fedora-security/audit fc6,1.251,1.252 fc7,1.92,1.93

Wed Sep 5 08:30:53 UTC 2007

Author: lkundrak

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15692

Modified Files:
	fc6 fc7 
Log Message:
releng pushed loooots of stuff



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.251
retrieving revision 1.252
diff -u -r1.251 -r1.252

--- fc6	4 Sep 2007 21:12:24 -0000	1.251
+++ fc6	5 Sep 2007 08:30:51 -0000	1.252
@@ -5,9 +5,9 @@
 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
 
 # Up to date CVE as of CVE email 20070823
-# Up to date FC6 as of 20070827
+# Up to date FC6 as of 20070905
 
-CVE-2007-4565 VULNERABLE (fetchmail) #260881
+CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689]
 CVE-2007-4357 ignore (firefox) status bar can be overwrittten
 CVE-2007-4255 ignore (php) msql extension not shipped
 CVE-2007-4251 ignore (openoffice.org) just a crash
@@ -16,12 +16,15 @@
 CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
 CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664]
 CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254129
-CVE-2007-4131 VULNERABLE (tar) #253684
-CVE-2007-4029 VULNERABLE (libvorbis) #250600
+CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-683]
+CVE-2007-4029 backport (libvorbis) #250600 [since FEDORA-2007-677]
 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
+CVE-2007-4000 backport (krb5) [since FEDORA-2007-690]
+CVE-2007-3999 backport (krb5) [since FEDORA-2007-690]
 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
 CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
 CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675]
+CVE-2007-3848 version (kernel) [since FEDORA-2007-679]
 CVE-2007-3847 VULNERABLE (httpd) #250756
 CVE-2007-3845 ignore (firefox) windows specific
 CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
@@ -50,7 +53,7 @@
 CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
 CVE-2007-3387 VULNERABLE (poppler) #251513
 CVE-2007-3387 backport (tetex) #251515 [since FEDORA-2007-669]
-CVE-2007-3387 VULNERABLE (kdegraphics) #251511
+CVE-2007-3387 backport (kdegraphics) #251511 [since FEDORA-2007-685]
 CVE-2007-3387 backport (cups) #251519 [since FEDORA-2007-644]
 CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
 CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653]


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -r1.92 -r1.93
--- fc7	4 Sep 2007 21:12:24 -0000	1.92
+++ fc7	5 Sep 2007 08:30:51 -0000	1.93
@@ -6,22 +6,22 @@
 # A couple of first F7 updates were marked as FEDORA-2007-0001
 
 # Up to date CVE as of CVE email 20070829
-# Up to date FC7 as of 20070829
+# Up to date FC7 as of 20070905
 
-CVE-2007-4650 VULNERABLE (gallery2) #267421
-CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
+CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020]
+CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
 CVE-2007-4631 VULNERABLE (qgit) #268381
-CVE-2007-4565 VULNERABLE (fetchmail) #260861
+CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
 CVE-2007-4560 VULNERABLE (clamav) #260583
 CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
 CVE-2007-4558 version (star, fixed 1.5a84) [since FEDORA-2007-1852]
 CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
-CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561
+CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]
 CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
 CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
-CVE-2007-4534 VULNERABLE (vavoom) #256621
-CVE-2007-4533 VULNERABLE (vavoom) #256621
-CVE-2007-4532 VULNERABLE (vavoom) #256621
+CVE-2007-4534 backport (vavoom) #256621 [since CVE-2007-4533]
+CVE-2007-4533 backport (vavoom) #256621 [since CVE-2007-4533]
+CVE-2007-4532 backport (vavoom) #256621 [since CVE-2007-4533]
 CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
 CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
 CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
@@ -42,12 +42,14 @@
 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414]
 CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
 CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
-CVE-2007-4139 VULNERABLE (wordpress) #250751
+CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885]
 CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852]
-CVE-2007-4131 VULNERABLE (tar) #253684
+CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890]
 CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765]
 CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765]
 CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
+CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017]
+CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017]
 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
 CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
 CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
@@ -142,7 +144,7 @@
 CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
 CVE-2007-3007 ignore (php) safe mode isn't safe
 *CVE-2007-2975 (openfire)
-CVE-2007-2958 VULNERABLE (claws-mail) #254121
+CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009]
 CVE-2007-2958 backport (sylpheed) #254123 [since FEDORA-2007-1841]
 CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581]
 CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725]


