[Fedora-security-commits] fedora-security/audit f8, 1.11, 1.12 f9, 1.10, 1.11 fc6, 1.293, 1.294 fc7, 1.168, 1.169
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Fri Nov 9 19:06:28 UTC 2007
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.10, 1.11 f9, 1.9, 1.10 fc6, 1.292, 1.293 fc7, 1.167, 1.168
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.12, 1.13 f9, 1.11, 1.12 fc6, 1.294, 1.295 fc7, 1.169, 1.170
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13173
Modified Files:
f8 f9 fc6 fc7
Log Message:
Cleanup of old fixed stuff
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- f8 9 Nov 2007 17:04:36 -0000 1.11
+++ f8 9 Nov 2007 19:06:26 -0000 1.12
@@ -8,9 +8,9 @@
# Up to date F8 as of 20071029
CVE-2007-5795 VULNERABLE (emacs) #367591
-CVE-2007-5770 backport (ruby)
+CVE-2007-5770 backport (ruby) #373391 really?
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641
+CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since liferea-1.2.23-5.fc8]
CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362771 version, 20071106 Testing
CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #362991 version, 20071106 Testing
CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #362991 version, 20071106 Testing
@@ -33,9 +33,9 @@
CVE-2007-5392 VULNERABLE (tetex) #372661
CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831
-CVE-2007-5200 verions (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8
+CVE-2007-5200 version (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8
CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891
-CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367541
+CVE-2007-5197 version (mono, fixed 1.2.5.1) #367541 [since mono-1.2.5.1-2.fc8]
CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem
CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
CVE-2007-5007 version (balsa, before 2.3.20) #297601
@@ -49,6 +49,7 @@
CVE-2007-4476 backport (tar) #280961 [since FEDORA-2007-2800] tar-1.17-4.fc8
CVE-2007-4476 backport (cpio, not fixed 2.9) #363891 [since FEDORA-2007-2827] cpio-2.9-5.fc8
CVE-2007-4400 VULNERABLE (konversation) #362921 Remove media script?
+CVE-2007-4351 version (cups) #362971 [since cups-1.3.4-2.fc8]
CVE-2007-4352 VULNERABLE (xpdf) #372471
CVE-2007-4352 backport (cups) [since FEDORA-2007-2982]
CVE-2007-4352 VULNERABLE (poppler) #372511
@@ -75,7 +76,7 @@
CVE-2007-1352 version (libXfont, fixed 1.2.8) #235265
CVE-2007-1351 version (libXfont, fixed 1.2.8) #235265
CVE-2007-1103 ignore (tor) #230927 CANTFIX really
-CVE-2007-1004 VULNERABLE (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060
+CVE-2007-1004 version (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060
CVE-2007-1003 version (xorg-x11-server, fixed 1.2.1) #235263
CVE-2007-1002 version (evolution, fixed 2.8.2.1) #233587
CVE-2007-0654 backport (xmms, not fixed 1.2.10) #233705 Fixed in older ones?
@@ -102,15 +103,12 @@
CVE-2006-5170 version (nss_ldap, fixed 183)
CVE-2006-4573 version (screen, fixed 4.0.3) #212057
CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this.
-*CVE-2006-4338 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw
-*CVE-2006-4337 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw
-*CVE-2006-4335 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw
CVE-2006-2894 version (firefox, fixed 2.0.0.8)
CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511
CVE-2006-0987 ignore (bind) example config file only
-CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253
+CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253
CVE-2005-4809 ignore (firefox) Status bar can be modified anyways
CVE-2005-4790 VULNERABLE (tomboy) #362951
CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness
-CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore")
-CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore")
+CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
+CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- f9 9 Nov 2007 17:04:36 -0000 1.10
+++ f9 9 Nov 2007 19:06:26 -0000 1.11
@@ -9,10 +9,11 @@
CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
+CVE-2007-5770 backport (ruby) #373401 needs verification
CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9]
-CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362781
-CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360091
-CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360091
+CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9]
+CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
+CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362811
CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731
CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
@@ -32,7 +33,7 @@
CVE-2007-5392 VULNERABLE (tetex) #372671
CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841
-CVE-2007-5200 VULNERABLE (hugin) #362871
+CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9]
CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901
CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367551
CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
@@ -73,7 +74,7 @@
CVE-2007-1352 version (libXfont, fixed 1.2.8) #235265
CVE-2007-1351 version (libXfont, fixed 1.2.8) #235265
CVE-2007-1103 ignore (tor) #230927 CANTFIX really
-CVE-2007-1004 VULNERABLE (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060
+CVE-2007-1004 version (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060
CVE-2007-1003 version (xorg-x11-server, fixed 1.2.1) #235263
CVE-2007-1002 version (evolution, fixed 2.8.2.1) #233587
CVE-2007-0654 backport (xmms, not fixed 1.2.10) #233705 Fixed in older ones?
