fedora-security/audit fc4,1.75,1.76
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Mon Oct 24 08:17:17 UTC 2005
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6332
Modified Files:
fc4
Log Message:
Now CVE day has passed we can add the full CVE name into this file without
having to worry about promoting CAN- later.
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.75 -r 1.76 fc4
Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- fc4 21 Oct 2005 09:30:49 -0000 1.75
+++ fc4 24 Oct 2005 08:16:49 -0000 1.76
@@ -1,1168 +1,1170 @@
-Up to date CVE as of CVE email 20051020
-Up to date FC4 as of 200501020
+Up to date CVE as of CVE email 20051023
+Up to date FC4 as of 200501023
** are items that need attention
-2005-3276 version (kernel, fixed 2.6.12.4) [since FEDORA-2005-949] was backport since FEDORA-2005-820
-2005-3275 version (kernel, fixed 2.6.13) [since FEDORA-2005-949] was backport since FEDORA-2005-820
-2005-3274 version (kernel, fixed 2.6.13) [since FEDORA-2005-949]
-2005-3273 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
-2005-3272 version (kernel, fixed 2.6.13) [since FEDORA-2005-949]
-2005-3271 version (kernel, fixed 2.6.9) since GA
-2005-3258 backport (squid) [since FEDORA-2005-1009]
-2005-3257 VULNERABLE (kernel)
-2005-3249 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-2005-3248 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-2005-3247 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-2005-3246 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-2005-3245 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-2005-3244 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-2005-3243 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-2005-3242 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-2005-3241 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-2005-3185 blocked (curl) by FORTIFY_SOURCE
-2005-3185 blocked (wget) by FORTIFY_SOURCE
-2005-3184 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-2005-3183 backport (w3c-libwww) [since FEDORA-2005-952]
-2005-3181 backport (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1013] patch-2.6.13.4
-2005-3180 backport (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1013] patch-2.6.13.4
-2005-3179 backport (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1013] patch-2.6.13.4
-2005-3164 version (tomcat, not 5)
-2005-3120 backport (lynx) [since FEDORA-2005-994]
-2005-3119 backport (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1013] patch-2.6.13.4
-2005-3110 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
-2005-3109 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
-2005-3108 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
-2005-3107 version (kernel, fixed 2.6.11)
-2005-3106 version (kernel, fixed 2.6.11)
-2005-3105 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
-2005-3089 ** firefox
-2005-3055 VULNERABLE (kernel)
-2005-3054 ignore (php) see bz#169857
-2005-3053 version (kernel) [since FEDORA-2005-949] was backport since FEDORA-2005-820
-2005-3044 backport (kernel, fixed 2.6.13.2) [since FEODRA-2005-949] patch-2.6.13.4
-2005-3011 backport (texinfo) [since FEDORA-2005-991]
-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
-2005-2978 version (netpbm, fixed 10.25)
-2005-2969 backport (openssl, fixed 0.9.7h) [since FEDORA-2005-986]
-2005-2969 backport (openssl097a, fixed 0.9.7h) [since FEDORA-2005-986]
-2005-2968 version (mozilla, not 1.7.10) +we include a different mozilla sh
-2005-2968 version (firefox) [since FEDORA-2005-926]
-2005-2968 version (thunderbird) [since FEDORA-2005-963]
-2005-2946 VULNERABLE (openssl, fixed 0.9.8) (as it uses md5 md)
-2005-2933 ** uw-imap
-2005-2917 ** squid
-2005-2876 backport (util-linux) [since FEDORA-2005-887]
-2005-2874 version (cups, fixed 1.1.23)
-2005-2873 VULNERABLE (kernel) not upstream fixed
-2005-2872 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
-2005-2871 ** backport (firefox) [since FEDORA-2005-871]
-2005-2871 ** backport (mozilla) [since FEDORA-2005-873]
