Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26004 Modified Files: fc7 Log Message: Deal with the squid CVE ids. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- fc7 13 Jun 2007 14:00:41 -0000 1.7 +++ fc7 13 Jun 2007 18:06:54 -0000 1.8 @@ -100,7 +100,7 @@ *CVE-2007-1565 ignore (konqueror) client crash *CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] *CVE-2007-1562 (firefox, seamonkey, thunderbird) -*CVE-2007-1560 (squid) +CVE-2007-1560 version (squid, fixed 2.6.STABLE12) *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) *CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 @@ -245,8 +245,8 @@ *CVE-2007-0404 version (Django, fixed 0.95.1) *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101 -*CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] -*CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] +CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] +CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] CVE-2007-0243 ignore, no-ship (java-ibm) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 @@ -1211,7 +1211,7 @@ *CVE-2005-3352 version (httpd, fixed 2.2.1) *CVE-2005-3351 version (spamassassin, fixed 3.1.0) *CVE-2005-3350 (libungif) -*CVE-2005-3322 version (squid) not upstream, SUSE only +CVE-2005-3322 version (squid) not upstream, SUSE only *CVE-2005-3319 ignore (mod_php) no security consequence *CVE-2005-3313 version (wireshark, fixed after 0.10.13) *CVE-2005-3276 version (kernel, fixed 2.6.12.4) @@ -1221,7 +1221,7 @@ *CVE-2005-3272 version (kernel, fixed 2.6.13) *CVE-2005-3271 version (kernel, fixed 2.6.9) *CVE-2005-3269 (fedora directory server) -*CVE-2005-3258 version (squid, fixed 2.5STABLE12) +CVE-2005-3258 version (squid, fixed 2.5STABLE12) *CVE-2005-3257 version (kernel, fixed 2.6.15) *CVE-2005-3249 version (wireshark, fixed 0.10.13) *CVE-2005-3248 version (wireshark, fixed 0.10.13) @@ -1286,7 +1286,7 @@ *CVE-2005-2933 version (libc-client, fixed 2004g at least) *CVE-2005-2929 backport (lynx) changelog *CVE-2005-2922 (helixplayer) -*CVE-2005-2917 version (squid, fixed 2.5.STABLE11) +CVE-2005-2917 version (squid, fixed 2.5.STABLE11) *CVE-2005-2876 version (util-linux, fixed 2.13-pre3) *CVE-2005-2874 version (cups, fixed 1.1.23) *CVE-2005-2873 version (kernel, fixed 2.6.18-rc1) @@ -1298,8 +1298,8 @@ *CVE-2005-2800 version (kernel, fixed 2.6.12.6) CVE-2005-2798 version (openssh, fixed 4.2) CVE-2005-2797 version (openssh, fixed 4.2) -*CVE-2005-2796 version (squid, fixed 2.5.STABLE11) -*CVE-2005-2794 version (squid, fixed 2.5.STABLE11) +CVE-2005-2796 version (squid, fixed 2.5.STABLE11) +CVE-2005-2794 version (squid, fixed 2.5.STABLE11) *CVE-2005-2728 version (httpd, not 2.2) *CVE-2005-2710 (helixplayer) *CVE-2005-2709 version (kernel, fixed 2.6.14.3) @@ -1449,7 +1449,7 @@ *CVE-2005-1532 version (thunderbird) *CVE-2005-1532 version (firefox, fixed 1.0.4) *CVE-2005-1531 version (firefox, fixed 