[Fedora-security-commits] fedora-security/audit f8, 1.6, 1.7 f9, 1.5, 1.6 fc7, 1.164, 1.165
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Fri Nov 2 17:54:46 UTC 2007
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17628
Modified Files:
f8 f9 fc7
Log Message:
Get more in sync with bugzilla
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- f8 2 Nov 2007 16:30:06 -0000 1.6
+++ f8 2 Nov 2007 17:54:44 -0000 1.7
@@ -26,7 +26,7 @@
CVE-2007-5007 version (balsa, before 2.3.20) #297601
CVE-2007-4999 version (pidgin, fixed 2.2.2)
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
-CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #315321 CVE is not public, though the issue is
+CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281
CVE-2007-4752 version (openssh, fixed 4.7) #280461
CVE-2007-4619 version (flac, fixed 1.2) #332581
CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5)
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- f9 2 Nov 2007 16:30:06 -0000 1.5
+++ f9 2 Nov 2007 17:54:44 -0000 1.6
@@ -8,7 +8,7 @@
# Up to date F9 as of 20071029
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641
+CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9]
CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362781
CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360091
CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360091
@@ -25,7 +25,7 @@
CVE-2007-5007 version (balsa, before 2.3.20) #297601
CVE-2007-4999 version (pidgin, fixed 2.2.2)
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
-CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #315321 CVE is not public, though the issue is
+CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364291
CVE-2007-4752 version (openssh, fixed 4.7) #280461
CVE-2007-4619 version (flac, fixed 1.2) #332581
CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5)
@@ -35,7 +35,7 @@
CVE-2007-4351 version (cups) #361681
CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101
CVE-2007-3999 VULNERABLE (libtirpc) #362121
-CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #350271
+CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #357091
CVE-2007-3919 backport (xen, fixed 3.1.0-13) #362011
CVE-2007-3844 version (firefox, fixed 2.0.0.6)
CVE-2007-3843 version (kernel) #246595 No idea which version fixed this
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.164
retrieving revision 1.165
diff -u -r1.164 -r1.165
--- fc7 2 Nov 2007 00:06:47 -0000 1.164
+++ fc7 2 Nov 2007 17:54:44 -0000 1.165
@@ -26,7 +26,7 @@
CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738]
CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652]
CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652]
-CVE-2007-5461 VULNERABLE (tomcat5) #334511 #334531
+CVE-2007-5461 VULNERABLE (tomcat5) #334511
CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe
CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738]
CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
@@ -90,14 +90,14 @@
CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020]
CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
-CVE-2007-4619 VULNERABLE (flac, fixed 1.2) #332581
+CVE-2007-4619 version (flac, fixed 1.2) #332571 [since flac-1.2.1-1.fc7]
CVE-2007-4573 version (kernel) [since FEDORA-2007-2298]
CVE-2007-4571 version (kernel) [since FEDORA-2007-2349]
CVE-2007-4569 backport (kdebase) #299731 [since FEDORA-2007-2361]
CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5)
CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
-CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315291
+CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315281
CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]
@@ -145,7 +145,7 @@
CVE-2007-3999 VULNERABLE (libtirpc) #294921
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
-CVE-2007-3920 VULNERABLE (compiz) #350271
+CVE-2007-3920 VULNERABLE (compiz) #357071
CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
@@ -304,12 +304,12 @@
*CVE-2007-2356 ** (gimp)
*CVE-2007-2353 ** (axis)
CVE-2007-2292 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
-*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
+CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped.
