From fedora-security-commits at redhat.com Thu Nov 1 12:55:54 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 1 Nov 2007 08:55:54 -0400 Subject: [Fedora-security-commits] fedora-security/audit fc6, 1.287, 1.288 fc7, 1.160, 1.161 Message-ID: <200711011255.lA1CtskB018073@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18051/audit Modified Files: fc6 fc7 Log Message: latest cups vulnerability Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.287 retrieving revision 1.288 diff -u -r1.287 -r1.288 --- fc6 31 Oct 2007 17:37:03 -0000 1.287 +++ fc6 1 Nov 2007 12:55:51 -0000 1.288 @@ -53,6 +53,7 @@ CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4465 version (httpd) [since FEDORA-2007-707] CVE-2007-4357 ignore (firefox) status bar can be overwrittten +CVE-2007-4351 VULNERABLE (cups) #361671 CVE-2007-4255 ignore (php) msql extension not shipped CVE-2007-4251 ignore (openoffice.org) just a crash CVE-2007-4229 ignore (kdebase) just an ASSERT fail Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.160 retrieving revision 1.161 diff -u -r1.160 -r1.161 --- fc7 31 Oct 2007 17:37:03 -0000 1.160 +++ fc7 1 Nov 2007 12:55:51 -0000 1.161 @@ -113,6 +113,7 @@ CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774] CVE-2007-4400 VULNERABLE (konversation) #253545 CVE-2007-4357 ignore (firefox) status bar can be overwrittten +CVE-2007-4351 VULNERABLE (cups) #361661 CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643 CVE-2007-4255 ignore (php) msql extension not shipped From fedora-security-commits at redhat.com Thu Nov 1 15:20:37 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 1 Nov 2007 11:20:37 -0400 Subject: [Fedora-security-commits] fedora-security/audit f8,NONE,1.1 Message-ID: <200711011520.lA1FKbjd013655@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13607 Added Files: f8 Log Message: Fedora release 8 (Werewolf) ***** Error reading new file: [Errno 2] No such file or directory: 'f8' From fedora-security-commits at redhat.com Thu Nov 1 15:21:25 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 1 Nov 2007 11:21:25 -0400 Subject: [Fedora-security-commits] fedora-security/audit f9,NONE,1.1 Message-ID: <200711011521.lA1FLPto013782@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13723 Added Files: f9 Log Message: Devel branch resulting in Fedora 9 ***** Error reading new file: [Errno 2] No such file or directory: 'f9' From fedora-security-commits at redhat.com Thu Nov 1 17:02:08 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 1 Nov 2007 13:02:08 -0400 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.1, 1.2 f9, 1.1, 1.2 fc6, 1.288, 1.289 fc7, 1.161, 1.162 Message-ID: <200711011702.lA1H28rR010251@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10002 Modified Files: f8 f9 fc6 fc7 Log Message: Updated a couple of outstanding rawhide issues, tidied up a bit. Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- f8 1 Nov 2007 15:20:35 -0000 1.1 +++ f8 1 Nov 2007 17:02:06 -0000 1.2 @@ -12,12 +12,12 @@ CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081 CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081 CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #349011 -*CVE-2007-5623 VULNERABLE (nagios-plugins, not fixed 1.4.10) #348731 +CVE-2007-5623 VULNERABLE (nagios-plugins, not fixed 1.4.10) #348731 CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #293081 -*CVE-2007-5200 VULNERABLE (hugin) #332401 +CVE-2007-5200 VULNERABLE (hugin) #332401 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #315101 CVE-2007-5079 VULNERABLE (gdm) #239820 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 @@ -29,28 +29,28 @@ CVE-2007-4619 version (flac, fixed 1.2) #332581 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. -CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) Needs bug +CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) #339691 CVE-2007-4400 VULNERABLE (konversation) #253545 Remove media script? -*CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294901 -*CVE-2007-3999 VULNERABLE (libtirpc) #294921 +CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091 +CVE-2007-3999 VULNERABLE (libtirpc) #362111 CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #350271 -CVE-2007-3919 VULNERABLE (xen, not fixed 3.1) +CVE-2007-3919 backport (xen, fixed 3.1.0-13) #361991 CVE-2007-3844 version (firefox, fixed 2.0.0.6) -*CVE-2007-3843 VULNERABLE (kernel) #246595 I suspect this is already fixed in Fedora +CVE-2007-3843 version (kernel) #246595 No idea which version fixed this CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 -*CVE-2007-3145 VULNERABLE (galeon) ** +CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244810 CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244810 CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2165 version (proftpd, fixed 1.3.1rc3) #237533 CVE-2007-1841 version (ipsec-tools, fixed 0.6.7) #238052 CVE-2007-1804 version (pulseaudio) #235013 NOTABUG, there are other known ways to crash pulse. -*CVE-2007-1558 VULNERABLE (evolution) +CVE-2007-1558 version (evolution, fixed 1.8.3-5) CVE-2007-1352 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1351 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1103 ignore (tor) #230927 CANTFIX really -CVE-2007-1004 VULNERABLE (mozilla) Needs an upstream bug +CVE-2007-1004 VULNERABLE (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060 CVE-2007-1003 version (xorg-x11-server, fixed 1.2.1) #235263 CVE-2007-1002 version (evolution, fixed 2.8.2.1) #233587 CVE-2007-0654 backport (xmms, not fixed 1.2.10) #233705 Fixed in older ones? @@ -59,20 +59,20 @@ CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage CVE-2007-0095 ignore (phpMyAdmin) #221694 "Reveals path" CVE-2006-6698 VULNERABLE (GConf2) #219280 -*CVE-2006-6128 VULNERABLE (kernel, fixed **) ReiserFS MOKB +CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB CVE-2006-6107 version (dbus, fixed 1.0.2) #219665 CVE-2006-6077 version (firefox, fixed 1.5.0.10) -*CVE-2006-6058 VULNERABLE (kernel, fixed **) Minix MOKB. I though this one had a bug. RHSA-2007:0672. Will ping esandeen. -*CVE-2006-6057 VULNERABLE (kernel, fixed **) GFS2 MOKB. +CVE-2006-6058 VULNERABLE (kernel) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24 +CVE-2006-6057 version (kernel, fixed 2_6_20-1_2924_fc6) GFS2 MOKB. CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560 CVE-2006-5864 version (evince, fixed 0.6.3) #217672 CVE-2006-5779 version (openldap, fixed 2.3.29) #214768 CVE-2006-5749 version (kernel, fixed 2.6.20-rc2) -*CVE-2006-5701 VULNERABLE (kernel) squashfs MOKB +CVE-2006-5701 version (kernel, kernel-2_6_20-1_2927_fc6) squashfs MOKB CVE-2006-5466 version (rpm, fixed 4.4.2.1) #212833 CVE-2006-5461 version (avahi, fixed 0.6.15) CVE-2006-5397 version (libX11, fixed 1.0.4) #213280 -*CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167 +CVE-2006-5214 backport (xorg-x11-xinit, fixed xorg-x11-xinit-1.0.2-21) #212167 CVE-2006-5178 ignore (php) safe_mode WONTFIX CVE-2006-5170 version (nss_ldap, fixed 183) CVE-2006-4573 version (screen, fixed 4.0.3) #212057 @@ -85,7 +85,7 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways -*CVE-2005-4790 VULNERABLE (tomboy) #252294 -*CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix +CVE-2005-4790 VULNERABLE (tomboy) #252294 +CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- f9 1 Nov 2007 15:21:22 -0000 1.1 +++ f9 1 Nov 2007 17:02:06 -0000 1.2 @@ -1,23 +1,23 @@ # $Id$ # ** are items that need attention -# *CVE are items that need verification for Fedora 9 +# *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) # Up to date CVE as of CVE email 20071030 -# Up to date F9 as of 20071029 +# Up to date F8 as of 20071029 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #357051 CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081 CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081 CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #349011 -*CVE-2007-5623 VULNERABLE (nagios-plugins, not fixed 1.4.10) #348731 +CVE-2007-5623 VULNERABLE (nagios-plugins, not fixed 1.4.10) #348731 CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #293081 -*CVE-2007-5200 VULNERABLE (hugin) #332401 +CVE-2007-5200 VULNERABLE (hugin) #332401 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #315101 CVE-2007-5079 VULNERABLE (gdm) #239820 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 @@ -29,28 +29,28 @@ CVE-2007-4619 version (flac, fixed 1.2) #332581 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. -CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) Needs bug +CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) #339691 CVE-2007-4400 VULNERABLE (konversation) #253545 Remove media script? -*CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294901 -*CVE-2007-3999 VULNERABLE (libtirpc) #294921 +CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101 +CVE-2007-3999 VULNERABLE (libtirpc) #362121 CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #350271 -CVE-2007-3919 VULNERABLE (xen, not fixed 3.1) +CVE-2007-3919 backport (xen, fixed 3.1.0-13) #362011 CVE-2007-3844 version (firefox, fixed 2.0.0.6) -*CVE-2007-3843 VULNERABLE (kernel) #246595 I suspect this is already fixed in Fedora +CVE-2007-3843 version (kernel) #246595 No idea which version fixed this CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 -*CVE-2007-3145 VULNERABLE (galeon) ** +CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244810 CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244810 CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2165 version (proftpd, fixed 1.3.1rc3) #237533 CVE-2007-1841 version (ipsec-tools, fixed 0.6.7) #238052 CVE-2007-1804 version (pulseaudio) #235013 NOTABUG, there are other known ways to crash pulse. -*CVE-2007-1558 VULNERABLE (evolution) +CVE-2007-1558 version (evolution, fixed 1.8.3-5) CVE-2007-1352 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1351 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1103 ignore (tor) #230927 CANTFIX really -CVE-2007-1004 VULNERABLE (mozilla) Needs an upstream bug +CVE-2007-1004 VULNERABLE (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060 CVE-2007-1003 version (xorg-x11-server, fixed 1.2.1) #235263 CVE-2007-1002 version (evolution, fixed 2.8.2.1) #233587 CVE-2007-0654 backport (xmms, not fixed 1.2.10) #233705 Fixed in older ones? @@ -59,20 +59,20 @@ CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage CVE-2007-0095 ignore (phpMyAdmin) #221694 "Reveals path" CVE-2006-6698 VULNERABLE (GConf2) #219280 -*CVE-2006-6128 VULNERABLE (kernel, fixed **) ReiserFS MOKB +CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB CVE-2006-6107 version (dbus, fixed 1.0.2) #219665 CVE-2006-6077 version (firefox, fixed 1.5.0.10) -*CVE-2006-6058 VULNERABLE (kernel, fixed **) Minix MOKB. I though this one had a bug. RHSA-2007:0672. Will ping esandeen. -*CVE-2006-6057 VULNERABLE (kernel, fixed **) GFS2 MOKB. +CVE-2006-6058 VULNERABLE (kernel) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24 +CVE-2006-6057 version (kernel, fixed 2_6_20-1_2924_fc6) GFS2 MOKB. CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560 CVE-2006-5864 version (evince, fixed 0.6.3) #217672 CVE-2006-5779 version (openldap, fixed 2.3.29) #214768 CVE-2006-5749 version (kernel, fixed 2.6.20-rc2) -*CVE-2006-5701 VULNERABLE (kernel) squashfs MOKB +CVE-2006-5701 version (kernel, kernel-2_6_20-1_2927_fc6) squashfs MOKB CVE-2006-5466 version (rpm, fixed 4.4.2.1) #212833 CVE-2006-5461 version (avahi, fixed 0.6.15) CVE-2006-5397 version (libX11, fixed 1.0.4) #213280 -*CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167 +CVE-2006-5214 backport (xorg-x11-xinit, fixed xorg-x11-xinit-1.0.2-21) #212167 CVE-2006-5178 ignore (php) safe_mode WONTFIX CVE-2006-5170 version (nss_ldap, fixed 183) CVE-2006-4573 version (screen, fixed 4.0.3) #212057 @@ -85,7 +85,7 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways -*CVE-2005-4790 VULNERABLE (tomboy) #252294 -*CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix +CVE-2005-4790 VULNERABLE (tomboy) #252294 +CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.288 retrieving revision 1.289 diff -u -r1.288 -r1.289 --- fc6 1 Nov 2007 12:55:51 -0000 1.288 +++ fc6 1 Nov 2007 17:02:06 -0000 1.289 @@ -74,7 +74,7 @@ CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3920 VULNERABLE (gnome-screensaver) #350271 -CVE-2007-3919 VULNERABLE (xen) +CVE-2007-3919 VULNERABLE (xen) #362001 CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675] CVE-2007-3848 version (kernel) [since FEDORA-2007-679] CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.161 retrieving revision 1.162 diff -u -r1.161 -r1.162 --- fc7 1 Nov 2007 12:55:51 -0000 1.161 +++ fc7 1 Nov 2007 17:02:06 -0000 1.162 @@ -151,7 +151,7 @@ CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -CVE-2007-3919 VULNERABLE (xen) +CVE-2007-3919 VULNERABLE (xen) #361981 CVE-2007-3917 version (wesnoth, fixed 1.2.7) #324841 [since FEDORA-2007-2496] CVE-2007-3848 version (kernel) [since FEDORA-2007-1785] CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214] From fedora-security-commits at redhat.com Thu Nov 1 18:00:36 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 1 Nov 2007 14:00:36 -0400 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.2, 1.3 fc6, 1.289, 1.290 fc7, 1.162, 1.163 Message-ID: <200711011800.lA1I0aQX015589@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15567/audit Modified Files: f8 fc6 fc7 Log Message: ruby net::* modules, similar to CVE-2007-5162 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- f8 1 Nov 2007 17:02:06 -0000 1.2 +++ f8 1 Nov 2007 18:00:34 -0000 1.3 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 +CVE-2007-5770 backport (ruby) GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #357051 CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.289 retrieving revision 1.290 diff -u -r1.289 -r1.290 --- fc6 1 Nov 2007 17:02:06 -0000 1.289 +++ fc6 1 Nov 2007 18:00:34 -0000 1.290 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC6 as of 20071029 +CVE-2007-5770 VULNERABLE (ruby) CVE-2007-5461 VULNERABLE (tomcat5) #334521 CVE-2007-5340 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5339 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.162 retrieving revision 1.163 diff -u -r1.162 -r1.163 --- fc7 1 Nov 2007 17:02:06 -0000 1.162 +++ fc7 1 Nov 2007 18:00:34 -0000 1.163 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 +CVE-2007-5770 backport (ruby) [since FEDORA-2007-2685] CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641 CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago From fedora-security-commits at redhat.com Thu Nov 1 19:35:38 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 1 Nov 2007 15:35:38 -0400 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.3, 1.4 f9, 1.2, 1.3 Message-ID: <200711011935.lA1JZcxu000974@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv944 Modified Files: f8 f9 Log Message: liferea for newer releases Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- f8 1 Nov 2007 18:00:34 -0000 1.3 +++ f8 1 Nov 2007 19:35:36 -0000 1.4 @@ -9,6 +9,7 @@ CVE-2007-5770 backport (ruby) GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 +CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641 CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #357051 CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081 CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- f9 1 Nov 2007 17:02:06 -0000 1.2 +++ f9 1 Nov 2007 19:35:36 -0000 1.3 @@ -8,6 +8,7 @@ # Up to date F8 as of 20071029 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 +CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641 CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #357051 CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081 CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081 From fedora-security-commits at redhat.com Fri Nov 2 00:06:49 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 1 Nov 2007 20:06:49 -0400 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.4, 1.5 f9, 1.3, 1.4 fc6, 1.290, 1.291 fc7, 1.163, 1.164 Message-ID: <200711020006.lA206nSS016020@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15980 Modified Files: f8 f9 fc6 fc7 Log Message: Created some tracking bug hierarchies, cleaned some stuff up a bit. More to come. Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- f8 1 Nov 2007 19:35:36 -0000 1.4 +++ f8 2 Nov 2007 00:06:47 -0000 1.5 @@ -10,18 +10,18 @@ CVE-2007-5770 backport (ruby) GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641 -CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #357051 -CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081 -CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081 -CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #349011 +CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362771 +CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #362991 +CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #362991 +CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362801 CVE-2007-5623 VULNERABLE (nagios-plugins, not fixed 1.4.10) #348731 CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 -CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531 +CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #363001 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 -CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #293081 -CVE-2007-5200 VULNERABLE (hugin) #332401 -CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #315101 -CVE-2007-5079 VULNERABLE (gdm) #239820 Red Hat specific problem +CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831 +CVE-2007-5200 VULNERABLE (hugin) #362861 +CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891 +CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 CVE-2007-4999 version (pidgin, fixed 2.2.2) @@ -32,18 +32,19 @@ CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) #339691 -CVE-2007-4400 VULNERABLE (konversation) #253545 Remove media script? +CVE-2007-4400 VULNERABLE (konversation) #362921 Remove media script? +CVE-2007-4351 VULNERABLE (cups) #362971 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091 CVE-2007-3999 VULNERABLE (libtirpc) #362111 -CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #350271 +CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #363061 CVE-2007-3919 backport (xen, fixed 3.1.0-13) #361991 CVE-2007-3844 version (firefox, fixed 2.0.0.6) CVE-2007-3843 version (kernel) #246595 No idea which version fixed this CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length -CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244810 -CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244810 +CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #363081 +CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #363081 CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2165 version (proftpd, fixed 1.3.1rc3) #237533 CVE-2007-1841 version (ipsec-tools, fixed 0.6.7) #238052 @@ -87,7 +88,7 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways -CVE-2005-4790 VULNERABLE (tomboy) #252294 +CVE-2005-4790 VULNERABLE (tomboy) #362951 CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- f9 1 Nov 2007 19:35:36 -0000 1.3 +++ f9 2 Nov 2007 00:06:47 -0000 1.4 @@ -1,26 +1,26 @@ # $Id$ # ** are items that need attention -# *CVE are items that need verification for Fedora 8 +# *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) # Up to date CVE as of CVE email 20071030 -# Up to date F8 as of 20071029 +# Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641 -CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #357051 -CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081 -CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081 -CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #349011 -CVE-2007-5623 VULNERABLE (nagios-plugins, not fixed 1.4.10) #348731 -CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 +CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362781 +CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360091 +CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360091 +CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362811 +CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 +CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 -CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #293081 -CVE-2007-5200 VULNERABLE (hugin) #332401 -CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #315101 -CVE-2007-5079 VULNERABLE (gdm) #239820 Red Hat specific problem +CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841 +CVE-2007-5200 VULNERABLE (hugin) #362871 +CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901 +CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 CVE-2007-4999 version (pidgin, fixed 2.2.2) @@ -31,7 +31,8 @@ CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) #339691 -CVE-2007-4400 VULNERABLE (konversation) #253545 Remove media script? +CVE-2007-4400 VULNERABLE (konversation) #362931 Remove media script? +CVE-2007-4351 version (cups) #361681 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101 CVE-2007-3999 VULNERABLE (libtirpc) #362121 CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #350271 @@ -41,8 +42,8 @@ CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length -CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244810 -CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244810 +CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244812 +CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244812 CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2165 version (proftpd, fixed 1.3.1rc3) #237533 CVE-2007-1841 version (ipsec-tools, fixed 0.6.7) #238052 @@ -86,7 +87,7 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways -CVE-2005-4790 VULNERABLE (tomboy) #252294 +CVE-2005-4790 VULNERABLE (tomboy) #362961 CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.290 retrieving revision 1.291 diff -u -r1.290 -r1.291 --- fc6 1 Nov 2007 18:00:34 -0000 1.290 +++ fc6 2 Nov 2007 00:06:47 -0000 1.291 @@ -24,6 +24,7 @@ CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718] CVE-2007-5137 backport (tk, fixed 8.4.16) #332071 [since FEDORA-2007-728] CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-725] +CVE-2007-5079 VULNERABLE (gdm) #363031 CVE-2007-5034 version (elinks) #297611 [since FEDORA-2007-710] CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-725] CVE-2007-4993 backport (xen) [since FEDORA-2007-713] @@ -62,7 +63,7 @@ CVE-2007-4224 backport (kdebase) too obvious -- mouse pointer indicates script activity [since FEDORA-2007-716] CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664] CVE-2007-4137 backport (qt) #292951 [since FEDORA-2007-703] -CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254129 +CVE-2007-4134 backport (star, fixed 1.5a84) #254129 CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-683] CVE-2007-4029 backport (libvorbis) #250600 [since FEDORA-2007-677] CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] @@ -74,13 +75,13 @@ CVE-2007-3996 backport (php) [since FEDORA-2007-709] CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib -CVE-2007-3920 VULNERABLE (gnome-screensaver) #350271 +CVE-2007-3920 VULNERABLE (compiz) #350271 CVE-2007-3919 VULNERABLE (xen) #362001 CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675] CVE-2007-3848 version (kernel) [since FEDORA-2007-679] CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707] CVE-2007-3845 ignore (firefox) windows specific -CVE-2007-3844 VULNERABLE (firefox, fixed 2.0.0.6) #250648 "fixed on next update" +CVE-2007-3844 version (firefox, fixed 2.0.0.6) #250648 "fixed on next update" CVE-2007-3843 VULNERABLE (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-716] @@ -120,7 +121,7 @@ CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594] CVE-2007-3126 ignore (gimp) just a crash CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-661] -CVE-2007-3106 VULNERABLE (libvorbis) #250600 +CVE-2007-3106 backport (libvorbis) #250600 [since FEDORA-2007-677] CVE-2007-3102 backport (openssh) [since FEDORA-2007-715] CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647] CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.163 retrieving revision 1.164 diff -u -r1.163 -r1.164 --- fc7 1 Nov 2007 18:00:34 -0000 1.163 +++ fc7 2 Nov 2007 00:06:47 -0000 1.164 @@ -9,26 +9,26 @@ # Up to date FC7 as of 20071029 CVE-2007-5770 backport (ruby) [since FEDORA-2007-2685] -CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641 +CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago -CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #357051 +CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362761 CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081 CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081 CVE-2007-5626 ignore (bacula) known, documented limitation -CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #349011 -CVE-2007-5623 VULNERABLE (nagios-plugins) #348731 +CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362791 +CVE-2007-5623 backport (nagios-plugins) #348731 [since FEDORA-2007-2713] CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649] CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649] CVE-2007-5595 version (drupal, fixed 5.3) [since FEDORA-2007-2649] CVE-2007-5594 version (drupal, fixed 5.3) [since FEDORA-2007-2649] CVE-2007-5593 version (drupal, fixed 5.3) [since FEDORA-2007-2649] -CVE-2007-5589 VULNERABLE (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 +CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738] CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652] CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652] CVE-2007-5461 VULNERABLE (tomcat5) #334511 #334531 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe -CVE-2007-5386 VULNERABLE (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 +CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738] CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] @@ -42,9 +42,9 @@ CVE-2007-5266 ignore (libpng) shipped version too old and not affected CVE-2007-5226 backport (dircproxy) #319301 [since FEDORA-2007-2419] CVE-2007-5208 backport (hplip) #329111 [since FEDORA-2007-2527] -CVE-2007-5201 VULNERABLE (duplicity) #293081 -CVE-2007-5200 VULNERABLE (hugin) #332401 -CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #315101 +CVE-2007-5201 VULNERABLE (duplicity) #362821 +CVE-2007-5200 VULNERABLE (hugin) #362851 +CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881 CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462] CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406] CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295] @@ -52,13 +52,13 @@ CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-2530] CVE-2007-5106 ignore (wordpress) affects old 2.0.x versions CVE-2007-5105 ignore (wordpress) affects old 2.0.x versions -CVE-2007-5079 VULNERABLE (gdm) #239820 +CVE-2007-5079 VULNERABLE (gdm) #363011 CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 [since FEDORA-2007-2299] CVE-2007-5037 VULNERABLE (inotify-tools) #299771 CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224] CVE-2007-5007 VULNERABLE (balsa) #297601 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-4999 VULNERABLE (pidgin, fixed 2.2.2) +CVE-2007-4999 version (pidgin, fixed 2.2.2) [since FEDORA-2007-2714] CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368] CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530] CVE-2007-4993 backport (xen) [since FEDORA-2007-2270] @@ -112,9 +112,9 @@ CVE-2007-4465 version (httpd) [since FEDORA-2007-2214] CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774] -CVE-2007-4400 VULNERABLE (konversation) #253545 +CVE-2007-4400 VULNERABLE (konversation) #362911 CVE-2007-4357 ignore (firefox) status bar can be overwrittten -CVE-2007-4351 VULNERABLE (cups) #361661 +CVE-2007-4351 backport (cups) #361661 [since FEDORA-2007-2715] CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643 CVE-2007-4255 ignore (php) msql extension not shipped @@ -145,19 +145,19 @@ CVE-2007-3999 VULNERABLE (libtirpc) #294921 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib -CVE-2007-3920 VULNERABLE (gnome-screensaver) #350271 +CVE-2007-3920 VULNERABLE (compiz) #350271 CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697] CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -CVE-2007-3919 VULNERABLE (xen) #361981 +CVE-2007-3919 backport (xen) #361981 [since FEDORA-2007-2708] CVE-2007-3917 version (wesnoth, fixed 1.2.7) #324841 [since FEDORA-2007-2496] CVE-2007-3848 version (kernel) [since FEDORA-2007-1785] CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214] CVE-2007-3845 ignore (firefox) windows specific -CVE-2007-3844 VULNERABLE (firefox, fixed 2.0.0.6) #250648 "fixed on next update" +CVE-2007-3844 version (firefox, fixed 2.0.0.6) #250648 "fixed on next update" CVE-2007-3843 VULNERABLE (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699] @@ -329,8 +329,8 @@ *CVE-2007-1859 ** (xscreensaver) *CVE-2007-1858 ** (tomcat) CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch -*CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 -*CVE-2007-1804 VULNERABLE (pulseaudio) #235013 +CVE-2007-1841 version (ipsec-tools) #238052 +CVE-2007-1804 version (pulseaudio) #235013 CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 CVE-2007-1797 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340] CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 @@ -359,7 +359,7 @@ CVE-2007-1558 version (balsa) [since FEDORA-2007-1447] CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) -*CVE-2007-1558 VULNERABLE (evolution) +CVE-2007-1558 version (evolution) CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 @@ -399,8 +399,8 @@ *CVE-2007-1359 backport (mod_security, fixed 2.1.0-3) #231728 CVE-2007-1358 ** (tomcat5) #244810 *CVE-2007-1354 ** (jboss) -*CVE-2007-1352 VULNERABLE (libXfont) #235265 -*CVE-2007-1351 VULNERABLE (libXfont) #235265 +CVE-2007-1352 version (libXfont) #235265 +CVE-2007-1351 version (libXfont) #235265 CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-0316] CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1322 ** (qemu) #238723 @@ -423,7 +423,7 @@ CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] CVE-2007-1216 version (krb5, fixed 1.6-3) #231537 -*CVE-2007-1103 VULNERABLE (tor) #230927 +CVE-2007-1103 version (tor) #230927 CVE-2007-1095 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-1092 version (seamonkey, fixed 1.0.8) CVE-2007-1055 version (mediawiki, fixed 1.8.3) @@ -1341,7 +1341,7 @@ CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug CVE-2005-4803 version (graphviz, fixed 2.2.1) CVE-2005-4798 version (kernel, not 2.6) -CVE-2005-4790 VULNERABLE (tomboy) #252294 +CVE-2005-4790 VULNERABLE (tomboy) #362941 CVE-2005-4784 ignore (glibc) struct dirent is big enough CVE-2005-4746 version (freeradius, fixed 1.0.5) CVE-2005-4745 version (freeradius, fixed 1.0.5) From fedora-security-commits at redhat.com Fri Nov 2 01:49:23 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 1 Nov 2007 21:49:23 -0400 Subject: [Fedora-security-commits] fedora-security/manifest dist-f8-updates, NONE, 1.1 dist-f8, 1.1, NONE Message-ID: <200711020149.lA21nNMD028765@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/manifest In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28625 Added Files: dist-f8-updates Removed Files: dist-f8 Log Message: dist-f8 -> dist-f8-updates --- NEW FILE dist-f8-updates --- Build Tag Built by ---------------------------------------- -------------------- ---------------- 915resolution-0.5.3-2.fc8 dist-f8 cweyl AGReader-1.2-4.fc8 dist-f8 oddsocks AllegroOGG-1.0.3-3.fc8 dist-f8 jwrdegoede BackupPC-3.0.0-3.fc8 dist-f8 trasher BibTool-2.48-6.fc7 fe7-merge jkeating CCfits-1.7-1.fc8.1 dist-f8 