[Fedora-security-commits] fedora-security/audit fc7,1.135,1.136

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Tue Oct 9 22:49:07 UTC 2007 

Author: lkundrak

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28345

Modified Files:
	fc7 
Log Message:
Formatting fixes, to prepare for automatic parsing



Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.135
retrieving revision 1.136
diff -u -r1.135 -r1.136
--- fc7	9 Oct 2007 13:22:16 -0000	1.135
+++ fc7	9 Oct 2007 22:49:05 -0000	1.136
@@ -29,7 +29,7 @@
 CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236]
 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
 CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297551
-CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8
+CVE-2007-4897 version (opal, fixed 2.2.9)
 CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
 CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
 CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137
@@ -128,7 +128,7 @@
 CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138]
 CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138]
 CVE-2007-3735 version (mozilla) #248518 [since FEDORA-2007-1138]
-CVE-2007-3728 ignore (libsilc, 1.1.1 only)
+CVE-2007-3728 ignore (libsilc, only 1.1.1)
 CVE-2007-3725 version (clamav) [since FEDORA-2007-2050]
 CVE-2007-3713 backport (centericq) #247979 [since FEDORA-2007-1160]
 CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138]
@@ -176,7 +176,7 @@
 CVE-2007-3239 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
 CVE-2007-3238 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
 CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366]
-CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
+CVE-2007-3209 ignore (mail-notification) shipped with SSL enabled
 CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674]
 CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
 CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
@@ -197,7 +197,7 @@
 CVE-2007-3024 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
 CVE-2007-3023 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
 CVE-2007-3007 ignore (php) safe mode isn't safe
-*CVE-2007-2975 (openfire)
+*CVE-2007-2975 ** (openfire)
 CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009]
 CVE-2007-2958 backport (sylpheed) #254123 [since FEDORA-2007-1841]
 CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581]
@@ -207,7 +207,7 @@
 CVE-2007-2894 backport (bochs) #241799 [since FEDORA-2007-1778]
 CVE-2007-2893 backport (bochs, fixed 2.3-5) #241799 [since FEDORA-2007-1153]
 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ]
-CVE-2007-2874 remove-patch (wpa_supplicant) #242455 [since FEDORA-2007-0185]
+CVE-2007-2874 backport (wpa_supplicant) #242455 [since FEDORA-2007-0185]
 CVE-2007-2873 version (spamassassin, fixed 3.2.1) [since FEDORA-2007-0390]
 CVE-2007-2871 version (mozilla) #241840
 CVE-2007-2870 version (mozilla) #241840
@@ -220,45 +220,45 @@
 CVE-2007-2834 backport (openoffice.org, fixed 2.3) #293361 [since FEDORA-2007-2372]
 CVE-2007-2821 version (wordpress, fixed 2.2) #245211 [since FEDORA-2007-0894]
 CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-0836]
-CVE-2007-2798 version (krb5, 1.6.1) [since FEDORA-2007-0740]
+CVE-2007-2798 version (krb5, fixed 1.6.1) [since FEDORA-2007-0740]
 CVE-2007-2797 version (xterm) fixed in fc5 and fc6 before f7 release
 CVE-2007-2768 ignore (openssh) needs pam OPIE which is not shipped.
 CVE-2007-2756 ignore (gd) DoS only
 CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033]
-CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
+CVE-2007-2721 backport (jasper, fixed 1.900.1-2) #240397
 CVE-2007-2683 backport (mutt)
 CVE-2007-2654 version (xfsdump) #240396
 CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154]
 CVE-2007-2645 backport (libexif) #240055 [since FEDORA-2007-0414]
-*CVE-2007-2637 patch (moin, fixed 1.5.7-2)
+*CVE-2007-2637 backport (moin, fixed 1.5.7-2)
 CVE-2007-2627 version (wordpress, fixed 2.2.1) #239904 [since FEDORA-2007-0894]
-*CVE-2007-2589 (squirrelmail)
-*CVE-2007-2583 (mysql)
+*CVE-2007-2589 ** (squirrelmail)
+*CVE-2007-2583 ** (mysql)
 CVE-2007-2519 ignore (php-pear) no trust boundary is crossed
 CVE-2007-2511 ignore (php) #239011 see the bug
 CVE-2007-2510 version (php, fixed 5.2.2)
 CVE-2007-2509 version (php, fixed 5.2.2)
-*CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213
+*CVE-2007-2500 backport (gnash, fixed 0.7.2-2) #239213
 CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ]
 CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ]
-*CVE-2007-2452 (locate)
+*CVE-2007-2452 ** (locate)
 CVE-2007-2450 VULNERABLE (tomcat5) #244810
 CVE-2007-2449 VULNERABLE (tomcat5) #244810
 CVE-2007-2448 VULNERABLE (subversion, fixed 1.4.4) #243856
-*CVE-2007-2447 (samba)
-*CVE-2007-2446 (samba)
+*CVE-2007-2447 ** (samba)
+*CVE-2007-2446 ** (samba)
 CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398
-*CVE-2007-2444 (samba)
-CVE-2007-2443 version (krb5, 1.6.1) [since FEDORA-2007-0740]
-CVE-2007-2442 version (krb5, 1.6.1) [since FEDORA-2007-0740]
-CVE-2007-2438 version (vim, 7.0.235) #238734 [since FEDORA-2007-492]
+*CVE-2007-2444 ** (samba)
+CVE-2007-2443 version (krb5, fixed 1.6.1) [since FEDORA-2007-0740]
+CVE-2007-2442 version (krb5, fixed 1.6.1) [since FEDORA-2007-0740]
+CVE-2007-2438 version (vim, fixed 7.0.235) #238734 [since FEDORA-2007-492]
 CVE-2007-2437 ignore (xorg-x11) DoS only
-*CVE-2007-2435 (java)
-*CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
+*CVE-2007-2435 ** (java)
+*CVE-2007-2423 backport (moin, fixed 1.5.7-2) #238722
 CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615
 CVE-2007-2381 ignore (MochiKit) #238616
-*CVE-2007-2356 (gimp)
-*CVE-2007-2353 (axis)
+*CVE-2007-2356 ** (gimp)
+*CVE-2007-2353 ** (axis)
 *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
 CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped.
 CVE-2007-2241 backport (bind) [since FEDORA-2007-0300]
@@ -269,8 +269,8 @@
 CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1)
 CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
 CVE-2007-2028 version (freeradius)
-*CVE-2007-2026 (file)
-CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
+*CVE-2007-2026 ** (file)
+CVE-2007-2016 ignore (phpMyAdmin) < 2.8.0.2 never shipped
 CVE-2007-1997 version (clamav, fixed in 0.90.2)
 CVE-2007-1995 version (quagga, fixed CVE-2007-1995) #240488
 CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912
@@ -281,24 +281,24 @@
 CVE-2007-1864 version (php, fixed 5.2.2)
 CVE-2007-1863 backport (httpd) #244665 [since FEDORA-2007-0704]
 CVE-2007-1862 backport (httpd) #242606 [since FEDORA-2007-0704]
-*CVE-2007-1859 (xscreensaver)
-*CVE-2007-1858 (tomcat)
+*CVE-2007-1859 ** (xscreensaver)
+*CVE-2007-1858 ** (tomcat)
 CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch
 *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052
 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013
 CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014
 CVE-2007-1797 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
 CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703
-*CVE-2007-1743 (httpd)
-*CVE-2007-1742 (httpd)
-*CVE-2007-1741 (httpd)
+*CVE-2007-1743 ** (httpd)
