVE-2004-0811 version (httpd, fixed 2.0.52)
CVE-2004-0809 version (httpd, fixed 2.0.51)
CVE-2004-0808 version (samba, fixed 3.0.7)
CVE-2004-0807 version (samba, fixed 3.0.7)
CVE-2004-0806 version (cdrtools, fixed 2.0.1)
CVE-2004-0804 version (kdegraphics)
CVE-2004-0804 version (libtiff, fixed after 3.6.1)
CVE-2004-0803 version (kdegraphics)
CVE-2004-0803 version (libtiff, fixed after 3.6.1)
CVE-2004-0802 version (imlib, fixed 1.1.2)
CVE-2004-0801 version (foomatic, fixed 3.0.2)
CVE-2004-0797 version (zlib, fixed in 1.2.2.2 at least)
CVE-2004-0796 version (spamassassin, fixed 2.64)
CVE-2004-0792 version (rsync, fixed 2.6.3)
CVE-2004-0791 version (kernel, fixed 2.6.9)
CVE-2004-0790 version (doesn't affect linux 2.4, 2.6)
CVE-2004-0797 version (zlib)
CVE-2004-0788 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0788 version (gtk2, fixed 2.6.7 at least by inspection)
CVE-2004-0786 version (apr-util, fixed 2.0.51)
CVE-2004-0785 version (gaim, fixed 0.82)
CVE-2004-0784 version (gaim, fixed 0.82)
CVE-2004-0783 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0783 version (gtk2, fixed 2.6.7 at least by inspection)
CVE-2004-0782 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0782 version (gtk2, fixed 2.6.7 at least by inspection)
CVE-2004-0779 version (mozilla, firefox, thunderbird)
CVE-2004-0778 version (cvs, fixed 1.11.17)
CVE-2004-0772 version (krb5, fixed after 1.2.8)
CVE-2004-0771 backport (lha, changelog)
CVE-2004-0769 backport (lha, changelog)
CVE-2004-0768 version (libpng, fixed 1.2.6)
CVE-2004-0765 version (mozilla, fixed 1.7)
CVE-2004-0764 version (mozilla, fixed 1.7)
CVE-2004-0763 version (mozilla, fixed 1.7.2)
CVE-2004-0762 version (mozilla, fixed 1.7)
CVE-2004-0761 version (mozilla, fixed 1.7)
CVE-2004-0760 version (mozilla, fixed 1.7.2)
CVE-2004-0759 version (mozilla, fixed 1.7)
CVE-2004-0758 version (mozilla, fixed 1.7.2)
CVE-2004-0757 version (mozilla, fixed 1.7)
CVE-2004-0755 version (ruby, fixed 1.8.1)
CVE-2004-0754 version (gaim, fixed 0.82)
CVE-2004-0753 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0753 version (gtk2, fixed after 2.2.4)
CVE-2004-0752 version (openoffice.org, fixed after 1.1.2)
CVE-2004-0751 version (httpd, fixed 2.0.51)
CVE-2004-0750 version (system-config-nfs, fixed 1.0.13)
CVE-2004-0749 version (subversion, fixed 1.0.8)
CVE-2004-0748 version (httpd, fixed 2.0.51)
CVE-2004-0747 version (httpd, fixed 2.0.51)
CVE-2004-0746 version (kde, fixed 3.3)
CVE-2004-0745 backport (lha, changelog)
CVE-2004-0722 version (mozilla, fixed 1.7)
CVE-2004-0721 version (kdelibs, fixed 3.3)
CVE-2004-0718 version (mozilla, fixed 1.7)
CVE-2004-0700 version (httpd, not 2.0)
CVE-2004-0694 backport (lha, changelog)
