fedora-security/audit fc7,1.2,1.3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Author: kevin

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8011

Modified Files:
	fc7 
Log Message:
Initial pass at krb5
Mark packages we don't ship currently



Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fc7	11 Jun 2007 20:21:46 -0000	1.2
+++ fc7	12 Jun 2007 19:02:04 -0000	1.3
@@ -160,7 +160,7 @@
 *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898
 *CVE-2007-1230 version (wordpress, fixed 2.1.2)
 *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
-*CVE-2007-1216 (krb5)
+*CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537
 *CVE-2007-1103 VULNERABLE (tor) #230927
 *CVE-2007-1092 version (seamonkey, fixed 1.0.8)
 *CVE-2007-1055 version (mediawiki, fixed 1.8.3)
@@ -183,8 +183,8 @@
 *CVE-2007-0988 (php)
 *CVE-2007-0981 VULNERABLE (firefox, ...)
 *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253
-*CVE-2007-0957 (krb5)
-*CVE-2007-0956 (krb5)
+*CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528
+*CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782
 *CVE-2007-0911 (php)
 *CVE-2007-0910 (php)
 *CVE-2007-0909 (php)
@@ -246,7 +246,7 @@
 *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101
 *CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
 *CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
-*CVE-2007-0243 (java-ibm)
+*CVE-2007-0243 ignore, no-ship (java-ibm)
 *CVE-2007-0242 patch (qt4, fixed 4.2.3-7)
 *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
 *CVE-2007-0239 (openoffice.org)
@@ -264,10 +264,10 @@
 *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694
 *CVE-2007-0086 ignore (apache) not a security issue
 *CVE-2007-0080 (freeradius)
-*CVE-2007-0048 (acroread)
-*CVE-2007-0046 (acroread)
-*CVE-2007-0045 (acroread)
-*CVE-2007-0044 (acroread)
+*CVE-2007-0048 ignore, no-ship (acroread)
+*CVE-2007-0046 ignore, no-ship (acroread)
+*CVE-2007-0045 ignore, no-ship (acroread)
+*CVE-2007-0044 ignore, no-ship (acroread)
 *CVE-2007-0010 (gtk2)
 *CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
 *CVE-2007-0009 ignore (seamonkey, uses system NSS)
@@ -345,15 +345,15 @@
 *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
 *CVE-2006-6297 ignore (kdegraphics) just a crash
 *CVE-2006-6238 (konqueror) probably safari only
-*CVE-2006-6236 (acroread)
+*CVE-2006-6236 ignore, no-ship (acroread)
 *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821
 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
 *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820
 *CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820
 *CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950
 *CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
-*CVE-2006-6144 ** krb5
-*CVE-2006-6143 ** krb5
+*CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456
+*CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456
 *CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
 *CVE-2006-6128 VULNERABLE (kernel, fixed **)
 *CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped)
@@ -374,7 +374,7 @@
 *CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
 *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
-*CVE-2006-6027 (acroread)
+*CVE-2006-6027 ignore, no-ship (acroread)
 *CVE-2006-6015 (pcre)
 *CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6
 *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
@@ -391,7 +391,7 @@
 *CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042]
 *CVE-2006-5864 VULNERABLE (evince) #217672
 *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136
-*CVE-2006-5857 (acroread)
+*CVE-2006-5857 ignore, no-ship (acroread)
 *CVE-2006-5848 version (trac, fixed 0.10.1) #215077
 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
@@ -444,7 +444,7 @@
 *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355
 *CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280
 *CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
-*CVE-2006-5330 (flash-plugin)
+*CVE-2006-5330 ignore, no-ship (flash-plugin)
 *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
 *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