+*CVE-2007-1742 ** (httpd)
+*CVE-2007-1741 ** (httpd)
 CVE-2007-1732 ignore (wordpress) #235015
 CVE-2007-1718 version (php, fixed 5.2.2)
 CVE-2007-1717 version (php, fixed 5.2.2)
 CVE-2007-1711 version (php, 4.4.5 and 4.4.6 only)
 CVE-2007-1710 version (php, fixed 5.2.2)
 CVE-2007-1709 ignore (php) no security impact
-*CVE-2007-1667 (xorg-x11)
+*CVE-2007-1667 ** (xorg-x11)
 CVE-2007-1665 version (ekg) #246034 [since FEDORA-2007-0791]
 CVE-2007-1664 version (ekg) #246034 [since FEDORA-2007-0791]
 CVE-2007-1663 version (ekg) #246034 [since FEDORA-2007-0791]
@@ -320,7 +320,7 @@
 CVE-2007-1545 version (nas, fixed 1.8a-2) #233353
 CVE-2007-1544 version (nas, fixed 1.8a-2) #233353
 CVE-2007-1543 version (nas, fixed 1.8a-2) #233353
-*CVE-2007-1536 (file)
+*CVE-2007-1536 ** (file)
 CVE-2007-1521 ignore (php) See NVD
 CVE-2007-1515 version (imp, fixed 4.1.4)
 CVE-2007-1496 version (kernel, fixed 2.6.20.3)
@@ -329,7 +329,7 @@
 CVE-2007-1474 version (horde, fixed 3.1.4)
 CVE-2007-1474 ignore (imp, < 4.x only)
 CVE-2007-1473 version (horde, fixed 3.1.4)
-*CVE-2007-1466 (openoffice.org)
+*CVE-2007-1466 ** (openoffice.org)
 CVE-2007-1464 version (inkscape, fixed 0.45.1)
 CVE-2007-1463 version (inkscape, fixed 0.45.1)
 CVE-2007-1460 version (php, fixed 5.2.2)
@@ -345,15 +345,15 @@
 CVE-2007-1398 ignore (snort, inline mode not shipped) #232109, new upstream [since FEDORA-2007-2060]
 CVE-2007-1396 ignore (php) feature, not a flaw
 *CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2)
-*CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3)
+*CVE-2007-1387 backport (xine-lib, fixed 1.1.4-3)
 *CVE-2007-1385 version (ktorrent, fixed 2.1.2)
 *CVE-2007-1384 version (ktorrent, fixed 2.1.2)
 CVE-2007-1375 version (php, fixed 5.2.2)
 *CVE-2007-1366 ** (qemu) #238723
 CVE-2007-1362 version (seamonkey, fixed 1.0.9) #241840
-*CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728
+*CVE-2007-1359 backport (mod_security, fixed 2.1.0-3) #231728
 CVE-2007-1358 ** (tomcat5) #244810
-*CVE-2007-1354 (jboss)
+*CVE-2007-1354 ** (jboss)
 *CVE-2007-1352 VULNERABLE (libXfont) #235265
 *CVE-2007-1351 VULNERABLE (libXfont) #235265
 CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-0316]
@@ -365,15 +365,15 @@
 CVE-2007-1308 version (kdelibs)
 CVE-2007-1287 ignore (php) See NVD
 CVE-2007-1286 version (php, PHP4 only)
-CVE-2007-1285 version (php, 5.2.2)
+CVE-2007-1285 version (php, fixed 5.2.2)
 CVE-2007-1282 version (seamonkey, fixed 1.0.8)
 CVE-2007-1277 version (wordpress, fixed 2.1.2)
-CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733
+CVE-2007-1267 ignore (sylpheed) uses gpgme  #231733
 CVE-2007-1263 version (gpgme, fixed 1.1.4)
 CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315]
-*CVE-2007-1262 (squirrelmail)
-*CVE-2007-1253 patch (blender, fixed 2.42a-21) #239338
-*CVE-2007-1246 patch (xine-lib, fixed 1.1.4-3)
+*CVE-2007-1262 ** (squirrelmail)
+*CVE-2007-1253 backport (blender, fixed 2.42a-21) #239338
+*CVE-2007-1246 backport (xine-lib, fixed 1.1.4-3)
 CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898
 CVE-2007-1230 version (wordpress, fixed 2.1.2)
 *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
@@ -383,25 +383,25 @@
 CVE-2007-1055 version (mediawiki, fixed 1.8.3)
 CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
 CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991
-*CVE-2007-1036 (jboss)
-*CVE-2007-1030 (libevent)
-*CVE-2007-1007 (ekiga)
+*CVE-2007-1036 ** (jboss)
+*CVE-2007-1030 ** (libevent)
+*CVE-2007-1007 ** (ekiga)
 *CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322]
-CVE-2007-1004 VULNERABLE (firefox, ...)
+CVE-2007-1004 VULNERABLE (mozilla)
 *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed  > X11R7.2) #235263
 *CVE-2007-1002 VULNERABLE (evolution) #233587
 CVE-2007-1001 version (php, fixed 5.2.2)
 CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335]
-*CVE-2007-0999 (ekiga)
+*CVE-2007-0999 ** (ekiga)
 CVE-2007-0998 version (qemu, fixed 0.8.2)
 *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343]
 CVE-2007-0996 version (seamonkey, fixed 1.0.8)
 CVE-2007-0995 version (seamonkey, fixed 1.0.8)
 CVE-2007-0988 version (php, fixed 5.2.1)
-CVE-2007-0981 VULNERABLE (firefox, ...)
+CVE-2007-0981 VULNERABLE (mozilla)
 CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253
-CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528
-CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782
+CVE-2007-0957 backport (krb5, fixed 1.6-3) #231528
+CVE-2007-0956 backport (krb5, fixed 1.6-3) #229782
 CVE-2007-0911 version (php, 5.2.1 only)
 CVE-2007-0910 version (php, fixed 5.2.1)
 CVE-2007-0909 version (php, fixed 5.2.1)
@@ -409,8 +409,8 @@
 CVE-2007-0907 version (php, fixed 5.2.1)
 CVE-2007-0906 version (php, fixed 5.2.1)
 CVE-2007-0903 version (ejabberd, fixed 1.1.3)
-*CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764
-*CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764
+*CVE-2007-0902 backport (moin, fixed 1.5.7-2) #228764
+*CVE-2007-0901 backport (moin, fixed 1.5.7-2) #228764
 CVE-2007-0898 version (clamav, fixed 0.90) #229202
 CVE-2007-0897 version (clamav, fixed 0.90) #229202
 CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
@@ -424,10 +424,10 @@
 CVE-2007-0778 version (seamonkey, fixed 1.0.8)
 CVE-2007-0777 version (seamonkey, fixed 1.0.8)
 CVE-2007-0775 version (seamonkey, fixed 1.0.8)
-*CVE-2007-0774 (mod_jk)
+*CVE-2007-0774 ** (mod_jk)
 CVE-2007-0772 version (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
-CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952
-CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758
+CVE-2007-0771 backport (kernel, fixed 2.6.20-1.2933) #227952
+CVE-2007-0770 backport (GraphicsMagick, fixed 1.1.7-7) #228758
 CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456
 CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated
 CVE-2007-0657 ignore (nexuiz, 2.2.2 only (not shipped), fixed 2.2.3)
@@ -435,8 +435,8 @@
 *CVE-2007-0653 VULNERABLE (xmms) #233705
 *CVE-2007-0650 ignore (tetex) needs user's assistance
 CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
-*CVE-2007-0578 (mpg321)
-*CVE-2007-0555 (postgresql)
+*CVE-2007-0578 ** (mpg321)
+*CVE-2007-0555 ** (postgresql)
 CVE-2007-0541 version (wordpress, fixed 2.1-0) #225469
 CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469
 CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469
@@ -453,10 +453,10 @@
 CVE-2007-0457 version (wireshark, fixed 0.99.5) #227140
 CVE-2007-0456 version (wireshark, fixed 0.99.5) #227140
 CVE-2007-0455 version (gd, fixed 2.0.34) #224610
-*CVE-2007-0454 (samba)
-*CVE-2007-0452 (samba)
+*CVE-2007-0454 ** (samba)
+*CVE-2007-0452 ** (samba)
 CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
-*CVE-2007-0450 (tomcat)
+*CVE-2007-0450 ** (tomcat)
 CVE-2007-0448 ignore (php) safe mode isn't safe
 CVE-2007-0405 version (Django, fixed 0.95.1)
 CVE-2007-0404 version (Django, fixed 0.95.1)
@@ -465,16 +465,15 @@
 CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
 CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
 CVE-2007-0245 backport (openoffice.org) [since FEDORA-2007-0410]
-CVE-2007-0243 ignore, no-ship (java-ibm)
-*CVE-2007-0242 patch (qt4, fixed 4.2.3-7)
-*CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