sergiopr CGAL-3.3.1-2.fc8 dist-f8 rineau Canna-3.7p3-21.fc8 dist-f8 tagoh CastPodder-5.0-8.fc6 fe7-merge jkeating ClanLib-0.8.0-6.fc8 dist-f8 jwrdegoede ClanLib06-0.6.5-8.fc8 dist-f8 jwrdegoede Coin2-2.5.0-2.fc8 dist-f8 corsepiu ConsoleKit-0.2.3-1.fc8 dist-f8 mclasen DMitry-1.3a-2.fc8 dist-f8 sindrepb Democracy-0.9.5.1-11.fc8 dist-f8 jkeating DevIL-1.6.8-0.13.rc2.fc8 dist-f8 oddsocks Django-0.96-1.fc7 fe7-merge jkeating ElectricFence-2.2.2-23 dist-fc7 jkeating FlightGear-0.9.11-0.4.pre1.fc8 dist-f8 bellet GConf2-2.20.1-1.fc8 dist-f8 mclasen GREYCstoration-2.5.2-6.fc8 dist-f8 deebs GeoIP-1.4.3-1.fc8 dist-f8 mfleming Glide3-20050815-6.fc8 dist-f8 jwrdegoede Glide3-libGL-6.2.1-7.fc8 dist-f8 jwrdegoede GraphicsMagick-1.1.8-3.fc8 dist-f8 jkeating GtkAda-2.8.0-7.fc7 fe7-merge jkeating HelixPlayer-1.0.9-1.fc8 dist-f8 abompard Hermes-1.3.3-13.fc8 dist-f8 jwrdegoede HippoDraw-1.21.1-2.fc8 dist-f8 pfkeb ImageMagick-6.3.5.9-1.fc8 dist-f8 nmurray Inventor-2.1.5-30.fc8 dist-f8 corsepiu Io-language-20070710-2.fc8 dist-f8 jwrdegoede JSDoc-1.10.2-4.fc8 dist-f8 mcepl KoboDeluxe-0.4-0.4.pre10.fc8 dist-f8 jwrdegoede LabPlot-1.5.1.6-4.fc8 dist-f8 chitlesh MAKEDEV-3.23-1.2 dist-fc6 jkeating Macaulay2-0.9.95-8.fc8 dist-f8 rdieter Maelstrom-3.0.6-14 dist-f8 notting MagicPoint-1.11b-4.fc8 dist-f8 jwrdegoede MegaMek-0.30.11-2.fc8 dist-f8 fitzsim Miro-0.9.8.1-7.fc8 dist-f8 alexlan MochiKit-1.3.1-1.fc6 fe7-merge jkeating MyPasswordSafe-0.6.7-1.20061216.fc8 dist-f8 ertzing MySQL-python-1.2.2-4.fc8 dist-f8 tgl NetworkManager-0.7.0-0.5.svn3030.fc8 dist-f8 dcbw NetworkManager-openvpn-0.7.0-2.svn3047.fc8 dist-f8 timn NetworkManager-vpnc-0.7.0-0.4.svn3030.fc8 dist-f8 notting ORBit-0.5.17-22.fc8 dist-f8 pghmcfc ORBit2-2.14.10-2.fc8 dist-f8 ausil OpenEXR-1.6.0-5.fc8 dist-f8 rdieter OpenIPMI-2.0.11-3.fc8 dist-f8 pknirsch OpenSceneGraph-2.0-7.fc8 dist-f8 corsepiu PerceptualDiff-1.0.1-6.fc8 dist-f8 kwizart Perlbal-1.59-1.fc8 dist-f8 ruben Pixie-2.2.2-4.fc8 dist-f8 kwizart PolicyKit-0.6-1.fc8 dist-f8 davidz PolicyKit-gnome-0.6-1.fc8 dist-f8 davidz Pound-2.4-0.1.d.fc8 dist-f8 ruben PyKDE-3.16.0-7.fc8 dist-f8 rdieter PyOpenGL-3.0.0-0.4.a6.fc8 dist-f8 jwrdegoede PyQt-3.17.1-1.fc7 dist-fc7 jkeating PyQt-qscintilla-3.17.1-3.fc8 dist-f8 rdieter PyQt4-4.2-8.fc8 dist-f8 rdieter PyRTF-0.45-5.fc8 dist-f8 jamatos PySolFC-1.1-3.fc7 dist-fc7-updates firewing PySolFC-music-4.40-3 dist-fc7-updates firewing PyX-0.9-5.fc8 dist-f8 jamatos PyXML-0.8.4-7 dist-f8 laroche Pyrex-0.9.5.1a-1.fc8 dist-f8 mbarnes PythonCAD-0.1.36-2.fc8 dist-f8 kwizart QuantLib-0.8.1-4.fc8 dist-f8 spot R-2.6.0-3.fc8.1 dist-f8 spot R-BufferedMatrix-1.0.1-6.fc8 dist-f8 jkeating R-DynDoc-1.14.0-5.fc8 dist-f8 pingou R-RScaLAPACK-0.5.1-10.fc8.1 dist-f8 spot R-hdf5-1.6.6-2.fc8 dist-f8 spot R-mAr-1.1-11.fc8 dist-f8 jamatos R-multcomp-0.992-3.fc8 dist-f8 orion R-mvtnorm-0.8-3.fc8 dist-f8 orion R-systemfit-0.8-6.fc8 dist-f8 orion R-waveslim-1.6-4.fc8 dist-f8 jamatos R-wavethresh-2.2-7.fc8 dist-f8 jamatos R-widgetTools-1.12.0-12.fc8 dist-f8 pingou Ri-li-2.0.0-2.fc8 dist-f8 jwrdegoede SDL-1.2.12-2.fc8 dist-f8 twoerner SDL_Pango-0.1.2-7 dist-f8 thias SDL_gfx-2.0.16-4.fc8 dist-f8 thias SDL_image-1.2.6-3.fc8 dist-f8 bpepple SDL_mixer-1.2.8-4.fc8 dist-f8 wtogami SDL_net-1.2.7-3.fc8 dist-f8 bpepple SDL_sound-1.0.1-8.fc7 dist-fc7-updates jwrdegoede SDL_ttf-2.0.9-3.fc8 dist-f8 bpepple SDLmm-0.1.8-5.fc8 dist-f8 jwrdegoede SIBsim4-0.15-2.fc8 dist-f8 c4chris SILLY-0.1.0-3.fc8 dist-f8 oddsocks SIMVoleon-2.0.1-7.fc8 dist-f8 corsepiu SOAPpy-0.11.6-6.fc7 fe7-merge jkeating ScientificPython-2.6-10.fc8 dist-f8 jspaleta SimGear-0.3.11-0.3.pre1.fc8.2 dist-f8 spot SoQt-1.4.1-6.fc8 dist-f8 corsepiu Sprog-0.14-12.fc6 fe7-merge jkeating SteGUI-0.0.1-12.fc8 dist-f8 pingou TeXmacs-1.0.6.11-3.fc8 dist-f8 gemi Terminal-0.2.6-3.fc8 dist-f8 kevin Thunar-0.8.0-3.fc8 dist-f8 kevin TnL-070909-2.fc8 dist-f8 jwrdegoede TnL-data-070909-1.fc8 dist-f8 jwrdegoede TurboGears-1.0.3.2-5.fc8 dist-f8 toshio VLGothic-fonts-20070901-1.fc8 dist-f8 ryo WindowMaker-0.92.0-14.fc8 dist-f8 awjb Xaw3d-1.5E-10.1 dist-fc6 jkeating Zim-0.19-1.fc7 dist-f8 jkeating a2ps-4.13b-69.fc8 dist-f8 twaugh aalib-1.4.0-0.13.rc5.fc8 dist-f8 garrick aasaver-0.3.2-1.fc8 dist-f8 oddsocks abcMIDI-20070106-1.fc7 fe7-merge jkeating abcde-2.3.99.6-4.fc8 dist-f8 scop abcm2ps-5.5.2-1.fc8 dist-f8 gemi abe-1.1-6.fc8 dist-f8 wart abicheck-1.2-15 dist-f8 mschwendt abiword-2.4.6-6.fc8 dist-f8 lkundrak abook-0.6.0-0.2.pre2.fc8 dist-f8 rathann abuse-0.7.0-5.fc8 dist-f8 jwrdegoede abyssinica-fonts-1.0-2.fc8 dist-f8 bernie ack-1.64-1.fc8 dist-f8 iburrell acl-2.2.39-10.fc8 dist-f8 jmoskovc acpi-0.09-2.fc6 fe7-merge jkeating acpid-1.0.6-3.fc8 dist-f8 zprikryl acpitool-0.4.7-1.fc8 dist-f8 pertusus adaptx-0.9.13-4jpp.3.fc8 dist-f8 spot adime-2.2.1-6.fc8 dist-f8 jwrdegoede adjtimex-1.21-3.fc8 dist-f8 mlichvar adminutil-1.1.4-2.fc8 dist-f8 rmeggins adns-1.2-6.fc8 dist-f8 rvokal adplay-1.6-2.fc8 dist-f8 snirkel adplug-2.1-2.fc8 dist-f8 snirkel advancecomp-1.15-9 dist-f8 thias agave-0.4.2-5.fc8 dist-f8 abompard aget-0.4-3.fc8 dist-f8 sundaram agg-2.5-4.fc8 dist-f8 caolanm agistudio-1.2.3-4.fc8 dist-f8 limb aiccu-2007.01.15-3.fc8 dist-f8 mdomsch aide-0.13.1-3 dist-f8 mschwendt aiksaurus-1.2.1-15.fc6 fe7-merge jkeating aircrack-ng-0.9.1-2.fc8 dist-f8 till airsnort-0.2.7e-11.fc7 fe7-merge jkeating akode-2.0.1-9.fc8 dist-f8 rdieter alacarte-0.11.3-4.fc8 dist-f8 mclasen alchemist-1.0.37-2.fc8 dist-f8 twaugh aldrin-0.11-6.fc8 dist-f8 akahl alex-2.1.0-5.fc8 dist-f8 bos alex4-1.0-4.fc8 dist-f8 jwrdegoede alexandria-0.6.1-3.fc8 dist-f8 mtasaka alfont-2.0.6-3.fc8 dist-f8 jwrdegoede alienblaster-1.1.0-3.fc8 dist-f8 jwrdegoede alleggl-0.4.2-0.2.rc1.fc8 dist-f8 jwrdegoede allegro-4.2.2-6.fc8 dist-f8 jwrdegoede alleyoop-0.9.3-3.fc8 dist-f8 giallu alliance-5.0-10.20070718snap.fc8 dist-f8 chitlesh alltray-0.69-3.fc8 dist-f8 denis alphabet-soup-1.1-3.fc8 dist-f8 jwrdegoede alpine-0.9999-2.fc8 dist-f8 joshuadf alsa-lib-1.0.15-1.fc8 dist-f8 stransky alsa-oss-1.0.14-3.fc8 dist-f8 jima alsa-plugins-1.0.14-5.fc8 dist-f8 lennart alsa-tools-1.0.12-4.fc7 fe7-merge jkeating alsa-utils-1.0.15-1.fc8 dist-f8 stransky alsamixergui-0.9.0-0.3.rc1.fc8.2 dist-f8 spot altermime-0.3.7-2.fc6 fe7-merge jkeating am-utils-6.1.5-6.fc7 dist-fc7 jkeating amanda-2.5.2p1-8.fc8 dist-f8 rbrich amarok-1.4.7-7.fc8 dist-f8 abompard amarokFS-0.5-1.fc7 fe7-merge jkeating amavisd-new-2.5.2-2.fc8 dist-f8 steve amqp-0.8-2rhm.1.fc7 fe7-merge jkeating amsn-0.96-7.fc7 fe7-merge jkeating amtterm-1.0-1.fc8 dist-f8 kraxel amtu-1.0.5-1.fc7 dist-fc7 jkeating anaconda-11.3.0.50-1 dist-f8 katzj anacron-2.3-56.fc8 dist-f8 mmaslano and-1.2.2-4.fc8 dist-f8 s4504kr angrydd-1.0.1-3.fc8 dist-f8 rafalzaq animorph-0.2-2.fc8 dist-f8 kwizart anjuta-2.2.0-3.fc8 dist-f8 jkeating anjuta-gdl-0.7.3-1.fc7 fe7-merge jkeating ant-1.7.0-1jpp.2.fc8 dist-f8 pcheung ant-contrib-1.0-0.4.b2.fc6 fe7-merge jkeating anthy-9100b-1.fc8 dist-f8 tagoh antiword-0.37-4 dist-f8 adrian antlr-2.7.7-1jpp.6.fc8 dist-f8 dbhole ants-1.4-3.fc8 dist-f8 jwrdegoede aoetools-18-1.fc8 dist-f8 jima apachetop-0.12.6-3.fc8 dist-f8 abompard apcupsd-3.14.2-1.fc8 dist-f8 orion apel-10.7-1.fc8 dist-f8 tagoh apg-2.3.0b-5.fc8 dist-f8 kevin aplus-fsf-4.20.2-22.fc8 dist-f8 s4504kr [...4457 lines suppressed...] xfprint-4.4.1-2.fc8 dist-f8 kevin xfsdump-2.2.46-1.fc8 dist-f8 sandeen xfsprogs-2.9.4-4.fc8 dist-f8 sandeen xfwm4-4.4.1-3.fc8 dist-f8 kevin xfwm4-themes-4.4.1-2.fc8 dist-f8 kevin xgalaxy-2.0.34-7.fc8 dist-f8 jwrdegoede xgrav-1.2.0-4.fc7 dist-fc7-updates limb xgrep-0.06-3.fc8 dist-f8 brendt xhtml1-dtds-1.0-7.1.1 dist-fc6 jkeating xine-lib-1.1.8-4.fc8 dist-f8 scop xine-plugin-1.0-5.fc8 dist-f8 mso xinetd-2.3.14-14.fc8 dist-f8 jsafrane xjavadoc-1.1-4jpp.3.fc8 dist-f8 dbhole xkeyboard-config-1.1-3.fc8 dist-f8 mclasen xkeycaps-2.46-6.fc8.3 dist-f8 spot xl2tpd-1.1.11-3.fc8 dist-f8 jkeating xlhtml-0.5-7.fc8 dist-f8 abompard xlockmore-5.24-1.fc8 dist-f8 adrian xml-commons-apis-1.3.04-0jpp.1.fc8 dist-f8 mwringe xml-commons-apis12-1.2.04-0jpp.4.fc8 dist-f8 laroche xml-commons-resolver-1.1-1jpp.12 dist-fc6 jkeating xml-commons-which-1.0-0.b2.0jpp.2 dist-fc7 jkeating xmldb-api-0.1-0.1.20011111cvs.1jpp.2.fc7 fe7-merge jkeating xmlindent-0.2.17-8.fc8 dist-f8 adrian xmlrpc-2.0.1-3jpp.2 dist-fc7 jkeating xmlrpc-c-1.06.18-1.fc8 dist-f8 ensc xmlrpc3-3.0-1jpp.4.fc8 dist-f8 overholt xmlsec1-1.2.9-8.1 dist-fc6 jkeating xmlstarlet-1.0.1-4.fc7 fe7-merge jkeating xmltex-20020625-8 dist-fc6 jkeating xmlto-0.0.18-17 dist-f8 ovasik xmlunit-1.0-4jpp.1.fc7 fe7-merge jkeating xmms-1.2.10-36.fc7 fe7-merge jkeating xmms-acme-0.4.3-8 dist-f8 thias xmms-adplug-1.2-5.fc8 dist-f8 snirkel xmms-alarm-0.3.7-6.fc7 fe7-merge jkeating xmms-arts-0.7.1-6 dist-f8 thias xmms-cdread-0.14-12.fc6 fe7-merge jkeating xmms-crossfade-0.3.12-2 dist-f8 thias xmms-flac-1.1.4-3.fc8 dist-f8 thias xmms-lirc-1.4-11 dist-f8 thias xmms-modplug-2.05-11.fc8 dist-f8 scop xmms-musepack-1.2-5.fc8 dist-f8 thias xmms-scrobbler-0.3.8.1-3.fc7 fe7-merge jkeating xmms-sid-0.8.0-0.4.beta17.fc8 dist-f8 mschwendt xmms-skins-1.2.10-15 fe7-merge jkeating xmms-speex-0.9.1-11 dist-f8 thias xmoto-0.3.3-2.fc8 dist-f8 limb xmoto-edit-0.2.4-10.fc8 dist-f8 limb xom-1.0-3jpp.4.fc7 fe7-merge jkeating xoo-0.7-7.fc8 dist-f8 pwouters xorg-sgml-doctools-1.1.1-1.fc7 dist-fc7 jkeating xorg-x11-apps-7.3-1.fc8 dist-f8 ajax xorg-x11-docs-1.3-1.fc7 dist-fc7 jkeating xorg-x11-drivers-7.2-9.fc8 dist-f8 ajax xorg-x11-drv-acecad-1.1.0-5.fc8 dist-f8 ajax xorg-x11-drv-aiptek-1.0.1-5.fc8 dist-f8 ajax xorg-x11-drv-amd-0.0-22.20070625.fc8 dist-f8 dcbw xorg-x11-drv-apm-1.1.1-7.fc8 dist-f8 ajax xorg-x11-drv-ark-0.6.0-6.fc8 dist-f8 ajax xorg-x11-drv-ast-0.81.0-6.fc8 dist-f8 ajax xorg-x11-drv-ati-6.7.195-3.fc8 dist-f8 airlied xorg-x11-drv-avivo-0.0.1-6.fc8 dist-f8 krh xorg-x11-drv-calcomp-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-chips-1.1.1-5.fc8 dist-f8 ajax xorg-x11-drv-cirrus-1.1.0-5.fc8 dist-f8 ajax xorg-x11-drv-citron-2.2.0-2.fc7 dist-fc7 jkeating xorg-x11-drv-cyrix-1.1.0-5.fc8 dist-f8 ajax xorg-x11-drv-digitaledge-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-dmc-1.1.0-3.fc7 dist-fc7 jkeating xorg-x11-drv-dummy-0.2.0-5.fc8 dist-f8 ajax xorg-x11-drv-dynapro-1.1.0-3.fc7 dist-fc7 jkeating xorg-x11-drv-elographics-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-evdev-1.1.2-5.fc8 dist-f8 ajax xorg-x11-drv-fbdev-0.3.1-4.fc8 dist-f8 ajax xorg-x11-drv-fpit-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-glint-1.1.1-7.fc8 dist-f8 ajax xorg-x11-drv-hyperpen-1.1.0-5.fc8 dist-f8 ajax xorg-x11-drv-i128-1.2.1-1.fc8 dist-f8 ajax xorg-x11-drv-i740-1.1.0-5.fc8 dist-f8 ajax xorg-x11-drv-i810-2.1.1-7.fc8 dist-f8 airlied xorg-x11-drv-jamstudio-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-keyboard-1.2.2-2.fc8 dist-f8 ajax xorg-x11-drv-magellan-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-magictouch-1.0.0.5-5.fc8 dist-f8 ajax xorg-x11-drv-mga-1.4.6.1-6.fc8 dist-f8 ajax xorg-x11-drv-microtouch-1.1.0-2.fc7 dist-fc7 jkeating xorg-x11-drv-mouse-1.2.3-1.fc8 dist-f8 ajax xorg-x11-drv-mutouch-1.1.0-5.fc8 dist-f8 ajax xorg-x11-drv-neomagic-1.1.1-4.fc8 dist-f8 ajax xorg-x11-drv-nsc-2.8.1-4.fc8 dist-f8 ajax xorg-x11-drv-nv-2.1.5-2.fc8 dist-f8 airlied xorg-x11-drv-palmax-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-penmount-1.1.0-3.fc7 dist-fc7 jkeating xorg-x11-drv-rendition-4.1.3-5.fc8 dist-f8 ajax xorg-x11-drv-s3-0.5.0-5.fc8 dist-f8 ajax xorg-x11-drv-s3virge-1.9.1-5.fc8 dist-f8 ajax xorg-x11-drv-savage-2.1.3-1.fc8 dist-f8 airlied xorg-x11-drv-siliconmotion-1.5.1-3.fc8 dist-f8 ajax xorg-x11-drv-sis-0.9.3-4.fc8 dist-f8 ajax xorg-x11-drv-sisusb-0.8.1-9.fc8 dist-f8 ajax xorg-x11-drv-spaceorb-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-summa-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-tdfx-1.3.0-6.fc8 dist-f8 ajax xorg-x11-drv-tek4957-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-trident-1.2.3-6.fc8 dist-f8 ajax xorg-x11-drv-tseng-1.1.0-7.fc8 dist-f8 ajax xorg-x11-drv-ur98-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-v4l-0.1.1-8.fc8 dist-f8 ajax xorg-x11-drv-vermilion-1.0.0-2.fc8 dist-f8 ajax xorg-x11-drv-vesa-1.3.0-10.fc8 dist-f8 ajax xorg-x11-drv-vga-4.1.0-5.fc8 dist-f8 ajax xorg-x11-drv-via-0.2.2-4.fc8 dist-f8 ajax xorg-x11-drv-vmmouse-12.4.3-1.fc8 dist-f8 ajax xorg-x11-drv-vmware-10.15.2-1.fc8 dist-f8 ajax xorg-x11-drv-void-1.1.1-6.fc8 dist-f8 ajax xorg-x11-drv-voodoo-1.1.1-1.fc8 dist-f8 ajax xorg-x11-filesystem-7.1-2.fc6 dist-fc6 jkeating xorg-x11-font-utils-7.2-2.fc8 dist-f8 ajax xorg-x11-fonts-7.2-3.fc8 dist-f8 ajax xorg-x11-proto-devel-7.3-3.fc8 dist-f8 ajax xorg-x11-resutils-7.1-4.fc8 dist-f8 ajax xorg-x11-server-1.3.0.0-33.fc8 dist-f8 airlied xorg-x11-server-utils-7.3-1.fc8 dist-f8 ajax xorg-x11-twm-1.0.3-1.fc8 dist-f8 airlied xorg-x11-util-macros-1.1.5-1.fc7 dist-fc7 jkeating xorg-x11-utils-7.3-1.fc8 dist-f8 ajax xorg-x11-xauth-1.0.2-3.fc8 dist-f8 ajax xorg-x11-xbitmaps-1.0.1-4.1 dist-fc6 jkeating xorg-x11-xdm-1.1.6-2.fc8 dist-f8 rstrode xorg-x11-xfs-1.0.5-1.fc8 dist-f8 ajax xorg-x11-xfwp-1.0.1-5.fc8 dist-f8 ajax xorg-x11-xinit-1.0.7-2.fc8 dist-f8 nalin xorg-x11-xkb-utils-7.2-3.fc8 dist-f8 ajax xorg-x11-xsm-1.0.2-6.fc8 dist-f8 ajax xorg-x11-xtrans-devel-1.0.3-5.fc8 dist-f8 ajax xosd-2.2.14-10.fc8 dist-f8 kevin xournal-0.4.1-3.fc8 dist-f8 rvinyard xpa-2.1.7-0.3.b2.fc8 dist-f8 sergiopr xpdf-3.02-3.fc8 dist-f8 spot xpilot-ng-4.7.2-13.fc8 dist-f8 wart xplanet-1.2.0-2.1.fc8.2 dist-f8 mtasaka xpp2-2.1.10-6jpp.1.fc7 fe7-merge jkeating xpp3-1.1.3.8-1jpp.1.fc7 fe7-merge jkeating xprobe2-0.3-9.fc8 dist-f8 lmacken xrestop-0.4-3.fc8 dist-f8 ajax xsane-0.994-4.fc8 dist-f8 nphilipp xsc-1.5-2.fc8 dist-f8 limb xscorch-0.2.0-12.fc8 dist-f8 mgarski xscreensaver-5.03-12.fc8 dist-f8 mtasaka xsp-1.2.1-1.fc7 fe7-merge jkeating xsri-2.1.0-12.fc8 dist-f8 ajax xsupplicant-1.2.8-4.fc8.3 dist-f8 spot xterm-229-2.fc8 dist-f8 mlichvar xtide-2.9.4-1.fc8 dist-f8 mtasaka xu4-1.1-0.2.cvs20070510.fc8 dist-f8 jwrdegoede xvattr-1.3-14 dist-f8 thias xwnc-0.3.3-3.fc7 fe7-merge jkeating xwrits-2.24-2.fc6 fe7-merge jkeating xzgv-0.8-6.fc8 dist-f8 terjeros yaboot-1.3.13-5.fc8 dist-f8 dcantrel yadex-1.7.0-8.fc8 dist-f8 wart yafc-1.1.1-9.fc8 dist-f8 jkeating yafray-0.0.9-4.fc8 dist-f8 kwizart yakuake-2.7.5-4.fc7 fe7-merge jkeating yap-5.1.1-7.fc8 dist-f8 gemi yasm-0.6.2-1.fc8 dist-f8 thias yaz-3.0.8-1.fc8 dist-f8 icon yelp-2.20.0-2.fc8 dist-f8 katzj yp-tools-2.9-2 dist-f8 steved ypbind-1.20.4-2.fc8 dist-f8 steved ypserv-2.19-6.fc8 dist-f8 steved ytalk-3.3.0-9.fc8 dist-f8 mmcgrath yum-3.2.7-1.fc8 dist-f8 skvidal yum-arch-2.2.2-2.fc7 fe7-merge jkeating yum-cron-0.6-1.fc8 dist-f8 habig yum-metadata-parser-1.1.2-1.fc8 dist-f8 skvidal yum-presto-0.4.2-1.fc8 dist-f8 jdieter yum-updatesd-0.7-1.fc8 dist-f8 katzj yum-utils-1.1.8-1.fc8 dist-f8 timlau yumex-2.0.2-1.fc8 dist-f8 timlau z88dk-1.6-11.fc8.1 dist-f8 spot zabbix-1.4.2-3.fc8 dist-f8 sharkcz zaptel-1.4.2.1-1.fc7 fe7-merge jkeating zasx-1.30-5.fc8 dist-f8 jwrdegoede zd1211-firmware-1.4-1 dist-f8 kwizart zenity-2.20.0-2.fc8 dist-f8 mclasen zeroinstall-injector-0.30-2.fc8 dist-f8 salimma zhcon-0.2.6-5.fc7 fe7-merge jkeating zidrav-1.2.0-3.fc8 dist-f8 rathann zile-2.2.19-1.fc6 fe7-merge jkeating zip-2.31-3.fc7 dist-fc7 jkeating zisofs-tools-1.0.8-2.fc8 dist-f8 harald zlib-1.2.3-14.fc8 dist-f8 varekova zoneminder-1.22.3-9.fc8 dist-f8 mebourne zsh-4.3.4-4.fc8 dist-f8 james zvbi-0.2.25-2.fc8 dist-f8 oddsocks zynaddsubfx-2.2.1-17.fc8 dist-f8 green zziplib-0.13.49-4.fc8 dist-f8 thias zzuf-0.9-2.fc8 dist-f8 scop --- dist-f8 DELETED --- From fedora-security-commits at redhat.com Fri Nov 2 01:50:19 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 1 Nov 2007 21:50:19 -0400 Subject: [Fedora-security-commits] fedora-security/manifest dist-fc7-updates, 1.6, 1.7 Message-ID: <200711020150.lA21oJOl029018@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/manifest In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28986 Modified Files: dist-fc7-updates Log Message: A bit more up to date Index: dist-fc7-updates =================================================================== RCS file: /cvs/fedora/fedora-security/manifest/dist-fc7-updates,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- dist-fc7-updates 16 Oct 2007 15:30:45 -0000 1.6 +++ dist-fc7-updates 2 Nov 2007 01:50:15 -0000 1.7 @@ -14,6 +14,7 @@ Coin2-2.5.0-2.fc7 dist-fc7-updates corsepiu ConsoleKit-0.2.1-2.fc7 dist-fc7 jkeating DMitry-1.3a-2.fc7 dist-fc7-updates sindrepb +Democracy-0.9.6-2.fc7 dist-fc7-updates tscherf DevIL-1.6.8-0.13.rc2.fc7 dist-fc7-updates oddsocks Django-0.96-1.fc7 fe7-merge jkeating ElectricFence-2.2.2-23 dist-fc7 jkeating @@ -39,7 +40,7 @@ Maelstrom-3.0.6-13 fe7-merge jkeating MagicPoint-1.11b-4.fc7 fe7-merge jkeating MegaMek-0.30.11-1.fc7 fe7-merge jkeating -Miro-0.9.8.1-2.fc7 dist-fc7-updates tscherf +Miro-0.9.8.1-4.fc7 dist-fc7-updates alexlan MochiKit-1.3.1-1.fc6 fe7-merge jkeating MyPasswordSafe-0.6.7-1.20061216.fc7 dist-fc7-updates ertzing MySQL-python-1.2.2-3.fc7 dist-fc7-updates tgl @@ -61,6 +62,8 @@ PyQt-qscintilla-3.17.1-1.fc7 fe7-merge jkeating PyQt4-4.2-8.fc7 dist-fc7-updates rdieter PyRTF-0.45-4.fc7 fe7-merge jkeating +PySolFC-1.1-3.fc7 dist-fc7-updates firewing +PySolFC-music-4.40-3 dist-fc7-updates firewing PyX-0.9-4.fc7 fe7-merge jkeating PyXML-0.8.4-6 dist-fc7 jkeating Pyrex-0.9.4-4.fc7 dist-fc7 jkeating @@ -68,9 +71,11 @@ QuantLib-0.8.1-3.fc7 dist-fc7-updates spot R-2.6.0-1.fc7 dist-fc7-updates spot R-BufferedMatrix-1.0.1-5.fc7 dist-fc7-updates pingou +R-DynDoc-1.14.0-5.fc7 dist-fc7-updates pingou R-RScaLAPACK-0.5.1-9.fc7 fe7-merge jkeating R-hdf5-1.6.6-1.fc7 dist-fc7-updates spot R-mAr-1.1-10.fc7 fe7-merge jkeating +R-multcomp-0.992-3.fc7 dist-fc7-updates orion R-mvtnorm-0.8-2.fc7 dist-fc7-updates orion R-systemfit-0.8-6.fc7 dist-fc7-updates orion R-waveslim-1.6-3.fc7 fe7-merge jkeating @@ -86,7 +91,7 @@ SDL_ttf-2.0.8-2.fc6 fe7-merge jkeating SDLmm-0.1.8-4.fc7 fe7-merge jkeating SIBsim4-0.15-1.fc7 fe7-merge jkeating -SILLY-0.1.0-2.fc7 fe7-merge jkeating +SILLY-0.1.0-4.fc7 dist-fc7-updates oddsocks SIMVoleon-2.0.1-6.fc7 fe7-merge jkeating SOAPpy-0.11.6-6.fc7 fe7-merge jkeating ScientificPython-2.6-8.fc7 dist-fc7-updates jspaleta @@ -99,11 +104,11 @@ Thunar-0.8.0-1.fc7 fe7-merge jkeating TnL-070909-2.fc7 dist-fc7-updates jwrdegoede TnL-data-070909-1.fc7 dist-fc7-updates jwrdegoede -TurboGears-1.0.2.2-2.fc7 dist-fc7 lmacken +TurboGears-1.0.3.2-4.fc7 dist-fc7-updates lmacken VLGothic-fonts-20070901-1.fc7 dist-fc7-updates ryo WindowMaker-0.92.0-13.fc7 dist-fc7-updates awjb Xaw3d-1.5E-10.1 dist-fc6 jkeating -Zim-0.19-1.fc7 fe7-merge jkeating +Zim-0.21-1.fc7 dist-fc7-updates cweyl a2ps-4.13b-65.fc7 dist-fc7 jkeating aalib-1.4.0-0.12.rc5.fc7 dist-fc7 notting aasaver-0.3.2-1.fc7 dist-fc7-updates oddsocks @@ -111,11 +116,11 @@ abcde-2.3.99.6-2.fc6 fe7-merge jkeating abcm2ps-5.5.2-1.fc7 dist-fc7-updates gemi abe-1.1-5.fc7 dist-fc7-updates wart -abicheck-1.2-11 fe7-merge jkeating +abicheck-1.2-11.7 dist-fc7-updates mschwendt abiword-2.4.6-5.fc7 fe7-merge jkeating abook-0.6.0-0.1.pre2.fc7 fe7-merge jkeating abuse-0.7.0-3.fc6 fe7-merge jkeating -abyssinica-fonts-1.0-2.fc7 dist-fc7-updates bernie +abyssinica-fonts-1.0-1.fc7 dist-fc7-updates bernie ack-1.64-1.fc7 dist-fc7-updates iburrell acl-2.2.39-3.1.fc7 dist-fc7 jkeating acpi-0.09-2.fc6 fe7-merge jkeating @@ -124,7 +129,7 @@ adaptx-0.9.13-4jpp.1.fc7 dist-fc7 jkeating adime-2.2.1-4.fc6 fe7-merge jkeating adjtimex-1.21-2.fc7 dist-fc7 jkeating -adminutil-1.1.4-1.fc7 dist-fc7-updates rmeggins +adminutil-1.1.5-1.fc7 dist-fc7-updates rmeggins adns-1.2-5.fc6 fe7-merge jkeating adplay-1.6-1.fc7 fe7-merge jkeating adplug-2.1-1.fc7 fe7-merge jkeating @@ -176,13 +181,13 @@ anjuta-gdl-0.7.3-1.fc7 fe7-merge jkeating ant-1.6.5-4jpp.2.fc7 dist-fc7 jkeating ant-contrib-1.0-0.4.b2.fc6 fe7-merge jkeating -anthy-9100-1.fc7 dist-fc7-updates tagoh +anthy-9100d-1.fc7 dist-fc7-updates tagoh antiword-0.37-3 fe7-merge jkeating antlr-2.7.7-1jpp.3.fc7.2 dist-fc7-updates dbhole ants-1.4-2.fc7.1 dist-fc7 jwrdegoede aoetools-15-1.fc7 fe7-merge jkeating apachetop-0.12.6-2.fc6 fe7-merge jkeating -apcupsd-3.14.1-2.fc7 dist-fc7-updates orion +apcupsd-3.14.2-1.fc7 dist-fc7-updates orion apel-10.6-9.fc6 fe7-merge jkeating apg-2.3.0b-4.fc6 fe7-merge jkeating aplus-fsf-4.20.2-19.fc7 dist-fc7-updates s4504kr @@ -191,12 +196,13 @@ apollon-1.0.1-7.fc6 fe7-merge jkeating apr-1.2.8-6 dist-fc7 jkeating apr-api-docs-1.2.8-6.fc7 dist-fc7-updates bojan -apr-util-1.2.8-7 dist-fc7 jkeating +apr-util-1.2.10-1.fc7 dist-fc7-updates jorton apt-0.5.15lorg3.2-12.fc7 dist-fc7-updates athimm aqbanking-2.3.2-1.fc7 dist-fc7-updates notting aqsis-1.2.0-4.fc7 fe7-merge jkeating aquamarine-0.2.1-1.fc7 dist-fc7-updates jwilson arc-5.21o-3.fc6 fe7-merge jkeating +archimedes-0.7.0-1.fc7 dist-fc7-updates rishi archivemail-0.7.0-6.fc7 dist-fc7-updates limb archmage-0.0.8-1.fc7 fe7-merge jkeating ardour-0.99.3-8.fc7 fe7-merge jkeating @@ -309,6 +315,7 @@ avahi-0.6.17-1.fc7 dist-fc7 jkeating avalon-framework-4.1.4-2jpp.14.fc7 dist-fc7 jkeating avalon-logkit-1.2-4jpp.5.fc7 dist-fc7 jkeating +avarice-2.6-1.fc7 dist-fc7-updates trondd avr-binutils-2.17-3.fc7 fe7-merge jkeating avr-gcc-4.1.2-4.fc7 dist-fc7 jwrdegoede avr-gdb-6.6-4.fc7 dist-fc7-updates jwrdegoede @@ -331,7 +338,7 @@ basesystem-8.1-1 dist-fc7 jkeating bash-3.2-9.fc7 dist-fc7 jkeating bash-completion-20060301-3.fc7 fe7-merge jkeating -basket-1.0.2-1.fc7 fe7-merge jkeating +basket-1.0.2-3.fc7 dist-fc7-updates abompard bazaar-1.4.2-8.fc6 fe7-merge jkeating bbkeys-0.9.0-6.fc7 fe7-merge jkeating bc-1.06-26 dist-fc7 jkeating @@ -354,7 +361,7 @@ bibletime-1.6.4-2.fc7 dist-fc7-updates anderson bidiv-1.5-4.fc6 fe7-merge jkeating bigloo-3.0b-1.fc7 dist-fc7-updates gemi -bind-9.4.2-0.4.rc1.fc7 dist-fc7-updates atkac +bind-9.4.2-0.2.b1.fc7 dist-fc7-updates atkac binutils-2.17.50.0.12-4 dist-fc7 jkeating bison-2.3-3.fc7 dist-fc7 jkeating bit-0.4.1-1.fc7 fe7-merge jkeating @@ -367,8 +374,9 @@ bittorrent-4.4.0-5.fc7 fe7-merge jkeating blackbox-0.70.1-6.fc7 fe7-merge jkeating blacs-1.1-24.fc7.1 fe7-merge jkeating -blam-1.8.3-6.fc7 dist-fc7-updates pgordon +blam-1.8.3-7.fc7 dist-fc7-updates pgordon blender-2.45-2.fc7.1 dist-fc7-updates s4504kr +blitz-0.9-3.fc7 dist-fc7-updates sergiopr blktool-4-6.fc6 fe7-merge jkeating blobAndConquer-0.91-1.fc7 dist-fc7-updates jwrdegoede blobby-0.6-0.4.a.fc7 fe7-merge jkeating @@ -395,7 +403,7 @@ booty-0.85-1 dist-fc7 jkeating boswars-2.4.1-2.fc7 dist-fc7-updates jwrdegoede bottlerocket-0.04c-1.fc7 dist-fc7-updates sindrepb -bouml-2.31.3-1.fc7 dist-fc7-updates rishi +bouml-2.32-1.fc7 dist-fc7-updates rishi bouml-doc-2.30-3.fc7 dist-fc7-updates rishi bouncycastle-1.34-3.fc7 dist-fc7 jkeating brandy-1.0.19-4.fc6 fe7-merge jkeating @@ -439,7 +447,7 @@ camE-1.9-8.fc7 fe7-merge jkeating camstream-0.26.3-11.fc7 fe7-merge jkeating castor-0.9.5-1jpp.7 dist-fc6 jkeating -catfish-0.3-0.3.c.fc7 dist-fc7-updates mtasaka +catfish-0.3-1.fc7 dist-fc7-updates mtasaka cbios-0.21-3.fc7 dist-fc7-updates oddsocks ccache-2.4-8.fc7 fe7-merge jkeating ccid-1.2.1-1.fc7 dist-fc7 jkeating @@ -476,11 +484,11 @@ chkfontpath-1.10.1-1.1 dist-fc6 jkeating chkrootkit-0.47-7.fc7 dist-fc7-updates mschwendt chmlib-0.39-5.fc7 dist-fc7-updates peter -chmsee-1.0.0-1.23.fc7 dist-fc7-updates bbbush +chmsee-1.0.0-1.25.fc7 dist-fc7-updates bbbush chrpath-0.13-1.1.fc6 fe7-merge jkeating cinepaint-0.22.1-4.fc7 dist-fc7-updates kwizart cjet-0.8.9-4.fc7 dist-fc7-updates lkundrak -cksfv-1.3.12-1.fc7 dist-fc7-updates xulchris +cksfv-1.3.12-2.fc7 dist-fc7-updates xulchris clamav-0.91.2-2.fc7 dist-fc7-updates ensc clanbomber-1.05-4.fc7 fe7-merge jkeating classpathx-jaf-1.0-9jpp.1 dist-fc6 jkeating @@ -490,7 +498,7 @@ claws-mail-plugins-3.0.1-1.fc7 dist-fc7-updates awjb cleanfeed-0.95.7b-21.1.1 dist-fc6 jkeating clearsilver-0.10.4-5.fc7 dist-fc7-updates jcollie -climm-0.6-2.fc7 dist-fc7-updates ondrejj +climm-0.6.1-1.fc7 dist-fc7-updates ondrejj clips-6.24-22.fc7 fe7-merge jkeating clipsmm-0.0.7-1.fc7 fe7-merge jkeating clisp-2.41-3.fc7 fe7-merge jkeating @@ -549,10 +557,11 @@ coreutils-6.9-3.fc7 dist-fc7-updates twaugh corkscrew-2.0-5.fc7 dist-fc7-updates rishi cowbell-0.2.7.1-6.fc6 fe7-merge jkeating -cowsay-3.03-2.fc7 fe7-merge jkeating +cowsay-3.03-4.fc7 dist-fc7-updates ecik cpan2rpm-2.028-2.fc6 fe7-merge jkeating cpanspec-1.73-1.fc7 dist-fc7-updates steve cpio-2.6-27.fc7 dist-fc7 jkeating +cpl-3.1-2.fc7 dist-fc7-updates sergiopr cppunit-1.12.0-3.fc7 fe7-merge jkeating cproto-4.7e-2.fc6 fe7-merge jkeating cpufreq-utils-002-1.1.41.fc6 dist-fc6 jkeating @@ -585,12 +594,12 @@ csync2-1.33-5.fc7 fe7-merge jkeating ctags-5.6-1.1 dist-fc6 jkeating ctapi-common-1.1-3.fc7 dist-fc7-updates frankb -ctapi-cyberjack-3.0.4-1.fc7 dist-fc7-updates frankb +ctapi-cyberjack-3.0.5-1.fc7 dist-fc7-updates frankb ctorrent-1.3.4-4.dnh3.2.fc7 dist-fc7-updates rathann ctrlproxy-2.6.2-7.fc6 fe7-merge jkeating -cups-1.2.12-4.fc7 dist-fc7-updates twaugh +cups-1.2.12-5.fc7 dist-fc7-updates twaugh cups-pdf-2.4.6-1.fc7 dist-fc7 remi -cupsddk-1.2.0-3.fc7 dist-fc7-updates twaugh +cupsddk-1.2.3-1.fc7 dist-fc7-updates twaugh curl-7.16.4-1.fc7 dist-fc7-updates jnovy curlftpfs-0.9.1-1.fc7 fe7-merge jkeating curry-0.9.11-2.fc7 dist-fc7-updates gemi @@ -603,7 +612,7 @@ cvsweb-3.0.6-3.fc6 fe7-merge jkeating cycle-0.3.1-4.fc7 fe7-merge jkeating cyphesis-0.5.13-1.fc7 dist-fc7-updates wart -cyrus-imapd-2.3.8-3.fc7 fe7-merge jkeating +cyrus-imapd-2.3.9-7.fc7 dist-fc7-updates tjanouse cyrus-sasl-2.1.22-6 dist-fc7-updates jkeating d3lphin-0.9.2-2.fc7 dist-fc7-updates chitlesh d4x-2.5.7.1-3.fc7 fe7-merge jkeating @@ -646,7 +655,7 @@ desktop-printing-0.20-6.fc7 dist-fc7 jkeating deutex-4.4.0-4.fc7 fe7-merge jkeating dev86-0.16.17-4.fc7 dist-fc7 jkeating -devhelp-0.13-9.fc7 dist-fc7-updates kengert +devhelp-0.13-10.fc7 dist-fc7-updates caillon device-mapper-1.02.17-7.fc7 dist-fc7 jkeating device-mapper-multipath-0.4.7-11.fc7 dist-fc7 jkeating devilspie-0.20.2-1.fc7 fe7-merge jkeating @@ -676,9 +685,9 @@ dirvish-1.2.1-2.fc6 fe7-merge jkeating distcache-1.4.5-14.1 dist-fc6 jkeating djvulibre-3.5.18-1.fc7 fe7-merge jkeating -dkms-2.0.16-1.fc7 fe7-merge jkeating +dkms-2.0.17.5-1.fc7 dist-fc7-updates mdomsch dmidecode-2.7-1.26.1.fc6 dist-fc6 jkeating -dmraid-1.0.0.rc14-2.fc7 dist-fc7 jkeating +dmraid-1.0.0.rc14-4.fc7 dist-fc7-updates iankent dnsmasq-2.38-1.fc7 fe7-merge jkeating dnssec-tools-1.2-6.fc7 dist-fc7-updates hardaker docbook-dtds-1.0-30.1 dist-fc6 jkeating @@ -688,6 +697,7 @@ docbook-style-xsl-1.73.2-1.fc7 dist-fc7-updates ovasik docbook-utils-0.6.14-8.fc7 dist-fc7-updates ovasik docbook2X-0.8.7-2.fc6 fe7-merge jkeating +docker-1.5-2.fc7 dist-fc7-updates awjb dogtail-0.6.1-1.fc7 dist-fc7 jkeating dolphin-0.8.2-2.fc7 fe7-merge jkeating dom4j-1.6.1-2jpp.2.fc7 fe7-merge jkeating @@ -704,7 +714,7 @@ driconf-0.9.1-5.fc7 fe7-merge jkeating driftnet-0.1.6-12 fe7-merge jkeating drivel-2.1.0-0.5.20060527cvs.fc7 dist-fc7-updates pfrields -drupal-5.2-1.fc7 dist-fc7-updates limb +drupal-5.3-1.fc7 dist-fc7-updates limb dssi-0.9.1-10.fc6 fe7-merge jkeating dstat-0.6.6-1.fc7 fe7-merge jkeating dtach-0.7-1.2.3 dist-fc7 jkeating @@ -754,7 +764,7 @@ efax-0.9-27.2.1 dist-fc6 jkeating efont-unicode-bdf-0.4.2-6.1.fc6 fe7-merge jkeating eggdrop-1.6.18-9.fc7 dist-fc7-updates robert -egoboo-2.4.3-2.fc7 dist-fc7-updates jwrdegoede +egoboo-2.4.3-4.fc7 dist-fc7-updates jwrdegoede egoboo-data-2.4.3-1.fc7 dist-fc7-updates jwrdegoede eiciel-0.9.4-1.fc7 fe7-merge jkeating ejabberd-1.1.4-1.fc7 dist-fc7-updates jcollie @@ -779,7 +789,7 @@ emelfm2-0.3.5-1.fc7 dist-fc7-updates cwickert emerald-0.2.1-1.fc7 dist-fc7-updates jwilson emerald-themes-0.2.1-1.fc7 dist-fc7-updates jwilson -empathy-0.12-1.fc7 dist-fc7-updates pgordon +empathy-0.12-2.fc7 dist-fc7-updates pgordon enblend-3.0-6.fc7 dist-fc7-updates bpostle enca-1.9-3.fc6 fe7-merge jkeating enchant-1.3.0-1.fc6 fe7-merge jkeating @@ -791,8 +801,8 @@ environment-modules-3.2.5-1.fc7 fe7-merge jkeating eog-2.18.2-2.fc7 dist-fc7-updates mclasen epic-2.6-1.fc7 dist-fc7 jkeating -epiphany-2.18.3-2.fc7 dist-fc7-updates kengert -epiphany-extensions-2.18.3-3 dist-fc7-updates pgordon +epiphany-2.18.3-3.fc7 dist-fc7-updates caillon +epiphany-extensions-2.18.3-4 dist-fc7-updates pgordon epydoc-2.1-7.fc7 fe7-merge jkeating epylog-1.0.3-5.fc7 fe7-merge jkeating eric-3.9.2-3.fc7 dist-fc7-updates rdieter @@ -853,7 +863,7 @@ fedora-package-config-smart-7-8.1 dist-fc7-updates athimm fedora-release-7-3 dist-fc7 jkeating fedora-release-notes-7.0.0-1 dist-fc7 pfrields -fedora-usermgmt-0.9-2.fc7 fe7-merge jkeating +fedora-usermgmt-0.10-1.fc7 dist-fc7-updates ensc feh-1.3.4-4.fc6 fe7-merge jkeating festival-1.96-1.fc7 dist-fc7 jkeating fetchlog-1.0-8.fc6 fe7-merge jkeating @@ -872,7 +882,7 @@ fillets-ng-data-0.7.1-2 fe7-merge jkeating findutils-4.2.29-2 dist-fc7 jkeating finger-0.17-34.fc7 dist-fc7 jkeating -firefox-2.0.0.5-1.fc7 dist-fc7-updates kengert +firefox-2.0.0.8-1.fc7 dist-fc7-updates caillon firefox-32-0.0.1-5.fc7 fe7-merge jkeating firestarter-1.0.3-16.fc7 dist-fc7-updates splinux firewalk-5.0-1.fc7 dist-fc7-updates sindrepb @@ -883,6 +893,7 @@ fityk-0.8.1-9.fc7 dist-fc7-updates jpye flac-1.1.4-4.fc7 dist-fc7 jkeating flac123-0.0.11-1.fc7 dist-fc7-updates sindrepb +flagpoll-0.9.1-1.fc7 dist-fc7-updates deji flashrom-0-0.2.20071003svn2817.fc7 dist-fc7-updates peter flasm-1.61-3.fc6 fe7-merge jkeating flex-2.5.33-9.fc7 dist-fc7-updates pmachata @@ -923,6 +934,7 @@ fortune-mod-1.99.1-8.fc7 fe7-merge jkeating fpc-2.0.4-2.fc6 fe7-merge jkeating fping-2.4b2-7.fc6 fe7-merge jkeating +fprobe-ulog-1.1-3.fc7 dist-fc7-updates stingray freealut-1.1.0-4.fc7 dist-fc7-updates awjb freeciv-2.0.9-1.fc7 fe7-merge jkeating freedoom-0.5-2.fc7 fe7-merge jkeating @@ -948,19 +960,19 @@ ftnchek-3.3.1-5.fc6 fe7-merge jkeating ftp-0.17-41.fc7 dist-fc7-updates mmaslano ftplib-3.1-2.fc7 dist-fc7-updates spot -funtools-1.4.0-1.fc7 dist-fc7-updates sergiopr +funtools-1.4.0-3.fc7 dist-fc7-updates sergiopr fuse-2.7.0-6.fc7 dist-fc7-updates peter fuse-convmvfs-0.2.4-3.fc7 dist-fc7-updates hellwolf fuse-emulator-0.8.0.1-2.fc7 dist-fc7-updates oddsocks fuse-emulator-utils-0.8.0.1-1.fc7 dist-fc7-updates oddsocks fuse-encfs-1.3.2-1.fc7 fe7-merge jkeating -fuse-python-0.2-5.fc7 dist-fc7-updates peter +fuse-python-0.2-6.fc7 dist-fc7-updates peter fuse-smb-0.8.5-7.fc7 fe7-merge jkeating fuse-sshfs-1.7-2.fc6 fe7-merge jkeating fvwm-2.5.23-2.fc7 dist-fc7-updates agoode fwbackups-1.43.1-2.fc7 dist-fc7-updates firewing fwbuilder-2.1.12-1.fc7 dist-fc7-updates ertzing -fwfstab-0.01.1-3.fc7 fe7-merge jkeating +fwfstab-0.02-2.fc7 dist-fc7-updates firewing fwrestart-1.04-2.fc6 fe7-merge jkeating fyre-1.0.1-1.fc6 fe7-merge jkeating g-wrap-1.9.9-3.fc7 dist-fc7-updates laxathom @@ -973,21 +985,21 @@ gajim-0.11.1-1.fc7 fe7-merge jkeating galago-daemon-0.5.1-1.fc6 fe7-merge jkeating galculator-1.2.5-5.fc6 fe7-merge jkeating -galeon-2.0.3-11.fc7 dist-fc7-updates denis +galeon-2.0.3-12.fc7 dist-fc7-updates alexlan gallery2-2.2-0.7.svn20070831.fc7 dist-fc7-updates jwb galternatives-0.13.4-4.fc7 fe7-merge jkeating gambas-1.0.17-8.fc7 fe7-merge jkeating games-menus-0.2-3.fc7 fe7-merge jkeating gamin-0.1.8-5.fc7 dist-fc7 jkeating -gammu-1.11.0-1.fc7 dist-fc7-updates laxathom -ganglia-3.0.4-2.fc7 fe7-merge jkeating +gammu-1.13.0-1.fc7 dist-fc7-updates laxathom +ganglia-3.0.5-1.fc7 dist-fc7-updates jwilson ganymed-ssh2-210-5.fc7 dist-fc7-updates robmv gauche-0.8.11-2.fc7 dist-fc7-updates gemi gauche-gl-0.4.4-2.fc7 dist-fc7-updates gemi gauche-gtk-0.4.1-15.fc7 dist-fc7-updates gemi gawk-3.1.5-15.fc7 dist-fc7 jkeating gazpacho-0.7.2-2.fc7 dist-fc7-updates icon -gc-6.8-3.fc7 fe7-merge jkeating +gc-7.0-6.fc7 dist-fc7-updates rdieter gcalctool-5.9.14-1.fc7 dist-fc7 jkeating gcc-4.1.2-27.fc7 dist-fc7-updates jakub gcdmaster-1.2.2-1.fc6 fe7-merge jkeating @@ -1003,7 +1015,7 @@ gcstar-1.2.2-1.fc7 dist-fc7-updates tian