Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24517 Modified Files: fc7 Log Message: Deal with some ids Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- fc7 27 Jun 2007 20:12:10 -0000 1.25 +++ fc7 27 Jun 2007 21:22:48 -0000 1.26 @@ -26,7 +26,7 @@ CVE-2007-3025 ignore (clamav, Solaris only) CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3007 ignore (php) safe mode isn't safe +CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] @@ -38,7 +38,7 @@ *CVE-2007-2868 version (seamonkey, fixed 1.0.9) *CVE-2007-2867 version (seamonkey, fixed 1.0.9) *CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 -*CVE-2007-2844 ignore (php) #241641 +CVE-2007-2844 ignore (php) #241641 *CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 *CVE-2007-2799 (file) @@ -54,10 +54,10 @@ *CVE-2007-2627 ** (wordpress) #239904 *CVE-2007-2589 (squirrelmail) *CVE-2007-2583 (mysql) -*CVE-2007-2519 ignore (php-pear) no trust boundary is crossed -*CVE-2007-2511 ignore (php) #239011 see the bug -*CVE-2007-2510 (php) -*CVE-2007-2509 (php) +CVE-2007-2519 ignore (php-pear) no trust boundary is crossed +CVE-2007-2511 ignore (php) #239011 see the bug +CVE-2007-2510 version (php, fixed 5.2.2) +CVE-2007-2509 version (php, fixed 5.2.2) *CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213 CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] @@ -88,7 +88,7 @@ CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) *CVE-2007-2028 (freeradius) *CVE-2007-2026 (file) -*CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) +CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) CVE-2007-1997 version (clamav, fixed in 0.90.2) *CVE-2007-1995 (quagga) #240488 *CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 @@ -96,7 +96,7 @@ *CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912 *CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 *CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1864 (php) +CVE-2007-1864 version (php, fixed 5.2.2) *CVE-2007-1862 (httpd) *CVE-2007-1859 (xscreensaver) *CVE-2007-1858 (tomcat) @@ -109,17 +109,17 @@ *CVE-2007-1742 (httpd) *CVE-2007-1741 (httpd) *CVE-2007-1732 ignore (wordpress) #235015 -*CVE-2007-1718 (php) -*CVE-2007-1717 (php) -*CVE-2007-1711 (php) -*CVE-2007-1710 (php) -*CVE-2007-1709 (php) +CVE-2007-1718 version (php, fixed 5.2.2) +CVE-2007-1717 version (php, fixed 5.2.2) +CVE-2007-1711 version (php, 4.4.5 and 4.4.6 only) +CVE-2007-1710 version (php, fixed 5.2.2) +CVE-2007-1709 ignore (php) no security impact *CVE-2007-1667 (xorg-x11) -*CVE-2007-1649 (php) +CVE-2007-1649 version (php, fixed 5.2.2) *CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 -*CVE-2007-1583 (php) +CVE-2007-1583 version (php, fixed 5.2.2) *CVE-2007-1565 ignore (konqueror) client crash *CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] *CVE-2007-1562 (firefox, seamonkey, thunderbird) @@ -132,34 +132,34 @@ *CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1536 (file) -*CVE-2007-1521 (php) +CVE-2007-1521 ignore (php) See NVD *CVE-2007-1515 version (imp, fixed 4.1.4) CVE-2007-1496 version (kernel, fixed 2.6.20.3) -*CVE-2007-1484 (php) -*CVE-2007-1475 ignore (php) unshipped ibase extension +CVE-2007-1484 ignore (php) See NVD +CVE-2007-1475 ignore (php) unshipped ibase extension *CVE-2007-1474 version (horde, fixed 3.1.4) *CVE-2007-1474 ignore (imp, < 4.x only) *CVE-2007-1473 version (horde, fixed 3.1.4) *CVE-2007-1466 (openoffice.org) *CVE-2007-1464 version (inkscape, fixed 0.45.1) *CVE-2007-1463 version (inkscape, fixed 0.45.1) -*CVE-2007-1460 (php) +CVE-2007-1460 version (php, fixed 5.2.2) *CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 -*CVE-2007-1413 ignore (php) Windows NT SNMP specific -*CVE-2007-1412 