[Fedora-security-commits] fedora-security/audit f8, 1.25, 1.26 f9, 1.22, 1.23 fc6, 1.300, 1.301 fc7, 1.183, 1.184

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Mon Nov 26 18:15:24 UTC 2007 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17398/audit

Modified Files:
	f8 f9 fc6 fc7 
Log Message:
process another pile of fedora updates



Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- f8	22 Nov 2007 16:01:07 -0000	1.25
+++ f8	26 Nov 2007 18:15:22 -0000	1.26
@@ -7,45 +7,49 @@
 # Up to date CVE as of CVE email 20071030
 # Up to date F8 as of 20071029
 
+CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
 CVE-2007-6061 VULNERABLE (audacity) #393251
-CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #391991
-CVE-2007-5977 VULNERABLE (phpMyAdmin) #385901
-CVE-2007-5976 VULNERABLE (phpMyAdmin) #385901
+CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
+CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
+CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
-CVE-2007-5937 VULNERABLE (tetex) #379861 Multiple dviljk buffer overflows
-CVE-2007-5936 VULNERABLE (tetex) #379861 dviljk uses insecure temporary file
-CVE-2007-5935 VULNERABLE (tetex) #379861 dvips -z buffer overflow with long href
-CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379101
-CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379131
-CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379161
+CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows
+CVE-2007-5936 backport (tetex) #379861 [since FEDORA-2007-3308] dviljk uses insecure temporary file
+CVE-2007-5935 backport (tetex) #379861 [since FEDORA-2007-3308] dvips -z buffer overflow with long href
+CVE-2007-5934 backport (php-pear-MDB2) #379101 [since FEDORA-2007-3376]
+CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379131 [since FEDORA-2007-3376]
+CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379161 [since FEDORA-2007-3376]
 CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql.
 CVE-2007-5907 VULNERABLE (xen) #390111
 CVE-2007-5906 VULNERABLE (xen) #390111
-CVE-2007-5795 VULNERABLE (emacs) #367591
+CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
 CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
 CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788]
 CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
 CVE-2007-5707 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
+CVE-2007-5690 version (zaptel) [since FEDORA-2007-2860] not really an issue
 CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362801
 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8
 CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
-CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #363001
+CVE-2007-5461 version (tomcat5) #363001 [since FEDORA-2007-3474]
+CVE-2007-5398 version (samba) [since FEDORA-2007-3403]
 CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235]
 CVE-2007-5393 backport (xpdf) #372471 [since FEDORA-2007-3014]
 CVE-2007-5393 backport (cups) [since FEDORA-2007-2982]
 CVE-2007-5393 VULNERABLE (poppler) #372511
 CVE-2007-5393 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
 CVE-2007-5393 backport (koffice) #372601 [since FEDORA-2007-3093]
-CVE-2007-5393 VULNERABLE (tetex) #372661
