fedora-security/audit fc5,1.3,1.4
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Wed Nov 23 12:20:54 UTC 2005
- Previous message (by thread): rpms/syslog-ng/devel .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 syslog-ng.spec, 1.6, 1.7
- Next message (by thread): rpms/bittorrent/devel bittorrent.spec, 1.30, 1.31 sources, 1.13, 1.14 .cvsignore, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22141
Modified Files:
fc5
Log Message:
Pick off some more backports to investigate.
Make this file more consistent, splitting moz/ff/thunderbird issues
and getting wording for "at least" consistent
Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- fc5 23 Nov 2005 09:57:02 -0000 1.3
+++ fc5 23 Nov 2005 12:20:52 -0000 1.4
@@ -7,7 +7,7 @@
and httpd
3. Looked at those marked backport where we ship a newer version, manually
looked at rest marked backport
-[todo: finish this, 58 CVE left]
+[todo: finish this, 32 CVE left]
[todo: CVE from new packages added to FC5]
[todo: file bugs for anything vulnerable]
@@ -30,7 +30,7 @@
**CVE-2005-3388 backport (php)
CVE-2005-3353 version (php, not 5.0)
CVE-2005-3351 version (spamassassin, fixed 3.1.0)
-CVE-2005-3322 version (squid, not upstream) SUSE only
+CVE-2005-3322 version (squid) not upstream, SUSE only
CVE-2005-3319 ignore (mod_php) no security consequence
CVE-2005-3313 backport (ethereal, fixed after 0.10.13)
CVE-2005-3276 version (kernel, fixed 2.6.12.4)
@@ -80,7 +80,7 @@
CVE-2005-2976 backport (gdk-pixbuf)
CVE-2005-2975 backport (gdk-pixbuf)
**CVE-2005-2975 backport (gtk2)
-CVE-2005-2973 version (kernel, 2.6.14 at least)
+CVE-2005-2973 version (kernel, fixed 2.6.14 at least)
CVE-2005-2970 VULNERABLE (httpd, fixed 2.0.55)
CVE-2005-2969 version (openssl, fixed 0.9.8a)
CVE-2005-2969 backport (openssl097a, fixed 0.9.7h)
@@ -94,12 +94,12 @@
CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
CVE-2005-2874 version (cups, fixed 1.1.23)
-CVE-2005-2873 VULNERABLE (kernel) not upstream fixed
+CVE-2005-2873 VULNERABLE (kernel) not fixed upstream
CVE-2005-2872 version (kernel, fixed 2.6.12)
CVE-2005-2871 version (firefox, fixed 1.0.7)
CVE-2005-2871 version (mozilla, fixed 1.7.12)
CVE-2005-2871 version (thunderbird)
-CVE-2005-2811 version (net-snmp, not upstream) gentoo only
+CVE-2005-2811 version (net-snmp) not upstream, gentoo only
CVE-2005-2801 version (kernel, fixed 2.6.11)
CVE-2005-2800 version (kernel, fixed 2.6.12.6)
CVE-2005-2798 version (openssh, fixed 4.2)
@@ -133,7 +133,7 @@
CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch
CVE-2005-2672 backport (lm_sensors)
**CVE-2005-2666 VULNERABLE (openssh) see bz#162681
-CVE-2005-2642 version (mutt, openbsd only)
+CVE-2005-2642 version (mutt) openbsd only
**CVE-2005-2641 VULNERABLE (pam_ldap) bz#166164
CVE-2005-2629 version (HelixPlayer, fixed 1.0.6)
CVE-2005-2617 version (kernel, fixed 2.6.12.5)
@@ -149,14 +149,14 @@
CVE-2005-2547 version (bluez-pin, fixed 2.19) not before 2.16
CVE-2005-2541 ignore (tar) is documented behaviour
CVE-2005-2500 version (kernel, fixed 2.6.13)
-CVE-2005-2498 version (php xml_rpc, fixed 1.4.0)
+CVE-2005-2498 version (php, fixed xml_rpc:1.4.0)
CVE-2005-2496 backport (ntp, fixed 4.2.0b) ...0a-20040617-ntpd_guid.patch
**CVE-2005-2495 backport (xorg-x11) [since FEDORA-2005-894]
CVE-2005-2494 version (kdebase, fixed after 3.4.2)
-CVE-2005-2491 ignore (python, fc4 python does not contain pcre)
+CVE-2005-2491 ignore (python) fc4 python does not contain pcre
CVE-2005-2491 version (pcre, fixed 6.2)
-CVE-2005-2491 ignore (httpd, pcre uses system pcre)
-CVE-2005-2491 ignore (php, pcre uses system pcre)
+CVE-2005-2491 ignore (httpd) httpd uses system pcre
+CVE-2005-2491 ignore (php) php uses system pcre
CVE-2005-2492 version (kernel, fixed 2.6.13.1)
CVE-2005-2490 version (kernel, fixed 2.6.13.1)
CVE-2005-2475 backport (unzip)
@@ -217,14 +217,14 @@
CVE-2005-2103 version (gaim, fixed 1.5.0)
CVE-2005-2102 version (gaim, fixed 1.5.0)
**CVE-2005-2101 backport (kdeedu) [since FEDORA-2005-744]
-CVE-2005-2100 version (kernel, not upstream) only RHEL4
+CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4
CVE-2005-2099 version (kernel, fixed 2.6.12.5)
CVE-2005-2098 version (kernel, fixed 2.6.12.5)
CVE-2005-2097 backport (cups)
CVE-2005-2097 version (xpdf, fixed 3.0.1)
**CVE-2005-2096 backport (zlib) [since FEDORA-2005-523]
**CVE-2005-2096 backport (rpm) [since FEDORA-2005-565]
-CVE-2005-2095 version (squirrelmail, fixed 1.4.5) since
+CVE-2005-2095 version (squirrelmail, fixed 1.4.5)