@@ -100,15 +101,12 @@
CVE-2006-5170 version (nss_ldap, fixed 183)
CVE-2006-4573 version (screen, fixed 4.0.3) #212057
CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this.
-*CVE-2006-4338 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw
-*CVE-2006-4337 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw
-*CVE-2006-4335 VULNERABLE (lha) gzip fixed, lha still VULNERABLE to the same flaw
CVE-2006-2894 version (firefox, fixed 2.0.0.8)
CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511
CVE-2006-0987 ignore (bind) example config file only
-CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253
+CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253
CVE-2005-4809 ignore (firefox) Status bar can be modified anyways
CVE-2005-4790 VULNERABLE (tomboy) #362961
CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness
-CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore")
-CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore")
+CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
+CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.293
retrieving revision 1.294
diff -u -r1.293 -r1.294
--- fc6 9 Nov 2007 17:04:36 -0000 1.293
+++ fc6 9 Nov 2007 19:06:26 -0000 1.294
@@ -7,8 +7,8 @@
# Up to date CVE as of CVE email 20071030
# Up to date FC6 as of 20071029
-CVE-2007-5795 version (emacs, only 22)
-CVE-2007-5770 VULNERABLE (ruby)
+CVE-2007-5795 version (emacs, only 21)
+CVE-2007-5770 VULNERABLE (ruby) #373371
CVE-2007-5461 VULNERABLE (tomcat5) #334521
CVE-2007-5393 VULNERABLE (cups)
CVE-2007-5393 VULNERABLE (poppler) #372491
@@ -16,12 +16,12 @@
CVE-2007-5392 VULNERABLE (cups)
CVE-2007-5392 VULNERABLE (poppler) #372491
CVE-2007-5392 VULNERABLE (kdegraphics) #372551
-CVE-2007-5340 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
-CVE-2007-5339 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
-CVE-2007-5338 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
-CVE-2007-5337 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
+CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
+CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
+CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
+CVE-2007-5337 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
CVE-2007-5335 ignore (mozilla) ff2 only
-CVE-2007-5334 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
+CVE-2007-5334 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337471
CVE-2007-5268 ignore (libpng) shipped version too old and not affected
CVE-2007-5267 ignore (libpng) shipped version too old and not affected
@@ -36,7 +36,8 @@
CVE-2007-5034 version (elinks) #297611 [since FEDORA-2007-710]
CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-725]
CVE-2007-4993 backport (xen) [since FEDORA-2007-713]
-CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
+CVE-2007-4990 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373321
+CVE-2007-4965 VULNERABLE (python) imageop module heap overflow #373281
CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561
CVE-2007-4897 VULNERABLE (opal, fixed 2.2.8) #297561
CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137
@@ -55,11 +56,12 @@
CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only)
CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709]
CVE-2007-4657 ignore (php, fixed 5.2.4) arbitrary read not remotely triggerable
-CVE-2007-4619 VULNERABLE (flac, fixed 1.2) #332581
+CVE-2007-4619 backport (flac, fixed 1.2) #332581 [since flac-1.1.2-28]
CVE-2007-4571 version (kernel) [since FEDORA-2007-714]
CVE-2007-4569 backport (kdebase) #299741 [since FEDORA-2007-716]
+CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373251
CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689]
-CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315291
+CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
CVE-2007-4465 version (httpd) [since FEDORA-2007-707]
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
@@ -87,22 +89,22 @@
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3920 VULNERABLE (compiz) #350271
-CVE-2007-3919 VULNERABLE (xen) #362001
+CVE-2007-3919 backport (xen) #362001 [since xen-3.0.3-13.fc6]
CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675]
CVE-2007-3848 version (kernel) [since FEDORA-2007-679]
CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707]
CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 version (firefox, fixed 2.0.0.6) #250648 "fixed on next update"
