[Fedora-security-commits] fedora-security/audit f8, 1.13, 1.14 fc6, 1.295, 1.296 fc7, 1.170, 1.171
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Mon Nov 12 19:07:45 UTC 2007
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.12, 1.13 f9, 1.11, 1.12 fc6, 1.294, 1.295 fc7, 1.169, 1.170
- Next message (by thread): [Fedora-security-commits] fedora-security/audit epel4, 1.3, 1.4 epel5, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3063/audit
Modified Files:
f8 fc6 fc7
Log Message:
add pcre flaws
process large pile of fedora updates
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- f8 12 Nov 2007 16:11:24 -0000 1.13
+++ f8 12 Nov 2007 19:07:43 -0000 1.14
@@ -8,34 +8,35 @@
# Up to date F8 as of 20071029
CVE-2007-5795 VULNERABLE (emacs) #367591
-CVE-2007-5770 backport (ruby) #373391 really?
+CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since liferea-1.2.23-5.fc8]
-CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362771 version, 20071106 Testing
-CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #362991 version, 20071106 Testing
-CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #362991 version, 20071106 Testing
+CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
+CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788]
+CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
+CVE-2007-5707 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362801
CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8
CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #363001
CVE-2007-5395 VULNERABLE (link-grammar) #372351
-CVE-2007-5393 VULNERABLE (xpdf) #372471
+CVE-2007-5393 backport (xpdf) #372471 [since FEDORA-2007-3014]
CVE-2007-5393 backport (cups) [since FEDORA-2007-2982]
CVE-2007-5393 VULNERABLE (poppler) #372511
-CVE-2007-5393 VULNERABLE (kdegraphics) #372571
-CVE-2007-5393 VULNERABLE (koffice) #372601
+CVE-2007-5393 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
+CVE-2007-5393 backport (koffice) #372601 [since FEDORA-2007-3093]
CVE-2007-5393 VULNERABLE (tetex) #372661
-CVE-2007-5392 VULNERABLE (xpdf) #372471
+CVE-2007-5392 backport (xpdf) #372471 [since FEDORA-2007-3014]
CVE-2007-5392 backport (cups) [since FEDORA-2007-2982]
CVE-2007-5392 VULNERABLE (poppler) #372511
-CVE-2007-5392 VULNERABLE (kdegraphics) #372571
-CVE-2007-5392 VULNERABLE (koffice) #372601
+CVE-2007-5392 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
+CVE-2007-5392 backport (koffice) #372601 [since FEDORA-2007-3093]
CVE-2007-5392 VULNERABLE (tetex) #372661
CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831
CVE-2007-5200 version (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8
CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891
-CVE-2007-5197 version (mono, fixed 1.2.5.1) #367541 [since mono-1.2.5.1-2.fc8]
+CVE-2007-5197 version (mono, fixed 1.2.5.1) #367541 [since FEDORA-2007-2969]
+CVE-2007-5162 version (ruby) [since FEDORA-2007-2812]
CVE-2007-5116 VULNERABLE (perl) #378141
CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem
CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
@@ -50,14 +51,15 @@
CVE-2007-4476 backport (tar) #280961 [since FEDORA-2007-2800] tar-1.17-4.fc8
CVE-2007-4476 backport (cpio, not fixed 2.9) #363891 [since FEDORA-2007-2827] cpio-2.9-5.fc8
CVE-2007-4400 VULNERABLE (konversation) #362921 Remove media script?
