[Fedora-security-commits] fedora-security/audit f8, 1.7, 1.8 f9, 1.6, 1.7 fc6, 1.291, 1.292 fc7, 1.165, 1.166

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Mon Nov 5 22:07:39 UTC 2007 

Author: lkundrak

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27972

Modified Files:
	f8 f9 fc6 fc7 
Log Message:
Tidied up older issues,
added mono and emacs



Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- f8	2 Nov 2007 17:54:44 -0000	1.7
+++ f8	5 Nov 2007 22:07:37 -0000	1.8
@@ -7,6 +7,7 @@
 # Up to date CVE as of CVE email 20071030
 # Up to date F8 as of 20071029
 
+CVE-2007-5795 VULNERABLE (emacs) #367591
 CVE-2007-5770 backport (ruby)
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
 CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641
@@ -21,6 +22,7 @@
 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831
 CVE-2007-5200 VULNERABLE (hugin) #362861
 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891
+CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367541
 CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem
 CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
 CVE-2007-5007 version (balsa, before 2.3.20) #297601


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- f9	2 Nov 2007 17:54:44 -0000	1.6
+++ f9	5 Nov 2007 22:07:37 -0000	1.7
@@ -7,6 +7,7 @@
 # Up to date CVE as of CVE email 20071030
 # Up to date F9 as of 20071029
 
+CVE-2007-5795 VULNERABLE (emacs) #367601
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
 CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9]
 CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362781
@@ -20,6 +21,7 @@
 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841
 CVE-2007-5200 VULNERABLE (hugin) #362871
 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901
+CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367551
 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
 CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
 CVE-2007-5007 version (balsa, before 2.3.20) #297601


Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.291
retrieving revision 1.292
diff -u -r1.291 -r1.292
--- fc6	2 Nov 2007 00:06:47 -0000	1.291
+++ fc6	5 Nov 2007 22:07:37 -0000	1.292
@@ -7,6 +7,7 @@
 # Up to date CVE as of CVE email 20071030
 # Up to date FC6 as of 20071029
 