+CVE-2007-5393 backport (tetex) #372661 [since FEDORA-2007-3308]
 CVE-2007-5392 backport (xpdf) #372471 [since FEDORA-2007-3014]
 CVE-2007-5392 backport (cups) [since FEDORA-2007-2982]
 CVE-2007-5392 VULNERABLE (poppler) #372511
 CVE-2007-5392 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
 CVE-2007-5392 backport (koffice) #372601 [since FEDORA-2007-3093]
-CVE-2007-5392 VULNERABLE (tetex) #372661
+CVE-2007-5392 backport (tetex) #372661 [since FEDORA-2007-3308]
 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
+CVE-2007-5339 version (thunderbird) [since FEDORA-2007-3414]
 CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831
 CVE-2007-5200 version (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8
 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891
@@ -57,9 +61,11 @@
 CVE-2007-5007 version (balsa, before 2.3.20) #297601
 CVE-2007-4999 version (pidgin, fixed 2.2.2)
 CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
+CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281
 CVE-2007-4752 version (openssh, fixed 4.7) #280461
 CVE-2007-4619 version (flac, fixed 1.2) #332581
+CVE-2007-4572 version (samba) [since FEDORA-2007-3403]
 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5)
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
 CVE-2007-4476 backport (tar) #280961 [since FEDORA-2007-2800] tar-1.17-4.fc8
@@ -71,9 +77,10 @@
 CVE-2007-4352 VULNERABLE (poppler) #372511
 CVE-2007-4352 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
 CVE-2007-4352 backport (koffice) #372601 [since FEDORA-2007-3093]
-CVE-2007-4352 VULNERABLE (tetex) #372661
+CVE-2007-4352 backport (tetex) #372661 [since FEDORA-2007-3308]
 CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982]
 CVE-2007-4045 backport (cups) [since FEDORA-2007-2982]
+CVE-2007-4033 backport (tetex) [since FEDORA-2007-3308]
 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091
 CVE-2007-3999 VULNERABLE (libtirpc) #362111
 CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #363061
@@ -82,14 +89,19 @@
 CVE-2007-3843 version (kernel) #246595 No idea which version fixed this
 CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512
+CVE-2007-3386 version (tomcat5) [since FEDORA-2007-3474]
+CVE-2007-3385 version (tomcat5) [since FEDORA-2007-3474]
+CVE-2007-3382 version (tomcat5) [since FEDORA-2007-3474]
 CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
-CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #363081
-CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #363081
+CVE-2007-2450 version (tomcat5) #363081 [since FEDORA-2007-3474]
+CVE-2007-2449 version (tomcat5) #363081 [since FEDORA-2007-3474]
 CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
 CVE-2007-2165 version (proftpd, fixed 1.3.1rc3) #237533
 CVE-2007-1841 version (ipsec-tools, fixed 0.6.7) #238052
 CVE-2007-1804 version (pulseaudio) #235013 NOTABUG, there are other known ways to crash pulse.
 CVE-2007-1558 version (evolution, fixed 1.8.3-5)
+CVE-2007-1358 version (tomcat5) [since FEDORA-2007-3474]
+CVE-2007-1355 version (tomcat5) [since FEDORA-2007-3474]
 CVE-2007-1352 version (libXfont, fixed 1.2.8) #235265
 CVE-2007-1351 version (libXfont, fixed 1.2.8) #235265
 CVE-2007-1103 ignore (tor) #230927 CANTFIX really