CVE-2004-0693 version (qt, fixed 3.3.3)
CVE-2004-0692 version (qt, fixed 3.3.3)
CVE-2004-0691 version (gdk-pixbuf; qt, fixed 3.3.3)
CVE-2004-0690 version (kdelibs, fixed after 3.2.3)
CVE-2004-0689 version (kdelibs, fixed 3.3.0)
CVE-2004-0688 version (openmotif)
CVE-2004-0687 version (openmotif)
CVE-2004-0686 version (samba, fixed 3.0.6)
CVE-2004-0685 version (kernel, not 2.6)
CVE-2004-0658 ignore (kernel) not a security issue
CVE-2004-0648 version (mozilla, firefox, thunderbird)
CVE-2004-0644 version (krb5, fixed after 1.3.4)
CVE-2004-0643 version (krb5, fixed after 1.3.1)
CVE-2004-0642 version (krb5, fixed after 1.3.4)
CVE-2004-0639 version (squirrelmail, fixed after 1.2.10)
CVE-2004-0635 version (ethereal, fixed 0.10.5)
CVE-2004-0634 version (ethereal, fixed 0.10.5)
CVE-2004-0633 version (ethereal, fixed 0.10.5)
CVE-2004-0628 version (mysql, fixed 4.1.3)
CVE-2004-0627 version (mysql, fixed 4.1.3)
CVE-2004-0626 version (kernel, fixed 2.6.8)
CVE-2004-0619 version (kernel, no driver)
CVE-2004-0607 version (racoon, note RHSA-2004:308 has wrong text)
CVE-2004-0603 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch
CVE-2004-0600 version (samba, fixed 3.0.6)
CVE-2004-0599 version (mozilla, fixed 1.7.2)
CVE-2004-0599 version (libpng10, fixed 1.0.16)
CVE-2004-0599 version (libpng, fixed 1.2.6)
CVE-2004-0598 version (libpng10, fixed 1.0.16)
CVE-2004-0598 version (libpng, fixed 1.2.6)
CVE-2004-0597 version (mozilla, fixed 1.7.2)
CVE-2004-0597 version (libpng10, fixed 1.0.16)
CVE-2004-0597 version (libpng, fixed 1.2.6)
CVE-2004-0595 version (php, fixed 4.3.8)
CVE-2004-0594 version (php, fixed 4.3.8)
CVE-2005-0590 version (openswan, fixed 2.1.4)
CVE-2004-0587 version (kernel, not upstream flaw)
CVE-2004-0558 version (cups, fixed 1.1.21)
CVE-2004-0557 version (sox, fixed after 12.17.4)
CVE-2005-0565 version (kernel, not 2.6)
CVE-2004-0554 version (kernel, fixed 2.6.7)
CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue
CVE-2004-0547 version (postgresql, fixed 7.2.1)
CVE-2004-0541 version (squid)
CVE-2004-0535 version (kernel, fixed 2.6.6)
CVE-2004-0527 version (konqueror, not 3+)
CVE-2004-0523 version (krb5, fixed 1.3.4)
CVE-2004-0521 version (squirrelmail, fixed 1.4.3a)
CVE-2004-0520 version (squirrelmail, fixed 1.4.3a)
CVE-2004-0519 version (squirrelmail, fixed 1.4.3a)
CVE-2004-0507 version (ethereal, fixed 0.10.4)
CVE-2004-0506 version (ethereal, fixed 0.10.4)
CVE-2004-0505 version (ethereal, fixed 0.10.4)
CVE-2004-0504 version (ethereal, fixed 0.10.4)
CVE-2004-0500 version (gaim, fixed 0.82)
CVE-2004-0497 version (kernel, fixed 2.6.8)
CVE-2004-0496 version (kernel, fixed 2.6.8)
CVE-2004-0495 version (kernel, fixed 2.6.8)
CVE-2004-0494 version (mc, fixed 4.6.1)