+CVE-2007-5795 version (emacs, only 22)
 CVE-2007-5770 VULNERABLE (ruby)
 CVE-2007-5461 VULNERABLE (tomcat5) #334521
 CVE-2007-5340 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
@@ -20,6 +21,7 @@
 CVE-2007-5267 ignore (libpng) shipped version too old and not affected
 CVE-2007-5266 ignore (libpng) shipped version too old and not affected
 CVE-2007-5208 backport (hplip) #329121 [since FEDORA-2007-724]
+CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367571
 CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-722]
 CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718]
 CVE-2007-5137 backport (tk, fixed 8.4.16) #332071 [since FEDORA-2007-728]
@@ -32,7 +34,7 @@
 CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561
 CVE-2007-4897 VULNERABLE (opal, fixed 2.2.8) #297561
 CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137
-CVE-2007-4841 ignore (mozilla suite) Windows only
+CVE-2007-4841 ignore (mozilla) Windows only
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315331
 CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) #315301
 CVE-2007-4752 backport (openssh) #280471 [since FEDORA-2007-715]
@@ -46,7 +48,7 @@
 CVE-2007-4660 ignore (php, fixed 5.2.4) CVE-2007-4661 duplicate, jorton mailed Mitre
 CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only)
 CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709]
-CVE-2007-4657 ingore (php, fixed 5.2.4) arbitrary read not remotly triggerable
+CVE-2007-4657 ignore (php, fixed 5.2.4) arbitrary read not remotely triggerable
 CVE-2007-4619 VULNERABLE (flac, fixed 1.2) #332581
 CVE-2007-4571 version (kernel) [since FEDORA-2007-714]
 CVE-2007-4569 backport (kdebase) #299741 [since FEDORA-2007-716]
@@ -126,7 +128,7 @@
 CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647]
 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600]
 CVE-2007-2875 version (kernel) [since FEDORA-2007-600]
-*CVE-2007-2874 (wpa_supplicant) #242455
+*CVE-2007-2874 ** (wpa_supplicant) #242455
 CVE-2007-2873 version (spamassassin, fixed 3.1.9) [since FEDORA-2007-582]
 CVE-2007-2872 backport (php) [since FEDORA-2007-709]
 CVE-2007-2871 version (mozilla) #241840 [since FEDORA-2007-549]
@@ -168,8 +170,8 @@
 CVE-2007-1396 ignore (php) feature, not a flaw
 CVE-2007-1362 version (mozilla) #241840 [since FEDORA-2007-549]
 CVE-2007-1357 version (kernel) [since FEDORA-2007-432]
-CVE-2007-1352 fixed (libXfont) #235265 [since FEDORA-2007-423]
-CVE-2007-1351 fixed (libXfont) #235265 [since FEDORA-2007-423]
+CVE-2007-1352 backport (libXfont) #235265 [since FEDORA-2007-423]
+CVE-2007-1351 backport (libXfont) #235265 [since FEDORA-2007-423]
 CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-577]
 CVE-2007-1321 backport (xen) #238723 [since FEDORA-2007-713]
 CVE-2007-1320 backport (xen) #238723 [since FEDORA-2007-713]
@@ -232,10 +234,10 @@
 CVE-2006-6297 ignore (kdegraphics) just a crash
 CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
 CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
-CVE-2006-6144 ** krb5
-CVE-2006-6143 ** krb5
+CVE-2006-6144 ** (krb5)
+CVE-2006-6143 ** (krb5)
 CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
-CVE-2006-6128 patch (kernel) #250625 [since FEDORA-2007-226] This was bug in our patch, not upstream
+CVE-2006-6128 backport (kernel) #250625 [since FEDORA-2007-226] This was bug in our patch, not upstream
 CVE-2006-6107 backport (dbus, fixed 1.0.2) #219665 [since FEDORA-2006-1475]
 CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
 CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
@@ -772,7 +774,7 @@
 CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug
 CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug
 CVE-2005-4798 version (kernel, not 2.6)
-CVE-2005-4790 (tomboy) #252294
+CVE-2005-4790 ** (tomboy) #252294
 CVE-2005-4784 ignore (glibc) struct dirent is big enough
 CVE-2005-4746 version (freeradius, fixed 1.0.5)
 CVE-2005-4745 version (freeradius, fixed 1.0.5)
@@ -2010,7 +2012,7 @@
 CVE-2002-1563 version (stunnel, fixed 4.04)
 CVE-2002-1511 version (vnc, fixed 3.3.3)
 CVE-2002-1510 version (XFree86, fixed 4.2.0)
-CVE-2002-1509 version (patch to shadow-utils)
+CVE-2002-1509 version (shadow-utils)
 CVE-2002-1508 version (openldap, not 2.3.24+)
 CVE-2002-1472 version (XFree86, fixed 4.2.1)
 CVE-2002-1471 version (evolution, fixed 1.1.1 at least)
@@ -2196,7 +2198,7 @@
 CVE-2002-0062 version (ncurses, only 5.0)
 CVE-2002-0060 version (kernel, fixed 2.5.5)
 CVE-2002-0059 version (zlib, fixed 1.1.4)
-CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, rsync, vnc)
+CVE-2002-0059 ** (zlib) cvs, dump, gcc, libgcj, kernel, rsync, vnc
 CVE-2002-0048 version (rsync, fixed 2.5.2)
 CVE-2002-0046 version (kernel, fixed 2.4.0)
 CVE-2002-0045 version (openldap, fixed 2.0.20)
@@ -2206,14 +2208,11 @@
 CVE-2002-0029 version (bind, not 9)
 CVE-2002-0013 version (net-snmp, fixed 4.2.3)
 CVE-2002-0012 version (net-snmp, fixed 4.2.3)
-CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong
+CVE-2002-0006 version (xchat, fixed 1.8.7) cve is wrong
 CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-lexer.patch
 CVE-2002-0003 version (groff, fixed 1.17.2)
 CVE-2002-0002 version (stunnel, fixed 3.22)
 CVE-2002-0001 version (mutt, fixed 1.3.25)
-
-older, happened to deal with at same time:
-
 CVE-2001-1494 version (util-linux, fixed 2.11n)
 CVE-2001-0955 version (XFree86, fixed 4.2.0)
 CVE-2001-0474 version (mesa, fixed 3.3-14)


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.165
retrieving revision 1.166
diff -u -r1.165 -r1.166
--- fc7	2 Nov 2007 17:54:44 -0000	1.165
+++ fc7	5 Nov 2007 22:07:37 -0000	1.166
@@ -8,6 +8,7 @@
 # Up to date CVE as of CVE email 20071030
 # Up to date FC7 as of 20071029
 