CVE-2005-2088 backport (httpd, fixed 2.0.55)
**CVE-2005-2069 backport (openldap) [since FEDORA-2005-992]
**CVE-2005-2069 VULNERABLE (nss_ldap) http://bugzilla.padl.com/attachment.cgi?id=10&action=view
@@ -234,13 +234,13 @@
CVE-2005-1937 version (firefox, fixed 1.0.5)
CVE-2005-1937 version (mozilla, fixed 1.7.9)
CVE-2005-1934 version (gaim, fixed 1.3.1)
-CVE-2005-1921 version (php, fixed xml_rpm 1.3.1)
+CVE-2005-1921 version (php, fixed xml_rpc:1.3.1)
CVE-2005-1920 version (kdelibs, fixed 3.4.1)
CVE-2005-1913 version (kernel, fixed 2.6.12.2)
CVE-2005-1852 version (kdenetwork, fixed 3.4.2)
CVE-2005-1849 version (zlib, fixed 1.2.3)
CVE-2005-1831 ignore (sudo) unsubstantiated report
-CVE-2005-1769 version (squirrelmail, fixed 1.4.5) since
+CVE-2005-1769 version (squirrelmail, fixed 1.4.5)
CVE-2005-1768 version (kernel, fixed 2.6.6)
CVE-2005-1767 version (kernel, fixed 2.6.7)
CVE-2005-1766 version (HelixPlayer, fixed 1.0.5)
@@ -250,19 +250,19 @@
CVE-2005-1762 version (kernel, fixed 2.6.12)
CVE-2005-1761 version (kernel, fixed 2.6.12.2)
**CVE-2005-1760 VULNERABLE (sysreport)
-CVE-2005-1759 ignore (openldap, fixed shtool 2.0.2) flawed code path not used
+CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used
**CVE-2005-1759 VULNERABLE (openldap)
**CVE-2005-1759 VULNERABLE (php)
-**CVE-2005-1751 VULNERABLE (nmap, fixed shtool 2.0.2) #158996
-CVE-2005-1751 ignore (openldap, fixed shtool 2.0.2) flawed code path not used
+**CVE-2005-1751 VULNERABLE (nmap) fixed shtool 2.0.2 #158996
+CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used
CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
**CVE-2005-1740 backport (net-snmp, not fixed)
CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
CVE-2005-1705 backport (gdb)
CVE-2005-1704 backport (gdb)
**CVE-2005-1704 backport (binutils) ...eadelf-overflows.patch [since FEDORA-2005-498]
-**CVE-2005-1689 backport (krb5) [since FEDORA-2005-553]
-CVE-2005-1686 ignore (gedit, not a vulnerability)
+CVE-2005-1689 version (krb5, fixed 1.4.2)
+CVE-2005-1686 ignore (gedit) not a vulnerability
CVE-2005-1636 version (mysql, fixed 4.1.12)
CVE-2005-1589 version (kernel, fixed 2.6.11.10)
CVE-2005-1571 version (php, fixed shtool 2.0.2)
@@ -298,67 +298,74 @@
CVE-2005-1345 version (squid, fixed 2.5.STABLE10)
CVE-2005-1344 ignore (httpd) not a vulnerability
CVE-2005-1281 version (ethereal, fixed 0.10.11)
-**CVE-2005-1280 backport (tcpdump, not fixed in 3.8.3) in srpm
-**CVE-2005-1279 backport (tcpdump, not fixed in 3.8.3) in srpm
-**CVE-2005-1278 backport (tcpdump, not fixed in 3.8.3) in srpm
+CVE-2005-1280 version (tcpdump, fixed 3.9.2)
+CVE-2005-1279 version (tcpdump, fixed 3.9.2)
+CVE-2005-1278 version (tcpdump, fixed 3.9.2)
CVE-2005-1277 ignore (dupe)
CVE-2005-1275 version (ImageMagick, fixed 6.2.2)
CVE-2005-1269 version (gaim, fixed 1.3.1)
CVE-2005-1268 backport (httpd, fixed 2.0.55)
-**CVE-2005-1267 backport (tcpdump) [since FEDORA-2005-407]
+CVE-2005-1267 version (tcpdump, fixed 3.9.4 at least)
CVE-2005-1266 version (spamassassin, fixed 3.0.4)
CVE-2005-1265 version (kernel)
CVE-2005-1264 version (kernel)
CVE-2005-1263 version (kernel)
CVE-2005-1262 version (gaim, fixed 1.3.0)
CVE-2005-1261 version (gaim, fixed 1.3.0)
-**CVE-2005-1260 backport (bzip2) in srpm [since re0522.0]
+CVE-2005-1260 version (bzip2, fixed 1.0.3)
CVE-2005-1229 backport (cpio)
CVE-2005-1228 backport (gzip)
CVE-2005-1194 backport (nasm)
CVE-2005-1184 ignore (kernel) expected to not be an issue
-**CVE-2005-1175 backport (krb5) [since FEDORA-2005-553]
-**CVE-2005-1174 backport (krb5) [since FEDORA-2005-553]
-CVE-2005-1160 version (firefox, mozilla)
+CVE-2005-1175 version (krb5, fixed 1.4.2)
+CVE-2005-1174 version (krb5, fixed 1.4.2)
+CVE-2005-1160 version (mozilla)
+CVE-2005-1160 version (firefox)
CVE-2005-1160 version (thunderbird)
-CVE-2005-1159 version (firefox, mozilla)
+CVE-2005-1159 version (mozilla)
+CVE-2005-1159 version (firefox)
CVE-2005-1159 version (thunderbird)
CVE-2005-1158 version (firefox, fixed 1.0.3)
-CVE-2005-1157 version (firefox, mozilla)
-CVE-2005-1156 version (firefox, mozilla)
-CVE-2005-1155 version (firefox, mozilla)
-CVE-2005-1154 version (firefox, mozilla)
-CVE-2005-1153 version (firefox, mozilla)
+CVE-2005-1157 version (mozilla)
+CVE-2005-1157 version (firefox)
+CVE-2005-1156 version (mozilla)
+CVE-2005-1156 version (firefox)
+CVE-2005-1155 version (mozilla)
+CVE-2005-1155 version (firefox)
+CVE-2005-1154 version (mozilla)
+CVE-2005-1154 version (firefox)