CVE-2004-0493 version (httpd, fixed 2.0.50)
CVE-2004-0492 version (httpd, not 2.0)
CVE-2004-0491 version (kernel, not upstream)
CVE-2004-0488 version (httpd, fixed 2.0.50)
CVE-2004-0461 version (dhcp, fixed after 3.0.1rc13)
CVE-2004-0460 version (dhcp, fixed after 3.0.1rc13)
CVE-2004-0478 ignore (mozilla) not a security issue
CVE-2004-0457 version (mysql, fixed after 4.0.20)
**CVE-2004-0452 backport (perl, not 5.8.6)
CVE-2004-0447 version (kernel, fixed 2.6.5)
CVE-2004-0427 version (kernel, fixed 2.6.6)
CVE-2004-0426 version (rsync, fixed 2.6.1)
CVE-2004-0424 version (kernel, fixed 2.6.4)
CVE-2004-0421 version (libpng10, fixed 1.0.16)
CVE-2004-0421 version (libpng, fixed 1.0.16)
CVE-2004-0419 version (xorg-x11, fixed 6.8.2 at least)
CVE-2004-0418 version (cvs, fixed 1.11.17)
CVE-2004-0417 version (cvs, fixed 1.11.17)
CVE-2004-0416 version (cvs, fixed 1.11.17)
CVE-2004-0415 version (kernel, fixed 2.6.8)
CVE-2004-0414 version (cvs, fixed 1.11.17)
CVE-2004-0413 version (subversion, fixed 1.0.5)
CVE-2004-0412 version (mailman, fixed 2.1.5)
CVE-2004-0411 version (kdelibs, fixed 3.3)
CVE-2004-0409 version (xchat, fixed after 2.0.8)
CVE-2004-0405 version (cvs, fixed 1.11)
CVE-2004-0403 version (racoon, fixed 20040408a)
CVE-2004-0398 version (neon, fixed 0.24.6)
CVE-2004-0397 version (subversion, fixed 1.0.1)
CVE-2004-0396 version (cvs, fixed 1.12.8)
CVE-2004-0394 version (kernel, not 2.6 and not a vuln)
CVE-2004-0392 version (racoon, fixed 20040407b)
CVE-2004-0388 version (mysql, 4.1.11 is okay at least)
CVE-2004-0381 version (mysql, 4.1.11 is okay at least)
CVE-2004-0367 version (ethereal, fixed 0.10.3)
CVE-2004-0365 version (ethereal, fixed 0.10.3)
CVE-2004-0263 version (php, fixed 4.3.5)
CVE-2004-0256 version (libtool, fixed 1.5.2)
CVE-2004-0235 backport (lha, changelog)
CVE-2004-0234 backport (lha, changelog)
CVE-2004-0233 version (utempter, fixed 0.5.5)
CVE-2004-0232 version (mc, fixed 4.6.0)
CVE-2004-0231 version (mc, fixed 4.6.0)
CVE-2004-0229 version (kernel, fixed 2.6.6)
CVE-2004-0228 version (kernel, fixed 2.6.6)
CVE-2004-0226 version (mc, fixed 4.6.0)
CVE-2004-0191 version (mozilla, fixed 1.4.2)
CVE-2004-0189 version (squid, fixed 2.5.STABLE5)
CVE-2004-0186 version (samba, not 3.0.2a)
CVE-2004-0184 version (tcpdump, fixed 3.8.2)
CVE-2004-0183 version (tcpdump, fixed 3.8.2)
CVE-2004-0182 version (mailman, only affected Red Hat packages)
CVE-2004-0181 version (kernel, fixed 2.6.5)
CVE-2004-0180 version (cvs, fixed 1.11.15)
CVE-2004-0179 version (openoffice.org)
CVE-2004-0179 version (neon, fixed 0.24.5)
CVE-2004-0178 version (kernel, not 2.6)
CVE-2004-0177 version (kernel, fixed 2.6.6)
CVE-2004-0176 version (ethereal, fixed 0.10.3)
