fedora-security/audit fc5,1.282,1.283 fc6,1.19,1.20

Wed Aug 16 13:18:32 UTC 2006

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3990

Modified Files:
	fc5 fc6 
Log Message:
Clean up some old things marked vulnerable; link to reasons they are not
fixed, don't matter, or the upstream bug



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.282
retrieving revision 1.283
diff -u -r1.282 -r1.283

--- fc5	16 Aug 2006 12:33:17 -0000	1.282
+++ fc5	16 Aug 2006 13:18:29 -0000	1.283
@@ -108,8 +108,8 @@
 CVE-2006-2933 version (kde, not 3.2+)
 CVE-2006-2916 ignore (arts) not shipped setuid
 CVE-2006-2906 VULNERABLE (gd) #194520
-CVE-2006-2894 VULNERABLE (firefox)
-CVE-2006-2894 VULNERABLE (mozilla)
+CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236
+CVE-2006-2894 VULNERABLE (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=56236
 CVE-2006-2842 version (squirrelmail, fixed 1.4.6) #194286 [since FEDORA-2006-680]
 CVE-2006-2789 version (evolution, fixed 2.4.X)
 CVE-2006-2788 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
@@ -331,7 +331,7 @@
 CVE-2006-0996 version (php, fixed 5.1.4) bz#187511 [since FEDORA-2006-289]
 CVE-2006-0903 version (mysql, 4.1.19) #183261 [since FEDORA-2006-553]
 CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
-CVE-2006-0836 VULNERABLE (thunderbird)
+CVE-2006-0836 ignore (thunderbird) only crash on manual import
 CVE-2006-0749 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
 CVE-2006-0749 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
 CVE-2006-0749 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
@@ -431,8 +431,8 @@
 CVE-2005-4720 version (firefox, fixed 1.5)
 CVE-2005-4720 VULNERABLE (mozilla) not fixed upstream plus only DoS
 CVE-2005-4703 ignore (tomcat) windows only
-CVE-2005-4685 VULNERABLE (mozilla) not fixed upstream
-CVE-2005-4685 VULNERABLE (firefox) not fixed upstream
+CVE-2005-4685 ignore (mozilla) not fixed upstream, low, can't fix
+CVE-2005-4685 ignore (firefox) not fixed upstream, low, can't fix
 CVE-2005-4684 ignore (kdebase) not fixed upstream, low, can't fix
 CVE-2005-4667 backport (unzip)
 CVE-2005-4639 version (kernel, fixed 2.6.15)


Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- fc6	16 Aug 2006 12:33:17 -0000	1.19
+++ fc6	16 Aug 2006 13:18:29 -0000	1.20
@@ -94,7 +94,7 @@
 CVE-2006-2933 version (kde, not 3.2+)
 CVE-2006-2916 ignore (arts) not shipped setuid
 CVE-2006-2906 backport (gd) from changelog
-CVE-2006-2894 VULNERABLE (firefox)
+CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236
 CVE-2006-2842 version (squirrelmail, fixed 1.4.6)
 CVE-2006-2789 version (evolution, fixed 2.4.X)
 CVE-2006-2788 version (firefox, fixed 1.5.0.4)
@@ -287,7 +287,7 @@
 CVE-2006-0996 version (php, fixed 5.1.4)
 CVE-2006-0903 version (mysql, 4.1.19)
 CVE-2006-0884 version (thunderbird, fixed 1.5.0.2)
-CVE-2006-0836 VULNERABLE (thunderbird)
+CVE-2006-0836 ignore (thunderbird) only crash on manual import
 CVE-2006-0749 version (thunderbird, fixed 1.5.0.2)
 CVE-2006-0749 version (firefox, fixed 1.5.0.2)
 CVE-2006-0748 version (thunderbird, fixed 1.5.0.2)
@@ -372,7 +372,7 @@
 CVE-2005-4720 version (thunderbird, fixed 1.5)
 CVE-2005-4720 version (firefox, fixed 1.5)
 CVE-2005-4703 ignore (tomcat) windows only
-CVE-2005-4685 VULNERABLE (firefox) not fixed upstream
+CVE-2005-4685 ignore (firefox) not fixed upstream, low, can't fix
 CVE-2005-4684 ignore (kdebase) not fixed upstream, low, can't fix
 CVE-2005-4667 backport (unzip) changelog
 CVE-2005-4639 version (kernel, fixed 2.6.15)
@@ -532,7 +532,7 @@
 CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
 CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
 CVE-2005-2874 version (cups, fixed 1.1.23)
-CVE-2005-2873 VULNERABLE (kernel) not fixed upstream
+CVE-2005-2873 VULNERABLE (kernel, fixed 2.6.18-rc1) not fixed upstream
 CVE-2005-2872 version (kernel, fixed 2.6.12)
 CVE-2005-2871 version (thunderbird)
 CVE-2005-2871 version (firefox, fixed 1.0.7)
@@ -1360,8 +1360,8 @@
 CVE-2004-0001 version (kernel, not 2.6)
 CVE-2003-1303 version (php, fixed 4.3.3)
 CVE-2003-1302 version (php, fixed 4.3.1)
-CVE-2003-1265 VULNERABLE (firefox) 
-CVE-2003-1265 VULNERABLE (thunderbird) 
+CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
+CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
 CVE-2003-1232 version (emacs, fixed 21.3)
 CVE-2003-1201 version (openldap, not 2.2)
 CVE-2003-1161 version (kernel, not released version)