-2005-2871 version (thunderbird) (moderate only) [since FEDORA-2005-963]
-2005-2811 version (net-snmp, not upstream) gentoo only
-2005-2801 version (kernel, fixed 2.6.11)
-2005-2800 version (kernel, fixed 2.6.12.6) [since FEDORA-2005-949] was backport since FEDORA-2005-906
-2005-2798 version (openssh, fixed 4.2) [since FEDORA-2005-860]
-2005-2797 version (openssh, fixed 4.2) [since FEDORA-2005-860]
-2005-2796 version (squid, fixed 2.5.STABLE11) [since FEDORA-2005-913] was backport since FEDORA-2005-851
-2005-2794 version (squid, fixed 2.5.STABLE11) [since FEDORA-2005-913] was backport since FEDORA-2005-851
-2005-2728 backport (httpd, fixed 2.0.55-dev) [since FEDORA-2005-849]
-2005-2710 version (helixplayer, fixed 1.0.6) [since FEDORA-2005-940]
-2005-2708 ignore (kernel) not reproducable on x86_64
-2005-2707 version (thunderbird) [since FEDORA-2005-963]
-2005-2707 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
-2005-2707 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
-2005-2706 version (thunderbird) [since FEDORA-2005-963]
-2005-2706 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
-2005-2706 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
-2005-2705 version (thunderbird) [since FEDORA-2005-963]
-2005-2705 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
-2005-2705 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
-2005-2704 version (thunderbird) [since FEDORA-2005-963]
-2005-2704 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
-2005-2704 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
-2005-2703 version (thunderbird) [since FEDORA-2005-963]
-2005-2703 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
-2005-2703 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
-2005-2702 version (thunderbird) [since FEDORA-2005-963]
-2005-2702 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
-2005-2702 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
-2005-2701 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
-2005-2701 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
-2005-2700 backport (httpd, fixed 2.0.55-dev) [since FEDORA-2005-849]
-2005-2693 backport (cvs) [since FEDORA-2005-790]
-2005-2672 VULNERABLE (lm_sensors) bz#166673
-2005-2666 ** openssh (hmm)
-2005-2642 version (mutt, openbsd only)
-2005-2641 VULNERABLE (pam_ldap) bz#166164
-2005-2617 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
-2005-2602 VULNERABLE (firefox) probably
-2005-2602 VULNERABLE (thunderbird) probably
-2005-2558 ignore (mysql) not an issue
-2005-2558 version (mysql, fixed 4.1.13) [since FEDORA-2005-974]
-2005-2555 version (kernel, fixed 2.6.12.6pre) [since FEDORA-2005-949] was backport since FEDORA-2005-820
-2005-2553 version (kernel, not 2.6)
-2005-2550 backport (evolution) [since FEDORA-2005-743]
-2005-2549 backport (evolution) [since FEDORA-2005-743]
-2005-2548 version (kernel, fixed 2.6.9) only affected 2.6.8
-2005-2547 version (bluez-pin, fixed 2.19) not before 2.16
-2005-2541 ignore (tar) is documented behaviour
-2005-2500 version (kernel, fixed 2.6.13) <2.6.13 was not vulnerable either
-2005-2499 backport (slocate) [since FEDORA-2005-770]
-2005-2498 version (php xml_rpc, fixed 1.4.0) [since FEDORA-2005-810]
-2005-2496 backport (ntp, fixed 4.2.0b) ...0a-20040617-ntpd_guid.patch
-2005-2495 backport (xorg-x11) [since FEDORA-2005-894]
-2005-2494 VULNERABLE (kdebase, fixed after 3.4.2) bz#166997
-2005-2491 ignore (python, fc4 python does not contain pcre)
-2005-2491 backport (pcre, fixed 6.2) [since FEDORA-2005-803]
-2005-2491 ignore (httpd, pcre uses system pcre)
-2005-2491 ignore (php, pcre uses system pcre)
-2005-2492 version (kernel, fixed 2.6.13.1) [since FEDORA-2005-949] was backport since FEDORA-2005-906
-2005-2490 version (kernel, fixed 2.6.13.1) [since FEDORA-2005-949] was backport since FEDORA-2005-906
-2005-2475 VULNERABLE (unzip) bz#164928
-2005-2471 backport (netpbm) [since FEDORA-2005-728]
-2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible
-2005-2458 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