+CVE-2005-1153 version (mozilla)
+CVE-2005-1153 version (firefox)
CVE-2005-1111 backport (cpio)
-CVE-2005-1065 version (tetex, not upstream)
-CVE-2005-1061 version (logwatch, in 4.3.2 at least)
+CVE-2005-1065 version (tetex) not upstream version
+CVE-2005-1061 version (logwatch, fixed 4.3.2 at least)
CVE-2005-1046 version (kdelibs, fixed after 3.4.0)
CVE-2005-1043 version (php, fixed 4.3.11)
CVE-2005-1042 version (php, fixed 4.3.11)
CVE-2005-1041 version (kernel, fixed 2.6.12)
CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue
CVE-2005-1038 backport (vixie-cron)
-**CVE-2005-0990 backport (sharutils) from srpm
+CVE-2005-0990 version (sharutils, fixed 4.6 at least)
CVE-2005-0989 version (mozilla, fixed 1.7.7)
CVE-2005-0989 version (firefox, fixed 1.0.3)
CVE-2005-0989 version (thunderbird)
-CVE-2005-0988 backport (gzip) from srpm
+CVE-2005-0988 backport (gzip)
CVE-2005-0977 version (kernel, fixed 2.6.11)
CVE-2005-0967 version (gaim, fixed 1.2.1)
CVE-2005-0966 version (gaim, fixed 1.2.1)
CVE-2005-0965 version (gaim, fixed 1.2.1)
-**CVE-2005-0953 backport (bzip2) in srpm
+CVE-2005-0953 backport (bzip2) bzip2-1.0.2-chmod.patch
CVE-2005-0941 version (ooffice, fixed 1.9 m95)
CVE-2005-0937 version (kernel, fixed 2.6.11)
CVE-2005-0916 version (kernel, fixed 2.6.12)
CVE-2005-0891 version (gtk2, fixed 2.2.4)
CVE-2005-0867 version (kernel, fixed 2.6.11)
-CVE-2005-0866 version (cdrecord, DEBUG isn't enabled anyway)
+CVE-2005-0866 version (cdrecord) DEBUG isn't enabled anyway
CVE-2005-0839 version (kernel, fixed 2.6.11)
CVE-2005-0815 version (kernel, fixed 2.6.11.6)
CVE-2005-0808 version (tomcat, fixed 5.x)
CVE-2005-0806 version (evolution, fixed 2.0.4)
-CVE-2005-0799 version (mysql, not linux)
+CVE-2005-0799 version (mysql) not linux
CVE-2005-0767 version (kernel, fixed 2.6.11)
CVE-2005-0766 version (ethereal, fixed after 0.10.9)
CVE-2005-0765 version (ethereal, fixed after 0.10.9)
@@ -368,7 +375,7 @@
CVE-2005-0760 version (ImageMagick, fixed 6.0)
CVE-2005-0759 version (ImageMagick, fixed 6.0)
CVE-2005-0758 version (gzip, fixed 1.3.5)
-**CVE-2005-0758 VULNERABLE (bzip2) by inspection bz#159819
+CVE-2005-0758 VULNERABLE (bzip2) fc4:bz#159819
CVE-2005-0757 version (kernel, not 2.6)
CVE-2005-0756 version (kernel, fixed 2.6.12)
CVE-2005-0755 version (HelixPlayer, fixed 10.0.4)
@@ -390,20 +397,30 @@
CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless
CVE-2005-0627 version (qt, fixed 3.3.4)
CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
-**CVE-2005-0605 backport (xorg-x11) ...-fix-CAN-2005-0605.patch
+CVE-2005-0605 version (libXpm, fixed 3.5.4 at least)
CVE-2005-0602 VULNERABLE (unzip, fixed 5.52)
CVE-2005-0596 version (php, fixed 5.0)
-CVE-2005-0593 version (firefox, mozilla)
-CVE-2005-0592 version (firefox, mozilla)
+CVE-2005-0593 version (mozilla)
+CVE-2005-0593 version (firefox)
+CVE-2005-0592 version (mozilla)
+CVE-2005-0592 version (firefox)
CVE-2005-0591 version (firefox, fixed 1.0.1)
-CVE-2005-0590 version (firefox, mozilla, thunderbird)
+CVE-2005-0590 version (firefox)
+CVE-2005-0590 version (mozilla)
+CVE-2005-0590 version (thunderbird)
CVE-2005-0589 version (firefox, fixed 1.0.1)
-CVE-2005-0588 version (firefox, mozilla)
-CVE-2005-0587 version (firefox, mozilla)
-CVE-2005-0586 version (firefox, mozilla)
-CVE-2005-0585 version (firefox, mozilla)
-CVE-2005-0584 version (firefox, mozilla)
-CVE-2005-0578 version (firefox, mozilla)
+CVE-2005-0588 version (mozilla)
+CVE-2005-0588 version (firefox)
+CVE-2005-0587 version (mozilla)
+CVE-2005-0587 version (firefox)
+CVE-2005-0586 version (mozilla)
+CVE-2005-0586 version (firefox)
+CVE-2005-0585 version (mozilla)
+CVE-2005-0585 version (firefox)
+CVE-2005-0584 version (mozilla)
+CVE-2005-0584 version (firefox)
+CVE-2005-0578 version (mozilla)
+CVE-2005-0578 version (firefox)
CVE-2005-0532 version (kernel, fixed 2.6.11)
CVE-2005-0531 version (kernel, fixed 2.6.11)
CVE-2005-0530 version (kernel, fixed 2.6.11)
@@ -412,10 +429,10 @@
CVE-2005-0527 version (firefox, fixed 1.0.1)
CVE-2005-0525 version (php, fixed 5.0.4)
CVE-2005-0524 version (php, fixed 5.0.4)
-CVE-2005-0504 version (kernel, doesn't build in 2.6)
+CVE-2005-0504 version (kernel, not 2.6) doesn't build in 2.6
CVE-2005-0490 version (curl, fixed 7.13.1)
CVE-2005-0488 backport (telnet)
-**CVE-2005-0488 backport (krb5) [since FEDORA-2005-553]
+CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch
CVE-2005-0473 version (gaim, fixed 1.1.3)
CVE-2005-0472 version (gaim, fixed 1.1.3)
