fedora-security/audit fc6, 1.245, 1.246 fc7, 1.78, 1.79 fe6, 1.132, 1.133
Tomas Hoger (thoger)
fedora-extras-commits at redhat.com
Fri Aug 24 10:27:39 UTC 2007
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3670/audit
Modified Files:
fc6 fc7 fe6
Log Message:
- CVE update
- Fedora update
- add CVE-2007-2958
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.245
retrieving revision 1.246
diff -u -r1.245 -r1.246
--- fc6 23 Aug 2007 10:30:39 -0000 1.245
+++ fc6 24 Aug 2007 10:27:36 -0000 1.246
@@ -4,8 +4,8 @@
# *CVE are items that need verification for Fedora Core 6
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20070822
-# Up to date FC6 as of 20070820
+# Up to date CVE as of CVE email 20070823
+# Up to date FC6 as of 20070823
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4255 ignore (php) msql extension not shipped
@@ -20,6 +20,7 @@
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3852 VULNERABLE (sysstat) #252296
+CVE-2007-3847 VULNERABLE (httpd) #250756
CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- fc7 23 Aug 2007 10:30:39 -0000 1.78
+++ fc7 24 Aug 2007 10:27:37 -0000 1.79
@@ -5,11 +5,12 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-# Up to date CVE as of CVE email 20070822
-# Up to date FC7 as of 20070820
+# Up to date CVE as of CVE email 20070823
+# Up to date FC7 as of 20070823
-CVE-2007-4462 VULNERABLE (po4a) #253541
-CVE-2007-4460 VULNERABLE (id3lib) #253553
+CVE-2007-4510 VULNERABLE (clamav, 0.91.2) #253780
+CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
+CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
CVE-2007-4400 VULNERABLE (konversation) #253545
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
@@ -27,7 +28,7 @@
CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
CVE-2007-4139 VULNERABLE (wordpress) #250751
CVE-2007-4131 VULNERABLE (tar) #253684
-CVE-2007-4029 VULNERABLE (libvorbis) #245991
+CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
@@ -36,6 +37,8 @@
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
+CVE-2007-3848 version (kernel) [since FEDORA-2007-1785]
+CVE-2007-3847 VULNERABLE (httpd) #250755
CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
@@ -99,7 +102,7 @@
CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366]
CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444]
-CVE-2007-3106 VULNERABLE (libvorbis) #245991
+CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674]
@@ -119,12 +122,13 @@
CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
CVE-2007-3007 ignore (php) safe mode isn't safe
*CVE-2007-2975 (openfire)
+CVE-2007-2958 VULNERABLE (claws-mail) #254121
+CVE-2007-2958 VULNERABLE (sylpheed) #254123
CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581]
CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725]
CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
CVE-2007-2925 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
-*CVE-2007-2894 VULNERABLE (bochs) #241799
-CVE-2007-2894 ignore (bochs, unreproducible) #241799
+CVE-2007-2894 backport (bochs) #241799 [since FEDORA-2007-1778]
CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799 [since FEDORA-2007-1153]
CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ]
CVE-2007-2874 remove-patch (wpa_supplicant) #242455 [since FEDORA-2007-0185]
@@ -332,7 +336,7 @@
CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
CVE-2007-0884 ignore (mimedefang 2.59/2.60 not shipped) #228757
CVE-2007-0857 version (moin, fixed 1.5.7) #228139
-CVE-2007-0844 VULNERABLE (pam_ssh, fixed 1.92) #253959
+CVE-2007-0844 version (pam_ssh, fixed 1.92) #253959 [since FEDORA-2007-1793]
CVE-2007-0823 ignore (xterm) feature, not a bug
CVE-2007-0822 ignore (util-linux) NULL dereference
CVE-2007-0780 version (seamonkey, fixed 1.0.8)
Index: fe6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fe6,v
retrieving revision 1.132
retrieving revision 1.133
diff -u -r1.132 -r1.133
--- fe6 9 Aug 2007 15:53:20 -0000 1.132
+++ fe6 24 Aug 2007 10:27:37 -0000 1.133
@@ -2,6 +2,7 @@
** are items that need attention
+CVE-2007-4510 VULNERABLE (clamav, 0.91.2) #253780
CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162
CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162
CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162
More information about the fedora-extras-commits
mailing list