-*CVE-2007-0239 (openoffice.org)
-*CVE-2007-0238 (openoffice.org)
+*CVE-2007-0242 backport (qt4, fixed 4.2.3-7)
+*CVE-2007-0240 backport (zope, fixed 2.9.6-2) #233378
+*CVE-2007-0239 ** (openoffice.org)
+*CVE-2007-0238 ** (openoffice.org)
 *CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage
-*CVE-2007-0227 (slocate)
+*CVE-2007-0227 ** (slocate)
 CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958
-*CVE-2007-0160 patch (centericq, fixed 4.21.0-9) #227791
-*CVE-2007-0157 (neon)
+*CVE-2007-0160 backport (centericq, fixed 4.21.0-9) #227791
+*CVE-2007-0157 ** (neon)
 CVE-2007-0109 version (wordpress, fixed 2.1-0) #223101
 CVE-2007-0107 version (wordpress, fixed 2.1-0) #223101
 CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101
@@ -482,16 +481,10 @@
 CVE-2007-0104 ignore (kdegraphics) only client DoS
 *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694
 CVE-2007-0086 ignore (apache) not a security issue
-*CVE-2007-0080 (freeradius)
-CVE-2007-0048 ignore, no-ship (acroread)
-CVE-2007-0046 ignore, no-ship (acroread)
-CVE-2007-0045 ignore, no-ship (acroread)
-CVE-2007-0044 ignore, no-ship (acroread)
-*CVE-2007-0010 (gtk2)
+*CVE-2007-0080 ** (freeradius)
+*CVE-2007-0010 ** (gtk2)
 CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
-CVE-2007-0009 ignore (seamonkey, uses system NSS)
 CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
-CVE-2007-0008 ignore (seamonkey, uses system NSS)
 CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233
 CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
 CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
@@ -500,19 +493,19 @@
 CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib
 CVE-2006-7205 ignore (php) See NVD
 CVE-2006-7204 ignore (php) See NVD
-*CVE-2006-7197 (tomcat)
-*CVE-2006-7196 (tomcat)
-*CVE-2006-7195 (tomcat)
-*CVE-2006-7195 (tomcat)
-CVE-2006-7193 ignore (php-Smarty, SMARTY_DIR is a constant)
-*CVE-2006-7176 (sendmail)
-*CVE-2006-7175 (sendmail)
+*CVE-2006-7197 ** (tomcat)
+*CVE-2006-7196 ** (tomcat)
+*CVE-2006-7195 ** (tomcat)
+*CVE-2006-7195 ** (tomcat)
+CVE-2006-7193 ignore (php-Smarty) SMARTY_DIR is a constant
+*CVE-2006-7176 ** (sendmail)
+*CVE-2006-7175 ** (sendmail)
 CVE-2006-7162 version (putty, fixed 0.59) #231726
-*CVE-2006-7151 (libtool)
-*CVE-2006-7139 (kmail)
-*CVE-2006-7108 (util-linux)
+*CVE-2006-7151 ** (libtool)
+*CVE-2006-7139 ** (kmail)
+*CVE-2006-7108 ** (util-linux)
 *CVE-2006-6979 backport (amarok, fixed 1.4.5-2) #228138
-*CVE-2006-6948 (myodbc)
+*CVE-2006-6948 ** (myodbc)
 CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1)
 CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1)
 CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1)
@@ -521,24 +514,24 @@
 CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019]
 CVE-2006-6811 ignore (ksirc) DoS only
 CVE-2006-6808 version (wordpress, fixed 2.1-0) #221023
-*CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410
+*CVE-2006-6799 backport (cacti, fixed 0.8.6i-5) #222410
 *CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077]
-*CVE-2006-6745 (java-ibm)
-*CVE-2006-6736 (java-ibm)
-*CVE-2006-6731 (java-ibm)
+*CVE-2006-6745 ** (java-ibm)
+*CVE-2006-6736 ** (java-ibm)
+*CVE-2006-6731 ** (java-ibm)
 *CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043]
 *CVE-2006-6698 VULNERABLE (GConf2) #219280
 CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
 CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
 CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible
-*CVE-2006-6628 (openoffice.org)
+*CVE-2006-6628 ** (openoffice.org)
 CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
 CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
 CVE-2006-6610 version (nexuiz, fixed 2.2.1) #220034
 CVE-2006-6609 version (nexuiz, fixed 2.2.1) #220034
 *CVE-2006-6574 backport (mantis, fixed 1.0.6-2) #219937
 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938
-*CVE-2006-6561 (openoffice.org)
+*CVE-2006-6561 ** (openoffice.org)
 CVE-2006-6515 version (mantis, fixed 1.0.6) #219720
 CVE-2006-6505 version (seamonkey, fixed 1.0.7) #220516
 CVE-2006-6504 version (seamonkey, fixed 1.0.7) #220516
@@ -549,7 +542,7 @@
 CVE-2006-6499 version (seamonkey, fixed 1.0.7) #220516
 CVE-2006-6498 version (seamonkey, fixed 1.0.7) #220516
 CVE-2006-6497 version (seamonkey, fixed 1.0.7) #220516
-*CVE-2006-6493 (openldap)
+*CVE-2006-6493 ** (openldap)
 CVE-2006-6481 version (clamav, fixed 0.88.7)
 CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
 CVE-2006-6385 ignore (kernel) windows only
@@ -563,16 +556,15 @@
 CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441]
 CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
 CVE-2006-6297 ignore (kdegraphics) just a crash
-CVE-2006-6238 (konqueror) probably safari only
-CVE-2006-6236 ignore, no-ship (acroread)
-*CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821
+CVE-2006-6238 ignore (konqueror) safari only
+*CVE-2006-6235 backport (gnupg2, fixed 2.0.1-2) #218821
 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
-*CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820
-*CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820
+*CVE-2006-6171 backport (proftpd, fixed 1.3.0a-1) #214820
+*CVE-2006-6170 backport (proftpd, fixed 1.3.0a-1) #214820
 CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950
 *CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
-CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456
-CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456
+CVE-2006-6144 backport (krb5, fixed 1.5-14) #218456
+CVE-2006-6143 backport (krb5, fixed 1.5-14) #218456
 *CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
 CVE-2006-6128 VULNERABLE (kernel, fixed **)
 CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped)
@@ -581,9 +573,9 @@
 CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
 CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
 *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067]
-*CVE-2006-6103 (xorg-x11)
-*CVE-2006-6102 (xorg-x11)
-*CVE-2006-6101 (xorg-x11)
+*CVE-2006-6103 ** (xorg-x11)
+*CVE-2006-6102 ** (xorg-x11)
+*CVE-2006-6101 ** (xorg-x11)
 *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393]
 CVE-2006-6085 version (kile, fixed 1.9.3) #217238
 CVE-2006-6077 VULNERABLE (firefox)
@@ -593,24 +585,22 @@
 CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
 CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
 CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
-CVE-2006-6027 ignore, no-ship (acroread)
-*CVE-2006-6015 (pcre)
+*CVE-2006-6015 ** (pcre)
 CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6
 CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
 CVE-2006-5973 version (dovecot, fixed 1.0.rc15) #216508 [since ???]
-*CVE-2006-5969 (fvwm)
+*CVE-2006-5969 ** (fvwm)
 CVE-2006-5941 ignore (net-snmp) dupe CVE-2005-2177
 *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support
 *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109]
 CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4)
 CVE-2006-5874 version (clamav, fixed 0.88.1)
 CVE-2006-5871 version (kernel, fixed 2.6.10)
-*CVE-2006-5870 (openoffice.org)
+*CVE-2006-5870 ** (openoffice.org)
 *CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560
 CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042]
 *CVE-2006-5864 VULNERABLE (evince) #217672
-*CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136
-CVE-2006-5857 ignore, no-ship (acroread)
+*CVE-2006-5864 backport (gv, fixed 3.6.2-2) #215136
 CVE-2006-5848 version (trac, fixed 0.10.1) #215077
 CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
 CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
@@ -618,13 +608,13 @@
 CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263
 CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash
 CVE-2006-5783 ignore (firefox) disputed
-*CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768
+*CVE-2006-5779 VULNERABLE (openldap, fixed 2.3.29) #214768
 CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
-*CVE-2006-5754 (kernel)
+*CVE-2006-5754 ** (kernel)
 *CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
 CVE-2006-5752 backport (httpd) #244665 [since FEDORA-2007-0704]
 CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471]
-*CVE-2006-5750 (jboss)
+*CVE-2006-5750 ** (jboss)
 *CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2)
 CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
 CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822
@@ -660,12 +650,11 @@
 *CVE-2006-5461 VULNERABLE (avahi, fixed 0.6.15)
 *CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285]
 CVE-2006-5456 version (GraphicsMagick, fixed 1.1.7) [since FEDORA-2007-1340]
-*CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355
-*CVE-2006-5454 patch (bugzilla, fixed 2.22-7) #212355
-*CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355
+*CVE-2006-5455 backport (bugzilla, fixed 2.22-7) #212355
+*CVE-2006-5454 backport (bugzilla, fixed 2.22-7) #212355
+*CVE-2006-5453 backport (bugzilla, fixed 2.22-7) #212355
 *CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280
 CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
-CVE-2006-5330 ignore, no-ship (flash-plugin)
 *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
 *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
 CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
@@ -704,25 +693,24 @@
 CVE-2006-4925 ignore (openssh) client crash only
 CVE-2006-4924 version (openssh, fixed 4.4) #207957
 *CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr
-*CVE-2006-4816 (php)
+*CVE-2006-4816 ** (php)
 CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058]
 CVE-2006-4813 version (kernel, fixed 2.6.13)
 CVE-2006-4812 version (php, fixed 5.2)
 CVE-2006-4811 version (qt, fixed 3.3.7) [since FEDORA-2006-1055]
 *CVE-2006-4810 backport (texinfo) [since FEDORA-2006-1203]
-*CVE-2006-4809 patch (imlib2, fixed 1.3.0-3) #214676
-*CVE-2006-4808 patch (imlib2, fixed 1.3.0-3) #214676
-*CVE-2006-4807 patch (imlib2, fixed 1.3.0-3) #214676
-*CVE-2006-4806 patch (imlib2, fixed 1.3.0-3) #214676
+*CVE-2006-4809 backport (imlib2, fixed 1.3.0-3) #214676
+*CVE-2006-4808 backport (imlib2, fixed 1.3.0-3) #214676
+*CVE-2006-4807 backport (imlib2, fixed 1.3.0-3) #214676
+*CVE-2006-4806 backport (imlib2, fixed 1.3.0-3) #214676
 CVE-2006-4805 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
 *CVE-2006-4790 backport (gnutls, fixed 1.4.4)
 CVE-2006-4786 version (moodle, fixed 1.6.3) #206516
 CVE-2006-4785 version (moodle, fixed 1.6.3) #206516
 CVE-2006-4784 version (moodle, fixed 1.6.3) #206516
-CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514
+CVE-2006-4743 ignore (wordpress) dupe of an old non-issue #206514
 CVE-2006-4684 version (zope, fixed 2.9.2)
 *CVE-2006-4663 ignore (kernel) not a vulnerability
-CVE-2006-4640 ignore, no-ship (flash-plugin)
 CVE-2006-4625 ignore (php) safe mode isn't safe
 CVE-2006-4624 version (mailman, fixed 2.1.9rc1)
 CVE-2006-4623 version (kernel, fixed 2.6.18-rc1)
@@ -784,23 +772,22 @@
 CVE-2006-4330 version (wireshark, fixed 0.99.3)
 CVE-2006-4310 ignore (firefox) crash only
 *CVE-2006-4262 backport (cscope) 
-CVE-2006-4261 (firefox)
 CVE-2006-4253 version (thunderbird, fixed 1.5.0.7)
 CVE-2006-4253 version (seamonkey, fixed 1.0.5) #209167
 CVE-2006-4253 version (firefox, fixed 1.5.0.7)
-*CVE-2006-4249 patch (plone, fixed 2.5.1-3) #213983
-CVE-2006-4248 ignore (thttpd, Debian specific issue)
-*CVE-2006-4247 patch (plone, fixed 2.5-4) #209163
+*CVE-2006-4249 backport (plone, fixed 2.5.1-3) #213983
+CVE-2006-4248 ignore (thttpd) Debian specific issue
+*CVE-2006-4247 backport (plone, fixed 2.5-4) #209163
 CVE-2006-4227 version (mysql, fixed 5.0.26,5.1.12) #203434 [since FEDORA-2006-1297]
 CVE-2006-4226 version (mysql, fixed 5.0.26,5.1.12) #203428 [since FEDORA-2006-1297]
-*CVE-2006-4192 patch (libmodplug, fixed 0.8-3)
+*CVE-2006-4192 backport (libmodplug, fixed 0.8-3)
 CVE-2006-4182 version (clamav, fixed 0.88.5) #210973
-*CVE-2006-4181 (gnuradius)
+*CVE-2006-4181 ** (gnuradius)
 CVE-2006-4146 backport (gdb)
 CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix
 *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9)
 CVE-2006-4144 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
-*CVE-2006-4124 (lesstif)
+*CVE-2006-4124 ** (lesstif)
 CVE-2006-4096 version (bind, fixed 9.3.2-P1)
 CVE-2006-4095 version (bind, fixed 9.3.2-P1)
 CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5)
@@ -810,7 +797,7 @@
 CVE-2006-4019 version (squirrelmail, fixed 1.4.8)
 CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688
 CVE-2006-3918 version (httpd, fixed 2.2.2)
-CVE-2006-3913 patch (freeciv, fixed 2.0.9) #200545
+CVE-2006-3913 backport (freeciv, fixed 2.0.9) #200545
 CVE-2006-3879 version (libmikmod, loaders/load_gt2 not in bundled libmikmod-3.1.11)
 CVE-2006-3835 version (tomcat, fixed 5.5.17)
 CVE-2006-3816 version (krusader, fixed 1.70.1) #200323
@@ -847,7 +834,7 @@
 CVE-2006-3677 version (seamonkey, fixed 1.0.4) #200455
 CVE-2006-3677 version (firefox, fixed 1.5.0.5)
 CVE-2006-3672 ignore (konqueror) just a crash
-*CVE-2006-3668 patch (dumb, fixed 0.9.3-4) #200370
+*CVE-2006-3668 backport (dumb, fixed 0.9.3-4) #200370
 CVE-2006-3665 ignore (squirrelmail) don't enable register_globals!
 CVE-2006-3636 version (mailman, fixed 2.1.9)
 CVE-2006-3634 ignore (kernel, fixed 2.6.17.8) s390 only
@@ -859,7 +846,6 @@
 CVE-2006-3627 version (wireshark, fixed 0.99.2)
 CVE-2006-3626 version (kernel, fixed 2.6.17.6)
 CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least)
-CVE-2006-3587 ignore, no-ship (flash-plugin)
 CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108
 CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108
 CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
@@ -875,7 +861,7 @@
 *CVE-2006-3461 backport (libtiff) libtiff-3.8.2-ormandy.patch
 *CVE-2006-3460 backport (libtiff) libtiff-3.8.2-ormandy.patch
 *CVE-2006-3459 backport (libtiff) libtiff-3.8.2-ormandy.patch
-*CVE-2006-3458 patch (zope, fixed 2.9.3-3) #198106
+*CVE-2006-3458 backport (zope, fixed 2.9.3-3) #198106
 CVE-2006-3404 version (gimp, fixed 2.2.12)
 CVE-2006-3403 version (samba, fixed 3.0.23)
 CVE-2006-3390 ignore (wordpress, not an issue) #198107
@@ -883,8 +869,7 @@
 *CVE-2006-3376 backport (libwmf) from changelog
 CVE-2006-3352 ignore (firefox) not a vulnerability
 CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable
-CVE-2006-3311 ignore, no-ship (flash-plugin)
-*CVE-2006-3276 (helixplayer)
+*CVE-2006-3276 ** (helixplayer)
 CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12)
 CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped)
 CVE-2006-3174 version (squirrelmail, fixed 1.4.7)
@@ -892,7 +877,7 @@
 CVE-2006-3127 version (nss, only affected 3.11)
 CVE-2006-3122 version (dhcp, only 2.x)
 CVE-2006-3121 version (heartbeat, fixed 2.0.7)
-*CVE-2006-3119 patch (fbida, fixed 2.0.3-12) #200321
+*CVE-2006-3119 backport (fbida, fixed 2.0.3-12) #200321
 CVE-2006-3117 version (openoffice.org, fixed 2.0.3)
 CVE-2006-3113 version (thunderbird, fixed 1.5.0.5)
 CVE-2006-3113 version (seamonkey, fixed 1.0.4) #200455
@@ -949,34 +934,33 @@
 CVE-2006-2776 version (firefox, fixed 1.5.0.4)
 CVE-2006-2775 version (thunderbird, fixed 1.5.0.4)
 CVE-2006-2775 version (firefox, fixed 1.5.0.4)
-CVE-2006-2769 patch (snort, fixed 2.4.4-4) #193809
+CVE-2006-2769 backport (snort, fixed 2.4.4-4) #193809
 CVE-2006-2754 ignore (openldap) This issue is not exploitable
 CVE-2006-2753 version (mysql, fixed 5.0.22)
 CVE-2006-2723 ignore (firefox) disputed
 CVE-2006-2661 version (freetype, fixed 2.2.1)
 CVE-2006-2660 ignore (php) see #195539
 CVE-2006-2658 version (xsp, fixed 1.1.14) #206510
-CVE-2006-2657 (php) DUPE CVE-2006-3017
 *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch
 CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC
 CVE-2006-2613 ignore (firefox) This isn't an issue on FC
 CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_48-security.patch
-*CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983
+*CVE-2006-2575 backport (netpanzer, fixed 0.8-4) bz#192983
 CVE-2006-2563 ignore (php) safe mode isn't safe
-*CVE-2006-2502 (cyrus-imapd)
+*CVE-2006-2502 ** (cyrus-imapd)
 CVE-2006-2489 version (nagios, fixed 2.3.1)
-*CVE-2006-2480 patch (dia, fixed 0.95-2) bz#192535
-*CVE-2006-2453 patch (dia, fixed 0.95-3) #192830
+*CVE-2006-2480 backport (dia, fixed 0.95-2) bz#192535
+*CVE-2006-2453 backport (dia, fixed 0.95-3) #192830
 CVE-2006-2452 version (gdm)
 CVE-2006-2451 version (kernel, fixed 2.6.17.4)
-*CVE-2006-2450 (vnc)
+*CVE-2006-2450 ** (vnc)
 CVE-2006-2449 version (kdebase, fixed 3.5.4)
 CVE-2006-2448 version (kernel, fixed 2.6.17)
 CVE-2006-2447 version (spamassassin, fixed 3.1.3)
 CVE-2006-2446 version (kernel, fixed 2.6.11)
 CVE-2006-2445 version (kernel, fixed 2.6.17)
 CVE-2006-2444 version (kernel, fixed 2.6.17)
-*CVE-2006-2442 patch (kphone, fixed 4.2-9) bz#192202
+*CVE-2006-2442 backport (kphone, fixed 4.2-9) bz#192202
 CVE-2006-2440 version (ImageMagick, fixed 6.2.8 at least)
 CVE-2006-2427 ignore (clamav) not an issue bz#192076
 CVE-2006-2414 version (dovecot, fixed 1.0.beta8) not a security issue
@@ -992,7 +976,7 @@
 CVE-2006-2272 version (kernel, fixed 2.6.16.15)
 CVE-2006-2271 version (kernel, fixed 2.6.16.15)
 *CVE-2006-2237 backport (awstats, fixed 6.5-5) bz#190923
-*CVE-2006-2229 ** openvpn
+*CVE-2006-2229 ** (openvpn)
 CVE-2006-2224 version (quagga, fixed 0.98.6)
 CVE-2006-2223 version (quagga, fixed 0.98.6)
 CVE-2006-2199 version (openoffice.org, fixed 2.0.3)
@@ -1001,7 +985,7 @@
 CVE-2006-2194 ignore (ppp) pppd not suid
 *CVE-2006-2193 backport (libtiff) libtiff-3.8.2-CVE-2006-2193.patch
 CVE-2006-2191 ignore (mailman) disputed
-*CVE-2006-2169 ** rt3
+*CVE-2006-2169 ** (rt3)
 CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612
 CVE-2006-2120 version (libtiff, fixed 3.8.2 at least)
 CVE-2006-2093 version (nessus, fixed 2.2.7) bz#191053
@@ -1104,7 +1088,7 @@
 CVE-2006-1721 version (cyrus-sasl, fixed 2.1.21)
 CVE-2006-1712 version (mailman, only 2.1.7)
 CVE-2006-1711 version (plone, fixed 2.1.2) bz#188886
-*CVE-2006-1695 patch (fbida, fixed 2.03-11) bz#189721
+*CVE-2006-1695 backport (fbida, fixed 2.03-11) bz#189721
 CVE-2006-1656 version (util-vserver, fixed 0.30.210)
 CVE-2006-1650 ignore (firefox) a number of reports don't confirm this
 CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon
@@ -1115,14 +1099,14 @@
 CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286
 CVE-2006-1608 ignore (php) safe mode isn't safe
 CVE-2006-1577 version (mantis, fixed 1.0.5) bz#191089
-CVE-2006-1566 ignore (libtunepimp, Debian-specific problem)
+CVE-2006-1566 ignore (libtunepimp) Debian-specific problem
 CVE-2006-1550 version (dia, fixed 0.95) bz#187556
 CVE-2006-1549 ignore (php) this is not a security issue
 CVE-2006-1548 version (struts, fixed 1.2.9)
 CVE-2006-1547 version (struts, fixed 1.2.9)
 CVE-2006-1546 version (struts, fixed 1.2.9)
 *CVE-2006-1542 backport (python) python-2.4.1-canonicalize.patch
-CVE-2006-1539 ignore (bsd-games, Gentoo-specific problem)
+CVE-2006-1539 ignore (bsd-games) Gentoo-specific problem
 CVE-2006-1531 version (thunderbird, fixed 1.5.0.2)
 CVE-2006-1531 version (seamonkey, fixed 1.0.1)
 CVE-2006-1531 version (firefox, fixed 1.5.0.2)
@@ -1146,8 +1130,8 @@
 CVE-2006-1494 version (php, fixed 5.1.3)
 CVE-2006-1490 version (php, fixed 5.1.4)
 CVE-2006-1470 version (openldap, not 2.3.24 at least)
-CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353
-*CVE-2006-1370 (helixplayer)
+CVE-2006-1390 ignore (nethack) Gentoo-specific problem bz#187353
+*CVE-2006-1370 ** (helixplayer)
 CVE-2006-1368 version (kernel, fixed 2.6.16)
 CVE-2006-1354 version (freeradius, fixed 1.1.2 at least)
 CVE-2006-1343 version (kernel, fixed 2.6.16.19)
@@ -1156,16 +1140,16 @@
 CVE-2006-1329 version (jabberd, fixed 2.0s11)
 CVE-2006-1296 version (beagle, fixed 0.2.4)
 CVE-2006-1273 ignore (firefox) this issue only affects IE
-*CVE-2006-1269 patch (zoo, fixed 2.10-7) bz#183109
+*CVE-2006-1269 backport (zoo, fixed 2.10-7) bz#183109
 CVE-2006-1251 ignore (exim-sa, configuration not vulnerable) bz#191082
 CVE-2006-1242 version (kernel, fixed 2.6.16.1)
 CVE-2006-1174 version (shadow-utils, fixed 4.0.3)
 CVE-2006-1173 version (sendmail, fixed 8.13.7)
 *CVE-2006-1168 backport (ncompress) ncompress-4.2.4-bssUnderflow.patch
 CVE-2006-1095 version (mod_python, 3.2.7 only)
-*CVE-2006-1079 patch (thttpd, fixed 2.25b-11) bz#191095
+*CVE-2006-1079 backport (thttpd, fixed 2.25b-11) bz#191095
 CVE-2006-1079 ignore (httpd) not a vulnerability
-*CVE-2006-1078 patch (thttpd, fixed 2.25b-11) bz#191095
+*CVE-2006-1078 backport (thttpd, fixed 2.25b-11) bz#191095
 CVE-2006-1078 ignore (httpd) not a vulnerability
 CVE-2006-1066 version (kernel, fixed 2.6.16)
 CVE-2006-1061 version (curl, fixed 7.15.3)
@@ -1174,23 +1158,23 @@
 CVE-2006-1057 version (gdm, fixed 2.14.1)
 CVE-2006-1056 version (kernel, fixed 2.6.16.9)
 CVE-2006-1055 version (kernel, fixed 2.6.17)
-*CVE-2006-1053 (fedora directory server)
+*CVE-2006-1053 ** (fedora directory server)
 CVE-2006-1052 version (kernel, fixed 2.6.16)
 CVE-2006-1045 version (thunderbird, fixed 1.5.0.2)
 CVE-2006-1015 ignore (php) safe mode isn't safe
 CVE-2006-1014 ignore (php) safe mode isn't safe
 CVE-2006-0996 version (php, fixed 5.1.4)
 CVE-2006-0987 VULNERABLE (bind) example config file only
-CVE-2006-0903 version (mysql, 4.1.19)
+CVE-2006-0903 version (mysql, fixed 4.1.19)
 CVE-2006-0884 version (thunderbird, fixed 1.5.0.2)
 CVE-2006-0883 version (openssh, fixed 3.8.1p1)
-*CVE-2006-0855 patch (zoo, patched in OpenSUSE "upstream", fixed 2.10-7)
+*CVE-2006-0855 backport (zoo, patched in OpenSUSE "upstream", fixed 2.10-7)
 CVE-2006-0847 version (python-cherrypy, fixed 2.1.1)
 CVE-2006-0841 version (mantis, fixed 1.0.1)
