Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12078 Modified Files: fc7 Log Message: Add a number of outstanding CVE ids Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- fc7 11 Jun 2007 17:23:05 -0000 1.1 +++ fc7 11 Jun 2007 20:21:46 -0000 1.2 @@ -9,46 +9,97 @@ *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 *CVE-2007-3025 ignore (clamav, Solaris only) +*CVE-2007-3007 ignore (php) safe mode isn't safe +*CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 +*CVE-2007-2874 (wpa_supplicant) #242455 *CVE-2007-2871 version (seamonkey, fixed 1.0.9) *CVE-2007-2870 version (seamonkey, fixed 1.0.9) +*CVE-2007-2869 (firefox) *CVE-2007-2868 version (seamonkey, fixed 1.0.9) *CVE-2007-2867 version (seamonkey, fixed 1.0.9) *CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 +*CVE-2007-2844 ignore (php) #241641 +*CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 +*CVE-2007-2799 (file) +*CVE-2007-2768 (openssh) +*CVE-2007-2756 ignore (gd) DoS only +*CVE-2007-2754 (freetype) *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 +*CVE-2007-2683 (mutt) *CVE-2007-2654 VULNERABLE (xfsdump) #240396 *CVE-2007-2650 ** (clamav) #240395 +*CVE-2007-2645 ignore (libexif) #240055 DoS only *CVE-2007-2637 patch (moin, fixed 1.5.7-2) *CVE-2007-2627 ** (wordpress) #239904 +*CVE-2007-2589 (squirrelmail) +*CVE-2007-2583 (mysql) +*CVE-2007-2519 ignore (php-pear) no trust boundary is crossed +*CVE-2007-2511 ignore (php) #239011 see the bug +*CVE-2007-2510 (php) +*CVE-2007-2509 (php) *CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213 +*CVE-2007-2452 (locate) +*CVE-2007-2447 (samba) +*CVE-2007-2446 (samba) *CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398 +*CVE-2007-2444 (samba) *CVE-2007-2438 VULNERABLE (vim) #238734 +*CVE-2007-2437 ignore (xorg-x11) DoS only +*CVE-2007-2435 (java) *CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 *CVE-2007-2381 ignore (MochiKit) #238616 +*CVE-2007-2356 (gimp) +*CVE-2007-2353 (axis) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 +*CVE-2007-2243 (openssh) +*CVE-2007-2241 (bind) +*CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction +*CVE-2007-2172 (kernel) *CVE-2007-2165 VULNERABLE (proftpd) #237533 +*CVE-2007-2138 (postgresql) *CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) *CVE-2007-2029 ignore (clamav, 0.90/0.90.1 only) +*CVE-2007-2028 (freeradius) +*CVE-2007-2026 (file) *CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) *CVE-2007-1997 ignore (clamav, 0.90/0.90.1 only) +*CVE-2007-1995 (quagga) #240488 *CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 *CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2) *CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912 *CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 *CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 +*CVE-2007-1864 (php) +*CVE-2007-1862 (httpd) +*CVE-2007-1859 (xscreensaver) +*CVE-2007-1858 (tomcat) *CVE-2007-1856 VULNERABLE (vixie-cron) #235882 *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 *CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 *CVE-2007-1745 ignore (clamav, 0.90/0.90.1 only) #236703 +*CVE-2007-1743 (httpd) +*CVE-2007-1742 (httpd) +*CVE-2007-1741 (httpd) *CVE-2007-1732 ignore (wordpress) #235015 +*CVE-2007-1718 (php) +*CVE-2007-1717 (php) +*CVE-2007-1711 (php) +*CVE-2007-1710 (php) +*CVE-2007-1709 (php) +*CVE-2007-1667 (xorg-x11) +*CVE-2007-1649 (php) *CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 +*CVE-2007-1583 (php) *CVE-2007-1565 ignore (konqueror) client crash *CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] +*CVE-2007-1562 (firefox, seamonkey, thunderbird) +*CVE-2007-1560 (squid) *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) *CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 @@ -56,13 +107,19 @@ *CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 +*CVE-2007-1536 (file) +*CVE-2007-1521 (php) *CVE-2007-1515 version (imp, fixed 4.1.4) +*CVE-2007-1496 (kernel) +*CVE-2007-1484 (php) *CVE-2007-1475 ignore (php) unshipped ibase extension *CVE-2007-1474 version (horde, fixed 3.1.4) *CVE-2007-1474 ignore (imp, < 4.x only) *CVE-2007-1473 version (horde, fixed 3.1.4) +*CVE-2007-1466 (openoffice.org) *CVE-2007-1464 version (inkscape, fixed 0.45.1) *CVE-2007-1463 version (inkscape, fixed 0.45.1) +*CVE-2007-1460 (php) *CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 *CVE-2007-1413 ignore (php) Windows NT SNMP specific @@ -78,41 +135,62 @@ *CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3) *CVE-2007-1385 version (ktorrent, fixed 2.1.2) *CVE-2007-1384 version (ktorrent, fixed 2.1.2) +*CVE-2007-1375 (php) *CVE-2007-1366 ** (qemu) #238723 *CVE-2007-1362 version (seamonkey, fixed 1.0.9) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 +*CVE-2007-1354 (jboss) *CVE-2007-1352 VULNERABLE (libXfont) #235265 *CVE-2007-1351 VULNERABLE (libXfont) #235265 *CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 *CVE-2007-1320 ** (qemu) #238723 +*CVE-2007-1287 (php) +*CVE-2007-1286 (php) +*CVE-2007-1285 (php) *CVE-2007-1282 version (seamonkey, fixed 1.0.8) *CVE-2007-1277 version (wordpress, fixed 2.1.2) *CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733 *CVE-2007-1263 version (gpgme, fixed 1.1.4) *CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] +*CVE-2007-1262 (squirrelmail) *CVE-2007-1253 patch (blender, fixed 2.42a-21) #239338 *CVE-2007-1246 patch (xine-lib, fixed 1.1.4-3) *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 *CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] +*CVE-2007-1216 (krb5) *CVE-2007-1103 VULNERABLE (tor) #230927 *CVE-2007-1092 version (seamonkey, fixed 1.0.8) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) *CVE-2007-1054 version (mediawiki, fixed 1.8.4) *CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991 +*CVE-2007-1036 (jboss) +*CVE-2007-1030 (libevent) +*CVE-2007-1007 (ekiga) *CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] *CVE-2007-1004 VULNERABLE (firefox, ...) *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 *CVE-2007-1002 VULNERABLE (evolution) #233587 +*CVE-2007-1001 (php) *CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] +*CVE-2007-0999 (ekiga) *CVE-2007-0998 version (qemu, fixed 0.8.2) *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] *CVE-2007-0996 version (seamonkey, fixed 1.0.8) *CVE-2007-0995 version (seamonkey, fixed 1.0.8) +*CVE-2007-0988 (php) *CVE-2007-0981 VULNERABLE (firefox, ...) *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 +*CVE-2007-0957 (krb5) +*CVE-2007-0956 (krb5) +*CVE-2007-0911 (php) +*CVE-2007-0910 (php) +*CVE-2007-0909 (php) +*CVE-2007-0908 (php) +*CVE-2007-0907 (php) +*CVE-2007-0906 (php) *CVE-2007-0903 version (ejabberd, fixed 1.1.3) *CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 @@ -128,7 +206,9 @@ *CVE-2007-0778 version (seamonkey, fixed 1.0.8) *CVE-2007-0777 version (seamonkey, fixed 1.0.8) *CVE-2007-0775 version (seamonkey, fixed 1.0.8) +*CVE-2007-0774 (mod_jk) *CVE-2007-0772 version (kernel) [since FEDORA-2007-291] +*CVE-2007-0771 (kernel) *CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 *CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 *CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated @@ -137,6 +217,8 @@ *CVE-2007-0653 VULNERABLE (xmms) #233705 *CVE-2007-0650 ignore (tetex) needs user's assistance *CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 +*CVE-2007-0578 (mpg321) +*CVE-2007-0555 (postgresql) *CVE-2007-0541 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469 @@ -153,18 +235,27 @@ *CVE-2007-0457 VULNERABLE (wireshark, fixed 0.99.5) #227140 *CVE-2007-0456 VULNERABLE (wireshark, fixed 0.99.5) #227140 *CVE-2007-0455 VULNERABLE (gd) #224610 +*CVE-2007-0454 (samba) +*CVE-2007-0452 (samba) *CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] +*CVE-2007-0450 (tomcat) +*CVE-2007-0448 (php) *CVE-2007-0405 version (Django, fixed 0.95.1) *CVE-2007-0404 version (Django, fixed 0.95.1) *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] *CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] +*CVE-2007-0243 (java-ibm) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 +*CVE-2007-0239 (openoffice.org) +*CVE-2007-0238 (openoffice.org) *CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage +*CVE-2007-0227 (slocate) *CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 *CVE-2007-0160 patch (centericq, fixed 4.21.0-9) #227791 +*CVE-2007-0157 (neon) *CVE-2007-0109 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0107 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101 @@ -172,6 +263,12 @@ *CVE-2007-0104 ignore (kdegraphics) only client DoS *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 *CVE-2007-0086 ignore (apache) not a security issue +*CVE-2007-0080 (freeradius) +*CVE-2007-0048 (acroread) +*CVE-2007-0046 (acroread) +*CVE-2007-0045 (acroread) +*CVE-2007-0044 (acroread) +*CVE-2007-0010 (gtk2) *CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] *CVE-2007-0009 ignore (seamonkey, uses system NSS) *CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] @@ -181,29 +278,48 @@ *CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226] *CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] *CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] +*CVE-2007-0001 (kernel) +*CVE-2006-7205 (php) +*CVE-2006-7204 (php) +*CVE-2006-7197 (tomcat) +*CVE-2006-7196 (tomcat) +*CVE-2006-7195 (tomcat) +*CVE-2006-7195 (tomcat) *CVE-2006-7193 ignore (php-Smarty, SMARTY_DIR is a constant) +*CVE-2006-7176 (sendmail) +*CVE-2006-7175 (sendmail) *CVE-2006-7162 version (putty, fixed 0.59) #231726 +*CVE-2006-7151 (libtool) +*CVE-2006-7139 (kmail) +*CVE-2006-7108 (util-linux) *CVE-2006-6979 backport (amarok, fixed 1.4.5-2) #228138 +*CVE-2006-6948 (myodbc) *CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6939 VULNERABLE (ed, fixed 0.3) #223075 *CVE-2006-6899 version (bluez-utils, fixed 2.23) *CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019] +*CVE-2006-6811 ignore (ksirc) DoS only *CVE-2006-6808 version (wordpress, fixed 2.1-0) #221023 *CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 *CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077] +*CVE-2006-6745 (java-ibm) +*CVE-2006-6736 (java-ibm) +*CVE-2006-6731 (java-ibm) *CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043] *CVE-2006-6698 VULNERABLE (GConf2) #219280 *CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible +*CVE-2006-6628 (openoffice.org) *CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6610 version (nexuiz, fixed 2.2.1) #220034 *CVE-2006-6609 version (nexuiz, fixed 2.2.1) #220034 *CVE-2006-6574 backport (mantis, fixed 1.0.6-2) #219937 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 +*CVE-2006-6561 (openoffice.org) *CVE-2006-6515 version (mantis, fixed 1.0.6) #219720 *CVE-2006-6505 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6504 version (seamonkey, fixed 1.0.7) #220516 @@ -214,6 +330,7 @@ *CVE-2006-6499 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6498 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6497 version (seamonkey, fixed 1.0.7) #220516 +*CVE-2006-6493 (openldap) *CVE-2006-6481 version (clamav, fixed 0.88.7) *CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 *CVE-2006-6385 ignore (kernel) windows only @@ -227,6 +344,8 @@ *CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441] *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6297 ignore (kdegraphics) just a crash +*CVE-2006-6238 (konqueror) probably safari only +*CVE-2006-6236 (acroread) *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 @@ -243,6 +362,9 @@ *CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] *CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067] +*CVE-2006-6103 (xorg-x11) +*CVE-2006-6102 (xorg-x11) +*CVE-2006-6101 (xorg-x11) *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] *CVE-2006-6085 version (kile, fixed 1.9.3) #217238 *CVE-2006-6077 VULNERABLE (firefox) @@ -252,18 +374,24 @@ *CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 +*CVE-2006-6027 (acroread) +*CVE-2006-6015 (pcre) *CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6 *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 *CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508 +*CVE-2006-5969 (fvwm) +*CVE-2006-5941 (net-snmp) *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] *CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4) *CVE-2006-5874 version (clamav, fixed 