CVE-2005-0469 version (krb5, fixed 1.4.1)
@@ -426,17 +443,19 @@
**CVE-2005-0448 VULNERABLE (perl) bz#173793
CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020
-CVE-2005-0403 version (kernel, not upstream)
+CVE-2005-0403 version (kernel) not upstream
CVE-2005-0402 version (firefox, fixed 1.0.2)
CVE-2005-0401 version (firefox, fixed 1.0.2)
CVE-2005-0401 version (mozilla, fixed 1.7.7)
-CVE-2005-0400 version (kernel, fixed in 2.6.11.6)
-CVE-2005-0399 version (mozilla, Firefox, thunderbird)
+CVE-2005-0400 version (kernel, fixed 2.6.11.6)
+CVE-2005-0399 version (mozilla)
+CVE-2005-0399 version (firefox)
+CVE-2005-0399 version (thunderbird)
CVE-2005-0398 version (ipsec-tools, fixed 0.5)
CVE-2005-0397 version (ImageMagick, fixed 6.0.2.5)
CVE-2005-0396 version (kdelibs, fixed 3.4.0)
CVE-2005-0384 version (kernel, fixed 2.6.11.4)
-CVE-2005-0372 version (gftp, fixed in 2.0.18 at least)
+CVE-2005-0372 version (gftp, fixed 2.0.18 at least)
CVE-2005-0365 version (kdelibs, not 3.4)
CVE-2005-0337 version (postfix, not 2.2)
CVE-2005-0255 version (mozilla, fixed 1.7.6)
@@ -465,17 +484,17 @@
CVE-2005-0209 version (kernel, fixed 2.6.11)
CVE-2005-0208 version (gaim, fixed 1.1.4)
CVE-2005-0207 version (kernel, fixed 2.6.11)
-CVE-2005-0206 version (xpdf, only bad patch for 2004-0888)
-CVE-2005-0205 version (kdenetwork, not 3.3 onwards)
-CVE-2005-0204 version (kernel, didn't affect upstream)
+CVE-2005-0206 version (xpdf) only bad patch for 2004-0888
+CVE-2005-0205 version (kdenetwork, not 3.3+)
+CVE-2005-0204 version (kernel) didn't affect upstream
CVE-2005-0202 version (mailman, fixed 2.1.6)
-**CVE-2005-0201 backport (dbus) [since FEDORA-2005-822]
+CVE-2005-0201 version (dbus, fixed 0.36.1)
CVE-2005-0194 version (squid, fixed 2.5.STABLE8)
CVE-2005-0180 version (kernel, fixed 2.6.11)
CVE-2005-0179 version (kernel, fixed 2.6.11)
CVE-2005-0178 version (kernel, fixed 2.6.11)
CVE-2005-0177 version (kernel, fixed 2.6.11)
-CVE-2005-0176 version (kernel, only affected 2.6.9)
+CVE-2005-0176 version (kernel, fixed 2.6.10) only affected 2.6.9
CVE-2005-0175 version (squid, fixed 2.5.STABLE8)
CVE-2005-0174 version (squid, fixed 2.5.STABLE8)
CVE-2005-0173 version (squid, fixed 2.5.STABLE8)
@@ -484,14 +503,22 @@
**CVE-2005-0155 backport (perl, not 5.8.6) perl-5.8.5-CAN-2005-0155+0156.patch
CVE-2005-0152 version (squirrelmail, not 1.4)
CVE-2005-0150 version (firefox, fixed 1.0)
-CVE-2005-0149 version (mozilla, firefox)
-CVE-2005-0147 version (mozilla, firefox)
-CVE-2005-0146 version (mozilla, firefox)
+CVE-2005-0149 version (firefox)
+CVE-2005-0149 version (mozilla)
+CVE-2005-0147 version (firefox)
+CVE-2005-0147 version (mozilla)
+CVE-2005-0146 version (firefox)
+CVE-2005-0146 version (mozilla)
CVE-2005-0145 version (firefox, fixed 1.0)
-CVE-2005-0144 version (mozilla, firefox)
-CVE-2005-0143 version (mozilla, firefox)
-CVE-2005-0142 version (mozilla, firefox, thunderbird)
-CVE-2005-0141 version (mozilla, firefox)
+CVE-2005-0144 version (firefox)
+CVE-2005-0144 version (mozilla)
+CVE-2005-0143 version (firefox)
+CVE-2005-0143 version (mozilla)
+CVE-2005-0142 version (thunderbird)
+CVE-2005-0142 version (firefox)
+CVE-2005-0142 version (mozilla)
+CVE-2005-0141 version (firefox)
+CVE-2005-0141 version (mozilla)
CVE-2005-0137 version (kernel, not 2.6)
CVE-2005-0135 version (kernel, fixed 2.6.11)
CVE-2005-0124 version (kernel, fixed 2.6.11)
@@ -511,19 +538,19 @@
CVE-2005-0089 version (python, fixed 2.4.1 at least)
CVE-2005-0088 version (mod_python, fixed after 2.7.8)
CVE-2005-0087 version (alsa-lib, fixed 1.0.9)
-CVE-2005-0086 version (less, didn't affect upstream)
+CVE-2005-0086 version (less) didn't affect upstream
CVE-2005-0085 version (htdig, fixed 3.1.6-r7)
CVE-2005-0084 version (ethereal, fixed 0.10.9)
-CVE-2005-0080 version (mailman, not upstream)
+CVE-2005-0080 version (mailman) not upstream
CVE-2005-0078 version (kde, fixed 3.0.5)
-CVE-2005-0077 version (perl-DBI, fixed in 1.48 at least)
+CVE-2005-0077 version (perl-DBI, fixed 1.48 at least)
CVE-2005-0075 version (squirrelmail, fixed 1.4.4)
-**CVE-2005-0069 backport (vim) in vim-6.3-tmpfile.patch
+CVE-2005-0069 VULNERABLE (vim) fc4 fixed by vim-6.3-tmpfile.patch
CVE-2005-0064 version (tetex, fixed 3.0)
CVE-2005-0064 version (kpdf, not 3.4)
CVE-2005-0064 backport (cups)
CVE-2005-0064 version (xpdf, fixed 3.0.1)
-CVE-2005-0039 ignore (not a vulnerability) don't do this says the rfc
+CVE-2005-0039 ignore (kernel) not a vulnerability: don't do this says the rfc
