fedora-security/audit fc5,1.37,1.38

Mon Jan 16 13:14:38 UTC 2006

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25314

Modified Files:
	fc5 
Log Message:
Bring fc5 file up to date with test2 (partial description of method
attached).  For future reference, this took 9 hours in total.



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38

--- fc5	12 Jan 2006 16:44:15 -0000	1.37
+++ fc5	16 Jan 2006 13:14:31 -0000	1.38
@@ -1,110 +1,117 @@
-Up to date CVE as of CVE email 20060111
-Up to date FC5 as of FC5-Test1-RC
+Up to date CVE as of CVE email 20060115
+Up to date FC5 as of FC5-Test2-RC
 
 1. Removed packages with security issues that are no longer in FC5 
 (iiimf, libungif, slocate)
 2. Verified all marked as 'version', inc tricky packages like openssl 
 and httpd
-3. Looked at those marked backport where we ship a newer version, manually
-looked at rest marked backport
+3. Looked at those markedbackport where we ship a newer version, manually
+looked at rest marked  backport
 4. Looked at CVE for any new packages added to FC5
 5. Filed tracking bugs for vulnerable issues
+6. Looked at extra packages in test2 which have had security issues
+(mono, nss, php-pear)
+7. Double check vulnerables and file fc5test2 bugs
 
 ** are items that need attention
 
+CVE-2006-0208 ** php
+CVE-2006-0207 ** php
+CVE-2006-0200 ** php (5.1.0, 5.1.1 only)
+CVE-2006-0197 ** xorg-x11
+CVE-2006-0144 ** php-pear
 CVE-2006-0097 ignore (php) Windows only
 CVE-2006-0096 ignore (kernel) minor and requires root
-CVE-2006-0095 VULNERABLE (kernel)
+CVE-2006-0095 VULNERABLE (kernel) bz#177916
 CVE-2006-0082 version (ImageMagick, not 6.2.5.4)
-CVE-2006-0037 VULNERABLE (kernel, only 2.6.14 and 2.6.15)
-CVE-2006-0036 VULNERABLE (kernel, only 2.6.14 and 2.6.15)
-CVE-2006-0035 VULNERABLE (kernel)
-CVE-2005-4639 VULNERABLE (kernel)
-CVE-2005-4635 backport (kernel, fixed 2.6.15) [since FEDORA-2006-013]
-CVE-2005-4618 VULNERABLE (kernel, fixed 2.6.15)
-CVE-2005-4605 VULNERABLE (kernel) bz#176814
-CVE-2005-4585 VULNERABLE (ethereal, fixed 0.10.14)
+CVE-2006-0037 VULNERABLE (kernel, only 2.6.14 and 2.6.15) bz#177916
+CVE-2006-0036 VULNERABLE (kernel, only 2.6.14 and 2.6.15) bz#177916
+CVE-2006-0035 VULNERABLE (kernel, only 2.6.14 and 2.6.15) bz#177916
+CVE-2005-4639 version (kernel, fixed 2.6.15)
+CVE-2005-4635 version (kernel, fixed 2.6.15)
+CVE-2005-4618 version (kernel, fixed 2.6.15)
+CVE-2005-4605 version (kernel, fixed 2.6.15)
+CVE-2005-4585 version (ethereal, fixed 0.10.14)
 CVE-2005-4442 version (openldap) gentoo only
-CVE-2005-4348 VULNERABLE (fetchmail, fixed 6.3.1)
-CVE-2005-4268 blocked (cpio) by FORTIFY_SOURCE
+CVE-2005-4348 version (fetchmail, fixed 6.3.1)
+CVE-2005-4268 backport (cpio) also blocked by FORTIFY_SOURCE
 CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment
 CVE-2005-4154 ignore (php) don't install untrusted pear packages