CVE-2004-0175 version (openssh, fixed 3.4p1)
**CVE-2004-0175 backport (krb5) [since FEDORA-2005-553]
CVE-2004-0174 version (httpd, fixed 2.0.49)
CVE-2004-0173 version (httpd, fixed 2.0.49)
CVE-2004-0164 version (racoon)
CVE-2004-0155 version (racoon)
CVE-2004-0154 version (nfs-utils, fixed 1.0.6)
CVE-2004-0150 version (python, fixed 2.2.2)
CVE-2004-0133 version (kernel, 2.6.4)
CVE-2004-0113 version (httpd, fixed 2.0.49)
CVE-2004-0112 backport (openssl097a, fixed 0.9.7d)
CVE-2004-0112 version (openssl, not 0.9.8)
CVE-2004-0111 version (gdk-pixbuf, fixed 0.20)
CVE-2004-0110 version (libxml2, fixed 2.6.6)
CVE-2004-0109 version (kernel, fixed 2.6.6)
CVE-2004-0108 version (sysstat)
CVE-2004-0107 version (sysstat, fixed after 4.0.7)
CVE-2004-0106 version (XFree86)
CVE-2004-0098 version (php)
CVE-2004-0097 version (pwlib, fixed 1.6.0)
CVE-2004-0096 version (mod_python, fixed after 2.7.9)
CVE-2004-0094 version (XFree86, fixed 4.3.0)
CVE-2004-0093 version (XFree86, fixed 4.3.0)
CVE-2004-0084 version (XFree86)
CVE-2004-0083 version (XFree86)
CVE-2004-0082 version (samba, fixed 3.0.2)
CVE-2004-0081 version (openssl097a, not 0.9.7)
CVE-2004-0081 version (openssl, not 0.9.8)
CVE-2004-0080 version (util-linux, fixed after 2.11f)
CVE-2004-0079 backport (openssl097a, fixed 0.9.7c)
CVE-2004-0079 version (openssl, not 0.9.8)
CVE-2004-0078 version (mutt, fixed 1.4.2)
CVE-2004-0077 version (kernel, fixed 2.6.3)
CVE-2004-0075 version (kernel, not 2.6)
CVE-2004-0057 version (tcpdump, fixed 3.8.2)
CVE-2004-0055 version (tcpdump, fixed 3.8.2)
CVE-2004-0042 ignore (vsftpd) disputed
CVE-2004-0010 version (kernel, not 2.6)
CVE-2004-0008 version (gaim, fixed 0.75)
CVE-2004-0007 version (gaim, fixed 0.75)
CVE-2004-0006 version (gaim, fixed 0.76)
CVE-2004-0005 version (gaim, fixed 0.76)
CVE-2004-0003 version (kernel, not 2.6)
CVE-2004-0001 version (kernel, not 2.6)
**CVE-2003-1265 VULNERABLE (firefox)
**CVE-2003-1265 VULNERABLE (mozilla)
CVE-2003-1232 version (emacs, fixed 21.3)
CVE-2003-1201 version (openldap, not 2.2)
CVE-2003-1161 version (kernel, not released version)
CVE-2003-1138 backport (httpd, Red Hat only) contains /+ now
CVE-2003-1029 version (tcpdump, fixed after 3.8.1)
CVE-2003-1023 version (mc, 4.6.1)
CVE-2003-1013 version (ethereal, fixed 0.10.0)
CVE-2003-1012 version (ethereal, fixed 0.10.0)
CVE-2003-0993 version (httpd, not 2.0)
CVE-2003-0992 version (mailman, fixed 2.1.3)
CVE-2003-0991 version (mailman, fixed 2.0.14)
CVE-2003-0990 version (squirrelmail, fixed after 1.4.0)
CVE-2003-0989 version (tcpdump, fixed 3.8.1)
CVE-2003-0988 version (kde, fixed 3.1.5)
CVE-2003-0992 version (mailman, fixed 2.1.4)
CVE-2003-0989 version (tcpdump, fixed 3.8.1)
