fedora-security/audit fc4,1.227,1.228 fc5,1.141,1.142
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Wed May 3 14:40:13 UTC 2006
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11235
Modified Files:
fc4 fc5
Log Message:
Update and sync with our internal tracking, make sure we mention the bz's.
This is now our definitive source for FC tracking of public issues, so the
sync is no longer needed.
Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.227
retrieving revision 1.228
diff -u -r1.227 -r1.228
--- fc4 3 May 2006 09:09:52 -0000 1.227
+++ fc4 3 May 2006 14:40:10 -0000 1.228
@@ -3,6 +3,7 @@
** are items that need attention
+CVE-2006-2120 backport (libtiff) #189976 [since FEDORA-2006-473]
CVE-2006-2026 backport (libtiff, fixed 3.8.1) #189976 [since FEDORA-2006-473]
CVE-2006-2083 VULNERABLE (rsync, fixed 2.6.8) #190208
CVE-2006-2071 version (kernel, fixed 2.6.16.6) [since FEDORA-2006-423]
@@ -11,19 +12,19 @@
CVE-2006-2025 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-474]
CVE-2006-2024 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-474]
CVE-2006-1993 version (firefox, 1.5 only)
-CVE-2006-1991 VULNERABLE (php)
-CVE-2006-1990 VULNERABLE (php)
+CVE-2006-1991 VULNERABLE (php) #190034
+CVE-2006-1990 VULNERABLE (php) #190034
CVE-2006-1942 ** firefox
-CVE-2006-1940 version (ethereal, fixed 0.99.0) [since FEDORA-2006-461]
-CVE-2006-1939 version (ethereal, fixed 0.99.0) [since FEDORA-2006-461]
-CVE-2006-1938 version (ethereal, fixed 0.99.0) [since FEDORA-2006-461]
-CVE-2006-1937 version (ethereal, fixed 0.99.0) [since FEDORA-2006-461]
-CVE-2006-1936 version (ethereal, fixed 0.99.0) [since FEDORA-2006-461]
-CVE-2006-1935 version (ethereal, fixed 0.99.0) [since FEDORA-2006-461]
-CVE-2006-1934 version (ethereal, fixed 0.99.0) [since FEDORA-2006-461]
-CVE-2006-1933 version (ethereal, fixed 0.99.0) [since FEDORA-2006-461]
-CVE-2006-1932 version (ethereal, fixed 0.99.0) [since FEDORA-2006-461]
-CVE-2006-1931 version (ruby, fixed 1.8.3)
+CVE-2006-1940 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
+CVE-2006-1939 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
+CVE-2006-1938 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
+CVE-2006-1937 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
+CVE-2006-1936 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
+CVE-2006-1935 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
+CVE-2006-1934 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
+CVE-2006-1933 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
+CVE-2006-1932 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-461]
+CVE-2006-1931 version (ruby, fixed 1.8.3) #189540
CVE-2006-1902 ignore (gcc) not a vulnerability
CVE-2006-1864 VULNERABLE (kernel)
CVE-2006-1863 VULNERABLE (kernel, fixed 2.6.16.11)
@@ -83,18 +84,18 @@
CVE-2006-1724 version (firefox, fixed 1.0.8) [since FEDORA-2006-410]
CVE-2006-1723 VULNERABLE (thunderbird, fixed 1.0.8)
CVE-2006-1723 VULNERABLE (firefox, fixed 1.0.8)
-CVE-2006-1721 ** cyrus-sasl
+CVE-2006-1721 VULNERABLE (cyrus-sasl, fixd 2.1.21) #189815
CVE-2006-1712 version (mailman, only 2.1.7)
CVE-2006-1650 ** firefox
CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon
CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue
CVE-2006-1608 ignore (php) safe mode isn't safe
-CVE-2006-1550 backport (dia) bz#187402 [since FEDORA-2006-261]
+CVE-2006-1550 backport (dia) #187402 [since FEDORA-2006-261]
CVE-2006-1549 ignore (php) this is not a security issue
-CVE-2006-1548 VULNERABLE (struts, fixed 1.2.9) bz#187544
-CVE-2006-1547 VULNERABLE (struts, fixed 1.2.9) bz#187544
-CVE-2006-1546 VULNERABLE (struts, fixed 1.2.9) bz#187544
-CVE-2006-1542 VULNERABLE (python) bz#169046
+CVE-2006-1548 VULNERABLE (struts, fixed 1.2.9) #187544
+CVE-2006-1547 VULNERABLE (struts, fixed 1.2.9) #187544
+CVE-2006-1546 VULNERABLE (struts, fixed 1.2.9) #187544
+CVE-2006-1542 VULNERABLE (python) #169046
CVE-2006-1531 VULNERABLE (thunderbird, fixed 1.0.8)
CVE-2006-1531 VULNERABLE (firefox, fixed 1.0.8)
CVE-2006-1530 VULNERABLE (thunderbird, fixed 1.0.8)
@@ -102,14 +103,14 @@
CVE-2006-1529 VULNERABLE (thunderbird, fixed 1.0.8)
CVE-2006-1529 VULNERABLE (firefox, fixed 1.0.8)
CVE-2006-1527 VULNERABLE (kernel, fixed 2.6.16.13, fixed 2.6.17-rc4)
-CVE-2006-1526 VULNERABLE (xorg-x11) bz#189802
+CVE-2006-1526 VULNERABLE (xorg-x11) #189802
CVE-2006-1525 version (kernel, fixed 2.6.16.8) [since FEDORA-2006-423]
CVE-2006-1524 version (kernel, fixed 2.6.16.7) [since FEDORA-2006-423]
CVE-2006-1523 version (kernel, fixed 2.6.16.4) [since FEDORA-2006-423]
CVE-2006-1522 version (kernel, fixed 2.6.16.3) [since FEDORA-2006-423]
-CVE-2006-1494 VULNERABLE (php)
+CVE-2006-1494 VULNERABLE (php) #189592
CVE-2006-1368 version (kernel, fixed 2.6.16) [since FEDORA-2006-245]
-CVE-2006-1354 VULNERABLE (freeradius) bz#186084
+CVE-2006-1354 VULNERABLE (freeradius) #186084
CVE-2006-1343 VULNERABLE (kernel)
CVE-2006-1342 version (kernel, not 2.6) not vulnerable
CVE-2006-1273 ignore (firefox) This is an IE only issue
@@ -121,16 +122,16 @@
CVE-2006-1066 version (kernel, fixed 2.6.16) [since FEDORA-2006-245]
CVE-2006-1061 version (curl, 7.15.0 - 7.15.2 only)
CVE-2006-1059 version (samba)
-CVE-2006-1058 VULNERABLE (busybox) bz#187386
-CVE-2006-1057 VULNERABLE (gdm, fixed 2.14.1) bz#188303
+CVE-2006-1058 VULNERABLE (busybox) #187386
+CVE-2006-1057 VULNERABLE (gdm, fixed 2.14.1) #188303
CVE-2006-1056 version (kernel, fixed 2.6.16.9) [since FEDORA-2006-423]
CVE-2006-1055 version (kernel, fixed 2.6.17-rc1) [since FEDORA-2006-423]
CVE-2006-1052 version (kernel, fixed 2.6.16) [since FEDORA-2006-423] was backport since FEDORA-2006-245
CVE-2006-1045 VULNERABLE (thunderbird)
CVE-2006-1015 ignore (php) safe mode isn't safe
CVE-2006-1014 ignore (php) safe mode isn't safe
-CVE-2006-0996 VULNERABLE (php) bz#187511
-CVE-2006-0903 VULNERABLE (mysql) bz#183261
+CVE-2006-0996 VULNERABLE (php) #187511
+CVE-2006-0903 VULNERABLE (mysql) #183261
CVE-2006-0884 ** thunderbird
CVE-2006-0836 version (thunderbird, 1.5 only)
CVE-2006-0749 VULNERABLE (thunderbird, fixed 1.0.8)
@@ -139,7 +140,7 @@
CVE-2006-0748 VULNERABLE (thunderbird, fixed 1.0.8)
CVE-2006-0748 VULNERABLE (mozilla, fixed 1.7.13)
CVE-2006-0748 VULNERABLE (firefox, fixed 1.0.8)
-CVE-2006-0746 VULNERABLE (kpdf) bz#184308
+CVE-2006-0746 VULNERABLE (kpdf) #184308
CVE-2006-0745 version (xorg-x11) not fc4
CVE-2006-0744 version (kernel, fixed 2.6.16.5) [since FEDORA-2006-423]