-CVE-2005-4153 VULNERABLE (mailman)
+CVE-2005-4153 backport (mailman) mailman-2.1.5-date_overflows.patch
 CVE-2005-4134 ignore (mozilla) http://www.mozilla.org/security/history-title.html
 CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html
 CVE-2005-4130 ** (HelixPlayer) no information available
 CVE-2005-4126 ** (HelixPlayer) no information available
-CVE-2005-4077 VULNERABLE (curl)
-CVE-2005-3964 VULNERABLE (openmotif)
-CVE-2005-3962 VULNERABLE (perl)
-CVE-2005-3912 ** (perl)
+CVE-2005-4077 version (curl, fixed 7.15.1)
+CVE-2005-3964 VULNERABLE (openmotif) bz#177915
+CVE-2005-3962 backport (perl) perl-5.8.7-CVE-2005-3962-bz174684.patch
 CVE-2005-3896 ignore (mozilla) recoverable DoS only
-CVE-2005-3883 VULNERABLE (php)
+CVE-2005-3883 version (php, fixed 5.1.1 at least)
 CVE-2005-3858 version (kernel, fixed 2.6.13)
-CVE-2005-3857 backport (kernel, fixed 2.6.15) patch-2.6.15-rc1-git3
+CVE-2005-3857 version (kernel, fixed 2.6.15)
 CVE-2005-3848 version (kernel, fixed 2.6.13)
 CVE-2005-3847 version (kernel, fixed 2.6.12.6)
-CVE-2005-3810 backport (kernel, fixed 2.6.15) patch-2.6.15-rc1
-CVE-2005-3809 backport (kernel, fixed 2.6.15) patch-2.6.15-rc1
-CVE-2005-3808 VULNERABLE (kernel)
-CVE-2005-3807 backport (kernel) patch-2.6.15-rc1-git3
+CVE-2005-3810 version (kernel, fixed 2.6.15)
+CVE-2005-3809 version (kernel, fixed 2.6.15)
+CVE-2005-3808 version (kernel, fixed 2.6.15)
+CVE-2005-3807 version (kernel, fixed 2.6.15)
 CVE-2005-3806 version (kernel, fixed 2.6.14)
 CVE-2005-3805 version (kernel, fixed 2.6.14)
-CVE-2005-3784 backport (kernel, fixed 2.6.15) patch-2.6.15-rc1
-CVE-2005-3783 backport (kernel, fixed 2.6.15) patch-2.6.15-rc1
+CVE-2005-3784 version (kernel, fixed 2.6.15)
+CVE-2005-3783 version (kernel, fixed 2.6.15)
 CVE-2005-3753 version (kernel, fixed 2.6.14) also not a vuln
 CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
-CVE-2005-3732 VULNERABLE (ipsec-tools, fixed 0.6.3) BZ#174165
-CVE-2005-3675 VULNERABLE (kernel) optack
-CVE-2005-3671 VULNERABLE (openswan, fixed 2.4.4) BZ#174165
+CVE-2005-3732 version (ipsec-tools, fixed 0.6.3)
+CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix
+CVE-2005-3671 version (openswan, fixed 2.4.4)
 CVE-2005-3662 version (netpbm)
-CVE-2005-3656 VULNERABLE (mod_auth_pgsql, fixed 2.0.3)
-CVE-2005-3651 VULNERABLE (ethereal)
+CVE-2005-3656 version (mod_auth_pgsql, fixed 2.0.3)
+CVE-2005-3651 version (ethereal, fixed 0.10.14)
 CVE-2005-3632 version (netpbm)
 CVE-2005-3631 version (udev)
-CVE-2005-3628 VULNERABLE (xpdf)
-CVE-2005-3628 VULNERABLE (tetex)
-CVE-2005-3628 VULNERABLE (poppler, fixed 0.4.4)
-CVE-2005-3628 VULNERABLE (kdegraphics)
-CVE-2005-3628 VULNERABLE (cups)
-CVE-2005-3627 VULNERABLE (xpdf)
-CVE-2005-3627 VULNERABLE (tetex)
-CVE-2005-3627 VULNERABLE (poppler, fixed 0.4.4)
-CVE-2005-3627 VULNERABLE (kdegraphics)
-CVE-2005-3627 VULNERABLE (cups)
-CVE-2005-3626 VULNERABLE (xpdf)
-CVE-2005-3626 VULNERABLE (tetex)
-CVE-2005-3626 VULNERABLE (poppler, fixed 0.4.4)
-CVE-2005-3626 VULNERABLE (kdegraphics)
-CVE-2005-3626 VULNERABLE (cups)
-CVE-2005-3625 VULNERABLE (xpdf)
-CVE-2005-3625 VULNERABLE (tetex)
-CVE-2005-3625 VULNERABLE (poppler, fixed 0.4.4)
-CVE-2005-3625 VULNERABLE (kdegraphics)
-CVE-2005-3625 VULNERABLE (cups)
-CVE-2005-3624 VULNERABLE (xpdf)
-CVE-2005-3624 VULNERABLE (tetex)
-CVE-2005-3624 VULNERABLE (poppler, fixed 0.4.4)
-CVE-2005-3624 VULNERABLE (kdegraphics)
-CVE-2005-3624 VULNERABLE (cups)
-CVE-2005-3623 VULNERABLE (kernel, fixed 2.6.14.5)
+CVE-2005-3628 VULNERABLE (xpdf) bz#177911
+CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch
+CVE-2005-3628 VULNERABLE (poppler, fixed 0.4.4) bz#177910
+CVE-2005-3628 VULNERABLE (kdegraphics) bz#177908
+CVE-2005-3628 backport (cups) cups-CVE-2005-3625,6,7.patch
+CVE-2005-3627 VULNERABLE (xpdf) bz#177911
+CVE-2005-3627 VULNERABLE (tetex) bz#177912
+CVE-2005-3627 VULNERABLE (poppler, fixed 0.4.4) bz#177910
+CVE-2005-3627 VULNERABLE (kdegraphics) bz#177908
+CVE-2005-3627 backport (cups) cups-CVE-2005-3625,6,7.patch
+CVE-2005-3626 VULNERABLE (xpdf) bz#177911
+CVE-2005-3626 VULNERABLE (tetex) bz#177912
+CVE-2005-3626 VULNERABLE (poppler, fixed 0.4.4) bz#177910
+CVE-2005-3626 VULNERABLE (kdegraphics) bz#177908
+CVE-2005-3626 backport (cups) cups-CVE-2005-3625,6,7.patch
+CVE-2005-3625 VULNERABLE (xpdf) bz#177911
+CVE-2005-3625 VULNERABLE (tetex) bz#177912
+CVE-2005-3625 VULNERABLE (poppler, fixed 0.4.4) bz#177910
+CVE-2005-3625 VULNERABLE (kdegraphics) bz#177908
+CVE-2005-3625 backport (cups) cups-CVE-2005-3625,6,7.patch
+CVE-2005-3624 VULNERABLE (xpdf) bz#177911
+CVE-2005-3624 VULNERABLE (tetex) bz#177912
+CVE-2005-3624 VULNERABLE (poppler, fixed 0.4.4) bz#177910
+CVE-2005-3624 VULNERABLE (kdegraphics) bz#177908
+CVE-2005-3624 backport (cups) cups-CVE-2005-3625,6,7.patch
+CVE-2005-3623 version (kernel, fixed 2.6.14.5)
 CVE-2005-3582 version (ImageMagick) gentoo only
-CVE-2005-3573 VULNERABLE (mailman) not fixed 2.1.6 BZ#174166
+CVE-2005-3573 VULNERABLE (mailman, not fixed 2.1.6) bz#174166
 CVE-2005-3527 version (kernel, fixed 2.6.14 at least)
 CVE-2005-3402 ignore (thunderbird) mozilla say by design
 CVE-2005-3392 version (php, not 5.0)
 CVE-2005-3391 version (php, not 5.0)
-CVE-2005-3390 VULNERABLE (php) BZ#174167
-CVE-2005-3389 VULNERABLE (php) BZ#174168
-CVE-2005-3388 VULNERABLE (php) BZ#174169
+CVE-2005-3390 VULNERABLE (php) bz#174167
+CVE-2005-3389 version (php, fixed 5.1.1)
+CVE-2005-3388 version (php, fixed 5.1.1)
 CVE-2005-3358 version (kernel, fixed 2.6.11)
-CVE-2005-3357 VULNERABLE (httpd, fixed 2.0.56, or 2.2.0)
+CVE-2005-3357 VULNERABLE (httpd, affects 2.2.0) bz#177914
 CVE-2005-3353 version (php, not 5.0)
-CVE-2005-3352 VULNERABLE (httpd, fixed 2.2.1)
+CVE-2005-3352 VULNERABLE (httpd, fixed 2.2.1) bz#177913
 CVE-2005-3351 version (spamassassin, fixed 3.1.0)
 CVE-2005-3322 version (squid) not upstream, SUSE only
 CVE-2005-3319 ignore (mod_php) no security consequence
-CVE-2005-3313 backport (ethereal, fixed after 0.10.13)
+CVE-2005-3313 version (ethereal, fixed after 0.10.13)
 CVE-2005-3276 version (kernel, fixed 2.6.12.4)
 CVE-2005-3275 version (kernel, fixed 2.6.13)
 CVE-2005-3274 version (kernel, fixed 2.6.13)
@@ -112,7 +119,7 @@
 CVE-2005-3272 version (kernel, fixed 2.6.13)
 CVE-2005-3271 version (kernel, fixed 2.6.9)
 CVE-2005-3258 version (squid, fixed 2.5STABLE12)
-CVE-2005-3257 backport (kernel, fixed 2.6.15-rc1) patch-2.6.15-rc1.bz2
+CVE-2005-3257 version (kernel, fixed 2.6.15)
 CVE-2005-3249 version (ethereal, fixed 0.10.13)
 CVE-2005-3248 version (ethereal, fixed 0.10.13)
 CVE-2005-3247 version (ethereal, fixed 0.10.13)
@@ -122,18 +129,21 @@
 CVE-2005-3243 version (ethereal, fixed 0.10.13)
 CVE-2005-3242 version (ethereal, fixed 0.10.13)
 CVE-2005-3241 version (ethereal, fixed 0.10.13)
-CVE-2005-3193 VULNERABLE (xpdf, fixed 3.0.1pl1)
-CVE-2005-3193 VULNERABLE (tetex)
-CVE-2005-3193 VULNERABLE (poppler, fixed 0.4.4)
-CVE-2005-3193 VULNERABLE (kdegraphics)
-CVE-2005-3192 VULNERABLE (xpdf, fixed 3.0.1pl1)
-CVE-2005-3192 VULNERABLE (tetex)
-CVE-2005-3192 VULNERABLE (poppler, fixed 0.4.4)
-CVE-2005-3192 VULNERABLE (kdegraphics)
-CVE-2005-3191 VULNERABLE (xpdf, fixed 3.0.1pl1)
-CVE-2005-3191 VULNERABLE (tetex)
-CVE-2005-3191 VULNERABLE (poppler, fixed 0.4.4)
-CVE-2005-3191 VULNERABLE (kdegraphics)
+CVE-2005-3193 VULNERABLE (xpdf, fixed 3.0.1pl1) bz#177911
+CVE-2005-3193 backport (tetex) tetex-3.0-CVE-2005-3193.patch
+CVE-2005-3193 backport (cups) cups-CVE-2005-3625,6,7.patch
+CVE-2005-3193 VULNERABLE (poppler, fixed 0.4.4) bz#177910
+CVE-2005-3193 VULNERABLE (kdegraphics) bz#177908
+CVE-2005-3192 VULNERABLE (xpdf, fixed 3.0.1pl1) bz#177911
+CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch
+CVE-2005-3192 backport (cups) cups-CVE-2005-3625,6,7.patch
+CVE-2005-3192 VULNERABLE (poppler, fixed 0.4.4) bz#177910
+CVE-2005-3192 VULNERABLE (kdegraphics) bz#177908
+CVE-2005-3191 VULNERABLE (xpdf, fixed 3.0.1pl1) bz#177911
+CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch
+CVE-2005-3191 backport (cups) cups-CVE-2005-3625,6,7.patch
+CVE-2005-3191 VULNERABLE (poppler, fixed 0.4.4) bz#177910
+CVE-2005-3191 VULNERABLE (kdegraphics) bz#177908
 CVE-2005-3186 version (gtk2, fixed 2.8.7 at least)
 CVE-2005-3186 backport (gdk-pixbuf)
 CVE-2005-3185 version (wget, fixed 1.10.2 at least)
@@ -160,12 +170,12 @@
 CVE-2005-3011 backport (texinfo)
 CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
 CVE-2005-2978 version (netpbm, fixed 10.25)
-CVE-2005-2977 backport (pam)
+CVE-2005-2977 version (pam, fixed 0.99.2.1 at least)
 CVE-2005-2976 backport (gdk-pixbuf)
 CVE-2005-2975 version (gtk2, fixed 2.8.7)
 CVE-2005-2975 backport (gdk-pixbuf)
 CVE-2005-2973 version (kernel, fixed 2.6.14 at least)
-CVE-2005-2970 VULNERABLE (httpd, fixed 2.0.55) BZ#174170
+CVE-2005-2970 version (httpd, fixed 2.0.55)
 CVE-2005-2969 version (openssl, fixed 0.9.8a)
 CVE-2005-2969 backport (openssl097a, fixed 0.9.7h)
 CVE-2005-2968 version (thunderbird)
@@ -173,7 +183,7 @@
 CVE-2005-2968 version (firefox)
 CVE-2005-2959 ignore (sudo) not a vulnerability
 CVE-2005-2946 version (openssl, fixed 0.9.8)
-CVE-2005-2933 VULNERABLE (libc-client) BZ#174171
+CVE-2005-2933 version (libc-client, fixed 2004g at least)
 CVE-2005-2929 backport (lynx)
 CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
 CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
@@ -190,9 +200,9 @@
 CVE-2005-2797 version (openssh, fixed 4.2)
 CVE-2005-2796 version (squid, fixed 2.5.STABLE11)
 CVE-2005-2794 version (squid, fixed 2.5.STABLE11)
-CVE-2005-2728 backport (httpd, fixed 2.0.55) 
+CVE-2005-2728 version (httpd, fixed 2.0.55) 
 CVE-2005-2710 version (HelixPlayer, fixed 1.0.6)
-CVE-2005-2709 VULNERABLE (kernel, fixed 2.6.14.3)
+CVE-2005-2709 version (kernel, fixed 2.6.14.3)
 CVE-2005-2708 ignore (kernel) not reproducable on x86_64
 CVE-2005-2707 version (thunderbird)
 CVE-2005-2707 version (mozilla, fixed 1.7.12)
@@ -214,7 +224,7 @@
 CVE-2005-2702 version (firefox, fixed 1.0.7)
 CVE-2005-2701 version (mozilla, fixed 1.7.12)
 CVE-2005-2701 version (firefox, fixed 1.0.7)
-CVE-2005-2700 backport (httpd, fixed 2.0.55) 
+CVE-2005-2700 version (httpd, fixed 2.0.55) 
 CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch
 CVE-2005-2672 backport (lm_sensors)
 CVE-2005-2666 version (openssh, fixed 4.0p1)
@@ -244,8 +254,8 @@
 CVE-2005-2491 ignore (php) php uses system pcre
 CVE-2005-2491 ignore (httpd) httpd uses system pcre
 CVE-2005-2490 version (kernel, fixed 2.6.13.1)
-CVE-2005-2475 backport (unzip)
-CVE-2005-2471 backport (netpbm, fixed 10.31 at least) netpbm-10.28-CAN-2005-2471.patch
+CVE-2005-2475 backport (unzip) unzip-5.52-toctou.patch
+CVE-2005-2471 verison (netpbm, fixed 10.31)
 CVE-2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible
 CVE-2005-2458 version (kernel, fixed 2.6.12.5)
 CVE-2005-2457 version (kernel, fixed 2.6.12.5)
@@ -310,7 +320,7 @@
 CVE-2005-2096 version (rpm, fixed 4.4.2)
 CVE-2005-2096 backport (zlib, fixed 1.2.2.4)
 CVE-2005-2095 version (squirrelmail, fixed 1.4.5)
-CVE-2005-2088 backport (httpd, fixed 2.0.55)
+CVE-2005-2088 version (httpd, fixed 2.0.55)
 CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180)
 CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch
 CVE-2005-2023 version (gnupg, fixed 1.9.15)
@@ -342,9 +352,9 @@
 CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
 CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least)
 CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
-CVE-2005-1705 backport (gdb)
+CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch
 CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least)
-CVE-2005-1704 backport (gdb)
+CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch
 CVE-2005-1689 version (krb5, fixed 1.4.2)
 CVE-2005-1686 ignore (gedit) not a vulnerability
 CVE-2005-1636 version (mysql, fixed 4.1.12)
@@ -388,7 +398,7 @@
 CVE-2005-1277 ignore (dupe)
 CVE-2005-1275 version (ImageMagick, fixed 6.2.2)
 CVE-2005-1269 version (gaim, fixed 1.3.1)
-CVE-2005-1268 backport (httpd, fixed 2.0.55)
+CVE-2005-1268 version (httpd, fixed 2.0.55)
 CVE-2005-1267 version (tcpdump, fixed 3.9.4 at least)
 CVE-2005-1266 version (spamassassin, fixed 3.0.4)
 CVE-2005-1265 version (kernel)
@@ -459,7 +469,7 @@
 CVE-2005-0760 version (ImageMagick, fixed 6.0)
 CVE-2005-0759 version (ImageMagick, fixed 6.0)
 CVE-2005-0758 version (gzip, fixed 1.3.5)
-CVE-2005-0758 VULNERABLE (bzip2) BZ#174172
+CVE-2005-0758 backport (bzip2)
 CVE-2005-0757 version (kernel, not 2.6)
 CVE-2005-0756 version (kernel, fixed 2.6.12)
 CVE-2005-0755 version (HelixPlayer, fixed 10.0.4)
@@ -482,6 +492,7 @@
 CVE-2005-0627 version (qt, fixed 3.3.4)
 CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
 CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) 
+CVE-2005-0605 backport (openmotif)
 CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour
 CVE-2005-0596 version (php, fixed 5.0)
 CVE-2005-0593 version (mozilla)
@@ -515,6 +526,7 @@
 CVE-2005-0527 version (firefox, fixed 1.0.1)
 CVE-2005-0525 version (php, fixed 5.0.4)
 CVE-2005-0524 version (php, fixed 5.0.4)
+CVE-2005-0509 version (mono, not after 1.0.5)
 CVE-2005-0504 version (kernel, not 2.6) doesn't build in 2.6
 CVE-2005-0490 version (curl, fixed 7.13.1)
 CVE-2005-0488 backport (telnet)
@@ -631,7 +643,7 @@
 CVE-2005-0078 version (kde, fixed 3.0.5)
 CVE-2005-0077 version (perl-DBI, fixed 1.48 at least)
 CVE-2005-0075 version (squirrelmail, fixed 1.4.4)
-CVE-2005-0069 VULNERABLE (vim) fc4 fixes vim-6.3-tmpfile.patch BZ#174173
+CVE-2005-0069 backport (vim) vim-6.4-tmpfile.patch
 CVE-2005-0064 version (xpdf, fixed 3.0.1)
 CVE-2005-0064 version (tetex, fixed 3.0)
 CVE-2005-0064 version (kpdf, not 3.4)
@@ -737,7 +749,7 @@
 CVE-2004-1189 version (krb5, fixed 1.4)
 CVE-2004-1186 backport (enscript)
 CVE-2004-1185 backport (enscript)
-CVE-2004-1184 backport (enscript)
+CVE-2004-1184 version (enscript, fixed 1.6.4 at least)
 CVE-2004-1183 version (libtiff, fixed 3.7.2)
 CVE-2004-1180 version (rwho, fixed 0.17)
 CVE-2004-1177 version (mailman, fixed 2.1.6)
@@ -799,7 +811,7 @@
 CVE-2004-1004 version (mc, fixed 4.6.0)
 CVE-2004-1002 ignore (ppp) not a security issue
 CVE-2004-0996 backport (cscope) not fixed in 15.5
-CVE-2004-0990 VULNERABLE (gd)