-2005-2457 ignore (kernel, fixed 2.6.12.5) this is just a bug
-2005-2456 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
-2005-2452 version (libtiff, fixed 3.7.0)
-2005-2448 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
-2005-2414 ignore (mozilla) not being fixed upstream, just a crash
-2005-2410 backport (NetworkManager) [since FEDORA-2005-680]
-2005-2395 ** firefox
-2005-2370 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
-2005-2370 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
-2005-2369 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
-2005-2368 version (vim, fixed 6.3.086 at least) [since FEDORA-2005-737]
-2005-2367 version (ethereal, fixed 0.10.12) [since FEDORA-2005-655]
-2005-2366 version (ethereal, fixed 0.10.12) [since FEDORA-2005-655]
-2005-2365 version (ethereal, fixed 0.10.12) [since FEDORA-2005-655]
-2005-2364 version (ethereal, fixed 0.10.12) [since FEDORA-2005-655]
-2005-2363 version (ethereal, fixed 0.10.12) [since FEDORA-2005-655]
-2005-2362 version (ethereal, fixed 0.10.12) [since FEDORA-2005-655]
-2005-2361 version (ethereal, fixed 0.10.12) [since FEDORA-2005-655]
-2005-2360 version (ethereal, fixed 0.10.12) [since FEDORA-2005-655]
-2005-2353 ignore (thunderbird) debug mode only
-2005-2337 ** ruby vu#160012
-2005-2335 backport (fetchmail) [since FEDORA-2005-613]
-2005-2270 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-2005-2270 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
-2005-2270 version (thunderbird, fixed 1.0.5) [since FEDORA-2005-606]
-2005-2269 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-2005-2269 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
-2005-2269 version (thunderbird, fixed 1.0.5) [since FEDORA-2005-606]
-2005-2268 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-2005-2268 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
-2005-2267 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
-2005-2267 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-2005-2266 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-2005-2266 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
-2005-2266 version (thunderbird, fixed 1.0.5) [since FEDORA-2005-606]
-2005-2265 version (firefox, fixed 1.0.5) [since FEDORA-2005]
-2005-2265 version (mozilla, fixed 1.7.9) [si [since FEDORA-2005-619]
-2005-2265 version (thunderbird, fixed 1.0.5) [since FEDORA-2005-606]
-2005-2264 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-2005-2263 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-2005-2263 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
-2005-2262 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-2005-2261 version (thunderbird, fixed 1.0.5) [since FEDORA-2005-606]
-2005-2261 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-2005-2261 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
-2005-2260 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-2005-2260 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
-2005-2177 version (net-snmp, fixed 5.2.1.2) [since FEDORA-2005-561]
-2005-2114 ** mozilla, can't find out when this was fixed upstream
-2005-2104 ** sysreport #162979
-2005-2103 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
-2005-2102 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
-2005-2101 backport (kdeedu) [since FEDORA-2005-744]
-2005-2100 version (kernel, not upstream)
-2005-2099 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
-2005-2098 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
-2005-2097 backport (cups) [since FEDORA-2005-732]
-2005-2097 version (xpdf, fixed 3.0.1) [since FEDORA-2005-755] was backport since FEDORA-2005-729
-2005-2096 backport (zlib) [since FEDORA-2005-523]
-2005-2096 backport (rpm) [since FEDORA-2005-565]
-2005-2095 version (squirrelmail, fixed 1.4.5) since [FEDORA-2005-780]
-2005-2088 backport (httpd) [since FEDORA-2005-639]
-2005-2069 VULNERABLE (nss_ldap) http://bugzilla.padl.com/attachment.cgi?id=10&action=view
-2005-2023 version (gnupg, fixed 1.9.15)
[...1941 lines suppressed...]
