fedora-security/audit fc4,1.117,1.118 fc5,1.28,1.29

Fri Jan 6 15:26:55 UTC 2006

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11409

Modified Files:
	fc4 fc5 
Log Message:
Deal with netpbm release - although upstream fixed this CVE at least in
10.31 we still have a patch to use PARANOIDSAFER instead of SAFER.



Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.117
retrieving revision 1.118
diff -u -r1.117 -r1.118

--- fc4	6 Jan 2006 11:19:04 -0000	1.117
+++ fc4	6 Jan 2006 15:26:47 -0000	1.118
@@ -1,5 +1,5 @@
 Up to date CVE as of CVE email 20060105
-Up to date FC4 as of 20060105 (except netpbm)
+Up to date FC4 as of 20060105
 
 ** are items that need attention
 
@@ -212,7 +212,7 @@
 CVE-2005-2492 version (kernel, fixed 2.6.13.1) [since FEDORA-2005-949] was backport since FEDORA-2005-906
 CVE-2005-2490 version (kernel, fixed 2.6.13.1) [since FEDORA-2005-949] was backport since FEDORA-2005-906
 CVE-2005-2475 VULNERABLE (unzip) bz#164928
-CVE-2005-2471 backport (netpbm) [since FEDORA-2005-728]
+CVE-2005-2471 version (netpbm, 10.31 at least) [since FEDORA-2005-000**] was backport since FEDORA-2005-728
 CVE-2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible
 CVE-2005-2458 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
 CVE-2005-2457 ignore (kernel, fixed 2.6.12.5) this is just a bug


Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- fc5	6 Jan 2006 11:19:04 -0000	1.28
+++ fc5	6 Jan 2006 15:26:47 -0000	1.29
@@ -216,7 +216,7 @@
 CVE-2005-2492 version (kernel, fixed 2.6.13.1)
 CVE-2005-2490 version (kernel, fixed 2.6.13.1)
 CVE-2005-2475 backport (unzip)
-CVE-2005-2471 backport (netpbm) netpbm-10.28-CAN-2005-2471.patch
+CVE-2005-2471 backport (netpbm, fixed 10.31 at least) netpbm-10.28-CAN-2005-2471.patch
 CVE-2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible
 CVE-2005-2458 version (kernel, fixed 2.6.12.5)
 CVE-2005-2457 version (kernel, fixed 2.6.12.5)