CVE-2003-0988 version (kdepim, fixed 3.1.5)
CVE-2003-0987 version (httpd, not 2.0)
CVE-2003-0985 version (kernel, not 2.6)
CVE-2003-0984 version (kernel, fixed 2.4.23)
CVE-2003-0977 version (cvs, fixed 1.11.10)
CVE-2003-0973 version (mod_python, fixed 3.0.4)
CVE-2003-0972 version (screen, fixed after 4.0.1)
CVE-2003-0971 version (gnupg, fixed after 1.0.2)
CVE-2003-0968 version (freeradius, fixed after 0.9.3)
CVE-2003-0967 version (freeradius, fixed after 0.9.2)
CVE-2003-0965 version (mailman, fixed 2.1.4)
CVE-2003-0963 version (lftp, fixed after 2.6.9)
CVE-2003-0962 version (rsync, fixed 2.5.7)
CVE-2003-0961 version (kernel, fixed 2.4.23)
CVE-2003-0935 version (netsnmp, fixed 5.0.9)
CVE-2003-0927 version (ethereal, fixed 0.9.16)
CVE-2003-0926 version (ethereal, fixed 0.9.16)
CVE-2003-0925 version (ethereal, fixed 0.9.16)
CVE-2003-0924 version (netpbm, fixed 9.26)
CVE-2003-0914 version (bind, not 9)
CVE-2003-0901 version (postgresql, not 8)
CVE-2003-0900 version (perl, only 5.8.1)
CVE-2003-0865 version (tomcat, fixed after 4.0.3)
CVE-2003-0863 ignore (php, not a bug) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html
CVE-2003-0861 version (php, fixed 4.3.3)
CVE-2003-0860 version (php, fixed 4.3.3)
CVE-2003-0859 version (glibc, checked source)
CVE-2003-0858 version (quagga, fixed 0.95)
CVE-2003-0856 version (iproute)
CVE-2003-0854 version (coreutils, fixed 5.1.3)
CVE-2003-0853 version (coreutils, fixed 5.1.3)
CVE-2003-0851 version (openssl097a, not 0.9.7)
CVE-2003-0851 version (openssl, not 0.9.8)
CVE-2003-0795 version (quagga, fixed 0.96.4)
CVE-2003-0794 version (gdm, fixed 2.4.1.7)
CVE-2003-0793 version (gdm, fixed 2.4.1.7)
CVE-2003-0792 version (fetchmail, 6.2.4 only)
CVE-2003-0791 version (mozilla, not after 1.4)
CVE-2003-0789 version (httpd, fixed 2.0.48)
CVE-2003-0788 version (cups, fixed 1.1.19)
CVE-2003-0787 version (openssh, fixed 3.7.1p2)
CVE-2003-0786 version (openssh, fixed 3.7.1p2)
CVE-2003-0780 version (mysql, not 4.1)
CVE-2003-0778 version (sane-backends, fixed 1.0.10)
CVE-2003-0777 version (sane-backends, fixed 1.0.10)
CVE-2003-0776 version (sane-backends, fixed 1.0.10)
CVE-2003-0775 version (sane-backends, fixed 1.0.10)
CVE-2003-0774 version (sane-backends, fixed 1.0.10)
CVE-2003-0773 version (sane-backends, fixed 1.0.10)
CVE-2003-0743 version (exim, fixed 4.21)
CVE-2003-0740 version (stunnel, fixed 3.26)
CVE-2003-0730 version (xfree86, fixed after 4.3.0)
CVE-2003-0700 version (kernel, not 2.6)
CVE-2003-0699 version (kernel, not 2.6)
CVE-2003-0698 version (exim, fixed 4.21)
CVE-2003-0695 version (openssh, fixed 3.7.1)
CVE-2003-0694 version (sendmail, fixed 8.12.10)
CVE-2003-0693 version (openssh, fixed 3.7)
