[Fedora-security-commits] fedora-security/audit fc6, 1.280, 1.281 fc7, 1.147, 1.148
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Tue Oct 23 14:25:42 UTC 2007
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13250/audit
Modified Files:
fc6 fc7
Log Message:
note mozilla cve ids
Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.280
retrieving revision 1.281
diff -u -r1.280 -r1.281
--- fc6 18 Oct 2007 11:48:50 -0000 1.280
+++ fc6 23 Oct 2007 14:25:40 -0000 1.281
@@ -7,6 +7,21 @@
# Up to date CVE as of CVE email 20071015
# Up to date FC6 as of 20071017
+CVE-2007-5340 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-5340 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-5340 VULNERABLE (seamonkey, fixed 1.1.5)
+CVE-2007-5339 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-5339 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-5339 VULNERABLE (seamonkey, fixed 1.1.5)
+CVE-2007-5338 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-5338 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-5338 VULNERABLE (seamonkey, fixed 1.1.5)
+CVE-2007-5337 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-5337 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-5337 VULNERABLE (seamonkey, fixed 1.1.5)
+CVE-2007-5334 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-5334 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-5334 VULNERABLE (seamonkey, fixed 1.1.5)
CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337471
CVE-2007-5268 ignore (libpng) shipped version too old and not affected
CVE-2007-5267 ignore (libpng) shipped version too old and not affected
@@ -23,6 +38,7 @@
CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561
CVE-2007-4897 VULNERABLE (opal, fixed 2.2.8) #297561
CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137
+CVE-2007-4841 ignore (mozilla suite) Windows only
CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315331
CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) #315301
CVE-2007-4752 backport (openssh) #280471 [since FEDORA-2007-715]
@@ -68,7 +84,7 @@
CVE-2007-3848 version (kernel) [since FEDORA-2007-679]
CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707]
CVE-2007-3845 ignore (firefox) windows specific
-CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
+CVE-2007-3844 VULNERABLE (firefox, fixed 2.0.0.6) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-716]
@@ -78,6 +94,9 @@
CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44)
CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44)
CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655]
+CVE-2007-3511 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-3511 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-3511 VULNERABLE (seamonkey, fixed 1.1.5)
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561]
CVE-2007-3478 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
@@ -128,6 +147,9 @@
CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600]
CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529]
CVE-2007-2438 version (vim, fixed 7.0.235) #238734 [since FEDORA-2007-492]
+CVE-2007-2292 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-2292 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-2292 VULNERABLE (seamonkey, fixed 1.1.5)
CVE-2007-2242 version (kernel) [since FEDORA-2007-482]
CVE-2007-2138 version (postgresql, fixed 8.1.9) [since FEDORA-2007-565]
CVE-2007-2028 backport (freeradius) [since FEDORA-2007-499]
@@ -162,6 +184,9 @@
CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315]
CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505]
CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
+CVE-2007-1095 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-1095 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-1095 VULNERABLE (seamonkey, fixed 1.1.5)
CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322]
CVE-2007-1004 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390627
CVE-2007-1003 backport (xorg-x11-server, fixed > X11R7.2) #235263 [since FEDORA-2007-425]
@@ -300,6 +325,8 @@
CVE-2006-5051 backport (openssh, fixed 4.4)
CVE-2006-4997 version (kernel, fixed 2.6.18)
CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA
+CVE-2006-4965 ignore (firefox, fixed 2.0.0.7) windows only
+CVE-2006-4965 ignore (seamonkey) windows only
CVE-2006-4925 ignore (openssh) client crash only
CVE-2006-4924 backport (openssh, fixed 4.4)
CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr
@@ -479,7 +506,8 @@
CVE-2006-2932 ignore (kernel) no 4G/4G split support
CVE-2006-2916 ignore (arts) not shipped setuid
CVE-2006-2906 backport (gd) from changelog
-CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236
+CVE-2006-2894 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2006-2894 VULNERABLE (seamonkey, fixed 1.1.5) #194511