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- f9	22 Nov 2007 16:01:07 -0000	1.22
+++ f9	26 Nov 2007 18:15:22 -0000	1.23
@@ -7,6 +7,7 @@
 # Up to date CVE as of CVE email 20071030
 # Up to date F9 as of 20071029
 
+CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2)
 CVE-2007-6061 VULNERABLE (audacity) #393251
 CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #392001
 CVE-2007-5977 VULNERABLE (phpMyAdmin) #385911


Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.300
retrieving revision 1.301
diff -u -r1.300 -r1.301
--- fc6	19 Nov 2007 09:09:24 -0000	1.300
+++ fc6	26 Nov 2007 18:15:22 -0000	1.301
@@ -8,21 +8,26 @@
 # Up to date FC6 as of 20071029
 
 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
-CVE-2007-5937 VULNERABLE (tetex) #379841 Multiple dviljk buffer overflows
-CVE-2007-5936 VULNERABLE (tetex) #379841 dviljk uses insecure temporary file
-CVE-2007-5935 VULNERABLE (tetex) #379841 dvips -z buffer overflow with long href
+CVE-2007-5937 backport (tetex) #379841 [since FEDORA-2007-750] Multiple dviljk buffer overflows
+CVE-2007-5936 backport (tetex) #379841 [since FEDORA-2007-750] dviljk uses insecure temporary file
+CVE-2007-5935 backport (tetex) #379841 [since FEDORA-2007-750] dvips -z buffer overflow with long href
 CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql.
 CVE-2007-5907 VULNERABLE (xen) #390091
 CVE-2007-5906 VULNERABLE (xen) #390091
 CVE-2007-5795 version (emacs, only 21)
 CVE-2007-5770 backport (ruby) #373371 [since FEDORA-2007-738]
+CVE-2007-5708 backport (openldap) [since FEDORA-2007-741]
+CVE-2007-5707 backport (openldap) [since FEDORA-2007-741]
 CVE-2007-5461 VULNERABLE (tomcat5) #334521
-CVE-2007-5393 VULNERABLE (cups)
+CVE-2007-5398 backport (samba) [since FEDORA-2007-751]
+CVE-2007-5393 backport (cups) [since FEDORA-2007-746]
 CVE-2007-5393 VULNERABLE (poppler) #372491
 CVE-2007-5393 VULNERABLE (kdegraphics) #372551
-CVE-2007-5392 VULNERABLE (cups)
+CVE-2007-5393 backport (tetex) [since FEDORA-2007-750]
+CVE-2007-5392 backport (cups) [since FEDORA-2007-746]
 CVE-2007-5392 VULNERABLE (poppler) #372491
 CVE-2007-5392 VULNERABLE (kdegraphics) #372551
+CVE-2007-5392 backport (tetex) [since FEDORA-2007-750]
 CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
 CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
 CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5
@@ -34,7 +39,7 @@
 CVE-2007-5267 ignore (libpng) shipped version too old and not affected
 CVE-2007-5266 ignore (libpng) shipped version too old and not affected
 CVE-2007-5208 backport (hplip) #329121 [since FEDORA-2007-724]
-CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367571
+CVE-2007-5197 backport (mono, fixed 1.2.5.1) #367571 [since FEDORA-2007-745]
 CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-722]
 CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718]
 CVE-2007-5137 backport (tk, fixed 8.4.16) #332071 [since FEDORA-2007-728]
@@ -65,6 +70,7 @@
 CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709]
 CVE-2007-4657 ignore (php, fixed 5.2.4) arbitrary read not remotely triggerable
 CVE-2007-4619 backport (flac, fixed 1.2) #332581 [since FEDORA-2007-730]
+CVE-2007-4572 backport (samba) [since FEDORA-2007-751]
 CVE-2007-4571 version (kernel) [since FEDORA-2007-714]
 CVE-2007-4569 backport (kdebase) #299741 [since FEDORA-2007-716]
 CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373251
@@ -75,9 +81,10 @@
 CVE-2007-4476 backport (tar) [since FEDORA-2007-735]
 CVE-2007-4465 version (httpd) [since FEDORA-2007-707]
 CVE-2007-4357 ignore (firefox) status bar can be overwrittten
-CVE-2007-4352 VULNERABLE (cups)
+CVE-2007-4352 backport (cups) [since FEDORA-2007-746]
 CVE-2007-4352 VULNERABLE (poppler) #372491
 CVE-2007-4352 VULNERABLE (kdegraphics) #372551
+CVE-2007-4352 backport (tetex) [since FEDORA-2007-750]
 CVE-2007-4351 backport (cups) #361671 [since FEDORA-2007-740]
 CVE-2007-4255 ignore (php) msql extension not shipped
 CVE-2007-4251 ignore (openoffice.org) just a crash
@@ -88,8 +95,10 @@
 CVE-2007-4137 backport (qt) #292951 [since FEDORA-2007-703]
 CVE-2007-4134 backport (star, fixed 1.5a84) #254129
 CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-683]
+CVE-2007-4045 backport (cups) [since FEDORA-2007-746]
 CVE-2007-4029 backport (libvorbis) #250600 [since FEDORA-2007-677]
 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
+CVE-2007-4033 backport (tetex) [since FEDORA-2007-750]
 CVE-2007-4000 backport (krb5) [since FEDORA-2007-690]
 CVE-2007-3999 backport (krb5) [since FEDORA-2007-690]
 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294911


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.183
retrieving revision 1.184
diff -u -r1.183 -r1.184
--- fc7	22 Nov 2007 16:01:07 -0000	1.183
+++ fc7	26 Nov 2007 18:15:22 -0000	1.184
@@ -8,28 +8,31 @@
 # Up to date CVE as of CVE email 20071030
 # Up to date FC7 as of 20071029
 
+CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
 CVE-2007-6061 VULNERABLE (audacity) #393251
-CVE-2007-6035 VULNERABLE (cacti, fixed 0.8.7a) #391981
-CVE-2007-5977 VULNERABLE (phpMyAdmin) #385891
-CVE-2007-5976 VULNERABLE (phpMyAdmin) #385891
+CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
+CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
+CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
-CVE-2007-5937 VULNERABLE (tetex) #379831 Multiple dviljk buffer overflows
-CVE-2007-5936 VULNERABLE (tetex) #379831 dviljk uses insecure temporary file
-CVE-2007-5935 VULNERABLE (tetex) #379831 dvips -z buffer overflow with long href
-CVE-2007-5934 VULNERABLE (php-pear-MDB2) #379091
-CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysql) #379121
-CVE-2007-5934 VULNERABLE (php-pear-MDB2-Driver-mysqli) #379151
+CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows
+CVE-2007-5936 backport (tetex) #379831 [since FEDORA-2007-3390] dviljk uses insecure temporary file
+CVE-2007-5935 backport (tetex) #379831 [since FEDORA-2007-3390] dvips -z buffer overflow with long href
+CVE-2007-5934 backport (php-pear-MDB2) #379091 [since FEDORA-2007-3369]
+CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379121 [since FEDORA-2007-3369]
+CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379151 [since FEDORA-2007-3369]
 CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql.
 CVE-2007-5907 VULNERABLE (xen) #390101
 CVE-2007-5906 VULNERABLE (xen) #390101
-CVE-2007-5795 VULNERABLE (emacs) #367581
+CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
+CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
 CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
 CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
 CVE-2007-5715 backport (denyhosts) fixed long ago
 CVE-2007-5712 version (Django, fixed 0.96.1) #362761 [since FEDORA-2007-3157]
-CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081
-CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081
+CVE-2007-5708 backport (openldap, fixed 2.3.39) #360081 [since FEDORA-2007-3124]
+CVE-2007-5707 backport (openldap, fixed 2.3.39) #360081 [since FEDORA-2007-3124]
+CVE-2007-5690 version (zaptel) [since FEDORA-2007-3094] not really an issue
 CVE-2007-5626 ignore (bacula) known, documented limitation
 CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362791
 CVE-2007-5623 backport (nagios-plugins) #348731 [since FEDORA-2007-2713]
@@ -41,24 +44,26 @@
 CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738]
 CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652]
 CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652]
-CVE-2007-5461 VULNERABLE (tomcat5) #334511
+CVE-2007-5461 version (tomcat5) #334511 [since FEDORA-2007-3456]
 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe
-CVE-2007-5395 VULNERABLE (link-grammar) #372341
+CVE-2007-5398 version (samba) [since FEDORA-2007-3402]
+CVE-2007-5395 version (link-grammar) #372341 [since FEDORA-2007-3339]
 CVE-2007-5393 backport (xpdf) #372461 [since FEDORA-2007-3031]
 CVE-2007-5393 backport (cups) [since FEDORA-2007-3100]
 CVE-2007-5393 VULNERABLE (poppler) #372501
 CVE-2007-5393 backport (kdegraphics) #372561 [since FEDORA-2007-2985]
 CVE-2007-5393 backport (koffice) #372591 [since FEDORA-2007-3059]
-CVE-2007-5393 VULNERABLE (tetex) #372651
+CVE-2007-5393 backport (tetex) #372651 [since FEDORA-2007-3390]
 CVE-2007-5392 backport (xpdf) #372461 [since FEDORA-2007-3031]
 CVE-2007-5392 backport (cups) [since FEDORA-2007-3100]
 CVE-2007-5392 VULNERABLE (poppler) #372501
 CVE-2007-5392 backport (kdegraphics) #372561 [since FEDORA-2007-2985]
 CVE-2007-5392 backport (koffice) #372591 [since FEDORA-2007-3059]
-CVE-2007-5392 VULNERABLE (tetex) #372651
+CVE-2007-5392 backport (tetex) #372651 [since FEDORA-2007-3390]
 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738]
 CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
 CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
+CVE-2007-5339 version (thunderbird) [since FEDORA-2007-3431]
 CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
 CVE-2007-5337 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
 CVE-2007-5335 version (mozilla) ff 2.0.0.8, does not affect ff1.5 [since FEDORA-2007-2664]
@@ -101,6 +106,7 @@
 CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
 CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137
 CVE-2007-4841 ignore (mozilla) Windows only
+CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3431] windows only anyway
 CVE-2007-4840 ignore (php)
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321
 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189]
@@ -125,6 +131,7 @@
 CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
 CVE-2007-4619 version (flac, fixed 1.2) #332571 [since FEDORA-2007-2596]
 CVE-2007-4573 version (kernel) [since FEDORA-2007-2298]
+CVE-2007-4572 version (samba) [since FEDORA-2007-3402]
 CVE-2007-4571 version (kernel) [since FEDORA-2007-2349]
 CVE-2007-4569 backport (kdebase) #299731 [since FEDORA-2007-2361]
 CVE-2007-4568 VULNERABLE (xorg-x11-xfs, fixed 1.0.5) #373261
@@ -152,7 +159,7 @@
 CVE-2007-4352 VULNERABLE (poppler) #372501
 CVE-2007-4352 backport (kdegraphics) #372561 [since FEDORA-2007-2985]
 CVE-2007-4352 backport (koffice) #372591 [since FEDORA-2007-3059]
-CVE-2007-4352 VULNERABLE (tetex) #372651
+CVE-2007-4352 backport (tetex) #372651 [since FEDORA-2007-3390]
 CVE-2007-4351 backport (cups) #361661 [since FEDORA-2007-2715]
 CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
 CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643
@@ -178,6 +185,7 @@
 CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765]
 CVE-2007-4045 backport (cups) [since FEDORA-2007-3100]
 CVE-2007-4033 backport (t1lib) #303021 [since FEDORA-2007-2343]
+CVE-2007-4033 backport (tetex) [since FEDORA-2007-3390]
 CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
 CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017]
 CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017]
@@ -248,7 +256,10 @@
 CVE-2007-3387 backport (koffice) #251522 [since FEDORA-2007-1614]
 CVE-2007-3387 backport (cups) #251518 [since FEDORA-2007-1541]
 CVE-2007-3387 ignore (libextractor) http://bugs.gentoo.org/show_bug.cgi?id=188169
+CVE-2007-3386 version (tomcat5) [since FEDORA-2007-3456]
+CVE-2007-3385 version (tomcat5) [since FEDORA-2007-3456]
 CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
+CVE-2007-3382 version (tomcat5) [since FEDORA-2007-3456]
 CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362]
 CVE-2007-3378 ignore (php) safe mode escape
 CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since FEDORA-2007-0668]
@@ -326,8 +337,8 @@
 CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ]
 CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ]
 *CVE-2007-2452 ** (locate)
-CVE-2007-2450 VULNERABLE (tomcat5) #244810
-CVE-2007-2449 VULNERABLE (tomcat5) #244810
+CVE-2007-2450 version (tomcat5) #244810 [since FEDORA-2007-3456]
+CVE-2007-2449 version (tomcat5) #244810 [since FEDORA-2007-3456]
 CVE-2007-2448 version (subversion, fixed 1.4.4) #243856 [since FEDORA-2007-2635]
 *CVE-2007-2447 ** (samba)
 *CVE-2007-2446 ** (samba)
@@ -441,7 +452,8 @@
 *CVE-2007-1366 ** (qemu) #238723
 CVE-2007-1362 version (seamonkey, fixed 1.0.9) #241840
 *CVE-2007-1359 backport (mod_security, fixed 2.1.0-3) #231728
-CVE-2007-1358 ** (tomcat5) #244810
+CVE-2007-1358 version (tomcat5) #244810 [since FEDORA-2007-3456]
+CVE-2007-1355 version (tomcat5) [since FEDORA-2007-3456]
 *CVE-2007-1354 ** (jboss)
 CVE-2007-1352 version (libXfont) #235265
 CVE-2007-1351 version (libXfont) #235265

More information about the Fedora-security-commits mailing list