ignore (php) unshipped cpdf extension -*CVE-2007-1411 ignore (php) unshipped mssql extension +CVE-2007-1413 ignore (php) Windows NT SNMP specific +CVE-2007-1412 ignore (php) unshipped cpdf extension +CVE-2007-1411 ignore (php) unshipped mssql extension *CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 *CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 -*CVE-2007-1401 ignore (php) unshipped cracklib extension -*CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) +CVE-2007-1401 ignore (php) unshipped cracklib extension +CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) *CVE-2007-1398 ignore (snort, inline mode not shipped) #232109 -*CVE-2007-1396 ignore (php) feature, not a flaw +CVE-2007-1396 ignore (php) feature, not a flaw *CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3) *CVE-2007-1385 version (ktorrent, fixed 2.1.2) *CVE-2007-1384 version (ktorrent, fixed 2.1.2) -*CVE-2007-1375 (php) +CVE-2007-1375 version (php, fixed 5.2.2) *CVE-2007-1366 ** (qemu) #238723 *CVE-2007-1362 version (seamonkey, fixed 1.0.9) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 @@ -171,9 +171,9 @@ *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 *CVE-2007-1320 ** (qemu) #238723 -*CVE-2007-1287 (php) -*CVE-2007-1286 (php) -*CVE-2007-1285 (php) +CVE-2007-1287 ignore (php) See NVD +CVE-2007-1286 version (php, PHP4 only) +CVE-2007-1285 version (php, 5.2.2) *CVE-2007-1282 version (seamonkey, fixed 1.0.8) *CVE-2007-1277 version (wordpress, fixed 2.1.2) *CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733 @@ -185,7 +185,7 @@ *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 *CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] -CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537 +CVE-2007-1216 version (krb5, fixed 1.6-3) #231537 *CVE-2007-1103 VULNERABLE (tor) #230927 *CVE-2007-1092 version (seamonkey, fixed 1.0.8) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) @@ -198,24 +198,24 @@ *CVE-2007-1004 VULNERABLE (firefox, ...) *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 *CVE-2007-1002 VULNERABLE (evolution) #233587 -*CVE-2007-1001 (php) +CVE-2007-1001 version (php, fixed 5.2.2) CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335] *CVE-2007-0999 (ekiga) *CVE-2007-0998 version (qemu, fixed 0.8.2) *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] *CVE-2007-0996 version (seamonkey, fixed 1.0.8) *CVE-2007-0995 version (seamonkey, fixed 1.0.8) -*CVE-2007-0988 (php) +CVE-2007-0988 version (php, fixed 5.2.1) *CVE-2007-0981 VULNERABLE (firefox, ...) *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782 -*CVE-2007-0911 (php) -*CVE-2007-0910 (php) -*CVE-2007-0909 (php) -*CVE-2007-0908 (php) -*CVE-2007-0907 (php) -*CVE-2007-0906 (php) +CVE-2007-0911 version (php, 5.2.1 only) +CVE-2007-0910 version (php, fixed 5.2.1) +CVE-2007-0909 version (php, fixed 5.2.1) +CVE-2007-0908 version (php, fixed 5.2.1) +CVE-2007-0907 version (php, fixed 5.2.1) +CVE-2007-0906 version (php, fixed 5.2.1) *CVE-2007-0903 version (ejabberd, fixed 1.1.3) *CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 @@ -236,7 +236,7 @@ CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952 *CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 *CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 -*CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated +CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated *CVE-2007-0657 ignore (nexuiz, 2.2.2 only (not shipped), fixed 2.2.3) *CVE-2007-0654 VULNERABLE (xmms) #233705 *CVE-2007-0653 VULNERABLE (xmms) #233705 @@ -248,8 +248,8 @@ *CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0537 VULNERABLE (kdebase) #225420 -*CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147] -*CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147] +CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147] +CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147] *CVE-2007-0475 version (smb4k, fixed 0.8.0) *CVE-2007-0474 version (smb4k, fixed 0.8.0) *CVE-2007-0473 version (smb4k, fixed 0.8.0) @@ -264,7 +264,7 @@ *CVE-2007-0452 (samba) *CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] *CVE-2007-0450 (tomcat) -*CVE-2007-0448 (php) +CVE-2007-0448 ignore (php) safe mode isn't safe *CVE-2007-0405 version (Django, fixed 0.95.1) *CVE-2007-0404 version (Django, fixed 0.95.1) *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) @@ -303,8 +303,8 @@ CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] *CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected -*CVE-2006-7205 (php) -*CVE-2006-7204 (php) +CVE-2006-7205 ignore (php) See NVD +CVE-2006-7204 ignore (php) See NVD *CVE-2006-7197 (tomcat) *CVE-2006-7196 (tomcat) *CVE-2006-7195 (tomcat) @@ -358,7 +358,7 @@ CVE-2006-6481 version (clamav, fixed 0.88.7) CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 CVE-2006-6385 ignore (kernel) windows only -*CVE-2006-6383 ignore (php) safe mode isn't safe +CVE-2006-6383 ignore (php) safe mode isn't safe *CVE-2006-6374 ** (phpMyAdmin) #218853 *CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] @@ -436,7 +436,7 @@ *CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] *CVE-2006-5747 version (seamonkey, fixed 1.0.6) #214822 *CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] -*CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe +CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe *CVE-2006-5705 backport (wordpress, fixed 2.0.4-3) #213985 *CVE-2006-5701 VULNERABLE (kernel) squashfs is not included upstream *CVE-2006-5633 ignore (firefox) just a client DoS @@ -452,7 +452,7 @@ *CVE-2006-5468 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] *CVE-2006-5467 backport (ruby) #212396 [since FEDORA-2006-1109] *CVE-2006-5466 VULNERABLE (rpm) #212833 -*CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169] +CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169] *CVE-2006-5464 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] *CVE-2006-5464 version (seamonkey, fixed 1.0.6) #214822 *CVE-2006-5464 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] @@ -480,7 +480,7 @@ *CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167 *CVE-2006-5214 version (xorg-x11-xdm) *CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession -*CVE-2006-5178 VULNERABLE (php) can't be fixed +CVE-2006-5178 VULNERABLE (php) can't be fixed *CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only *CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield *CVE-2006-5170 VULNERABLE (nss_ldap, fixed 183) @@ -510,7 +510,7 @@ *CVE-2006-4816 (php) *CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-4813 version (kernel, fixed 2.6.13) -*CVE-2006-4812 backport (php) php-5.1.6-ecalloc.patch +CVE-2006-4812 version (php, fixed 5.2) *CVE-2006-4811 version (qt, fixed 3.3.7) [since FEDORA-2006-1055] *CVE-2006-4810 backport (texinfo) [since FEDORA-2006-1203] *CVE-2006-4809 patch (imlib2, fixed 1.3.0-3) #214676 @@ -526,7 +526,7 @@ *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4663 ignore (kernel) not a vulnerability CVE-2006-4640 ignore, no-ship (flash-plugin) -*CVE-2006-4625 ignore (php) safe mode isn't safe +CVE-2006-4625 ignore (php) safe mode isn't safe *CVE-2006-4624 version (mailman, fixed 2.1.9rc1) *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) *CVE-2006-4600 version (openldap, fixed 2.3.25) @@ -556,18 +556,18 @@ *CVE-2006-4513 version (wv, fixed 1.2.4) #212696 *CVE-2006-4513 ** (abiword) #212698 *CVE-2006-4507 ignore (libtiff) can't reproduce -*CVE-2006-4486 version (php, fixed 5.1.6) -*CVE-2006-4485 version (php, fixed 5.1.5) -*CVE-2006-4484 version (php, fixed 5.1.5) +CVE-2006-4486 version (php, fixed 5.1.6) +CVE-2006-4485 version (php, fixed 5.1.5) +CVE-2006-4484 version (php, fixed 5.1.5) *CVE-2006-4484 ignore (gd) -*CVE-2006-4483 ignore (php) not linux -*CVE-2006-4482 version (php, fixed 5.1.5) -*CVE-2006-4481 ignore (php) safe mode isn't safe -*CVE-2006-4455 ignore (xchat) client DoS +CVE-2006-4483 ignore (php) not linux +CVE-2006-4482 version (php, fixed 5.1.5) +CVE-2006-4481 ignore (php) safe mode isn't safe +CVE-2006-4455 ignore (xchat) client DoS *CVE-2006-4447 ignore (xorg) not a security issue *CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable -*CVE-2006-4433 version (php, fixed 5.1.4) -*CVE-2006-4433 version (php, fixed 5.1.4) +CVE-2006-4433 version (php, fixed 5.1.4) +CVE-2006-4433 version (php, fixed 5.1.4) *CVE-2006-4380 version (mysql, fixed 4.1.13) *CVE-2006-4343 backport (openssl, fixed 0.9.8d) *CVE-2006-4342 ignore (kernel) rhel3 only @@ -602,12 +602,12 @@ *CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) *CVE-2006-4124 (lesstif) -*CVE-2006-4096 backport (bind) -*CVE-2006-4095 backport (bind) +CVE-2006-4096 version (bind, fixed 9.3.2-P1) +CVE-2006-4095 version (bind, fixed 9.3.2-P1) *CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5) *CVE-2006-4031 version (mysql, fixed 5.0.24) #202675 [since FEDORA-2006-1297] *CVE-2006-4028 version (wordpress, fixed 2.0.4) #201989 -*CVE-2006-4020 version (php, fixed 5.1.5) +CVE-2006-4020 version (php, fixed 5.1.5) *CVE-2006-4019 version (squirrelmail, fixed 1.4.8) CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 *CVE-2006-3918 version (httpd, fixed 2.2.2) @@ -722,16 +722,16 @@ *CVE-2006-3113 version (firefox, fixed 1.5.0.5) *CVE-2006-3093 ignore (acroread) windows only *CVE-2006-3085 version (kernel, fixed 2.6.17.1) -*CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux -*CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) +CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux +CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) *CVE-2006-3082 version (gnupg, fixed 1.4.4) *CVE-2006-3081 version (mysql, fixed 5.1.18) *CVE-2006-3057 version (dhcdbd, fixed 1.14) -*CVE-2006-3018 version (php, fixed 5.1.3) -*CVE-2006-3017 version (php, fixed 5.1.3) -*CVE-2006-3016 version (php, fixed 5.1.3) +CVE-2006-3018 version (php, fixed 5.1.3) +CVE-2006-3017 version (php, fixed 5.1.3) +CVE-2006-3016 version (php, fixed 5.1.3) *CVE-2006-3014 ignore (flash-plugin) windows only -*CVE-2006-3011 ignore (php) safe mode isn't safe +CVE-2006-3011 ignore (php) safe mode isn't safe *CVE-2006-3005 ignore (libjpeg) not a vuln *CVE-2006-2941 version (mailman, fixed 2.1.9) *CVE-2006-2940 backport (openssl, fixed 0.9.8d) @@ -777,15 +777,15 @@ *CVE-2006-2753 version (mysql, fixed 5.0.22) *CVE-2006-2723 ignore (firefox) disputed *CVE-2006-2661 version (freetype, fixed 2.2.1) -*CVE-2006-2660 ignore (php) see #195539 +CVE-2006-2660 ignore (php) see #195539 *CVE-2006-2658 version (xsp, fixed 1.1.14) #206510 -*CVE-2006-2657 (php) +CVE-2006-2657 (php) DUPE CVE-2006-3017 *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch *CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC *CVE-2006-2613 ignore (firefox) This isn't an issue on FC CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_48-security.patch *CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983 -*CVE-2006-2563 ignore (php) safe mode isn't safe +CVE-2006-2563 ignore (php) safe mode isn't safe *CVE-2006-2502 (cyrus-imapd) *CVE-2006-2489 version (nagios, fixed 