gd-2.0.35-1.fc7 dist-fc7-updates varekova gdal-1.4.2-2.fc7 dist-fc7-updates cbalint -gdb-6.6-15.fc7 dist-fc7-updates jkratoch +gdb-6.6-16.fc7 dist-fc7-updates jkratoch gdbm-1.8.0-27.fc7 dist-fc7 jkeating gdeskcal-1.01-1.fc7 fe7-merge jkeating gdesklets-0.35.4-9.fc7 dist-fc7-updates luya @@ -1040,7 +1052,7 @@ geos-2.2.3-1.fc7 fe7-merge jkeating gerbv-1.0.2-2.fc7 dist-fc7-updates chitlesh geronimo-specs-1.0-0.M2.2jpp.12 dist-fc6 jkeating -gettext-0.16.1-8.fc7 dist-fc7 jkeating +gettext-0.16.1-9.fc7 dist-fc7-updates petersen gfa-0.4.1-4.fc7 fe7-merge jkeating gforth-0.6.2-10.fc7 fe7-merge jkeating gfs2-utils-0.1.25-1.fc7 dist-fc7 jkeating @@ -1064,7 +1076,7 @@ gimp-2.2.17-1.fc7 dist-fc7-updates nphilipp gimp-help-2-0.1.0.13.fc7 dist-fc7-updates nphilipp ginac-1.3.6-1.fc7 fe7-merge jkeating -git-1.5.2.4-1.fc7 dist-fc7-updates jbowes +git-1.5.3.3-3.fc7 dist-fc7-updates jbowes gjots2-2.3.4-7.fc7 fe7-merge jkeating gkrellm-2.2.10-3.fc7 dist-fc7-updates jwrdegoede gkrellm-aclock-0.3.4-1.fc6 fe7-merge jkeating @@ -1150,7 +1162,7 @@ gnome-ppp-0.3.23-3.fc6 fe7-merge jkeating gnome-python2-2.18.1-1.fc7 dist-fc7 jkeating gnome-python2-desktop-2.18.0-1.fc7 dist-fc7 jkeating -gnome-python2-extras-2.14.3-4.fc7 dist-fc7-updates mbarnes +gnome-python2-extras-2.14.3-5.fc7 dist-fc7-updates mbarnes gnome-python2-gda-2.14.3-1.fc7 fe7-merge jkeating gnome-schedule-1.1.0-2.fc7 fe7-merge jkeating gnome-screensaver-2.18.2-2.fc7 dist-fc7-updates rstrode @@ -1162,7 +1174,7 @@ gnome-spell-1.0.7-4.fc7 dist-fc7 jkeating gnome-system-monitor-2.18.2-1.fc7 dist-fc7-updates mclasen gnome-terminal-2.18.1-1.fc7 dist-fc7-updates mclasen -gnome-theme-clearlooks-bigpack-0.6-5.fc7 fe7-merge jkeating +gnome-theme-clearlooks-bigpack-0.6-6.fc7 dist-fc7-updates pgordon gnome-themes-2.18.0-1.fc7 dist-fc7 jkeating gnome-translate-0.99-11.fc7 fe7-merge jkeating gnome-user-docs-2.18.2-1.fc7 dist-fc7-updates mclasen @@ -1197,12 +1209,12 @@ gnustep-make-1.12.0-5.fc6 fe7-merge jkeating gnutls-1.6.3-2.fc7 dist-fc7-updates tmraz gob2-2.0.14-1.1 dist-fc6 jkeating -gobby-0.4.4-1.fc7 dist-fc7-updates lmacken +gobby-0.4.5-1.fc7 dist-fc7-updates lmacken gocr-0.44-2.fc7 fe7-merge jkeating goffice-0.2.2-1.fc7 fe7-merge jkeating goffice04-0.4.3-1.fc7 dist-fc7-updates belegdol gok-1.2.2-1.fc7 dist-fc7 jkeating -gonvert-0.2.15-4.fc7 fe7-merge jkeating +gonvert-0.2.19-1.fc7 dist-fc7-updates tmz goocanvas-0.9-3.fc7 dist-fc7-updates bjohnson google-perftools-0.92-1.fc7.1 dist-fc7-updates spot gossip-0.26-1.fc7 dist-fc7-updates bpepple @@ -1244,7 +1256,7 @@ grig-0.7.2-1.fc7 dist-fc7-updates denis grip-3.2.0-16.fc7 fe7-merge jkeating grisbi-0.5.9-3.fc7 dist-fc7-updates abompard -groff-1.18.1.4-6.fc7 dist-fc7-updates mmaslano +groff-1.18.1.4-7.fc7 dist-fc7-updates mmaslano grsync-0.6-1.fc7 dist-fc7-updates svahl grub-0.97-13 dist-fc6 jkeating gscan2pdf-0.9.16-1.fc7 dist-fc7-updates bjohnson @@ -1261,12 +1273,12 @@ gsynaptics-0.9.11-1.fc7 fe7-merge jkeating gthumb-2.10.6-1.fc7 dist-fc7-updates mclasen gtk+-1.2.10-57.fc7 fe7-merge jkeating -gtk+extra-2.1.1-4.fc7 dist-fc7 dionysos +gtk+extra-2.1.1-5.fc7 dist-fc7-updates dionysos gtk-doc-1.8-2.fc7 dist-fc7 jkeating gtk-gnutella-0.96.4-1.fc7 dist-fc7-updates buc gtk-murrine-engine-0.52-1.fc7 fe7-merge jkeating gtk-qt-engine-0.70-5.20070811svn.fc7 dist-fc7-updates rdieter -gtk-recordmydesktop-0.3.4-1.fc7.1 dist-fc7-updates sindrepb +gtk-recordmydesktop-0.3.6-1.fc7.1 dist-fc7-updates sindrepb gtk-rezlooks-engine-0.6-4.fc7 fe7-merge jkeating gtk-sharp-1.0.10-12.fc7 fe7-merge jkeating gtk-sharp2-2.10.0-4.fc7 dist-fc7 jkeating @@ -1285,7 +1297,7 @@ gtklp-1.2.5-1.fc7 dist-fc7-updates gemi gtkmathview-0.7.6-5.fc6 fe7-merge jkeating gtkmm24-2.10.11-1.fc7 dist-fc7-updates denis -gtkmozembedmm-1.4.2.cvs20060817-12.fc7 dist-fc7-updates hguemar +gtkmozembedmm-1.4.2.cvs20060817-13.fc7.1 dist-fc7-updates hguemar gtkperf-0.40-6.fc7 dist-fc7-updates patriceb gtkpod-0.99.8-3.fc7 fe7-merge jkeating gtksourceview-1.8.5-1.fc7 dist-fc7 jkeating @@ -1304,6 +1316,7 @@ guile-cairo-1.4.0-4.fc7 dist-fc7-updates laxathom guile-gnome-platform-2.15.93-6.fc7 dist-fc7-updates laxathom guile-lib-0.1.4-4.fc7 dist-fc7-updates laxathom +gurlchecker-0.10.1-4.fc7 dist-fc7-updates makghosh gutenprint-5.0.1-3.fc7 dist-fc7-updates twaugh gv-3.6.2-2.fc7 fe7-merge jkeating gweled-0.7-8.fc7 fe7-merge jkeating @@ -1353,7 +1366,7 @@ hnb-1.9.18-3.fc6 fe7-merge jkeating homebank-3.5-5.fc7 dist-fc7-updates trasher horde-3.1.4-2.fc7 fe7-merge jkeating -hotwire-0.590-1.fc7 dist-fc7-updates walters +hotwire-0.599-1.fc7 dist-fc7-updates walters hpic-0.52.2-2.fc6 fe7-merge jkeating hping3-0.0.20051105-7.fc7 fe7-merge jkeating hplip-1.7.4a-6.fc7 dist-fc7-updates twaugh @@ -1468,7 +1481,7 @@ ipw2100-firmware-1.3-8 fe7-merge jkeating ipw2200-firmware-3.0-9 fe7-merge jkeating ipxripd-0.8-4.fc6 fe7-merge jkeating -ipython-0.7.2-4.fc7 fe7-merge jkeating +ipython-0.8.1-2.fc7 dist-fc7-updates jbowes ircd-hybrid-7.2.3-2.fc7 dist-fc7 tanguy irda-utils-0.9.18-2.fc7 dist-fc7 jkeating irqbalance-0.55-2.fc7 dist-fc7 jkeating @@ -1570,12 +1583,14 @@ kasumi-2.2-4.fc7 dist-fc7-updates tagoh katapult-0.3.2.1-1.fc7 dist-fc7-updates chitlesh kawa-1.9.0-2.fc7 fe7-merge jkeating -kazehakase-0.4.9-2.fc7 dist-fc7-updates mtasaka +kazehakase-0.5.0-1.fc7 dist-fc7-updates mtasaka kbackup-0.5.2-1.fc7 dist-fc7-updates dionysos kbd-1.12-22.fc7 dist-fc7-updates vcrhonek kbibtex-0.1.5.52-10.fc7 dist-fc7-updates noltec kbilliards-0.8.7b-2.fc7 fe7-merge jkeating kbiof-0.3-1.fc7 dist-fc7-updates oddsocks +kcbench-0.1-2 dist-fc7-updates thl +kcbench-data-0.1-2 dist-fc7-updates thl kcc-2.3-24.2.2 dist-fc6 jkeating kcemirror-0.1.5-1.fc7 fe7-merge jkeating kchmviewer-3.0-2.fc7 fe7-merge jkeating @@ -1599,24 +1614,24 @@ kdelibs4-3.93.0-10.fc7 dist-fc7-updates kkofler kdemultimedia-3.5.7-2.fc7 dist-fc7-updates rdieter kdenetwork-3.5.7-1.fc7.1 dist-fc7-updates rdieter -kdepim-3.5.7-3.fc7 dist-fc7-updates rdieter +kdepim-3.5.7-10.svn20070926.ent.fc7 dist-fc7-updates rdieter kdepimlibs-3.93.0-3.fc7 dist-fc7-updates rdieter kdesdk-3.5.7-7.fc7 dist-fc7-updates rdieter kdesvn-0.11.2-3.fc7 fe7-merge jkeating kdetoys-3.5.7-1.fc7 dist-fc7-updates rdieter -kdetv-0.8.9-5.fc7 dist-fc7-updates oddsocks +kdetv-0.8.9-7.fc7 dist-fc7-updates oddsocks kdeutils-3.5.7-1.fc7.1 dist-fc7-updates rdieter kdevelop-3.4.1-1.fc7 dist-fc7-updates than kdewebdev-3.5.7-1.fc7 dist-fc7-updates than kdiff3-0.9.90-7.fc6 fe7-merge jkeating kdirstat-2.5.3-5.fc6 fe7-merge jkeating kdissert-1.0.7-1.fc7 fe7-merge jkeating -kdmtheme-1.1.3-1.fc7 fe7-merge jkeating +kdmtheme-1.2.1-1.fc7 dist-fc7-updates chitlesh kdnssd-avahi-0.1.3-0.1.20060713svn.fc6 dist-fc6 jkeating kdocker-1.3-8.fc6 fe7-merge jkeating keepalived-1.1.13-6.fc7 fe7-merge jkeating keepassx-0.2.2-2.fc7 dist-fc7-updates abompard -kernel-2.6.22.9-91.fc7 dist-fc7-updates linville +kernel-2.6.23.1-10.fc7 dist-fc7-updates linville kernel-xen-2.6-2.6.20-2936.fc7 dist-fc7-updates ehabkost kerry-0.2.1-2.fc7 fe7-merge jkeating ketchup-0.9.8-1.fc7 dist-fc7-updates ben @@ -1670,6 +1685,8 @@ krb5-auth-dialog-0.7-2 dist-fc7 jkeating krbafs-1.2.2-10.1 dist-fc6 jkeating krecipes-0.9.1-5.fc6 fe7-merge jkeating +kreetingkard-0.7.1-2.fc7 dist-fc7-updates mtasaka +kreetingkard_templates-0.2.0-2.fc7 dist-fc7-updates mtasaka krename-3.0.14-1.fc7 fe7-merge jkeating kronolith-2.1.5-1.fc7 fe7-merge jkeating krusader-1.80.0-1.fc7 dist-fc7-updates mgarski @@ -1927,8 +1944,8 @@ libpcap-0.9.7-1.fc7 dist-fc7-updates mlichvar libpciaccess-0.8-0.1.20070530git.fc7 dist-fc7-updates ajax libpfm-3.2-0.061205.1.fc7 dist-fc7 jkeating -libpng-1.2.16-1.fc7 dist-fc7 jkeating -libpng10-1.0.26-1.fc7.1 dist-fc7-updates pghmcfc +libpng-1.2.22-1.fc7 dist-fc7-updates tgl +libpng10-1.0.29-1.fc7 dist-fc7-updates pghmcfc libpolyxmass-0.9.0-6.fc5 fe7-merge jkeating libpqxx-2.6.8-5.fc7 fe7-merge jkeating libprelude-0.9.13-1.fc7 fe7-merge jkeating @@ -1936,7 +1953,7 @@ libpri-1.4.1-1.fc7 dist-fc7-updates jcollie libqalculate-0.9.6-1.fc7 dist-fc7-updates deji librapi-0.9.3-1.fc7 fe7-merge jkeating -libraw1394-1.2.1-9.fc7 dist-fc7-updates jwilson +libraw1394-1.2.1-11.fc7 dist-fc7-updates jwilson libreadline-java-0.8.0-17.fc7 fe7-merge jkeating libresample-0.1.3-3.fc6 fe7-merge jkeating librfid-0.1.0-3.1996svn.fc7 dist-fc7 kushal @@ -1951,7 +1968,7 @@ libsemanage-2.0.3-4.fc7 dist-fc7-updates dwalsh libsepol-2.0.3-1.fc7 dist-fc7 jkeating libsexy-0.1.11-1.fc7 fe7-merge jkeating -libsexymm-0.1.9-3.fc7 fe7-merge jkeating +libsexymm-0.1.9-4.fc7 dist-fc7-updates hguemar libshout-2.2.2-1.fc6 fe7-merge jkeating libsidplay-1.36.57-12.fc7 fe7-merge jkeating libsieve-2.2.5-1.fc7 fe7-merge jkeating @@ -1996,7 +2013,7 @@ libusb-0.1.12-7.fc7 dist-fc7 jkeating libuser-0.56.2-1 dist-fc7 jkeating libutempter-1.1.4-3.fc6 dist-fc6 jkeating -libvirt-0.3.2-1.fc7 dist-fc7-updates veillard +libvirt-0.3.3-1.fc7 dist-fc7-updates veillard libvisual-0.4.0-3.fc6 fe7-merge jkeating libvisual-plugins-0.4.0-3.fc7 fe7-merge jkeating libvorbis-1.1.2-3.fc7 dist-fc7-updates behdad @@ -2016,7 +2033,7 @@ libxslt-1.1.21-1.fc7 dist-fc7-updates veillard libzzub-0.2.3-8.fc7 dist-fc7-updates akahl licq-1.3.4-6.fc7 fe7-merge jkeating -liferea-1.2.23-1.fc7 dist-fc7-updates bpepple +liferea-1.2.23-3.fc7 dist-fc7-updates bpepple lightning-1.2-9.fc7 dist-fc7-updates s4504kr lighttpd-1.4.18-1.fc7 dist-fc7-updates thias lilypond-2.10.33-1.fc7 dist-fc7-updates qspencer @@ -2182,19 +2199,19 @@ min12xxw-0.0.9-1.fc7 dist-fc7-updates lkundrak mingetty-1.07-5.2.2 dist-fc6 jkeating minicom-2.2-1.fc7 dist-fc7 jkeating -mirage-0.8.3-1.fc7.1 dist-fc7 mtasaka +mirage-0.9-1.fc7 dist-fc7-updates mtasaka mirrormagic-2.0.2-3.fc7 fe7-merge jkeating mkbootdisk-1.5.3-2.1 dist-fc6 jkeating mkinitrd-6.0.9-7.1 dist-fc7-updates pjones -mksh-31c-1.fc7 dist-fc7-updates robert +mksh-31d-1.fc7 dist-fc7-updates robert mktemp-1.5-25.fc7 dist-fc7 jkeating mkvtoolnix-2.1.0-1.fc7 dist-fc7-updates rathann mlmmj-1.2.14-2.fc7 fe7-merge jkeating mlocate-0.16-1 dist-fc7 jkeating -mlton-20061107-2.fc7 fe7-merge jkeating +mlton-20070826-10.fc7.1 dist-fc7-updates agoode mm-1.4.2-2.fc6 fe7-merge jkeating mmv-1.01b-8.fc6 fe7-merge jkeating -mock-0.7.6-1.fc7 dist-fc7-updates mebrown +mock-0.8.4-2.fc7 dist-fc7-updates mebrown mod_annodex-0.2.2-6.fc6 fe7-merge jkeating mod_auth_kerb-5.3-3 dist-fc7 jkeating mod_auth_mysql-3.0.0-3.1 dist-fc6 jkeating @@ -2209,7 +2226,7 @@ mod_fcgid-2.2-1.fc7 dist-fc7-updates pghmcfc mod_geoip-1.2.0-1.fc7 dist-fc7-updates mfleming mod_mono-1.2.1-1.fc7 fe7-merge jkeating -mod_nss-1.0.7-1.fc7 dist-fc7-updates rcritten +mod_nss-1.0.7-2.fc7 dist-fc7-updates rcritten mod_perl-2.0.3-9.1.fc7 dist-fc7-updates jorton mod_python-3.3.1-3 dist-fc7 jkeating mod_revocator-1.0.2-1.fc7 fe7-merge jkeating @@ -2234,7 +2251,7 @@ most-4.10.2-5.fc6 fe7-merge jkeating moto4lin-0.3-6.fc7 fe7-merge jkeating mousepad-0.2.12-1.fc7 fe7-merge jkeating -mozldap-6.0.4-1.fc7 dist-fc7-updates rmeggins +mozldap-6.0.5-1.fc7 dist-fc7-updates rmeggins mozplugger-1.7.3-3.1 dist-fc6 jkeating mpage-2.5.4-7.1 dist-fc6 jkeating mpc-0.12.0-2.fc7 fe7-merge jkeating @@ -2332,10 +2349,11 @@ newt-perl-1.08-14 dist-fc7 jkeating nexuiz-2.3-1.fc7 dist-fc7-updates limb nexuiz-data-2.3-2.fc7 dist-fc7-updates limb -nfs-utils-1.1.0-3.fc7 dist-fc7-updates steved +nfs-utils-1.1.0-4.fc7 dist-fc7-updates steved nfs-utils-lib-1.0.8-10.fc7 dist-fc7-updates steved nfs4-acl-tools-0.3.1-1.fc7.2 fe7-merge jkeating nfswatch-4.99.9-1.fc7 dist-fc7-updates c4chris +nget-0.27.1-7.fc7 dist-fc7-updates rishi nginx-0.5.31-2.fc7 dist-fc7-updates jjh ngrep-1.45-1.fc7 fe7-merge jkeating ngspice-17-11.fc7 fe7-merge jkeating @@ -2375,6 +2393,7 @@ nyquist-2.36-1.fc7 fe7-merge jkeating obby-0.4.4-1.fc7 fe7-merge jkeating obconf-2.0.2-1.fc7 dist-fc7-updates mlichvar +obexfs-0.11-0.1.rc2.fc7 dist-fc7-updates rathann obexftp-0.22-0.3.rc6.fc7 dist-fc7-updates rathann obmenu-1.0-4.fc7 fe7-merge jkeating ocaml-3.09.3-2.fc7 dist-fc7-updates gemi @@ -2423,11 +2442,11 @@ openslp-1.2.1-6.fc6 fe7-merge jkeating opensp-1.5.2-5.fc7 dist-fc7-updates ovasik openssh-4.5p1-6.fc7 dist-fc7 jkeating -openssl-0.9.8b-14.fc7 dist-fc7-updates tmraz +openssl-0.9.8b-15.fc7 dist-fc7-updates tmraz openssl097a-0.9.7a-9 dist-fc6 jkeating openswan-2.4.7-3.fc7 dist-fc7 jkeating openvpn-2.1-0.19.rc4.fc7 fe7-merge jkeating -openvrml-0.16.6-2.fc7 dist-fc7-updates braden +openvrml-0.16.6-3.fc7 dist-fc7-updates braden oprofile-0.9.2-8.fc7 dist-fc7 jkeating optipng-0.5.5-2.fc7 fe7-merge jkeating orage-4.4.1-2.fc7 dist-fc7-updates kevin @@ -2461,7 +2480,7 @@ paman-0.9.3-2.fc6 fe7-merge jkeating pan-0.132-1.fc7 dist-fc7-updates adalloz panelfm-1.2-2.fc7.1 dist-fc7 mtasaka -pango-1.16.4-1.fc7 dist-fc7 jkeating +pango-1.16.4-2.fc7 dist-fc7-updates behdad paprefs-0.9.5-2.fc7 dist-fc7-updates emoret paps-0.6.6-20.fc7 dist-fc7-updates tagoh papyrus-0.7.1-1.fc7 fe7-merge jkeating @@ -2543,6 +2562,7 @@ perl-CGI-Untaint-email-0.03-2.fc6 fe7-merge jkeating perl-CPAN-DistnameInfo-0.06-3.fc7 fe7-merge jkeating perl-CPANPLUS-0.78-1.fc7 fe7-merge jkeating +perl-CPANPLUS-Dist-Build-0.05-2.fc7 dist-fc7-updates cweyl perl-CSS-Tiny-1.14-1.fc6 fe7-merge jkeating perl-Cache-2.04-2.fc6 fe7-merge jkeating perl-Cache-Cache-1.05-1.fc6 fe7-merge jkeating @@ -2586,6 +2606,7 @@ perl-Class-DBI-mysql-1.00-2.fc6 fe7-merge jkeating perl-Class-Data-Accessor-0.04001-1.fc7 dist-fc7-updates cweyl perl-Class-Data-Inheritable-0.06-1.fc7 fe7-merge jkeating +perl-Class-Date-1.1.9-2.fc7 dist-fc7-updates brendt perl-Class-ErrorHandler-0.01-4.fc7 fe7-merge jkeating perl-Class-Factory-1.05-2.fc7 fe7-merge jkeating perl-Class-Factory-Util-1.7-1.fc7 fe7-merge jkeating @@ -2698,6 +2719,7 @@ perl-Devel-Symdump-2.07-1.fc7 dist-fc7 jkeating perl-Device-SerialPort-1.002-3.fc6 fe7-merge jkeating perl-Digest-BubbleBabble-0.01-5.fc7 fe7-merge jkeating +perl-Digest-CRC-0.10-2.fc7 dist-fc7-updates xulchris perl-Digest-HMAC-1.01-15 dist-fc6 jkeating perl-Digest-MD2-2.03-4.fc7 fe7-merge jkeating perl-Digest-MD4-1.5-3.fc6 fe7-merge jkeating @@ -2747,11 +2769,11 @@ perl-File-MMagic-XS-0.09002-1.fc7 dist-fc7-updates spot perl-File-MimeInfo-0.13-3.fc7 fe7-merge jkeating perl-File-Modified-0.07-4.fc7 dist-fc7 cweyl -perl-File-NCopy-0.34-6.fc7 dist-fc7-updates corsepiu +perl-File-NCopy-0.35-3.fc7 dist-fc7-updates corsepiu perl-File-NFSLock-1.20-2.fc6 fe7-merge jkeating perl-File-Next-0.40-1.fc7 dist-fc7 iburrell perl-File-ReadBackwards-1.04-3.fc7 fe7-merge jkeating -perl-File-Remove-0.37-1.fc7 dist-fc7-updates corsepiu +perl-File-Remove-0.38-1.fc7 dist-fc7-updates corsepiu perl-File-RsyncP-0.68-1.fc7 dist-fc7-updates mmcgrath perl-File-Slurp-9999.12-3.fc7 dist-fc7-updates corsepiu perl-File-Tail-0.99.3-5.fc6 fe7-merge jkeating @@ -3067,8 +3089,9 @@ perl-SQL-Abstract-Limit-0.12-3.fc6 fe7-merge jkeating perl-SQL-Library-0.0.3-2.fc6 fe7-merge jkeating perl-SQL-Statement-1.15-2.fc6 fe7-merge jkeating +perl-SQL-Translator-0.08001-2.fc7 dist-fc7-updates cweyl perl-SUPER-1.16-1.fc7 fe7-merge jkeating -perl-SVG-2.34-2.fc7 dist-fc7-updates alexlan +perl-SVG-2.36-2.fc7 dist-fc7-updates alexlan perl-SVG-Graph-0.01-6.fc7 fe7-merge jkeating perl-SVK-2.0.2-1.fc7 dist-fc7-updates iburrell perl-SVN-Mirror-0.73-1.fc7 dist-fc7-updates iburrell @@ -3099,6 +3122,7 @@ perl-Sys-Virt-0.1.1-9.fc7 fe7-merge jkeating perl-Taint-Runtime-0.03-1.fc7 dist-fc7-updates spot perl-TeX-Hyphen-0.140-5.fc6 fe7-merge jkeating +perl-Template-Alloy-1.007-3.fc7 dist-fc7-updates cweyl perl-Template-GD-2.66-2.fc7 fe7-merge jkeating perl-Template-Plugin-Class-0.13-2.fc6 fe7-merge jkeating perl-Template-Toolkit-2.18-1.fc7 fe7-merge jkeating @@ -3138,7 +3162,7 @@ perl-Test-Warn-0.10-1.fc7 dist-fc7 jpo perl-Test-use-ok-0.02-3.fc7 fe7-merge jkeating perl-Text-ASCIITable-0.18-2.fc7 fe7-merge jkeating -perl-Text-Aspell-0.08-1.fc7 dist-fc7-updates jjames +perl-Text-Aspell-0.09-1.fc7 dist-fc7-updates jjames perl-Text-Autoformat-1.13-5.fc7 fe7-merge jkeating perl-Text-CHM-0.01-2.fc6 fe7-merge jkeating perl-Text-CSV_XS-0.30-1.fc7 dist-fc7-updates jpo @@ -3152,7 +3176,7 @@ perl-Text-Quoted-2.02-3.fc7 dist-fc7-updates corsepiu perl-Text-RecordParser-v1.2.1-3.fc7 dist-fc7-updates cweyl perl-Text-Reform-1.11-7.fc7 fe7-merge jkeating -perl-Text-Shellwords-1.08-1.fc7 fe7-merge jkeating +perl-Text-Shellwords-1.08-3.fc7 dist-fc7-updates alexlan perl-Text-SimpleTable-0.03-2.fc7 dist-fc7 cweyl perl-Text-TabularDisplay-1.22-3.fc7 dist-fc7 cweyl perl-Text-Template-1.44-4.fc6 fe7-merge jkeating @@ -3337,12 +3361,12 @@ php-pecl-apc-3.0.14-1.fc7 dist-fc7-updates chabotc php-pecl-mailparse-2.1.1-6.fc7 dist-fc7-updates thias php-pecl-memcache-2.2.0-1.fc7 dist-fc7-updates remi -php-pecl-phar-1.2.1-1.fc7 dist-fc7-updates remi +php-pecl-phar-1.2.2-1.fc7 dist-fc7-updates remi php-pecl-radius-1.2.5-2.fc7 dist-fc7-updates xulchris php-pecl-xdebug-2.0.0-2.fc7 dist-fc7-updates xulchris php-shout-0.9.2-1.fc7 fe7-merge jkeating php-spyc-0.2.5-1.fc7 dist-fc7-updates stahnma -phpMyAdmin-2.11.0-1.fc7 dist-fc7-updates mmcgrath +phpMyAdmin-2.11.1.2-1.fc7 dist-fc7-updates mmcgrath phpPgAdmin-4.1.3-2.fc7 dist-fc7-updates devrim phpTodo-0.8.1-0.8.beta.fc7 dist-fc7-updates deebs phpldapadmin-1.0.1-1.fc6 fe7-merge jkeating @@ -3358,7 +3382,7 @@ pikdev-0.9.2-2.fc6 fe7-merge jkeating piklab-0.14.5-1.fc7 dist-fc7-updates dionysos pikloops-0.2.4-1.fc7 dist-fc7-updates dionysos -pilot-link-0.12.2-3.fc7 dist-fc7-updates varekova +pilot-link-0.12.2-4.fc7 dist-fc7-updates varekova pinball-0.3.1-7.fc7 fe7-merge jkeating pinentry-0.7.2-14.fc7 fe7-merge jkeating pinfo-0.6.9-3.fc7 dist-fc7 jkeating @@ -3412,17 +3436,17 @@ portaudio-18.1-8.fc6 fe7-merge jkeating poster-20060221-4.fc7 dist-fc7-updates lkundrak postfix-2.4.3-2.fc7 dist-fc7-updates twoerner -postgis-1.2.1-2.fc7 dist-fc7-updates devrim +postgis-1.3.1-1.fc7 dist-fc7-updates devrim postgresql-8.2.5-1.fc7 dist-fc7-updates tgl postgresql-dbi-link-2.0.0-3.fc7 fe7-merge jkeating postgresql-jdbc-8.2.504-1jpp.fc7 dist-fc7 jkeating postgresql-odbc-08.01.0200-4.fc7 dist-fc7 jkeating -postgresql-pgpool-3.4-1.fc7 dist-fc7-updates devrim +postgresql-pgpool-3.4.1-1.fc7 dist-fc7-updates devrim postgresql-pgpool-II-1.2.1-1.fc7 dist-fc7-updates devrim postgresql-table_log-0.4.4-2.fc7 dist-fc7-updates devrim postgresql_autodoc-1.30-2.fc7 dist-fc7-updates devrim postgrey-1.27-4.fc7 fe7-merge jkeating -postr-0.8-1.fc7 dist-fc7-updates trondd +postr-0.9-1.fc7 dist-fc7-updates trondd powerman-1.0.25-2.fc7 fe7-merge jkeating powermanga-0.80-4.fc7 dist-fc7-updates thias powertop-1.7-3.fc7 dist-fc7-updates ajax @@ -3440,7 +3464,7 @@ prewikka-0.9.8-1.fc7 fe7-merge jkeating printer-filters-1.1-1.fc7 dist-fc7-updates lkundrak privoxy-3.0.6-7.fc7 dist-fc7 jkeating -procinfo-18-20.fc7 dist-fc7 jkeating +procinfo-18-21.fc7 dist-fc7-updates tsmetana procmail-3.22-19.fc7 dist-fc7 jkeating procps-3.2.7-16.fc7 dist-fc7-updates tsmetana professor-is-missing-0.1-3.fc7 dist-fc7-updates limb @@ -3505,7 +3529,7 @@ pyscript-0.6-6.fc7 fe7-merge jkeating pyserial-2.2-5.fc7 fe7-merge jkeating pyspi-0.6.1-3.fc7 dist-fc7 jkeating -python-2.5-12.fc7 dist-fc7 jkeating +python-2.5-14.fc7 dist-fc7-updates james python-4Suite-XML-1.0.2-1 fe7-merge jkeating python-BeautifulSoup-3.0.4-1.fc7 dist-fc7 kwizart python-CDDB-1.4-1.fc7 fe7-merge jkeating @@ -3517,6 +3541,7 @@ python-TestGears-0.2-4.fc7 fe7-merge jkeating python-TurboMail-2.0.4-2.fc7 dist-fc7-updates lmacken python-adns-1.2.1-1.fc7 dist-fc7-updates rvokal +python-alsa-1.0.14-1.fc7 dist-fc7-updates andriy python-alsaaudio-0.2-2.fc7 fe7-merge jkeating python-amara-1.2.0.2-2.fc7 dist-fc7-updates jamatos python-basemap-0.9.5-1.fc7 fe7-merge jkeating @@ -3536,7 +3561,7 @@ python-dateutil-1.1-5.fc7 fe7-merge jkeating python-decoratortools-1.4-2.fc7 dist-fc7 lmacken python-dialog-2.7-6.fc7 fe7-merge jkeating -python-dns-1.5.0-1.fc7 fe7-merge jkeating +python-dns-1.5.0-2.fc7 dist-fc7-updates jcollie python-docs-2.5-1.fc7 dist-fc7 jkeating python-docutils-0.4-7.fc7 dist-fc7-updates toshio python-durus-3.5-3.fc7 fe7-merge jkeating @@ -3547,8 +3572,8 @@ python-fedora-0.2.90.19-1.fc7 dist-fc7-updates toshio python-feedparser-4.1-3.fc7 dist-fc7-updates icon python-formencode-0.7.1-1.fc7 fe7-merge jkeating -python-fpconst-0.7.2-3.fc7.2 fe7-merge jkeating -python-gammu-0.20-1.fc7 dist-fc7-updates laxathom +python-fpconst-0.7.3-1.fc7 dist-fc7-updates xulchris +python-gammu-0.22-3.fc7 dist-fc7-updates laxathom python-genshi-0.4.4-1.fc7 dist-fc7-updates jcollie python-goopy-0.1-4.fc7 fe7-merge jkeating python-gpod-0.4.2-1.fc7 fe7-merge jkeating @@ -3587,9 +3612,9 @@ python-ogg-1.3-5.fc7 fe7-merge jkeating python-openid-1.2.0-1.fc7 fe7-merge jkeating python-paramiko-1.7.1-2.fc7 dist-fc7-updates jcollie -python-paste-1.2.1-1.fc7 fe7-merge jkeating +python-paste-1.4.2-1.fc7 dist-fc7-updates lmacken python-paste-deploy-1.1-1.fc7 fe7-merge jkeating -python-paste-script-1.1-1.fc7 fe7-merge jkeating +python-paste-script-1.3.6-1.fc7 dist-fc7-updates lmacken python-pgsql-0.9.6-1.fc7 dist-fc7-updates icon python-protocols-1.0-0.6.a0dev_r2302.fc7 dist-fc7 lmacken python-psyco-1.5.1-5.fc7 fe7-merge jkeating @@ -3606,19 +3631,19 @@ python-ruledispatch-0.5a0-0.5.svnr2306.fc7 dist-fc7 lmacken python-setuptools-0.6c7-1.fc7 dist-fc7-updates icon python-sexy-0.1.9-3.fc7 fe7-merge jkeating -python-simplejson-1.7-2.fc7 fe7-merge jkeating +python-simplejson-1.7.3-1.fc7 dist-fc7-updates lmacken python-simpletal-4.1-5.fc7 fe7-merge jkeating python-simpy-1.8-1.fc7 fe7-merge jkeating python-smbpasswd-1.0.1-5.fc7 fe7-merge jkeating python-sqlalchemy-0.3.10-2.fc7 dist-fc7-updates toshio python-sqlite2-2.3.3-1.fc7 fe7-merge jkeating -python-sqlobject-0.9.0-1.fc7 dist-fc7-updates lmacken +python-sqlobject-0.9.1-1.fc7 dist-fc7-updates lmacken python-tag-0.91-3.fc7 dist-fc7 thias python-telepathy-0.13.12-1.fc7 dist-fc7-updates bpepple python-tgfastdata-0.9a6-6.fc7 fe7-merge jkeating python-tpg-3.1.0-4.fc7 fe7-merge jkeating python-turbocheetah-0.9.5-7.fc7 fe7-merge jkeating -python-turbojson-0.9.9-3.fc7 fe7-merge jkeating +python-turbojson-1.1-2.fc7 dist-fc7-updates lmacken python-turbokid-1.0.3-1.fc7 dist-fc7-updates lmacken python-twisted-2.4.0-3.fc7 fe7-merge jkeating python-twisted-conch-0.8.0-1.fc7 dist-fc7-updates thomasvs @@ -3645,7 +3670,7 @@ pyxf86config-0.3.33-1.fc7 dist-fc7 jkeating pyxmms-2.06-4.fc7 fe7-merge jkeating pyzor-0.4.0-11.fc7 fe7-merge jkeating -q-7.6-2.fc7 fe7-merge jkeating +q-7.8-1.fc7 dist-fc7-updates gemi qa-assistant-0.4.90.5-2.fc6 fe7-merge jkeating qalculate-gtk-0.9.6-1.fc7 dist-fc7-updates deji qalculate-kde-0.9.6-1.fc7 dist-fc7-updates deji @@ -3666,6 +3691,10 @@ qimageblitz-0.0.4-0.2.svn706674.fc7 dist-fc7-updates kkofler qiv-2.0-7.fc7 fe7-merge jkeating qjackctl-0.2.20-7.fc6 fe7-merge jkeating +ql2100-firmware-1.19.38-1.fc7.1 dist-fc7-updates spot +ql2200-firmware-2.02.08-1.fc7.1 dist-fc7-updates spot +ql23xx-firmware-3.03.20-1.fc7.1 dist-fc7-updates spot +ql2400-firmware-4.00.27-1.fc7.1 dist-fc7-updates spot qof-0.7.0-1.fc6 fe7-merge jkeating qpidc-0.2-5.fc7 fe7-merge jkeating qps-1.9.19-0.2.b.fc7 fe7-merge jkeating @@ -3679,7 +3708,7 @@ qt-qsa-1.1.5-1.fc7 dist-fc7-updates belegdol qt4-4.3.2-1.fc7 dist-fc7-updates rdieter qt4-qsa-1.2.2-4.fc7 dist-fc7-updates frankb -qt4-theme-quarticurve-0.0-0.2.beta3.fc7 dist-fc7-updates kkofler +qt4-theme-quarticurve-0.0-0.6.1.beta5.fc7 dist-fc7-updates kkofler qtparted-0.4.5-15.fc7 dist-fc7-updates steve qtpfsgui-1.8.12-1.fc7 dist-fc7-updates silfreed quadkonsole-2.0.2-1.fc7 fe7-merge jkeating @@ -3702,9 +3731,9 @@ raidem-0.3.1-5.fc6 fe7-merge jkeating raidem-music-1.0-1 fe7-merge jkeating rapidsvn-0.9.4-4.fc7 fe7-merge jkeating -raptor-1.4.14-3.fc7 fe7-merge jkeating +raptor-1.4.16-1.fc7 dist-fc7-updates kkofler rarpd-ss981107-22.2.2 dist-fc6 jkeating -rasqal-0.9.12-5.fc7 fe7-merge jkeating +rasqal-0.9.14-2.fc7 dist-fc7-updates kkofler ratpoison-1.4.1-0.fc7 dist-fc7-updates jwb rawstudio-0.6-1.fc7 dist-fc7-updates giallu rb_libtorrent-0.12-1.fc7 dist-fc7-updates pgordon @@ -3720,14 +3749,14 @@ readline-5.2-4.fc7 dist-fc7 jkeating reciteword-0.8.3-4.fc7 dist-fc7-updates zhu recode-3.6-23.fc7 fe7-merge jkeating -recordmydesktop-0.3.4-1.fc7 dist-fc7-updates sindrepb +recordmydesktop-0.3.6-1.fc7 dist-fc7-updates sindrepb redet-8.22-4.fc7 dist-fc7-updates nigelj redet-doc-8.22-1.fc7 dist-fc7-updates nigelj redhat-artwork-7.0.0-11.fc7 dist-fc7-updates than redhat-lsb-3.1-14.fc7 dist-fc7 jkeating redhat-menus-8.9.10-3.fc7 dist-fc7-updates mbarnes redhat-rpm-config-8.0.45-15.fc7 dist-fc7 jkeating -redland-1.0.5-4.fc7 dist-fc7-updates kkofler +redland-1.0.6-2.fc7 dist-fc7-updates kkofler referencer-1.0.4-1.fc7 dist-fc7-updates deji regexp-1.4-3jpp.1.fc7 dist-fc7 jkeating regexxer-0.9-1.fc7 fe7-merge jkeating @@ -3767,10 +3796,10 @@ roundup-1.3.3-2.fc7 dist-fc7-updates stingray roxterm-1.7.4-4.fc7 dist-fc7-updates svahl rp-pppoe-3.8-1.fc7 dist-fc7 jkeating -rpcbind-0.1.4-6.fc7 dist-fc7 steved +rpcbind-0.1.4-8.fc7 dist-fc7-updates steved rpl-1.5.3-4.fc6 fe7-merge jkeating rpld-1.8-0.1.beta1.fc6 fe7-merge jkeating -rpm-4.4.2.1-1.fc7 dist-fc7-updates pmatilai +rpm-4.4.2.2-2.fc7 dist-fc7-updates pmatilai rpmdevtools-6.1-0.1.fc7 dist-fc7-updates scop rpmlint-0.81-1.fc7 dist-fc7-updates scop rpmrebuild-2.1.1-9.fc7 dist-fc7-updates afsilva @@ -3779,7 +3808,7 @@ rsh-0.17-40.fc7 dist-fc7 jkeating rsibreak-0.8.0-2.fc7 dist-fc7-updates liquidat rsnapshot-1.3.0-1.fc7 dist-fc7-updates xris -rss-glx-0.8.1.p-11.fc7 dist-fc7-updates nphilipp +rss-glx-0.8.1.p-15.fc7 dist-fc7-updates nphilipp rss2email-2.60-3.fc7 fe7-merge jkeating rsync-2.6.9-3.fc7 dist-fc7-updates simo rt3-3.6.3-1.fc7 fe7-merge jkeating @@ -3787,7 +3816,7 @@ rt73usb-firmware-1.8-4 dist-fc7-updates kwizart rtorrent-0.7.4-2.fc7 dist-fc7-updates chabotc rtpproxy-0.3-1.fc7 fe7-merge jkeating -ruby-1.8.6.110-1.fc7 dist-fc7-updates tagoh +ruby-1.8.6.111-1.fc7 dist-fc7-updates tagoh ruby-activerecord-1.15.1-1.fc7 fe7-merge jkeating ruby-activesupport-1.4.0-1.fc7 fe7-merge jkeating ruby-amazon-0.9.2-3.fc7 dist-fc7 mtasaka @@ -3796,7 +3825,7 @@ ruby-cairo-1.4.1-2.fc7 fe7-merge jkeating ruby-fam-0.2.0-3.fc7 fe7-merge jkeating ruby-gettext-package-1.10.0-1.fc7 dist-fc7-updates mtasaka -ruby-gnome2-0.16.0-7.fc7 dist-fc7-updates allisson +ruby-gnome2-0.16.0-14.fc7 dist-fc7-updates allisson ruby-mecab-0.96-1.fc7 dist-fc7-updates mtasaka ruby-mysql-2.7.1-2.fc6 fe7-merge jkeating ruby-postgres-0.7.1-6.fc7 fe7-merge jkeating @@ -3809,11 +3838,11 @@ rubygem-rake-0.7.3-2.fc7 dist-fc7-updates lutter rubygems-0.9.4-1.fc7 dist-fc7-updates lutter rudeconfig-5.0.5-1.fc7 fe7-merge jkeating -rusers-0.17-47 dist-fc6 jkeating +rusers-0.17-48.fc7 dist-fc7-updates steved rwall-0.17-25.2.2 dist-fc6 jkeating rwho-0.17-26 dist-fc6 jkeating rxvt-2.7.10-11.fc6 fe7-merge jkeating -rxvt-unicode-8.3-1.fc7 dist-fc7-updates awjb +rxvt-unicode-8.4-1.fc7 dist-fc7-updates awjb rzip-2.1-1.fc7 fe7-merge jkeating s390utils-1.5.4-4.fc7 dist-fc7 jkeating s3switch-0.0-9.20020912.fc6 fe7-merge jkeating @@ -3851,7 +3880,7 @@ scim-skk-0.5.2-8.fc6 fe7-merge jkeating scim-tables-0.5.7-3.fc7 dist-fc7 jkeating scim-tomoe-0.5.0-3.fc7 fe7-merge jkeating -scipy-0.5.2-2.2.fc7 fe7-merge jkeating +scipy-0.6.0-3.fc7 dist-fc7-updates jspaleta scite-1.74-1.fc7 dist-fc7-updates jorge scmxx-0.8.2-3.fc6 fe7-merge jkeating scons-0.97-2.fc7 dist-fc7 gemi @@ -3867,13 +3896,14 @@ scrollkeeper-0.3.14-11.fc7 dist-fc7 jkeating scrot-0.8-2.fc7 fe7-merge jkeating scrub-1.9-1.fc7 dist-fc7-updates spot +scsi-target-utils-0.0-1.20070803snap.fc7 dist-fc7-updates terjeros scummvm-0.9.1-3.fc7 fe7-merge jkeating sdcc-2.6.0-10.fc7 fe7-merge jkeating sdljava-0.9.1-4.fc7 dist-fc7-updates jwrdegoede sdparm-1.01-2.fc7 dist-fc7-updates terjeros seahorse-1.0.1-6.fc7 dist-fc7-updates skvidal seahorse-adventures-1.0-1.fc7 fe7-merge jkeating -seamonkey-1.1.3-2.fc7 dist-fc7-updates stransky +seamonkey-1.1.5-1.fc7 dist-fc7-updates kengert sear-0.6.3-4.fc7 fe7-merge jkeating sear-media-0.6-3 fe7-merge jkeating seaview-2.0-1.fc7 dist-fc7-updates c4chris @@ -3920,16 +3950,16 @@ slingshot-0.8.1p-1.fc7 dist-fc7-updates limb sloccount-2.26-6 fe7-merge jkeating slrn-0.9.8.1pl1-2.fc7 dist-fc7 jkeating -smart-0.50-46.fc7 dist-fc7-updates athimm +smart-0.50-47.fc7 dist-fc7-updates athimm smarteiffel-2.2-6.fc6 fe7-merge jkeating smartmontools-5.37-3.2.fc7 dist-fc7-updates tsmetana smashteroid-1.11-2.fc7 fe7-merge jkeating smb4k-0.8.4-1.fc7 dist-fc7-updates mgarski smbldap-tools-0.9.2-5.fc7 fe7-merge jkeating -smolt-0.9.8.4-4.fc7 dist-fc7-updates mmcgrath +smolt-0.9.9-1.fc7 dist-fc7-updates mmcgrath snort-2.7.0.1-3.fc7 dist-fc7-updates ausil snownews-1.5.7-5.fc6 fe7-merge jkeating -sobby-0.4.3-2.fc7 fe7-merge jkeating +sobby-0.4.4-1.fc7 dist-fc7-updates lmacken socat-1.5.0.0-5.fc7 fe7-merge jkeating sofia-sip-1.12.6-10.fc7 dist-fc7-updates jcollie sofsip-cli-0.13-3.fc7 dist-fc7-updates jcollie @@ -3946,9 +3976,9 @@ sox-13.0.0-1 dist-fc7 jkeating spamass-milter-0.3.1-4.fc6 fe7-merge jkeating spamassassin-3.2.3-1.fc7 dist-fc7-updates wtogami -spambayes-1.0.4-4.fc7 fe7-merge jkeating +spambayes-1.0.4-5.fc7 dist-fc7-updates xulchris spampd-2.30-3.fc7 fe7-merge jkeating -spandsp-0.0.4-0.3.pre7.fc7 dist-fc7-updates jcollie +spandsp-0.0.4-0.4.pre8.fc7 dist-fc7-updates jcollie sparse-0.3-1.fc7 dist-fc7 roland specspo-14-1.fc7 dist-fc7 mbacovsk specto-0.2.2-1.fc7 dist-fc7-updates laxathom @@ -3967,7 +3997,7 @@ srecord-1.35-1.fc7 dist-fc7-updates jpo ss5-3.5.9-4 fe7-merge jkeating sshfp-1.1.2-1.fc7 fe7-merge jkeating -ssmtp-2.61-11.3.fc7.1 dist-fc7-updates wolfy +ssmtp-2.61-11.4.fc7 dist-fc7-updates wolfy ssss-0.5-3.fc7 dist-fc7-updates pwouters star-1.5a84-3.fc7 dist-fc7-updates mildew stardict-3.0.0-3.fc7 dist-fc7-updates zhu @@ -3993,7 +4023,7 @@ stunnel-4.20-2 dist-fc7 jkeating sturmbahnfahrer-1.2-2.fc7 fe7-merge jkeating subcommander-1.2.2-5.fc7 dist-fc7-updates s4504kr -subversion-1.4.3-4 dist-fc7 jkeating +subversion-1.4.4-1.fc7 dist-fc7-updates jorton subversion-api-docs-1.4.3-1.fc7 fe7-merge jkeating suck-4.3.2-18.fc7 dist-fc7-updates s4504kr sudo-1.6.8p12-14.fc7 dist-fc7 jkeating @@ -4047,7 +4077,7 @@ system-config-kickstart-2.7.7.1-1.fc7 dist-fc7-updates clumens system-config-language-1.1.16-1.fc7 dist-fc7 jkeating system-config-lvm-1.1.1-1.0.fc7 dist-fc7 jkeating -system-config-netboot-0.1.41-1.FC6 dist-fc6 jkeating +system-config-netboot-0.1.42-1.fc7 dist-fc7-updates rbrich system-config-network-1.3.96.2-1.fc7 dist-fc7-updates harald system-config-nfs-1.3.25-1.fc7 dist-fc7-updates jkeating system-config-printer-0.7.63.4-1.fc7 dist-fc7-updates twaugh @@ -4074,8 +4104,8 @@ tango-icon-theme-0.8.1-1.fc7 dist-fc7-updates pgordon tango-icon-theme-extras-0.1.0-1.fc7 fe7-merge jkeating tanukiwrapper-3.2.1-2jpp.3 dist-fc6 jkeating -tar-1.15.1-27.fc7 dist-fc7-updates rbrich -taskjuggler-2.4.0-2.fc7 dist-fc7-updates ovasik +tar-1.15.1-28.fc7 dist-fc7-updates rbrich +taskjuggler-2.4.0-3.fc7 dist-fc7-updates ovasik tasks-0.9-1.fc7 dist-fc7-updates dyoung tastymenu-0.8.2-1.fc7 dist-fc7-updates nixaff4 taxipilot-0.9.1-2.fc7 dist-fc7 jwrdegoede @@ -4100,10 +4130,11 @@ tcpdump-3.9.7-1.fc7 dist-fc7-updates mlichvar tcpick-0.2.1-13.fc7 dist-fc7-updates robert tcpreplay-3.2.0-1.fc7 dist-fc7-updates bojan -tcptraceroute-1.5-0.1.beta7.fc7 dist-fc7-updates sindrepb +tcptraceroute-1.5-0.4.beta7.fc7 dist-fc7-updates sindrepb +tcputils-0.6.2-2.fc7 dist-fc7-updates allisson tcpxtract-1.0.1-7.fc7 fe7-merge jkeating tcsh-6.14-15 dist-fc7 jkeating -tdom-0.8.0-2.fc7 dist-fc7 wart +tdom-0.8.2-2.fc7 dist-fc7-updates wart tecnoballz-0.91-6.fc7 dist-fc7-updates musuruan telepathy-butterfly-0.1.4-1.fc7 fe7-merge jkeating telepathy-feed-0.13-2.fc6 fe7-merge jkeating @@ -4117,7 +4148,7 @@ telescope-server-0-0.1.20070315.fc7 fe7-merge jkeating tellico-1.2.14-2.fc7 dist-fc7-updates jamatos telnet-0.17-38.fc7 dist-fc7 jkeating -tempest-0-0.3.20070929.fc7 dist-fc7-updates oddsocks +tempest-0-0.4.20070929.fc7 dist-fc7-updates mtasaka tenr-de-styles-pkg-1.1-1.fc7 fe7-merge jkeating termcap-5.5-1.20060701.1 