CVE-2005-0034 version (bind, fixed after 9.3.0)
CVE-2005-0033 version (bind, not 9)
CVE-2005-0023 ignore (libvte) not a security risk
@@ -540,7 +567,7 @@
CVE-2005-0003 version (kernel, fixed 2.6.10)
CVE-2005-0001 version (kernel, fixed 2.6.10)
CVE-2004-2546 version (samba, fixed 3.0.6)
-**CVE-2004-2541 blocked (cscope) by FORTIFY_SOURCE
+CVE-2004-2541 blocked (cscope) by FORTIFY_SOURCE
CVE-2004-2536 version (kernel, fixed 2.6.7)
CVE-2004-2531 version (gnutls, fixed 1.0.17)
CVE-2004-2480 ignore (squid) bz#166523, not reproducable
@@ -559,19 +586,20 @@
CVE-2004-2149 version (mysql, fixed 4.1.5)
CVE-2004-2136 ignore (dm-crypt) design
CVE-2004-2135 ignore (kernel) design
-CVE-2004-2093 ignore (rsync, not security issue)
+CVE-2004-2093 ignore (rsync) not security issue
CVE-2004-2069 version (openssh, not 4)
CVE-2004-2014 version (wget, fixed 1.10.1)
-CVE-2004-2013 ignore (kernel, not 2.6, also not exploitable)
-CVE-2004-2004 version (SUSE configuration only)
+CVE-2004-2013 ignore (kernel, not 2.6) also not exploitable
+CVE-2004-2004 version (configuration) SUSE only
CVE-2004-1880 version (openldap, fixed 2.2.21)
CVE-2004-1834 version (httpd, fixed 2.0.50)
-**CVE-2004-1773 backport (sharutils) from srpm
-**CVE-2004-1772 backport (sharutils) from srpm
+CVE-2004-1773 version (sharutils, not 4.6)
+CVE-2004-1772 version (sharutils, not 4.6)
CVE-2004-1761 version (ethereal, fixed 0.10.3)
CVE-2004-1689 version (sudo, fixed 1.6.8p1)
CVE-2004-1653 ignore (openssh)
-CVE-2004-1639 version (mozilla, firefox)
+CVE-2004-1639 version (firefox)
+CVE-2004-1639 version (mozilla)
CVE-2004-1617 ignore (lynx) not able to verify flaw
CVE-2004-1614 version (mozilla, fixed 1.7.5)
CVE-2004-1613 version (mozilla, fixed 1.7.5)
@@ -579,14 +607,22 @@
CVE-2004-1471 version (cvs, fixed 1.12.9)
CVE-2004-1453 version (glibc, fixed 2.3.5)
CVE-2004-1452 version (tomcat, fixed 5.0.27-r3)
-CVE-2004-1451 version (mozilla, firefox, thunderbird)
-CVE-2004-1450 version (mozilla, firefox, thunderbird)
-CVE-2004-1449 version (mozilla, firefox, thunderbird)
+CVE-2004-1451 version (thunderbird)
+CVE-2004-1451 version (firefox)
+CVE-2004-1451 version (mozilla)
+CVE-2004-1450 version (thunderbird)
+CVE-2004-1450 version (firefox)
+CVE-2004-1450 version (mozilla)
+CVE-2004-1449 version (thunderbird)
+CVE-2004-1449 version (firefox)
+CVE-2004-1449 version (mozilla)
CVE-2004-1392 version (php, fixed 5.0.4)
CVE-2004-1382 version (glibc, not 2.3.5)
-CVE-2004-1381 version (firefox, mozilla)
-CVE-2004-1380 version (firefox, mozilla)
-**CVE-2004-1377 backport (a2ps, fixed 4.13?) patch included in srpm
+CVE-2004-1381 version (firefox)
+CVE-2004-1381 version (mozilla)
+CVE-2004-1380 version (mozilla)
+CVE-2004-1380 version (firefox)
+CVE-2004-1377 backport (a2ps) a2ps-4.13-security.patch
CVE-2004-1337 version (kernel, fixed 2.6.11)
CVE-2004-1336 version (tetex, fixed 3.0 at least)
CVE-2004-1335 version (kernel, fixed 2.6.10)
@@ -594,7 +630,7 @@
CVE-2004-1333 version (kernel, fixed 2.6.10)
CVE-2004-1316 version (thunderbird, fixed 0.9)
CVE-2004-1316 version (mozilla, fixed 1.7.5)
-CVE-2004-1308 version (libtiff, fixed in 3.7.1 at least)
+CVE-2004-1308 version (libtiff, fixed 3.7.1 at least)
CVE-2004-1307 version (libtiff, was already fixed with 0886)
CVE-2004-1304 version (file, fixed 4.12)
CVE-2004-1296 backport (groff) from srpm
@@ -603,7 +639,7 @@
CVE-2004-1269 version (cups, fixed 1.1.23)
CVE-2004-1268 version (cups, fixed 1.1.23)
CVE-2004-1267 version (cups, fixed 1.1.23)
-CVE-2004-1237 version (kernel, not upstream)
+CVE-2004-1237 version (kernel, not 2.6) not upstream
CVE-2004-1235 version (kernel, fixed 2.6.11)
CVE-2004-1234 version (kernel, not 2.6)
CVE-2004-1224 version (mtr, fixed after 0.65)
@@ -611,9 +647,9 @@
CVE-2004-1191 version (kernel, fixed 2.6.9)
CVE-2004-1190 version (kernel, fixed 2.6.10)
CVE-2004-1189 version (krb5, fixed 1.4)
-CVE-2004-1186 backport (enscript) in srpm
-CVE-2004-1185 backport (enscript) in srpm
-CVE-2004-1184 backport (enscript) in srpm
+CVE-2004-1186 backport (enscript)
+CVE-2004-1185 backport (enscript)
+CVE-2004-1184 backport (enscript)
CVE-2004-1183 version (libtiff, fixed 3.7.2)
CVE-2004-1180 version (rwho, fixed 0.17)
CVE-2004-1177 version (mailman, fixed 2.1.6)
@@ -621,7 +657,7 @@
CVE-2004-1175 version (mc, fixed 4.6.0)
CVE-2004-1174 version (mc, fixed 4.6.0)
CVE-2004-1171 version (kdelibs, not 3.4)
-**CVE-2004-1170 backport (a2ps) fixed 4.13b-40 from srpm
+CVE-2004-1170 backport (a2ps) a2ps-shell.patch
CVE-2004-1165 version (kdelibs, not 3.4)