-CVE-2007-4351 version (cups) #362971 [since cups-1.3.4-2.fc8]
-CVE-2007-4352 VULNERABLE (xpdf) #372471
+CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982]
+CVE-2007-4352 backport (xpdf) #372471 [since FEDORA-2007-3014]
CVE-2007-4352 backport (cups) [since FEDORA-2007-2982]
CVE-2007-4352 VULNERABLE (poppler) #372511
-CVE-2007-4352 VULNERABLE (kdegraphics) #372571
-CVE-2007-4352 VULNERABLE (koffice) #372601
+CVE-2007-4352 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
+CVE-2007-4352 backport (koffice) #372601 [since FEDORA-2007-3093]
CVE-2007-4352 VULNERABLE (tetex) #372661
-CVE-2007-4351 VULNERABLE (cups) #362971
+CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982]
+CVE-2007-4045 backport (cups) [since FEDORA-2007-2982]
CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091
CVE-2007-3999 VULNERABLE (libtirpc) #362111
CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #363061
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.295
retrieving revision 1.296
diff -u -r1.295 -r1.296
--- fc6 12 Nov 2007 16:11:24 -0000 1.295
+++ fc6 12 Nov 2007 19:07:43 -0000 1.296
@@ -8,7 +8,7 @@
# Up to date FC6 as of 20071029
CVE-2007-5795 version (emacs, only 21)
-CVE-2007-5770 VULNERABLE (ruby) #373371
+CVE-2007-5770 backport (ruby) #373371 [since FEDORA-2007-738]
CVE-2007-5461 VULNERABLE (tomcat5) #334521
CVE-2007-5393 VULNERABLE (cups)
CVE-2007-5393 VULNERABLE (poppler) #372491
@@ -22,7 +22,7 @@
CVE-2007-5337 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
CVE-2007-5335 ignore (mozilla) ff2 only
CVE-2007-5334 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
-CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337471
+CVE-2007-5269 backport (libpng, fixed 1.2.21) #337471 [since FEDORA-2007-734]
CVE-2007-5268 ignore (libpng) shipped version too old and not affected
CVE-2007-5267 ignore (libpng) shipped version too old and not affected
CVE-2007-5266 ignore (libpng) shipped version too old and not affected
@@ -57,19 +57,21 @@
CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only)
CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709]
CVE-2007-4657 ignore (php, fixed 5.2.4) arbitrary read not remotely triggerable
-CVE-2007-4619 backport (flac, fixed 1.2) #332581 [since flac-1.1.2-28]
+CVE-2007-4619 backport (flac, fixed 1.2) #332581 [since FEDORA-2007-730]
CVE-2007-4571 version (kernel) [since FEDORA-2007-714]
CVE-2007-4569 backport (kdebase) #299741 [since FEDORA-2007-716]
CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373251
CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689]
CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
+CVE-2007-4476 backport (cpio) [since FEDORA-2007-742]
+CVE-2007-4476 backport (tar) [since FEDORA-2007-735]
CVE-2007-4465 version (httpd) [since FEDORA-2007-707]
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4352 VULNERABLE (cups)
CVE-2007-4352 VULNERABLE (poppler) #372491
CVE-2007-4352 VULNERABLE (kdegraphics) #372551
-CVE-2007-4351 VULNERABLE (cups) #361671
+CVE-2007-4351 backport (cups) #361671 [since FEDORA-2007-740]
CVE-2007-4255 ignore (php) msql extension not shipped
CVE-2007-4251 ignore (openoffice.org) just a crash
CVE-2007-4229 ignore (kdebase) just an ASSERT fail
@@ -90,7 +92,7 @@
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
CVE-2007-3920 VULNERABLE (compiz) #350271
-CVE-2007-3919 backport (xen) #362001 [since xen-3.0.3-13.fc6]
+CVE-2007-3919 backport (xen) #362001 [since FEDORA-2007-737]
CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675]
CVE-2007-3848 version (kernel) [since FEDORA-2007-679]
CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707]
@@ -168,6 +170,8 @@
CVE-2007-1841 backport (ipsec-tools) #238052 [since FEDORA-2007-665]
CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413]