CVE-2003-0692 version (kde, fixed after 3.1.3)
CVE-2003-0690 version (kde, fixed after 3.1.3)
CVE-2003-0689 version (glibc, fixed at least in 2.3.2) by inspection
CVE-2003-0688 version (sendmail, fixed 8.12.9)
CVE-2003-0686 version (pam_smb, fixed 1.1.7)
CVE-2003-0682 version (openssh, fixed at least in 4.0p1) by inspection
CVE-2003-0681 version (sendmail, fixed 8.12.10)
CVE-2003-0655 version (cdrtools, fixed 2.01a18)
CVE-2003-0644 version (kdbg, not after 1.2.8)
CVE-2003-0643 version (kernel, not 2.6)
CVE-2003-0619 version (kernel, not 2.6)
CVE-2003-0618 version (suidperl, fixed at least 5.8.6) by inspection
CVE-2003-0594 version (mozilla, ICAT)
CVE-2003-0592 version (kde, fixed 3.1.3)
CVE-2003-0564 version (mozilla, ICAT)
CVE-2003-0555 ignore (ImageMagick) wasn't reproducable
CVE-2003-0552 version (kernel, not 2.6)
CVE-2003-0551 version (kernel, not 2.6)
CVE-2003-0550 version (kernel, not 2.6)
CVE-2003-0549 version (gdm, fixed 2.4.1.6)
CVE-2003-0548 version (gdm, fixed 2.4.1.6)
CVE-2003-0547 version (gdm, fixed 2.4.1.6)
CVE-2003-0546 version (up2date, fixed after 3.1.23)
CVE-2003-0545 backport (openssl097a, fixed 0.9.7c)
CVE-2003-0545 version (openssl, not 0.9.8)
CVE-2003-0544 backport (openssl097a, fixed 0.9.7c)
CVE-2003-0544 version (openssl, not 0.9.8)
CVE-2003-0543 backport (openssl097a, fixed 0.9.7c)
CVE-2003-0543 version (openssl, not 0.9.8)
CVE-2003-0542 version (httpd, fixed 2.0.48)
CVE-2003-0541 backport (gtkhtml, fixed 1.1.10) gtkhtml-1.1.9-textslave.patch
CVE-2003-0540 version (postfix, not 2.0 onwards)
CVE-2003-0517 version (mgetty, fixed 1.1.29)
CVE-2003-0516 version (mgetty, fixed 1.1.29)
CVE-2003-0501 version (kernel, fixed 2.6.1)
CVE-2003-0476 version (kernel, fixed 2.6.1)
CVE-2003-0468 version (postfix, fixed 1.1.12)
CVE-2003-0467 version (kernel, not 2.6)
CVE-2003-0465 version (kernel, not 2.6)
CVE-2003-0464 version (kernel, not 2.6)
CVE-2003-0462 version (kernel, fixed 2.6.1)
CVE-2003-0461 version (kernel, fixed 2.6.1)
CVE-2003-0459 version (kdelibs, not 3.2)
CVE-2003-0455 version (ImageMagick)
CVE-2003-0442 version (php, fixed 4.3.2)
CVE-2003-0434 version (xpdf, fixed 2.02pl1)
CVE-2003-0432 version (ethereal, fixed after 0.9.12)
CVE-2003-0431 version (ethereal, fixed after 0.9.12)
CVE-2003-0430 version (ethereal, fixed after 0.9.12)
CVE-2003-0429 version (ethereal, fixed after 0.9.12)
CVE-2003-0428 version (ethereal, fixed after 0.9.12)
CVE-2003-0427 backport (mikmod) [since FEDORA-2005-405]
CVE-2003-0418 version (kernel, not 2.6)
CVE-2003-0388 version (pam, fixed 0.78)
CVE-2003-0386 version (openssh, fixed after 3.6.1)
CVE-2003-0370 version (kde, fixed 3.0)
CVE-2003-0367 backport (gzip)
CVE-2003-0364 version (kernel, not 2.6)