 CVE-2006-0840 version (mantis, fixed 1.0.1)
 CVE-2006-0839 version (snort, fixed in 2.4.4) bz#183297
 CVE-2006-0836 ignore (thunderbird) only crash on manual import
-CVE-2006-0814 ignore (lighttpd, Windows-specific problem)
+CVE-2006-0814 ignore (lighttpd) Windows-specific problem
 CVE-2006-0804 ignore (tin, <= 1.8.0 not shipped)
 CVE-2006-0760 version (lighttpd, fixed 1.4.10)
 CVE-2006-0749 version (thunderbird, fixed 1.5.0.2)
@@ -1203,11 +1187,11 @@
 CVE-2006-0746 version (kdegraphics, fixed 3.4)
 CVE-2006-0745 version (xorg-x11-server, fixed 1.1.1 at least)
 CVE-2006-0744 version (kernel, fixed 2.6.16.5)
-*CVE-2006-0743 (log4net)
+*CVE-2006-0743 ** (log4net)
 CVE-2006-0742 version (kernel, fixed 2.6.16)
 CVE-2006-0741 version (kernel, fixed 2.6.15.5)
 CVE-2006-0730 version (dovecot, 1.0beta[12] only)
-*CVE-2006-0709 (metamail)
+*CVE-2006-0709 ** (metamail)
 CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert
 CVE-2006-0670 version (bluez-hcidump, fixed 1.30)
 CVE-2006-0665 version (mantis, fixed 1.0.1)
@@ -1231,13 +1215,13 @@
 CVE-2006-0456 ignore (kernel) s390 only
 CVE-2006-0455 version (gnupg, fixed 1.4.2.1)
 CVE-2006-0454 version (kernel, fixed 2.6.15.3)
-*CVE-2006-0453 (fedora directory server)
-*CVE-2006-0452 (fedora directory server)
-*CVE-2006-0451 (fedora directory server)
+*CVE-2006-0453 ** (fedora directory server)
+*CVE-2006-0452 ** (fedora directory server)
+*CVE-2006-0451 ** (fedora directory server)
 CVE-2006-0405 version (libtiff, 3.8.0 only)
 CVE-2006-0377 version (squirrelmail, fixed 1.4.6)
 CVE-2006-0369 ignore (mysql) this is not a security issue
-*CVE-2006-0323 (helixplayer)
+*CVE-2006-0323 ** (helixplayer)
 CVE-2006-0322 version (mediawiki, fixed 1.5.8)
 CVE-2006-0321 version (fetchmail, fixed 6.3.2)
 CVE-2006-0301 version (poppler, fixed 0.4.5)
@@ -1276,17 +1260,17 @@
 CVE-2006-0188 version (squirrelmail, fixed 1.4.6)
 CVE-2006-0162 version (clamav, fixed 0.88)
 CVE-2006-0151 ignore (sudo) only env_reset will properly clean the environment
-*CVE-2006-0150 (auth_ldap)
+*CVE-2006-0150 ** (auth_ldap)
 CVE-2006-0144 version (php-pear, not 1.4.4)
 CVE-2006-0126 version (rxvt-unicode, fixed 7.5)
 CVE-2006-0106 version (wine, fixed 0.9.10)
-*CVE-2006-0105 (postgresql)
+*CVE-2006-0105 ** (postgresql)
 CVE-2006-0097 ignore (php) Windows only
 CVE-2006-0096 ignore (kernel) minor and requires root
 CVE-2006-0095 version (kernel, fixed 2.6.16)
 CVE-2006-0082 version (ImageMagick, not 6.2.5.4)
 CVE-2006-0082 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
-CVE-2006-0071 ignore (pinentry, Gentoo-specific problem)
+CVE-2006-0071 ignore (pinentry) Gentoo-specific problem
 CVE-2006-0058 version (sendmail, fixed 8.13.6)
 CVE-2006-0052 version (mailman, fixed 2.1.6)
 CVE-2006-0049 version (gnupg, fixed 1.4.2.2)
@@ -1297,13 +1281,12 @@
 CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15)
 CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15)
 CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
-CVE-2006-0024 ignore, no-ship (flash-plugin)
 CVE-2006-0019 version (kdelibs, fixed 3.5.1)
-*CVE-2006-0017 (fedora directory server)
-*CVE-2006-0016 (fedora directory server)
-*CVE-2005-4838 (tomcat)
+*CVE-2006-0017 ** (fedora directory server)
+*CVE-2006-0016 ** (fedora directory server)
+*CVE-2005-4838 ** (tomcat)
 CVE-2005-4837 version (net-snmp, fixed 5.2.2)
-*CVE-2005-4836 (tomcat)
+*CVE-2005-4836 ** (tomcat)
 CVE-2005-4811 version (kernel, fixed 2.6.13)
 CVE-2005-4809 VULNERABLE (firefox)
 CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug
@@ -1326,7 +1309,7 @@
 CVE-2005-4635 version (kernel, fixed 2.6.15)
 CVE-2005-4618 version (kernel, fixed 2.6.15)
 CVE-2005-4605 version (kernel, fixed 2.6.15)
-*CVE-2005-4601 (ImageMagick)
+*CVE-2005-4601 ** (ImageMagick)
 CVE-2005-4601 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
 CVE-2005-4585 version (wireshark, fixed 0.10.14)
 CVE-2005-4442 version (openldap) gentoo only
@@ -1337,18 +1320,17 @@
 CVE-2005-4154 ignore (php) don't install untrusted pear packages
 *CVE-2005-4153 version (mailman)
 CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html
-*CVE-2005-4130 (helixplayer)
-*CVE-2005-4126 (helixplayer)
+*CVE-2005-4130 ** (helixplayer)
+*CVE-2005-4126 ** (helixplayer)
 CVE-2005-4077 version (curl, fixed 7.15.1)
-*CVE-2005-3964 (openmotif)
+*CVE-2005-3964 ** (openmotif)
 CVE-2005-3962 version (perl, fixed 5.8.8)
-CVE-2005-3896 (firefox,seamonkey,thunderbird)
+CVE-2005-3896 ignore (mozilla) client DoS
 CVE-2005-3883 version (php, fixed 5.1.1 at least)
 CVE-2005-3858 version (kernel, fixed 2.6.13)
 CVE-2005-3857 version (kernel, fixed 2.6.15)
 CVE-2005-3848 version (kernel, fixed 2.6.13)
 CVE-2005-3847 version (kernel, fixed 2.6.12.6)
-CVE-2005-3812 (firefox,seamonkey,thunderbird)
 CVE-2005-3810 version (kernel, fixed 2.6.15)
 CVE-2005-3809 version (kernel, fixed 2.6.15)
 CVE-2005-3808 version (kernel, fixed 2.6.15)
@@ -1367,7 +1349,7 @@
 CVE-2005-3651 version (wireshark, fixed 0.10.14)
 *CVE-2005-3632 version (netpbm)
 *CVE-2005-3631 version (udev)
-*CVE-2005-3630 (fedora directory server)
+*CVE-2005-3630 ** (fedora directory server)
 CVE-2005-3629 version (initscripts, fixed 8.29 at least)
 CVE-2005-3628 version (poppler, fixed 0.4.4)
 CVE-2005-3628 version (kdegraphics, fixed 3.5.1)
@@ -1390,11 +1372,10 @@
 CVE-2005-3624 version (cups, fixed 1.2.0)
 *CVE-2005-3624 backport (tetex)
 CVE-2005-3623 version (kernel, fixed 2.6.14.5)
-CVE-2005-3591 ignore, no-ship (flash-plugin)
 CVE-2005-3582 version (ImageMagick) gentoo only
 CVE-2005-3573 version (mailman, fixed 2.1.7)
 CVE-2005-3527 version (kernel, fixed 2.6.14)
-*CVE-2005-3510 (tomcat)
+*CVE-2005-3510 ** (tomcat)
 CVE-2005-3402 ignore (thunderbird) mozilla say by design
 CVE-2005-3392 version (php, not 5.0)
 CVE-2005-3391 version (php, not 5.0)
@@ -1405,11 +1386,11 @@
 CVE-2005-3358 version (kernel, fixed 2.6.11)
 CVE-2005-3357 version (httpd, fixed 2.2.1)
 CVE-2005-3356 version (kernel, fixed 2.6.16)
-*CVE-2005-3354 (sylpheed)
+*CVE-2005-3354 ** (sylpheed)
 CVE-2005-3353 version (php, not 5.0)
 CVE-2005-3352 version (httpd, fixed 2.2.1)
 CVE-2005-3351 version (spamassassin, fixed 3.1.0)
-*CVE-2005-3350 (libungif)
+*CVE-2005-3350 ** (libungif)
 CVE-2005-3322 version (squid) not upstream, SUSE only
 CVE-2005-3319 ignore (mod_php) no security consequence
 CVE-2005-3313 version (wireshark, fixed after 0.10.13)
@@ -1419,7 +1400,7 @@
 CVE-2005-3273 version (kernel, fixed 2.6.12)
 CVE-2005-3272 version (kernel, fixed 2.6.13)
 CVE-2005-3271 version (kernel, fixed 2.6.9)
-*CVE-2005-3269 (fedora directory server)
+*CVE-2005-3269 ** (fedora directory server)
 CVE-2005-3258 version (squid, fixed 2.5STABLE12)
 CVE-2005-3257 version (kernel, fixed 2.6.15)
 CVE-2005-3249 version (wireshark, fixed 0.10.13)
@@ -1447,7 +1428,7 @@
 CVE-2005-3185 version (wget, fixed 1.10.2 at least)
 CVE-2005-3185 version (curl, fixed 7.15)
 CVE-2005-3184 version (wireshark, fixed 0.10.13)
-*CVE-2005-3183 (w3c-libwww)
+*CVE-2005-3183 ** (w3c-libwww)
 CVE-2005-3181 version (kernel, fixed 2.6.13.4)
 CVE-2005-3180 version (kernel, fixed 2.6.13.4)
 CVE-2005-3179 version (kernel, fixed 2.6.13.4)
@@ -1470,9 +1451,9 @@
 CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
 CVE-2005-2978 version (netpbm, fixed 10.25)
