fedora-security/audit fc6,1.227,1.228

Lubomir Kundrak (lkundrak) fedora-extras-commits at redhat.com
Thu Aug 2 12:58:56 UTC 2007


Author: lkundrak

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15592

Modified Files:
	fc6 
Log Message:
Walk through VULNERABLEs, clean them up a bit and ping developers.



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.227
retrieving revision 1.228
diff -u -r1.227 -r1.228
--- fc6	2 Aug 2007 09:39:05 -0000	1.227
+++ fc6	2 Aug 2007 12:58:54 -0000	1.228
@@ -7,14 +7,13 @@
 # Up to date CVE as of CVE email 20070801
 # Up to date FC6 as of 20070802
 
-CVE-2007-4029 VULNERABLE (libvorbis) #245991
-CVE-2007-4168 VULNERABLE (libexif) #243892
-CVE-2007-3841 WTF (pidgin)
+CVE-2007-4029 VULNERABLE (libvorbis) #250600
+CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
+CVE-2007-3841 ignore (pidgin) ethically disclosed
 CVE-2007-3820 ** (kdebase) #248537
 CVE-2007-3799 ** (php)
 CVE-2007-3782 ** (mysql)
 CVE-2007-3781 ** (mysql)
-CVE-2007-3713 VULNERABLE (centericq) #247979
 CVE-2007-3508 ignore (glibc) not an issue
 CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561]
 CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809
@@ -28,9 +27,9 @@
 CVE-2007-3304 backport (httpd) #244660 [since FEDORA-2007-615]
 CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594]
 CVE-2007-3126 ignore (gimp) just a crash
-CVE-2007-3106 VULNERABLE (libvorbis) #245991
+CVE-2007-3106 VULNERABLE (libvorbis) #250600
 CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647]
-*CVE-2007-2894 VULNERABLE (bochs) #241799
+CVE-2007-2894 VULNERABLE (bochs) #241799
 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600]
 CVE-2007-2875 version (kernel) [since FEDORA-2007-600]
 *CVE-2007-2874 (wpa_supplicant) #242455
@@ -44,7 +43,7 @@
 CVE-2007-2453 version (kernel) [since FEDORA-2007-600]
 CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600]
 CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529]
-CVE-2007-2438 VULNERABLE (vim) #238734
+CVE-2007-2438 version (vim, fixed 7.0.235) #238734 [since FEDORA-2007-492]
 CVE-2007-2242 version (kernel) [since FEDORA-2007-482]
 CVE-2007-2138 version (postgresql, fixed 8.1.9) [since FEDORA-2007-565]
 CVE-2007-2028 backport (freeradius) [since FEDORA-2007-499]
@@ -56,13 +55,13 @@
 CVE-2007-1841 VULNERABLE (ipsec-tools) #238052
 CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413]
 CVE-2007-1667 backport (libX11) [since FEDORA-2007-426]
-CVE-2007-1565 ignore (konqueror) client crash
-CVE-2007-1564 vulnerable (konqueror)
+CVE-2007-1565 ignore (kdebase) client crash
+CVE-2007-1564 ignore (kdebase) Correct behavior according to RFC
 CVE-2007-1562 version (mozilla) #241840 [since FEDORA-2007-549]
 CVE-2007-1558 backport (evolution) #235290 [since FEDORA-2007-484]
 CVE-2007-1536 backport (file, fixed 4.20) #233164 [since FEDORA-2007-391]
 CVE-2007-1475 ignore (php) unshipped ibase extension
-CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604
+CVE-2007-1420 ignore (mysql, fixed 5.0.36) #232604 mysql_safe keeps the server alive
 CVE-2007-1413 ignore (php) Windows NT SNMP specific
 CVE-2007-1412 ignore (php) unshipped cpdf extension
 CVE-2007-1411 ignore (php) unshipped mssql extension
@@ -89,18 +88,18 @@
 CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456
 CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated
 CVE-2007-0650 ignore (tetex) needs user's assistance
-CVE-2007-0537 VULNERABLE (kdebase) #225420
+CVE-2007-0537 backport (kdebase) #225420 [since FEDORA-2007-195]
 CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147]
 CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147]
 CVE-2007-0459 version (wireshark, fixed 0.99.5) #227140
 CVE-2007-0458 version (wireshark, fixed 0.99.5) #227140
 CVE-2007-0457 version (wireshark, fixed 0.99.5) #227140
 CVE-2007-0456 version (wireshark, fixed 0.99.5) #227140
-CVE-2007-0455 VULNERABLE (gd) #224610
+CVE-2007-0455 backport (gd) #224610 [since FEDORA-2007-149]
 CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
 CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
 CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
-CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage
+CVE-2007-0235 VULNERABLE (libgtop2) #222637
 CVE-2007-0104 ignore (poppler) only client DoS
 CVE-2007-0104 ignore (kdegraphics) only client DoS
 CVE-2007-0086 ignore (apache) not a security issue
@@ -111,12 +110,12 @@
 CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226]
 CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
 CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
-CVE-2006-6939 VULNERABLE (ed, fixed 0.3) #223075
+CVE-2006-6939 version (ed, fixed 0.3) #223075 [since FEDORA-2007-100]
 CVE-2006-6899 version (bluez-utils, fixed 2.23)
 CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019]
 CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077]
 CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043]
-CVE-2006-6698 VULNERABLE (GConf2) #219280
+CVE-2006-6698 VULNERABLE (GConf2) #219280 wontfix
 CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible
 CVE-2006-6385 ignore (kernel) windows only
 CVE-2006-6383 ignore (php) safe mode isn't safe
@@ -137,7 +136,7 @@
 CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
 CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067]
 CVE-2006-6097 backport (tar) [since FEDORA-2006-1393]
-CVE-2006-6077 VULNERABLE (firefox)
+CVE-2006-6077 version (firefox, fixed 1.5.0.10) [since FEDORA-2007-293]
 CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
 CVE-2006-6058 VULNERABLE (kernel, fixed **)
 CVE-2006-6057 VULNERABLE (kernel, fixed **)
@@ -146,23 +145,23 @@
 CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
 CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6
 CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
-CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508
+CVE-2006-5973 version (dovecot, fixed 1.0.rc15) #216508 [since ???]
 CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support
 CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109]
 CVE-2006-5871 version (kernel, fixed 2.6.10)
 CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560
 CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042]
-CVE-2006-5864 VULNERABLE (evince) #217672
+CVE-2006-5864 backport (evince) #217672 [since ???]
 CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
 CVE-2006-5794 backport (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215]
 CVE-2006-5793 backport (libpng, fixed 1.2.13) #215405 [since FEDORA-2007-529]
 CVE-2006-5783 ignore (firefox) disputed
-CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768
+CVE-2006-5779 version (openldap, fixed 2.3.29) #214768 [since FEDORA-2007-467]
 CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
 CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
 CVE-2006-5752 backport (httpd) #244660 [since FEDORA-2007-615]
 CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471]
-CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2)
+CVE-2006-5749 version (kernel, fixed 2.6.20-rc2) [since FEDORA-2007-335]
 CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
 CVE-2006-5748 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
 CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
@@ -187,9 +186,9 @@
 CVE-2006-5463 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
 CVE-2006-5462 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
 CVE-2006-5462 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
-CVE-2006-5461 VULNERABLE (avahi, fixed 0.6.15)
+CVE-2006-5461 version (avahi, fixed 0.6.15) [since FEDORA-2007-019]
 CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285]
-CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280
+CVE-2006-5397 backport (libX11, 1.0.2 and 1.0.3 only) #213280 [since FEDORA-2007-162]
 CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
 CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
 CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
@@ -203,7 +202,7 @@
 CVE-2006-5178 VULNERABLE (php) can't be fixed
 CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only
 CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield
-CVE-2006-5170 VULNERABLE (nss_ldap, fixed 183)
+CVE-2006-5170 version (nss_ldap, fixed 183)
 CVE-2006-5160 ignore (firefox) unverified
 CVE-2006-5159 ignore (firefox) unverified
 CVE-2006-5158 version (kernel, fixed 2.6.15)
@@ -228,7 +227,7 @@
 CVE-2006-4623 version (kernel, fixed 2.6.18-rc1)
 CVE-2006-4600 version (openldap, fixed 2.3.25)
 CVE-2006-4574 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
-CVE-2006-4573 VULNERABLE (screen) #212057
+CVE-2006-4573 version (screen, fixed 4.0.3) #212057 [since FEDORA-2007-106]
 CVE-2006-4572 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
 CVE-2006-4571 version (thunderbird, fixed 1.5.0.7)
 CVE-2006-4571 version (firefox, fixed 1.5.0.7)
@@ -707,7 +706,7 @@
 CVE-2005-3753 version (kernel, fixed 2.6.14)
 CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
 CVE-2005-3732 version (ipsec-tools, fixed 0.6.3)
-CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix
+CVE-2005-3675 ignore (kernel) optack, not a bug
 CVE-2005-3671 version (openswan, fixed 2.4.4)
 CVE-2005-3662 version (netpbm)
 CVE-2005-3656 version (mod_auth_pgsql, fixed 2.0.3)
@@ -1639,7 +1638,6 @@
 CVE-2003-1303 version (php, fixed 4.3.3)
 CVE-2003-1302 version (php, fixed 4.3.1)
 CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
-CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
 CVE-2003-1232 version (emacs, fixed 21.3)
 CVE-2003-1201 version (openldap, not 2.2)
 CVE-2003-1161 version (kernel, not released version)




More information about the fedora-extras-commits mailing list