+CVE-2004-0990 version (gd, fixed 2.0.33 at least)
 CVE-2004-0989 version (libxml2, fixed 2.6.15)
 CVE-2004-0986 version (iptables, fixed 1.2.12)
 CVE-2004-0983 version (ruby, fixed 1.8.2)
@@ -814,7 +826,7 @@
 CVE-2004-0970 version (gzip)
 CVE-2004-0969 version (groff, fixed 1.18.1.1)
 CVE-2004-0968 version (glibc, fixed 2.3.5 at least)
-CVE-2004-0967 backport (ghostscript) ghostscript-scripts.patch
+CVE-2004-0967 version (ghostscript, fixed 8.15.1)
 CVE-2004-0966 version (gettext, fixed 0.14.3 at least)
 CVE-2004-0961 version (freeradius, fixed 1.0.1)
 CVE-2004-0960 version (freeradius, fixed 1.0.1)
@@ -824,7 +836,7 @@
 CVE-2004-0956 version (mysql, fixed 4.0.20)
 CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6)
 CVE-2004-0942 version (httpd, fixed 2.0.53)
-CVE-2004-0941 VULNERABLE (gd) seems wasn't fixed upstream fc4bz#175414
+CVE-2004-0941 VULNERABLE (gd) bz#177907
 CVE-2004-0940 version (httpd, not 2.0)
 CVE-2004-0938 version (freeradius, fixed 1.0.1)
 CVE-2004-0930 version (samba, fixed 3.0.8)
@@ -832,6 +844,7 @@
 CVE-2004-0923 version (cups, fixed 1.2.22)
 CVE-2004-0918 version (squid, fixed 2.4.STABLE7)
 CVE-2004-0914 version (xorg-x11, fixed after 6.8.1)
+CVE-2004-0914 backport (openmotif)
 CVE-2004-0909 version (thunderbird)
 CVE-2004-0909 version (mozilla)
 CVE-2004-0909 version (firefox)
@@ -869,6 +882,7 @@
 CVE-2004-0832 version (squid, fixed 2.5.STABLE7)
 CVE-2004-0829 version (samba, fixed 2.2.11)
 CVE-2004-0827 version (ImageMagick, fixed 6.0.6.2)
+CVE-2004-0826 ** NSS
 CVE-2004-0823 version (openldap, fixed after 2.1.19)
 CVE-2004-0817 version (imlib, fixed 2.1.20 at least)
 CVE-2004-0816 version (kernel, fixed 2.6.8)
@@ -1098,8 +1112,8 @@
 CVE-2004-0005 version (gaim, fixed 0.76)
 CVE-2004-0003 version (kernel, not 2.6)
 CVE-2004-0001 version (kernel, not 2.6)
-CVE-2003-1265 VULNERABLE (mozilla)
-CVE-2003-1265 VULNERABLE (firefox)
+CVE-2003-1265 VULNERABLE (mozilla) not fixed upstream
+CVE-2003-1265 VULNERABLE (firefox) not fixed upstream
 CVE-2003-1232 version (emacs, fixed 21.3)
 CVE-2003-1201 version (openldap, not 2.2)
 CVE-2003-1161 version (kernel, not released version)
@@ -1235,7 +1249,7 @@
 CVE-2003-0357 version (ethereal, fixed after 0.9.11)
 CVE-2003-0356 version (ethereal, fixed after 0.9.11)
 CVE-2003-0354 version (ghostscript, fixed 7.07)
-CVE-2003-0328 backport (epic, changelog)
+CVE-2003-0328 version (epic, fixed epic4-2.2 at least)
 CVE-2003-0300 ignore (sylpheed) only a crasher
 CVE-2003-0299 ignmore (mutt) only a crasher
 CVE-2003-0298 version (mozilla, fixed after 1.4a)
@@ -1326,7 +1340,7 @@
 
 CVE-2002-2204 ignore (rpm) by design
 CVE-2002-2196 version (samba, fixed 2.2.5)
-CVE-2002-2185 VULNERABLE (kernel)
+CVE-2002-2185 version (kernel, fixed 2.6.15)
 CVE-2002-2103 version (apache, not 2.0)
 CVE-2002-1963 version (kernel, not 2.6)
 CVE-2002-1976 ignore (ifconfig) "use ip"