 CVE-2005-2977 version (pam, fixed 0.99.2.1 at least)
-*CVE-2005-2976 (gdk-pixbuf)
+*CVE-2005-2976 ** (gdk-pixbuf)
 CVE-2005-2975 version (gtk2, fixed 2.8.7)
-*CVE-2005-2974 (libungif)
+*CVE-2005-2974 ** (libungif)
 CVE-2005-2973 version (kernel, fixed 2.6.14)
 CVE-2005-2970 version (httpd, not 2.2)
 CVE-2005-2969 version (openssl, fixed 0.9.8a)
@@ -1480,11 +1461,11 @@
 CVE-2005-2968 version (thunderbird)
 CVE-2005-2968 version (firefox)
 CVE-2005-2959 ignore (sudo) not a vulnerability
-*CVE-2005-2958 (libgda)
+*CVE-2005-2958 ** (libgda)
 CVE-2005-2946 version (openssl, fixed 0.9.8)
 *CVE-2005-2933 version (libc-client, fixed 2004g at least)
 *CVE-2005-2929 backport (lynx) changelog
-*CVE-2005-2922 (helixplayer)
+*CVE-2005-2922 ** (helixplayer)
 CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
 CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
 CVE-2005-2874 version (cups, fixed 1.1.23)
@@ -1500,7 +1481,7 @@
 CVE-2005-2796 version (squid, fixed 2.5.STABLE11)
 CVE-2005-2794 version (squid, fixed 2.5.STABLE11)
 CVE-2005-2728 version (httpd, not 2.2)
-*CVE-2005-2710 (helixplayer)
+*CVE-2005-2710 ** (helixplayer)
 CVE-2005-2709 version (kernel, fixed 2.6.14.3)
 CVE-2005-2708 ignore (kernel) not reproducable on x86_64
 CVE-2005-2707 version (thunderbird)
@@ -1522,8 +1503,7 @@
 CVE-2005-2666 version (openssh, fixed 4.0p1)
 CVE-2005-2642 version (mutt) openbsd only
 *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
-*CVE-2005-2629 (helixplayer)
-CVE-2005-2628 ignore, no-ship (flash-plugin)
+*CVE-2005-2629 ** (helixplayer)
 CVE-2005-2617 version (kernel, fixed 2.6.12.5)
 CVE-2005-2602 ignore (thunderbird) probably
 CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
@@ -1572,7 +1552,7 @@
 CVE-2005-2353 ignore (thunderbird) debug mode only
 CVE-2005-2337 version (ruby, fixed 1.8.3)
 CVE-2005-2335 version (fetchmail, fixed 6.2.5.2)
-*CVE-2005-2295 patch (netpanzer, fixed 0.8-4) bz#192990
+*CVE-2005-2295 backport (netpanzer, fixed 0.8-4) bz#192990
 CVE-2005-2270 version (thunderbird, fixed 1.0.5)
 CVE-2005-2270 version (firefox, fixed 1.0.5)
 CVE-2005-2269 version (thunderbird, fixed 1.0.5)
@@ -1602,7 +1582,7 @@
 CVE-2005-2096 version (rpm, fixed 4.4.2)
 CVE-2005-2096 backport (zlib, fixed 1.2.2.4)
 CVE-2005-2095 version (squirrelmail, fixed 1.4.5)
-*CVE-2005-2090 (tomcat)
+*CVE-2005-2090 ** (tomcat)
 CVE-2005-2088 version (httpd, not 2.2)
 CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180)
 *CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch
@@ -1629,13 +1609,13 @@
 CVE-2005-1760 version (sysreport, fixed 1.4.1-3)
 CVE-2005-1759 ignore (php) dead code path
 CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used
-*CVE-2005-1753 (tomcat)
+*CVE-2005-1753 ** (tomcat)
 CVE-2005-1751 version (nmap, fixed 3.93 at least)
 CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used
 CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
 CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least)
 CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
-*CVE-2005-1730 (openssl)
+*CVE-2005-1730 ** (openssl)
 *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch
 CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least)
 *CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch
@@ -1649,7 +1629,7 @@
 CVE-2005-1532 version (firefox, fixed 1.0.4)
 CVE-2005-1531 version (firefox, fixed 1.0.4)
 CVE-2005-1519 version (squid, fixed 2.5.STABLE10)
-CVE-2005-1476 (firefox,seamonkey,thunderbird)
+CVE-2005-1476 version (mozilla)
 CVE-2005-1470 version (wireshark, fixed 0.10.11)
 CVE-2005-1469 version (wireshark, fixed 0.10.11)
 CVE-2005-1468 version (wireshark, fixed 0.10.11)
@@ -1766,9 +1746,9 @@
 *CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless
 CVE-2005-0627 version (qt, fixed 3.3.4)
 CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
-*CVE-2005-0611 (helixplayer)
+*CVE-2005-0611 ** (helixplayer)
 CVE-2005-0605 version (libXpm, fixed 3.5.4 at least)
-*CVE-2005-0605 (lesstif)
+*CVE-2005-0605 ** (lesstif)
 CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour
 CVE-2005-0596 version (php, fixed 5.0)
 CVE-2005-0593 version (firefox)
@@ -1785,7 +1765,7 @@
 CVE-2005-0584 version (firefox)
 CVE-2005-0578 version (firefox)
 CVE-2005-0565 version (kernel, not 2.6)
-*CVE-2005-0546 (cyrus-imapd)
+*CVE-2005-0546 ** (cyrus-imapd)
 CVE-2005-0532 version (kernel, fixed 2.6.11)
 CVE-2005-0531 version (kernel, fixed 2.6.11)
 CVE-2005-0530 version (kernel, fixed 2.6.11)
@@ -1806,8 +1786,8 @@
 *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
 CVE-2005-0468 version (krb5, fixed 1.4.1)
 *CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
-*CVE-2005-0455 (helixplayer)
-*CVE-2005-0452 (perl)
+*CVE-2005-0455 ** (helixplayer)
+*CVE-2005-0452 ** (perl)
 CVE-2005-0449 version (kernel, fixed 2.6.11)
 CVE-2005-0448 version (perl, fixed 5.8.6)
 CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
@@ -1850,8 +1830,8 @@
 CVE-2005-0202 version (mailman, fixed 2.1.6)
 CVE-2005-0201 version (dbus, fixed 0.36.1)
 CVE-2005-0194 version (squid, fixed 2.5.STABLE8)
-*CVE-2005-0191 (helixplayer)
-*CVE-2005-0189 (helixplayer)
+*CVE-2005-0191 ** (helixplayer)
+*CVE-2005-0189 ** (helixplayer)
 CVE-2005-0180 version (kernel, fixed 2.6.11)
 CVE-2005-0179 version (kernel, fixed 2.6.11)
 CVE-2005-0178 version (kernel, fixed 2.6.11)
@@ -1910,7 +1890,7 @@
 CVE-2005-0034 version (bind, fixed after 9.3.0)
 CVE-2005-0033 version (bind, not 9)
 CVE-2005-0023 ignore (libvte) not a security risk
-*CVE-2005-0022 (exim)
+*CVE-2005-0022 ** (exim)
 CVE-2005-0014 version (ncpfs, fixed 2.2.6)
 CVE-2005-0013 version (ncpfs, fixed 2.2.6)
 CVE-2005-0011 version (kdeedu, not 3.4)
@@ -1925,10 +1905,10 @@
 CVE-2005-0001 version (kernel, fixed 2.6.10)
 CVE-2004-2660 version (kernel, fixed 2.6.10)
 CVE-2004-2657 ignore (firefox) windows only
-*CVE-2004-2655 (xscreensaver)
+*CVE-2004-2655 ** (xscreensaver)
 CVE-2004-2654 version (squid, fixed 2.6STABLE6)
-*CVE-2004-2645 (asn1c)
-*CVE-2004-2644 (asn1c)
+*CVE-2004-2645 ** (asn1c)
+*CVE-2004-2644 ** (asn1c)
 CVE-2004-2607 version (kernel, fixed 2.6.5)
 CVE-2004-2589 version (pidgin, fixed pidgin:0.82.1)
 CVE-2004-2546 version (samba, fixed 3.0.6)
@@ -1999,7 +1979,7 @@
 CVE-2004-1235 version (kernel, fixed 2.6.11)
 CVE-2004-1234 version (kernel, not 2.6)
 CVE-2004-1224 version (mtr, fixed 0.66)
-CVE-2004-1200 ignore (firefox, mozilla) not a security issue
+CVE-2004-1200 ignore (mozilla) not a security issue
 CVE-2004-1191 version (kernel, fixed 2.6.9)
 CVE-2004-1190 version (kernel, fixed 2.6.10)
 CVE-2004-1189 version (krb5, fixed 1.4)
@@ -2008,7 +1988,7 @@
 CVE-2004-1184 version (enscript, fixed 1.6.4 at least)
 CVE-2004-1183 version (libtiff, fixed 3.7.2)
 CVE-2004-1180 version (rwho, fixed 0.17)
-*CVE-2004-1178 (mailman)
+*CVE-2004-1178 ** (mailman)
 CVE-2004-1177 version (mailman, fixed 2.1.6)
 CVE-2004-1176 version (mc, fixed 4.6.0)
 CVE-2004-1175 version (mc, fixed 4.6.0)
@@ -2029,7 +2009,7 @@
 CVE-2004-1139 version (wireshark, fixed 0.10.8)
 CVE-2004-1138 version (vim, fixed 6.3)
 CVE-2004-1137 version (kernel, fixed 2.6.10)
-CVE-2004-1125 version (tetex, at least 3.0)
+CVE-2004-1125 version (tetex, fixed 3.0)
 CVE-2004-1125 version (kdegraphics, not 3.4)
 CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14)
 CVE-2004-1093 version (mc, fixed 4.6.0)
@@ -2053,8 +2033,8 @@
 CVE-2004-1056 version (kernel, fixed 2.6.10)
 CVE-2004-1051 version (sudo, fixed 1.6.8p2)
 CVE-2004-1036 version (squirrelmail, fixed 1.4.4)
-*CVE-2004-1026 patch (imlib, fixed 1.9.15-2) #235416
-*CVE-2004-1025 patch (imlib, fixed 1.9.15-2) #235416
+*CVE-2004-1026 backport (imlib, fixed 1.9.15-2) #235416
+*CVE-2004-1025 backport (imlib, fixed 1.9.15-2) #235416
 CVE-2004-1020 version (php, fixed after 5.0.2)
 CVE-2004-1019 version (php, fixed after 5.0.2)
 CVE-2004-1018 version (php, fixed after 5.0.2)
@@ -2100,7 +2080,7 @@
 CVE-2004-0929 version (libtiff, fixed 3.7.0)
 CVE-2004-0923 version (cups, fixed 1.1.22)
 CVE-2004-0918 version (squid, fixed 2.4.STABLE7)
-*CVE-2004-0914 (lesstif)
+*CVE-2004-0914 ** (lesstif)
 CVE-2004-0914 version (xorg-x11, fixed after 6.8.1)
 CVE-2004-0909 version (thunderbird)
 CVE-2004-0909 version (firefox)
@@ -2179,8 +2159,8 @@
 CVE-2004-0691 version (qt, fixed 3.3.3)
 CVE-2004-0690 version (kdelibs, fixed after 3.2.3)
 CVE-2004-0689 version (kdelibs, fixed 3.3.0)
-*CVE-2004-0688 (lesstif)
-*CVE-2004-0687 (lesstif)
+*CVE-2004-0688 ** (lesstif)
+*CVE-2004-0687 ** (lesstif)
 CVE-2004-0686 version (samba, fixed 3.0.6)
 CVE-2004-0685 version (kernel, not 2.6)
 CVE-2004-0658 ignore (kernel) not a security issue
@@ -2210,7 +2190,7 @@
 CVE-2004-0558 version (cups, fixed 1.1.21)
 CVE-2004-0557 version (sox, fixed after 12.17.4)
 CVE-2004-0554 version (kernel, fixed 2.6.7)
-*CVE-2004-0550 (helixplayer)
+*CVE-2004-0550 ** (helixplayer)
 CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue
 CVE-2004-0547 version (postgresql, fixed 7.2.1)
 CVE-2004-0541 version (squid, fixed 2.5.STABLE6)
@@ -2260,7 +2240,7 @@
 CVE-2004-0394 version (kernel, not 2.6) also not a vulnerability
 CVE-2004-0392 version (racoon, fixed 20040407b)
 CVE-2004-0388 version (mysql, fixed 4.1.11 at least)
-*CVE-2004-0387 (helixplayer)
+*CVE-2004-0387 ** (helixplayer)
 CVE-2004-0381 version (mysql, fixed 4.1.11 at least)
 CVE-2004-0367 version (wireshark, fixed 0.10.3)
 CVE-2004-0365 version (wireshark, fixed 0.10.3)
@@ -2269,13 +2249,12 @@
 CVE-2004-0233 version (libutempter, fixed 0.5.5)
 CVE-2004-0232 version (mc, fixed 4.6.0)
 CVE-2004-0231 version (mc, fixed 4.6.0)
-*CVE-2004-0230 (kernel)
+*CVE-2004-0230 ** (kernel)
 CVE-2004-0229 version (kernel, fixed 2.6.6)
 CVE-2004-0228 version (kernel, fixed 2.6.6)
 CVE-2004-0226 version (mc, fixed 4.6.0)
 CVE-2004-0189 version (squid, fixed 2.5.STABLE5)
 CVE-2004-0186 version (samba, not 3.0.2a)
-CVE-2004-0185 ignore, no-ship (wu-ftpd)
 CVE-2004-0184 version (tcpdump, fixed 3.8.2)
 CVE-2004-0183 version (tcpdump, fixed 3.8.2)
 CVE-2004-0182 version (mailman) only affected Red Hat packages
@@ -2330,12 +2309,11 @@
 CVE-2004-0005 version (pidgin, fixed pidgin:0.76)
 CVE-2004-0003 version (kernel, not 2.6)
 CVE-2004-0001 version (kernel, not 2.6)
-CVE-2003-1329 ignore, no-ship (wu-ftpd)
 CVE-2003-1307 ignore (mod_php) not a vulnerability
 CVE-2003-1303 version (php, fixed 4.3.3)
 CVE-2003-1302 version (php, fixed 4.3.1)
-*CVE-2003-1295 (xscreensaver)
-*CVE-2003-1294 (xscreensaver)
+*CVE-2003-1295 ** (xscreensaver)
+*CVE-2003-1294 ** (xscreensaver)
 CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
 CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
 CVE-2003-1232 version (emacs, fixed 21.3)
@@ -2343,7 +2321,7 @@
 CVE-2003-1161 version (kernel, not released version)
 *CVE-2003-1138 backport (httpd, Red Hat only) contains /+ now
 CVE-2003-1029 version (tcpdump, fixed after 3.8.1)
-CVE-2003-1023 version (mc, 4.6.1)
+CVE-2003-1023 version (mc, fixed 4.6.1)
 CVE-2003-1013 version (wireshark, fixed 0.10.0)
 CVE-2003-1012 version (wireshark, fixed 0.10.0)
 CVE-2003-0993 version (httpd, not 2.2)
@@ -2379,12 +2357,12 @@
 CVE-2003-0914 version (bind, not 9)
 CVE-2003-0901 version (postgresql, not 8)
 CVE-2003-0900 version (perl, only 5.8.1)
-*CVE-2003-0885 (xscreensaver)
+*CVE-2003-0885 ** (xscreensaver)
 CVE-2003-0865 version (tomcat, fixed after 4.0.3)
 CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html
 CVE-2003-0861 version (php, fixed 4.3.3)
 CVE-2003-0860 version (php, fixed 4.3.3)
-*CVE-2003-0859 version (glibc, checked fc5 source)
+*CVE-2003-0859 version (glibc) checked fc5 source
 CVE-2003-0858 version (quagga, fixed 0.95)
 *CVE-2003-0856 version (iproute)
 CVE-2003-0854 version (coreutils, fixed 5.1.3)
@@ -2684,7 +2662,7 @@
 CVE-2002-0972 version (postgresql, fixed 7.2.2)
 CVE-2002-0970 version (kdenetwork, fixed 3.0.3)
 CVE-2002-0935 version (tomcat, fixed 4.1.3)
-CVE-2002-0906 version (sendmail, fxied 8.12.5)
+CVE-2002-0906 version (sendmail, fixed 8.12.5)
 CVE-2002-0871 version (xinetd, fixed 2.3.7)
 CVE-2002-0855 version (mailman, fixed 2.0.12)
 CVE-2002-0843 version (httpd, not 2.2)
@@ -2752,7 +2730,7 @@
 CVE-2002-0384 version (pidgin, fixed pidgin:0.58)
 CVE-2002-0382 version (xchat, fixed 1.9.1)
 CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least)
-CVE-2002-0379 version (imap, vuln code removed imap-2002)
+CVE-2002-0379 version (imap) vuln code removed imap-2002
 CVE-2002-0377 version (pidgin, fixed pidgin:0.58)
 CVE-2002-0374 version (pam_ldap, fixed 144)
 CVE-2002-0363 version (ghostscript, fixed 6.53)
@@ -2787,7 +2765,7 @@
 CVE-2002-0063 version (cups, fixed 1.1.14)
 CVE-2002-0062 version (ncurses, only 5.0)
 CVE-2002-0060 version (kernel, fixed 2.5.5)
-*CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc)
+*CVE-2002-0059 ** (zlib) cvs, dump, gcc, libgcj, kernel, vnc
 CVE-2002-0059 version (rsync, fixed 2.5.4/2.6.6)
 CVE-2002-0059 version (zlib, fixed 1.1.4)
 CVE-2002-0048 version (rsync, fixed 2.5.2)
@@ -2799,27 +2777,24 @@
 CVE-2002-0029 version (bind, not 9)
 CVE-2002-0013 version (net-snmp, fixed 4.2.3)
 CVE-2002-0012 version (net-snmp, fixed 4.2.3)
-CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong
+CVE-2002-0006 version (xchat, fixed 1.8.7) cve is wrong
 CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-11-lexer-parser.diff
 CVE-2002-0003 version (groff, fixed 1.17.2)
 CVE-2002-0002 version (stunnel, fixed 3.22)
 CVE-2002-0001 version (mutt, fixed 1.3.25)
 CVE-2001-1494 version (util-linux, fixed 2.11n)
-*CVE-2001-1429 (mc)
+*CVE-2001-1429 ** (mc)
 CVE-2001-0955 version (XFree86, fixed 4.2.0)
-CVE-2001-0935 ignore, no-ship (wu-ftpd)
 CVE-2001-0474 version (mesa, fixed 3.3-14)
 CVE-2001-0310 ignore (sort) mkstemp is now being used
-CVE-2001-0235 (vixie-cron) ** Is this really CVE-2005-1038?
-CVE-2001-0187 ignore, no-ship (wu-ftpd)
+CVE-2001-0235 ignore (vixie-cron) if anything crontabs are visible anyways -- via shell's argv[0]
 CVE-2000-1191 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch
 CVE-2000-1137 version (ed, fixed 0.2-18.1)
-*CVE-2000-0992 (krb5)
+*CVE-2000-0992 ** (krb5)
 CVE-2000-0504 version (libICE, fixed XFree86:4.0.1)
 CVE-2000-0172 version (mtr, fixed 0.42)
 CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch
-*CVE-1999-1332 (gzip)
-CVE-1999-0997 ignore, no-ship (wu-ftpd)
+*CVE-1999-1332 ** (gzip)
 CVE-1999-0710 version (squid, fixed 2.5.STABLE10)
 CVE-1999-0473 version (rsync, fixed 2.3.1)
 CVE-1999-0103 ignore (bind) this is the nature of UDP

More information about the Fedora-security-commits mailing list