+CVE-2003-0773 version (sane-backends, fixed 1.0.10)
+CVE-2003-0743 version (exim, fixed 4.21)
+CVE-2003-0740 version (stunnel, fixed 3.26)
+CVE-2003-0730 version (xfree86, fixed after 4.3.0)
+CVE-2003-0700 version (kernel, not 2.6)
+CVE-2003-0699 version (kernel, not 2.6)
+CVE-2003-0698 version (exim, fixed 4.21)
+CVE-2003-0695 version (openssh, fixed 3.7.1)
+CVE-2003-0694 version (sendmail, fixed 8.12.10)
+CVE-2003-0693 version (openssh, fixed 3.7)
+CVE-2003-0692 version (kde, fixed after 3.1.3)
+CVE-2003-0690 version (kde, fixed after 3.1.3)
+CVE-2003-0689 version (glibc, fixed at least in 2.3.2) by inspection
+CVE-2003-0688 version (sendmail, fixed 8.12.9)
+CVE-2003-0686 version (pam_smb, fixed 1.1.7)
+CVE-2003-0682 version (openssh, fixed at least in 4.0p1) by inspection
+CVE-2003-0681 version (sendmail, fixed 8.12.10)
+CVE-2003-0655 version (cdrtools, fixed 2.01a18)
+CVE-2003-0644 version (kdbg, not after 1.2.8)
+CVE-2003-0643 version (kernel, not 2.6)
+CVE-2003-0619 version (kernel, not 2.6)
+CVE-2003-0618 version (suidperl, fixed at least 5.8.6) by inspection
+CVE-2003-0594 version (Mozilla, ICAT)
+CVE-2003-0592 version (kde, fixed 3.1.3)
+CVE-2003-0564 version (Mozilla, ICAT)
+CVE-2003-0555 ignore (ImageMagick) wasn't reproducable
+CVE-2003-0552 version (kernel, not 2.6)
+CVE-2003-0551 version (kernel, not 2.6)
+CVE-2003-0550 version (kernel, not 2.6)
+CVE-2003-0549 version (gdm, fixed 2.4.1.6)
+CVE-2003-0548 version (gdm, fixed 2.4.1.6)
+CVE-2003-0547 version (gdm, fixed 2.4.1.6)
+CVE-2003-0546 version (up2date, fixed after 3.1.23)
+CVE-2003-0545 backport (openssl097a, fixed 0.9.7c) in srpm
+CVE-2003-0545 version (openssl, fixed 0.9.7c)
+CVE-2003-0544 backport (openssl097a, fixed 0.9.7c) in srpm
+CVE-2003-0544 version (openssl, fixed 0.9.7c)
+CVE-2003-0543 backport (openssl097a, fixed 0.9.7c) in srpm
+CVE-2003-0543 version (openssl, fixed 0.9.7c)
+CVE-2003-0542 version (httpd, fixed 2.0.48)
+CVE-2003-0541 backport (gtkhtml, fixed 1.1.10) gtkhtml-1.1.9-textslave.patch
+CVE-2003-0540 version (postfix, not 2.0 onwards)
+CVE-2003-0517 version (mgetty, fixed 1.1.29)
+CVE-2003-0516 version (mgetty, fixed 1.1.29)
+CVE-2003-0501 version (kernel, fixed 2.6.1)
+CVE-2003-0476 version (kernel, fixed 2.6.1)
+CVE-2003-0468 version (postfix, fixed 1.1.12)
+CVE-2003-0467 version (kernel, not 2.6)
+CVE-2003-0465 version (kernel, not 2.6)
+CVE-2003-0464 version (kernel, not 2.6)
+CVE-2003-0462 version (kernel, fixed 2.6.1)
+CVE-2003-0461 version (kernel, fixed 2.6.1)
+CVE-2003-0459 version (kdelibs, not 3.2)
+CVE-2003-0455 version (ImageMagick)
+CVE-2003-0442 version (php, fixed 4.3.2)
+CVE-2003-0434 version (xpdf, fixed 2.02pl1)
+CVE-2003-0432 version (ethereal, fixed after 0.9.12)
+CVE-2003-0431 version (ethereal, fixed after 0.9.12)
+CVE-2003-0430 version (ethereal, fixed after 0.9.12)
+CVE-2003-0429 version (ethereal, fixed after 0.9.12)
+CVE-2003-0428 version (ethereal, fixed after 0.9.12)
+CVE-2003-0427 backport (mikmod) [since FEDORA-2005-405]
+CVE-2003-0418 version (kernel, not 2.6)
+CVE-2003-0388 version (pam, fixed 0.78)
+CVE-2003-0386 version (openssh, fixed after 3.6.1)
