Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22089 Modified Files: fc7 Log Message: Deal with a number of CVE ids. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- fc7 20 Jun 2007 18:59:53 -0000 1.19 +++ fc7 20 Jun 2007 20:27:27 -0000 1.20 @@ -85,7 +85,7 @@ *CVE-2007-1862 (httpd) *CVE-2007-1859 (xscreensaver) *CVE-2007-1858 (tomcat) -*CVE-2007-1856 VULNERABLE (vixie-cron) #235882 +CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 *CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 @@ -347,7 +347,7 @@ *CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] CVE-2006-6332 ignore (kernel) no support for madwifi -*CVE-2006-6305 ignore (net-snmp) already have the backported patch +CVE-2006-6305 ignore (net-snmp) already have the backported patch CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] *CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441] *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 @@ -388,7 +388,7 @@ *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 *CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508 *CVE-2006-5969 (fvwm) -*CVE-2006-5941 (net-snmp) +CVE-2006-5941 ignore (net-snmp) dupe CVE-2005-2177 *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] *CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4) @@ -767,7 +767,7 @@ *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch *CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC *CVE-2006-2613 ignore (firefox) This isn't an issue on FC -*CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_42-bz178431.patch +CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_48-security.patch *CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983 *CVE-2006-2563 ignore (php) safe mode isn't safe *CVE-2006-2502 (cyrus-imapd) @@ -1108,7 +1108,7 @@ *CVE-2006-0017 (fedora directory server) *CVE-2006-0016 (fedora directory server) *CVE-2005-4838 (tomcat) -*CVE-2005-4837 (net-snmp) +CVE-2005-4837 version (net-snmp, fixed 5.2.2) *CVE-2005-4836 (tomcat) *CVE-2005-4811 version (kernel, fixed 2.6.13) *CVE-2005-4809 VULNERABLE (firefox) @@ -1300,7 +1300,7 @@ *CVE-2005-2872 version (kernel, fixed 2.6.12) *CVE-2005-2871 version (thunderbird) *CVE-2005-2871 version (firefox, fixed 1.0.7) -*CVE-2005-2811 version (net-snmp) not upstream, gentoo only +CVE-2005-2811 version (net-snmp) not upstream, gentoo only *CVE-2005-2801 version (kernel, fixed 2.6.11) *CVE-2005-2800 version (kernel, fixed 2.6.12.6) CVE-2005-2798 version (openssh, fixed 4.2) @@ -1397,7 +1397,7 @@ *CVE-2005-2261 version (thunderbird, fixed 1.0.5) *CVE-2005-2261 version (firefox, fixed 1.0.5) *CVE-2005-2260 version (firefox, fixed 1.0.5) -*CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) +CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) *CVE-2005-2114 version (firefox, fixed 1.0.5) *CVE-2005-2104 version (sysreport, fixed 1.4.1-5) CVE-2005-2103 version (gaim, fixed gaim:1.5.0) @@ -1441,7 +1441,7 @@ *CVE-2005-1751 version (nmap, fixed 3.93 at least) *CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used *CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable -*CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least) +CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least) *CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3) *CVE-2005-1730 (openssl) *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch @@ -1522,7 +1522,7 @@ *CVE-2005-1042 version (php, fixed 4.3.11) *CVE-2005-1041 version (kernel, fixed 2.6.12) *CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue -*CVE-2005-1038 backport (vixie-cron) +CVE-2005-1038 backport (vixie-cron) vixie-cron-4.1-CAN-2005-1038-fix-race.patch *CVE-2005-0990 version (sharutils, fixed 