fedora-security/audit fc7,1.5,1.6

"Kevin Fenzi" (kevin) <fedora-extras-commits@xxxxxxxxxx> · Tue, 12 Jun 2007 22:28:18 -0400

Author: kevin

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19805

Modified Files:
	fc7 
Log Message:
Process openssh



Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6

--- fc7	12 Jun 2007 20:40:54 -0000	1.5
+++ fc7	13 Jun 2007 02:28:16 -0000	1.6
@@ -23,7 +23,7 @@
 *CVE-2007-2843 ignore (konqueror) safari specific
 *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970
 *CVE-2007-2799 (file)
-*CVE-2007-2768 (openssh)
+CVE-2007-2768 VULNERABLE (openssh)
 *CVE-2007-2756 ignore (gd) DoS only
 *CVE-2007-2754 (freetype)
 *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
@@ -54,7 +54,7 @@
 *CVE-2007-2356 (gimp)
 *CVE-2007-2353 (axis)
 *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
-*CVE-2007-2243 (openssh)
+CVE-2007-2243 VULNERABLE (openssh, fixed 4.6) 
 *CVE-2007-2241 (bind)
 *CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction
 *CVE-2007-2172 (kernel)
@@ -395,7 +395,7 @@
 *CVE-2006-5848 version (trac, fixed 0.10.1) #215077
 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
-*CVE-2006-5794 backport (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215]
+CVE-2006-5794 version (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215]
 *CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263
 *CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash
 *CVE-2006-5783 ignore (firefox) disputed
@@ -449,7 +449,7 @@
 *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
 *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
 *CVE-2006-5276 VULNERABLE (snort) #229265
-*CVE-2006-5229 ignore (openssh) not reproduced
+CVE-2006-5229 ignore (openssh) not reproduced
 *CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167
 *CVE-2006-5215 version (xorg-x11-xdm)
 *CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession
@@ -466,8 +466,8 @@
 *CVE-2006-5129 version (moodle, fixed 1.6.3) #206516
 *CVE-2006-5111 version (libksba, fixed 0.9.14)
 *CVE-2006-5072 backport (mono)
-*CVE-2006-5052 VULNERABLE (openssh, fixed 4.4)
-*CVE-2006-5051 backport (openssh, fixed 4.4)
+CVE-2006-5052 version (openssh, fixed 4.4)
+CVE-2006-5051 version (openssh, fixed 4.4) #208459
 *CVE-2006-4997 version (kernel, fixed 2.6.18)
 *CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA
 *CVE-2006-4976 ** (php-adodb) #208299
@@ -480,8 +480,8 @@
 *CVE-2006-4937 version (moodle, fixed 1.6.3) #206516
 *CVE-2006-4936 version (moodle, fixed 1.6.3) #206516
 *CVE-2006-4935 version (moodle, fixed 1.6.3) #206516
-*CVE-2006-4925 ignore (openssh) client crash only
-*CVE-2006-4924 backport (openssh, fixed 4.4)
+CVE-2006-4925 ignore (openssh) client crash only
+CVE-2006-4924 version (openssh, fixed 4.4) #207957
 *CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr
 *CVE-2006-4816 (php)
 *CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058]
@@ -982,7 +982,7 @@
 *CVE-2006-0987 (bind)
 *CVE-2006-0903 version (mysql, 4.1.19)
 *CVE-2006-0884 version (thunderbird, fixed 1.5.0.2)