1.0.4) -*CVE-2005-1519 version (squid, fixed 2.5.STABLE10) +CVE-2005-1519 version (squid, fixed 2.5.STABLE10) *CVE-2005-1476 (firefox,seamonkey,thunderbird) *CVE-2005-1470 version (wireshark, fixed 0.10.11) *CVE-2005-1469 version (wireshark, fixed 0.10.11) @@ -1473,7 +1473,7 @@ *CVE-2005-1409 version (postgresql, fixed 8.0.1) *CVE-2005-1369 version (kernel, fixed 2.6.12) *CVE-2005-1368 version (kernel, fixed 2.6.12) -*CVE-2005-1345 version (squid, fixed 2.5.STABLE10) +CVE-2005-1345 version (squid, fixed 2.5.STABLE10) *CVE-2005-1344 ignore (httpd) not a vulnerability *CVE-2005-1281 version (wireshark, fixed 0.10.11) *CVE-2005-1280 version (tcpdump, fixed 3.9.2) @@ -1555,7 +1555,7 @@ *CVE-2005-0749 version (kernel, fixed 2.6.11.6) *CVE-2005-0739 version (wireshark, fixed after 0.10.9) *CVE-2005-0736 version (kernel, fixed 2.6.11) -*CVE-2005-0718 version (squid, fixed 2.5.STABLE8) +CVE-2005-0718 version (squid, fixed 2.5.STABLE8) *CVE-2005-0711 version (mysql, fixed 4.1.11) *CVE-2005-0710 version (mysql, fixed 4.1.11) *CVE-2005-0709 version (mysql, fixed 4.1.11) @@ -1566,7 +1566,7 @@ *CVE-2005-0664 version (libexif, fixed 0.6.12) *CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless *CVE-2005-0627 version (qt, fixed 3.3.4) -*CVE-2005-0626 version (squid, fixed 2.5.STABLE10) +CVE-2005-0626 version (squid, fixed 2.5.STABLE10) *CVE-2005-0611 (helixplayer) *CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) *CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour @@ -1610,7 +1610,7 @@ *CVE-2005-0452 (perl) *CVE-2005-0449 version (kernel, fixed 2.6.11) *CVE-2005-0448 version (perl, fixed 5.8.6) -*CVE-2005-0446 version (squid, fixed 2.5.STABLE9) +CVE-2005-0446 version (squid, fixed 2.5.STABLE9) *CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020 *CVE-2005-0403 version (kernel) not upstream *CVE-2005-0402 version (firefox, fixed 1.0.2) @@ -1631,7 +1631,7 @@ *CVE-2005-0246 version (postgresql, fixed 8.0.1) *CVE-2005-0245 version (postgresql, fixed 8.0.1) *CVE-2005-0244 version (postgresql, fixed 8.0.1) -*CVE-2005-0241 version (squid, fixed 2.5.STABLE8) +CVE-2005-0241 version (squid, fixed 2.5.STABLE8) *CVE-2005-0238 version (epiphany, fixed since mozilla 1.7.6) *CVE-2005-0237 version (kdelibs, fixed 3.4.0) *CVE-2005-0233 version (firefox, fixed 1.0.1) @@ -1640,7 +1640,7 @@ *CVE-2005-0230 version (thunderbird, fixed 1.0.2) *CVE-2005-0230 version (firefox, fixed 1.0.1) *CVE-2005-0227 version (postgresql, fixed 8.0.1) -*CVE-2005-0211 version (squid, fixed 2.5.STABLE8) +CVE-2005-0211 version (squid, fixed 2.5.STABLE8) *CVE-2005-0210 version (kernel, fixed 2.6.11) *CVE-2005-0209 version (kernel, fixed 2.6.11) *CVE-2005-0208 version (gaim, fixed 1.1.4) @@ -1649,7 +1649,7 @@ *CVE-2005-0204 version (kernel) didn't affect upstream *CVE-2005-0202 version (mailman, fixed 2.1.6) *CVE-2005-0201 version (dbus, fixed 0.36.1) -*CVE-2005-0194 version (squid, fixed 