+CVE-2003-0370 version (kde, fixed 3.0)
+CVE-2003-0367 backport (gzip)
+CVE-2003-0364 version (kernel, not 2.6)
+CVE-2003-0357 version (ethereal, fixed after 0.9.11)
+CVE-2003-0356 version (ethereal, fixed after 0.9.11)
+CVE-2003-0354 version (ghostscript, fixed 7.07)
+CVE-2003-0328 backport (epic, changelog)
+CVE-2003-0326 ignore (slocate)
+CVE-2003-0300 ignore (sylpheed) only a crasher
+CVE-2003-0299 ignmore (mutt) only a crasher
+CVE-2003-0298 version (mozilla, fixed after 1.4a)
+CVE-2003-0296 version (evolution, fixed at least in 1.4.5)
+CVE-2003-0289 version (cdrtools, fixed 2.01a14)
+CVE-2003-0282 version (unzip, fixed 5.51)
+CVE-2003-0255 version (gnupg, fixed 1.2.2)
+CVE-2003-0245 version (httpd, fixed 2.0.47)
+CVE-2003-0253 version (httpd, fixed 2.0.47)
+CVE-2003-0252 version (nfs-utils, fixed 1.0.4)
+CVE-2003-0251 version (ypserv, fixed 2.7)
+CVE-2003-0248 version (kernel, not 2.6)
+CVE-2003-0247 version (kernel, not 2.6)
+CVE-2003-0246 version (kernel, not 2.6)
+CVE-2003-0245 version (httpd, fixed 2.0.46)
+CVE-2003-0244 version (kernel, not 2.6)
+CVE-2003-0211 version (xinetd, fixed 2.3.11)
+CVE-2003-0204 version (kde, fixed after 3.1.1)
+CVE-2003-0201 version (samba, fixed 2.2.8a)
+CVE-2003-0196 version (samba, fixed 2.2.8a)
+CVE-2003-0195 version (cups, fixed 1.1.19)
+CVE-2003-0194 version (tcpdump, not upstream)
+CVE-2003-0192 version (httpd, fixed 2.0.47)
+CVE-2003-0190 version (openssh, fixed 3.6.1p1)
+CVE-2003-0189 version (httpd, fixed 2.0.46)
+CVE-2003-0188 version (lv, fixed 4.51 at least) by inspection
+CVE-2003-0187 version (kernel, not 2.6)
+CVE-2003-0167 version (mutt, fixed 1.4.1)
+CVE-2003-0166 version (php, fixed 4.3.2)
+CVE-2003-0165 version (eog, fixed 2.2.2)
+CVE-2003-0161 version (sendmail, fixed 8.12.9)
+CVE-2003-0160 version (squirrelmail, fixed 1.2.11)
+CVE-2003-0159 version (ethereal, fixed after 0.9.9)
+CVE-2003-0150 version (mysql, fixed 3.23.56)
+CVE-2003-0147 backport (openssl097a, fixed 0.9.7b) in srpm
+CVE-2003-0147 version (openssl, fixed 0.9.7b)
+CVE-2003-0146 version (netpbm, fixed 10.18)
+CVE-2003-0145 version (tcpdump, fixed 3.7.2)
+CVE-2003-0140 version (mutt, fixed 1.4.1)
+CVE-2003-0139 version (krb5, fixed 1.3)
+CVE-2003-0138 version (krb5, fixed 1.3)
+CVE-2003-0135 version (vsftpd, not upstream)
+CVE-2003-0133 version (evolution, fixed 1.2.4)
+CVE-2003-0132 version (httpd, fixed 2.0.45)
+CVE-2003-0131 backport (openssl097a, fixed 0.9.7b) in srpm
+CVE-2003-0131 version (openssl, fixed 0.9.7b)
+CVE-2003-0130 version (evolution, fixed 1.2.3)
+CVE-2003-0129 version (evolution, fixed 1.2.3)
+CVE-2003-0128 version (evolution, fixed 1.2.3)
+CVE-2003-0127 version (kernel, not 2.6)
+CVE-2003-0124 version (man, fixed 1.5l)
+CVE-2003-0108 version (tcpdump, fixed after 3.7.1)
+CVE-2003-0107 version (zlib, fixed 1.2.0.2 at least) changelog
+CVE-2003-0102 version (file, fixed 3.41)
+CVE-2003-0097 version (php, fixed 4.3.1)
+CVE-2003-0093 version (tcpdump, fixed 3.7.2)
+CVE-2003-0086 version (samba, fixed 2.2.8)
+CVE-2003-0085 version (samba, fixed 2.2.8)
+CVE-2003-0083 version (httpd, fixed 2.0.46)