CVE-2006-0742 version (kernel, fixed 2.6.16) patch-2.6.16-rc6 [since FEDORA-2006-245]
@@ -147,8 +148,8 @@
CVE-2006-0730 version (dovecot, 1.0beta[12] only)
CVE-2006-0678 version (postgresql, 8.1 only)
CVE-2006-0645 backport (gnutls) [since FEDORA-2006-107]
-CVE-2006-0591 version (postgresql, fixed 8.0.6) [since FEDORA-2005-021]
-CVE-2006-0576 VULNERABLE (oprofile)
+CVE-2006-0591 version (postgresql, fixed 8.0.6) #180537 [since FEDORA-2005-021]
+CVE-2006-0576 VULNERABLE (oprofile) #180724
CVE-2006-0558 * kernel
CVE-2006-0557 version (kernel, fixed 2.6.15.5) [since FEDORA-2006-245] was backport since FEDORA-2006-131
CVE-2006-0555 version (kernel, fixed 2.6.15.5) [since FEDORA-2006-245] was backport since FEDORA-2006-131
@@ -170,7 +171,7 @@
CVE-2006-0301 version (poppler, fixed 0.4.5) [since FEDORA-2006-103]
CVE-2006-0301 backport (xpdf) [since FEDORA-2006-104]
CVE-2006-0301 version (kdegraphics, fixed 3.5.2) [since FEDORA-2006-385] was backport since FEDORA-2006-105
-CVE-2006-0300 VULNERABLE (tar) bz#181773
+CVE-2006-0300 VULNERABLE (tar) #181773
CVE-2006-0299 version (thunderbird, 1.5 only)
CVE-2006-0299 version (mozilla, 1.8 branch only)
CVE-2006-0299 version (firefox, 1.5 only)
@@ -195,11 +196,11 @@
CVE-2006-0292 backport (mozilla) [since FEDORA-2006-075]
CVE-2006-0292 backport (firefox) [since FEDORA-2006-076]
CVE-2006-0292 VULNERABLE (thunderbird)
-CVE-2006-0254 VULNERABLE (tomcat5, fixed 5.5.16) bz#178178
+CVE-2006-0254 VULNERABLE (tomcat5, fixed 5.5.16) #178178
CVE-2006-0236 ignore (thunderbird) windows only flaw
-CVE-2006-0225 backport (openssh) [since FEDORA-2006-056]
-CVE-2006-0208 VULNERABLE (php) bz#178036
-CVE-2006-0207 VULNERABLE (php) bz#178044
+CVE-2006-0225 backport (openssh) #168167 [since FEDORA-2006-056]
+CVE-2006-0208 VULNERABLE (php) #178036
+CVE-2006-0207 VULNERABLE (php) #178044
CVE-2006-0200 version (php, 5.1.0 5.1.1 only)
CVE-2006-0197 ** xorg-x11
CVE-2006-0195 version (squirrelmail, fixed 1.4.6) [since FEDORA-2006-133]
@@ -209,7 +210,7 @@
CVE-2006-0095 version (kernel, fixed 2.6.15.5) [since FEDORA-2006-245] was backport since FEDORA-2006-102
CVE-2006-0082 version (ImageMagick, not 6.2.2.0)
CVE-2006-0058 version (sendmail, fixed 8.13.6) [since FEDORA-2006-194]
-CVE-2006-0052 VULNERABLE (mailman, fixed 2.1.6) bz#187421
+CVE-2006-0052 VULNERABLE (mailman, fixed 2.1.6) #187421
CVE-2006-0049 version (gnupg, fixed 1.4.2.2) [since FEDORA-2006-147]
CVE-2006-0040 VULNERABLE (gtkhtml)
CVE-2006-0037 version (kernel, fixed 2.6.15.5, only 2.6.14 and 2.6.15) [since FEDORA-2006-245] was backport since FEDORA-2006-077
@@ -219,7 +220,7 @@
CVE-2005-4784 ignore (glibc) struct dirent is big enough
CVE-2005-4746 version (freeradius) we don't build vulnerable bits
CVE-2005-4745 version (freeradius) we don't build vulnerable bits
-CVE-2005-4744 VULNERABLE (freeradius, fixed 1.0.5) bz#167677
+CVE-2005-4744 VULNERABLE (freeradius, fixed 1.0.5) #167677
CVE-2005-4720 VULNERABLE (thunderbird)
CVE-2005-4720 VULNERABLE (mozilla)
CVE-2005-4720 VULNERABLE (firefox)
@@ -227,7 +228,7 @@
CVE-2005-4685 VULNERABLE (mozilla)
CVE-2005-4685 VULNERABLE (firefox)
CVE-2005-4684 VULNERABLE (kdebase) not fixed upstream
-CVE-2005-4667 backport (unzip) [since FEDORA-2006-098] bz#178961