-CVE-2007-3843 VULNERABLE (kernel) #246595
+CVE-2007-3843 version (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-716]
CVE-2007-3799 backport (php) [since FEDORA-2007-709]
CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654]
-CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44)
-CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44)
-CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44)
+CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.45) #372881
+CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.45) #372881
+CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.45) #372881
CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655]
-CVE-2007-3511 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
+CVE-2007-3511 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561]
CVE-2007-3478 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
@@ -153,7 +155,7 @@
CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600]
CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529]
CVE-2007-2438 version (vim, fixed 7.0.235) #238734 [since FEDORA-2007-492]
-CVE-2007-2292 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
+CVE-2007-2292 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
CVE-2007-2242 version (kernel) [since FEDORA-2007-482]
CVE-2007-2138 version (postgresql, fixed 8.1.9) [since FEDORA-2007-565]
CVE-2007-2028 backport (freeradius) [since FEDORA-2007-499]
@@ -188,9 +190,9 @@
CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315]
CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505]
CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
-CVE-2007-1095 VULNERABLE (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
+CVE-2007-1095 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322]
-CVE-2007-1004 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390627
+CVE-2007-1004 version (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390627
CVE-2007-1003 backport (xorg-x11-server, fixed > X11R7.2) #235263 [since FEDORA-2007-425]
CVE-2007-1002 backport (evolution) #233587 [since FEDORA-2007-393]
CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
@@ -214,7 +216,7 @@
CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
CVE-2007-0242 backport (qt) [since FEDORA-2007-703]
-CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since FEDORA-2007-657]
+CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 [since FEDORA-2007-657]
CVE-2007-0104 ignore (poppler) only client DoS
CVE-2007-0104 ignore (kdegraphics) only client DoS
CVE-2007-0086 ignore (apache) not a security issue
@@ -254,7 +256,7 @@
CVE-2006-6097 backport (tar) [since FEDORA-2006-1393]
CVE-2006-6077 version (firefox, fixed 1.5.0.10) [since FEDORA-2007-293]
CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
-CVE-2006-6058 VULNERABLE (kernel) #250623
+CVE-2006-6058 VULNERABLE (kernel, fixed 2.6.24) #250623
CVE-2006-6057 version (kernel, fixed kernel-2_6_20-1_2924_fc6) [since FEDORA-2007-432]
CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
@@ -265,7 +267,7 @@
CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support
CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109]
CVE-2006-5871 version (kernel, fixed 2.6.10)
-CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560
+CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560
CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042]
CVE-2006-5864 backport (evince) #217672 [since ???]
CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
@@ -311,7 +313,7 @@
CVE-2006-5229 ignore (openssh) not reproduced
CVE-2006-5215 version (xorg-x11-xdm)
CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession
-CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167
+CVE-2006-5215 ignore (xorg-x11-xinit) #212167 FC6 was not vulnerabe really
CVE-2006-5214 version (xorg-x11-xdm)
CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession
CVE-2006-5214 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-659]
@@ -382,10 +384,10 @@
CVE-2006-4340 version (nss, fixed 3.11.3)
CVE-2006-4339 backport (openssl097)
CVE-2006-4339 backport (openssl, fixed 0.9.8c)
-CVE-2006-4338 backport (gzip) lha still VULNERABLE to the same flaw
-CVE-2006-4337 backport (gzip) lha still VULNERABLE to the same flaw
+CVE-2006-4338 backport (gzip)
+CVE-2006-4337 backport (gzip)
CVE-2006-4336 backport (gzip)
-CVE-2006-4335 backport (gzip) lha still VULNERABLE to the same flaw