0.88.1) *CVE-2006-5871 version (kernel, fixed 2.6.10) +*CVE-2006-5870 (openoffice.org) *CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560 *CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] *CVE-2006-5864 VULNERABLE (evince) #217672 *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 +*CVE-2006-5857 (acroread) *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 @@ -273,8 +401,10 @@ *CVE-2006-5783 ignore (firefox) disputed *CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768 *CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 +*CVE-2006-5754 (kernel) *CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] *CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471] +*CVE-2006-5750 (jboss) *CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2) *CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] *CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822 @@ -314,6 +444,7 @@ *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280 *CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] +*CVE-2006-5330 (flash-plugin) *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 @@ -352,6 +483,7 @@ *CVE-2006-4925 ignore (openssh) client crash only *CVE-2006-4924 backport (openssh, fixed 4.4) *CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr +*CVE-2006-4816 (php) *CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-4813 version (kernel, fixed 2.6.13) *CVE-2006-4812 backport (php) php-5.1.6-ecalloc.patch @@ -369,6 +501,7 @@ *CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514 *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4663 ignore (kernel) not a vulnerability +*CVE-2006-4640 (flash-plugin) *CVE-2006-4625 ignore (php) safe mode isn't safe *CVE-2006-4624 version (mailman, fixed 2.1.9rc1) *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) @@ -429,6 +562,7 @@ *CVE-2006-4330 version (wireshark, fixed 0.99.3) *CVE-2006-4310 ignore (firefox) crash only *CVE-2006-4262 backport (cscope) +*CVE-2006-4261 (firefox) *CVE-2006-4253 version (thunderbird, fixed 1.5.0.7) *CVE-2006-4253 version (seamonkey, fixed 1.0.5) #209167 *CVE-2006-4253 version (firefox, fixed 1.5.0.7) @@ -439,9 +573,11 @@ *CVE-2006-4226 version (mysql, fixed 5.0.26,5.1.12) #203428 [since FEDORA-2006-1297] *CVE-2006-4192 patch (libmodplug, fixed 0.8-3) *CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 +*CVE-2006-4181 (gnuradius) *CVE-2006-4146 backport (gdb) *CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) +*CVE-2006-4124 (lesstif) *CVE-2006-4096 backport (bind) *CVE-2006-4095 backport (bind) *CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5) @@ -503,6 +639,7 @@ *CVE-2006-3740 version (libXfont, fixed 1.2.2) *CVE-2006-3739 version (libXfont, fixed 1.2.2) *CVE-2006-3738 backport (openssl, fixed 0.9.8d) +*CVE-2006-3733 ignore (jboss) cisco only *CVE-2006-3731 ignore (firefox) just a user complicit crash *CVE-2006-3694 version (ruby, fixed 1.8.5) *CVE-2006-3677 version (thunderbird, fixed 1.5.0.5) @@ -521,6 +658,7 @@ *CVE-2006-3627 version (wireshark, fixed 0.99.2) *CVE-2006-3626 version (kernel, fixed 2.6.17.6) *CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least) +*CVE-2006-3587 (flash-plugin) *CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable @@ -544,6 +682,8 @@ *CVE-2006-3376 backport (libwmf) from changelog *CVE-2006-3352 ignore (firefox) not a vulnerability *CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable +*CVE-2006-3311 (flash-plugin) +*CVE-2006-3276 (helixplayer) *CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12) *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) *CVE-2006-3174 version (squirrelmail, fixed 1.4.7) @@ -556,6 +696,7 @@ *CVE-2006-3113 version (thunderbird, fixed 1.5.0.5) *CVE-2006-3113 version (seamonkey, fixed 1.0.4) #200455 *CVE-2006-3113 version (firefox, fixed 1.5.0.5) +*CVE-2006-3093 ignore (acroread) windows only *CVE-2006-3085 version (kernel, fixed 2.6.17.1) *CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux *CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) @@ -565,6 +706,7 @@ *CVE-2006-3018 version (php, fixed 5.1.3) *CVE-2006-3017 version (php, fixed 