[Fedora-security-commits] fedora-security/audit fc6, 1.269, 1.270 fc7, 1.127, 1.128

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Tue Oct 2 15:00:32 UTC 2007 

Author: lkundrak

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30876

Modified Files:
	fc6 fc7 
Log Message:
Up to date as of today



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.269
retrieving revision 1.270
diff -u -r1.269 -r1.270
--- fc6	1 Oct 2007 13:55:03 -0000	1.269
+++ fc6	2 Oct 2007 15:00:30 -0000	1.270
@@ -4,31 +4,31 @@
 # *CVE are items that need verification for Fedora Core 6
 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
 
-# Up to date CVE as of CVE email 20070914
-# Up to date FC6 as of 20070926
+# Up to date CVE as of CVE email 20071002
+# Up to date FC6 as of 20071002
 
 CVE-2007-5162 VULNERABLE (ruby) #313801
-CVE-2007-5034 VULNERABLE (elinks) #297611
+CVE-2007-5034 version (elinks) #297611 [since ???]
 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
-CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297561
-CVE-2007-4897 VULNERABLE (ekiga, version 2.0.9) really opal 2.2.8 #297561
-CVE-2007-4829 VULNERABLE (perl-Archive-Tar)
-CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9)
+CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561
+CVE-2007-4897 VULNERABLE (opal, fixed 2.2.8) #297561
+CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315331
+CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) #315301
 CVE-2007-4752 VULNERABLE (openssh) #280471
 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694]
-CVE-2007-4730 VULNERABLE (xorg-x11) #286061
+CVE-2007-4730 ignore (xorg-x11) #286061 ajax says FC6 is not vulnerable
 CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
 CVE-2007-4670 backport (php) [since FEDORA-2007-709]
 CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
 CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
 CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix
-CVE-2007-4660 VULNERABLE (php, fixed 5.2.4) 
+CVE-2007-4660 ignore (php, fixed 5.2.4) CVE-2007-4661 duplicate, jorton mailed Mitre
 CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only)
 CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709]
-CVE-2007-4657 VULNERABLE (php, fixed 5.2.4)
+CVE-2007-4657 ingore (php, fixed 5.2.4) arbitrary read not remotly triggerable
 CVE-2007-4569 VULNERABLE (kdebase) #299741
 CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689]
-CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
+CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315291
 CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
 CVE-2007-4465 version (httpd) [since FEDORA-2007-707]
 CVE-2007-4357 ignore (firefox) status bar can be overwrittten


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.127
retrieving revision 1.128
diff -u -r1.127 -r1.128
--- fc7	2 Oct 2007 08:25:51 -0000	1.127
+++ fc7	2 Oct 2007 15:00:30 -0000	1.128
@@ -5,8 +5,8 @@
 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
 # A couple of first F7 updates were marked as FEDORA-2007-0001
 
-# Up to date CVE as of CVE email 20070914
-# Up to date FC7 as of 20070930
+# Up to date CVE as of CVE email 20071002
+# Up to date FC7 as of 20071002
 
 GENERIC-MAP-NOMATCH VULNERABLE (nagios-plugins, fixed 1.4.10) #315101
 CVE-2007-5162 VULNERABLE (ruby) #313791
@@ -21,35 +21,36 @@
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
 CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236]
 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
-CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297551
+CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297551
 CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8
 CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
 CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
 CVE-2007-4841 ignore (mozilla suite) Windows only
 CVE-2007-4840 ignore (php)
-CVE-2007-4829 VULNERABLE (perl-Archive-Tar)
+CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321
 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189]
 CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196]
 CVE-2007-4752 VULNERABLE (openssh) #280461
 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
-CVE-2007-4730 VULNERABLE (xorg-x11) #286051
+CVE-2007-4730 ignore (xorg-x11) #286051 ajax says F7 is not vulnerable
 CVE-2007-4727 version (lighttpd) #284511 [since FEDORA-2007-2132]
 CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
 CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
 CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
 CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix
-CVE-2007-4660 VULNERABLE (php, fixed 5.2.4)
-CVE-2007-4659 VULNERABLE (php, fixed 5.2.4) #276531 Tracking bug!
-CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011
-CVE-2007-4657 VULNERABLE (php, fixed 5.2.4)
+CVE-2007-4660 version (php, fixed 5.2.4) [since FEDORA-2007-2215]
+CVE-2007-4659 version (php, fixed 5.2.4) #276531 [since FEDORA-2007-2215]
+CVE-2007-4658 version (php, fixed 5.2.4) #278011 [since FEDORA-2007-2215]
+CVE-2007-4657 version (php, fixed 5.2.4) [since FEDORA-2007-2215]
 CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020]
 CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
 CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
 CVE-2007-4573 version (kernel) [since FEDORA-2007-2298]
+CVE-2007-4571 version (kernel) [since FEDORA-2007-2349]
 CVE-2007-4569 VULNERABLE (kdebase) #299731
 CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
 CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
-CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
+CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal #315291
 CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
 CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
 CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]

More information about the Fedora-security-commits mailing list