+CVE-2006-4335 backport (gzip)
CVE-2006-4334 backport (gzip)
CVE-2006-4333 version (wireshark, fixed 0.99.3)
CVE-2006-4332 version (wireshark, fixed 0.99.3)
@@ -508,8 +510,7 @@
CVE-2006-2932 ignore (kernel) no 4G/4G split support
CVE-2006-2916 ignore (arts) not shipped setuid
CVE-2006-2906 backport (gd) from changelog
-CVE-2006-2894 VULNERABLE (firefox, fixed 2.0.0.8)
-CVE-2006-2894 VULNERABLE (seamonkey, fixed 1.1.5) #194511
+CVE-2006-2894 version (firefox, fixed 2.0.0.8)
CVE-2006-2842 version (squirrelmail, fixed 1.4.6)
CVE-2006-2789 version (evolution, fixed 2.4.X)
CVE-2006-2788 version (firefox, fixed 1.5.0.4)
@@ -779,11 +780,11 @@
CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
CVE-2006-0019 version (kdelibs, fixed 3.5.1)
CVE-2005-4811 version (kernel, fixed 2.6.13)
-CVE-2005-4809 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390630
+CVE-2005-4809 ignore (firefox) Status bar can be modified anyways
CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug
CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug
CVE-2005-4798 version (kernel, not 2.6)
-CVE-2005-4790 ** (tomboy) #252294
+CVE-2005-4790 VULNERABLE (tomboy) #252294
CVE-2005-4784 ignore (glibc) struct dirent is big enough
CVE-2005-4746 version (freeradius, fixed 1.0.5)
CVE-2005-4745 version (freeradius, fixed 1.0.5)
@@ -1757,7 +1758,7 @@
CVE-2003-1307 ignore (mod_php) not a vulnerability
CVE-2003-1303 version (php, fixed 4.3.3)
CVE-2003-1302 version (php, fixed 4.3.1)
-CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
+CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
CVE-2003-1232 version (emacs, fixed 21.3)
CVE-2003-1201 version (openldap, not 2.2)
CVE-2003-1161 version (kernel, not released version)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.168
retrieving revision 1.169
diff -u -r1.168 -r1.169
--- fc7 9 Nov 2007 17:04:36 -0000 1.168
+++ fc7 9 Nov 2007 19:06:26 -0000 1.169
@@ -9,7 +9,7 @@
# Up to date FC7 as of 20071029
CVE-2007-5795 VULNERABLE (emacs) #367581
-CVE-2007-5770 backport (ruby) [since FEDORA-2007-2685]
+CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] really fixed?
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
CVE-2007-5715 backport (denyhosts) fixed long ago
@@ -71,13 +71,13 @@
CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 [since FEDORA-2007-2299]
CVE-2007-5037 VULNERABLE (inotify-tools) #299771
CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224]
-CVE-2007-5007 VULNERABLE (balsa) #297601
+CVE-2007-5007 version (balsa) #297601 [since FEDORA-2007-2302]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
CVE-2007-4999 version (pidgin, fixed 2.2.2) [since FEDORA-2007-2714]
CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368]
CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530]
CVE-2007-4993 backport (xen) [since FEDORA-2007-2270]
-CVE-2007-4990 VULNERABLE (xorg-x11-xfs, fixed 1.0.5)
+CVE-2007-4990 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373331
CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236]
CVE-2007-4965 backport (python) imageop module heap overflow [since FEDORA-2007-2663]
CVE-2007-4924 version (opal, fixed 2.2.10) #297551 [since FEDORA-2007-2245]
@@ -109,10 +109,10 @@
CVE-2007-4573 version (kernel) [since FEDORA-2007-2298]
CVE-2007-4571 version (kernel) [since FEDORA-2007-2349]
CVE-2007-4569 backport (kdebase) #299731 [since FEDORA-2007-2361]
-CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5)
+CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373261
CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
-CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315281
+CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]
@@ -179,7 +179,7 @@
CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214]
CVE-2007-3845 ignore (firefox) windows specific
CVE-2007-3844 version (firefox, fixed 2.0.0.6) #250648 "fixed on next update"
-CVE-2007-3843 VULNERABLE (kernel) #246595
+CVE-2007-3843 version (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699]
CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700]
@@ -245,7 +245,7 @@
CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674]
CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
-CVE-2007-3145 VULNERABLE (galeon) **
+CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
CVE-2007-3126 ignore (gimp) just a crash
CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