-*CVE-2006-0883 (openssh)
+CVE-2006-0883 version (openssh, fixed 3.8.1p1)
 *CVE-2006-0855 patch (zoo, patched in OpenSUSE "upstream", fixed 2.10-7)
 *CVE-2006-0847 version (python-cherrypy, fixed 2.1.1)
 *CVE-2006-0841 version (mantis, fixed 1.0.1)
@@ -1066,7 +1066,7 @@
 *CVE-2006-0292 version (firefox, fixed 1.5.1)
 *CVE-2006-0254 version (tomcat5, fixed 5.5.16)
 *CVE-2006-0236 ignore (thunderbird) windows only
-*CVE-2006-0225 version (openssh, fixed 4.3p2)
+CVE-2006-0225 version (openssh, fixed 4.3p2) #168167
 *CVE-2006-0208 version (php, fixed 5.1.2)
 *CVE-2006-0207 version (php, fixed 5.1.2)
 *CVE-2006-0200 version (php, fixed 5.1.2)
@@ -1295,8 +1295,8 @@
 *CVE-2005-2811 version (net-snmp) not upstream, gentoo only
 *CVE-2005-2801 version (kernel, fixed 2.6.11)
 *CVE-2005-2800 version (kernel, fixed 2.6.12.6)
-*CVE-2005-2798 version (openssh, fixed 4.2)
-*CVE-2005-2797 version (openssh, fixed 4.2)
+CVE-2005-2798 version (openssh, fixed 4.2)
+CVE-2005-2797 version (openssh, fixed 4.2)
 *CVE-2005-2796 version (squid, fixed 2.5.STABLE11)
 *CVE-2005-2794 version (squid, fixed 2.5.STABLE11)
 *CVE-2005-2728 version (httpd, not 2.2)
@@ -1319,7 +1319,7 @@
 *CVE-2005-2700 version (httpd, not 2.2)
 *CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch
 *CVE-2005-2672 version (lm_sensors, fixed 2.9.2)
-*CVE-2005-2666 version (openssh, fixed 4.0p1)
+CVE-2005-2666 version (openssh, fixed 4.0p1)
 *CVE-2005-2642 version (mutt) openbsd only
 *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
 *CVE-2005-2629 (helixplayer)
@@ -1751,7 +1751,7 @@
 *CVE-2004-2136 ignore (dm-crypt) design
 *CVE-2004-2135 ignore (kernel) design
 CVE-2004-2093 ignore (rsync) not a security issue (rsync is not setuid)
-*CVE-2004-2069 version (openssh, not 4)
+CVE-2004-2069 version (openssh, not 4)
 *CVE-2004-2014 version (wget, fixed 1.10.1)
 *CVE-2004-2013 version (kernel, not 2.6)
 *CVE-2004-2004 version (configuration) SUSE only
@@ -1761,7 +1761,7 @@
 *CVE-2004-1772 version (sharutils, not 4.6)
 *CVE-2004-1761 version (wireshark, fixed 0.10.3)
 *CVE-2004-1689 version (sudo, fixed 1.6.8p1)
-*CVE-2004-1653 ignore (openssh)
+CVE-2004-1653 ignore (openssh)
 *CVE-2004-1639 version (firefox)
 *CVE-2004-1617 ignore (lynx) not able to verify flaw
 *CVE-2004-1488 version (wget, fixed 1.10.1)
@@ -2082,7 +2082,7 @@
 *CVE-2004-0178 version (kernel, not 2.6)
 *CVE-2004-0177 version (kernel, fixed 2.6.6)
 *CVE-2004-0176 version (wireshark, fixed 0.10.3)
-*CVE-2004-0175 version (openssh, fixed 3.4p1)
+CVE-2004-0175 version (openssh, fixed 3.4p1)
 *CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch
 *CVE-2004-0174 version (httpd, not 2.2)
 *CVE-2004-0173 version (httpd, not 2.2)
@@ -2193,8 +2193,8 @@
 *CVE-2003-0792 version (fetchmail, 6.2.4 only)
 *CVE-2003-0789 version (httpd, not 2.2)
 *CVE-2003-0788 version (cups, fixed 1.1.19)
-*CVE-2003-0787 version (openssh, fixed 3.7.1p2)
-*CVE-2003-0786 version (openssh, fixed 3.7.1p2)
+CVE-2003-0787 version (openssh, fixed 3.7.1p2)
+CVE-2003-0786 version (openssh, fixed 3.7.1p2)
 *CVE-2003-0780 version (mysql, not 4.1)