+CVE-2005-4667 backport (unzip) [since FEDORA-2006-098] #178961
CVE-2005-4639 version (kernel, fixed 2.6.15) [since FEDORA-2006-077]
CVE-2005-4636 version (openoffice.org, fixed 2.0.1)
CVE-2005-4635 version (kernel, fixed 2.6.15) [since FEDORA-2006-077] was backport since FEDORA-2006-013
@@ -235,8 +236,8 @@
CVE-2005-4605 version (kernel, fixed 2.6.15) [since FEDORA-2006-077] was backport since FEDORA-2006-013
CVE-2005-4585 version (ethereal, fixed 0.10.14) [since FEDORA-2006-006]
CVE-2005-4442 version (openldap) gentoo only
-CVE-2005-4348 version (fetchmail, fixed 6.2.5.5) [since FEDORA-2005-1187]
-CVE-2005-4268 blocked (cpio) by FORTIFY_SOURCE
+CVE-2005-4348 version (fetchmail, fixed 6.2.5.5) #176267 [since FEDORA-2005-1187]
+CVE-2005-4268 blocked (cpio) #172669 by FORTIFY_SOURCE
CVE-2005-4158 backport (sudo) [since FEDORA-2005-1147] was ignore only env_reset will properly clean the environment
CVE-2005-4154 ignore (php) don't install untrusted pear packages
CVE-2005-4153 VULNERABLE (mailman)
@@ -245,7 +246,7 @@
CVE-2005-4130 ignore (HelixPlayer) not verified
CVE-2005-4126 ignore (HelixPlayer) not verified
CVE-2005-4077 backport (curl) [since FEDORA-2005-1137]
-CVE-2005-3964 VULNERABLE (openmotif) bz#174815
+CVE-2005-3964 VULNERABLE (openmotif) #174815
CVE-2005-3962 backport (perl) [since FEDORA-2005-1144]
CVE-2005-3912 backport (perl) [since FEDORA-2005-1144]
CVE-2005-3896 ignore (mozilla) recoverable DoS only
@@ -264,7 +265,7 @@
CVE-2005-3783 version (kernel, fixed 2.6.14.2) [since FEDORA-2006-077] was backport since FEDORA-2005-1104
CVE-2005-3753 version (kernel, fixed 2.6.14) also not a vuln
CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
-CVE-2005-3732 VULNERABLE (ipsec-tools, fixed 0.6.3) bz#173842
+CVE-2005-3732 VULNERABLE (ipsec-tools, fixed 0.6.3) #173842
CVE-2005-3675 VULNERABLE (kernel) optack
CVE-2005-3671 version (openswan, fixed 2.4.4) [since FEDORA-2005-1093]
CVE-2005-3662 version (netpbm)
@@ -356,7 +357,7 @@
CVE-2005-3185 blocked (wget) by FORTIFY_SOURCE
CVE-2005-3185 backport (curl) [since FEDORA-2005-1129] was blocked (curl) by FORTIFY_SOURCE
CVE-2005-3184 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-CVE-2005-3183 backport (w3c-libwww) [since FEDORA-2005-952]
+CVE-2005-3183 backport (w3c-libwww) #159597 [since FEDORA-2005-952]
CVE-2005-3181 version (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1067] was backport since FEDORA-2005-1013
CVE-2005-3180 version (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1067] was backport since FEDORA-2005-1013
CVE-2005-3179 version (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1067] was backport since FEDORA-2005-1013
@@ -372,10 +373,10 @@
CVE-2005-3089 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped
CVE-2005-3055 version (kernel, fixed 2.6.14 at least) [since FEDORA-2005-1067]
-CVE-2005-3054 ignore (php) see bz#169857
+CVE-2005-3054 ignore (php) see #169857
CVE-2005-3053 version (kernel) [since FEDORA-2005-949] was backport since FEDORA-2005-820
CVE-2005-3044 version (kernel, fixed 2.6.13.2) [since FEDORA-2005-1067] was backport since FEODRA-2005-949
-CVE-2005-3011 backport (texinfo) [since FEDORA-2005-991]
+CVE-2005-3011 backport (texinfo) #169585 [since FEDORA-2005-991]
CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
CVE-2005-2978 version (netpbm, fixed 10.25)
CVE-2005-2977 backport (pam) [since FEDORA-2005-1031]
@@ -384,7 +385,7 @@
CVE-2005-2975 backport (gdk-pixbuf) [since FEDORA-2005-1085]
CVE-2005-2974 version (libungif, fixed 4.1.3) [since FEDORA-2005-1046]
CVE-2005-2973 version (kernel, 2.6.14 at least) [since FEODRA-2005-1067]
-CVE-2005-2970 backport (httpd) bz#171759 [since FEDORA-2006-052]
+CVE-2005-2970 backport (httpd) #171759 [since FEDORA-2006-052]
CVE-2005-2969 backport (openssl097a, fixed 0.9.7h) [since FEDORA-2005-986]
CVE-2005-2969 backport (openssl, fixed 0.9.7h) [since FEDORA-2005-986]
CVE-2005-2968 version (thunderbird) [since FEDORA-2005-963]
@@ -393,7 +394,7 @@
CVE-2005-2959 ignore (sudo) not a vulnerability
CVE-2005-2946 VULNERABLE (openssl, fixed 0.9.8) (as it uses md5 md)
CVE-2005-2933 backport (libc-client) [since FEDORA-2005-1115]
-CVE-2005-2933 VULNERABLE (uw-imap) bz#171345
+CVE-2005-2933 VULNERABLE (uw-imap) #171345
CVE-2005-2929 backport (lynx) [since FEDORA-2005-1079]
CVE-2005-2922 version (HelixPlayer, fixed 1.0.6) [since FEDORA-2005-940]
CVE-2005-2917 version (squid, fixed 2.5.STABLE11) [since FEDORA-2005-913]
@@ -438,9 +439,9 @@
CVE-2005-2700 backport (httpd, fixed 2.0.55-dev) [since FEDORA-2005-849]
CVE-2005-2693 backport (cvs) [since FEDORA-2005-790]
CVE-2005-2672 backport (lm_sensors) [since FEDORA-2005-1053]
-CVE-2005-2666 VULNERABLE (openssh) see bz#162681
+CVE-2005-2666 VULNERABLE (openssh) #162681
CVE-2005-2642 version (mutt, openbsd only)
-CVE-2005-2641 VULNERABLE (pam_ldap) bz#166164
+CVE-2005-2641 VULNERABLE (pam_ldap) #166164
CVE-2005-2629 version (helixplayer, fixed 1.0.6) [since FEDORA-2005-940]
CVE-2005-2617 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
CVE-2005-2602 ignore (thunderbird) probably
@@ -459,14 +460,14 @@
CVE-2005-2498 version (php xml_rpc, fixed 1.4.0) [since FEDORA-2005-810]
CVE-2005-2496 backport (ntp, fixed 4.2.0b) ...0a-20040617-ntpd_guid.patch
CVE-2005-2495 backport (xorg-x11) [since FEDORA-2005-894]
-CVE-2005-2494 version (kdebase, fixed after 3.4.2) [since FEDORA-2005-1152]
+CVE-2005-2494 version (kdebase, fixed after 3.4.2) #166997 [since FEDORA-2005-1152]
CVE-2005-2492 version (kernel, fixed 2.6.13.1) [since FEDORA-2005-949] was backport since FEDORA-2005-906
CVE-2005-2491 ignore (python, fc4 python does not contain pcre)
CVE-2005-2491 ignore (php, pcre uses system pcre)
CVE-2005-2491 ignore (httpd, pcre uses system pcre)
CVE-2005-2491 backport (pcre, fixed 6.2) [since FEDORA-2005-803]
CVE-2005-2490 version (kernel, fixed 2.6.13.1) [since FEDORA-2005-949] was backport since FEDORA-2005-906
-CVE-2005-2475 VULNERABLE (unzip) bz#164928
+CVE-2005-2475 VULNERABLE (unzip) #164928
CVE-2005-2471 version (netpbm, 10.31 at least) [since FEDORA-2005-000**] was backport since FEDORA-2005-728
CVE-2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible
CVE-2005-2458 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
@@ -568,6 +569,7 @@
CVE-2005-1705 backport (gdb) [since FEDORA-2005-1033]
CVE-2005-1704 backport (gdb) [since FEDORA-2005-1033]
CVE-2005-1704 backport (binutils) ...eadelf-overflows.patch [since FEDORA-2005-498]
+CVE-2005-1704 ** elfutils #159891