@@ -330,7 +330,7 @@
CVE-2007-2241 backport (bind) [since FEDORA-2007-0300]
CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction
CVE-2007-2172 version (kernel, fixed 2.6.21-rc6)
-CVE-2007-2165 VULNERABLE (proftpd) #237533
+CVE-2007-2165 version (proftpd) #237533 [since FEDORA-2007-2613]
CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174]
CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1)
CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
@@ -454,7 +454,7 @@
*CVE-2007-1030 ** (libevent)
*CVE-2007-1007 ** (ekiga)
*CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322]
-CVE-2007-1004 VULNERABLE (mozilla)
+CVE-2007-1004 version (mozilla)
CVE-2007-1003 version (xorg-x11-server, fixed > X11R7.2) #235263
CVE-2007-1002 version (evolution) #233587
CVE-2007-1001 version (php, fixed 5.2.2)
@@ -534,7 +534,7 @@
*CVE-2007-0240 backport (zope, fixed 2.9.6-2) #233378
*CVE-2007-0239 ** (openoffice.org)
*CVE-2007-0238 ** (openoffice.org)
-*CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage
+CVE-2007-0235 version (libgtop2, 2.14.6) #222637
*CVE-2007-0227 ** (slocate)
CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958
*CVE-2007-0160 backport (centericq, fixed 4.21.0-9) #227791
@@ -643,10 +643,10 @@
*CVE-2006-6101 ** (xorg-x11)
*CVE-2006-6097 backport (tar) [since FEDORA-2006-1393]
CVE-2006-6085 version (kile, fixed 1.9.3) #217238
-CVE-2006-6077 VULNERABLE (firefox)
+CVE-2006-6077 version (firefox, fixed 1.5.0.10)
CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
-CVE-2006-6058 VULNERABLE (kernel, fixed **)
-CVE-2006-6057 VULNERABLE (kernel, fixed **)
+CVE-2006-6058 VULNERABLE (kernel, fixed 2.6.24) 250623
+CVE-2006-6057 version (kernel, fixed **)
CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
@@ -673,14 +673,14 @@
CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263
CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash
CVE-2006-5783 ignore (firefox) disputed
-*CVE-2006-5779 VULNERABLE (openldap, fixed 2.3.29) #214768
+CVE-2006-5779 version (openldap, fixed 2.3.29) #214768
CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
*CVE-2006-5754 ** (kernel)
*CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
CVE-2006-5752 backport (httpd) #244665 [since FEDORA-2007-0704]
CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471]
*CVE-2006-5750 ** (jboss)
-*CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2)
+CVE-2006-5749 version (kernel, fixed 2.6.20-rc2)
CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822
CVE-2006-5748 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
@@ -689,7 +689,7 @@
CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe
*CVE-2006-5705 backport (wordpress, fixed 2.0.4-3) #213985
-*CVE-2006-5701 VULNERABLE (kernel) squashfs is not included upstream
+CVE-2006-5701 version (kernel) squashfs is not included upstream
CVE-2006-5633 ignore (firefox) just a client DoS
CVE-2006-5619 version (kernel, fixed 2.6.18.2, fixed 2.6.19-rc4) [since FEDORA-2006-1223]
CVE-2006-5602 version (xsupplicant, fixed 1.2.6)
@@ -712,7 +712,7 @@
CVE-2006-5463 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
CVE-2006-5462 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
CVE-2006-5462 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
-*CVE-2006-5461 VULNERABLE (avahi, fixed 0.6.15)
+CVE-2006-5461 version (avahi, fixed 0.6.15)
*CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285]
CVE-2006-5456 version (GraphicsMagick, fixed 1.1.7) [since FEDORA-2007-1340]
*CVE-2006-5455 backport (bugzilla, fixed 2.22-7) #212355
@@ -731,10 +731,10 @@
CVE-2006-5214 version (xorg-x11-xinit) #212167
*CVE-2006-5214 version (xorg-x11-xdm)
CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession
-CVE-2006-5178 VULNERABLE (php) can't be fixed
+CVE-2006-5178 ignore (php) safe_mode WONTFIX
CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only
CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield
-*CVE-2006-5170 VULNERABLE (nss_ldap, fixed 183)
+CVE-2006-5170 version (nss_ldap, fixed 183)
CVE-2006-5160 ignore (firefox) unverified
CVE-2006-5159 ignore (firefox) unverified
CVE-2006-5158 version (kernel, fixed 2.6.15)
@@ -801,7 +801,7 @@
CVE-2006-4565 version (thunderbird, fixed 1.5.0.7)
CVE-2006-4565 version (seamonkey, fixed 1.0.5) #209167
CVE-2006-4565 version (firefox, fixed 1.5.0.7)
-CVE-2006-4561 VULNERABLE (firefox)
+CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this.
CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6)
CVE-2006-4535 version (kernel, fixed 2.6.18-rc6)
CVE-2006-4519 version (gimp, fixed 2.2.16) #247566 [since FEDORA-2007-1044]
@@ -828,11 +828,11 @@
CVE-2006-4340 version (nss, fixed 3.11.3)
*CVE-2006-4339 backport (openssl, fixed 0.9.8c)
*CVE-2006-4339 backport (openssl097)
-*CVE-2006-4338 backport (gzip) lha still VULNERABLE to the same flaw
-*CVE-2006-4337 backport (gzip) lha still VULNERABLE to the same flaw
-*CVE-2006-4336 backport (gzip)
-*CVE-2006-4335 backport (gzip) lha still VULNERABLE to the same flaw
-*CVE-2006-4334 backport (gzip)
+CVE-2006-4338 backport (gzip)
+CVE-2006-4337 backport (gzip)
+CVE-2006-4336 backport (gzip)
+CVE-2006-4335 backport (gzip)
+CVE-2006-4334 backport (gzip)
CVE-2006-4333 version (wireshark, fixed 0.99.3)
CVE-2006-4332 version (wireshark, fixed 0.99.3)
CVE-2006-4331 version (wireshark, fixed 0.99.3)
@@ -973,8 +973,8 @@
CVE-2006-2920 version (sylpheed-claws, fixed 2.2.2)
CVE-2006-2916 ignore (arts) not shipped setuid
CVE-2006-2906 backport (gd) from changelog
-CVE-2006-2894 VULNERABLE (firefox, fixed 2.0.0.8)
-CVE-2006-2894 VULNERABLE (seamonkey, fixed 1.1.5) #194511
+CVE-2006-2894 version (firefox, fixed 2.0.0.8)
+CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511
CVE-2006-2842 version (squirrelmail, fixed 1.4.6)
CVE-2006-2789 version (evolution, fixed 2.4.X)
CVE-2006-2788 version (firefox, fixed 1.5.0.4)
@@ -1231,7 +1231,7 @@
CVE-2006-1015 ignore (php) safe mode isn't safe
CVE-2006-1014 ignore (php) safe mode isn't safe
CVE-2006-0996 version (php, fixed 5.1.4)
-CVE-2006-0987 VULNERABLE (bind) example config file only
+CVE-2006-0987 ignore (bind) example config file only
CVE-2006-0903 version (mysql, fixed 4.1.19)
CVE-2006-0884 version (thunderbird, fixed 1.5.0.2)
CVE-2006-0883 version (openssh, fixed 3.8.1p1)
@@ -1273,7 +1273,7 @@
CVE-2006-0554 version (kernel, fixed 2.6.16)
CVE-2006-0553 version (postgresql, only 8.1, fixed 8.1.3)
CVE-2006-0528 version (cairo, fixed 1.0.4)
-CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253
+CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253
*CVE-2006-0482 ignore (kernel) sparc only
CVE-2006-0481 version (libpng, 1.2.7 only)
*CVE-2006-0459 version (flex) by inspection
@@ -1355,7 +1355,7 @@
CVE-2005-4837 version (net-snmp, fixed 5.2.2)
*CVE-2005-4836 ** (tomcat)
CVE-2005-4811 version (kernel, fixed 2.6.13)
-CVE-2005-4809 VULNERABLE (firefox)
+CVE-2005-4809 ignore (firefox) Status bar can be modified anyways
CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug
CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug
CVE-2005-4803 version (graphviz, fixed 2.2.1)
@@ -2381,8 +2381,8 @@
CVE-2003-1302 version (php, fixed 4.3.1)
*CVE-2003-1295 ** (xscreensaver)
*CVE-2003-1294 ** (xscreensaver)
-CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
-CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
+CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
+CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
CVE-2003-1232 version (emacs, fixed 21.3)
CVE-2003-1201 version (openldap, not 2.2)
CVE-2003-1161 version (kernel, not released version)
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.10, 1.11 f9, 1.9, 1.10 fc6, 1.292, 1.293 fc7, 1.167, 1.168
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.12, 1.13 f9, 1.11, 1.12 fc6, 1.294, 1.295 fc7, 1.169, 1.170
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-security-commits
mailing list