fedora-security/audit fc5,1.182,1.183 fc4,1.269,1.270

Mon May 29 22:52:38 UTC 2006

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6920

Modified Files:
	fc5 fc4 
Log Message:
Mailman



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.182
retrieving revision 1.183
diff -u -r1.182 -r1.183

--- fc5	29 May 2006 11:02:47 -0000	1.182
+++ fc5	29 May 2006 22:52:35 -0000	1.183
@@ -281,7 +281,7 @@
 CVE-2005-4268 backport (cpio) also blocked by FORTIFY_SOURCE
 CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment
 CVE-2005-4154 ignore (php) don't install untrusted pear packages
-CVE-2005-4153 backport (mailman) mailman-2.1.5-date_overflows.patch
+CVE-2005-4153 version (mailman) [since FEDORA-2006-535] was backport mailman-2.1.5-date_overflows.patch since GA
 CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html
 CVE-2005-4134 backport (mozilla) mozilla-1.7.12-CVE-2005-4134-long-history-dos.patch
 CVE-2005-4130 ignore (HelixPlayer) not verified


Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.269
retrieving revision 1.270
diff -u -r1.269 -r1.270
--- fc4	29 May 2006 11:02:47 -0000	1.269
+++ fc4	29 May 2006 22:52:35 -0000	1.270
@@ -248,7 +248,7 @@
 CVE-2006-0095 version (kernel, fixed 2.6.15.5) [since FEDORA-2006-245] was backport since FEDORA-2006-102
 CVE-2006-0082 version (ImageMagick, not 6.2.2.0)
 CVE-2006-0058 version (sendmail, fixed 8.13.6) [since FEDORA-2006-194]
-CVE-2006-0052 VULNERABLE (mailman, fixed 2.1.6) #187421
+CVE-2006-0052 version (mailman, fixed 2.1.6) #187421 [since FEDORA-2006-534]
 CVE-2006-0049 version (gnupg, fixed 1.4.2.2) [since FEDORA-2006-147]
 CVE-2006-0040 VULNERABLE (gtkhtml)
 CVE-2006-0039 version (kernel, fixed 2.6.16.17) [since FEDORA-2006-573]
@@ -280,7 +280,7 @@
 CVE-2005-4268 blocked (cpio) #172669 by FORTIFY_SOURCE
 CVE-2005-4158 backport (sudo) [since FEDORA-2005-1147] was ignore only env_reset will properly clean the environment
 CVE-2005-4154 ignore (php) don't install untrusted pear packages
-CVE-2005-4153 VULNERABLE (mailman)
+CVE-2005-4153 version (mailman) [since FEDORA-2006-534]
 CVE-2005-4134 backport (mozilla) [since FEDORA-2006-075]
 CVE-2005-4134 backport (firefox) [since FEDORA-2006-076]
 CVE-2005-4130 ignore (HelixPlayer) not verified
@@ -341,7 +341,7 @@
 CVE-2005-3624 backport (cups) [since FEDORA-2006-010]
 CVE-2005-3623 version (kernel, fixed 2.6.14.5) [since FEDORA-2006-077] was backport since FEDORA-2006-013
 CVE-2005-3582 version (ImageMagick) gentoo only
-CVE-2005-3573 VULNERABLE (mailman)
+CVE-2005-3573 VULNERABLE (mailman) **
 CVE-2005-3527 version (kernel, fixed 2.6.14 at least) [since FEDORA-2005-1067]
 CVE-2005-3402 ignore (thunderbird) mozilla say by design
 CVE-2005-3392 ignore (php) safe mode isn't safe
@@ -841,7 +841,7 @@
 CVE-2005-0206 version (xpdf, only bad patch for 2004-0888)
 CVE-2005-0205 version (kdenetwork, not 3.3 onwards)
 CVE-2005-0204 version (kernel, didn't affect upstream)
-CVE-2005-0202 backport (mailman, fixed 2.1.6) from srpm
+CVE-2005-0202 version (mailman, fixed 2.1.6) [since FEDORA-2006-534] was backport since GA
 CVE-2005-0201 backport (dbus) [since FEDORA-2005-822]
 CVE-2005-0194 version (squid, fixed 2.5.STABLE8)
 CVE-2005-0180 version (kernel, fixed 2.6.11)
@@ -1013,7 +1013,7 @@
 CVE-2004-1184 backport (enscript) in srpm
 CVE-2004-1183 backport (libtiff) libtiff-3.5.7-dump.patch
 CVE-2004-1180 version (rwho, fixed 0.17)
-CVE-2004-1177 backport (mailman, fixed 2.1.6) in srpm
+CVE-2004-1177 version (mailman, fixed 2.1.6) [since FEDORA-2006-534] was backport since GA
 CVE-2004-1176 version (mc, fixed 4.6.0)
 CVE-2004-1175 version (mc, fixed 4.6.0)
 CVE-2004-1174 version (mc, fixed 4.6.0)