CVE-2006-2842 version (squirrelmail, fixed 1.4.6)
CVE-2006-2789 version (evolution, fixed 2.4.X)
CVE-2006-2788 version (firefox, fixed 1.5.0.4)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.147
retrieving revision 1.148
diff -u -r1.147 -r1.148
--- fc7 22 Oct 2007 12:19:17 -0000 1.147
+++ fc7 23 Oct 2007 14:25:40 -0000 1.148
@@ -8,6 +8,7 @@
# Up to date CVE as of CVE email 20071015
# Up to date FC7 as of 20071017
+GENERIC-MAP-NOMATCH VULNERABLE (nagios-plugins) #348731 check_snmp overflow
CVE-2007-5597 VULNERABLE (drupal, fixed 5.3)
CVE-2007-5596 VULNERABLE (drupal, fixed 5.3)
CVE-2007-5595 VULNERABLE (drupal, fixed 5.3)
@@ -17,6 +18,21 @@
CVE-2007-5585 (tempest) #336331
CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe
CVE-2007-5386 VULNERABLE (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
+CVE-2007-5340 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-5340 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-5340 VULNERABLE (seamonkey, fixed 1.1.5)
+CVE-2007-5339 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-5339 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-5339 VULNERABLE (seamonkey, fixed 1.1.5)
+CVE-2007-5338 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-5338 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-5338 VULNERABLE (seamonkey, fixed 1.1.5)
+CVE-2007-5337 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-5337 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-5337 VULNERABLE (seamonkey, fixed 1.1.5)
+CVE-2007-5334 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-5334 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-5334 VULNERABLE (seamonkey, fixed 1.1.5)
CVE-2007-5269 VULNERABLE (libpng10) update pending
CVE-2007-5269 VULNERABLE (libpng, fixed 1.2.21) #337461
CVE-2007-5268 ignore (libpng) shipped version too old and not affected
@@ -133,7 +149,7 @@
CVE-2007-3848 version (kernel) [since FEDORA-2007-1785]
CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214]
CVE-2007-3845 ignore (firefox) windows specific
-CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
+CVE-2007-3844 VULNERABLE (firefox, fixed 2.0.0.6) #250648 "fixed on next update"
CVE-2007-3843 VULNERABLE (kernel) #246595
CVE-2007-3841 ignore (pidgin) ethically disclosed
CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699]
@@ -158,6 +174,9 @@
CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904]
CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
CVE-2007-3543 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
+CVE-2007-3511 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-3511 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-3511 VULNERABLE (seamonkey, fixed 1.1.5)
CVE-2007-3508 ignore (glibc) not an issue
CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033]
CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045]
@@ -278,6 +297,9 @@
CVE-2007-2381 ignore (MochiKit) #238616
*CVE-2007-2356 ** (gimp)
*CVE-2007-2353 ** (axis)
+CVE-2007-2292 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-2292 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-2292 VULNERABLE (seamonkey, fixed 1.1.5)
*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped.
CVE-2007-2241 backport (bind) [since FEDORA-2007-0300]
@@ -398,6 +420,9 @@
*CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
CVE-2007-1216 version (krb5, fixed 1.6-3) #231537
*CVE-2007-1103 VULNERABLE (tor) #230927
+CVE-2007-1095 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2007-1095 VULNERABLE (thunderbird, fixed 2.0.0.6)
+CVE-2007-1095 VULNERABLE (seamonkey, fixed 1.1.5)
CVE-2007-1092 version (seamonkey, fixed 1.0.8)
CVE-2007-1055 version (mediawiki, fixed 1.8.3)
CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
@@ -700,6 +725,8 @@
CVE-2006-4997 version (kernel, fixed 2.6.18)
CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA
*CVE-2006-4976 ** (php-adodb) #208299
+CVE-2006-4965 ignore (firefox, fixed 2.0.0.7) windows only
+CVE-2006-4965 ignore (seamonkey) windows only
CVE-2006-4943 version (moodle, fixed 1.6.3) #206516
CVE-2006-4942 version (moodle, fixed 1.6.3) #206516
CVE-2006-4941 version (moodle, fixed 1.6.3) #206516
@@ -925,8 +952,8 @@
CVE-2006-2920 version (sylpheed-claws, fixed 2.2.2)
CVE-2006-2916 ignore (arts) not shipped setuid
CVE-2006-2906 backport (gd) from changelog
-CVE-2006-2894 VULNERABLE (seamonkey) #194511
-CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236
+CVE-2006-2894 VULNERABLE (firefox, fixed 2.0.0.8)
+CVE-2006-2894 VULNERABLE (seamonkey, fixed 1.1.5) #194511
CVE-2006-2842 version (squirrelmail, fixed 1.4.6)
CVE-2006-2789 version (evolution, fixed 2.4.X)
CVE-2006-2788 version (firefox, fixed 1.5.0.4)
More information about the Fedora-security-commits
mailing list