dist-fc6 jkeating terminus-font-4.20-5.fc6 fe7-merge jkeating @@ -4147,7 +4178,7 @@ themes-backgrounds-gnome-0.4-6.fc6 fe7-merge jkeating theora-exp-0.0.1-0.1.svn12061.fc7 fe7-merge jkeating thewidgetfactory-0.2.1-3.fc7 dist-fc7-updates luya -thinkfinger-0.3-5.fc7 dist-fc7-updates mikeb +thinkfinger-0.3-6.fc7 dist-fc7-updates belegdol thttpd-2.25b-13.fc7 dist-fc7-updates thias thunar-archive-plugin-0.2.4-2.fc7 fe7-merge jkeating thunar-media-tags-plugin-0.1.2-2.fc7 fe7-merge jkeating @@ -4161,15 +4192,15 @@ tilda-0.9.4-6.fc7 fe7-merge jkeating tile-0.7.8-1.fc7 fe7-merge jkeating time-1.7-29.fc7 dist-fc7 jkeating -timidity++-2.13.2-1.2.2 dist-fc6 jkeating +timidity++-2.13.2-4.fc7 dist-fc7-updates jwrdegoede tin-1.8.2-1.fc6 fe7-merge jkeating tinyca2-0.7.5-3.fc7 fe7-merge jkeating -tinyerp-4.0.3-2.fc7 dist-fc7-updates sharkcz +tinyerp-4.0.3-3.fc7 dist-fc7-updates sharkcz tinyfugue-5.0-0.6.b8.fc7 fe7-merge jkeating tiobench-0.3.3-6 fe7-merge jkeating tiquit-2.4-5.fc7 dist-fc7-updates limb tix-8.4.2-1 dist-fc7 jkeating -tk-8.4.13-5.fc7 dist-fc7 jkeating +tk-8.4.13-6.fc7 dist-fc7-updates mmaslano tk-tktreectrl-2.2.3-1.fc7 dist-fc7-updates wart tkcon-2.4-4.fc6 fe7-merge jkeating tkcvs-8.0.4-2.fc7 dist-fc7 gemi @@ -4186,7 +4217,7 @@ tomcat5-5.5.23-9jpp.2.fc7 dist-fc7 vivekl tomoe-0.5.1-1.fc7 fe7-merge jkeating tong-1.0-8.fc7 fe7-merge jkeating -toped-0.8.5-1.fc7 fe7-merge jkeating +toped-0.8.6-1.fc7 dist-fc7-updates chitlesh tor-0.1.2.17-1.fc7 dist-fc7-updates ensc torcs-1.3.0-1.fc7 fe7-merge jkeating torcs-data-1.3.0-1 fe7-merge jkeating @@ -4233,6 +4264,7 @@ ufraw-0.12-1.fc7 dist-fc7-updates nphilipp ufsparse-2.1.1-1.fc6 fe7-merge jkeating uim-1.4.1-4.fc7 dist-fc7-updates tagoh +uisp-20050207-1.fc7 dist-fc7-updates trondd ularn-1.5p4-8.fc7 fe7-merge jkeating ulogd-1.24-4.fc7 dist-fc7-updates abompard uncrustify-0.30-1.fc7 fe7-merge jkeating @@ -4277,6 +4309,7 @@ vdr-femon-1.1.3-1.fc7 dist-fc7-updates scop vdr-osdteletext-0.5.1-27.fc7 fe7-merge jkeating vdr-skins-20061119-2 fe7-merge jkeating +vdr-skinsoppalusikka-1.0.5-2.fc7 dist-fc7-updates vpv vdr-subtitles-0.5.0-1.fc7 fe7-merge jkeating vdr-sudoku-0.1.3-1.fc7 fe7-merge jkeating vdr-text2skin-1.1-18.20051217cvs.fc7 fe7-merge jkeating @@ -4302,15 +4335,15 @@ vixie-cron-4.1-84.fc7 dist-fc7-updates mmaslano vkeybd-0.1.17a-3.fc7 fe7-merge jkeating vlock-1.3-25.fc7 dist-fc7 jkeating -vnc-4.1.2-18.fc7 dist-fc7-updates atkac +vnc-4.1.2-19.fc7 dist-fc7-updates atkac vnc-ltsp-config-4.0-3 fe7-merge jkeating vnc-reflector-1.2.4-3.fc7 fe7-merge jkeating vnstat-1.4-9.fc7 fe7-merge jkeating -vorbis-tools-1.1.1.svn20070412-2.fc7 dist-fc7 caillon +vorbis-tools-1.1.1.svn20070412-3.fc7 dist-fc7-updates tmz vorbisgain-0.36-1.fc6 fe7-merge jkeating vpnc-0.4.0-2.fc7 fe7-merge jkeating vsftpd-2.0.5-16.fc7 dist-fc7 jkeating -vte-0.16.8-1.fc7 dist-fc7-updates mclasen +vte-0.16.9-1.fc7 dist-fc7-updates behdad vtk-5.0.3-18.2.fc7 dist-fc7-updates athimm vtkdata-5.0.3-6.fc7 dist-fc7-updates athimm vym-1.8.1-8.fc7 fe7-merge jkeating @@ -4319,7 +4352,7 @@ w3m-0.5.2-1.fc7 dist-fc7-updates pnemade w3m-el-1.4.4-6.fc7 fe7-merge jkeating wallpapoz-0.4.1-1.fc7 dist-fc7-updates mtasaka -wammu-0.19-3.fc7 dist-fc7-updates laxathom +wammu-0.23-1.fc7 dist-fc7-updates laxathom warzone2100-2.0.7-3.fc7 dist-fc7-updates karlik wavbreaker-0.8.1-3.fc7 dist-fc7-updates dmaley wavpack-4.41-1.fc7 dist-fc7 peter @@ -4329,7 +4362,7 @@ wdm-1.28-7.fc7 fe7-merge jkeating webalizer-2.01_10-32 dist-fc7 jkeating websec-1.9.0-4 fe7-merge jkeating -weechat-0.2.5-1.fc7 dist-fc7-updates stingray +weechat-0.2.6-1.fc7 dist-fc7-updates stingray werken-xpath-0.9.4-0.beta.12jpp.2 dist-fc7 jkeating wesnoth-1.2.7-1.fc7 dist-fc7-updates bpepple wfmath-0.3.6-1.fc7 dist-fc7-updates wart @@ -4345,8 +4378,8 @@ wifiroamd-1.11-1.fc6 fe7-merge jkeating wildmidi-0.2.2-1.fc7 dist-fc7-updates jwrdegoede windowlab-1.34-4.fc7 fe7-merge jkeating -wine-0.9.46-1.fc7 dist-fc7-updates awjb -wine-docs-0.9.46-1.fc7 dist-fc7-updates awjb +wine-0.9.48-1.fc7 dist-fc7-updates awjb +wine-docs-0.9.48-1.fc7 dist-fc7-updates awjb wings-0.98.36-1.fc7 fe7-merge jkeating winpdb-1.2.2-1.fc7.1 dist-fc7-updates spot wireless-tools-28-4.fc7 dist-fc7 caillon @@ -4385,6 +4418,7 @@ wxPython-2.8.4.0-1.fc7 dist-fc7-updates mattdm wxdfast-0.6.0-3.fc7 dist-fc7-updates drago01 wxsvg-1.0-0.3.b7_3.fc7 dist-fc7-updates thias +wyrd-1.4.3-3.fc7 dist-fc7-updates till x11-ssh-askpass-1.2.4.1-2.fc6 fe7-merge jkeating x2vnc-1.7.2-6.fc7 fe7-merge jkeating x3270-3.3.4p7-5.fc6 fe7-merge jkeating @@ -4392,7 +4426,7 @@ xalan-j2-2.7.0-6jpp.1 dist-fc6 jkeating xaos-3.2.3-1.fc7 fe7-merge jkeating xapian-bindings-1.0.2-3.fc7 dist-fc7-updates drago01 -xapian-core-1.0.2-1.fc7 dist-fc7-updates drago01 +xapian-core-1.0.2-2.fc7 dist-fc7-updates drago01 xar-1.5-1.fc7 dist-fc7-updates thias xarchiver-0.4.9-0.2.20070103svn24249.fc7 fe7-merge jkeating xarchon-0.50-3.fc6 fe7-merge jkeating @@ -4410,8 +4444,8 @@ xchat-2.8.4-5.fc7 dist-fc7-updates kkofler xchat-gnome-0.18-3.fc7 dist-fc7-updates bpepple xchm-1.10-2.fc7 fe7-merge jkeating -xcircuit-3.4.26-20.fc7 fe7-merge jkeating -xclip-0.08-3.fc7 fe7-merge jkeating +xcircuit-3.4.27-1.fc7 dist-fc7-updates chitlesh +xclip-0.10-1.fc7 dist-fc7-updates spot xcompmgr-1.1.3-6.fc6 fe7-merge jkeating xdaliclock-2.23-3.fc6 fe7-merge jkeating xdelta-1.1.4-1.fc7 dist-fc7 jkeating @@ -4478,6 +4512,7 @@ xfwm4-4.4.1-1.fc7 fe7-merge jkeating xfwm4-themes-4.4.1-1.fc7 fe7-merge jkeating xgalaxy-2.0.34-5.fc6 fe7-merge jkeating +xgrav-1.2.0-4.fc7 dist-fc7-updates limb xgrep-0.06-3.fc7 dist-fc7-updates brendt xhtml1-dtds-1.0-7.1.1 dist-fc6 jkeating xine-lib-1.1.7-1.fc7 dist-fc7-updates scop @@ -4606,7 +4641,7 @@ xorg-x11-xtrans-devel-1.0.3-2.1.fc7 dist-fc7-updates ajax xosd-2.2.14-9.fc7 fe7-merge jkeating xournal-0.3.3-5.fc7 dist-fc7-updates rvinyard -xpa-2.1.7-0.1.b2.fc7 fe7-merge jkeating +xpa-2.1.7-0.3.b2.fc7 dist-fc7-updates sergiopr xpdf-3.02-3.fc7 dist-fc7-updates spot xpilot-ng-4.7.2-12.fc7 fe7-merge jkeating xplanet-1.2.0-2.1.fc6 fe7-merge jkeating @@ -4617,7 +4652,7 @@ xsane-0.994-3.fc7 dist-fc7 jkeating xsc-1.5-2.fc7 dist-fc7-updates limb xscorch-0.2.0-10.fc7 dist-fc7-updates mgarski -xscreensaver-5.03-10.fc7 dist-fc7-updates mtasaka +xscreensaver-5.03-12.fc7 dist-fc7-updates mtasaka xsp-1.2.1-1.fc7 fe7-merge jkeating xsri-2.1.0-10.fc6 dist-fc6 jkeating xsupplicant-1.2.8-1.fc7.1 fe7-merge jkeating @@ -4633,17 +4668,17 @@ yafc-1.1.1-8.fc7 dist-fc7-updates xris yafray-0.0.9-2.fc7 dist-fc7-updates kwizart yakuake-2.7.5-4.fc7 fe7-merge jkeating -yap-5.1.1-5.fc7 dist-fc7-updates gemi +yap-5.1.1-8.fc7 dist-fc7-updates gemi yasm-0.6.0-1.fc7 fe7-merge jkeating yaz-2.1.54-1.fc7 fe7-merge jkeating -yelp-2.18.1-5.fc7 dist-fc7-updates kengert +yelp-2.18.1-6.fc7 dist-fc7-updates caillon yp-tools-2.9-1 dist-fc7-updates steved ypbind-1.19-9.fc7 dist-fc7 jkeating -ypserv-2.19-5.fc7 dist-fc7-updates steved +ypserv-2.19-6.fc7 dist-fc7-updates steved ytalk-3.3.0-6.fc6 fe7-merge jkeating -yum-3.2.5-1.fc7 dist-fc7-updates skvidal +yum-3.2.7-1.fc7 dist-fc7-updates skvidal yum-arch-2.2.2-2.fc7 fe7-merge jkeating -yum-cron-0.5-1.fc7 dist-fc7-updates habig +yum-cron-0.6-1.fc7 dist-fc7-updates habig yum-metadata-parser-1.1.0-2.fc7 dist-fc7 katzj yum-presto-0.3.10-1.fc7 dist-fc7-updates jdieter yum-utils-1.1.7-1.fc7 dist-fc7-updates timlau From fedora-security-commits at redhat.com Fri Nov 2 16:30:08 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 2 Nov 2007 12:30:08 -0400 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.5, 1.6 f9, 1.4, 1.5 Message-ID: <200711021630.lA2GU8fA005421@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5396 Modified Files: f8 f9 Log Message: Tracking bugs for cpio. Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- f8 2 Nov 2007 00:06:47 -0000 1.5 +++ f8 2 Nov 2007 16:30:06 -0000 1.6 @@ -31,7 +31,7 @@ CVE-2007-4619 version (flac, fixed 1.2) #332581 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. -CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) #339691 +CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) #363891 CVE-2007-4400 VULNERABLE (konversation) #362921 Remove media script? CVE-2007-4351 VULNERABLE (cups) #362971 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- f9 2 Nov 2007 00:06:47 -0000 1.4 +++ f9 2 Nov 2007 16:30:06 -0000 1.5 @@ -30,7 +30,7 @@ CVE-2007-4619 version (flac, fixed 1.2) #332581 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. -CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) #339691 +CVE-2007-4476 backport (cpio, not fixed 2.9) #339691 [since cpio-2.9-5.fc9] CVE-2007-4400 VULNERABLE (konversation) #362931 Remove media script? CVE-2007-4351 version (cups) #361681 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101 From fedora-security-commits at redhat.com Fri Nov 2 17:54:46 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 2 Nov 2007 13:54:46 -0400 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.6, 1.7 f9, 1.5, 1.6 fc7, 1.164, 1.165 Message-ID: <200711021754.lA2HskOR017663@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17628 Modified Files: f8 f9 fc7 Log Message: Get more in sync with bugzilla Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- f8 2 Nov 2007 16:30:06 -0000 1.6 +++ f8 2 Nov 2007 17:54:44 -0000 1.7 @@ -26,7 +26,7 @@ CVE-2007-5007 version (balsa, before 2.3.20) #297601 CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) -CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #315321 CVE is not public, though the issue is +CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281 CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- f9 2 Nov 2007 16:30:06 -0000 1.5 +++ f9 2 Nov 2007 17:54:44 -0000 1.6 @@ -8,7 +8,7 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641 +CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362781 CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360091 CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360091 @@ -25,7 +25,7 @@ CVE-2007-5007 version (balsa, before 2.3.20) #297601 CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) -CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #315321 CVE is not public, though the issue is +CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364291 CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) @@ -35,7 +35,7 @@ CVE-2007-4351 version (cups) #361681 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101 CVE-2007-3999 VULNERABLE (libtirpc) #362121 -CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #350271 +CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #357091 CVE-2007-3919 backport (xen, fixed 3.1.0-13) #362011 CVE-2007-3844 version (firefox, fixed 2.0.0.6) CVE-2007-3843 version (kernel) #246595 No idea which version fixed this Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.164 retrieving revision 1.165 diff -u -r1.164 -r1.165 --- fc7 2 Nov 2007 00:06:47 -0000 1.164 +++ fc7 2 Nov 2007 17:54:44 -0000 1.165 @@ -26,7 +26,7 @@ CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738] CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652] CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652] -CVE-2007-5461 VULNERABLE (tomcat5) #334511 #334531 +CVE-2007-5461 VULNERABLE (tomcat5) #334511 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738] CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] @@ -90,14 +90,14 @@ CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020] CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108] -CVE-2007-4619 VULNERABLE (flac, fixed 1.2) #332581 +CVE-2007-4619 version (flac, fixed 1.2) #332571 [since flac-1.2.1-1.fc7] CVE-2007-4573 version (kernel) [since FEDORA-2007-2298] CVE-2007-4571 version (kernel) [since FEDORA-2007-2349] CVE-2007-4569 backport (kdebase) #299731 [since FEDORA-2007-2361] CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] -CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315291 +CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315281 CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018] @@ -145,7 +145,7 @@ CVE-2007-3999 VULNERABLE (libtirpc) #294921 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib -CVE-2007-3920 VULNERABLE (compiz) #350271 +CVE-2007-3920 VULNERABLE (compiz) #357071 CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697] CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] @@ -304,12 +304,12 @@ *CVE-2007-2356 ** (gimp) *CVE-2007-2353 ** (axis) CVE-2007-2292 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] -*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 +CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped. CVE-2007-2241 backport (bind) [since FEDORA-2007-0300] CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction CVE-2007-2172 version (kernel, fixed 2.6.21-rc6) -*CVE-2007-2165 VULNERABLE (proftpd) #237533 +CVE-2007-2165 VULNERABLE (proftpd) #237533 CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174] CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] @@ -434,8 +434,8 @@ *CVE-2007-1007 ** (ekiga) *CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] CVE-2007-1004 VULNERABLE (mozilla) -*CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 -*CVE-2007-1002 VULNERABLE (evolution) #233587 +CVE-2007-1003 version (xorg-x11-server, fixed > X11R7.2) #235263 +CVE-2007-1002 version (evolution) #233587 CVE-2007-1001 version (php, fixed 5.2.2) CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335] *CVE-2007-0999 ** (ekiga) @@ -477,8 +477,6 @@ CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated CVE-2007-0657 ignore (nexuiz, 2.2.2 only (not shipped), fixed 2.2.3) -*CVE-2007-0654 VULNERABLE (xmms) #233705 -*CVE-2007-0653 VULNERABLE (xmms) #233705 *CVE-2007-0650 ignore (tetex) needs user's assistance CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 *CVE-2007-0578 ** (mpg321) @@ -486,7 +484,7 @@ CVE-2007-0541 version (wordpress, fixed 2.1-0) #225469 CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469 CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469 -*CVE-2007-0537 VULNERABLE (kdebase) #225420 +CVE-2007-0537 version (kdebase) #225420 CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147] CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147] CVE-2007-0475 version (smb4k, fixed 0.8.0) @@ -525,7 +523,7 @@ CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101 CVE-2007-0104 ignore (poppler) only client DoS CVE-2007-0104 ignore (kdegraphics) only client DoS -*CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 +CVE-2007-0095 version (phpMyAdmin) #221694 CVE-2007-0086 ignore (apache) not a security issue *CVE-2007-0080 ** (freeradius) *CVE-2007-0010 ** (gtk2) @@ -615,7 +613,7 @@ CVE-2006-6128 VULNERABLE (kernel, fixed **) CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped) CVE-2006-6120 version (koffice, fixed 1.6.1) #218030 -*CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2) #219665 +CVE-2006-6107 version (dbus, fixed 1.0.2) #219665 CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067] @@ -643,9 +641,9 @@ CVE-2006-5874 version (clamav, fixed 0.88.1) CVE-2006-5871 version (kernel, fixed 2.6.10) *CVE-2006-5870 ** (openoffice.org) -*CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560 +CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560 CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] -*CVE-2006-5864 VULNERABLE (evince) #217672 +CVE-2006-5864 backport (evince) #217672 *CVE-2006-5864 backport (gv, fixed 3.6.2-2) #215136 CVE-2006-5848 version (trac, fixed 0.10.1) #215077 CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 @@ -683,7 +681,7 @@ CVE-2006-5469 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] CVE-2006-5468 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] *CVE-2006-5467 backport (ruby) #212396 [since FEDORA-2006-1109] -*CVE-2006-5466 VULNERABLE (rpm) #212833 +CVE-2006-5466 version (rpm) #212833 CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169] CVE-2006-5464 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5464 version (seamonkey, fixed 1.0.6) #214822 @@ -699,7 +697,7 @@ *CVE-2006-5455 backport (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5454 backport (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5453 backport (bugzilla, fixed 2.22-7) #212355 -*CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280 +CVE-2006-5397 backport (libX11, 1.0.2 and 1.0.3 only) #213280 CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] @@ -709,7 +707,7 @@ CVE-2006-5215 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-1409] *CVE-2006-5215 version (xorg-x11-xdm) CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession -*CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167 +CVE-2006-5214 version (xorg-x11-xinit) #212167 *CVE-2006-5214 version (xorg-x11-xdm) CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession CVE-2006-5178 VULNERABLE (php) can't be fixed @@ -764,7 +762,7 @@ CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) CVE-2006-4600 version (openldap, fixed 2.3.25) CVE-2006-4574 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] -*CVE-2006-4573 VULNERABLE (screen) #212057 +CVE-2006-4573 version (screen, fixed 4.0.3) #212057 CVE-2006-4572 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] CVE-2006-4571 version (thunderbird, fixed 1.5.0.7) CVE-2006-4571 version (seamonkey, fixed 1.0.5) #209167 From fedora-security-commits at redhat.com Mon Nov 5 20:51:01 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 5 Nov 2007 15:51:01 -0500 Subject: [Fedora-security-commits] fedora-security/tools add-tracking-bugs, NONE, 1.1 Message-ID: <200711052051.lA5Kp1VE011041@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10918 Added Files: add-tracking-bugs Log Message: A tool for dealing with tracking bugs: http://fedoraproject.org/wiki/Security/TrackingBugs ***** Error reading new file: [Errno 2] No such file or directory: 'add-tracking-bugs' From fedora-security-commits at redhat.com Mon Nov 5 22:07:39 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 5 Nov 2007 17:07:39 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.7, 1.8 f9, 1.6, 1.7 fc6, 1.291, 1.292 fc7, 1.165, 1.166 Message-ID: <200711052207.lA5M7ddb028025@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27972 Modified Files: f8 f9 fc6 fc7 Log Message: Tidied up older issues, added mono and emacs Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- f8 2 Nov 2007 17:54:44 -0000 1.7 +++ f8 5 Nov 2007 22:07:37 -0000 1.8 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 +CVE-2007-5795 VULNERABLE (emacs) #367591 CVE-2007-5770 backport (ruby) GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641 @@ -21,6 +22,7 @@ CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831 CVE-2007-5200 VULNERABLE (hugin) #362861 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891 +CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367541 CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- f9 2 Nov 2007 17:54:44 -0000 1.6 +++ f9 5 Nov 2007 22:07:37 -0000 1.7 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 +CVE-2007-5795 VULNERABLE (emacs) #367601 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362781 @@ -20,6 +21,7 @@ CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841 CVE-2007-5200 VULNERABLE (hugin) #362871 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901 +CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367551 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.291 retrieving revision 1.292 diff -u -r1.291 -r1.292 --- fc6 2 Nov 2007 00:06:47 -0000 1.291 +++ fc6 5 Nov 2007 22:07:37 -0000 1.292 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC6 as of 20071029 +CVE-2007-5795 version (emacs, only 22) CVE-2007-5770 VULNERABLE (ruby) CVE-2007-5461 VULNERABLE (tomcat5) #334521 CVE-2007-5340 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 @@ -20,6 +21,7 @@ CVE-2007-5267 ignore (libpng) shipped version too old and not affected CVE-2007-5266 ignore (libpng) shipped version too old and not affected CVE-2007-5208 backport (hplip) #329121 [since FEDORA-2007-724] +CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367571 CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-722] CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718] CVE-2007-5137 backport (tk, fixed 8.4.16) #332071 [since FEDORA-2007-728] @@ -32,7 +34,7 @@ CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561 CVE-2007-4897 VULNERABLE (opal, fixed 2.2.8) #297561 CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137 -CVE-2007-4841 ignore (mozilla suite) Windows only +CVE-2007-4841 ignore (mozilla) Windows only CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315331 CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) #315301 CVE-2007-4752 backport (openssh) #280471 [since FEDORA-2007-715] @@ -46,7 +48,7 @@ CVE-2007-4660 ignore (php, fixed 5.2.4) CVE-2007-4661 duplicate, jorton mailed Mitre CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only) CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709] -CVE-2007-4657 ingore (php, fixed 5.2.4) arbitrary read not remotly triggerable +CVE-2007-4657 ignore (php, fixed 5.2.4) arbitrary read not remotely triggerable CVE-2007-4619 VULNERABLE (flac, fixed 1.2) #332581 CVE-2007-4571 version (kernel) [since FEDORA-2007-714] CVE-2007-4569 backport (kdebase) #299741 [since FEDORA-2007-716] @@ -126,7 +128,7 @@ CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647] CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600] CVE-2007-2875 version (kernel) [since FEDORA-2007-600] -*CVE-2007-2874 (wpa_supplicant) #242455 +*CVE-2007-2874 ** (wpa_supplicant) #242455 CVE-2007-2873 version (spamassassin, fixed 3.1.9) [since FEDORA-2007-582] CVE-2007-2872 backport (php) [since FEDORA-2007-709] CVE-2007-2871 version (mozilla) #241840 [since FEDORA-2007-549] @@ -168,8 +170,8 @@ CVE-2007-1396 ignore (php) feature, not a flaw CVE-2007-1362 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-1357 version (kernel) [since FEDORA-2007-432] -CVE-2007-1352 fixed (libXfont) #235265 [since FEDORA-2007-423] -CVE-2007-1351 fixed (libXfont) #235265 [since FEDORA-2007-423] +CVE-2007-1352 backport (libXfont) #235265 [since FEDORA-2007-423] +CVE-2007-1351 backport (libXfont) #235265 [since FEDORA-2007-423] CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-577] CVE-2007-1321 backport (xen) #238723 [since FEDORA-2007-713] CVE-2007-1320 backport (xen) #238723 [since FEDORA-2007-713] @@ -232,10 +234,10 @@ CVE-2006-6297 ignore (kdegraphics) just a crash CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] -CVE-2006-6144 ** krb5 -CVE-2006-6143 ** krb5 +CVE-2006-6144 ** (krb5) +CVE-2006-6143 ** (krb5) CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] -CVE-2006-6128 patch (kernel) #250625 [since FEDORA-2007-226] This was bug in our patch, not upstream +CVE-2006-6128 backport (kernel) #250625 [since FEDORA-2007-226] This was bug in our patch, not upstream CVE-2006-6107 backport (dbus, fixed 1.0.2) #219665 [since FEDORA-2006-1475] CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] @@ -772,7 +774,7 @@ CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug CVE-2005-4798 version (kernel, not 2.6) -CVE-2005-4790 (tomboy) #252294 +CVE-2005-4790 ** (tomboy) #252294 CVE-2005-4784 ignore (glibc) struct dirent is big enough CVE-2005-4746 version (freeradius, fixed 1.0.5) CVE-2005-4745 version (freeradius, fixed 1.0.5) @@ -2010,7 +2012,7 @@ CVE-2002-1563 version (stunnel, fixed 4.04) CVE-2002-1511 version (vnc, fixed 3.3.3) CVE-2002-1510 version (XFree86, fixed 4.2.0) -CVE-2002-1509 version (patch to shadow-utils) +CVE-2002-1509 version (shadow-utils) CVE-2002-1508 version (openldap, not 2.3.24+) CVE-2002-1472 version (XFree86, fixed 4.2.1) CVE-2002-1471 version (evolution, fixed 1.1.1 at least) @@ -2196,7 +2198,7 @@ CVE-2002-0062 version (ncurses, only 5.0) CVE-2002-0060 version (kernel, fixed 2.5.5) CVE-2002-0059 version (zlib, fixed 1.1.4) -CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, rsync, vnc) +CVE-2002-0059 ** (zlib) cvs, dump, gcc, libgcj, kernel, rsync, vnc CVE-2002-0048 version (rsync, fixed 2.5.2) CVE-2002-0046 version (kernel, fixed 2.4.0) CVE-2002-0045 version (openldap, fixed 2.0.20) @@ -2206,14 +2208,11 @@ CVE-2002-0029 version (bind, not 9) CVE-2002-0013 version (net-snmp, fixed 4.2.3) CVE-2002-0012 version (net-snmp, fixed 4.2.3) -CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong +CVE-2002-0006 version (xchat, fixed 1.8.7) cve is wrong CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-lexer.patch CVE-2002-0003 version (groff, fixed 1.17.2) CVE-2002-0002 version (stunnel, fixed 3.22) CVE-2002-0001 version (mutt, fixed 1.3.25) - -older, happened to deal with at same time: - CVE-2001-1494 version (util-linux, fixed 2.11n) CVE-2001-0955 version (XFree86, fixed 4.2.0) CVE-2001-0474 version (mesa, fixed 3.3-14) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.165 retrieving revision 1.166 diff -u -r1.165 -r1.166 --- fc7 2 Nov 2007 17:54:44 -0000 1.165 +++ fc7 5 Nov 2007 22:07:37 -0000 1.166 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 +CVE-2007-5795 VULNERABLE (emacs) #367581 CVE-2007-5770 backport (ruby) [since FEDORA-2007-2685] CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time @@ -45,6 +46,7 @@ CVE-2007-5201 VULNERABLE (duplicity) #362821 CVE-2007-5200 VULNERABLE (hugin) #362851 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881 +CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367531 CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462] CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406] CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295] @@ -70,7 +72,7 @@ CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137 -CVE-2007-4841 ignore (mozilla suite) Windows only +CVE-2007-4841 ignore (mozilla) Windows only CVE-2007-4840 ignore (php) CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189] @@ -460,7 +462,7 @@ CVE-2007-0898 version (clamav, fixed 0.90) #229202 CVE-2007-0897 version (clamav, fixed 0.90) #229202 CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 -CVE-2007-0884 ignore (mimedefang 2.59/2.60 not shipped) #228757 +CVE-2007-0884 ignore (mimedefang) #228757 2.59/2.60 not shipped CVE-2007-0857 version (moin, fixed 1.5.7) #228139 CVE-2007-0844 version (pam_ssh, fixed 1.92) #253959 [since FEDORA-2007-1793] CVE-2007-0823 ignore (xterm) feature, not a bug @@ -1204,7 +1206,7 @@ CVE-2006-1057 version (gdm, fixed 2.14.1) CVE-2006-1056 version (kernel, fixed 2.6.16.9) CVE-2006-1055 version (kernel, fixed 2.6.17) -*CVE-2006-1053 ** (fedora directory server) +*CVE-2006-1053 ** (fedora-ds-base) Publish CVE! CVE-2006-1052 version (kernel, fixed 2.6.16) CVE-2006-1045 version (thunderbird, fixed 1.5.0.2) CVE-2006-1015 ignore (php) safe mode isn't safe @@ -1261,9 +1263,9 @@ CVE-2006-0456 ignore (kernel) s390 only CVE-2006-0455 version (gnupg, fixed 1.4.2.1) CVE-2006-0454 version (kernel, fixed 2.6.15.3) -*CVE-2006-0453 ** (fedora directory server) -*CVE-2006-0452 ** (fedora directory server) -*CVE-2006-0451 ** (fedora directory server) +CVE-2006-0453 version (fedora-ds-base, 1.1.0-1.2) #179135 +CVE-2006-0452 version (fedora-ds-base, 1.1.0-1.2) #179137 +CVE-2006-0451 version (fedora-ds-base, 1.1.0-1.2) #179135 CVE-2006-0405 version (libtiff, 3.8.0 only) CVE-2006-0377 version (squirrelmail, fixed 1.4.6) CVE-2006-0369 ignore (mysql) this is not a security issue @@ -1328,8 +1330,8 @@ CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) CVE-2006-0019 version (kdelibs, fixed 3.5.1) -*CVE-2006-0017 ** (fedora directory server) -*CVE-2006-0016 ** (fedora directory server) +*CVE-2006-0017 ** (fedora-ds-base) Publish CVE! +*CVE-2006-0016 ** (fedora-ds-base) Publish CVE! *CVE-2005-4838 ** (tomcat) CVE-2005-4837 version (net-snmp, fixed 5.2.2) *CVE-2005-4836 ** (tomcat) @@ -1395,7 +1397,7 @@ CVE-2005-3651 version (wireshark, fixed 0.10.14) *CVE-2005-3632 version (netpbm) *CVE-2005-3631 version (udev) -*CVE-2005-3630 ** (fedora directory server) +CVE-2005-3630 version (fedora-ds-base, since 1.0) #174837 CVE-2005-3629 version (initscripts, fixed 8.29 at least) CVE-2005-3628 version (poppler, fixed 0.4.4) CVE-2005-3628 version (kdegraphics, fixed 3.5.1) @@ -1446,7 +1448,7 @@ CVE-2005-3273 version (kernel, fixed 2.6.12) CVE-2005-3272 version (kernel, fixed 2.6.13) CVE-2005-3271 version (kernel, fixed 2.6.9) -*CVE-2005-3269 ** (fedora directory server) +CVE-2005-3269 ignore (fedora-ds-base) "This flaw did not affect Fedora Directory Server" CVE-2005-3258 version (squid, fixed 2.5STABLE12) CVE-2005-3257 version (kernel, fixed 2.6.15) CVE-2005-3249 version (wireshark, fixed 0.10.13) @@ -2626,7 +2628,7 @@ CVE-2002-1563 version (stunnel, fixed 4.04) CVE-2002-1511 version (vnc, fixed 3.3.3) CVE-2002-1510 version (XFree86, fixed 4.2.0) -CVE-2002-1509 version (patch to shadow-utils) +CVE-2002-1509 version (shadow-utils) CVE-2002-1508 version (openldap, not 2.3.24+) CVE-2002-1472 version (XFree86, fixed 4.2.1) CVE-2002-1471 version (evolution, fixed 1.1.1 at least) From fedora-security-commits at redhat.com Mon Nov 5 22:10:41 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 5 Nov 2007 17:10:41 -0500 Subject: [Fedora-security-commits] fedora-security/tools add-tracking-bugs, 1.1, 1.2 Message-ID: <200711052210.lA5MAfMg028254@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28223 Modified Files: add-tracking-bugs Log Message: Fix output and bug titles Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/add-tracking-bugs,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- add-tracking-bugs 5 Nov 2007 20:50:59 -0000 1.1 +++ add-tracking-bugs 5 Nov 2007 22:10:39 -0000 1.2 @@ -223,10 +223,11 @@ my @tracking_bugs; foreach my $version (@versions) { my %bug = %bug_tmpl; + $bug{'short_desc'} .= " [$versions{$version}]"; $bug{'version'} = $versions{$version}; print Dumper (\%bug) if $debug; my $bug_id = file_bug (\%bug); - print $bug{'version'}.": ".