[Fedora-security-commits] fedora-security/audit fc6, 1.279, 1.280 fc7, 1.144, 1.145

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Thu Oct 18 11:48:52 UTC 2007 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2042/audit

Modified Files:
	fc6 fc7 
Log Message:
libpng, phpmyadmin
bunch of fedora updates



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.279
retrieving revision 1.280
diff -u -r1.279 -r1.280
--- fc6	15 Oct 2007 14:37:07 -0000	1.279
+++ fc6	18 Oct 2007 11:48:50 -0000	1.280
@@ -5,15 +5,19 @@
 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
 
 # Up to date CVE as of CVE email 20071015
-# Up to date FC6 as of 20071010
+# Up to date FC6 as of 20071017
 
-CVE-2007-5208 VULNERABLE (hplip) #329121
-CVE-2007-5191 VULNERABLE (util-linux) #320141
+CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337471
+CVE-2007-5268 ignore (libpng) shipped version too old and not affected
+CVE-2007-5267 ignore (libpng) shipped version too old and not affected
+CVE-2007-5266 ignore (libpng) shipped version too old and not affected
+CVE-2007-5208 backport (hplip) #329121 [since FEDORA-2007-724]
+CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-722]
 CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718]
-CVE-2007-5137 VULNERABLE (tk, fixed 8.4.16) #332071
-CVE-2007-5135 VULNERABLE (openssl, fixed 0.9.8d)
+CVE-2007-5137 backport (tk, fixed 8.4.16) #332071 [since FEDORA-2007-728]
+CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-725]
 CVE-2007-5034 version (elinks) #297611 [since FEDORA-2007-710]
-CVE-2007-4995 VULNERABLE (openssl, fixed 0.9.8f)
+CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-725]
 CVE-2007-4993 backport (xen) [since FEDORA-2007-713]
 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
 CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561
@@ -21,7 +25,7 @@
 CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315331
 CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) #315301
-CVE-2007-4752 VULNERABLE (openssh) #280471
+CVE-2007-4752 backport (openssh) #280471 [since FEDORA-2007-715]
 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694]
 CVE-2007-4730 ignore (xorg-x11) #286061 ajax says FC6 is not vulnerable
 CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
@@ -104,6 +108,7 @@
 CVE-2007-3126 ignore (gimp) just a crash
 CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-661]
 CVE-2007-3106 VULNERABLE (libvorbis) #250600
+CVE-2007-3102 backport (openssh) [since FEDORA-2007-715]
 CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647]
 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600]
 CVE-2007-2875 version (kernel) [since FEDORA-2007-600]


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.144
retrieving revision 1.145
diff -u -r1.144 -r1.145
--- fc7	15 Oct 2007 14:37:07 -0000	1.144
+++ fc7	18 Oct 2007 11:48:50 -0000	1.145
@@ -6,20 +6,26 @@
 # A couple of first F7 updates were marked as FEDORA-2007-0001
 
 # Up to date CVE as of CVE email 20071015
-# Up to date FC7 as of 20071003
+# Up to date FC7 as of 20071017
 
+GENERIC-MAP-NOMATCH VULNERABLE (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6
 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe
-CVE-2007-5386 ** (phpmyadmin)
-CVE-2007-5226 VULNERABLE (dircproxy) #319301
-CVE-2007-5208 VULNERABLE (hplip) #329111
+CVE-2007-5386 VULNERABLE (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
+CVE-2007-5269 VULNERABLE (libpng10) update pending
+CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337461
+CVE-2007-5268 ignore (libpng) shipped version too old and not affected
+CVE-2007-5267 ignore (libpng) shipped version too old and not affected
+CVE-2007-5266 ignore (libpng) shipped version too old and not affected
+CVE-2007-5226 backport (dircproxy) #319301 [since FEDORA-2007-2419]
+CVE-2007-5208 backport (hplip) #329111 [since FEDORA-2007-2527]
 CVE-2007-5201 VULNERABLE (duplicity) #293081
 CVE-2007-5200 VULNERABLE (hugin) #332401
 CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #315101
 CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462]
 CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406]
 CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295]
-CVE-2007-5137 VULNERABLE (tk, fixed 8.4.16) #332061
-CVE-2007-5135 VULNERABLE (openssl, fixed 0.9.8d)
+CVE-2007-5137 backport (tk, fixed 8.4.16) #332061 [since FEDORA-2007-2564]
+CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-2530]
 CVE-2007-5106 ignore (wordpress) affects old 2.0.x versions
 CVE-2007-5105 ignore (wordpress) affects old 2.0.x versions
 CVE-2007-5079 VULNERABLE (gdm) #239820
@@ -29,12 +35,12 @@
 CVE-2007-5007 VULNERABLE (balsa) #297601
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
 CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368]
-CVE-2007-4995 VULNERABLE (openssl, fixed 0.9.8f)
+CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530]
 CVE-2007-4993 backport (xen) [since FEDORA-2007-2270]
 CVE-2007-4990 VULNERABLE (xorg-x11-xfs, fixed 1.0.5)
 CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236]
 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
-CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297551
+CVE-2007-4924 version (opal, fixed 2.2.10) #297551 [since FEDORA-2007-2245]
 CVE-2007-4897 version (opal, fixed 2.2.9)
 CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
 CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
@@ -117,7 +123,7 @@
 CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-CVE-2007-3917 VULNERABLE (wesnoth) #324841
+CVE-2007-3917 version (wesnoth, fixed 1.2.7) #324841 [since FEDORA-2007-2496]
 CVE-2007-3848 version (kernel) [since FEDORA-2007-1785]
 CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214]
 CVE-2007-3845 ignore (firefox) windows specific
@@ -127,9 +133,9 @@
 CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699]
 CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700]
 CVE-2007-3799 ** (php)
-CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44)
-CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44)
-CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44)
+CVE-2007-3781 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
+CVE-2007-3782 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
+CVE-2007-3780 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
 CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620]
 CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138]
 CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138]

More information about the Fedora-security-commits mailing list