fedora-security/audit fc6,1.236,1.237 fc7,1.66,1.67

Mon Aug 13 12:22:25 UTC 2007

Author: lkundrak

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5215

Modified Files:
	fc6 fc7 
Log Message:
New kernel issue, some stuff fixed.



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.236
retrieving revision 1.237
diff -u -r1.236 -r1.237

--- fc6	10 Aug 2007 14:48:41 -0000	1.236
+++ fc6	13 Aug 2007 12:22:22 -0000	1.237
@@ -19,12 +19,14 @@
 CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
 CVE-2007-3845 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
 CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
+CVE-2007-3843 VULNERABLE (kernel) #246595
 CVE-2007-3841 ignore (pidgin) ethically disclosed
 CVE-2007-3820 ** (kdebase) #248537
 CVE-2007-3799 ** (php)
 CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654]
 CVE-2007-3782 ** (mysql)
 CVE-2007-3781 ** (mysql)
+CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655]
 CVE-2007-3508 ignore (glibc) not an issue
 CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561]
 CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809
@@ -69,7 +71,7 @@
 CVE-2007-1863 backport (httpd) #244660 [since FEDORA-2007-615]
 CVE-2007-1862 backport (httpd) #244660 [since FEDORA-2007-615]
 CVE-2007-1861 version (kernel) [since FEDORA-2007-482]
-CVE-2007-1856 backport (vixie-cron) #235882 [since ???]
+CVE-2007-1856 backport (vixie-cron) #235882 [since FEDORA-2007-662]
 CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 [sconklin] Developer busy -- next week.
 CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413]
 CVE-2007-1667 backport (libX11) [since FEDORA-2007-426]
@@ -117,7 +119,7 @@
 CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
 CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
 CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
-CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since ???]
+CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since FEDORA-2007-657]
 CVE-2007-0104 ignore (poppler) only client DoS
 CVE-2007-0104 ignore (kdegraphics) only client DoS
 CVE-2007-0086 ignore (apache) not a security issue
@@ -149,7 +151,7 @@
 CVE-2006-6144 ** krb5
 CVE-2006-6143 ** krb5
 CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
-CVE-2006-6128 VULNERABLE (kernel) #250625
+CVE-2006-6128 patch (kernel) #250625 [since FEDORA-2007-226] This was bug in our patch, not upstream
 CVE-2006-6107 backport (dbus, fixed 1.0.2) #219665 [since FEDORA-2006-1475]
 CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
 CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
@@ -217,7 +219,7 @@
 CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167
 CVE-2006-5214 version (xorg-x11-xdm)
 CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession
-CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167
+CVE-2006-5214 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-659]
 CVE-2006-5178 ignore (php) safe mode escape
 CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only
 CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- fc7	10 Aug 2007 14:48:41 -0000	1.66
+++ fc7	13 Aug 2007 12:22:22 -0000	1.67
@@ -30,6 +30,7 @@
 CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3845 VULNERABLE (firefox, fixed 2.0.0.6) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
 CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
+CVE-2007-3843 VULNERABLE (kernel) #246595
 CVE-2007-3841 ignore (pidgin) ethically disclosed
 CVE-2007-3820 ** (kdebase) #248537
 CVE-2007-3799 ** (php)


