fedora-security/audit fc5,1.1,1.2
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Tue Nov 22 13:32:34 UTC 2005
- Previous message (by thread): rpms/mod_security/FC-3 .cvsignore, 1.2, 1.3 mod_security.spec, 1.6, 1.7 sources, 1.2, 1.3
- Next message (by thread): rpms/perl-Test-WWW-Mechanize/FC-3 .cvsignore, 1.2, 1.3 perl-Test-WWW-Mechanize.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10823
Modified Files:
fc5
Log Message:
Deal with more fc5 audit work, pick some of the easier srpms and have a look inside
to verify what was fixed and when
Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fc5 22 Nov 2005 11:39:29 -0000 1.1
+++ fc5 22 Nov 2005 13:32:29 -0000 1.2
@@ -7,15 +7,15 @@
and httpd
3. Looked at those marked backport where we ship a newer version, manually
looked at rest marked backport
-[todo: finish this, 93 CVE left]
+[todo: finish this, 78 CVE left]
[todo: CVE from new packages added to FC5]
[todo: file bugs for anything vulnerable]
** are items that need attention
CVE-2005-3582 version (ImageMagick) gentoo only
-**CVE-2005-3675 ** kernel (optack)
-**CVE-2005-3671 VULNERABLE (openswan, fixed 2.4.4)
+CVE-2005-3675 VULNERABLE (kernel) optack
+CVE-2005-3671 VULNERABLE (openswan, fixed 2.4.4)
**CVE-2005-3573 VULNERABLE (mailman)
CVE-2005-3527 version (kernel, fixed 2.6.14 at least)
CVE-2005-3402 ignore (thunderbird) mozilla say by design
@@ -36,7 +36,7 @@
CVE-2005-3272 version (kernel, fixed 2.6.13)
CVE-2005-3271 version (kernel, fixed 2.6.9)
CVE-2005-3258 version (squid, fixed 2.5STABLE12)
-**CVE-2005-3257 VULNERABLE (kernel)
+CVE-2005-3257 backport (kernel, fixed 2.6.15-rc1) patch-2.6.15-rc1.bz2
CVE-2005-3249 version (ethereal, fixed 0.10.13)
CVE-2005-3248 version (ethereal, fixed 0.10.13)
CVE-2005-3247 version (ethereal, fixed 0.10.13)
@@ -56,7 +56,7 @@
CVE-2005-3180 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3179 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3164 version (tomcat, not 5)
-**CVE-2005-3120 backport (lynx)
+CVE-2005-3120 backport (lynx)
CVE-2005-3119 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3110 version (kernel, fixed 2.6.12)
CVE-2005-3109 version (kernel, fixed 2.6.12)
@@ -65,12 +65,12 @@
CVE-2005-3106 version (kernel, fixed 2.6.11)
CVE-2005-3105 version (kernel, fixed 2.6.12)
CVE-2005-3089 version (firefox, fixed 1.0.7)
-**CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped
+CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped
CVE-2005-3055 version (kernel, fixed 2.6.14 at least)
CVE-2005-3054 ignore (php) see bz#169857
CVE-2005-3053 version (kernel)
CVE-2005-3044 version (kernel, fixed 2.6.13.2)
-**CVE-2005-3011 backport (texinfo)
+CVE-2005-3011 backport (texinfo)
CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
CVE-2005-2978 version (netpbm, fixed 10.25)
**CVE-2005-2977 backport (pam)
@@ -87,11 +87,11 @@
CVE-2005-2959 ignore (sudo) not a vulnerability
CVE-2005-2946 version (openssl, fixed 0.9.8)
**CVE-2005-2933 VULNERABLE (uw-imap) bz#171345
-**CVE-2005-2929 backport (lynx)
+CVE-2005-2929 backport (lynx)
CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
**CVE-2005-2876 backport (util-linux)
CVE-2005-2874 version (cups, fixed 1.1.23)
-**CVE-2005-2873 VULNERABLE (kernel) not upstream fixed
+CVE-2005-2873 VULNERABLE (kernel) not upstream fixed
CVE-2005-2872 version (kernel, fixed 2.6.12)
CVE-2005-2871 version (firefox, fixed 1.0.7)
CVE-2005-2871 version (mozilla, fixed 1.7.12)
@@ -128,7 +128,7 @@
CVE-2005-2701 version (mozilla, fixed 1.7.12)
CVE-2005-2700 backport (httpd, fixed 2.0.55)
**CVE-2005-2693 backport (cvs) [since FEDORA-2005-790]
-**CVE-2005-2672 backport (lm_sensors) [since FEDORA-2005-1053]
+CVE-2005-2672 backport (lm_sensors)
**CVE-2005-2666 VULNERABLE (openssh) see bz#162681
CVE-2005-2642 version (mutt, openbsd only)
**CVE-2005-2641 VULNERABLE (pam_ldap) bz#166164
@@ -156,7 +156,7 @@
CVE-2005-2491 ignore (php, pcre uses system pcre)
CVE-2005-2492 version (kernel, fixed 2.6.13.1)
CVE-2005-2490 version (kernel, fixed 2.6.13.1)
-**CVE-2005-2475 VULNERABLE (unzip) bz#164928
+CVE-2005-2475 backport (unzip)
**CVE-2005-2471 backport (netpbm) [since FEDORA-2005-728]
CVE-2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible
CVE-2005-2458 version (kernel, fixed 2.6.12.5)
@@ -181,7 +181,7 @@
CVE-2005-2360 version (ethereal, fixed 0.10.12)
CVE-2005-2353 ignore (thunderbird) debug mode only
CVE-2005-2337 version (ruby, fixed 1.8.3)
-**CVE-2005-2335 backport (fetchmail) [since FEDORA-2005-613]
+CVE-2005-2335 version (fetchmail, fixed 6.2.5.1)
CVE-2005-2270 version (firefox, fixed 1.0.5)
CVE-2005-2270 version (mozilla, fixed 1.7.9)
CVE-2005-2270 version (thunderbird, fixed 1.0.5)
@@ -217,7 +217,7 @@
CVE-2005-2100 version (kernel, not upstream) only RHEL4
CVE-2005-2099 version (kernel, fixed 2.6.12.5)
CVE-2005-2098 version (kernel, fixed 2.6.12.5)
-**CVE-2005-2097 backport (cups) [since FEDORA-2005-732]
+CVE-2005-2097 backport (cups)
CVE-2005-2097 version (xpdf, fixed 3.0.1)
**CVE-2005-2096 backport (zlib) [since FEDORA-2005-523]
**CVE-2005-2096 backport (rpm) [since FEDORA-2005-565]
@@ -388,7 +388,7 @@
CVE-2005-0627 version (qt, fixed 3.3.4)
CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
**CVE-2005-0605 backport (xorg-x11) ...-fix-CAN-2005-0605.patch
-**CVE-2005-0602 VULNERABLE (unzip, fixed 5.52) not in srpm
+CVE-2005-0602 VULNERABLE (unzip, fixed 5.52)
CVE-2005-0596 version (php, fixed 5.0)
CVE-2005-0593 version (firefox, mozilla)
CVE-2005-0592 version (firefox, mozilla)
@@ -518,7 +518,7 @@
**CVE-2005-0069 backport (vim) in vim-6.3-tmpfile.patch
CVE-2005-0064 version (tetex, fixed 3.0)
CVE-2005-0064 version (kpdf, not 3.4)
-**CVE-2005-0064 backport (cups) patch in SRPM
+CVE-2005-0064 backport (cups)
CVE-2005-0064 version (xpdf, fixed 3.0.1)
CVE-2005-0039 ignore (not a vulnerability) don't do this says the rfc
CVE-2005-0034 version (bind, fixed after 9.3.0)
@@ -718,7 +718,7 @@
CVE-2004-0889 version (xpdf, fixed 3.0.1)
CVE-2004-0888 version (kpdegraphics, not 3.4)
CVE-2004-0888 version (tetex, fixed 3.0)
-**CVE-2004-0888 backport (cups) patch in SRPM
+CVE-2004-0888 backport (cups)
CVE-2004-0888 version (xpdf, fixed 3.0.1)
CVE-2004-0887 version (kernel, fixed 2.6.10)
CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109)
- Previous message (by thread): rpms/mod_security/FC-3 .cvsignore, 1.2, 1.3 mod_security.spec, 1.6, 1.7 sources, 1.2, 1.3
- Next message (by thread): rpms/perl-Test-WWW-Mechanize/FC-3 .cvsignore, 1.2, 1.3 perl-Test-WWW-Mechanize.spec, 1.1, 1.2 sources, 1.2, 1.3
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list