CVE-2005-1689 backport (krb5) [since FEDORA-2005-553]
CVE-2005-1686 ignore (gedit, not a vulnerability)
CVE-2005-1636 version (mysql, fixed 4.1.12) [since FEDORA-2005-557]
@@ -682,7 +684,7 @@
CVE-2005-0760 version (ImageMagick, fixed 6.0)
CVE-2005-0759 version (ImageMagick, fixed 6.0)
CVE-2005-0758 version (gzip, fixed 1.3.5)
-CVE-2005-0758 VULNERABLE (bzip2) by inspection bz#159819
+CVE-2005-0758 VULNERABLE (bzip2) by inspection #159819
CVE-2005-0757 version (kernel, not 2.6)
CVE-2005-0756 version (kernel, fixed 2.6.12) [since FEDORA-2005-510] was backport since GA
CVE-2005-0755 version (HelixPlayer, fixed 10.0.4)
@@ -752,7 +754,7 @@
CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
CVE-2005-0455 version (HelixPlayer, fixed 1.0.3)
CVE-2005-0449 version (kernel, fixed 2.6.11)
-CVE-2005-0448 version (perl, fixed 5.8.6) bz#173793
+CVE-2005-0448 version (perl, fixed 5.8.6) #173793
CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020
CVE-2005-0403 version (kernel, not upstream)
@@ -888,7 +890,7 @@
CVE-2004-2536 version (kernel, fixed 2.6.7)
CVE-2004-2531 version (gnutls, fixed 1.0.17)
CVE-2004-2502 version (iiimf, fixed 11.4-46.1)
-CVE-2004-2480 ignore (squid) bz#166523, not reproducable
+CVE-2004-2480 ignore (squid) #166523, not reproducable
CVE-2004-2479 version (squid, fixed 2.5.STABLE8)
CVE-2004-2396 version (passwd, fixed 0.69) verified in source
CVE-2004-2395 version (passwd, fixed 0.69) verified in source
@@ -1054,7 +1056,7 @@
CVE-2004-0956 version (mysql, fixed 4.0.20)
CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6)
CVE-2004-0942 version (httpd, fixed 2.0.53)
-CVE-2004-0941 VULNERABLE (gd) seems wasn't fixed upstream bz#175414
+CVE-2004-0941 VULNERABLE (gd) seems wasn't fixed upstream #175414
CVE-2004-0940 version (httpd, not 2.0)
CVE-2004-0938 version (freeradius, fixed 1.0.1)
CVE-2004-0930 version (samba, fixed 3.0.8)
Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.141
retrieving revision 1.142
diff -u -r1.141 -r1.142
--- fc5 3 May 2006 09:09:52 -0000 1.141
+++ fc5 3 May 2006 14:40:10 -0000 1.142
@@ -3,6 +3,7 @@
** are items that need attention
+CVE-2006-2120 backport (libtiff) #189976 [since FEDORA-2006-473]
CVE-2006-2026 backport (libtiff, fixed 3.8.1) #189976 [since FEDORA-2006-474]
CVE-2006-2083 VULNERABLE (rsync, fixed 2.6.8) #190208
CVE-2006-2071 version (kernel, fixed 2.6.16.6) [since FEDORA-2006-421]
@@ -11,19 +12,19 @@
CVE-2006-2025 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-473]
CVE-2006-2024 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-473]
CVE-2006-1993 VULNERABLE (firefox) #190124
-CVE-2006-1991 VULNERABLE (php)
-CVE-2006-1990 VULNERABLE (php)
+CVE-2006-1991 VULNERABLE (php) #190034
+CVE-2006-1990 VULNERABLE (php) #190034
CVE-2006-1942 ** firefox
-CVE-2006-1940 version (ethereal, fixed 0.99.0) [since FEDORA-2006-456]
-CVE-2006-1939 version (ethereal, fixed 0.99.0) [since FEDORA-2006-456]
-CVE-2006-1938 version (ethereal, fixed 0.99.0) [since FEDORA-2006-456]
-CVE-2006-1937 version (ethereal, fixed 0.99.0) [since FEDORA-2006-456]
-CVE-2006-1936 version (ethereal, fixed 0.99.0) [since FEDORA-2006-456]
-CVE-2006-1935 version (ethereal, fixed 0.99.0) [since FEDORA-2006-456]