CVE-2007-1667 backport (libX11) [since FEDORA-2007-426]
+CVE-2007-1660 VULNERABLE (pcre, fixed 7.3) #378401
+CVE-2007-1659 VULNERABLE (pcre, fixed 7.3) #378401
CVE-2007-1565 ignore (kdebase) client crash
CVE-2007-1564 ignore (kdebase) Correct behavior according to RFC
CVE-2007-1562 version (mozilla) #241840 [since FEDORA-2007-549]
@@ -228,6 +232,7 @@
CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226]
CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
+CVE-2006-7224 VULNERABLE (pcre, fixed 6.7) #378401
CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib
CVE-2006-6939 version (ed, fixed 0.3) #223075 [since FEDORA-2007-100]
CVE-2006-6899 version (bluez-utils, fixed 2.23)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- fc7 12 Nov 2007 16:11:24 -0000 1.170
+++ fc7 12 Nov 2007 19:07:43 -0000 1.171
@@ -13,7 +13,7 @@
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
CVE-2007-5715 backport (denyhosts) fixed long ago
-CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362761
+CVE-2007-5712 version (Django, fixed 0.96.1) #362761 [since FEDORA-2007-3157]
CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081
CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081
CVE-2007-5626 ignore (bacula) known, documented limitation
@@ -30,17 +30,17 @@
CVE-2007-5461 VULNERABLE (tomcat5) #334511
CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe
CVE-2007-5395 VULNERABLE (link-grammar) #372341
-CVE-2007-5393 VULNERABLE (xpdf) #372461
-CVE-2007-5393 VULNERABLE (cups)
+CVE-2007-5393 backport (xpdf) #372461 [since FEDORA-2007-3031]
+CVE-2007-5393 backport (cups) [since FEDORA-2007-3100]
CVE-2007-5393 VULNERABLE (poppler) #372501
CVE-2007-5393 VULNERABLE (kdegraphics) #372561
-CVE-2007-5393 VULNERABLE (koffice) #372591
+CVE-2007-5393 backport (koffice) #372591 [since FEDORA-2007-3059]
CVE-2007-5393 VULNERABLE (tetex) #372651
-CVE-2007-5392 VULNERABLE (xpdf) #372461
-CVE-2007-5392 VULNERABLE (cups)
+CVE-2007-5392 backport (xpdf) #372461 [since FEDORA-2007-3031]
+CVE-2007-5392 backport (cups) [since FEDORA-2007-3100]
CVE-2007-5392 VULNERABLE (poppler) #372501
CVE-2007-5392 VULNERABLE (kdegraphics) #372561
-CVE-2007-5392 VULNERABLE (koffice) #372591
+CVE-2007-5392 backport (koffice) #372591 [since FEDORA-2007-3059]
CVE-2007-5392 VULNERABLE (tetex) #372651
CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738]
CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
@@ -57,9 +57,9 @@
CVE-2007-5226 backport (dircproxy) #319301 [since FEDORA-2007-2419]
CVE-2007-5208 backport (hplip) #329111 [since FEDORA-2007-2527]
CVE-2007-5201 VULNERABLE (duplicity) #362821
-CVE-2007-5200 VULNERABLE (hugin) #362851
+CVE-2007-5200 backport (hugin) #362851 [since FEDORA-2007-2989]
CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881
-CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367531
+CVE-2007-5197 backport (mono, fixed 1.2.5.1) #367531 [since FEDORA-2007-3130]
CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462]
CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406]
CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295]
@@ -70,7 +70,7 @@
CVE-2007-5105 ignore (wordpress) affects old 2.0.x versions
CVE-2007-5079 VULNERABLE (gdm) #363011
CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 [since FEDORA-2007-2299]
-CVE-2007-5037 VULNERABLE (inotify-tools) #299771
+CVE-2007-5037 version (inotify-tools) #299771 [since FEDORA-2007-3074]
CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224]
CVE-2007-5007 version (balsa) #297601 [since FEDORA-2007-2302]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
@@ -91,6 +91,9 @@
CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321
CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189]
CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196]
+CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411
+CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411
+CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411
CVE-2007-4752 VULNERABLE (openssh) #280461
CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
CVE-2007-4730 ignore (xorg-x11) #286051 ajax says F7 is not vulnerable
@@ -106,7 +109,7 @@
CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020]
CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
-CVE-2007-4619 version (flac, fixed 1.2) #332571 [since flac-1.2.1-1.fc7]
+CVE-2007-4619 version (flac, fixed 1.2) #332571 [since FEDORA-2007-2596]
CVE-2007-4573 version (kernel) [since FEDORA-2007-2298]
CVE-2007-4571 version (kernel) [since FEDORA-2007-2349]
CVE-2007-4569 backport (kdebase) #299731 [since FEDORA-2007-2361]
@@ -123,18 +126,18 @@
CVE-2007-4533 backport (vavoom) #256621 [since FEDORA-2007-1977]
CVE-2007-4532 backport (vavoom) #256621 [since FEDORA-2007-1977]
CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 [since FEDORA-2007-2050]
-CVE-2007-4476 VULNERABLE (cpio)
+CVE-2007-4476 backport (cpio) [since FEDORA-2007-2744]
CVE-2007-4476 backport (tar) [since FEDORA-2007-2673]
CVE-2007-4465 version (httpd) [since FEDORA-2007-2214]
CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
CVE-2007-4400 VULNERABLE (konversation) #362911
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
-CVE-2007-4352 VULNERABLE (xpdf) #372461
-CVE-2007-4352 VULNERABLE (cups)
+CVE-2007-4352 backport (xpdf) #372461 [since FEDORA-2007-3031]
+CVE-2007-4352 backport (cups) [since FEDORA-2007-3100]
CVE-2007-4352 VULNERABLE (poppler) #372501
CVE-2007-4352 VULNERABLE (kdegraphics) #372561
-CVE-2007-4352 VULNERABLE (koffice) #372591
+CVE-2007-4352 backport (koffice) #372591 [since FEDORA-2007-3059]
CVE-2007-4352 VULNERABLE (tetex) #372651
CVE-2007-4351 backport (cups) #361661 [since FEDORA-2007-2715]
CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
@@ -159,6 +162,7 @@
CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890]
CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765]
+CVE-2007-4045 backport (cups) [since FEDORA-2007-3100]
CVE-2007-4033 backport (t1lib) #303021 [since FEDORA-2007-2343]
CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017]
@@ -369,6 +373,10 @@
CVE-2007-1665 version (ekg) #246034 [since FEDORA-2007-0791]
CVE-2007-1664 version (ekg) #246034 [since FEDORA-2007-0791]
CVE-2007-1663 version (ekg) #246034 [since FEDORA-2007-0791]
+CVE-2007-1662 VULNERABLE (pcre, fixed 7.3) #378411
+CVE-2007-1661 VULNERABLE (pcre, fixed 7.3) #378411
+CVE-2007-1660 VULNERABLE (pcre, fixed 7.3) #378411
+CVE-2007-1659 VULNERABLE (pcre, fixed 7.3) #378411
CVE-2007-1649 version (php, fixed 5.2.2)
CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703
CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
@@ -556,6 +564,7 @@
CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected
+CVE-2006-7224 VULNERABLE (pcre, fixed 6.7) #378411
CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib
CVE-2006-7205 ignore (php) See NVD
CVE-2006-7204 ignore (php) See NVD
@@ -1361,7 +1370,7 @@
CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug
CVE-2005-4803 version (graphviz, fixed 2.2.1)
CVE-2005-4798 version (kernel, not 2.6)
-CVE-2005-4790 VULNERABLE (tomboy) #362941
+CVE-2005-4790 backport (tomboy) #362941 [since FEDORA-2007-3011]
CVE-2005-4784 ignore (glibc) struct dirent is big enough
CVE-2005-4746 version (freeradius, fixed 1.0.5)
CVE-2005-4745 version (freeradius, fixed 1.0.5)
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.12, 1.13 f9, 1.11, 1.12 fc6, 1.294, 1.295 fc7, 1.169, 1.170
- Next message (by thread): [Fedora-security-commits] fedora-security/audit epel4, 1.3, 1.4 epel5, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-security-commits
mailing list