 *CVE-2003-0778 version (sane-backends, fixed 1.0.10)
 *CVE-2003-0777 version (sane-backends, fixed 1.0.10)
@@ -2206,15 +2206,15 @@
 *CVE-2003-0730 version (XFree86, fixed after 4.3.0)
 *CVE-2003-0700 version (kernel, not 2.6)
 *CVE-2003-0699 version (kernel, not 2.6)
-*CVE-2003-0695 version (openssh, fixed 3.7.1)
+CVE-2003-0695 version (openssh, fixed 3.7.1)
 *CVE-2003-0694 version (sendmail, fixed 8.12.10)
-*CVE-2003-0693 version (openssh, fixed 3.7)
+CVE-2003-0693 version (openssh, fixed 3.7)
 *CVE-2003-0692 version (kde, fixed after 3.1.3)
 *CVE-2003-0690 version (kde, fixed after 3.1.3)
 *CVE-2003-0689 version (glibc, fixed 2.3.2 at least)
 *CVE-2003-0688 version (sendmail, fixed 8.12.9)
 *CVE-2003-0686 version (pam_smb, fixed 1.1.7)
-*CVE-2003-0682 version (openssh, fixed 4.0p1 at least)
+CVE-2003-0682 version (openssh, fixed 4.0p1 at least)
 *CVE-2003-0681 version (sendmail, fixed 8.12.10)
 *CVE-2003-0655 version (cdrtools, fixed 2.01a18)
 *CVE-2003-0644 version (kdbg, not after 1.2.8)
@@ -2260,7 +2260,7 @@
 *CVE-2003-0427 backport (mikmod) from changelog
 *CVE-2003-0418 version (kernel, not 2.6)
 *CVE-2003-0388 version (pam, fixed 0.78)
-*CVE-2003-0386 version (openssh, fixed after 3.6.1)
+CVE-2003-0386 version (openssh, fixed after 3.6.1)
 *CVE-2003-0370 version (kde, fixed 3.0)
 *CVE-2003-0367 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch
 *CVE-2003-0364 version (kernel, not 2.6)
@@ -2291,7 +2291,7 @@
 *CVE-2003-0195 version (cups, fixed 1.1.19)
 *CVE-2003-0194 version (tcpdump, not upstream)
 *CVE-2003-0192 version (httpd, not 2.2)
-*CVE-2003-0190 version (openssh, fixed 3.6.1p1)
+CVE-2003-0190 version (openssh, fixed after 3.6.1p1)
 *CVE-2003-0189 version (httpd, not 2.2)
 *CVE-2003-0188 version (lv, fixed 4.51 at least)
 *CVE-2003-0187 version (kernel, not 2.6)
@@ -2520,10 +2520,10 @@
 *CVE-2002-0655 version (openssl097a, not 0.9.7)
 *CVE-2002-0653 version (mod_ssl, not httpd 2.2)
 *CVE-2002-0651 version (bind, not 9)
-*CVE-2002-0640 version (openssh, fixed after 3.3)
-*CVE-2002-0639 version (openssh, fixed after 3.3)
+CVE-2002-0640 version (openssh, fixed after 3.3)
+CVE-2002-0639 version (openssh, fixed after 3.3)
 *CVE-2002-0638 version (util-linux, fixed 2.13 at least)
-*CVE-2002-0575 version (openssh, fixed 3.2.1)
+CVE-2002-0575 version (openssh, fixed 3.2.1)
 *CVE-2002-0570 ignore (kernel) not a vulnerability
 *CVE-2002-0517 version (XFree86) didn't affect Linux
 *CVE-2002-0516 version (squirrelmail, fixed 1.2.6)
@@ -2573,7 +2573,7 @@
 *CVE-2002-0129 ignore (efax) not setuid root
 *CVE-2002-0121 version (php, fixed after 4.1.1)
 *CVE-2002-0092 version (cve, fixed 1.10.8)
-*CVE-2002-0083 version (openssh, fixed 3.1)
+CVE-2002-0083 version (openssh, fixed 3.1)
 *CVE-2002-0082 version (mod_ssl, not httpd 2.2)
 *CVE-2002-0081 version (php, not 4.2+)
 CVE-2002-0080 version (rsync, fixed 2.5.3)

-- 
fedora-extras-commits mailing list
fedora-extras-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-commits

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list