-CVE-2006-1934 version (ethereal, fixed 0.99.0) [since FEDORA-2006-456]
-CVE-2006-1933 version (ethereal, fixed 0.99.0) [since FEDORA-2006-456]
-CVE-2006-1932 version (ethereal, fixed 0.99.0) [since FEDORA-2006-456]
-CVE-2006-1931 version (ruby, fixed 1.8.3)
+CVE-2006-1940 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
+CVE-2006-1939 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
+CVE-2006-1938 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
+CVE-2006-1937 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
+CVE-2006-1936 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
+CVE-2006-1935 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
+CVE-2006-1934 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
+CVE-2006-1933 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
+CVE-2006-1932 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
+CVE-2006-1931 version (ruby, fixed 1.8.3) #189540
CVE-2006-1902 ignore (gcc) not a vulnerability
CVE-2006-1865 version (beagle, fixed 0.2.5) [since FEDORA-2006-440]
CVE-2006-1864 VULNERABLE (kernel)
@@ -84,7 +85,7 @@
CVE-2006-1724 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1723 VULNERABLE (thunderbird, fixed 1.5.0.2)
CVE-2006-1723 VULNERABLE (firefox, fixed 1.5.0.2)
-CVE-2006-1721 ** cyrus-sasl
+CVE-2006-1721 version (cyrus-sasl, fixed 2.1.21)
CVE-2006-1712 version (mailman, only 2.1.7)
CVE-2006-1650 ** firefox
CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon
@@ -107,7 +108,7 @@
CVE-2006-1524 version (kernel, fixed 2.6.16.7) [since FEDORA-2006-421]
CVE-2006-1523 version (kernel, fixed 2.6.16.4) [since FEDORA-2006-421]
CVE-2006-1522 version (kernel, fixed 2.6.16.3) [since FEDORA-2006-421]
-CVE-2006-1494 VULNERABLE (php)
+CVE-2006-1494 VULNERABLE (php)#189592
CVE-2006-1368 version (kernel, fixed 2.6.16) [since FEDORA-2006-233]
CVE-2006-1354 VULNERABLE (freeradius) bz#186084
CVE-2006-1343 VULNERABLE (kernel)
@@ -132,7 +133,7 @@
CVE-2006-1015 ignore (php) safe mode isn't safe
CVE-2006-1014 ignore (php) safe mode isn't safe
CVE-2006-0996 VULNERABLE (php) bz#187511
-CVE-2006-0903 VULNERABLE (mysql) low/not upstream yet
+CVE-2006-0903 VULNERABLE (mysql) #183261 low/not upstream yet
CVE-2006-0884 VULNERABLE (thunderbird)
CVE-2006-0836 VULNERABLE (thunderbird)
CVE-2006-0749 VULNERABLE (thunderbird, fixed 1.5.0.2)
@@ -197,7 +198,7 @@
CVE-2006-0292 version (thunderbird, fixed 1.5)
CVE-2006-0292 version (firefox, fixed 1.5.1)
CVE-2006-0292 backport (mozilla) mozilla-1.7.12-CVE-2006-0292-javascript-unrooted.patch
-CVE-2006-0254 backport (tomcat5, fixed 5.5.16) **check this**
+CVE-2006-0254 backport (tomcat5, fixed 5.5.16) #178179 **check this**
CVE-2006-0236 ignore (thunderbird) windows only
CVE-2006-0225 version (openssh, fixed 4.3p2)
CVE-2006-0208 version (php, fixed 5.1.2)
@@ -214,7 +215,7 @@
CVE-2006-0058 version (sendmail, fixed 8.13.6) [since FEDORA-2006-193]
CVE-2006-0052 version (mailman, fixed 2.1.6)
CVE-2006-0049 version (gnupg, fixed 1.4.2.2)
-CVE-2006-0040 ** VULNERABLE (gtkhtml) no upstream fix
+CVE-2006-0040 ** VULNERABLE (gtkhtml) #183680 no upstream fix
CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc6 [since FEDORA-2006-233]
More information about the fedora-extras-commits
mailing list