CVE-2007-2241 backport (bind) [since FEDORA-2007-0300]
CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction
CVE-2007-2172 version (kernel, fixed 2.6.21-rc6)
-*CVE-2007-2165 VULNERABLE (proftpd) #237533
+CVE-2007-2165 VULNERABLE (proftpd) #237533
CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174]
CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1)
CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
@@ -434,8 +434,8 @@
*CVE-2007-1007 ** (ekiga)
*CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322]
CVE-2007-1004 VULNERABLE (mozilla)
-*CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263
-*CVE-2007-1002 VULNERABLE (evolution) #233587
+CVE-2007-1003 version (xorg-x11-server, fixed > X11R7.2) #235263
+CVE-2007-1002 version (evolution) #233587
CVE-2007-1001 version (php, fixed 5.2.2)
CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335]
*CVE-2007-0999 ** (ekiga)
@@ -477,8 +477,6 @@
CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456
CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated
CVE-2007-0657 ignore (nexuiz, 2.2.2 only (not shipped), fixed 2.2.3)
-*CVE-2007-0654 VULNERABLE (xmms) #233705
-*CVE-2007-0653 VULNERABLE (xmms) #233705
*CVE-2007-0650 ignore (tetex) needs user's assistance
CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
*CVE-2007-0578 ** (mpg321)
@@ -486,7 +484,7 @@
CVE-2007-0541 version (wordpress, fixed 2.1-0) #225469
CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469
CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469
-*CVE-2007-0537 VULNERABLE (kdebase) #225420
+CVE-2007-0537 version (kdebase) #225420
CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147]
CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147]
CVE-2007-0475 version (smb4k, fixed 0.8.0)
@@ -525,7 +523,7 @@
CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101
CVE-2007-0104 ignore (poppler) only client DoS
CVE-2007-0104 ignore (kdegraphics) only client DoS
-*CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694
+CVE-2007-0095 version (phpMyAdmin) #221694
CVE-2007-0086 ignore (apache) not a security issue
*CVE-2007-0080 ** (freeradius)
*CVE-2007-0010 ** (gtk2)
@@ -615,7 +613,7 @@
CVE-2006-6128 VULNERABLE (kernel, fixed **)
CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped)
CVE-2006-6120 version (koffice, fixed 1.6.1) #218030
-*CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2) #219665
+CVE-2006-6107 version (dbus, fixed 1.0.2) #219665
CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
*CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067]
@@ -643,9 +641,9 @@
CVE-2006-5874 version (clamav, fixed 0.88.1)
CVE-2006-5871 version (kernel, fixed 2.6.10)
*CVE-2006-5870 ** (openoffice.org)
-*CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560
+CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560
CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042]
-*CVE-2006-5864 VULNERABLE (evince) #217672
+CVE-2006-5864 backport (evince) #217672
*CVE-2006-5864 backport (gv, fixed 3.6.2-2) #215136
CVE-2006-5848 version (trac, fixed 0.10.1) #215077
CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
@@ -683,7 +681,7 @@
CVE-2006-5469 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
CVE-2006-5468 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
*CVE-2006-5467 backport (ruby) #212396 [since FEDORA-2006-1109]
-*CVE-2006-5466 VULNERABLE (rpm) #212833
+CVE-2006-5466 version (rpm) #212833
CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169]
CVE-2006-5464 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
CVE-2006-5464 version (seamonkey, fixed 1.0.6) #214822
@@ -699,7 +697,7 @@
*CVE-2006-5455 backport (bugzilla, fixed 2.22-7) #212355
*CVE-2006-5454 backport (bugzilla, fixed 2.22-7) #212355
*CVE-2006-5453 backport (bugzilla, fixed 2.22-7) #212355
-*CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280
+CVE-2006-5397 backport (libX11, 1.0.2 and 1.0.3 only) #213280
CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
*CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
*CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
@@ -709,7 +707,7 @@
CVE-2006-5215 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-1409]
*CVE-2006-5215 version (xorg-x11-xdm)
CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession
-*CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167
+CVE-2006-5214 version (xorg-x11-xinit) #212167
*CVE-2006-5214 version (xorg-x11-xdm)
CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession
CVE-2006-5178 VULNERABLE (php) can't be fixed
@@ -764,7 +762,7 @@
CVE-2006-4623 version (kernel, fixed 2.6.18-rc1)
CVE-2006-4600 version (openldap, fixed 2.3.25)
CVE-2006-4574 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
-*CVE-2006-4573 VULNERABLE (screen) #212057
+CVE-2006-4573 version (screen, fixed 4.0.3) #212057
CVE-2006-4572 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
CVE-2006-4571 version (thunderbird, fixed 1.5.0.7)
CVE-2006-4571 version (seamonkey, fixed 1.0.5) #209167
More information about the Fedora-security-commits
mailing list