+CVE-2007-5795 VULNERABLE (emacs) #367581
 CVE-2007-5770 backport (ruby) [since FEDORA-2007-2685]
 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
 CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
@@ -45,6 +46,7 @@
 CVE-2007-5201 VULNERABLE (duplicity) #362821
 CVE-2007-5200 VULNERABLE (hugin) #362851
 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881
+CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367531
 CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462]
 CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406]
 CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295]
@@ -70,7 +72,7 @@
 CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
 CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
 CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137
-CVE-2007-4841 ignore (mozilla suite) Windows only
+CVE-2007-4841 ignore (mozilla) Windows only
 CVE-2007-4840 ignore (php)
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321
 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189]
@@ -460,7 +462,7 @@
 CVE-2007-0898 version (clamav, fixed 0.90) #229202
 CVE-2007-0897 version (clamav, fixed 0.90) #229202
 CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
-CVE-2007-0884 ignore (mimedefang 2.59/2.60 not shipped) #228757
+CVE-2007-0884 ignore (mimedefang) #228757 2.59/2.60 not shipped
 CVE-2007-0857 version (moin, fixed 1.5.7) #228139
 CVE-2007-0844 version (pam_ssh, fixed 1.92) #253959 [since FEDORA-2007-1793]
 CVE-2007-0823 ignore (xterm) feature, not a bug
@@ -1204,7 +1206,7 @@
 CVE-2006-1057 version (gdm, fixed 2.14.1)
 CVE-2006-1056 version (kernel, fixed 2.6.16.9)
 CVE-2006-1055 version (kernel, fixed 2.6.17)
-*CVE-2006-1053 ** (fedora directory server)
+*CVE-2006-1053 ** (fedora-ds-base) Publish CVE!
 CVE-2006-1052 version (kernel, fixed 2.6.16)
 CVE-2006-1045 version (thunderbird, fixed 1.5.0.2)
 CVE-2006-1015 ignore (php) safe mode isn't safe
@@ -1261,9 +1263,9 @@
 CVE-2006-0456 ignore (kernel) s390 only
 CVE-2006-0455 version (gnupg, fixed 1.4.2.1)
 CVE-2006-0454 version (kernel, fixed 2.6.15.3)
-*CVE-2006-0453 ** (fedora directory server)
-*CVE-2006-0452 ** (fedora directory server)
-*CVE-2006-0451 ** (fedora directory server)
+CVE-2006-0453 version (fedora-ds-base, 1.1.0-1.2) #179135
+CVE-2006-0452 version (fedora-ds-base, 1.1.0-1.2) #179137
+CVE-2006-0451 version (fedora-ds-base, 1.1.0-1.2) #179135
 CVE-2006-0405 version (libtiff, 3.8.0 only)
 CVE-2006-0377 version (squirrelmail, fixed 1.4.6)
 CVE-2006-0369 ignore (mysql) this is not a security issue
@@ -1328,8 +1330,8 @@
 CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15)
 CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
 CVE-2006-0019 version (kdelibs, fixed 3.5.1)
-*CVE-2006-0017 ** (fedora directory server)
-*CVE-2006-0016 ** (fedora directory server)
+*CVE-2006-0017 ** (fedora-ds-base) Publish CVE!
+*CVE-2006-0016 ** (fedora-ds-base) Publish CVE!
 *CVE-2005-4838 ** (tomcat)
 CVE-2005-4837 version (net-snmp, fixed 5.2.2)
 *CVE-2005-4836 ** (tomcat)
@@ -1395,7 +1397,7 @@
 CVE-2005-3651 version (wireshark, fixed 0.10.14)
 *CVE-2005-3632 version (netpbm)
 *CVE-2005-3631 version (udev)
-*CVE-2005-3630 ** (fedora directory server)
+CVE-2005-3630 version (fedora-ds-base, since 1.0) #174837
 CVE-2005-3629 version (initscripts, fixed 8.29 at least)
 CVE-2005-3628 version (poppler, fixed 0.4.4)
 CVE-2005-3628 version (kdegraphics, fixed 3.5.1)
@@ -1446,7 +1448,7 @@
 CVE-2005-3273 version (kernel, fixed 2.6.12)
 CVE-2005-3272 version (kernel, fixed 2.6.13)
 CVE-2005-3271 version (kernel, fixed 2.6.9)
-*CVE-2005-3269 ** (fedora directory server)
+CVE-2005-3269 ignore (fedora-ds-base) "This flaw did not affect Fedora Directory Server"
 CVE-2005-3258 version (squid, fixed 2.5STABLE12)
 CVE-2005-3257 version (kernel, fixed 2.6.15)
 CVE-2005-3249 version (wireshark, fixed 0.10.13)
@@ -2626,7 +2628,7 @@
 CVE-2002-1563 version (stunnel, fixed 4.04)
 CVE-2002-1511 version (vnc, fixed 3.3.3)
 CVE-2002-1510 version (XFree86, fixed 4.2.0)
-CVE-2002-1509 version (patch to shadow-utils)
+CVE-2002-1509 version (shadow-utils)
 CVE-2002-1508 version (openldap, not 2.3.24+)
 CVE-2002-1472 version (XFree86, fixed 4.2.1)
 CVE-2002-1471 version (evolution, fixed 1.1.1 at least)

More information about the Fedora-security-commits mailing list