+CVE-2003-0082 version (krb5, fixed after 1.2.7)
+CVE-2003-0081 version (ethereal, fixed after 0.9.9)
+CVE-2003-0078 version (openssl097a, fixed 0.9.7a)
+CVE-2003-0078 version (openssl, fixed 0.9.7a)
+CVE-2003-0073 version (mysql, fixed 3.23.55)
+CVE-2003-0072 version (krb5, fixed after 1.2.7)
+CVE-2003-0071 version (xorg-x11, fixed in 6.8.2 at least) by inspection
+CVE-2003-0070 version (vte, fixed 0.11.1 at least) by inspection
+CVE-2003-0063 version (xorg-x11, fixed at least in 4.2.99)
+CVE-2003-0060 version (krb5, fixed 1.2.5)
+CVE-2003-0059 version (krb5, fixed 1.2.5)
+CVE-2003-0058 version (krb5, fixed 1.2.5)
+CVE-2003-0056 version (slocate, fixed 2.7)
+CVE-2003-0044 version (tomcat, fixed after 3.3.1a)
+CVE-2003-0043 version (tomcat, fixed 3.3.1a)
+CVE-2003-0041 version (krb5, fixed after 1.2.7)
+CVE-2003-0038 version (mailman, fixed 2.0.13 at least)
+CVE-2003-0028 version (glibc, fixed after 2.3.1)
+CVE-2003-0028 version (krb5, fixed after 1.2.7)
+CVE-2003-0026 version (dhcpd, fixed 3.0.1)
+CVE-2003-0020 version (httpd, fixed 2.0.49)
+CVE-2003-0019 version (kernel-utils, not upstream)
+CVE-2003-0018 version (kernel, not 2.6)
+CVE-2003-0017 version (httpd, fixed 2.0.44)
+CVE-2003-0016 version (httpd, fixed 2.0.44)
+CVE-2003-0015 version (cvs, fixed 1.11.5)
+CVE-2003-0001 version (kernel, not 2.6)
older, happened to deal with at same time:
-2002-2103 version (apache, not 2.0)
-2002-1963 version (kernel, not 2.6)
-2002-1976 ignore (ifconfig) "use ip"
-2002-1914 version (dump, fixed 0.4b29)
-2002-1850 version (mod_cgi, fixed 2.0.41)
-2002-1827 version (sendmail, fixed after 8.12.3)
-2002-1814 ignore (bonobo) not shipped setuid
-2002-1793 version (mod_ssl), also only hp
-2002-1783 version (php, fixed after 4.2.3)
-2002-1765 version (evolution, fixed 1.0.5)
-2002-1510 version (XFree86, fixed 4.2.0)
-2002-1472 version (XFree86, fixed 4.2.1)
-2002-1363 version (libpng, fixed 1.2.6)
-2002-0517 version (XFree86, didn't affect Linux)
-2002-0164 version (XFree86, fixed 4.2.1)
-2001-1490 version (mozilla, fixed 1.0.0)
-2001-1494 version (util-linux, fixed 2.11n)
-2001-0955 version (XFree86, fixed 4.2.0)
-1999-1572 backport (cpio) from srpm
+CVE-2002-2103 version (apache, not 2.0)
+CVE-2002-1963 version (kernel, not 2.6)
+CVE-2002-1976 ignore (ifconfig) "use ip"
+CVE-2002-1914 version (dump, fixed 0.4b29)
+CVE-2002-1850 version (mod_cgi, fixed 2.0.41)
+CVE-2002-1827 version (sendmail, fixed after 8.12.3)
+CVE-2002-1814 ignore (bonobo) not shipped setuid
+CVE-2002-1793 version (mod_ssl), also only hp
+CVE-2002-1783 version (php, fixed after 4.2.3)
+CVE-2002-1765 version (evolution, fixed 1.0.5)
+CVE-2002-1510 version (XFree86, fixed 4.2.0)
+CVE-2002-1472 version (XFree86, fixed 4.2.1)
+CVE-2002-1363 version (libpng, fixed 1.2.6)
+CVE-2002-0517 version (XFree86, didn't affect Linux)
+CVE-2002-0164 version (XFree86, fixed 4.2.1)
+CVE-2001-1490 version (mozilla, fixed 1.0.0)
+CVE-2001-1494 version (util-linux, fixed 2.11n)
+CVE-2001-0955 version (XFree86, fixed 4.2.0)
+CVE-1999-1572 backport (cpio) from srpm
More information about the fedora-extras-commits
mailing list