CVE-2003-0357 version (ethereal, fixed after 0.9.11)
CVE-2003-0356 version (ethereal, fixed after 0.9.11)
CVE-2003-0354 version (ghostscript, fixed 7.07)
CVE-2003-0328 backport (epic, changelog)
CVE-2003-0300 ignore (sylpheed) only a crasher
CVE-2003-0299 ignmore (mutt) only a crasher
CVE-2003-0298 version (mozilla, fixed after 1.4a)
CVE-2003-0296 version (evolution, fixed at least in 1.4.5)
CVE-2003-0289 version (cdrtools, fixed 2.01a14)
CVE-2003-0282 version (unzip, fixed 5.51)
CVE-2003-0255 version (gnupg, fixed 1.2.2)
CVE-2003-0245 version (httpd, fixed 2.0.47)
CVE-2003-0253 version (httpd, fixed 2.0.47)
CVE-2003-0252 version (nfs-utils, fixed 1.0.4)
CVE-2003-0251 version (ypserv, fixed 2.7)
CVE-2003-0248 version (kernel, not 2.6)
CVE-2003-0247 version (kernel, not 2.6)
CVE-2003-0246 version (kernel, not 2.6)
CVE-2003-0245 version (httpd, fixed 2.0.46)
CVE-2003-0244 version (kernel, not 2.6)
CVE-2003-0211 version (xinetd, fixed 2.3.11)
CVE-2003-0204 version (kde, fixed after 3.1.1)
CVE-2003-0201 version (samba, fixed 2.2.8a)
CVE-2003-0196 version (samba, fixed 2.2.8a)
CVE-2003-0195 version (cups, fixed 1.1.19)
CVE-2003-0194 version (tcpdump, not upstream)
CVE-2003-0192 version (httpd, fixed 2.0.47)
CVE-2003-0190 version (openssh, fixed 3.6.1p1)
CVE-2003-0189 version (httpd, fixed 2.0.46)
CVE-2003-0188 version (lv, fixed 4.51 at least) by inspection
CVE-2003-0187 version (kernel, not 2.6)
CVE-2003-0167 version (mutt, fixed 1.4.1)
CVE-2003-0166 version (php, fixed 4.3.2)
CVE-2003-0165 version (eog, fixed 2.2.2)
CVE-2003-0161 version (sendmail, fixed 8.12.9)
CVE-2003-0160 version (squirrelmail, fixed 1.2.11)
CVE-2003-0159 version (ethereal, fixed after 0.9.9)
CVE-2003-0150 version (mysql, fixed 3.23.56)
CVE-2003-0147 backport (openssl097a, fixed 0.9.7b)
CVE-2003-0147 version (openssl, not 0.9.8)
CVE-2003-0146 version (netpbm, fixed 10.18)
CVE-2003-0145 version (tcpdump, fixed 3.7.2)
CVE-2003-0140 version (mutt, fixed 1.4.1)
CVE-2003-0139 version (krb5, fixed 1.3)
CVE-2003-0138 version (krb5, fixed 1.3)
CVE-2003-0135 version (vsftpd, not upstream)
CVE-2003-0133 version (evolution, fixed 1.2.4)
CVE-2003-0132 version (httpd, fixed 2.0.45)
CVE-2003-0131 backport (openssl097a, fixed 0.9.7b)
CVE-2003-0131 version (openssl, not 0.9.8)
CVE-2003-0130 version (evolution, fixed 1.2.3)
CVE-2003-0129 version (evolution, fixed 1.2.3)
CVE-2003-0128 version (evolution, fixed 1.2.3)
CVE-2003-0127 version (kernel, not 2.6)
CVE-2003-0124 version (man, fixed 1.5l)
CVE-2003-0108 version (tcpdump, fixed after 3.7.1)
CVE-2003-0107 version (zlib, fixed 1.2.0.2 at least) changelog
CVE-2003-0102 version (file, fixed 3.41)
CVE-2003-0097 version (php, fixed 4.3.1)