5.1.3) *CVE-2006-3016 version (php, fixed 5.1.3) +*CVE-2006-3014 ignore (flash-plugin) windows only *CVE-2006-3011 ignore (php) safe mode isn't safe *CVE-2006-3005 ignore (libjpeg) not a vuln *CVE-2006-2941 version (mailman, fixed 2.1.9) @@ -613,17 +755,20 @@ *CVE-2006-2661 version (freetype, fixed 2.2.1) *CVE-2006-2660 ignore (php) see #195539 *CVE-2006-2658 version (xsp, fixed 1.1.14) #206510 +*CVE-2006-2657 (php) *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch *CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC *CVE-2006-2613 ignore (firefox) This isn't an issue on FC *CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_42-bz178431.patch *CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983 *CVE-2006-2563 ignore (php) safe mode isn't safe +*CVE-2006-2502 (cyrus-imapd) *CVE-2006-2489 version (nagios, fixed 2.3.1) *CVE-2006-2480 patch (dia, fixed 0.95-2) bz#192535 *CVE-2006-2453 patch (dia, fixed 0.95-3) #192830 *CVE-2006-2452 version (gdm) *CVE-2006-2451 version (kernel, fixed 2.6.17.4) +*CVE-2006-2450 (vnc) *CVE-2006-2449 version (kdebase, fixed 3.5.4) *CVE-2006-2448 version (kernel, fixed 2.6.17) *CVE-2006-2447 version (spamassassin, fixed 3.1.3) @@ -801,6 +946,7 @@ *CVE-2006-1490 version (php, fixed 5.1.4) *CVE-2006-1470 version (openldap, not 2.3.24 at least) *CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353 +*CVE-2006-1370 (helixplayer) *CVE-2006-1368 version (kernel, fixed 2.6.16) *CVE-2006-1354 version (freeradius, fixed 1.1.2 at least) *CVE-2006-1343 version (kernel, fixed 2.6.16.19) @@ -827,13 +973,16 @@ *CVE-2006-1057 version (gdm, fixed 2.14.1) *CVE-2006-1056 version (kernel, fixed 2.6.16.9) *CVE-2006-1055 version (kernel, fixed 2.6.17) +*CVE-2006-1053 (fedora directory server) *CVE-2006-1052 version (kernel, fixed 2.6.16) *CVE-2006-1045 version (thunderbird, fixed 1.5.0.2) *CVE-2006-1015 ignore (php) safe mode isn't safe *CVE-2006-1014 ignore (php) safe mode isn't safe *CVE-2006-0996 version (php, fixed 5.1.4) +*CVE-2006-0987 (bind) *CVE-2006-0903 version (mysql, 4.1.19) *CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) +*CVE-2006-0883 (openssh) *CVE-2006-0855 patch (zoo, patched in OpenSUSE "upstream", fixed 2.10-7) *CVE-2006-0847 version (python-cherrypy, fixed 2.1.1) *CVE-2006-0841 version (mantis, fixed 1.0.1) @@ -853,9 +1002,11 @@ *CVE-2006-0746 version (kdegraphics, fixed 3.4) *CVE-2006-0745 version (xorg-x11-server, fixed 1.1.1 at least) *CVE-2006-0744 version (kernel, fixed 2.6.16.5) +*CVE-2006-0743 (log4net) *CVE-2006-0742 version (kernel, fixed 2.6.16) *CVE-2006-0741 version (kernel, fixed 2.6.15.5) *CVE-2006-0730 version (dovecot, 1.0beta[12] only) +*CVE-2006-0709 (metamail) *CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert *CVE-2006-0670 version (bluez-hcidump, fixed 1.30) *CVE-2006-0665 version (mantis, fixed 1.0.1) @@ -879,9 +1030,13 @@ *CVE-2006-0456 ignore (kernel) s390 only *CVE-2006-0455 version (gnupg, fixed 1.4.2.1) *CVE-2006-0454 version (kernel, fixed 2.6.15.3) +*CVE-2006-0453 (fedora directory server) +*CVE-2006-0452 (fedora directory server) +*CVE-2006-0451 (fedora directory server) *CVE-2006-0405 version (libtiff, 3.8.0 only) *CVE-2006-0377 version (squirrelmail, fixed 1.4.6) *CVE-2006-0369 ignore (mysql) this is not a security issue +*CVE-2006-0323 (helixplayer) *CVE-2006-0322 version (mediawiki, fixed 1.5.8) *CVE-2006-0321 version (fetchmail, fixed 6.3.2) *CVE-2006-0301 version (poppler, fixed 0.4.5) @@ -919,9 +1074,12 @@ *CVE-2006-0195 version (squirrelmail, fixed 1.4.6) *CVE-2006-0188 version (squirrelmail, fixed 1.4.6) *CVE-2006-0162 version (clamav, fixed 0.88) +*CVE-2006-0151 (sudo) +*CVE-2006-0150 (auth_ldap) *CVE-2006-0144 version (php-pear, not 1.4.4) *CVE-2006-0126 version (rxvt-unicode, fixed 7.5) *CVE-2006-0106 version (wine, fixed 0.9.10) +*CVE-2006-0105 (postgresql) *CVE-2006-0097 ignore (php) Windows only *CVE-2006-0096 ignore (kernel) minor and requires root *CVE-2006-0095 version (kernel, fixed 2.6.16) @@ -931,12 +1089,19 @@ *CVE-2006-0052 version (mailman, fixed 2.1.6) *CVE-2006-0049 version (gnupg, fixed 1.4.2.2) *CVE-2006-0047 version (freeciv, fixed 2.0.8) bz#184507 +*CVE-2006-0043 ignore (nfs-server) we use the kernel nfs server *CVE-2006-0042 version (libapreq2, fixed 2.0.7) *CVE-2006-0039 version (kernel, fixed 2.6.16.17) *CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) +*CVE-2006-0024 (flash-plugin) *CVE-2006-0019 version (kdelibs, fixed 3.5.1) +*CVE-2006-0017 (fedora directory server) +*CVE-2006-0016 (fedora directory server) +*CVE-2005-4838 (tomcat) +*CVE-2005-4837 (net-snmp) +*CVE-2005-4836 (tomcat) *CVE-2005-4811 version (kernel, fixed 2.6.13) *CVE-2005-4809 VULNERABLE (firefox) *CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug @@ -958,6 +1123,7 @@ *CVE-2005-4635 version (kernel, fixed 2.6.15) *CVE-2005-4618 version (kernel, fixed 2.6.15) *CVE-2005-4605 version (kernel, fixed 2.6.15) +*CVE-2005-4601 (ImageMagick) *CVE-2005-4585 version (wireshark, fixed 0.10.14) *CVE-2005-4442 version (openldap) gentoo only *CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471] @@ -967,13 +1133,22 @@ *CVE-2005-4154 ignore (php) don't install untrusted pear packages *CVE-2005-4153 version (mailman) *CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html +*CVE-2005-4130 (helixplayer) +*CVE-2005-4126 (helixplayer) *CVE-2005-4077 version (curl, fixed 7.15.1) +*CVE-2005-3964 (openmotif) *CVE-2005-3962 version (perl, fixed 5.8.8) +*CVE-2005-3896 (firefox,seamonkey,thunderbird) +*CVE-2005-3891 (pidgin) +*CVE-2005-3890 (pidgin) +*CVE-2005-3889 (pidgin) +*CVE-2005-3888 (pidgin) *CVE-2005-3883 version (php, fixed 5.1.1 at least) *CVE-2005-3858 version (kernel, fixed 2.6.13) *CVE-2005-3857 version (kernel, fixed 2.6.15) *CVE-2005-3848 version (kernel, fixed 2.6.13) *CVE-2005-3847 version (kernel, fixed 2.6.12.6) +*CVE-2005-3812 (firefox,seamonkey,thunderbird) *CVE-2005-3810 version (kernel, fixed 2.6.15) *CVE-2005-3809 version (kernel, fixed 2.6.15) *CVE-2005-3808 version (kernel, fixed 2.6.15) @@ -992,6 +1167,7 @@ *CVE-2005-3651 version (wireshark, fixed 0.10.14) *CVE-2005-3632 version (netpbm) *CVE-2005-3631 version (udev) +*CVE-2005-3630 (fedora directory server) *CVE-2005-3629 version (initscripts, fixed 8.29 at least) *CVE-2005-3628 version (poppler, fixed 0.4.4) *CVE-2005-3628 version (kdegraphics, fixed 3.5.1) @@ -1014,9 +1190,11 @@ *CVE-2005-3624 version (cups, fixed 1.2.0) *CVE-2005-3624 backport (tetex) *CVE-2005-3623 version (kernel, fixed 2.6.14.5) +*CVE-2005-3591 (flash-plugin) *CVE-2005-3582 version (ImageMagick) gentoo only *CVE-2005-3573 version (mailman, fixed 2.1.7) *CVE-2005-3527 version (kernel, fixed 2.6.14) +*CVE-2005-3510 (tomcat) *CVE-2005-3402 ignore (thunderbird) mozilla say by design *CVE-2005-3392 version (php, not 5.0) *CVE-2005-3391 version (php, not 5.0) @@ -1027,9 +1205,11 @@ *CVE-2005-3358 version (kernel, fixed 2.6.11) *CVE-2005-3357 version (httpd, fixed 2.2.1) *CVE-2005-3356 version (kernel, fixed 2.6.16) +*CVE-2005-3354 (sylpheed) *CVE-2005-3353 version (php, not 5.0) *CVE-2005-3352 version (httpd, fixed 2.2.1) *CVE-2005-3351 version (spamassassin, fixed 3.1.0) +*CVE-2005-3350 (libungif) *CVE-2005-3322 version (squid) not upstream, SUSE only *CVE-2005-3319 ignore (mod_php) no security consequence *CVE-2005-3313 version (wireshark, fixed after 0.10.13) @@ -1039,6 +1219,7 @@ *CVE-2005-3273 version (kernel, fixed 2.6.12) *CVE-2005-3272 version (kernel, fixed 2.6.13) *CVE-2005-3271 version (kernel, fixed 2.6.9) +*CVE-2005-3269 (fedora directory server) *CVE-2005-3258 version (squid, fixed 2.5STABLE12) *CVE-2005-3257 version (kernel, fixed 2.6.15) *CVE-2005-3249 version (wireshark, fixed 0.10.13) @@ -1066,6 +1247,7 @@ *CVE-2005-3185 version (wget, fixed 1.10.2 at least) *CVE-2005-3185 version (curl, fixed 7.15) *CVE-2005-3184 version (wireshark, fixed 0.10.13) +*CVE-2005-3183 (w3c-libwww) *CVE-2005-3181 version (kernel, fixed 2.6.13.4) *CVE-2005-3180 version (kernel, fixed 2.6.13.4) *CVE-2005-3179 version (kernel, fixed 2.6.13.4) @@ -1088,7 +1270,9 @@ *CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts *CVE-2005-2978 version (netpbm, fixed 10.25) *CVE-2005-2977 version (pam, fixed 0.99.2.1 at least) +*CVE-2005-2976 (gdk-pixbuf) *CVE-2005-2975 version (gtk2, fixed 2.8.7) +*CVE-2005-2974 (libungif) *CVE-2005-2973 version (kernel, fixed 2.6.14) *CVE-2005-2970 version (httpd, not 2.2) *CVE-2005-2969 version (openssl, fixed 0.9.8a) @@ -1096,9 +1280,11 @@ *CVE-2005-2968 version (thunderbird) *CVE-2005-2968 version (firefox) *CVE-2005-2959 ignore (sudo) not a vulnerability +*CVE-2005-2958 (libgda) *CVE-2005-2946 version (openssl, fixed 0.9.8) *CVE-2005-2933 version (libc-client, fixed 2004g at least) *CVE-2005-2929 backport (lynx) changelog +*CVE-2005-2922 (helixplayer) *CVE-2005-2917 version (squid, fixed 2.5.STABLE11) *CVE-2005-2876 version (util-linux, fixed 2.13-pre3) *CVE-2005-2874 version (cups, fixed 1.1.23) @@ -1114,6 +1300,7 @@ *CVE-2005-2796 version (squid, fixed 2.5.STABLE11) *CVE-2005-2794 version (squid, fixed 2.5.STABLE11) *CVE-2005-2728 version (httpd, not 2.2) +*CVE-2005-2710 (helixplayer) *CVE-2005-2709 version (kernel, fixed 2.6.14.3) *CVE-2005-2708 ignore (kernel) not reproducable on x86_64 *CVE-2005-2707 version (thunderbird) @@ -1135,6 +1322,8 @@ *CVE-2005-2666 version (openssh, fixed 4.0p1) *CVE-2005-2642 version (mutt) openbsd only *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180) +*CVE-2005-2629 (helixplayer) +*CVE-2005-2628 (flash-plugin) *CVE-2005-2617 version (kernel, fixed 2.6.12.5) *CVE-2005-2602 ignore (thunderbird) probably *CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085 @@ -1213,6 +1402,7 @@ *CVE-2005-2096 version (rpm, fixed 4.4.2) *CVE-2005-2096 backport (zlib, fixed 1.2.2.4) *CVE-2005-2095 version (squirrelmail, fixed 1.4.5) +*CVE-2005-2090 (tomcat) *CVE-2005-2088 version (httpd, not 2.2) *CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch @@ -1239,11 +1429,13 @@ *CVE-2005-1760 version (sysreport, fixed 1.4.1-3) *CVE-2005-1759 ignore (php) dead code path *CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used +*CVE-2005-1753 (tomcat) *CVE-2005-1751 version (nmap, fixed 3.93 at least) *CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used *CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable *CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least) *CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3) +*CVE-2005-1730 (openssl) *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch *CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least) *CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch @@ -1257,6 +1449,7 @@ *CVE-2005-1532 version (firefox, fixed 1.0.4) *CVE-2005-1531 version (firefox, fixed 1.0.4) *CVE-2005-1519 version (squid, fixed 2.5.STABLE10) +*CVE-2005-1476 (firefox,seamonkey,thunderbird) *CVE-2005-1470 version (wireshark, fixed 0.10.11) *CVE-2005-1469 version (wireshark, fixed 0.10.11) *CVE-2005-1468 version (wireshark, fixed 0.10.11) @@ -1367,11 +1560,13 @@ *CVE-2005-0709 version (mysql, fixed 4.1.11) *CVE-2005-0705 version (wireshark, fixed after 0.10.9) *CVE-2005-0704 version (wireshark, fixed after 0.10.9) +*CVE-2005-0699 (wireshark) *CVE-2005-0698 version (wireshark, fixed after 0.10.9) *CVE-2005-0664 version (libexif, fixed 0.6.12) *CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless *CVE-2005-0627 version (qt, fixed 3.3.4) *CVE-2005-0626 version (squid, fixed 2.5.STABLE10) +*CVE-2005-0611 (helixplayer) *CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) *CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour *CVE-2005-0596 version (php, fixed 5.0) @@ -1389,6 +1584,7 @@ *CVE-2005-0584 version (firefox) *CVE-2005-0578 version (firefox) *CVE-2005-0565 version (kernel, not 2.6) +*CVE-2005-0546 (cyrus-imapd) *CVE-2005-0532 version (kernel, fixed 2.6.11) *CVE-2005-0531 version (kernel, fixed 2.6.11) *CVE-2005-0530 version (kernel, fixed 2.6.11) @@ -1409,6 +1605,8 @@ *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch *CVE-2005-0468 version (krb5, fixed 1.4.1) *CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch +*CVE-2005-0455 (helixplayer) +*CVE-2005-0452 (perl) *CVE-2005-0449 version (kernel, fixed 2.6.11) *CVE-2005-0448 version (perl, fixed 5.8.6) *CVE-2005-0446 version (squid, fixed 2.5.STABLE9) @@ -1451,6 +1649,8 @@ *CVE-2005-0202 version (mailman, fixed 2.1.6) *CVE-2005-0201 version (dbus, fixed 0.36.1) *CVE-2005-0194 version (squid, fixed 2.5.STABLE8) +*CVE-2005-0191 (helixplayer) +*CVE-2005-0189 (helixplayer) *CVE-2005-0180 version (kernel, fixed 2.6.11) *CVE-2005-0179 version (kernel, fixed 2.6.11) *CVE-2005-0178 version (kernel, fixed 2.6.11) @@ -1509,6 +1709,7 @@ *CVE-2005-0034 version (bind, fixed after 9.3.0) *CVE-2005-0033 version (bind, not 9) *CVE-2005-0023 ignore (libvte) not a security risk +*CVE-2005-0022 (exim) *CVE-2005-0014 version (ncpfs, fixed 2.2.6) *CVE-2005-0013 version (ncpfs, fixed 2.2.6) *CVE-2005-0011 version (kdeedu, not 3.4) @@ -1523,7 +1724,10 @@ *CVE-2005-0001 version (kernel, fixed 2.6.10) *CVE-2004-2660 version (kernel, fixed 2.6.10) *CVE-2004-2657 ignore (firefox) windows only +*CVE-2004-2655 (xscreensaver) *CVE-2004-2654 version (squid, fixed 2.6STABLE6) +*CVE-2004-2645 (asn1c) +*CVE-2004-2644 (asn1c) *CVE-2004-2607 version (kernel, fixed 2.6.5) *CVE-2004-2589 version (gaim, fixed 0.82) *CVE-2004-2546 version (samba, fixed 3.0.6) @@ -1603,6 +1807,7 @@ *CVE-2004-1184 version (enscript, fixed 1.6.4 at least) *CVE-2004-1183 version (libtiff, fixed 3.7.2) *CVE-2004-1180 version (rwho, fixed 0.17) +*CVE-2004-1178 (mailman) *CVE-2004-1177 version (mailman, fixed 2.1.6) *CVE-2004-1176 version (mc, fixed 4.6.0) *CVE-2004-1175 version (mc, fixed 4.6.0) @@ -1801,6 +2006,7 @@ *CVE-2004-0558 version (cups, fixed 1.1.21) *CVE-2004-0557 version (sox, fixed after 12.17.4) *CVE-2004-0554 version (kernel, fixed 2.6.7) +*CVE-2004-0550 (helixplayer) *CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue *CVE-2004-0547 version (postgresql, fixed 7.2.1) *CVE-2004-0541 version (squid) @@ -1850,6 +2056,7 @@ *CVE-2004-0394 version (kernel, not 2.6) also not a vulnerability *CVE-2004-0392 version (racoon, fixed 20040407b) *CVE-2004-0388 version (mysql, fixed 4.1.11 at least) +*CVE-2004-0387 (helixplayer) *CVE-2004-0381 version (mysql, fixed 4.1.11 at least) *CVE-2004-0367 version (wireshark, fixed 0.10.3) *CVE-2004-0365 version (wireshark, fixed 0.10.3) @@ -1858,11 +2065,13 @@ *CVE-2004-0233 version (libutempter, fixed 0.5.5) *CVE-2004-0232 version (mc, fixed 4.6.0) *CVE-2004-0231 version (mc, fixed 4.6.0) +*CVE-2004-0230 (kernel) *CVE-2004-0229 version (kernel, fixed 2.6.6) *CVE-2004-0228 version (kernel, fixed 2.6.6) *CVE-2004-0226 version (mc, fixed 4.6.0) *CVE-2004-0189 version (squid, fixed 2.5.STABLE5) *CVE-2004-0186 version (samba, not 3.0.2a) +*CVE-2004-0185 (wu-ftpd) *CVE-2004-0184 version (tcpdump, fixed 3.8.2) *CVE-2004-0183 version (tcpdump, fixed 3.8.2) *CVE-2004-0182 version (mailman) only affected Red Hat packages @@ -1917,9 +2126,12 @@ *CVE-2004-0005 version (gaim, fixed 0.76) *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) +*CVE-2003-1329 (wu-ftpd) *CVE-2003-1307 ignore (mod_php) not a vulnerability *CVE-2003-1303 version (php, fixed 4.3.3) *CVE-2003-1302 version (php, fixed 4.3.1) +*CVE-2003-1295 (xscreensaver) +*CVE-2003-1294 (xscreensaver) *CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 *CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 *CVE-2003-1232 version (emacs, fixed 21.3) @@ -1963,6 +2175,7 @@ *CVE-2003-0914 version (bind, not 9) *CVE-2003-0901 version (postgresql, not 8) *CVE-2003-0900 version (perl, only 5.8.1) +*CVE-2003-0885 (xscreensaver) *CVE-2003-0865 version (tomcat, fixed after 4.0.3) *CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html *CVE-2003-0861 version (php, fixed 4.3.3) @@ -2387,8 +2600,19 @@ *CVE-2002-0002 version (stunnel, fixed 3.22) *CVE-2002-0001 version (mutt, fixed 1.3.25) *CVE-2001-1494 version (util-linux, fixed 2.11n) +*CVE-2001-1429 (mc) *CVE-2001-0955 version (XFree86, fixed 4.2.0) +*CVE-2001-0935 (wu-ftpd) *CVE-2001-0474 version (mesa, fixed 3.3-14) +*CVE-2001-0310 (sort) +*CVE-2001-0235 (vixie-cron) +*CVE-2001-0187 (wu-ftpd) *CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch +*CVE-2000-1137 (ed) +*CVE-2000-0992 (krb5) *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch +*CVE-1999-1332 (gzip) +*CVE-1999-0997 (wu-ftpd) +*CVE-1999-0710 (squid) +*CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-commits -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