2.5.STABLE8) +CVE-2005-0194 version (squid, fixed 2.5.STABLE8) *CVE-2005-0191 (helixplayer) *CVE-2005-0189 (helixplayer) *CVE-2005-0180 version (kernel, fixed 2.6.11) @@ -1657,9 +1657,9 @@ *CVE-2005-0178 version (kernel, fixed 2.6.11) *CVE-2005-0177 version (kernel, fixed 2.6.11) *CVE-2005-0176 version (kernel, fixed 2.6.10) only affected 2.6.9 -*CVE-2005-0175 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0174 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0173 version (squid, fixed 2.5.STABLE8) +CVE-2005-0175 version (squid, fixed 2.5.STABLE8) +CVE-2005-0174 version (squid, fixed 2.5.STABLE8) +CVE-2005-0173 version (squid, fixed 2.5.STABLE8) *CVE-2005-0162 version (openswan, fixed 2.3.0) *CVE-2005-0156 version (perl, fixed 5.8.8) *CVE-2005-0155 version (perl, fixed 5.8.8) @@ -1685,10 +1685,10 @@ *CVE-2005-0103 version (squirrelmail, fixed 1.4.4) *CVE-2005-0102 version (evolution-data-server, fixed 1.2.2 at least) *CVE-2005-0100 version (emacs, fixed 21.4 at least) -*CVE-2005-0097 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0096 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0095 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0094 version (squid, fixed 2.5.STABLE8) +CVE-2005-0097 version (squid, fixed 2.5.STABLE8) +CVE-2005-0096 version (squid, fixed 2.5.STABLE8) +CVE-2005-0095 version (squid, fixed 2.5.STABLE8) +CVE-2005-0094 version (squid, fixed 2.5.STABLE8) *CVE-2005-0092 version (kernel, not affected) *CVE-2005-0091 version (kernel, not affected) *CVE-2005-0090 version (kernel, not affected) @@ -1726,7 +1726,7 @@ *CVE-2004-2660 version (kernel, fixed 2.6.10) *CVE-2004-2657 ignore (firefox) windows only *CVE-2004-2655 (xscreensaver) -*CVE-2004-2654 version (squid, fixed 2.6STABLE6) +CVE-2004-2654 version (squid, fixed 2.6STABLE6) *CVE-2004-2645 (asn1c) *CVE-2004-2644 (asn1c) *CVE-2004-2607 version (kernel, fixed 2.6.5) @@ -1735,8 +1735,8 @@ *CVE-2004-2541 ignore (cscope) blocked by FORTIFY_SOURCE *CVE-2004-2536 version (kernel, fixed 2.6.7) *CVE-2004-2531 version (gnutls, fixed 1.0.17) -*CVE-2004-2480 ignore (squid) , not reproducable -*CVE-2004-2479 version (squid, fixed 2.5.STABLE8) +CVE-2004-2480 ignore (squid) , not reproducable +CVE-2004-2479 version (squid, fixed 2.5.STABLE8) *CVE-2004-2396 version (passwd, fixed 0.69) *CVE-2004-2395 version (passwd, fixed 0.69) *CVE-2004-2394 version (passwd, fixed 0.69) @@ -1899,7 +1899,7 @@ *CVE-2004-0930 version (samba, fixed 3.0.8) *CVE-2004-0929 version (libtiff, fixed 3.7.0) *CVE-2004-0923 version (cups, fixed 1.2.22) -*CVE-2004-0918 version (squid, fixed 2.4.STABLE7) +CVE-2004-0918 version (squid, fixed 2.4.STABLE7) *CVE-2004-0914 version (xorg-x11, fixed after 6.8.1) *CVE-2004-0909 version (thunderbird) *CVE-2004-0909 version (firefox) @@ -1924,7 +1924,7 @@ *CVE-2004-0837 version (mysql, fixed 4.0.21) *CVE-2004-0836 version (mysql, fixed 4.0.21) *CVE-2004-0835 