CVE-2003-0093 version (tcpdump, fixed 3.7.2)
CVE-2003-0086 version (samba, fixed 2.2.8)
CVE-2003-0085 version (samba, fixed 2.2.8)
CVE-2003-0083 version (httpd, fixed 2.0.46)
CVE-2003-0082 version (krb5, fixed after 1.2.7)
CVE-2003-0081 version (ethereal, fixed after 0.9.9)
CVE-2003-0078 version (openssl097a, fixed 0.9.7a)
CVE-2003-0078 version (openssl, not 0.9.8)
CVE-2003-0073 version (mysql, fixed 3.23.55)
CVE-2003-0072 version (krb5, fixed after 1.2.7)
CVE-2003-0071 version (xorg-x11, fixed in 6.8.2 at least) by inspection
CVE-2003-0070 version (vte, fixed 0.11.1 at least) by inspection
CVE-2003-0063 version (xorg-x11, fixed at least in 4.2.99)
CVE-2003-0060 version (krb5, fixed 1.2.5)
CVE-2003-0059 version (krb5, fixed 1.2.5)
CVE-2003-0058 version (krb5, fixed 1.2.5)
CVE-2003-0044 version (tomcat, fixed after 3.3.1a)
CVE-2003-0043 version (tomcat, fixed 3.3.1a)
CVE-2003-0041 version (krb5, fixed after 1.2.7)
CVE-2003-0038 version (mailman, fixed 2.0.13 at least)
CVE-2003-0028 version (glibc, fixed after 2.3.1)
CVE-2003-0028 version (krb5, fixed after 1.2.7)
CVE-2003-0026 version (dhcpd, fixed 3.0.1)
CVE-2003-0020 version (httpd, fixed 2.0.49)
CVE-2003-0019 version (kernel-utils, not upstream)
CVE-2003-0018 version (kernel, not 2.6)
CVE-2003-0017 version (httpd, fixed 2.0.44)
CVE-2003-0016 version (httpd, fixed 2.0.44)
CVE-2003-0015 version (cvs, fixed 1.11.5)
CVE-2003-0001 version (kernel, not 2.6)
older, happened to deal with at same time:
CVE-2002-2204 ignore (rpm) by design
CVE-2002-2196 version (samba, fixed 2.2.5)
CVE-2002-2103 version (apache, not 2.0)
CVE-2002-1963 version (kernel, not 2.6)
CVE-2002-1976 ignore (ifconfig) "use ip"
CVE-2002-1914 version (dump, fixed 0.4b29)
CVE-2002-1850 version (mod_cgi, fixed 2.0.41)
CVE-2002-1827 version (sendmail, fixed after 8.12.3)
**CVE-2002-1814 ignore (bonobo) not shipped setuid
CVE-2002-1793 version (mod_ssl), also only hp
CVE-2002-1783 version (php, fixed after 4.2.3)
CVE-2002-1765 version (evolution, fixed 1.0.5)
CVE-2002-1510 version (XFree86, fixed 4.2.0)
CVE-2002-1472 version (XFree86, fixed 4.2.1)
CVE-2002-1363 version (libpng, fixed 1.2.6)
CVE-2002-0517 version (XFree86, didn't affect Linux)
CVE-2002-0164 version (XFree86, fixed 4.2.1)
CVE-2001-1490 version (mozilla, fixed 1.0.0)
CVE-2001-1494 version (util-linux, fixed 2.11n)
CVE-2001-0955 version (XFree86, fixed 4.2.0)
**CVE-1999-1572 backport (cpio) from srpm
- Previous message (by thread): rpms/perl-Pod-Simple/devel .cvsignore, 1.2, 1.3 perl-Pod-Simple.spec, 1.6, 1.7 sources, 1.2, 1.3
- Next message (by thread): rpms/mod_security/FC-3 .cvsignore, 1.2, 1.3 mod_security.spec, 1.6, 1.7 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list