CVE-2004-1158 version (kdelibs, not 3.4)
CVE-2004-1156 version (mozilla, firefox)
@@ -644,7 +680,7 @@
CVE-2004-1092 version (mc, fixed 4.6.0)
CVE-2004-1091 version (mc, fixed 4.6.0)
CVE-2004-1090 version (mc, fixed 4.6.0)
-**CVE-2004-1079 backport (ncpfs) from srpm
+CVE-2004-1079 version (ncpfs, fixed 2.2.6 at least)
CVE-2004-1074 version (kernel, fixed 2.6.10)
CVE-2004-1073 version (kernel, fixed 2.6.10)
CVE-2004-1072 version (kernel, fixed 2.6.10)
@@ -655,7 +691,7 @@
CVE-2004-1065 version (php, fixed after 5.0.2)
CVE-2004-1064 version (php, fixed after 5.0.2)
CVE-2004-1063 version (php, fixed after 5.0.2)
-CVE-2004-1060 version (kernel, all verifies sequence number)
+CVE-2004-1060 version (kernel) all verifies sequence number
CVE-2004-1058 version (kernel, fixed 2.6.9)
CVE-2004-1057 version (kernel, fixed 2.6.10)
CVE-2004-1056 version (kernel, fixed 2.6.10)
@@ -674,7 +710,7 @@
CVE-2004-1005 version (mc, fixed 4.6.0)
CVE-2004-1004 version (mc, fixed 4.6.0)
CVE-2004-1002 ignore (ppp) not a security issue
-CVE-2004-0996 backport (cscope, not fixed in 15.5)
+CVE-2004-0996 backport (cscope) not fixed in 15.5
CVE-2004-0990 version (gd, fixed 2.0.29)
CVE-2004-0989 version (libxml2, fixed 2.6.15)
CVE-2004-0986 version (iptables, fixed 1.2.12)
@@ -682,16 +718,16 @@
CVE-2004-0981 version (ImageMagick, fixed 6.1.0)
CVE-2004-0977 version (postgresql, fixed after 7.4.6)
**CVE-2004-0976 backport (perl) [since FEDORA-2005-1077]
-CVE-2004-0975 backport (openssl097a, fixed 0.9.7f) from srpm
+CVE-2004-0975 backport (openssl097a, fixed 0.9.7f)
CVE-2004-0975 version (openssl, not 0.9.8)
CVE-2004-0974 version (netatalk, fixed 2.0.1)
CVE-2004-0972 version (lvm2, fixed 2.2.01.8 at least)
-**CVE-2004-0971 backport (krb5, see bug 136307) fixed by patch in SRPM
+CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch
CVE-2004-0970 version (gzip)
CVE-2004-0969 version (groff, fixed 1.18.1.1)
-CVE-2004-0968 version (glibc, fixed in 2.3.5 at least)
-**CVE-2004-0967 backport (ghostscript) srpm
-CVE-2004-0966 version (gettext, fixed in 0.14.3 at least)
+CVE-2004-0968 version (glibc, fixed 2.3.5 at least)
+CVE-2004-0967 backport (ghostscript) ghostscript-scripts.patch
+CVE-2004-0966 version (gettext, fixed 0.14.3 at least)
CVE-2004-0961 version (freeradius, fixed 1.0.1)
CVE-2004-0960 version (freeradius, fixed 1.0.1)
CVE-2004-0959 version (php, fixed 4.3.9)
@@ -705,14 +741,20 @@
CVE-2004-0940 version (httpd, not 2.0)
CVE-2004-0938 version (freeradius, fixed 1.0.1)
CVE-2004-0930 version (samba, fixed 3.0.8)
-CVE-2004-0929 verison (libtiff, fixed 3.7.0)
+CVE-2004-0929 version (libtiff, fixed 3.7.0)
CVE-2004-0923 version (cups, fixed 1.2.22)
CVE-2004-0918 version (squid, fixed 2.4.STABLE7)
CVE-2004-0914 version (xorg-x11, fixed after 6.8.1)
-CVE-2004-0909 version (mozilla, thunderbird, firefox)
+CVE-2004-0909 version (mozilla)
+CVE-2004-0909 version (thunderbird)
+CVE-2004-0909 version (firefox)
CVE-2004-0908 version (mozilla, fixed 1.7.3)
-CVE-2004-0907 version (mozilla, thunderbird, firefox)
-CVE-2004-0906 version (mozilla, thunderbird, firefox)
+CVE-2004-0907 version (mozilla)
+CVE-2004-0907 version (thunderbird)
+CVE-2004-0907 version (firefox)
+CVE-2004-0906 version (mozilla)
+CVE-2004-0906 version (thunderbird)
+CVE-2004-0906 version (firefox)
CVE-2004-0905 version (mozilla, fixed 1.7.3)
CVE-2004-0904 version (mozilla, fixed 1.7.3)
CVE-2004-0903 version (mozilla, fixed 1.7.3)
@@ -730,7 +772,7 @@
CVE-2004-0884 version (cyrus-sasl, fixed 2.1.20)
CVE-2004-0883 version (kernel, fixed 2.6.11)
CVE-2004-0882 version (samba, fixed 3.0.8)
-CVE-2004-0871 ignore (mozilla, unfixed upstream with no patch)
+CVE-2004-0871 ignore (mozilla) unfixed upstream with no patch
CVE-2004-0870 ignore (kde) upstream won't fix
CVE-2004-0867 version (firefox, after 0.9.2)
CVE-2004-0837 version (mysql, fixed 4.0.21)
@@ -740,7 +782,7 @@
CVE-2004-0829 version (samba, fixed 2.2.11)
CVE-2004-0827 version (ImageMagick, fixed 6.0.6.2)
CVE-2004-0823 version (openldap, fixed after 2.1.19)
-CVE-2004-0817 version (imlib, fixed at least by 2.1.20)
+CVE-2004-0817 version (imlib, fixed 2.1.20 at least)
CVE-2004-0816 version (kernel, fixed 2.6.8)
CVE-2004-0815 version (samba, fixed 3.0.2a)
CVE-2004-0814 version (kernel, fixed 2.6.9)
@@ -757,22 +799,24 @@
CVE-2004-0803 version (libtiff, fixed after 3.6.1)
CVE-2004-0802 version (imlib, fixed 1.1.2)
CVE-2004-0801 version (foomatic, fixed 3.0.2)
-CVE-2004-0797 version (zlib, fixed in 1.2.2.2 at least)