 *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
@@ -501,7 +501,7 @@
 *CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514
 *CVE-2006-4684 version (zope, fixed 2.9.2)
 *CVE-2006-4663 ignore (kernel) not a vulnerability
-*CVE-2006-4640 (flash-plugin)
+*CVE-2006-4640 ignore, no-ship (flash-plugin)
 *CVE-2006-4625 ignore (php) safe mode isn't safe
 *CVE-2006-4624 version (mailman, fixed 2.1.9rc1)
 *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1)
@@ -658,7 +658,7 @@
 *CVE-2006-3627 version (wireshark, fixed 0.99.2)
 *CVE-2006-3626 version (kernel, fixed 2.6.17.6)
 *CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least)
-*CVE-2006-3587 (flash-plugin)
+*CVE-2006-3587 ignore, no-ship (flash-plugin)
 *CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108
 *CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108
 *CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
@@ -682,7 +682,7 @@
 *CVE-2006-3376 backport (libwmf) from changelog
 *CVE-2006-3352 ignore (firefox) not a vulnerability
 *CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable
-*CVE-2006-3311 (flash-plugin)
+*CVE-2006-3311 ignore, no-ship (flash-plugin)
 *CVE-2006-3276 (helixplayer)
 *CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12)
 *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped)
@@ -1095,7 +1095,7 @@
 *CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15)
 *CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15)
 *CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
-*CVE-2006-0024 (flash-plugin)
+*CVE-2006-0024 ignore, no-ship (flash-plugin)
 *CVE-2006-0019 version (kdelibs, fixed 3.5.1)
 *CVE-2006-0017 (fedora directory server)
 *CVE-2006-0016 (fedora directory server)
@@ -1190,7 +1190,7 @@
 *CVE-2005-3624 version (cups, fixed 1.2.0)
 *CVE-2005-3624 backport (tetex)
 *CVE-2005-3623 version (kernel, fixed 2.6.14.5)
-*CVE-2005-3591 (flash-plugin)
+*CVE-2005-3591 ignore, no-ship (flash-plugin)
 *CVE-2005-3582 version (ImageMagick) gentoo only
 *CVE-2005-3573 version (mailman, fixed 2.1.7)
 *CVE-2005-3527 version (kernel, fixed 2.6.14)
@@ -1323,7 +1323,7 @@
 *CVE-2005-2642 version (mutt) openbsd only
 *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
 *CVE-2005-2629 (helixplayer)
-*CVE-2005-2628 (flash-plugin)
+*CVE-2005-2628 ignore, no-ship (flash-plugin)
 *CVE-2005-2617 version (kernel, fixed 2.6.12.5)
 *CVE-2005-2602 ignore (thunderbird) probably
 *CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
@@ -2071,7 +2071,7 @@
 *CVE-2004-0226 version (mc, fixed 4.6.0)
 *CVE-2004-0189 version (squid, fixed 2.5.STABLE5)
 *CVE-2004-0186 version (samba, not 3.0.2a)
-*CVE-2004-0185 (wu-ftpd)
+*CVE-2004-0185 ignore, no-ship (wu-ftpd)
 *CVE-2004-0184 version (tcpdump, fixed 3.8.2)
 *CVE-2004-0183 version (tcpdump, fixed 3.8.2)
 *CVE-2004-0182 version (mailman) only affected Red Hat packages
@@ -2126,7 +2126,7 @@
 *CVE-2004-0005 version (gaim, fixed 0.76)
 *CVE-2004-0003 version (kernel, not 2.6)
 *CVE-2004-0001 version (kernel, not 2.6)
-*CVE-2003-1329 (wu-ftpd)
+*CVE-2003-1329 ignore, no-ship (wu-ftpd)
 *CVE-2003-1307 ignore (mod_php) not a vulnerability
 *CVE-2003-1303 version (php, fixed 4.3.3)
 *CVE-2003-1302 version (php, fixed 4.3.1)
@@ -2602,17 +2602,17 @@
 *CVE-2001-1494 version (util-linux, fixed 2.11n)
 *CVE-2001-1429 (mc)
 *CVE-2001-0955 version (XFree86, fixed 4.2.0)
-*CVE-2001-0935 (wu-ftpd)
+*CVE-2001-0935 ignore, no-ship (wu-ftpd)
 *CVE-2001-0474 version (mesa, fixed 3.3-14)
 *CVE-2001-0310 (sort)
 *CVE-2001-0235 (vixie-cron)
-*CVE-2001-0187 (wu-ftpd)
+*CVE-2001-0187 ignore, no-ship (wu-ftpd)
 *CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch
 *CVE-2000-1137 (ed)
 *CVE-2000-0992 (krb5)
 *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1)
 *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch
 *CVE-1999-1332 (gzip)
-*CVE-1999-0997 (wu-ftpd)
+*CVE-1999-0997 ignore, no-ship (wu-ftpd)
 *CVE-1999-0710 (squid)
 *CVE-1999-0103 (bind)

-- 
fedora-extras-commits mailing list
fedora-extras-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-commits

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux