fedora-security/audit fc4,1.319,1.320 fc5,1.234,1.235

Mark Cox (mjc) fedora-extras-commits at redhat.com
Thu Jul 6 10:47:26 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3136

Modified Files:
	fc4 fc5 
Log Message:
Cleanup some ** issues



Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.319
retrieving revision 1.320
diff -u -r1.319 -r1.320
--- fc4	6 Jul 2006 07:04:24 -0000	1.319
+++ fc4	6 Jul 2006 10:47:23 -0000	1.320
@@ -1,62 +1,63 @@
-Up to date CVE as of CVE email 20060627
-Up to date FC4 as of 200606127
+Up to date CVE as of CVE email 20060703
+Up to date FC4 as of 20060703
 
 ** are items that need attention
 
+CVE-2006-3352 ignore (firefox) not a vulnerability
+CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable
 CVE-2006-3242 backport (mutt) #197152 [since FEDORA-2006-761]
 CVE-2006-3174 VULNERABLE (squirrelmail) #197369
-CVE-2006-3145 ** (netpbm)
+CVE-2006-3145 VULNERABLE (netpbm)
 CVE-2006-3117 backport (openoffice.org, fixed 2.0.3) [since FEDORA-2006-764]
 CVE-2006-3085 version (kernel, fixed 2.6.16.21, fixed 2.6.17.1) [since FEDORA-2006-736]
 CVE-2006-3082 version (gnupg, fixed 1.4.4) #195946 [since FEDORA-2006-757]
 CVE-2006-3081 version (mysql, fixed 5.1.18) [since FEDORA-2006-703]
 CVE-2006-3057 version (dhcdbd, fixed 1.14) [since FEDORA-2006-435]
-CVE-2006-3018 ** (php, fixed 5.1.3)
+CVE-2006-3018 VULNERABLE (php, fixed 5.1.3)
 CVE-2006-3017 VULNERABLE (php, fixed 5.1.3) #197379
-CVE-2006-3016 ** (php, fixed 5.1.3)
-CVE-2006-3011 ** php
-CVE-2006-2935 VULNERABLE (kernel)
+CVE-2006-3016 VULNERABLE (php, fixed 5.1.3)
+CVE-2006-3011 VULNERABLE (php)
 CVE-2006-2934 version (kernel, fixed 2.6.17.3) [since FEDORA-2006-769]
 CVE-2006-2916 ignore (arts) not shipped setuid
 CVE-2006-2906 VULNERABLE (gd) #194520
-CVE-2006-2894 ** firefox
-CVE-2006-2894 ** mozilla
+CVE-2006-2894 VULNERABLE (firefox)
+CVE-2006-2894 VULNERABLE (mozilla)
 CVE-2006-2842 version (squirrelmail, fixed 1.4.6) #194286 [since FEDORA-2006-668]
 CVE-2006-2789 VULNERABLE (evolution, fixed 2.4.X) #194108
-CVE-2006-2788 ** firefox (note, issue caught by fc glibc)
-CVE-2006-2787 ** firefox
-CVE-2006-2787 ** thunderbird
-CVE-2006-2787 ** mozilla
-CVE-2006-2786 ** firefox
-CVE-2006-2786 ** thunderbird
-CVE-2006-2786 ** mozilla
-CVE-2006-2785 ** firefox
-CVE-2006-2785 ** mozilla
-CVE-2006-2784 ** firefox
-CVE-2006-2784 ** mozilla
-CVE-2006-2783 ** firefox
-CVE-2006-2783 ** thunderbird
-CVE-2006-2783 ** mozilla
-CVE-2006-2782 ** firefox
-CVE-2006-2781 ** thunderbird (note, issue caught by fc glibc)
-CVE-2006-2780 ** firefox
-CVE-2006-2780 ** thunderbird
-CVE-2006-2780 ** mozilla
-CVE-2006-2779 ** firefox
-CVE-2006-2779 ** thunderbird
-CVE-2006-2779 ** mozilla
-CVE-2006-2778 ** firefox
-CVE-2006-2778 ** thunderbird
-CVE-2006-2778 ** mozilla
-CVE-2006-2777 ** firefox
-CVE-2006-2777 ** thunderbird
-CVE-2006-2777 ** mozilla
-CVE-2006-2776 ** firefox
-CVE-2006-2776 ** thunderbird
-CVE-2006-2776 ** mozilla
-CVE-2006-2775 ** firefox
-CVE-2006-2775 ** thunderbird
-CVE-2006-2775 ** mozilla
+CVE-2006-2788 VULNERABLE (firefox) (note, issue caught by fc glibc)
+CVE-2006-2787 VULNERABLE (firefox)
+CVE-2006-2787 VULNERABLE (thunderbird)
+CVE-2006-2787 VULNERABLE (mozilla)
+CVE-2006-2786 VULNERABLE (firefox)
+CVE-2006-2786 VULNERABLE (thunderbird)
+CVE-2006-2786 VULNERABLE (mozilla)
+CVE-2006-2785 VULNERABLE (firefox)
+CVE-2006-2785 VULNERABLE (mozilla)
+CVE-2006-2784 VULNERABLE (firefox)
+CVE-2006-2784 VULNERABLE (mozilla)
+CVE-2006-2783 VULNERABLE (firefox)
+CVE-2006-2783 VULNERABLE (thunderbird)
+CVE-2006-2783 VULNERABLE (mozilla)
+CVE-2006-2782 VULNERABLE (firefox)
+CVE-2006-2781 VULNERABLE (thunderbird) (note, issue caught by fc glibc)
+CVE-2006-2780 VULNERABLE (firefox)
+CVE-2006-2780 VULNERABLE (thunderbird)
+CVE-2006-2780 VULNERABLE (mozilla)
+CVE-2006-2779 VULNERABLE (firefox)
+CVE-2006-2779 VULNERABLE (thunderbird)
+CVE-2006-2779 VULNERABLE (mozilla)
+CVE-2006-2778 VULNERABLE (firefox)
+CVE-2006-2778 VULNERABLE (thunderbird)
+CVE-2006-2778 VULNERABLE (mozilla)
+CVE-2006-2777 VULNERABLE (firefox)
+CVE-2006-2777 VULNERABLE (thunderbird)
+CVE-2006-2777 VULNERABLE (mozilla)
+CVE-2006-2776 VULNERABLE (firefox)
+CVE-2006-2776 VULNERABLE (thunderbird)
+CVE-2006-2776 VULNERABLE (mozilla)
+CVE-2006-2775 VULNERABLE (firefox)
+CVE-2006-2775 VULNERABLE (thunderbird)
+CVE-2006-2775 VULNERABLE (mozilla)
 CVE-2006-2754 ignore (openldap) This issue is not exploitable
 CVE-2006-2753 verson (mysql, fixed 4.1.20) #193828 [since FEDORA-2006-703]
 CVE-2006-2723 ignore (firefox) disputed
@@ -104,7 +105,7 @@
 CVE-2006-1993 version (firefox, 1.5 only)
 CVE-2006-1991 VULNERABLE (php) #190034
 CVE-2006-1990 VULNERABLE (php) #190034
-CVE-2006-1942 ** firefox, fixed 1.5.0.4
+CVE-2006-1942 VULNERABLE (firefox, fixed 1.5.0.4)
 CVE-2006-1940 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
 CVE-2006-1939 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
 CVE-2006-1938 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
@@ -257,7 +258,7 @@
 CVE-2006-0645 backport (gnutls) [since FEDORA-2006-107]
 CVE-2006-0591 version (postgresql, fixed 8.0.6) #180537 [since FEDORA-2005-021]
 CVE-2006-0576 VULNERABLE (oprofile) #180724
-CVE-2006-0558 version (kernel, ** fixed 2.6.16) [since FEDORA-2006-245]
+CVE-2006-0558 version (kernel, fixed 2.6.16) [since FEDORA-2006-245]
 CVE-2006-0557 version (kernel, fixed 2.6.15.5) [since FEDORA-2006-245] was backport since FEDORA-2006-131
 CVE-2006-0555 version (kernel, fixed 2.6.15.5) [since FEDORA-2006-245] was backport since FEDORA-2006-131
 CVE-2006-0554 version (kernel, fixed 2.6.15.5) [since FEDORA-2006-245] was backport since FEDORA-2006-131
@@ -310,7 +311,7 @@
 CVE-2006-0208 VULNERABLE (php) #178036
 CVE-2006-0207 VULNERABLE (php) #178044
 CVE-2006-0200 version (php, 5.1.0 5.1.1 only)
-CVE-2006-0197 ** xorg-x11
+CVE-2006-0197 ignore (xorg-x11) not an issue
 CVE-2006-0195 version (squirrelmail, fixed 1.4.6) [since FEDORA-2006-133]
 CVE-2006-0188 version (squirrelmail, fixed 1.4.6) [since FEDORA-2006-133]
 CVE-2006-0097 ignore (php) Windows only
@@ -383,7 +384,7 @@
 CVE-2005-3651 version (ethereal, fixed 0.10.14) [since FEDORA-2006-006]
 CVE-2005-3632 version (netpbm)
 CVE-2005-3631 version (udev)
-CVE-2005-3629 ** initscripts
+CVE-2005-3629 VULNERABLE (initscripts, fixed 8.29 at least)
 CVE-2005-3628 version (poppler, fixed 0.4.4) [since FEDORA-2005-026] was backport since FEDORA-2005-1171
 CVE-2005-3628 version (kdegraphics, fixed 3.5.1) [since FEDORA-2006-088] was backport since FEDORA-2005-1160
 CVE-2005-3628 backport (xpdf) [since FEDORA-2005-1169]


Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.234
retrieving revision 1.235
diff -u -r1.234 -r1.235
--- fc5	6 Jul 2006 07:04:48 -0000	1.234
+++ fc5	6 Jul 2006 10:47:23 -0000	1.235
@@ -1,10 +1,10 @@
-CVE-2006-2480 **FIXME** (dia) [since FEDORA-2006-580]
-CVE-2006-2453 **FIXME** (dia) [since FEDORA-2006-580]
-Up to date CVE as of CVE email 20060627
-Up to date FC5 as of 20060627
+Up to date CVE as of CVE email 20060703
+Up to date FC5 as of 20060703
 
 ** are items that need attention
 
+CVE-2006-3352 ignore (firefox) not a vulnerability
+CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable
 CVE-2006-3242 backport (mutt) #197152 [since FEDORA-2006-760]
 CVE-2006-3174 VULNERABLE (squirrelmail) #197369
 CVE-2006-3145 VULNERABLE (netpbm)
@@ -17,7 +17,7 @@
 CVE-2006-3018 VULNERABLE (php, fixed 5.1.3)
 CVE-2006-3017 VULNERABLE (php, fixed 5.1.3) #197379
 CVE-2006-3016 VULNERABLE (php, fixed 5.1.3)
-CVE-2006-3011 ** php
+CVE-2006-3011 VULNERABLE (php) (safe mode isn't)
 CVE-2006-2935 VULNERABLE (kernel)
 CVE-2006-2934 version (kernel, fixed 2.6.17.3) [since FEDORA-2006-772]
 CVE-2006-2916 ignore (arts) not shipped setuid
@@ -69,6 +69,8 @@
 CVE-2006-2613 ignore (firefox) This isn't an issue on FC
 CVE-2006-2607 backport (vixie-cron) #177476
 CVE-2006-2563 ignore (php) safe mode isn't safe
+CVE-2006-2480 ** (dia) [since FEDORA-2006-580]
+CVE-2006-2453 ** (dia) [since FEDORA-2006-580]
 CVE-2006-2452 version (gdm) [since FEDORA-2006-674]
 CVE-2006-2449 backport (kdebase) #194659 [since FEDORA-2006-726]
 CVE-2006-2448 version (kernel, fixed 2.6.16.21, fixed 2.6.17) [since FEDORA-2006-735]
@@ -259,7 +261,7 @@
 CVE-2006-0645 version (gnutls, fixed 1.2.10)
 CVE-2006-0591 version (postgresql, fixed 8.0.6)
 CVE-2006-0576 backport (oprofile) oprofile_opcontrol.patch
-CVE-2006-0558 version (kernel, ** fixed 2.6.16) [since FEDORA-2006-233]
+CVE-2006-0558 version (kernel, fixed 2.6.16) [since FEDORA-2006-233]
 CVE-2006-0557 version (kernel, fixed 2.6.15.6) patch-2.6.16-rc6 [since FEDORA-2006-233]
 CVE-2006-0555 version (kernel, fixed 2.6.16) patch-2.6.16-rc6-git3 [since FEDORA-2006-233]
 CVE-2006-0554 version (kernel, fixed 2.6.16) patch-2.6.16-rc6 [since FEDORA-2006-233]
@@ -423,10 +425,10 @@
 CVE-2005-3388 version (php, fixed 5.1.1)
 CVE-2005-3359 version (kernel, fixed 2.6.14)
 CVE-2005-3358 version (kernel, fixed 2.6.11)
-CVE-2005-3357 backport (httpd, affects 2.2.0)
+CVE-2005-3357 version (httpd, fixed 2.2.1) [since FEDORA-2006-364] was backport since GA
 CVE-2005-3356 version (kernel, fixed 2.6.16) patch-2.6.16-rc6 [since FEDORA-2006-233]
 CVE-2005-3353 version (php, not 5.0)
-CVE-2005-3352 backport (httpd, fixed 2.2.1)
+CVE-2005-3352 version (httpd, fixed 2.2.1) [since FEDORA-2006-364] was backport since GA
 CVE-2005-3351 version (spamassassin, fixed 3.1.0)
 CVE-2005-3322 version (squid) not upstream, SUSE only
 CVE-2005-3319 ignore (mod_php) no security consequence

More information about the fedora-extras-commits mailing list