+CVE-2004-0797 version (zlib, fixed 1.2.2.2 at least)
CVE-2004-0796 version (spamassassin, fixed 2.64)
CVE-2004-0792 version (rsync, fixed 2.6.3)
CVE-2004-0791 version (kernel, fixed 2.6.9)
-CVE-2004-0790 version (doesn't affect linux 2.4, 2.6)
+CVE-2004-0790 version (doesn't affect linux 2.6)
CVE-2004-0797 version (zlib)
CVE-2004-0788 version (gdk-pixbuf, fixed 0.22)
-CVE-2004-0788 version (gtk2, fixed 2.6.7 at least by inspection)
+CVE-2004-0788 version (gtk2, fixed 2.6.7 at least)
CVE-2004-0786 version (apr-util, fixed 2.0.51)
CVE-2004-0785 version (gaim, fixed 0.82)
CVE-2004-0784 version (gaim, fixed 0.82)
CVE-2004-0783 version (gdk-pixbuf, fixed 0.22)
-CVE-2004-0783 version (gtk2, fixed 2.6.7 at least by inspection)
+CVE-2004-0783 version (gtk2, fixed 2.6.7 at least)
CVE-2004-0782 version (gdk-pixbuf, fixed 0.22)
-CVE-2004-0782 version (gtk2, fixed 2.6.7 at least by inspection)
-CVE-2004-0779 version (mozilla, firefox, thunderbird)
+CVE-2004-0782 version (gtk2, fixed 2.6.7 at least)
+CVE-2004-0779 version (mozilla)
+CVE-2004-0779 version (firefox)
+CVE-2004-0779 version (thunderbird)
CVE-2004-0778 version (cvs, fixed 1.11.17)
CVE-2004-0772 version (krb5, fixed after 1.2.8)
CVE-2004-0771 backport (lha, changelog)
@@ -798,7 +842,7 @@
CVE-2004-0748 version (httpd, fixed 2.0.51)
CVE-2004-0747 version (httpd, fixed 2.0.51)
CVE-2004-0746 version (kde, fixed 3.3)
-CVE-2004-0745 backport (lha, changelog)
+CVE-2004-0745 backport (lha)
CVE-2004-0722 version (mozilla, fixed 1.7)
CVE-2004-0721 version (kdelibs, fixed 3.3)
CVE-2004-0718 version (mozilla, fixed 1.7)
@@ -814,7 +858,9 @@
CVE-2004-0686 version (samba, fixed 3.0.6)
CVE-2004-0685 version (kernel, not 2.6)
CVE-2004-0658 ignore (kernel) not a security issue
-CVE-2004-0648 version (mozilla, firefox, thunderbird)
+CVE-2004-0648 version (mozilla)
+CVE-2004-0648 version (thunderbird)
+CVE-2004-0648 version (firefox)
CVE-2004-0644 version (krb5, fixed after 1.3.4)
CVE-2004-0643 version (krb5, fixed after 1.3.1)
CVE-2004-0642 version (krb5, fixed after 1.3.4)
@@ -825,8 +871,8 @@
CVE-2004-0628 version (mysql, fixed 4.1.3)
CVE-2004-0627 version (mysql, fixed 4.1.3)
CVE-2004-0626 version (kernel, fixed 2.6.8)
-CVE-2004-0619 version (kernel, no driver)
-CVE-2004-0607 version (racoon, note RHSA-2004:308 has wrong text)
+CVE-2004-0619 version (kernel) no driver
+CVE-2004-0607 version (racoon) note RHSA-2004:308 has wrong text
CVE-2004-0603 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch
CVE-2004-0600 version (samba, fixed 3.0.6)
CVE-2004-0599 version (mozilla, fixed 1.7.2)
@@ -840,7 +886,7 @@
CVE-2004-0595 version (php, fixed 4.3.8)
CVE-2004-0594 version (php, fixed 4.3.8)
CVE-2005-0590 version (openswan, fixed 2.1.4)
-CVE-2004-0587 version (kernel, not upstream flaw)
+CVE-2004-0587 version (kernel) not upstream flaw
CVE-2004-0558 version (cups, fixed 1.1.21)
CVE-2004-0557 version (sox, fixed after 12.17.4)
CVE-2005-0565 version (kernel, not 2.6)
@@ -893,10 +939,10 @@
CVE-2004-0398 version (neon, fixed 0.24.6)
CVE-2004-0397 version (subversion, fixed 1.0.1)
CVE-2004-0396 version (cvs, fixed 1.12.8)
-CVE-2004-0394 version (kernel, not 2.6 and not a vuln)
+CVE-2004-0394 version (kernel, not 2.6) also not a vulnerability
CVE-2004-0392 version (racoon, fixed 20040407b)
-CVE-2004-0388 version (mysql, 4.1.11 is okay at least)
-CVE-2004-0381 version (mysql, 4.1.11 is okay at least)
+CVE-2004-0388 version (mysql, fixed 4.1.11 at least)
+CVE-2004-0381 version (mysql, fixed 4.1.11 at least)
CVE-2004-0367 version (ethereal, fixed 0.10.3)
CVE-2004-0365 version (ethereal, fixed 0.10.3)
CVE-2004-0263 version (php, fixed 4.3.5)
@@ -914,7 +960,7 @@
CVE-2004-0186 version (samba, not 3.0.2a)
CVE-2004-0184 version (tcpdump, fixed 3.8.2)
CVE-2004-0183 version (tcpdump, fixed 3.8.2)
-CVE-2004-0182 version (mailman, only affected Red Hat packages)
+CVE-2004-0182 version (mailman) only affected Red Hat packages
CVE-2004-0181 version (kernel, fixed 2.6.5)
CVE-2004-0180 version (cvs, fixed 1.11.15)
CVE-2004-0179 version (openoffice.org)
@@ -923,7 +969,7 @@
CVE-2004-0177 version (kernel, fixed 2.6.6)
CVE-2004-0176 version (ethereal, fixed 0.10.3)
CVE-2004-0175 version (openssh, fixed 3.4p1)
-**CVE-2004-0175 backport (krb5) [since FEDORA-2005-553]
+CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch
CVE-2004-0174 version (httpd, fixed 2.0.49)
CVE-2004-0173 version (httpd, fixed 2.0.49)
CVE-2004-0164 version (racoon)
@@ -966,8 +1012,8 @@
CVE-2004-0005 version (gaim, fixed 0.76)
CVE-2004-0003 version (kernel, not 2.6)
CVE-2004-0001 version (kernel, not 2.6)
-**CVE-2003-1265 VULNERABLE (firefox)
-**CVE-2003-1265 VULNERABLE (mozilla)
+CVE-2003-1265 VULNERABLE (firefox)
+CVE-2003-1265 VULNERABLE (mozilla)
CVE-2003-1232 version (emacs, fixed 21.3)
CVE-2003-1201 version (openldap, not 2.2)
CVE-2003-1161 version (kernel, not released version)
@@ -1007,7 +1053,7 @@
CVE-2003-0901 version (postgresql, not 8)
CVE-2003-0900 version (perl, only 5.8.1)
CVE-2003-0865 version (tomcat, fixed after 4.0.3)
-CVE-2003-0863 ignore (php, not a bug) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html
+CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html
CVE-2003-0861 version (php, fixed 4.3.3)
CVE-2003-0860 version (php, fixed 4.3.3)
CVE-2003-0859 version (glibc, checked source)
@@ -1044,16 +1090,16 @@
CVE-2003-0693 version (openssh, fixed 3.7)
CVE-2003-0692 version (kde, fixed after 3.1.3)
CVE-2003-0690 version (kde, fixed after 3.1.3)
-CVE-2003-0689 version (glibc, fixed at least in 2.3.2) by inspection
+CVE-2003-0689 version (glibc, fixed 2.3.2 at least)
CVE-2003-0688 version (sendmail, fixed 8.12.9)
CVE-2003-0686 version (pam_smb, fixed 1.1.7)
-CVE-2003-0682 version (openssh, fixed at least in 4.0p1) by inspection
+CVE-2003-0682 version (openssh, fixed 4.0p1 at least)
CVE-2003-0681 version (sendmail, fixed 8.12.10)
CVE-2003-0655 version (cdrtools, fixed 2.01a18)
CVE-2003-0644 version (kdbg, not after 1.2.8)
CVE-2003-0643 version (kernel, not 2.6)
CVE-2003-0619 version (kernel, not 2.6)
-CVE-2003-0618 version (suidperl, fixed at least 5.8.6) by inspection
+CVE-2003-0618 version (suidperl, fixed 5.8.6 at least)
CVE-2003-0594 version (mozilla, ICAT)
CVE-2003-0592 version (kde, fixed 3.1.3)
CVE-2003-0564 version (mozilla, ICAT)
@@ -1093,7 +1139,7 @@
CVE-2003-0430 version (ethereal, fixed after 0.9.12)
CVE-2003-0429 version (ethereal, fixed after 0.9.12)
CVE-2003-0428 version (ethereal, fixed after 0.9.12)
-CVE-2003-0427 backport (mikmod) [since FEDORA-2005-405]
+CVE-2003-0427 backport (mikmod)
CVE-2003-0418 version (kernel, not 2.6)
CVE-2003-0388 version (pam, fixed 0.78)
CVE-2003-0386 version (openssh, fixed after 3.6.1)
@@ -1107,7 +1153,7 @@
CVE-2003-0300 ignore (sylpheed) only a crasher
CVE-2003-0299 ignmore (mutt) only a crasher
CVE-2003-0298 version (mozilla, fixed after 1.4a)
-CVE-2003-0296 version (evolution, fixed at least in 1.4.5)
+CVE-2003-0296 version (evolution, fixed 1.4.5 at least)
CVE-2003-0289 version (cdrtools, fixed 2.01a14)
CVE-2003-0282 version (unzip, fixed 5.51)
CVE-2003-0255 version (gnupg, fixed 1.2.2)
@@ -1129,7 +1175,7 @@
CVE-2003-0192 version (httpd, fixed 2.0.47)
CVE-2003-0190 version (openssh, fixed 3.6.1p1)
CVE-2003-0189 version (httpd, fixed 2.0.46)
-CVE-2003-0188 version (lv, fixed 4.51 at least) by inspection
+CVE-2003-0188 version (lv, fixed 4.51 at least)
CVE-2003-0187 version (kernel, not 2.6)
CVE-2003-0167 version (mutt, fixed 1.4.1)
CVE-2003-0166 version (php, fixed 4.3.2)
@@ -1156,7 +1202,7 @@
CVE-2003-0127 version (kernel, not 2.6)
CVE-2003-0124 version (man, fixed 1.5l)
CVE-2003-0108 version (tcpdump, fixed after 3.7.1)
-CVE-2003-0107 version (zlib, fixed 1.2.0.2 at least) changelog
+CVE-2003-0107 version (zlib, fixed 1.2.0.2 at least)
CVE-2003-0102 version (file, fixed 3.41)
CVE-2003-0097 version (php, fixed 4.3.1)
CVE-2003-0093 version (tcpdump, fixed 3.7.2)
@@ -1169,8 +1215,8 @@
CVE-2003-0078 version (openssl, not 0.9.8)
CVE-2003-0073 version (mysql, fixed 3.23.55)
CVE-2003-0072 version (krb5, fixed after 1.2.7)
-CVE-2003-0071 version (xorg-x11, fixed in 6.8.2 at least) by inspection
-CVE-2003-0070 version (vte, fixed 0.11.1 at least) by inspection
+CVE-2003-0071 version (xorg-x11, fixed in 6.8.2 at least)
+CVE-2003-0070 version (vte, fixed 0.11.1 at least)
CVE-2003-0063 version (xorg-x11, fixed at least in 4.2.99)
CVE-2003-0060 version (krb5, fixed 1.2.5)
CVE-2003-0059 version (krb5, fixed 1.2.5)
@@ -1212,4 +1258,4 @@
CVE-2001-1490 version (mozilla, fixed 1.0.0)
CVE-2001-1494 version (util-linux, fixed 2.11n)
CVE-2001-0955 version (XFree86, fixed 4.2.0)
-CVE-1999-1572 backport (cpio) from srpm
+CVE-1999-1572 backport (cpio)
- Previous message (by thread): rpms/syslog-ng/devel .cvsignore, 1.3, 1.4 sources, 1.3, 1.4 syslog-ng.spec, 1.6, 1.7
- Next message (by thread): rpms/bittorrent/devel bittorrent.spec, 1.30, 1.31 sources, 1.13, 1.14 .cvsignore, 1.13, 1.14
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list