#$bug_id\n"; + print $bug{'version'}.": $bug_id\n"; add_blockers ($bug_id, \@bugs); } From fedora-security-commits at redhat.com Tue Nov 6 15:36:59 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 6 Nov 2007 10:36:59 -0500 Subject: [Fedora-security-commits] fedora-security/tools get-cve,NONE,1.1 Message-ID: <200711061536.lA6Fax4i030803@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30762 Added Files: get-cve Log Message: Tool to get up-to date CVE information from NVD, will make it into a library later. ***** Error reading new file: [Errno 2] No such file or directory: 'get-cve' From fedora-security-commits at redhat.com Tue Nov 6 15:39:26 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 6 Nov 2007 10:39:26 -0500 Subject: [Fedora-security-commits] fedora-security/tools generate-manifest, 1.3, 1.4 Message-ID: <200711061539.lA6FdQEr030928@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30906 Modified Files: generate-manifest Log Message: F8 nearly live, tags done for some time already Index: generate-manifest =================================================================== RCS file: /cvs/fedora/fedora-security/tools/generate-manifest,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- generate-manifest 16 Oct 2007 15:31:07 -0000 1.3 +++ generate-manifest 6 Nov 2007 15:39:24 -0000 1.4 @@ -14,7 +14,7 @@ export TAGS=" dist-fc6-updates dist-fc7-updates - dist-f8 + dist-f8-updates dist-f9-build " else From fedora-security-commits at redhat.com Tue Nov 6 17:02:53 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 6 Nov 2007 12:02:53 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8,1.8,1.9 Message-ID: <200711061702.lA6H2r2F020333@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20257 Modified Files: f8 Log Message: First batch of Fedora 8 updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- f8 5 Nov 2007 22:07:37 -0000 1.8 +++ f8 6 Nov 2007 17:02:51 -0000 1.9 @@ -11,16 +11,16 @@ CVE-2007-5770 backport (ruby) GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641 -CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362771 -CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #362991 -CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #362991 +CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362771 version, 20071106 Testing +CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #362991 version, 20071106 Testing +CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #362991 version, 20071106 Testing CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362801 -CVE-2007-5623 VULNERABLE (nagios-plugins, not fixed 1.4.10) #348731 +CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8 CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #363001 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831 -CVE-2007-5200 VULNERABLE (hugin) #362861 +CVE-2007-5200 verions (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891 CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367541 CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem @@ -33,7 +33,8 @@ CVE-2007-4619 version (flac, fixed 1.2) #332581 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. -CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) #363891 +CVE-2007-4476 backport (tar) #280961 [since FEDORA-2007-2800] tar-1.17-4.fc8 +CVE-2007-4476 backport (cpio, not fixed 2.9) #363891 [since FEDORA-2007-2827] cpio-2.9-5.fc8 CVE-2007-4400 VULNERABLE (konversation) #362921 Remove media script? CVE-2007-4351 VULNERABLE (cups) #362971 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091 From fedora-security-commits at redhat.com Wed Nov 7 16:15:47 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 7 Nov 2007 11:15:47 -0500 Subject: [Fedora-security-commits] fedora-security/tools/Libexig - New directory Message-ID: <200711071615.lA7GFldW009628@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9612/Libexig Log Message: Directory /cvs/fedora/fedora-security/tools/Libexig added to the repository --> Using per-directory sticky tag `lkundrak-tools-ng' From fedora-security-commits at redhat.com Wed Nov 7 16:20:41 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 7 Nov 2007 11:20:41 -0500 Subject: [Fedora-security-commits] fedora-security/tools/Libexig CVE.pm, NONE, 1.1.2.1 Message-ID: <200711071620.lA7GKfXj010311@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10153/Libexig Added Files: Tag: lkundrak-tools-ng CVE.pm Log Message: Split code that deals with NVD XMLs to a package and add add-cve-bug tool that utilizes it. ***** Error reading new file: [Errno 2] No such file or directory: 'CVE.pm' From fedora-security-commits at redhat.com Wed Nov 7 16:20:42 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 7 Nov 2007 11:20:42 -0500 Subject: [Fedora-security-commits] fedora-security/tools add-cve-bug, NONE, 1.1.2.1 get-cve, 1.1, 1.1.2.1 Message-ID: <200711071620.lA7GKgdi010317@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10153 Modified Files: Tag: lkundrak-tools-ng get-cve Added Files: Tag: lkundrak-tools-ng add-cve-bug Log Message: Split code that deals with NVD XMLs to a package and add add-cve-bug tool that utilizes it. ***** Error reading new file: [Errno 2] No such file or directory: 'add-cve-bug' Index: get-cve =================================================================== RCS file: /cvs/fedora/fedora-security/tools/get-cve,v retrieving revision 1.1 retrieving revision 1.1.2.1 diff -u -r1.1 -r1.1.2.1 --- get-cve 6 Nov 2007 15:36:57 -0000 1.1 +++ get-cve 7 Nov 2007 16:20:40 -0000 1.1.2.1 @@ -2,121 +2,15 @@ # Get CVE information from NVD # $Id$ +# Lubomir Kundrak use warnings; use strict; -use XML::Parser; -use Data::Dumper; - -my $sourcebase = 'http://nvd.nist.gov/download/'; -my $cachebase = $ENV{'HOME'}.'/.nvdcache/'; - -my $parser = new XML::Parser ( - 'Style' => 'Tree', -); - -sub get_element -{ - my $tree = shift; - - my $tag = shift @{$tree}; - my $content = shift @{$tree}; - my $arguments = shift @{$content}; - - if ($tag and $content and $arguments) { - return [$tag, $content, $arguments]; - } else { - return undef; - } -} - -# Gets element and returns description from 'cve' source -sub get_desc -{ - my $e = shift; - - while (my $e = get_element ($e->[1])) { - # - $e->[2]->{'source'} eq 'cve' or next; - return $e->[1]->[1]; - } -} - -# Gets element and returns array of all url=s of s -sub get_refs -{ - my $e = shift; - my @refs; - - while (my $e = get_element ($e->[1])) { - # - push @refs, $e->[2]->{'url'}; - } - - return @refs; -} - -# Get and return its description and references -sub do_entry -{ - my $e = shift; - my $desc; - my @refs; - - $e->[2]->{'type'} eq 'CVE' or die 'Non-CVE entry'; - - while (my $e = get_element ($e->[1])) { - $desc = get_desc ($e) if $e->[0] eq 'desc'; - @refs = get_refs ($e) if $e->[0] eq 'refs'; - - $desc and @refs and return ($desc, [@refs]); - } -} - -# Update file in cache if older than age and return its path -sub nvdcache -{ - my ($file, $age) = @_; - - # XXX: escaping - system ("mkdir -p '$cachebase'"); - system ("wget -cqO '$cachebase$file' '$sourcebase$file'") - and die ('Failed to update cache'); - return $cachebase.$file; -} - -# lala -sub cve -{ - my $cve = shift; - - $cve =~ /^CVE-(\d+)-\d+$/ or die "'$cve' does not look like a CVE id"; - my $year = $1; - - foreach ( - # File name => cache update threshold (minutes, XXX: not implemented) - # order is important - [ 'nvdcve-modified.xml' => 0 ], - [ 'nvdcve-recent.xml' => 0 ], - [ 'nvdcve-'.$year.'.xml' => 1440 ], - ) { - my $file = nvdcache (@{$_}); - my $tree = $parser->parsefile ($file); - my $e = get_element ($tree); - - while (my $e = get_element ($e->[1])) { - # matching - if ($e->[0] eq 'entry' and $e->[2]->{'name'} eq $cve) { - return do_entry ($e); - } - } - } - - return undef; -} +use Libexig::CVE; @ARGV or die 'Usage: get-cve [...]'; + foreach my $cve (@ARGV) { - print Dumper ($cve, cve ($cve)); + print Dumper ($cve, Libexig::CVE::cve ($cve)); } From fedora-security-commits at redhat.com Wed Nov 7 14:52:00 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 7 Nov 2007 09:52:00 -0500 Subject: [Fedora-security-commits] fedora-security/audit f9,1.7,1.8 Message-ID: <200711071452.lA7Eq0Ha014864@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14829 Modified Files: f9 Log Message: emacs Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- f9 5 Nov 2007 22:07:37 -0000 1.7 +++ f9 7 Nov 2007 14:51:57 -0000 1.8 @@ -7,7 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 -CVE-2007-5795 VULNERABLE (emacs) #367601 +CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362781 From fedora-security-commits at redhat.com Wed Nov 7 16:58:52 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 7 Nov 2007 11:58:52 -0500 Subject: [Fedora-security-commits] fedora-security/tools/Libexig Util.pm, NONE, 1.1.2.1 Message-ID: <200711071658.lA7Gwq56012906@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12854/Libexig Added Files: Tag: lkundrak-tools-ng Util.pm Log Message: Split some common routines away to a Library ***** Error reading new file: [Errno 2] No such file or directory: 'Util.pm' From fedora-security-commits at redhat.com Wed Nov 7 16:59:35 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 7 Nov 2007 11:59:35 -0500 Subject: [Fedora-security-commits] fedora-security/tools update-cve-cache, NONE, 1.1.2.1 Message-ID: <200711071659.lA7GxZOh013281@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13250 Added Files: Tag: lkundrak-tools-ng update-cve-cache Log Message: This will make the Libexig::CVE tools run a bit faster ***** Error reading new file: [Errno 2] No such file or directory: 'update-cve-cache' From fedora-security-commits at redhat.com Wed Nov 7 16:58:52 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 7 Nov 2007 11:58:52 -0500 Subject: [Fedora-security-commits] fedora-security/tools add-cve-bug, 1.1.2.1, 1.1.2.2 add-tracking-bugs, 1.2, 1.2.2.1 Message-ID: <200711071658.lA7Gwqfa012896@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12854 Modified Files: Tag: lkundrak-tools-ng add-cve-bug add-tracking-bugs Log Message: Split some common routines away to a Library Index: add-cve-bug =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/add-cve-bug,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- add-cve-bug 7 Nov 2007 16:20:40 -0000 1.1.2.1 +++ add-cve-bug 7 Nov 2007 16:58:50 -0000 1.1.2.2 @@ -31,6 +31,7 @@ use Data::Dumper; use Libexig::CVE; +use Libexig::Util; use warnings; use strict; @@ -67,18 +68,6 @@ return $string; } -# Get password not echoing characters -sub read_noecho -{ - print STDERR @_; - system ('stty -echo'); - my $string = ; - system ('stty echo'); - chomp ($string); - print STDERR "\n"; - $string; -} - # Get list of owners of a package from Bugzilla sub owners { @@ -180,12 +169,12 @@ defined $impact{$impact} or die 'specified unrecognized impact value'; $username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com'); $password = ($options{'password'} or $dryrun or - read_noecho ("Bugzilla password for $username: ")); + Libexig::Util::read_noecho ("Bugzilla password for $username: ")); # TODO: add whiteboard option to fill in and get impact from it $interactive = ($options{'interactive'} or 0); my $bug_desc = bug_desc ($cve); -$bug_desc = edit_string ($bug_desc) if $interactive; +$bug_desc = Libexig::Util::edit_string ($bug_desc) if $interactive; # Get CC list # TODO: get rid of duplicates Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/add-tracking-bugs,v retrieving revision 1.2 retrieving revision 1.2.2.1 diff -u -r1.2 -r1.2.2.1 --- add-tracking-bugs 5 Nov 2007 22:10:39 -0000 1.2 +++ add-tracking-bugs 7 Nov 2007 16:58:50 -0000 1.2.2.1 @@ -2,6 +2,7 @@ # $Id$ # File a bugs for specified versions and add dependencies +# Lubomir Kundrak my $usage = 'add-cve-bug [options...] --bugs=[,...] Parent bugs @@ -18,6 +19,8 @@ use Getopt::Long; use Data::Dumper; +use Libexig::Util; + use warnings; use strict; @@ -75,18 +78,6 @@ my (@bugs, @versions, $dryrun, $debug, $username, $password, $component); -# Get password not echoing characters -sub read_noecho -{ - print STDERR @_; - system ('stty -echo'); - my $string = ; - system ('stty echo'); - chomp ($string); - print STDERR "\n"; - $string; -} - # Create a bug (unless dryrun) and return its ID sub file_bug { @@ -172,7 +163,7 @@ $debug = ($options{'debug'} or 0); $username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com'); $password = ($options{'password'} or $dryrun or - read_noecho ("Bugzilla password for $username: ")); + Libexig::Util::read_noecho ("Bugzilla password for $username: ")); # Get parent bugs @@ -220,7 +211,6 @@ # File for each version -my @tracking_bugs; foreach my $version (@versions) { my %bug = %bug_tmpl; $bug{'short_desc'} .= " [$versions{$version}]"; From fedora-security-commits at redhat.com Fri Nov 9 06:42:20 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 9 Nov 2007 01:42:20 -0500 Subject: [Fedora-security-commits] fedora-security/tools parse-audit, NONE, 1.1.2.1 Message-ID: <200711090642.lA96gKu6015599@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15497 Added Files: Tag: lkundrak-tools-ng parse-audit Log Message: Attempt to parse audit files ***** Error reading new file: [Errno 2] No such file or directory: 'parse-audit' From fedora-security-commits at redhat.com Fri Nov 9 06:42:20 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 9 Nov 2007 01:42:20 -0500 Subject: [Fedora-security-commits] fedora-security/tools/Libexig Audit.pm, NONE, 1.1.2.1 Message-ID: <200711090642.lA96gKdu015604@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15497/Libexig Added Files: Tag: lkundrak-tools-ng Audit.pm Log Message: Attempt to parse audit files ***** Error reading new file: [Errno 2] No such file or directory: 'Audit.pm' From fedora-security-commits at redhat.com Fri Nov 9 09:32:59 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 9 Nov 2007 04:32:59 -0500 Subject: [Fedora-security-commits] fedora-security/tools add-tracking-bugs, 1.2, 1.3 Message-ID: <200711090932.lA99WxGJ010613@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10593/tools Modified Files: add-tracking-bugs Log Message: instruct bz not to send spam on each depends update Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/add-tracking-bugs,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- add-tracking-bugs 5 Nov 2007 22:10:39 -0000 1.2 +++ add-tracking-bugs 9 Nov 2007 09:32:57 -0000 1.3 @@ -132,7 +132,7 @@ my $call = $bugzilla_rpc->call('bugzilla.updateDepends', $bug, { 'blocked' => $parents, 'action' => 'add', - }, $username, $password); + }, $username, $password, 1); my $result = $call->result or die $call->faultstring; From fedora-security-commits at redhat.com Fri Nov 9 09:51:31 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 9 Nov 2007 04:51:31 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.9, 1.10 f9, 1.8, 1.9 fc7, 1.166, 1.167 Message-ID: <200711090951.lA99pV7w011864@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11842/audit Modified Files: f8 f9 fc7 Log Message: abiword link-grammar Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- f8 6 Nov 2007 17:02:51 -0000 1.9 +++ f8 9 Nov 2007 09:51:28 -0000 1.10 @@ -18,6 +18,7 @@ CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8 CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #363001 +CVE-2007-5395 VULNERABLE (link-grammar) #372351 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831 CVE-2007-5200 verions (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- f9 7 Nov 2007 14:51:57 -0000 1.8 +++ f9 9 Nov 2007 09:51:28 -0000 1.9 @@ -17,6 +17,7 @@ CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531 +CVE-2007-5395 VULNERABLE (link-grammar) #372361 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841 CVE-2007-5200 VULNERABLE (hugin) #362871 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.166 retrieving revision 1.167 diff -u -r1.166 -r1.167 --- fc7 5 Nov 2007 22:07:37 -0000 1.166 +++ fc7 9 Nov 2007 09:51:28 -0000 1.167 @@ -29,6 +29,7 @@ CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652] CVE-2007-5461 VULNERABLE (tomcat5) #334511 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe +CVE-2007-5395 VULNERABLE (link-grammar) #372341 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738] CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] From fedora-security-commits at redhat.com Fri Nov 9 17:04:38 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 9 Nov 2007 12:04:38 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.10, 1.11 f9, 1.9, 1.10 fc6, 1.292, 1.293 fc7, 1.167, 1.168 Message-ID: <200711091704.lA9H4cUd021540@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21516/audit Modified Files: f8 f9 fc6 fc7 Log Message: xpdf issues Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- f8 9 Nov 2007 09:51:28 -0000 1.10 +++ f8 9 Nov 2007 17:04:36 -0000 1.11 @@ -19,6 +19,18 @@ CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #363001 CVE-2007-5395 VULNERABLE (link-grammar) #372351 +CVE-2007-5393 VULNERABLE (xpdf) #372471 +CVE-2007-5393 backport (cups) [since FEDORA-2007-2982] +CVE-2007-5393 VULNERABLE (poppler) #372511 +CVE-2007-5393 VULNERABLE (kdegraphics) #372571 +CVE-2007-5393 VULNERABLE (koffice) #372601 +CVE-2007-5393 VULNERABLE (tetex) #372661 +CVE-2007-5392 VULNERABLE (xpdf) #372471 +CVE-2007-5392 backport (cups) [since FEDORA-2007-2982] +CVE-2007-5392 VULNERABLE (poppler) #372511 +CVE-2007-5392 VULNERABLE (kdegraphics) #372571 +CVE-2007-5392 VULNERABLE (koffice) #372601 +CVE-2007-5392 VULNERABLE (tetex) #372661 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831 CVE-2007-5200 verions (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8 @@ -37,6 +49,12 @@ CVE-2007-4476 backport (tar) #280961 [since FEDORA-2007-2800] tar-1.17-4.fc8 CVE-2007-4476 backport (cpio, not fixed 2.9) #363891 [since FEDORA-2007-2827] cpio-2.9-5.fc8 CVE-2007-4400 VULNERABLE (konversation) #362921 Remove media script? +CVE-2007-4352 VULNERABLE (xpdf) #372471 +CVE-2007-4352 backport (cups) [since FEDORA-2007-2982] +CVE-2007-4352 VULNERABLE (poppler) #372511 +CVE-2007-4352 VULNERABLE (kdegraphics) #372571 +CVE-2007-4352 VULNERABLE (koffice) #372601 +CVE-2007-4352 VULNERABLE (tetex) #372661 CVE-2007-4351 VULNERABLE (cups) #362971 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091 CVE-2007-3999 VULNERABLE (libtirpc) #362111 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- f9 9 Nov 2007 09:51:28 -0000 1.9 +++ f9 9 Nov 2007 17:04:36 -0000 1.10 @@ -18,6 +18,18 @@ CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531 CVE-2007-5395 VULNERABLE (link-grammar) #372361 +CVE-2007-5393 VULNERABLE (xpdf) #372481 +CVE-2007-5393 backport (cups) +CVE-2007-5393 VULNERABLE (poppler) #372521 +CVE-2007-5393 VULNERABLE (kdegraphics) #372581 +CVE-2007-5393 VULNERABLE (koffice) #372611 +CVE-2007-5393 VULNERABLE (tetex) #372671 +CVE-2007-5392 VULNERABLE (xpdf) #372481 +CVE-2007-5392 backport (cups) +CVE-2007-5392 VULNERABLE (poppler) #372521 +CVE-2007-5392 VULNERABLE (kdegraphics) #372581 +CVE-2007-5392 VULNERABLE (koffice) #372611 +CVE-2007-5392 VULNERABLE (tetex) #372671 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841 CVE-2007-5200 VULNERABLE (hugin) #362871 @@ -35,6 +47,12 @@ CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-4476 backport (cpio, not fixed 2.9) #339691 [since cpio-2.9-5.fc9] CVE-2007-4400 VULNERABLE (konversation) #362931 Remove media script? +CVE-2007-4352 VULNERABLE (xpdf) #372481 +CVE-2007-4352 backport (cups) +CVE-2007-4352 VULNERABLE (poppler) #372521 +CVE-2007-4352 VULNERABLE (kdegraphics) #372581 +CVE-2007-4352 VULNERABLE (koffice) #372611 +CVE-2007-4352 VULNERABLE (tetex) #372671 CVE-2007-4351 version (cups) #361681 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101 CVE-2007-3999 VULNERABLE (libtirpc) #362121 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.292 retrieving revision 1.293 diff -u -r1.292 -r1.293 --- fc6 5 Nov 2007 22:07:37 -0000 1.292 +++ fc6 9 Nov 2007 17:04:36 -0000 1.293 @@ -10,6 +10,12 @@ CVE-2007-5795 version (emacs, only 22) CVE-2007-5770 VULNERABLE (ruby) CVE-2007-5461 VULNERABLE (tomcat5) #334521 +CVE-2007-5393 VULNERABLE (cups) +CVE-2007-5393 VULNERABLE (poppler) #372491 +CVE-2007-5393 VULNERABLE (kdegraphics) #372551 +CVE-2007-5392 VULNERABLE (cups) +CVE-2007-5392 VULNERABLE (poppler) #372491 +CVE-2007-5392 VULNERABLE (kdegraphics) #372551 CVE-2007-5340 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5339 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5338 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 @@ -57,6 +63,9 @@ CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4465 version (httpd) [since FEDORA-2007-707] CVE-2007-4357 ignore (firefox) status bar can be overwrittten +CVE-2007-4352 VULNERABLE (cups) +CVE-2007-4352 VULNERABLE (poppler) #372491 +CVE-2007-4352 VULNERABLE (kdegraphics) #372551 CVE-2007-4351 VULNERABLE (cups) #361671 CVE-2007-4255 ignore (php) msql extension not shipped CVE-2007-4251 ignore (openoffice.org) just a crash Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.167 retrieving revision 1.168 diff -u -r1.167 -r1.168 --- fc7 9 Nov 2007 09:51:28 -0000 1.167 +++ fc7 9 Nov 2007 17:04:36 -0000 1.168 @@ -30,6 +30,18 @@ CVE-2007-5461 VULNERABLE (tomcat5) #334511 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe CVE-2007-5395 VULNERABLE (link-grammar) #372341 +CVE-2007-5393 VULNERABLE (xpdf) #372461 +CVE-2007-5393 VULNERABLE (cups) +CVE-2007-5393 VULNERABLE (poppler) #372501 +CVE-2007-5393 VULNERABLE (kdegraphics) #372561 +CVE-2007-5393 VULNERABLE (koffice) #372591 +CVE-2007-5393 VULNERABLE (tetex) #372651 +CVE-2007-5392 VULNERABLE (xpdf) #372461 +CVE-2007-5392 VULNERABLE (cups) +CVE-2007-5392 VULNERABLE (poppler) #372501 +CVE-2007-5392 VULNERABLE (kdegraphics) #372561 +CVE-2007-5392 VULNERABLE (koffice) #372591 +CVE-2007-5392 VULNERABLE (tetex) #372651 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738] CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] @@ -117,6 +129,12 @@ CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774] CVE-2007-4400 VULNERABLE (konversation) #362911 CVE-2007-4357 ignore (firefox) status bar can be overwrittten +CVE-2007-4352 VULNERABLE (xpdf) #372461 +CVE-2007-4352 VULNERABLE (cups) +CVE-2007-4352 VULNERABLE (poppler) #372501 +CVE-2007-4352 VULNERABLE (kdegraphics) #372561 +CVE-2007-4352 VULNERABLE (koffice) #372591 +CVE-2007-4352 VULNERABLE (tetex) #372651 CVE-2007-4351 backport (cups) #361661 [since FEDORA-2007-2715] CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643 From fedora-security-commits at redhat.com Fri Nov 9 19:06:28 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 9 Nov 2007 14:06:28 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.11, 1.12 f9, 1.10, 1.11 fc6, 1.293, 1.294 fc7, 1.168, 1.169 Message-ID: <200711091906.lA9J6SUX014284@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13173 Modified Files: f8 f9 fc6 fc7 Log Message: Cleanup of old fixed stuff Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- f8 9 Nov 2007 17:04:36 -0000 1.11 +++ f8 9 Nov 2007 19:06:26 -0000 1.12 @@ -8,9 +8,9 @@ # Up to date F8 as of 20071029 CVE-2007-5795 VULNERABLE (emacs) #367591 -CVE-2007-5770 backport (ruby) +CVE-2007-5770 backport (ruby) #373391 really? GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641 +CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since liferea-1.2.23-5.fc8] CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362771 version, 20071106 Testing CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #362991 version, 20071106 Testing CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #362991 version, 20071106 Testing @@ -33,9 +33,9 @@ CVE-2007-5392 VULNERABLE (tetex) #372661 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831 -CVE-2007-5200 verions (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8 +CVE-2007-5200 version (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891 -CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367541 +CVE-2007-5197 version (mono, fixed 1.2.5.1) #367541 [since mono-1.2.5.1-2.fc8] CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 @@ -49,6 +49,7 @@ CVE-2007-4476 backport (tar) #280961 [since FEDORA-2007-2800] tar-1.17-4.fc8 CVE-2007-4476 backport (cpio, not fixed 2.9) #363891 [since FEDORA-2007-2827] cpio-2.9-5.fc8 CVE-2007-4400 VULNERABLE (konversation) #362921 Remove media script? +CVE-2007-4351 version (cups) #362971 [since cups-1.3.4-2.fc8] CVE-2007-4352 VULNERABLE (xpdf) #372471 CVE-2007-4352 backport (cups) [since FEDORA-2007-2982] CVE-2007-4352 VULNERABLE (poppler) #372511 @@ -75,7 +76,7 @@ CVE-2007-1352 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1351 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1103 ignore (tor) #230927 CANTFIX really -CVE-2007-1004 VULNERABLE (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060 +CVE-2007-1004 version (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060 CVE-2007-1003 version (xorg-x11-server, fixed 1.2.1) #235263 CVE-2007-1002 version (evolution, fixed 2.8.2.1) #233587 CVE-2007-0654 backport (xmms, not fixed 1.2.10) #233705 Fixed in older ones? @@ -102,15 +103,12 @@ CVE-2006-5170 version (nss_ldap, fixed 183) CVE-2006-4573 version (screen, fixed 4.0.3) #212057 CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this. -*CVE-2006-4338 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw -*CVE-2006-4337 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw -*CVE-2006-4335 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw CVE-2006-2894 version (firefox, fixed 2.0.0.8) CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511 CVE-2006-0987 ignore (bind) example config file only -CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253 +CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways CVE-2005-4790 VULNERABLE (tomboy) #362951 CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness -CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") -CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") +CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 +CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- f9 9 Nov 2007 17:04:36 -0000 1.10 +++ f9 9 Nov 2007 19:06:26 -0000 1.11 @@ -9,10 +9,11 @@ CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 +CVE-2007-5770 backport (ruby) #373401 needs verification CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] -CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362781 -CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360091 -CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360091 +CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9] +CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9] +CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9] CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362811 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 @@ -32,7 +33,7 @@ CVE-2007-5392 VULNERABLE (tetex) #372671 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841 -CVE-2007-5200 VULNERABLE (hugin) #362871 +CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9] CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901 CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367551 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem @@ -73,7 +74,7 @@ CVE-2007-1352 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1351 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1103 ignore (tor) #230927 CANTFIX really -CVE-2007-1004 VULNERABLE (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060 +CVE-2007-1004 version (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060 CVE-2007-1003 version (xorg-x11-server, fixed 1.2.1) #235263 CVE-2007-1002 version (evolution, fixed 2.8.2.1) #233587 CVE-2007-0654 backport (xmms, not fixed 1.2.10) #233705 Fixed in older ones? @@ -100,15 +101,12 @@ CVE-2006-5170 version (nss_ldap, fixed 183) CVE-2006-4573 version (screen, fixed 4.0.3) #212057 CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this. -*CVE-2006-4338 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw -*CVE-2006-4337 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw -*CVE-2006-4335 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw CVE-2006-2894 version (firefox, fixed 2.0.0.8) CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511 CVE-2006-0987 ignore (bind) example config file only -CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253 +CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways CVE-2005-4790 VULNERABLE (tomboy) #362961 CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness -CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") -CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore") +CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 +CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.293 retrieving revision 1.294 diff -u -r1.293 -r1.294 --- fc6 9 Nov 2007 17:04:36 -0000 1.293 +++ fc6 9 Nov 2007 19:06:26 -0000 1.294 @@ -7,8 +7,8 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC6 as of 20071029 -CVE-2007-5795 version (emacs, only 22) -CVE-2007-5770 VULNERABLE (ruby) +CVE-2007-5795 version (emacs, only 21) +CVE-2007-5770 VULNERABLE (ruby) #373371 CVE-2007-5461 VULNERABLE (tomcat5) #334521 CVE-2007-5393 VULNERABLE (cups) CVE-2007-5393 VULNERABLE (poppler) #372491 @@ -16,12 +16,12 @@ CVE-2007-5392 VULNERABLE (cups) CVE-2007-5392 VULNERABLE (poppler) #372491 CVE-2007-5392 VULNERABLE (kdegraphics) #372551 -CVE-2007-5340 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 -CVE-2007-5339 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 -CVE-2007-5338 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 -CVE-2007-5337 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 +CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 +CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 +CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 +CVE-2007-5337 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5335 ignore (mozilla) ff2 only -CVE-2007-5334 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 +CVE-2007-5334 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337471 CVE-2007-5268 ignore (libpng) shipped version too old and not affected CVE-2007-5267 ignore (libpng) shipped version too old and not affected @@ -36,7 +36,8 @@ CVE-2007-5034 version (elinks) #297611 [since FEDORA-2007-710] CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-725] CVE-2007-4993 backport (xen) [since FEDORA-2007-713] -CVE-2007-4965 VULNERABLE (python) imageop module heap overflow +CVE-2007-4990 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373321 +CVE-2007-4965 VULNERABLE (python) imageop module heap overflow #373281 CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561 CVE-2007-4897 VULNERABLE (opal, fixed 2.2.8) #297561 CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137 @@ -55,11 +56,12 @@ CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only) CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709] CVE-2007-4657 ignore (php, fixed 5.2.4) arbitrary read not remotely triggerable -CVE-2007-4619 VULNERABLE (flac, fixed 1.2) #332581 +CVE-2007-4619 backport (flac, fixed 1.2) #332581 [since flac-1.1.2-28] CVE-2007-4571 version (kernel) [since FEDORA-2007-714] CVE-2007-4569 backport (kdebase) #299741 [since FEDORA-2007-716] +CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373251 CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] -CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315291 +CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4465 version (httpd) [since FEDORA-2007-707] CVE-2007-4357 ignore (firefox) status bar can be overwrittten @@ -87,22 +89,22 @@ CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3920 VULNERABLE (compiz) #350271 -CVE-2007-3919 VULNERABLE (xen) #362001 +CVE-2007-3919 backport (xen) #362001 [since xen-3.0.3-13.fc6] CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675] CVE-2007-3848 version (kernel) [since FEDORA-2007-679] CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707] CVE-2007-3845 ignore (firefox) windows specific CVE-2007-3844 version (firefox, fixed 2.0.0.6) #250648 "fixed on next update" -CVE-2007-3843 VULNERABLE (kernel) #246595 +CVE-2007-3843 version (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-716] CVE-2007-3799 backport (php) [since FEDORA-2007-709] CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654] -CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44) -CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44) -CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.45) #372881 +CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.45) #372881 +CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.45) #372881 CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655] -CVE-2007-3511 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 +CVE-2007-3511 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] CVE-2007-3478 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] @@ -153,7 +155,7 @@ CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600] CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529] CVE-2007-2438 version (vim, fixed 7.0.235) #238734 [since FEDORA-2007-492] -CVE-2007-2292 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 +CVE-2007-2292 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-2242 version (kernel) [since FEDORA-2007-482] CVE-2007-2138 version (postgresql, fixed 8.1.9) [since FEDORA-2007-565] CVE-2007-2028 backport (freeradius) [since FEDORA-2007-499] @@ -188,9 +190,9 @@ CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505] CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] -CVE-2007-1095 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 +CVE-2007-1095 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] -CVE-2007-1004 