fedora-security/audit fc7,1.9,1.10

["Kevin Fenzi" (kevin) <fedora-extras-commits@xxxxxxxxxx>]

Author: kevin

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16293

Modified Files:
	fc7 
Log Message:
process some kernel cve's



Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- fc7	13 Jun 2007 21:39:40 -0000	1.9
+++ fc7	14 Jun 2007 03:53:59 -0000	1.10
@@ -58,7 +58,7 @@
 CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped.
 *CVE-2007-2241 (bind)
 *CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction
-*CVE-2007-2172 (kernel)
+CVE-2007-2172 version (kernel, fixed 2.6.21-rc6)
 *CVE-2007-2165 VULNERABLE (proftpd) #237533
 *CVE-2007-2138 (postgresql)
 *CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1)
@@ -111,7 +111,7 @@
 *CVE-2007-1536 (file)
 *CVE-2007-1521 (php)
 *CVE-2007-1515 version (imp, fixed 4.1.4)
-*CVE-2007-1496 (kernel)
+CVE-2007-1496 version (kernel, fixed 2.6.20.3)
 *CVE-2007-1484 (php)
 *CVE-2007-1475 ignore (php) unshipped ibase extension
 *CVE-2007-1474 version (horde, fixed 3.1.4)
@@ -175,7 +175,7 @@
 *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed  > X11R7.2) #235263
 *CVE-2007-1002 VULNERABLE (evolution) #233587
 *CVE-2007-1001 (php)
-*CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
+CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335]
 *CVE-2007-0999 (ekiga)
 *CVE-2007-0998 version (qemu, fixed 0.8.2)
 *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343]
@@ -208,8 +208,8 @@
 *CVE-2007-0777 version (seamonkey, fixed 1.0.8)
 *CVE-2007-0775 version (seamonkey, fixed 1.0.8)
 *CVE-2007-0774 (mod_jk)
-*CVE-2007-0772 version (kernel) [since FEDORA-2007-291]
-*CVE-2007-0771 (kernel)
+CVE-2007-0772 version (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
+CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952
 *CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758
 *CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456
 *CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated
@@ -275,11 +275,10 @@
 *CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
 *CVE-2007-0008 ignore (seamonkey, uses system NSS)
 *CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233
-*CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
-*CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226]
-*CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
+CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
+CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
 *CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
-*CVE-2007-0001 (kernel)
+CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected
 *CVE-2006-7205 (php)
 *CVE-2006-7204 (php)
 *CVE-2006-7197 (tomcat)
@@ -334,14 +333,14 @@
 *CVE-2006-6493 (openldap)
 *CVE-2006-6481 version (clamav, fixed 0.88.7)
 *CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
-*CVE-2006-6385 ignore (kernel) windows only
+CVE-2006-6385 ignore (kernel) windows only
 *CVE-2006-6383 ignore (php) safe mode isn't safe
 *CVE-2006-6374 ** (phpMyAdmin) #218853
 *CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
-*CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
-*CVE-2006-6332 ignore (kernel) no support for madwifi
+CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
+CVE-2006-6332 ignore (kernel) no support for madwifi
 *CVE-2006-6305 ignore (net-snmp) already have the backported patch
-*CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
+CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
 *CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441]
 *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
 *CVE-2006-6297 ignore (kdegraphics) just a crash
@@ -356,11 +355,11 @@
 CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456
 CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456
 *CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
-*CVE-2006-6128 VULNERABLE (kernel, fixed **)
+CVE-2006-6128 VULNERABLE (kernel, fixed **)
 *CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped)
 *CVE-2006-6120 version (koffice, fixed 1.6.1) #218030
 *CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2) #219665
-*CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
+CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
 *CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
 *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067]
 *CVE-2006-6103 (xorg-x11)
@@ -369,10 +368,10 @@
 *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393]
 *CVE-2006-6085 version (kile, fixed 1.9.3) #217238
 *CVE-2006-6077 VULNERABLE (firefox)
-*CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
-*CVE-2006-6058 VULNERABLE (kernel, fixed **)
-*CVE-2006-6057 VULNERABLE (kernel, fixed **)
-*CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
+CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
+CVE-2006-6058 VULNERABLE (kernel, fixed **)
+CVE-2006-6057 VULNERABLE (kernel, fixed **)
+CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
 *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
 CVE-2006-6027 ignore, no-ship (acroread)

-- 
fedora-extras-commits mailing list
fedora-extras-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-commits

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list