version (mysql, fixed 4.1.2) -*CVE-2004-0832 version (squid, fixed 2.5.STABLE7) +CVE-2004-0832 version (squid, fixed 2.5.STABLE7) *CVE-2004-0829 version (samba, fixed 2.2.11) *CVE-2004-0827 version (ImageMagick, fixed 6.0.6.2) *CVE-2004-0826 version (nss, fixed 3.9.2) @@ -2010,7 +2010,7 @@ *CVE-2004-0550 (helixplayer) *CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue *CVE-2004-0547 version (postgresql, fixed 7.2.1) -*CVE-2004-0541 version (squid) +CVE-2004-0541 version (squid, fixed 2.5.STABLE6) *CVE-2004-0535 version (kernel, fixed 2.6.6) *CVE-2004-0527 version (konqueror, not 3+) *CVE-2004-0523 version (krb5, fixed 1.3.4) @@ -2070,7 +2070,7 @@ *CVE-2004-0229 version (kernel, fixed 2.6.6) *CVE-2004-0228 version (kernel, fixed 2.6.6) *CVE-2004-0226 version (mc, fixed 4.6.0) -*CVE-2004-0189 version (squid, fixed 2.5.STABLE5) +CVE-2004-0189 version (squid, fixed 2.5.STABLE5) *CVE-2004-0186 version (samba, not 3.0.2a) CVE-2004-0185 ignore, no-ship (wu-ftpd) *CVE-2004-0184 version (tcpdump, fixed 3.8.2) @@ -2502,9 +2502,9 @@ *CVE-2002-0759 version (bzip2, fixed 1.0.2) *CVE-2002-0728 version (libpng, fixed 1.2.4) *CVE-2002-0717 version (php, fixed 4.2.2) -*CVE-2002-0715 version (squid, fixed 2.4.STABLE6) -*CVE-2002-0714 version (squid, fixed 2.4.STABLE6) -*CVE-2002-0713 version (squid, fixed 2.4.STABLE6) +CVE-2002-0715 version (squid, fixed 2.4.STABLE6) +CVE-2002-0714 version (squid, fixed 2.4.STABLE6) +CVE-2002-0713 version (squid, fixed 2.4.STABLE6) *CVE-2002-0704 version (kernel, fixed 2.6.11) *CVE-2002-0702 version (dhcpd, fixed 3.0.1) *CVE-2002-0684 version (glibc, fixed afted 2.2.5) @@ -2566,7 +2566,7 @@ *CVE-2002-0169 ignore (docbook) was RHL only *CVE-2002-0165 version (logwatch, fixed 2.6) *CVE-2002-0164 version (XFree86, fixed 4.2.1) -*CVE-2002-0163 version (squid, fixed 20020312) +CVE-2002-0163 version (squid, fixed 2.4.STABLE6) *CVE-2002-0162 version (logwatch, fixed 2.5) *CVE-2002-0157 version (nautilus) *CVE-2002-0146 version (fetchmail, fixed 5.9.10) @@ -2578,9 +2578,9 @@ *CVE-2002-0082 version (mod_ssl, not httpd 2.2) *CVE-2002-0081 version (php, not 4.2+) CVE-2002-0080 version (rsync, fixed 2.5.3) -*CVE-2002-0069 version (squid, fixed 2.4STABLE4) -*CVE-2002-0068 version (squid, fixed 2.4STABLE4) -*CVE-2002-0067 version (squid, fixed 2.4STABLE4) +CVE-2002-0069 version (squid, fixed 2.4STABLE4) +CVE-2002-0068 version (squid, fixed 2.4STABLE4) +CVE-2002-0067 version (squid, fixed 2.4STABLE4) *CVE-2002-0063 version (cups, fixed 1.1.14) *CVE-2002-0062 version (ncurses, only 5.0) *CVE-2002-0060 version (kernel, fixed 2.5.5) @@ -2616,6 +2616,6 @@ *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) -*CVE-1999-0710 (squid) +CVE-1999-0710 version (squid, fixed 2.5.STABLE10) CVE-1999-0473 version (rsync, fixed 2.3.1) *CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-commits -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