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390627 +CVE-2007-1004 version (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390627 CVE-2007-1003 backport (xorg-x11-server, fixed > X11R7.2) #235263 [since FEDORA-2007-425] CVE-2007-1002 backport (evolution) #233587 [since FEDORA-2007-393] CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] @@ -214,7 +216,7 @@ CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] CVE-2007-0242 backport (qt) [since FEDORA-2007-703] -CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since FEDORA-2007-657] +CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 [since FEDORA-2007-657] CVE-2007-0104 ignore (poppler) only client DoS CVE-2007-0104 ignore (kdegraphics) only client DoS CVE-2007-0086 ignore (apache) not a security issue @@ -254,7 +256,7 @@ CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] CVE-2006-6077 version (firefox, fixed 1.5.0.10) [since FEDORA-2007-293] CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support -CVE-2006-6058 VULNERABLE (kernel) #250623 +CVE-2006-6058 VULNERABLE (kernel, fixed 2.6.24) #250623 CVE-2006-6057 version (kernel, fixed kernel-2_6_20-1_2924_fc6) [since FEDORA-2007-432] CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] @@ -265,7 +267,7 @@ CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] CVE-2006-5871 version (kernel, fixed 2.6.10) -CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560 +CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560 CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] CVE-2006-5864 backport (evince) #217672 [since ???] CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 @@ -311,7 +313,7 @@ CVE-2006-5229 ignore (openssh) not reproduced CVE-2006-5215 version (xorg-x11-xdm) CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession -CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167 +CVE-2006-5215 ignore (xorg-x11-xinit) #212167 FC6 was not vulnerabe really CVE-2006-5214 version (xorg-x11-xdm) CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession CVE-2006-5214 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-659] @@ -382,10 +384,10 @@ CVE-2006-4340 version (nss, fixed 3.11.3) CVE-2006-4339 backport (openssl097) CVE-2006-4339 backport (openssl, fixed 0.9.8c) -CVE-2006-4338 backport (gzip) lha still VULNERABLE to the same flaw -CVE-2006-4337 backport (gzip) lha still VULNERABLE to the same flaw +CVE-2006-4338 backport (gzip) +CVE-2006-4337 backport (gzip) CVE-2006-4336 backport (gzip) -CVE-2006-4335 backport (gzip) lha still VULNERABLE to the same flaw +CVE-2006-4335 backport (gzip) CVE-2006-4334 backport (gzip) CVE-2006-4333 version (wireshark, fixed 0.99.3) CVE-2006-4332 version (wireshark, fixed 0.99.3) @@ -508,8 +510,7 @@ CVE-2006-2932 ignore (kernel) no 4G/4G split support CVE-2006-2916 ignore (arts) not shipped setuid CVE-2006-2906 backport (gd) from changelog -CVE-2006-2894 VULNERABLE (firefox, fixed 2.0.0.8) -CVE-2006-2894 VULNERABLE (seamonkey, fixed 1.1.5) #194511 +CVE-2006-2894 version (firefox, fixed 2.0.0.8) CVE-2006-2842 version (squirrelmail, fixed 1.4.6) CVE-2006-2789 version (evolution, fixed 2.4.X) CVE-2006-2788 version (firefox, fixed 1.5.0.4) @@ -779,11 +780,11 @@ CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) CVE-2006-0019 version (kdelibs, fixed 3.5.1) CVE-2005-4811 version (kernel, fixed 2.6.13) -CVE-2005-4809 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390630 +CVE-2005-4809 ignore (firefox) Status bar can be modified anyways CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug CVE-2005-4798 version (kernel, not 2.6) -CVE-2005-4790 ** (tomboy) #252294 +CVE-2005-4790 VULNERABLE (tomboy) #252294 CVE-2005-4784 ignore (glibc) struct dirent is big enough CVE-2005-4746 version (freeradius, fixed 1.0.5) CVE-2005-4745 version (freeradius, fixed 1.0.5) @@ -1757,7 +1758,7 @@ CVE-2003-1307 ignore (mod_php) not a vulnerability CVE-2003-1303 version (php, fixed 4.3.3) CVE-2003-1302 version (php, fixed 4.3.1) -CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 +CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 CVE-2003-1232 version (emacs, fixed 21.3) CVE-2003-1201 version (openldap, not 2.2) CVE-2003-1161 version (kernel, not released version) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.168 retrieving revision 1.169 diff -u -r1.168 -r1.169 --- fc7 9 Nov 2007 17:04:36 -0000 1.168 +++ fc7 9 Nov 2007 19:06:26 -0000 1.169 @@ -9,7 +9,7 @@ # Up to date FC7 as of 20071029 CVE-2007-5795 VULNERABLE (emacs) #367581 -CVE-2007-5770 backport (ruby) [since FEDORA-2007-2685] +CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] really fixed? CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago @@ -71,13 +71,13 @@ CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 [since FEDORA-2007-2299] CVE-2007-5037 VULNERABLE (inotify-tools) #299771 CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224] -CVE-2007-5007 VULNERABLE (balsa) #297601 +CVE-2007-5007 version (balsa) #297601 [since FEDORA-2007-2302] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-4999 version (pidgin, fixed 2.2.2) [since FEDORA-2007-2714] CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368] CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530] CVE-2007-4993 backport (xen) [since FEDORA-2007-2270] -CVE-2007-4990 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) +CVE-2007-4990 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373331 CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236] CVE-2007-4965 backport (python) imageop module heap overflow [since FEDORA-2007-2663] CVE-2007-4924 version (opal, fixed 2.2.10) #297551 [since FEDORA-2007-2245] @@ -109,10 +109,10 @@ CVE-2007-4573 version (kernel) [since FEDORA-2007-2298] CVE-2007-4571 version (kernel) [since FEDORA-2007-2349] CVE-2007-4569 backport (kdebase) #299731 [since FEDORA-2007-2361] -CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) +CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373261 CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] -CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315281 +CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018] @@ -179,7 +179,7 @@ CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214] CVE-2007-3845 ignore (firefox) windows specific CVE-2007-3844 version (firefox, fixed 2.0.0.6) #250648 "fixed on next update" -CVE-2007-3843 VULNERABLE (kernel) #246595 +CVE-2007-3843 version (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699] CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700] @@ -245,7 +245,7 @@ CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674] CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] -CVE-2007-3145 VULNERABLE (galeon) ** +CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3126 ignore (gimp) just a crash CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] @@ -330,7 +330,7 @@ CVE-2007-2241 backport (bind) [since FEDORA-2007-0300] CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction CVE-2007-2172 version (kernel, fixed 2.6.21-rc6) -CVE-2007-2165 VULNERABLE (proftpd) #237533 +CVE-2007-2165 version (proftpd) #237533 [since FEDORA-2007-2613] CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174] CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] @@ -454,7 +454,7 @@ *CVE-2007-1030 ** (libevent) *CVE-2007-1007 ** (ekiga) *CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] -CVE-2007-1004 VULNERABLE (mozilla) +CVE-2007-1004 version (mozilla) CVE-2007-1003 version (xorg-x11-server, fixed > X11R7.2) #235263 CVE-2007-1002 version (evolution) #233587 CVE-2007-1001 version (php, fixed 5.2.2) @@ -534,7 +534,7 @@ *CVE-2007-0240 backport (zope, fixed 2.9.6-2) #233378 *CVE-2007-0239 ** (openoffice.org) *CVE-2007-0238 ** (openoffice.org) -*CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage +CVE-2007-0235 version (libgtop2, 2.14.6) #222637 *CVE-2007-0227 ** (slocate) CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 *CVE-2007-0160 backport (centericq, fixed 4.21.0-9) #227791 @@ -643,10 +643,10 @@ *CVE-2006-6101 ** (xorg-x11) *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] CVE-2006-6085 version (kile, fixed 1.9.3) #217238 -CVE-2006-6077 VULNERABLE (firefox) +CVE-2006-6077 version (firefox, fixed 1.5.0.10) CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support -CVE-2006-6058 VULNERABLE (kernel, fixed **) -CVE-2006-6057 VULNERABLE (kernel, fixed **) +CVE-2006-6058 VULNERABLE (kernel, fixed 2.6.24) 250623 +CVE-2006-6057 version (kernel, fixed **) CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 @@ -673,14 +673,14 @@ CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263 CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash CVE-2006-5783 ignore (firefox) disputed -*CVE-2006-5779 VULNERABLE (openldap, fixed 2.3.29) #214768 +CVE-2006-5779 version (openldap, fixed 2.3.29) #214768 CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5754 ** (kernel) *CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] CVE-2006-5752 backport (httpd) #244665 [since FEDORA-2007-0704] CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471] *CVE-2006-5750 ** (jboss) -*CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2) +CVE-2006-5749 version (kernel, fixed 2.6.20-rc2) CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822 CVE-2006-5748 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] @@ -689,7 +689,7 @@ CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe *CVE-2006-5705 backport (wordpress, fixed 2.0.4-3) #213985 -*CVE-2006-5701 VULNERABLE (kernel) squashfs is not included upstream +CVE-2006-5701 version (kernel) squashfs is not included upstream CVE-2006-5633 ignore (firefox) just a client DoS CVE-2006-5619 version (kernel, fixed 2.6.18.2, fixed 2.6.19-rc4) [since FEDORA-2006-1223] CVE-2006-5602 version (xsupplicant, fixed 1.2.6) @@ -712,7 +712,7 @@ CVE-2006-5463 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5462 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5462 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] -*CVE-2006-5461 VULNERABLE (avahi, fixed 0.6.15) +CVE-2006-5461 version (avahi, fixed 0.6.15) *CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285] CVE-2006-5456 version (GraphicsMagick, fixed 1.1.7) [since FEDORA-2007-1340] *CVE-2006-5455 backport (bugzilla, fixed 2.22-7) #212355 @@ -731,10 +731,10 @@ CVE-2006-5214 version (xorg-x11-xinit) #212167 *CVE-2006-5214 version (xorg-x11-xdm) CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession -CVE-2006-5178 VULNERABLE (php) can't be fixed +CVE-2006-5178 ignore (php) safe_mode WONTFIX CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield -*CVE-2006-5170 VULNERABLE (nss_ldap, fixed 183) +CVE-2006-5170 version (nss_ldap, fixed 183) CVE-2006-5160 ignore (firefox) unverified CVE-2006-5159 ignore (firefox) unverified CVE-2006-5158 version (kernel, fixed 2.6.15) @@ -801,7 +801,7 @@ CVE-2006-4565 version (thunderbird, fixed 1.5.0.7) CVE-2006-4565 version (seamonkey, fixed 1.0.5) #209167 CVE-2006-4565 version (firefox, fixed 1.5.0.7) -CVE-2006-4561 VULNERABLE (firefox) +CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this. CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6) CVE-2006-4535 version (kernel, fixed 2.6.18-rc6) CVE-2006-4519 version (gimp, fixed 2.2.16) #247566 [since FEDORA-2007-1044] @@ -828,11 +828,11 @@ CVE-2006-4340 version (nss, fixed 3.11.3) *CVE-2006-4339 backport (openssl, fixed 0.9.8c) *CVE-2006-4339 backport (openssl097) -*CVE-2006-4338 backport (gzip) lha still VULNERABLE to the same flaw -*CVE-2006-4337 backport (gzip) lha still VULNERABLE to the same flaw -*CVE-2006-4336 backport (gzip) -*CVE-2006-4335 backport (gzip) lha still VULNERABLE to the same flaw -*CVE-2006-4334 backport (gzip) +CVE-2006-4338 backport (gzip) +CVE-2006-4337 backport (gzip) +CVE-2006-4336 backport (gzip) +CVE-2006-4335 backport (gzip) +CVE-2006-4334 backport (gzip) CVE-2006-4333 version (wireshark, fixed 0.99.3) CVE-2006-4332 version (wireshark, fixed 0.99.3) CVE-2006-4331 version (wireshark, fixed 0.99.3) @@ -973,8 +973,8 @@ CVE-2006-2920 version (sylpheed-claws, fixed 2.2.2) CVE-2006-2916 ignore (arts) not shipped setuid CVE-2006-2906 backport (gd) from changelog -CVE-2006-2894 VULNERABLE (firefox, fixed 2.0.0.8) -CVE-2006-2894 VULNERABLE (seamonkey, fixed 1.1.5) #194511 +CVE-2006-2894 version (firefox, fixed 2.0.0.8) +CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511 CVE-2006-2842 version (squirrelmail, fixed 1.4.6) CVE-2006-2789 version (evolution, fixed 2.4.X) CVE-2006-2788 version (firefox, fixed 1.5.0.4) @@ -1231,7 +1231,7 @@ CVE-2006-1015 ignore (php) safe mode isn't safe CVE-2006-1014 ignore (php) safe mode isn't safe CVE-2006-0996 version (php, fixed 5.1.4) -CVE-2006-0987 VULNERABLE (bind) example config file only +CVE-2006-0987 ignore (bind) example config file only CVE-2006-0903 version (mysql, fixed 4.1.19) CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) CVE-2006-0883 version (openssh, fixed 3.8.1p1) @@ -1273,7 +1273,7 @@ CVE-2006-0554 version (kernel, fixed 2.6.16) CVE-2006-0553 version (postgresql, only 8.1, fixed 8.1.3) CVE-2006-0528 version (cairo, fixed 1.0.4) -CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253 +CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 *CVE-2006-0482 ignore (kernel) sparc only CVE-2006-0481 version (libpng, 1.2.7 only) *CVE-2006-0459 version (flex) by inspection @@ -1355,7 +1355,7 @@ CVE-2005-4837 version (net-snmp, fixed 5.2.2) *CVE-2005-4836 ** (tomcat) CVE-2005-4811 version (kernel, fixed 2.6.13) -CVE-2005-4809 VULNERABLE (firefox) +CVE-2005-4809 ignore (firefox) Status bar can be modified anyways CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug CVE-2005-4803 version (graphviz, fixed 2.2.1) @@ -2381,8 +2381,8 @@ CVE-2003-1302 version (php, fixed 4.3.1) *CVE-2003-1295 ** (xscreensaver) *CVE-2003-1294 ** (xscreensaver) -CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 -CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 +CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 +CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 CVE-2003-1232 version (emacs, fixed 21.3) CVE-2003-1201 version (openldap, not 2.2) CVE-2003-1161 version (kernel, not released version) From fedora-security-commits at redhat.com Mon Nov 12 16:11:26 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 12 Nov 2007 11:11:26 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.12, 1.13 f9, 1.11, 1.12 fc6, 1.294, 1.295 fc7, 1.169, 1.170 Message-ID: <200711121611.lACGBQRG029044@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29018/audit Modified Files: f8 f9 fc6 fc7 Log Message: perl re issues Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- f8 9 Nov 2007 19:06:26 -0000 1.12 +++ f8 12 Nov 2007 16:11:24 -0000 1.13 @@ -36,6 +36,7 @@ CVE-2007-5200 version (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891 CVE-2007-5197 version (mono, fixed 1.2.5.1) #367541 [since mono-1.2.5.1-2.fc8] +CVE-2007-5116 VULNERABLE (perl) #378141 CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- f9 9 Nov 2007 19:06:26 -0000 1.11 +++ f9 12 Nov 2007 16:11:24 -0000 1.12 @@ -36,6 +36,7 @@ CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9] CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901 CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367551 +CVE-2007-5116 VULNERABLE (perl) #378151 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.294 retrieving revision 1.295 diff -u -r1.294 -r1.295 --- fc6 9 Nov 2007 19:06:26 -0000 1.294 +++ fc6 12 Nov 2007 16:11:24 -0000 1.295 @@ -32,6 +32,7 @@ CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718] CVE-2007-5137 backport (tk, fixed 8.4.16) #332071 [since FEDORA-2007-728] CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-725] +CVE-2007-5116 VULNERABLE (perl) #378121 CVE-2007-5079 VULNERABLE (gdm) #363031 CVE-2007-5034 version (elinks) #297611 [since FEDORA-2007-710] CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-725] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.169 retrieving revision 1.170 diff -u -r1.169 -r1.170 --- fc7 9 Nov 2007 19:06:26 -0000 1.169 +++ fc7 12 Nov 2007 16:11:24 -0000 1.170 @@ -65,6 +65,7 @@ CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295] CVE-2007-5137 backport (tk, fixed 8.4.16) #332061 [since FEDORA-2007-2564] CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-2530] +CVE-2007-5116 VULNERABLE (perl) #378131 CVE-2007-5106 ignore (wordpress) affects old 2.0.x versions CVE-2007-5105 ignore (wordpress) affects old 2.0.x versions CVE-2007-5079 VULNERABLE (gdm) #363011 From fedora-security-commits at redhat.com Mon Nov 12 19:07:45 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 12 Nov 2007 14:07:45 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.13, 1.14 fc6, 1.295, 1.296 fc7, 1.170, 1.171 Message-ID: <200711121907.lACJ7jZA003176@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3063/audit Modified Files: f8 fc6 fc7 Log Message: add pcre flaws process large pile of fedora updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- f8 12 Nov 2007 16:11:24 -0000 1.13 +++ f8 12 Nov 2007 19:07:43 -0000 1.14 @@ -8,34 +8,35 @@ # Up to date F8 as of 20071029 CVE-2007-5795 VULNERABLE (emacs) #367591 -CVE-2007-5770 backport (ruby) #373391 really? +CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since liferea-1.2.23-5.fc8] -CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362771 version, 20071106 Testing -CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #362991 version, 20071106 Testing -CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #362991 version, 20071106 Testing +CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] +CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788] +CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] +CVE-2007-5707 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362801 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8 CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #363001 CVE-2007-5395 VULNERABLE (link-grammar) #372351 -CVE-2007-5393 VULNERABLE (xpdf) #372471 +CVE-2007-5393 backport (xpdf) #372471 [since FEDORA-2007-3014] CVE-2007-5393 backport (cups) [since FEDORA-2007-2982] CVE-2007-5393 VULNERABLE (poppler) #372511 -CVE-2007-5393 VULNERABLE (kdegraphics) #372571 -CVE-2007-5393 VULNERABLE (koffice) #372601 +CVE-2007-5393 backport (kdegraphics) #372571 [since FEDORA-2007-3001] +CVE-2007-5393 backport (koffice) #372601 [since FEDORA-2007-3093] CVE-2007-5393 VULNERABLE (tetex) #372661 -CVE-2007-5392 VULNERABLE (xpdf) #372471 +CVE-2007-5392 backport (xpdf) #372471 [since FEDORA-2007-3014] CVE-2007-5392 backport (cups) [since FEDORA-2007-2982] CVE-2007-5392 VULNERABLE (poppler) #372511 -CVE-2007-5392 VULNERABLE (kdegraphics) #372571 -CVE-2007-5392 VULNERABLE (koffice) #372601 +CVE-2007-5392 backport (kdegraphics) #372571 [since FEDORA-2007-3001] +CVE-2007-5392 backport (koffice) #372601 [since FEDORA-2007-3093] CVE-2007-5392 VULNERABLE (tetex) #372661 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831 CVE-2007-5200 version (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891 -CVE-2007-5197 version (mono, fixed 1.2.5.1) #367541 [since mono-1.2.5.1-2.fc8] +CVE-2007-5197 version (mono, fixed 1.2.5.1) #367541 [since FEDORA-2007-2969] +CVE-2007-5162 version (ruby) [since FEDORA-2007-2812] CVE-2007-5116 VULNERABLE (perl) #378141 CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 @@ -50,14 +51,15 @@ CVE-2007-4476 backport (tar) #280961 [since FEDORA-2007-2800] tar-1.17-4.fc8 CVE-2007-4476 backport (cpio, not fixed 2.9) #363891 [since FEDORA-2007-2827] cpio-2.9-5.fc8 CVE-2007-4400 VULNERABLE (konversation) #362921 Remove media script? -CVE-2007-4351 version (cups) #362971 [since cups-1.3.4-2.fc8] -CVE-2007-4352 VULNERABLE (xpdf) #372471 +CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982] +CVE-2007-4352 backport (xpdf) #372471 [since FEDORA-2007-3014] CVE-2007-4352 backport (cups) [since FEDORA-2007-2982] CVE-2007-4352 VULNERABLE (poppler) #372511 -CVE-2007-4352 VULNERABLE (kdegraphics) #372571 -CVE-2007-4352 VULNERABLE (koffice) #372601 +CVE-2007-4352 backport (kdegraphics) #372571 [since FEDORA-2007-3001] +CVE-2007-4352 backport (koffice) #372601 [since FEDORA-2007-3093] CVE-2007-4352 VULNERABLE (tetex) #372661 -CVE-2007-4351 VULNERABLE (cups) #362971 +CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982] +CVE-2007-4045 backport (cups) [since FEDORA-2007-2982] CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091 CVE-2007-3999 VULNERABLE (libtirpc) #362111 CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #363061 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.295 retrieving revision 1.296 diff -u -r1.295 -r1.296 --- fc6 12 Nov 2007 16:11:24 -0000 1.295 +++ fc6 12 Nov 2007 19:07:43 -0000 1.296 @@ -8,7 +8,7 @@ # Up to date FC6 as of 20071029 CVE-2007-5795 version (emacs, only 21) -CVE-2007-5770 VULNERABLE (ruby) #373371 +CVE-2007-5770 backport (ruby) #373371 [since FEDORA-2007-738] CVE-2007-5461 VULNERABLE (tomcat5) #334521 CVE-2007-5393 VULNERABLE (cups) CVE-2007-5393 VULNERABLE (poppler) #372491 @@ -22,7 +22,7 @@ CVE-2007-5337 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5335 ignore (mozilla) ff2 only CVE-2007-5334 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 -CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337471 +CVE-2007-5269 backport (libpng, fixed 1.2.21) #337471 [since FEDORA-2007-734] CVE-2007-5268 ignore (libpng) shipped version too old and not affected CVE-2007-5267 ignore (libpng) shipped version too old and not affected CVE-2007-5266 ignore (libpng) shipped version too old and not affected @@ -57,19 +57,21 @@ CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only) CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709] CVE-2007-4657 ignore (php, fixed 5.2.4) arbitrary read not remotely triggerable -CVE-2007-4619 backport (flac, fixed 1.2) #332581 [since flac-1.1.2-28] +CVE-2007-4619 backport (flac, fixed 1.2) #332581 [since FEDORA-2007-730] CVE-2007-4571 version (kernel) [since FEDORA-2007-714] CVE-2007-4569 backport (kdebase) #299741 [since FEDORA-2007-716] CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373251 CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 +CVE-2007-4476 backport (cpio) [since FEDORA-2007-742] +CVE-2007-4476 backport (tar) [since FEDORA-2007-735] CVE-2007-4465 version (httpd) [since FEDORA-2007-707] CVE-2007-4357 ignore (firefox) status bar can be overwrittten CVE-2007-4352 VULNERABLE (cups) CVE-2007-4352 VULNERABLE (poppler) #372491 CVE-2007-4352 VULNERABLE (kdegraphics) #372551 -CVE-2007-4351 VULNERABLE (cups) #361671 +CVE-2007-4351 backport (cups) #361671 [since FEDORA-2007-740] CVE-2007-4255 ignore (php) msql extension not shipped CVE-2007-4251 ignore (openoffice.org) just a crash CVE-2007-4229 ignore (kdebase) just an ASSERT fail @@ -90,7 +92,7 @@ CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3920 VULNERABLE (compiz) #350271 -CVE-2007-3919 backport (xen) #362001 [since xen-3.0.3-13.fc6] +CVE-2007-3919 backport (xen) #362001 [since FEDORA-2007-737] CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675] CVE-2007-3848 version (kernel) [since FEDORA-2007-679] CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707] @@ -168,6 +170,8 @@ CVE-2007-1841 backport (ipsec-tools) #238052 [since FEDORA-2007-665] CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413] CVE-2007-1667 backport (libX11) [since FEDORA-2007-426] +CVE-2007-1660 VULNERABLE (pcre, fixed 7.3) #378401 +CVE-2007-1659 VULNERABLE (pcre, fixed 7.3) #378401 CVE-2007-1565 ignore (kdebase) client crash CVE-2007-1564 ignore (kdebase) Correct behavior according to RFC CVE-2007-1562 version (mozilla) #241840 [since FEDORA-2007-549] @@ -228,6 +232,7 @@ CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226] CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] +CVE-2006-7224 VULNERABLE (pcre, fixed 6.7) #378401 CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib CVE-2006-6939 version (ed, fixed 0.3) #223075 [since FEDORA-2007-100] CVE-2006-6899 version (bluez-utils, fixed 2.23) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.170 retrieving revision 1.171 diff -u -r1.170 -r1.171 --- fc7 12 Nov 2007 16:11:24 -0000 1.170 +++ fc7 12 Nov 2007 19:07:43 -0000 1.171 @@ -13,7 +13,7 @@ CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago -CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362761 +CVE-2007-5712 version (Django, fixed 0.96.1) #362761 [since FEDORA-2007-3157] CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081 CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081 CVE-2007-5626 ignore (bacula) known, documented limitation @@ -30,17 +30,17 @@ CVE-2007-5461 VULNERABLE (tomcat5) #334511 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe CVE-2007-5395 VULNERABLE (link-grammar) #372341 -CVE-2007-5393 VULNERABLE (xpdf) #372461 -CVE-2007-5393 VULNERABLE (cups) +CVE-2007-5393 backport (xpdf) #372461 [since FEDORA-2007-3031] +CVE-2007-5393 backport (cups) [since FEDORA-2007-3100] CVE-2007-5393 VULNERABLE (poppler) #372501 CVE-2007-5393 VULNERABLE (kdegraphics) #372561 -CVE-2007-5393 VULNERABLE (koffice) #372591 +CVE-2007-5393 backport (koffice) #372591 [since FEDORA-2007-3059] CVE-2007-5393 VULNERABLE (tetex) #372651 -CVE-2007-5392 VULNERABLE (xpdf) #372461 -CVE-2007-5392 VULNERABLE (cups) +CVE-2007-5392 backport (xpdf) #372461 [since FEDORA-2007-3031] +CVE-2007-5392 backport (cups) [since FEDORA-2007-3100] CVE-2007-5392 VULNERABLE (poppler) #372501 CVE-2007-5392 VULNERABLE (kdegraphics) #372561 -CVE-2007-5392 VULNERABLE (koffice) #372591 +CVE-2007-5392 backport (koffice) #372591 [since FEDORA-2007-3059] CVE-2007-5392 VULNERABLE (tetex) #372651 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738] CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] @@ -57,9 +57,9 @@ CVE-2007-5226 backport (dircproxy) #319301 [since FEDORA-2007-2419] CVE-2007-5208 backport (hplip) #329111 [since FEDORA-2007-2527] CVE-2007-5201 VULNERABLE (duplicity) #362821 -CVE-2007-5200 VULNERABLE (hugin) #362851 +CVE-2007-5200 backport (hugin) #362851 [since FEDORA-2007-2989] CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881 -CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367531 +CVE-2007-5197 backport (mono, fixed 1.2.5.1) #367531 [since FEDORA-2007-3130] CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462] CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406] CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295] @@ -70,7 +70,7 @@ CVE-2007-5105 ignore (wordpress) affects old 2.0.x versions CVE-2007-5079 VULNERABLE (gdm) #363011 CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 [since FEDORA-2007-2299] -CVE-2007-5037 VULNERABLE (inotify-tools) #299771 +CVE-2007-5037 version (inotify-tools) #299771 [since FEDORA-2007-3074] CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224] CVE-2007-5007 version (balsa) #297601 [since FEDORA-2007-2302] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 @@ -91,6 +91,9 @@ CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189] CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196] +CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4730 ignore (xorg-x11) #286051 ajax says F7 is not vulnerable @@ -106,7 +109,7 @@ CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020] CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108] -CVE-2007-4619 version (flac, fixed 1.2) #332571 [since flac-1.2.1-1.fc7] +CVE-2007-4619 version (flac, fixed 1.2) #332571 [since FEDORA-2007-2596] CVE-2007-4573 version (kernel) [since FEDORA-2007-2298] CVE-2007-4571 version (kernel) [since FEDORA-2007-2349] CVE-2007-4569 backport (kdebase) #299731 [since FEDORA-2007-2361] @@ -123,18 +126,18 @@ CVE-2007-4533 backport (vavoom) #256621 [since FEDORA-2007-1977] CVE-2007-4532 backport (vavoom) #256621 [since FEDORA-2007-1977] CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 [since FEDORA-2007-2050] -CVE-2007-4476 VULNERABLE (cpio) +CVE-2007-4476 backport (cpio) [since FEDORA-2007-2744] CVE-2007-4476 backport (tar) [since FEDORA-2007-2673] CVE-2007-4465 version (httpd) [since FEDORA-2007-2214] CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774] CVE-2007-4400 VULNERABLE (konversation) #362911 CVE-2007-4357 ignore (firefox) status bar can be overwrittten -CVE-2007-4352 VULNERABLE (xpdf) #372461 -CVE-2007-4352 VULNERABLE (cups) +CVE-2007-4352 backport (xpdf) #372461 [since FEDORA-2007-3031] +CVE-2007-4352 backport (cups) [since FEDORA-2007-3100] CVE-2007-4352 VULNERABLE (poppler) #372501 CVE-2007-4352 VULNERABLE (kdegraphics) #372561 -CVE-2007-4352 VULNERABLE (koffice) #372591 +CVE-2007-4352 backport (koffice) #372591 [since FEDORA-2007-3059] CVE-2007-4352 VULNERABLE (tetex) #372651 CVE-2007-4351 backport (cups) #361661 [since FEDORA-2007-2715] CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] @@ -159,6 +162,7 @@ CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890] CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765] +CVE-2007-4045 backport (cups) [since FEDORA-2007-3100] CVE-2007-4033 backport (t1lib) #303021 [since FEDORA-2007-2343] CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017] @@ -369,6 +373,10 @@ CVE-2007-1665 version (ekg) #246034 [since FEDORA-2007-0791] CVE-2007-1664 version (ekg) #246034 [since FEDORA-2007-0791] CVE-2007-1663 version (ekg) #246034 [since FEDORA-2007-0791] +CVE-2007-1662 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-1661 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-1660 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-1659 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-1649 version (php, fixed 5.2.2) CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 @@ -556,6 +564,7 @@ CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected +CVE-2006-7224 VULNERABLE (pcre, fixed 6.7) #378411 CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib CVE-2006-7205 ignore (php) See NVD CVE-2006-7204 ignore (php) See NVD @@ -1361,7 +1370,7 @@ CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug CVE-2005-4803 version (graphviz, fixed 2.2.1) CVE-2005-4798 version (kernel, not 2.6) -CVE-2005-4790 VULNERABLE (tomboy) #362941 +CVE-2005-4790 backport (tomboy) #362941 [since FEDORA-2007-3011] CVE-2005-4784 ignore (glibc) struct dirent is big enough CVE-2005-4746 version (freeradius, fixed 1.0.5) CVE-2005-4745 version (freeradius, fixed 1.0.5) From fedora-security-commits at redhat.com Mon Nov 12 20:59:41 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 12 Nov 2007 15:59:41 -0500 Subject: [Fedora-security-commits] fedora-security/audit epel4, 1.3, 1.4 epel5, 1.5, 1.6 Message-ID: <200711122059.lACKxftU018153@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18129 Modified Files: epel4 epel5 Log Message: Catch epel4 and epel5 up Index: epel4 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel4,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- epel4 5 Oct 2007 02:02:04 -0000 1.3 +++ epel4 12 Nov 2007 20:59:39 -0000 1.4 @@ -3,9 +3,24 @@ # *CVE are items that need verification for EPEL-4 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20071004 -# Up to date EPEL4 as of 20071004 +# Up to date CVE as of CVE email 20071112 +# Up to date EPEL4 as of 20071112 # +CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time +CVE-2007-5715 backport (denyhosts) fixed long ago +CVE-2007-5712 version (Django, fixed 0.96.1) #362761 +CVE-2007-5626 ignore (bacula) known, documented limitation +CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362791 +CVE-2007-5623 backport (nagios-plugins) #348731 +CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5595 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5594 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5593 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe +CVE-2007-5226 backport (dircproxy) #319301 +CVE-2007-5201 VULNERABLE (duplicity) #362821 +CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881 GENERIC-MAP-NOMATCH VULNERABLE (nagios-plugins, fixed 1.4.10) #315101 *CVE-2007-5159 backport (ntfs-3g) #298651 CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 Index: epel5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel5,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- epel5 5 Oct 2007 02:02:04 -0000 1.5 +++ epel5 12 Nov 2007 20:59:39 -0000 1.6 @@ -3,9 +3,24 @@ # *CVE are items that need verification for EPEL-5 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20071004 -# Up to date EPEL5 as of 20071004 +# Up to date CVE as of CVE email 20071112 +# Up to date EPEL5 as of 20071112 # +CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time +CVE-2007-5715 backport (denyhosts) fixed long ago +CVE-2007-5712 version (Django, fixed 0.96.1) #362761 +CVE-2007-5626 ignore (bacula) known, documented limitation +CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362791 +CVE-2007-5623 backport (nagios-plugins) #348731 +CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5595 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5594 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5593 version (drupal, fixed 5.3) [since FEDORA-2007-2649] +CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe +CVE-2007-5226 backport (dircproxy) #319301 +CVE-2007-5201 VULNERABLE (duplicity) #362821 +CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881 GENERIC-MAP-NOMATCH VULNERABLE (nagios-plugins, fixed 1.4.10) #315101 *CVE-2007-5159 backport (ntfs-3g) #298651 CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 From fedora-security-commits at redhat.com Tue Nov 13 00:36:24 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 12 Nov 2007 19:36:24 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.14, 1.15 f9, 1.12, 1.13 fc7, 1.171, 1.172 Message-ID: <200711130036.lAD0aOre032241@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32214 Modified Files: f8 f9 fc7 Log Message: New Pear MDB2 thing, updates for perl and tomboy Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- f8 12 Nov 2007 19:07:43 -0000 1.14 +++ f8 13 Nov 2007 00:36:22 -0000 1.15 @@ -7,6 +7,9 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2) #379101 +GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysql) #379131 +GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysqli) #379161 CVE-2007-5795 VULNERABLE (emacs) #367591 CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 @@ -18,7 +21,7 @@ CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8 CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #363001 -CVE-2007-5395 VULNERABLE (link-grammar) #372351 +CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235] CVE-2007-5393 backport (xpdf) #372471 [since FEDORA-2007-3014] CVE-2007-5393 backport (cups) [since FEDORA-2007-2982] CVE-2007-5393 VULNERABLE (poppler) #372511 @@ -37,7 +40,7 @@ CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891 CVE-2007-5197 version (mono, fixed 1.2.5.1) #367541 [since FEDORA-2007-2969] CVE-2007-5162 version (ruby) [since FEDORA-2007-2812] -CVE-2007-5116 VULNERABLE (perl) #378141 +CVE-2007-5116 backport (perl) #378141 [since FEDORA-2007-3218] CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 @@ -111,7 +114,7 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways -CVE-2005-4790 VULNERABLE (tomboy) #362951 +CVE-2005-4790 backport (tomboy) #362951 [since FEDORA-2007-3253] CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- f9 12 Nov 2007 16:11:24 -0000 1.12 +++ f9 13 Nov 2007 00:36:22 -0000 1.13 @@ -7,6 +7,9 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2) #379111 +GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysql) #379141 +GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysqli) #379171 CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 needs verification Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.171 retrieving revision 1.172 diff -u -r1.171 -r1.172 --- fc7 12 Nov 2007 19:07:43 -0000 1.171 +++ fc7 13 Nov 2007 00:36:22 -0000 1.172 @@ -8,6 +8,9 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2) #379091 +GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysql) #379121 +GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysqli) #379151 CVE-2007-5795 VULNERABLE (emacs) #367581 CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] really fixed? CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] @@ -65,7 +68,7 @@ CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295] CVE-2007-5137 backport (tk, fixed 8.4.16) #332061 [since FEDORA-2007-2564] CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-2530] -CVE-2007-5116 VULNERABLE (perl) #378131 +CVE-2007-5116 backport (perl) #378131 [since FEDORA-2007-3255] CVE-2007-5106 ignore (wordpress) affects old 2.0.x versions CVE-2007-5105 ignore (wordpress) affects old 2.0.x versions CVE-2007-5079 VULNERABLE (gdm) #363011 From fedora-security-commits at redhat.com Tue Nov 13 14:15:17 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 13 Nov 2007 09:15:17 -0500 Subject: [Fedora-security-commits] fedora-security/audit fc7,1.172,1.173 Message-ID: <200711131415.lADEFH8F008850@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8817/audit Modified Files: fc7 Log Message: kdegraphics update Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.172 retrieving revision 1.173 diff -u -r1.172 -r1.173 --- fc7 13 Nov 2007 00:36:22 -0000 1.172 +++ fc7 13 Nov 2007 14:15:15 -0000 1.173 @@ -36,13 +36,13 @@ CVE-2007-5393 backport (xpdf) #372461 [since FEDORA-2007-3031] CVE-2007-5393 backport (cups) [since FEDORA-2007-3100] CVE-2007-5393 VULNERABLE (poppler) #372501 -CVE-2007-5393 VULNERABLE (kdegraphics) #372561 +CVE-2007-5393 backport (kdegraphics) #372561 [since FEDORA-2007-2985] CVE-2007-5393 backport (koffice) #372591 [since FEDORA-2007-3059] CVE-2007-5393 VULNERABLE (tetex) #372651 CVE-2007-5392 backport (xpdf) #372461 [since FEDORA-2007-3031] CVE-2007-5392 backport (cups) [since FEDORA-2007-3100] CVE-2007-5392 VULNERABLE (poppler) #372501 -CVE-2007-5392 VULNERABLE (kdegraphics) #372561 +CVE-2007-5392 backport (kdegraphics) #372561 [since FEDORA-2007-2985] CVE-2007-5392 backport (koffice) #372591 [since FEDORA-2007-3059] CVE-2007-5392 VULNERABLE (tetex) #372651 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738] @@ -139,7 +139,7 @@ CVE-2007-4352 backport (xpdf) #372461 [since FEDORA-2007-3031] CVE-2007-4352 backport (cups) [since FEDORA-2007-3100] CVE-2007-4352 VULNERABLE (poppler) #372501 -CVE-2007-4352 VULNERABLE (kdegraphics) #372561 +CVE-2007-4352 backport (kdegraphics) #372561 [since FEDORA-2007-2985] CVE-2007-4352 backport (koffice) #372591 [since FEDORA-2007-3059] CVE-2007-4352 VULNERABLE (tetex) #372651 CVE-2007-4351 backport (cups) #361661 [since FEDORA-2007-2715] From fedora-security-commits at redhat.com Tue Nov 13 14:31:13 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 13 Nov 2007 09:31:13 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.15, 1.16 f9, 1.13, 1.14 fc6, 1.296, 1.297 fc7, 1.173, 1.174 Message-ID: <200711131431.lADEVD6n010658@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10618/audit Modified Files: f8 f9 fc6 fc7 Log Message: tetex Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- f8 13 Nov 2007 00:36:22 -0000 1.15 +++ f8 13 Nov 2007 14:31:11 -0000 1.16 @@ -7,6 +7,9 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379861 Multiple dviljk buffer overflows +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379861 dviljk uses insecure temporary file +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379861 dvips -z buffer overflow with long href GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2) #379101 GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysql) #379131 GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysqli) #379161 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- f9 13 Nov 2007 00:36:22 -0000 1.13 +++ f9 13 Nov 2007 14:31:11 -0000 1.14 @@ -7,12 +7,15 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379851 Multiple dviljk buffer overflows +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379851 dviljk uses insecure temporary file +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379851 dvips -z buffer overflow with long href GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2) #379111 GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysql) #379141 GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysqli) #379171 CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-5770 backport (ruby) #373401 needs verification +CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9] CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9] Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.296 retrieving revision 1.297 diff -u -r1.296 -r1.297 --- fc6 12 Nov 2007 19:07:43 -0000 1.296 +++ fc6 13 Nov 2007 14:31:11 -0000 1.297 @@ -7,6 +7,10 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC6 as of 20071029 + +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379841 Multiple dviljk buffer overflows +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379841 dviljk uses insecure temporary file +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379841 dvips -z buffer overflow with long href CVE-2007-5795 version (emacs, only 21) CVE-2007-5770 backport (ruby) #373371 [since FEDORA-2007-738] CVE-2007-5461 VULNERABLE (tomcat5) #334521 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.173 retrieving revision 1.174 diff -u -r1.173 -r1.174 --- fc7 13 Nov 2007 14:15:15 -0000 1.173 +++ fc7 13 Nov 2007 14:31:11 -0000 1.174 @@ -8,11 +8,14 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379831 Multiple dviljk buffer overflows +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379831 dviljk uses insecure temporary file +GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379831 dvips -z buffer overflow with long href GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2) #379091 GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysql) #379121 GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysqli) #379151 CVE-2007-5795 VULNERABLE (emacs) #367581 -CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] really fixed? +CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago From fedora-security-commits at redhat.com Tue Nov 13 22:16:56 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 13 Nov 2007 17:16:56 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.16, 1.17 f9, 1.14, 1.15 fc7, 1.174, 1.175 Message-ID: <200711132216.lADMGudh009458@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2036 Modified Files: f8 f9 fc7 Log Message: CVE names for PHP Pear MDB2 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- f8 13 Nov 2007 14:31:11 -0000 1.16 +++ f8 13 Nov 2007 22:16:54 -0000 1.17 @@ -10,9 +10,9 @@ GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379861 Multiple dviljk buffer overflows GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379861 dviljk uses insecure temporary file GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379861 dvips -z buffer overflow with long href -GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2) #379101 -GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysql) #379131 -GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysqli) #379161 +CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379101 +CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379131 +CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379161 CVE-2007-5795 VULNERABLE (emacs) #367591 CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- f9 13 Nov 2007 14:31:11 -0000 1.14 +++ f9 13 Nov 2007 22:16:54 -0000 1.15 @@ -10,9 +10,9 @@ GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379851 Multiple dviljk buffer overflows GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379851 dviljk uses insecure temporary file GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379851 dvips -z buffer overflow with long href -GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2) #379111 -GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysql) #379141 -GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysqli) #379171 +CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379111 +CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379141 +CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379171 CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.174 retrieving revision 1.175 diff -u -r1.174 -r1.175 --- fc7 13 Nov 2007 14:31:11 -0000 1.174 +++ fc7 13 Nov 2007 22:16:54 -0000 1.175 @@ -11,9 +11,9 @@ GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379831 Multiple dviljk buffer overflows GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379831 dviljk uses insecure temporary file GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379831 dvips -z buffer overflow with long href -GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2) #379091 -GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysql) #379121 -GENERIC-MAP-NOMATCH VULNERABLE (php-pear-MDB2-Driver-mysqli) #379151 +CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379091 +CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379121 +CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379151 CVE-2007-5795 VULNERABLE (emacs) #367581 CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] From fedora-security-commits at redhat.com Tue Nov 13 22:37:42 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 13 Nov 2007 17:37:42 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.17, 1.18 f9, 1.15, 1.16 fc6, 1.297, 1.298 fc7, 1.175, 1.176 Message-ID: <200711132237.lADMbg2O011000@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10721 Modified Files: f8 f9 fc6 fc7 Log Message: CVEs for teTeX Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- f8 13 Nov 2007 22:16:54 -0000 1.17 +++ f8 13 Nov 2007 22:37:40 -0000 1.18 @@ -7,9 +7,9 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379861 Multiple dviljk buffer overflows -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379861 dviljk uses insecure temporary file -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379861 dvips -z buffer overflow with long href +CVE-2007-5937 VULNERABLE (tetex) #379861 Multiple dviljk buffer overflows +CVE-2007-5936 VULNERABLE (tetex) #379861 dviljk uses insecure temporary file +CVE-2007-5935 VULNERABLE (tetex) #379861 dvips -z buffer overflow with long href CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379101 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379131 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379161 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- f9 13 Nov 2007 22:16:54 -0000 1.15 +++ f9 13 Nov 2007 22:37:40 -0000 1.16 @@ -7,9 +7,9 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379851 Multiple dviljk buffer overflows -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379851 dviljk uses insecure temporary file -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379851 dvips -z buffer overflow with long href +CVE-2007-5937 VULNERABLE (tetex) #379851 Multiple dviljk buffer overflows +CVE-2007-5936 VULNERABLE (tetex) #379851 dviljk uses insecure temporary file +CVE-2007-5935 VULNERABLE (tetex) #379851 dvips -z buffer overflow with long href CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379111 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379141 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379171 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.297 retrieving revision 1.298 diff -u -r1.297 -r1.298 --- fc6 13 Nov 2007 14:31:11 -0000 1.297 +++ fc6 13 Nov 2007 22:37:40 -0000 1.298 @@ -8,9 +8,9 @@ # Up to date FC6 as of 20071029 -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379841 Multiple dviljk buffer overflows -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379841 dviljk uses insecure temporary file -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379841 dvips -z buffer overflow with long href +CVE-2007-5937 VULNERABLE (tetex) #379841 Multiple dviljk buffer overflows +CVE-2007-5936 VULNERABLE (tetex) #379841 dviljk uses insecure temporary file +CVE-2007-5935 VULNERABLE (tetex) #379841 dvips -z buffer overflow with long href CVE-2007-5795 version (emacs, only 21) CVE-2007-5770 backport (ruby) #373371 [since FEDORA-2007-738] CVE-2007-5461 VULNERABLE (tomcat5) #334521 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.175 retrieving revision 1.176 diff -u -r1.175 -r1.176 --- fc7 13 Nov 2007 22:16:54 -0000 1.175 +++ fc7 13 Nov 2007 22:37:40 -0000 1.176 @@ -8,9 +8,9 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379831 Multiple dviljk buffer overflows -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379831 dviljk uses insecure temporary file -GENERIC-MAP-NOMATCH VULNERABLE (tetex) #379831 dvips -z buffer overflow with long href +CVE-2007-5937 VULNERABLE (tetex) #379831 Multiple dviljk buffer overflows +CVE-2007-5936 VULNERABLE (tetex) #379831 dviljk uses insecure temporary file +CVE-2007-5935 VULNERABLE (tetex) #379831 dvips -z buffer overflow with long href CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379091 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379121 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379151 From fedora-security-commits at redhat.com Thu Nov 15 22:44:17 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 15 Nov 2007 17:44:17 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.18, 1.19 fc6, 1.298, 1.299 fc7, 1.176, 1.177 Message-ID: <200711152244.lAFMiH5Z025696@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25670 Modified Files: f8 fc6 fc7 Log Message: The iwlwifi NULL dereference Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- f8 13 Nov 2007 22:37:40 -0000 1.18 +++ f8 15 Nov 2007 22:44:15 -0000 1.19 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 +CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 VULNERABLE (tetex) #379861 Multiple dviljk buffer overflows CVE-2007-5936 VULNERABLE (tetex) #379861 dviljk uses insecure temporary file CVE-2007-5935 VULNERABLE (tetex) #379861 dvips -z buffer overflow with long href Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.298 retrieving revision 1.299 diff -u -r1.298 -r1.299 --- fc6 13 Nov 2007 22:37:40 -0000 1.298 +++ fc6 15 Nov 2007 22:44:15 -0000 1.299 @@ -8,6 +8,7 @@ # Up to date FC6 as of 20071029 +CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 VULNERABLE (tetex) #379841 Multiple dviljk buffer overflows CVE-2007-5936 VULNERABLE (tetex) #379841 dviljk uses insecure temporary file CVE-2007-5935 VULNERABLE (tetex) #379841 dvips -z buffer overflow with long href Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.176 retrieving revision 1.177 diff -u -r1.176 -r1.177 --- fc7 13 Nov 2007 22:37:40 -0000 1.176 +++ fc7 15 Nov 2007 22:44:15 -0000 1.177 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 +CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 VULNERABLE (tetex) #379831 Multiple dviljk buffer overflows CVE-2007-5936 VULNERABLE (tetex) #379831 dviljk uses insecure temporary file CVE-2007-5935 VULNERABLE (tetex) #379831 dvips -z buffer overflow with long href From fedora-security-commits at redhat.com Thu Nov 15 23:21:51 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 15 Nov 2007 18:21:51 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.19, 1.20 f9, 1.16, 1.17 fc7, 1.177, 1.178 Message-ID: <200711152321.lAFNLp2X007615@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7571 Modified Files: f8 f9 fc7 Log Message: New phpmyadmin Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- f8 15 Nov 2007 22:44:15 -0000 1.19 +++ f8 15 Nov 2007 23:21:49 -0000 1.20 @@ -7,6 +7,8 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 +CVE-2007-5977 VULNERABLE (phpMyAdmin) #385901 +CVE-2007-5976 VULNERABLE (phpMyAdmin) #385901 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 VULNERABLE (tetex) #379861 Multiple dviljk buffer overflows CVE-2007-5936 VULNERABLE (tetex) #379861 dviljk uses insecure temporary file Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- f9 13 Nov 2007 22:37:40 -0000 1.16 +++ f9 15 Nov 2007 23:21:49 -0000 1.17 @@ -7,6 +7,8 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 +CVE-2007-5977 VULNERABLE (phpMyAdmin) #385911 +CVE-2007-5976 VULNERABLE (phpMyAdmin) #385911 CVE-2007-5937 VULNERABLE (tetex) #379851 Multiple dviljk buffer overflows CVE-2007-5936 VULNERABLE (tetex) #379851 dviljk uses insecure temporary file CVE-2007-5935 VULNERABLE (tetex) #379851 dvips -z buffer overflow with long href @@ -113,7 +115,7 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways -CVE-2005-4790 VULNERABLE (tomboy) #362961 +CVE-2005-4790 backport (tomboy) #362961 [since tomboy-0.8.1-2.fc9] CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.177 retrieving revision 1.178 diff -u -r1.177 -r1.178 --- fc7 15 Nov 2007 22:44:15 -0000 1.177 +++ fc7 15 Nov 2007 23:21:49 -0000 1.178 @@ -8,6 +8,8 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 +CVE-2007-5977 VULNERABLE (phpMyAdmin) #385891 +CVE-2007-5976 VULNERABLE (phpMyAdmin) #385891 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 VULNERABLE (tetex) #379831 Multiple dviljk buffer overflows CVE-2007-5936 VULNERABLE (tetex) #379831 dviljk uses insecure temporary file From fedora-security-commits at redhat.com Mon Nov 19 09:09:26 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 19 Nov 2007 04:09:26 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.20, 1.21 f9, 1.17, 1.18 fc6, 1.299, 1.300 fc7, 1.178, 1.179 Message-ID: <200711190909.lAJ99Qju019671@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19638 Modified Files: f8 f9 fc6 fc7 Log Message: xen, mysql Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- f8 15 Nov 2007 23:21:49 -0000 1.20 +++ f8 19 Nov 2007 09:09:24 -0000 1.21 @@ -16,6 +16,9 @@ CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379101 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379131 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379161 +CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. +CVE-2007-5907 VULNERABLE (xen) #390111 +CVE-2007-5906 VULNERABLE (xen) #390111 CVE-2007-5795 VULNERABLE (emacs) #367591 CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- f9 15 Nov 2007 23:21:49 -0000 1.17 +++ f9 19 Nov 2007 09:09:24 -0000 1.18 @@ -15,6 +15,9 @@ CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379111 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379141 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379171 +CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. +CVE-2007-5907 VULNERABLE (xen) #390121 +CVE-2007-5906 VULNERABLE (xen) #390121 CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.299 retrieving revision 1.300 diff -u -r1.299 -r1.300 --- fc6 15 Nov 2007 22:44:15 -0000 1.299 +++ fc6 19 Nov 2007 09:09:24 -0000 1.300 @@ -7,11 +7,13 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC6 as of 20071029 - CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 VULNERABLE (tetex) #379841 Multiple dviljk buffer overflows CVE-2007-5936 VULNERABLE (tetex) #379841 dviljk uses insecure temporary file CVE-2007-5935 VULNERABLE (tetex) #379841 dvips -z buffer overflow with long href +CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. +CVE-2007-5907 VULNERABLE (xen) #390091 +CVE-2007-5906 VULNERABLE (xen) #390091 CVE-2007-5795 version (emacs, only 21) CVE-2007-5770 backport (ruby) #373371 [since FEDORA-2007-738] CVE-2007-5461 VULNERABLE (tomcat5) #334521 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.178 retrieving revision 1.179 diff -u -r1.178 -r1.179 --- fc7 15 Nov 2007 23:21:49 -0000 1.178 +++ fc7 19 Nov 2007 09:09:24 -0000 1.179 @@ -17,6 +17,9 @@ CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379091 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379121 CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379151 +CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. +CVE-2007-5907 VULNERABLE (xen) #390101 +CVE-2007-5906 VULNERABLE (xen) #390101 CVE-2007-5795 VULNERABLE (emacs) #367581 CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] From fedora-security-commits at redhat.com Mon Nov 19 09:10:40 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 19 Nov 2007 04:10:40 -0500 Subject: [Fedora-security-commits] fedora-security/tools add-cve-bug, 1.1.2.2, 1.1.2.3 add-tracking-bugs, 1.2.2.1, 1.2.2.2 Message-ID: <200711190910.lAJ9AeYf019722@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19685 Modified Files: Tag: lkundrak-tools-ng add-cve-bug add-tracking-bugs Log Message: Fix tempfile handling, add comments to parent bugs. Index: add-cve-bug =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/add-cve-bug,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- add-cve-bug 7 Nov 2007 16:58:50 -0000 1.1.2.2 +++ add-cve-bug 19 Nov 2007 09:10:37 -0000 1.1.2.3 @@ -26,7 +26,6 @@ '; use XMLRPC::Lite; -use File::Temp ('tempfile'); use Getopt::Long; use Data::Dumper; Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/add-tracking-bugs,v retrieving revision 1.2.2.1 retrieving revision 1.2.2.2 diff -u -r1.2.2.1 -r1.2.2.2 --- add-tracking-bugs 7 Nov 2007 16:58:50 -0000 1.2.2.1 +++ add-tracking-bugs 19 Nov 2007 09:10:37 -0000 1.2.2.2 @@ -103,7 +103,7 @@ 'bug_id' => $bugs, 'bug_status' => [], 'column_list' => $columns, - }, $username, $password); + }, ($dryrun ? () : ($username, $password))); my $result = $call->result or die $call->faultstring; @@ -115,15 +115,15 @@ # Add blockers (unless dryrun) to a bug sub add_blockers { + return 0 if $dryrun; + my $bug = shift or die 'No blocker!'; my $parents = shift or die 'No bug to block!'; - return 0 if $dryrun; - my $call = $bugzilla_rpc->call('bugzilla.updateDepends', $bug, { 'blocked' => $parents, 'action' => 'add', - }, $username, $password); + }, $username, $password, 1); my $result = $call->result or die $call->faultstring; @@ -132,6 +132,23 @@ return undef; } +# Add private comment (unless dryrun) to a bug +sub add_private_comment +{ + return 0 if $dryrun; + + my $bug = shift or die 'No bug!'; + my $comment = shift or die 'No comment!'; + + my $call = $bugzilla_rpc->call('bugzilla.addComment', $bug, $comment, $username, $password, 1); + + my $result = $call->result + or die $call->faultstring; + + print STDERR 'Bugzilla answered to updateComment: '.Dumper($result) if $debug; + return undef; +} + # Parse command line options: my %options; @@ -154,7 +171,7 @@ $options{'bugs'} or die 'bugs argument is mandatory'; @bugs = split (/,/, $options{'bugs'}); -$options{'versions'} or die 'bugs argument is mandatory'; +$options{'versions'} or die 'versions argument is mandatory'; @versions = split (/,/, $options{'versions'}); $versions{$_} or die "Invalid version: $_" foreach (@versions); @@ -211,6 +228,8 @@ # File for each version +my $comment = "Created Fedora tracking bugs for $component:\n\n"; + foreach my $version (@versions) { my %bug = %bug_tmpl; $bug{'short_desc'} .= " [$versions{$version}]"; @@ -218,6 +237,14 @@ print Dumper (\%bug) if $debug; my $bug_id = file_bug (\%bug); - print $bug{'version'}.": $bug_id\n"; add_blockers ($bug_id, \@bugs); + $comment .= $bug{'version'}.": bug #$bug_id\n"; } + +# Add comment to original bugs + +foreach my $bug (@bugs) { + add_private_comment ($bug, $comment); +} + +print STDERR $comment; From fedora-security-commits at redhat.com Mon Nov 19 09:10:40 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 19 Nov 2007 04:10:40 -0500 Subject: [Fedora-security-commits] fedora-security/tools/Libexig Util.pm, 1.1.2.1, 1.1.2.2 Message-ID: <200711190910.lAJ9AeOU019728@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19685/Libexig Modified Files: Tag: lkundrak-tools-ng Util.pm Log Message: Fix tempfile handling, add comments to parent bugs. Index: Util.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/Util.