fedora-security/audit fc5,1.6,1.7

Mark Cox (mjc) fedora-extras-commits at redhat.com
Fri Nov 25 12:36:05 UTC 2005 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14425

Modified Files:
	fc5 
Log Message:
Finish off the study with some updated kernel issues, and look at the
differences between fc5 and fc4 leading to a couple of old entries.  The
only outstanding one is really 'nspr' which probably has had a lot of
security issues fixed in it, but none noted directly in CVE.  Most CVE
entries simply mention the Netscape product affected.



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- fc5	23 Nov 2005 16:35:59 -0000	1.6
+++ fc5	25 Nov 2005 12:36:03 -0000	1.7
@@ -7,11 +7,14 @@
 and httpd
 3. Looked at those marked backport where we ship a newer version, manually
 looked at rest marked backport
-[todo: CVE from new packages added to FC5]
+4. Looked at CVE for any new packages added to FC5
 [todo: file bugs for anything vulnerable]
 
 ** are items that need attention
 
+CVE-2005-3784 backport (kernel, fixed 2.6.15) patch-2.6.15-rc1
+CVE-2005-3783 backport (kernel, fixed 2.6.15) patch-2.6.15-rc1
+CVE-2005-3753 version (kernel, fixed 2.6.14) also not a vuln
 CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
 CVE-2005-3732 VULNERABLE (ipsec-tools, fixed 0.6.3) fc4:bz#173842
 CVE-2005-3675 VULNERABLE (kernel) optack
@@ -1238,6 +1241,7 @@
 
 CVE-2002-2204 ignore (rpm) by design
 CVE-2002-2196 version (samba, fixed 2.2.5)
+CVE-2002-2185 VULNERABLE (kernel)
 CVE-2002-2103 version (apache, not 2.0)
 CVE-2002-1963 version (kernel, not 2.6)
 CVE-2002-1976 ignore (ifconfig) "use ip"
@@ -1256,4 +1260,6 @@
 CVE-2001-1490 version (mozilla, fixed 1.0.0)
 CVE-2001-1494 version (util-linux, fixed 2.11n)
 CVE-2001-0955 version (XFree86, fixed 4.2.0)
+CVE-2001-0474 version (mesa, fixed 3.3-14) 
+CVE-2000-0504 version (libICE, fixed XFree86:4.0.1)
 CVE-1999-1572 backport (cpio)

More information about the fedora-extras-commits mailing list