4.6 at least) *CVE-2005-0989 version (thunderbird) *CVE-2005-0989 version (firefox, fixed 1.0.3) @@ -1703,7 +1703,7 @@ *CVE-2005-0088 version (mod_python, fixed after 2.7.8) *CVE-2005-0087 version (alsa-lib, fixed 1.0.9) *CVE-2005-0086 version (less) didn't affect upstream -*CVE-2005-0085 version (htdig, fixed 3.1.6-r7) +CVE-2005-0085 version (htdig, fixed 3.1.6-r7) *CVE-2005-0084 version (wireshark, fixed 0.10.9) *CVE-2005-0080 version (mailman) not upstream *CVE-2005-0078 version (kde, fixed 3.0.5) @@ -2175,7 +2175,7 @@ *CVE-2003-0961 version (kernel, fixed 2.4.23) *CVE-2003-0959 version (kernel, fixed 2.4.21) *CVE-2003-0956 version (kernel, fixed 2.4.22) -*CVE-2003-0935 version (net-snmp, fixed 5.0.9) +CVE-2003-0935 version (net-snmp, fixed 5.0.9) *CVE-2003-0927 version (wireshark, fixed 0.9.16) *CVE-2003-0926 version (wireshark, fixed 0.9.16) *CVE-2003-0925 version (wireshark, fixed 0.9.16) @@ -2372,7 +2372,7 @@ *CVE-2002-2060 version (links, fixed after 2.0pre4) *CVE-2002-2043 ignore (cyrus-sasl) patch against cyrus-sasl *CVE-2002-2012 ignore (httpd) not upstream version -*CVE-2002-2010 version (htdig, fixed 3.1.6) +CVE-2002-2010 version (htdig, fixed 3.1.6) *CVE-2002-2009 version (tomcat, fixed 4.0.3) *CVE-2002-2007 version (tomcat, not 5) *CVE-2002-2006 version (tomcat, not 5) @@ -2398,7 +2398,7 @@ *CVE-2002-1573 version (kernel, not 2.6) *CVE-2002-1572 version (kernel, not 2.6) *CVE-2002-1571 version (kernel, not 2.6) -*CVE-2002-1570 version (net-snmp, fixed in 5.0.8 at least) +CVE-2002-1570 version (net-snmp, fixed in 5.0.8 at least) *CVE-2002-1568 version (openssl, fixed 0.9.6f) *CVE-2002-1568 version (openssl097a, fixed 0.9.6f) *CVE-2002-1567 version (tomcat, fixed 4.1.3) @@ -2470,7 +2470,7 @@ *CVE-2002-1217 version (tar, fixed 1.13.25) *CVE-2002-1175 version (fetchmail, fixed 6.2.0) *CVE-2002-1174 version (fetchmail, fixed 6.2.0) -*CVE-2002-1170 version (net-snmp, fixed 5.0.6) +CVE-2002-1170 version (net-snmp, fixed 5.0.6) *CVE-2002-1165 version (sendmail, fixed 8.12.10 at least) *CVE-2002-1160 version (pam) was our config *CVE-2002-1157 version (httpd, not 2.0) @@ -2601,10 +2601,10 @@ *CVE-2002-0043 version (sudo, fixed 1.6.4) *CVE-2002-0036 version (krb5, fixed 1.2.5) *CVE-2002-0029 version (bind, not 9) -*CVE-2002-0013 version (net-snmp, fixed 4.2.3) -*CVE-2002-0012 version (net-snmp, fixed 4.2.3) +CVE-2002-0013 version (net-snmp, fixed 4.2.3) +CVE-2002-0012 version (net-snmp, fixed 4.2.3) *CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong -*CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-lexer.patch +CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-11-lexer-parser.diff *CVE-2002-0003 version (groff, fixed 1.17.2) *CVE-2002-0002 version (stunnel, fixed 3.22) *CVE-2002-0001 version (mutt, fixed 1.3.25) @@ -2612,14 +2612,14 @@ *CVE-2001-1429 (mc) *CVE-2001-0955 version (XFree86, fixed 4.2.0) CVE-2001-0935 ignore, no-ship (wu-ftpd) -*CVE-2001-0474 version (mesa, fixed 3.3-14) -*CVE-2001-0310 (sort) -*CVE-2001-0235 (vixie-cron) +CVE-2001-0474 version (mesa, fixed 3.3-14) +CVE-2001-0310 ignore (sort) mkstemp is now being used +CVE-2001-0235 (vixie-cron) ** Is this really CVE-2005-1038? CVE-2001-0187 ignore, no-ship (wu-ftpd) -*CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch +CVE-2000-1191 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch CVE-2000-1137 version (ed, fixed 0.2-18.1) *CVE-2000-0992 (krb5) -*CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) +CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) -- fedora-extras-commits mailing list fedora-extras-commits@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-commits -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