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- Util.pm 7 Nov 2007 16:58:50 -0000 1.1.2.1 +++ Util.pm 19 Nov 2007 09:10:38 -0000 1.1.2.2 @@ -6,6 +6,8 @@ package Libexig::Util; +use File::Temp ('tempfile'); + # Launch an editor for editing the bugzilla comment or whatever sub edit_string { @@ -34,3 +36,5 @@ print STDERR "\n"; $string; } + +1; From fedora-security-commits at redhat.com Tue Nov 20 12:10:10 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 20 Nov 2007 07:10:10 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.21, 1.22 f9, 1.18, 1.19 fc7, 1.179, 1.180 Message-ID: <200711201210.lAKCAAal009598@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9564/audit Modified Files: f8 f9 fc7 Log Message: cacti sql injection Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- f8 19 Nov 2007 09:09:24 -0000 1.21 +++ f8 20 Nov 2007 12:10:08 -0000 1.22 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 +CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #391991 CVE-2007-5977 VULNERABLE (phpMyAdmin) #385901 CVE-2007-5976 VULNERABLE (phpMyAdmin) #385901 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- f9 19 Nov 2007 09:09:24 -0000 1.18 +++ f9 20 Nov 2007 12:10:08 -0000 1.19 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 +CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #392001 CVE-2007-5977 VULNERABLE (phpMyAdmin) #385911 CVE-2007-5976 VULNERABLE (phpMyAdmin) #385911 CVE-2007-5937 VULNERABLE (tetex) #379851 Multiple dviljk buffer overflows Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.179 retrieving revision 1.180 diff -u -r1.179 -r1.180 --- fc7 19 Nov 2007 09:09:24 -0000 1.179 +++ fc7 20 Nov 2007 12:10:08 -0000 1.180 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 +CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #391981 CVE-2007-5977 VULNERABLE (phpMyAdmin) #385891 CVE-2007-5976 VULNERABLE (phpMyAdmin) #385891 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi From fedora-security-commits at redhat.com Tue Nov 20 22:17:51 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 20 Nov 2007 17:17:51 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.22, 1.23 f9, 1.19, 1.20 fc7, 1.180, 1.181 Message-ID: <200711202217.lAKMHpCq029316@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29273 Modified Files: f8 f9 fc7 Log Message: audacity /tmp liferead LD_LIBRARY_PATH Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- f8 20 Nov 2007 12:10:08 -0000 1.22 +++ f8 20 Nov 2007 22:17:49 -0000 1.23 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (audacity) #393251 CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #391991 CVE-2007-5977 VULNERABLE (phpMyAdmin) #385901 CVE-2007-5976 VULNERABLE (phpMyAdmin) #385901 @@ -124,6 +125,7 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways +CVE-2005-4791 VULNERABLE (liferea) #393301 CVE-2005-4790 backport (tomboy) #362951 [since FEDORA-2007-3253] CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- f9 20 Nov 2007 12:10:08 -0000 1.19 +++ f9 20 Nov 2007 22:17:49 -0000 1.20 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (audacity) #393251 CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #392001 CVE-2007-5977 VULNERABLE (phpMyAdmin) #385911 CVE-2007-5976 VULNERABLE (phpMyAdmin) #385911 @@ -119,6 +120,7 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways +CVE-2005-4791 VULNERABLE (liferea) #393311 CVE-2005-4790 backport (tomboy) #362961 [since tomboy-0.8.1-2.fc9] CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.180 retrieving revision 1.181 diff -u -r1.180 -r1.181 --- fc7 20 Nov 2007 12:10:08 -0000 1.180 +++ fc7 20 Nov 2007 22:17:49 -0000 1.181 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (audacity) #393251 CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #391981 CVE-2007-5977 VULNERABLE (phpMyAdmin) #385891 CVE-2007-5976 VULNERABLE (phpMyAdmin) #385891 @@ -1374,6 +1375,7 @@ CVE-2006-0019 version (kdelibs, fixed 3.5.1) *CVE-2006-0017 ** (fedora-ds-base) Publish CVE! *CVE-2006-0016 ** (fedora-ds-base) Publish CVE! +CVE-2005-4791 VULNERABLE (liferea) #393291 *CVE-2005-4838 ** (tomcat) CVE-2005-4837 version (net-snmp, fixed 5.2.2) *CVE-2005-4836 ** (tomcat) From fedora-security-commits at redhat.com Wed Nov 21 08:51:18 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 21 Nov 2007 03:51:18 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.23, 1.24 f9, 1.20, 1.21 fc7, 1.181, 1.182 Message-ID: <200711210851.lAL8pIpE018067@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18043/audit Modified Files: f8 f9 fc7 Log Message: audacity cve id Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- f8 20 Nov 2007 22:17:49 -0000 1.23 +++ f8 21 Nov 2007 08:51:15 -0000 1.24 @@ -7,7 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 -GENERIC-MAP-NOMATCH VULNERABLE (audacity) #393251 +CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #391991 CVE-2007-5977 VULNERABLE (phpMyAdmin) #385901 CVE-2007-5976 VULNERABLE (phpMyAdmin) #385901 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- f9 20 Nov 2007 22:17:49 -0000 1.20 +++ f9 21 Nov 2007 08:51:15 -0000 1.21 @@ -7,7 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 -GENERIC-MAP-NOMATCH VULNERABLE (audacity) #393251 +CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #392001 CVE-2007-5977 VULNERABLE (phpMyAdmin) #385911 CVE-2007-5976 VULNERABLE (phpMyAdmin) #385911 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.181 retrieving revision 1.182 diff -u -r1.181 -r1.182 --- fc7 20 Nov 2007 22:17:49 -0000 1.181 +++ fc7 21 Nov 2007 08:51:15 -0000 1.182 @@ -8,7 +8,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 -GENERIC-MAP-NOMATCH VULNERABLE (audacity) #393251 +CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #391981 CVE-2007-5977 VULNERABLE (phpMyAdmin) #385891 CVE-2007-5976 VULNERABLE (phpMyAdmin) #385891 From fedora-security-commits at redhat.com Thu Nov 22 16:01:09 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 22 Nov 2007 11:01:09 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.24, 1.25 f9, 1.21, 1.22 fc7, 1.182, 1.183 Message-ID: <200711221601.lAMG193r026504@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20523/audit Modified Files: f8 f9 fc7 Log Message: blam insecure LD_LIBRARY_PATH Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- f8 21 Nov 2007 08:51:15 -0000 1.24 +++ f8 22 Nov 2007 16:01:07 -0000 1.25 @@ -126,6 +126,7 @@ CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways CVE-2005-4791 VULNERABLE (liferea) #393301 +CVE-2005-4790 VULNERABLE (blam, fixed 1.8.4) #395761 CVE-2005-4790 backport (tomboy) #362951 [since FEDORA-2007-3253] CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- f9 21 Nov 2007 08:51:15 -0000 1.21 +++ f9 22 Nov 2007 16:01:07 -0000 1.22 @@ -121,6 +121,7 @@ CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways CVE-2005-4791 VULNERABLE (liferea) #393311 +CVE-2005-4790 VULNERABLE (blam, fixed 1.8.4) #395771 CVE-2005-4790 backport (tomboy) #362961 [since tomboy-0.8.1-2.fc9] CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.182 retrieving revision 1.183 diff -u -r1.182 -r1.183 --- fc7 21 Nov 2007 08:51:15 -0000 1.182 +++ fc7 22 Nov 2007 16:01:07 -0000 1.183 @@ -1385,6 +1385,7 @@ CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug CVE-2005-4803 version (graphviz, fixed 2.2.1) CVE-2005-4798 version (kernel, not 2.6) +CVE-2005-4790 VULNERABLE (blam, fixed 1.8.4) #395751 CVE-2005-4790 backport (tomboy) #362941 [since FEDORA-2007-3011] CVE-2005-4784 ignore (glibc) struct dirent is big enough CVE-2005-4746 version (freeradius, fixed 1.0.5) From fedora-security-commits at redhat.com Mon Nov 26 18:15:24 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 26 Nov 2007 13:15:24 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.25, 1.26 f9, 1.22, 1.23 fc6, 1.300, 1.301 fc7, 1.183, 1.184 Message-ID: <200711261815.lAQIFOLD017430@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17398/audit Modified Files: f8 f9 fc6 fc7 Log Message: process another pile of fedora updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- f8 22 Nov 2007 16:01:07 -0000 1.25 +++ f8 26 Nov 2007 18:15:22 -0000 1.26 @@ -7,45 +7,49 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 +CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6061 VULNERABLE (audacity) #393251 -CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #391991 -CVE-2007-5977 VULNERABLE (phpMyAdmin) #385901 -CVE-2007-5976 VULNERABLE (phpMyAdmin) #385901 +CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] +CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] +CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi -CVE-2007-5937 VULNERABLE (tetex) #379861 Multiple dviljk buffer overflows -CVE-2007-5936 VULNERABLE (tetex) #379861 dviljk uses insecure temporary file -CVE-2007-5935 VULNERABLE (tetex) #379861 dvips -z buffer overflow with long href -CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379101 -CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379131 -CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379161 +CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows +CVE-2007-5936 backport (tetex) #379861 [since FEDORA-2007-3308] dviljk uses insecure temporary file +CVE-2007-5935 backport (tetex) #379861 [since FEDORA-2007-3308] dvips -z buffer overflow with long href +CVE-2007-5934 backport (php-pear-MDB2) #379101 [since FEDORA-2007-3376] +CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379131 [since FEDORA-2007-3376] +CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379161 [since FEDORA-2007-3376] CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. CVE-2007-5907 VULNERABLE (xen) #390111 CVE-2007-5906 VULNERABLE (xen) #390111 -CVE-2007-5795 VULNERABLE (emacs) #367591 +CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788] CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] CVE-2007-5707 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] +CVE-2007-5690 version (zaptel) [since FEDORA-2007-2860] not really an issue CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362801 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8 CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 -CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #363001 +CVE-2007-5461 version (tomcat5) #363001 [since FEDORA-2007-3474] +CVE-2007-5398 version (samba) [since FEDORA-2007-3403] CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235] CVE-2007-5393 backport (xpdf) #372471 [since FEDORA-2007-3014] CVE-2007-5393 backport (cups) [since FEDORA-2007-2982] CVE-2007-5393 VULNERABLE (poppler) #372511 CVE-2007-5393 backport (kdegraphics) #372571 [since FEDORA-2007-3001] CVE-2007-5393 backport (koffice) #372601 [since FEDORA-2007-3093] -CVE-2007-5393 VULNERABLE (tetex) #372661 +CVE-2007-5393 backport (tetex) #372661 [since FEDORA-2007-3308] CVE-2007-5392 backport (xpdf) #372471 [since FEDORA-2007-3014] CVE-2007-5392 backport (cups) [since FEDORA-2007-2982] CVE-2007-5392 VULNERABLE (poppler) #372511 CVE-2007-5392 backport (kdegraphics) #372571 [since FEDORA-2007-3001] CVE-2007-5392 backport (koffice) #372601 [since FEDORA-2007-3093] -CVE-2007-5392 VULNERABLE (tetex) #372661 +CVE-2007-5392 backport (tetex) #372661 [since FEDORA-2007-3308] CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 +CVE-2007-5339 version (thunderbird) [since FEDORA-2007-3414] CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831 CVE-2007-5200 version (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891 @@ -57,9 +61,11 @@ CVE-2007-5007 version (balsa, before 2.3.20) #297601 CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) +CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281 CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 +CVE-2007-4572 version (samba) [since FEDORA-2007-3403] CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-4476 backport (tar) #280961 [since FEDORA-2007-2800] tar-1.17-4.fc8 @@ -71,9 +77,10 @@ CVE-2007-4352 VULNERABLE (poppler) #372511 CVE-2007-4352 backport (kdegraphics) #372571 [since FEDORA-2007-3001] CVE-2007-4352 backport (koffice) #372601 [since FEDORA-2007-3093] -CVE-2007-4352 VULNERABLE (tetex) #372661 +CVE-2007-4352 backport (tetex) #372661 [since FEDORA-2007-3308] CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982] CVE-2007-4045 backport (cups) [since FEDORA-2007-2982] +CVE-2007-4033 backport (tetex) [since FEDORA-2007-3308] CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091 CVE-2007-3999 VULNERABLE (libtirpc) #362111 CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #363061 @@ -82,14 +89,19 @@ CVE-2007-3843 version (kernel) #246595 No idea which version fixed this CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 +CVE-2007-3386 version (tomcat5) [since FEDORA-2007-3474] +CVE-2007-3385 version (tomcat5) [since FEDORA-2007-3474] +CVE-2007-3382 version (tomcat5) [since FEDORA-2007-3474] CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length -CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #363081 -CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #363081 +CVE-2007-2450 version (tomcat5) #363081 [since FEDORA-2007-3474] +CVE-2007-2449 version (tomcat5) #363081 [since FEDORA-2007-3474] CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2165 version (proftpd, fixed 1.3.1rc3) #237533 CVE-2007-1841 version (ipsec-tools, fixed 0.6.7) #238052 CVE-2007-1804 version (pulseaudio) #235013 NOTABUG, there are other known ways to crash pulse. CVE-2007-1558 version (evolution, fixed 1.8.3-5) +CVE-2007-1358 version (tomcat5) [since FEDORA-2007-3474] +CVE-2007-1355 version (tomcat5) [since FEDORA-2007-3474] CVE-2007-1352 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1351 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1103 ignore (tor) #230927 CANTFIX really Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- f9 22 Nov 2007 16:01:07 -0000 1.22 +++ f9 26 Nov 2007 18:15:22 -0000 1.23 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 +CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #392001 CVE-2007-5977 VULNERABLE (phpMyAdmin) #385911 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.300 retrieving revision 1.301 diff -u -r1.300 -r1.301 --- fc6 19 Nov 2007 09:09:24 -0000 1.300 +++ fc6 26 Nov 2007 18:15:22 -0000 1.301 @@ -8,21 +8,26 @@ # Up to date FC6 as of 20071029 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi -CVE-2007-5937 VULNERABLE (tetex) #379841 Multiple dviljk buffer overflows -CVE-2007-5936 VULNERABLE (tetex) #379841 dviljk uses insecure temporary file -CVE-2007-5935 VULNERABLE (tetex) #379841 dvips -z buffer overflow with long href +CVE-2007-5937 backport (tetex) #379841 [since FEDORA-2007-750] Multiple dviljk buffer overflows +CVE-2007-5936 backport (tetex) #379841 [since FEDORA-2007-750] dviljk uses insecure temporary file +CVE-2007-5935 backport (tetex) #379841 [since FEDORA-2007-750] dvips -z buffer overflow with long href CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. CVE-2007-5907 VULNERABLE (xen) #390091 CVE-2007-5906 VULNERABLE (xen) #390091 CVE-2007-5795 version (emacs, only 21) CVE-2007-5770 backport (ruby) #373371 [since FEDORA-2007-738] +CVE-2007-5708 backport (openldap) [since FEDORA-2007-741] +CVE-2007-5707 backport (openldap) [since FEDORA-2007-741] CVE-2007-5461 VULNERABLE (tomcat5) #334521 -CVE-2007-5393 VULNERABLE (cups) +CVE-2007-5398 backport (samba) [since FEDORA-2007-751] +CVE-2007-5393 backport (cups) [since FEDORA-2007-746] CVE-2007-5393 VULNERABLE (poppler) #372491 CVE-2007-5393 VULNERABLE (kdegraphics) #372551 -CVE-2007-5392 VULNERABLE (cups) +CVE-2007-5393 backport (tetex) [since FEDORA-2007-750] +CVE-2007-5392 backport (cups) [since FEDORA-2007-746] CVE-2007-5392 VULNERABLE (poppler) #372491 CVE-2007-5392 VULNERABLE (kdegraphics) #372551 +CVE-2007-5392 backport (tetex) [since FEDORA-2007-750] CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 @@ -34,7 +39,7 @@ CVE-2007-5267 ignore (libpng) shipped version too old and not affected CVE-2007-5266 ignore (libpng) shipped version too old and not affected CVE-2007-5208 backport (hplip) #329121 [since FEDORA-2007-724] -CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367571 +CVE-2007-5197 backport (mono, fixed 1.2.5.1) #367571 [since FEDORA-2007-745] CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-722] CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718] CVE-2007-5137 backport (tk, fixed 8.4.16) #332071 [since FEDORA-2007-728] @@ -65,6 +70,7 @@ CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709] CVE-2007-4657 ignore (php, fixed 5.2.4) arbitrary read not remotely triggerable CVE-2007-4619 backport (flac, fixed 1.2) #332581 [since FEDORA-2007-730] +CVE-2007-4572 backport (samba) [since FEDORA-2007-751] CVE-2007-4571 version (kernel) [since FEDORA-2007-714] CVE-2007-4569 backport (kdebase) #299741 [since FEDORA-2007-716] CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373251 @@ -75,9 +81,10 @@ CVE-2007-4476 backport (tar) [since FEDORA-2007-735] CVE-2007-4465 version (httpd) [since FEDORA-2007-707] CVE-2007-4357 ignore (firefox) status bar can be overwrittten -CVE-2007-4352 VULNERABLE (cups) +CVE-2007-4352 backport (cups) [since FEDORA-2007-746] CVE-2007-4352 VULNERABLE (poppler) #372491 CVE-2007-4352 VULNERABLE (kdegraphics) #372551 +CVE-2007-4352 backport (tetex) [since FEDORA-2007-750] CVE-2007-4351 backport (cups) #361671 [since FEDORA-2007-740] CVE-2007-4255 ignore (php) msql extension not shipped CVE-2007-4251 ignore (openoffice.org) just a crash @@ -88,8 +95,10 @@ CVE-2007-4137 backport (qt) #292951 [since FEDORA-2007-703] CVE-2007-4134 backport (star, fixed 1.5a84) #254129 CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-683] +CVE-2007-4045 backport (cups) [since FEDORA-2007-746] CVE-2007-4029 backport (libvorbis) #250600 [since FEDORA-2007-677] CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] +CVE-2007-4033 backport (tetex) [since FEDORA-2007-750] CVE-2007-4000 backport (krb5) [since FEDORA-2007-690] CVE-2007-3999 backport (krb5) [since FEDORA-2007-690] CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294911 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.183 retrieving revision 1.184 diff -u -r1.183 -r1.184 --- fc7 22 Nov 2007 16:01:07 -0000 1.183 +++ fc7 26 Nov 2007 18:15:22 -0000 1.184 @@ -8,28 +8,31 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 +CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] CVE-2007-6061 VULNERABLE (audacity) #393251 -CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #391981 -CVE-2007-5977 VULNERABLE (phpMyAdmin) #385891 -CVE-2007-5976 VULNERABLE (phpMyAdmin) #385891 +CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] +CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] +CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi -CVE-2007-5937 VULNERABLE (tetex) #379831 Multiple dviljk buffer overflows -CVE-2007-5936 VULNERABLE (tetex) #379831 dviljk uses insecure temporary file -CVE-2007-5935 VULNERABLE (tetex) #379831 dvips -z buffer overflow with long href -CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379091 -CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379121 -CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379151 +CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows +CVE-2007-5936 backport (tetex) #379831 [since FEDORA-2007-3390] dviljk uses insecure temporary file +CVE-2007-5935 backport (tetex) #379831 [since FEDORA-2007-3390] dvips -z buffer overflow with long href +CVE-2007-5934 backport (php-pear-MDB2) #379091 [since FEDORA-2007-3369] +CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379121 [since FEDORA-2007-3369] +CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379151 [since FEDORA-2007-3369] CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. CVE-2007-5907 VULNERABLE (xen) #390101 CVE-2007-5906 VULNERABLE (xen) #390101 -CVE-2007-5795 VULNERABLE (emacs) #367581 +CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019] +CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056] CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago CVE-2007-5712 version (Django, fixed 0.96.1) #362761 [since FEDORA-2007-3157] -CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081 -CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081 +CVE-2007-5708 backport (openldap, fixed 2.3.39) #360081 [since FEDORA-2007-3124] +CVE-2007-5707 backport (openldap, fixed 2.3.39) #360081 [since FEDORA-2007-3124] +CVE-2007-5690 version (zaptel) [since FEDORA-2007-3094] not really an issue CVE-2007-5626 ignore (bacula) known, documented limitation CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362791 CVE-2007-5623 backport (nagios-plugins) #348731 [since FEDORA-2007-2713] @@ -41,24 +44,26 @@ CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738] CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652] CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652] -CVE-2007-5461 VULNERABLE (tomcat5) #334511 +CVE-2007-5461 version (tomcat5) #334511 [since FEDORA-2007-3456] CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe -CVE-2007-5395 VULNERABLE (link-grammar) #372341 +CVE-2007-5398 version (samba) [since FEDORA-2007-3402] +CVE-2007-5395 version (link-grammar) #372341 [since FEDORA-2007-3339] CVE-2007-5393 backport (xpdf) #372461 [since FEDORA-2007-3031] CVE-2007-5393 backport (cups) [since FEDORA-2007-3100] CVE-2007-5393 VULNERABLE (poppler) #372501 CVE-2007-5393 backport (kdegraphics) #372561 [since FEDORA-2007-2985] CVE-2007-5393 backport (koffice) #372591 [since FEDORA-2007-3059] -CVE-2007-5393 VULNERABLE (tetex) #372651 +CVE-2007-5393 backport (tetex) #372651 [since FEDORA-2007-3390] CVE-2007-5392 backport (xpdf) #372461 [since FEDORA-2007-3031] CVE-2007-5392 backport (cups) [since FEDORA-2007-3100] CVE-2007-5392 VULNERABLE (poppler) #372501 CVE-2007-5392 backport (kdegraphics) #372561 [since FEDORA-2007-2985] CVE-2007-5392 backport (koffice) #372591 [since FEDORA-2007-3059] -CVE-2007-5392 VULNERABLE (tetex) #372651 +CVE-2007-5392 backport (tetex) #372651 [since FEDORA-2007-3390] CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738] CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] +CVE-2007-5339 version (thunderbird) [since FEDORA-2007-3431] CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-5337 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-5335 version (mozilla) ff 2.0.0.8, does not affect ff1.5 [since FEDORA-2007-2664] @@ -101,6 +106,7 @@ CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137 CVE-2007-4841 ignore (mozilla) Windows only +CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3431] windows only anyway CVE-2007-4840 ignore (php) CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189] @@ -125,6 +131,7 @@ CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108] CVE-2007-4619 version (flac, fixed 1.2) #332571 [since FEDORA-2007-2596] CVE-2007-4573 version (kernel) [since FEDORA-2007-2298] +CVE-2007-4572 version (samba) [since FEDORA-2007-3402] CVE-2007-4571 version (kernel) [since FEDORA-2007-2349] CVE-2007-4569 backport (kdebase) #299731 [since FEDORA-2007-2361] CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373261 @@ -152,7 +159,7 @@ CVE-2007-4352 VULNERABLE (poppler) #372501 CVE-2007-4352 backport (kdegraphics) #372561 [since FEDORA-2007-2985] CVE-2007-4352 backport (koffice) #372591 [since FEDORA-2007-3059] -CVE-2007-4352 VULNERABLE (tetex) #372651 +CVE-2007-4352 backport (tetex) #372651 [since FEDORA-2007-3390] CVE-2007-4351 backport (cups) #361661 [since FEDORA-2007-2715] CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643 @@ -178,6 +185,7 @@ CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4045 backport (cups) [since FEDORA-2007-3100] CVE-2007-4033 backport (t1lib) #303021 [since FEDORA-2007-2343] +CVE-2007-4033 backport (tetex) [since FEDORA-2007-3390] CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017] CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017] @@ -248,7 +256,10 @@ CVE-2007-3387 backport (koffice) #251522 [since FEDORA-2007-1614] CVE-2007-3387 backport (cups) #251518 [since FEDORA-2007-1541] CVE-2007-3387 ignore (libextractor) http://bugs.gentoo.org/show_bug.cgi?id=188169 +CVE-2007-3386 version (tomcat5) [since FEDORA-2007-3456] +CVE-2007-3385 version (tomcat5) [since FEDORA-2007-3456] CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example +CVE-2007-3382 version (tomcat5) [since FEDORA-2007-3456] CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362] CVE-2007-3378 ignore (php) safe mode escape CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since FEDORA-2007-0668] @@ -326,8 +337,8 @@ CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] *CVE-2007-2452 ** (locate) -CVE-2007-2450 VULNERABLE (tomcat5) #244810 -CVE-2007-2449 VULNERABLE (tomcat5) #244810 +CVE-2007-2450 version (tomcat5) #244810 [since FEDORA-2007-3456] +CVE-2007-2449 version (tomcat5) #244810 [since FEDORA-2007-3456] CVE-2007-2448 version (subversion, fixed 1.4.4) #243856 [since FEDORA-2007-2635] *CVE-2007-2447 ** (samba) *CVE-2007-2446 ** (samba) @@ -441,7 +452,8 @@ *CVE-2007-1366 ** (qemu) #238723 CVE-2007-1362 version (seamonkey, fixed 1.0.9) #241840 *CVE-2007-1359 backport (mod_security, fixed 2.1.0-3) #231728 -CVE-2007-1358 ** (tomcat5) #244810 +CVE-2007-1358 version (tomcat5) #244810 [since FEDORA-2007-3456] +CVE-2007-1355 version (tomcat5) [since FEDORA-2007-3456] *CVE-2007-1354 ** (jboss) CVE-2007-1352 version (libXfont) #235265 CVE-2007-1351 version (libXfont) #235265 From fedora-security-commits at redhat.com Tue Nov 27 11:37:58 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 27 Nov 2007 06:37:58 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.26, 1.27 fc7, 1.184, 1.185 Message-ID: <200711271137.lARBbwx6007473@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7446/audit Modified Files: f8 fc7 Log Message: one fedora update Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- f8 26 Nov 2007 18:15:22 -0000 1.26 +++ f8 27 Nov 2007 11:37:56 -0000 1.27 @@ -138,7 +138,7 @@ CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways CVE-2005-4791 VULNERABLE (liferea) #393301 -CVE-2005-4790 VULNERABLE (blam, fixed 1.8.4) #395761 +CVE-2005-4790 backport (blam, fixed 1.8.4) #395761 [since FEDORA-2007-3798] CVE-2005-4790 backport (tomboy) #362951 [since FEDORA-2007-3253] CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.184 retrieving revision 1.185 diff -u -r1.184 -r1.185 --- fc7 26 Nov 2007 18:15:22 -0000 1.184 +++ fc7 27 Nov 2007 11:37:56 -0000 1.185 @@ -1397,7 +1397,7 @@ CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug CVE-2005-4803 version (graphviz, fixed 2.2.1) CVE-2005-4798 version (kernel, not 2.6) -CVE-2005-4790 VULNERABLE (blam, fixed 1.8.4) #395751 +CVE-2005-4790 backport (blam, fixed 1.8.4) #395751 [since FEDORA-2007-3792] CVE-2005-4790 backport (tomboy) #362941 [since FEDORA-2007-3011] CVE-2005-4784 ignore (glibc) struct dirent is big enough CVE-2005-4746 version (freeradius, fixed 1.0.5) From fedora-security-commits at redhat.com Tue Nov 27 15:14:11 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 27 Nov 2007 10:14:11 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.27, 1.28 f9, 1.23, 1.24 Message-ID: <200711271514.lARFEBVE014689@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14665/audit Modified Files: f8 f9 Log Message: update Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- f8 27 Nov 2007 11:37:56 -0000 1.27 +++ f8 27 Nov 2007 15:14:08 -0000 1.28 @@ -32,7 +32,7 @@ CVE-2007-5690 version (zaptel) [since FEDORA-2007-2860] not really an issue CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362801 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8 -CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 +CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-3636] CVE-2007-5461 version (tomcat5) #363001 [since FEDORA-2007-3474] CVE-2007-5398 version (samba) [since FEDORA-2007-3403] CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- f9 26 Nov 2007 18:15:22 -0000 1.23 +++ f9 27 Nov 2007 15:14:08 -0000 1.24 @@ -9,15 +9,15 @@ CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) CVE-2007-6061 VULNERABLE (audacity) #393251 -CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #392001 -CVE-2007-5977 VULNERABLE (phpMyAdmin) #385911 -CVE-2007-5976 VULNERABLE (phpMyAdmin) #385911 -CVE-2007-5937 VULNERABLE (tetex) #379851 Multiple dviljk buffer overflows -CVE-2007-5936 VULNERABLE (tetex) #379851 dviljk uses insecure temporary file -CVE-2007-5935 VULNERABLE (tetex) #379851 dvips -z buffer overflow with long href -CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379111 -CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379141 -CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379171 +CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] +CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] +CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] +CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9] +CVE-2007-5936 backport (tetex) #379851 dviljk uses insecure temporary file [since tetex-3.0-48.fc9] +CVE-2007-5935 backport (tetex) #379851 dvips -z buffer overflow with long href [since tetex-3.0-48.fc9] +CVE-2007-5934 version (php-pear-MDB2) #379111 [since php-pear-MDB2-2.4.1-2.fc9] +CVE-2007-5934 version (php-pear-MDB2-Driver-mysql) #379141 [since php-pear-MDB2-Driver-mysql-1.4.1-3.fc9] +CVE-2007-5934 version (php-pear-MDB2-Driver-mysqli) #379171 [since php-pear-MDB2-Driver-mysqli-1.4.1-3.fc9] CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. CVE-2007-5907 VULNERABLE (xen) #390121 CVE-2007-5906 VULNERABLE (xen) #390121 @@ -32,19 +32,19 @@ CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531 -CVE-2007-5395 VULNERABLE (link-grammar) #372361 -CVE-2007-5393 VULNERABLE (xpdf) #372481 +CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9] +CVE-2007-5393 backport (xpdf) #372481 [since xpdf-3.02-4.fc9] CVE-2007-5393 backport (cups) CVE-2007-5393 VULNERABLE (poppler) #372521 CVE-2007-5393 VULNERABLE (kdegraphics) #372581 CVE-2007-5393 VULNERABLE (koffice) #372611 -CVE-2007-5393 VULNERABLE (tetex) #372671 -CVE-2007-5392 VULNERABLE (xpdf) #372481 +CVE-2007-5393 version (tetex) #372671 [since tetex-3.0-48.fc9] +CVE-2007-5392 backport (xpdf) #372481 [since xpdf-3.02-4.fc9] CVE-2007-5392 backport (cups) CVE-2007-5392 VULNERABLE (poppler) #372521 CVE-2007-5392 VULNERABLE (kdegraphics) #372581 CVE-2007-5392 VULNERABLE (koffice) #372611 -CVE-2007-5392 VULNERABLE (tetex) #372671 +CVE-2007-5392 version (tetex) #372671 [since tetex-3.0-48.fc9] CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841 CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9] @@ -63,12 +63,12 @@ CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-4476 backport (cpio, not fixed 2.9) #339691 [since cpio-2.9-5.fc9] CVE-2007-4400 VULNERABLE (konversation) #362931 Remove media script? -CVE-2007-4352 VULNERABLE (xpdf) #372481 +CVE-2007-4352 backport (xpdf) #372481 [since xpdf-3.02-4.fc9] CVE-2007-4352 backport (cups) CVE-2007-4352 VULNERABLE (poppler) #372521 CVE-2007-4352 VULNERABLE (kdegraphics) #372581 CVE-2007-4352 VULNERABLE (koffice) #372611 -CVE-2007-4352 VULNERABLE (tetex) #372671 +CVE-2007-4352 version (tetex) #372671 [since tetex-3.0-48.fc9] CVE-2007-4351 version (cups) #361681 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101 CVE-2007-3999 VULNERABLE (libtirpc) #362121 From fedora-security-commits at redhat.com Fri Nov 30 12:18:14 2007 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 30 Nov 2007 07:18:14 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.28, 1.29 f9, 1.24, 1.25 fc7, 1.185, 1.186 Message-ID: <200711301218.lAUCIEVR004748@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4724/audit Modified Files: f8 f9 fc7 Log Message: add htdig, ruby-gnome2 fedora updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- f8 27 Nov 2007 15:14:08 -0000 1.28 +++ f8 30 Nov 2007 12:18:11 -0000 1.29 @@ -7,11 +7,16 @@ # Up to date CVE as of CVE email 20071030 # Up to date F8 as of 20071029 +CVE-2007-6183 VULNERABLE (ruby-gnome2) #405601 +CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] +CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] +CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] +CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows CVE-2007-5936 backport (tetex) #379861 [since FEDORA-2007-3308] dviljk uses insecure temporary file @@ -26,6 +31,7 @@ CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] +CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8) CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788] CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] CVE-2007-5707 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] @@ -137,7 +143,7 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways -CVE-2005-4791 VULNERABLE (liferea) #393301 +CVE-2005-4791 version (liferea, fixed 1.4.8) #393301 [since FEDORA-2007-3701] CVE-2005-4790 backport (blam, fixed 1.8.4) #395761 [since FEDORA-2007-3798] CVE-2005-4790 backport (tomboy) #362951 [since FEDORA-2007-3253] CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- f9 27 Nov 2007 15:14:08 -0000 1.24 +++ f9 30 Nov 2007 12:18:11 -0000 1.25 @@ -7,11 +7,16 @@ # Up to date CVE as of CVE email 20071030 # Up to date F9 as of 20071029 +CVE-2007-6183 VULNERABLE (ruby-gnome2) #405611 +CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] +CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) +CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) +CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9] CVE-2007-5936 backport (tetex) #379851 dviljk uses insecure temporary file [since tetex-3.0-48.fc9] CVE-2007-5935 backport (tetex) #379851 dvips -z buffer overflow with long href [since tetex-3.0-48.fc9] @@ -25,6 +30,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] +CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8) CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9] CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9] CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9] @@ -121,8 +127,8 @@ CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways -CVE-2005-4791 VULNERABLE (liferea) #393311 -CVE-2005-4790 VULNERABLE (blam, fixed 1.8.4) #395771 +CVE-2005-4791 version (liferea, fixed 1.4.8) #393311 [since liferea-1.4.8-1.fc9] +CVE-2005-4790 backport (blam, fixed 1.8.4) #395771 [since blam-1.8.3-11.fc9] CVE-2005-4790 backport (tomboy) #362961 [since tomboy-0.8.1-2.fc9] CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.185 retrieving revision 1.186 diff -u -r1.185 -r1.186 --- fc7 27 Nov 2007 11:37:56 -0000 1.185 +++ fc7 30 Nov 2007 12:18:11 -0000 1.186 @@ -8,11 +8,16 @@ # Up to date CVE as of CVE email 20071030 # Up to date FC7 as of 20071029 +CVE-2007-6183 VULNERABLE (ruby-gnome2) #405591 +CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] +CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] +CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] +CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows CVE-2007-5936 backport (tetex) #379831 [since FEDORA-2007-3390] dviljk uses insecure temporary file @@ -27,6 +32,7 @@ CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056] CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] +CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8) CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago CVE-2007-5712 version (Django, fixed 0.96.1) #362761 [since FEDORA-2007-3157] @@ -1387,7 +1393,7 @@ CVE-2006-0019 version (kdelibs, fixed 3.5.1) *CVE-2006-0017 ** (fedora-ds-base) Publish CVE! *CVE-2006-0016 ** (fedora-ds-base) Publish CVE! -CVE-2005-4791 VULNERABLE (liferea) #393291 +CVE-2005-4791 version (liferea, fixed 1.2.8) #393291 [since FEDORA-2007-3733] *CVE-2005-4838 ** (tomcat) CVE-2005-4837 version (net-snmp, fixed 5.2.2) *CVE-2005-4836 ** (tomcat)