2.3.1) *CVE-2006-2480 patch (dia, fixed 0.95-2) bz#192535 @@ -829,17 +829,17 @@ *CVE-2006-2120 version (libtiff, fixed 3.8.2 at least) *CVE-2006-2093 version (nessus, fixed 2.2.7) bz#191053 CVE-2006-2083 version (rsync, fixed 2.6.8) -*CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP +CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP *CVE-2006-2071 version (kernel, fixed 2.6.16.6) *CVE-2006-2057 ignore (firefox) not Linux *CVE-2006-2026 version (libtiff, fixed 3.8.1) *CVE-2006-2025 version (libtiff, fixed 3.8.1) *CVE-2006-2024 version (libtiff, fixed 3.8.1) *CVE-2006-2017 version (dnsmasq, fixed 2.30) -*CVE-2006-2016 version (phpldapadmin, fixed 0.9.8.1) +CVE-2006-2016 version (phpldapadmin, fixed 0.9.8.1) *CVE-2006-1993 version (firefox, fixed 1.5.0.3) -*CVE-2006-1991 version (php) -*CVE-2006-1990 version (php) +CVE-2006-1991 version (php, fixed 5.1.3) +CVE-2006-1990 version (php, fixed 5.1.3) CVE-2006-1989 version (clamav, fixed 0.88.2) *CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch *CVE-2006-1942 version (firefox, fixed 1.5.0.4) @@ -936,11 +936,11 @@ *CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1608 ignore (php) safe mode isn't safe +CVE-2006-1608 ignore (php) safe mode isn't safe *CVE-2006-1577 version (mantis, fixed 1.0.5) bz#191089 *CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) *CVE-2006-1550 version (dia, fixed 0.95) bz#187556 -*CVE-2006-1549 ignore (php) this is not a security issue +CVE-2006-1549 ignore (php) this is not a security issue *CVE-2006-1548 version (struts, fixed 1.2.9) *CVE-2006-1547 version (struts, fixed 1.2.9) *CVE-2006-1546 version (struts, fixed 1.2.9) @@ -966,8 +966,8 @@ *CVE-2006-1517 version (mysql, fixed 5.0.21) *CVE-2006-1516 version (mysql, fixed 5.0.21) *CVE-2006-1498 version (mediawiki, fixed 1.5.8) bz#188122 -*CVE-2006-1494 version (php) -*CVE-2006-1490 version (php, fixed 5.1.4) +CVE-2006-1494 version (php, fixed 5.1.3) +CVE-2006-1490 version (php, fixed 5.1.4) *CVE-2006-1470 version (openldap, not 2.3.24 at least) *CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353 *CVE-2006-1370 (helixplayer) @@ -1000,10 +1000,10 @@ *CVE-2006-1053 (fedora directory server) *CVE-2006-1052 version (kernel, fixed 2.6.16) *CVE-2006-1045 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1015 ignore (php) safe mode isn't safe -*CVE-2006-1014 ignore (php) safe mode isn't safe -*CVE-2006-0996 version (php, fixed 5.1.4) -*CVE-2006-0987 (bind) +CVE-2006-1015 ignore (php) safe mode isn't safe +CVE-2006-1014 ignore (php) safe mode isn't safe +CVE-2006-0996 version (php, fixed 5.1.4) +CVE-2006-0987 VULNERABLE (bind) example config file only *CVE-2006-0903 version (mysql, 4.1.19) *CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) CVE-2006-0883 version (openssh, fixed 3.8.1p1) @@ -1091,20 +1091,20 @@ *CVE-2006-0254 version (tomcat5, fixed 5.5.16) *CVE-2006-0236 ignore (thunderbird) windows only CVE-2006-0225 version (openssh, fixed 4.3p2) #168167 -*CVE-2006-0208 version (php, fixed 5.1.2) -*CVE-2006-0207 version (php, fixed 5.1.2) -*CVE-2006-0200 version (php, fixed 5.1.2) +CVE-2006-0208 version (php, fixed 5.1.2) +CVE-2006-0207 version (php, fixed 5.1.2) +CVE-2006-0200 version (php, fixed 5.1.2) *CVE-2006-0197 ignore (xorg-x11) not an issue *CVE-2006-0195 version (squirrelmail, fixed 1.4.6) *CVE-2006-0188 version (squirrelmail, fixed 1.4.6) CVE-2006-0162 version (clamav, fixed 0.88) -*CVE-2006-0151 (sudo) +CVE-2006-0151 ignore (sudo) only env_reset will properly clean the environment *CVE-2006-0150 (auth_ldap) -*CVE-2006-0144 version (php-pear, not 1.4.4) +CVE-2006-0144 version (php-pear, not 1.4.4) *CVE-2006-0126 version (rxvt-unicode, fixed 7.5) *CVE-2006-0106 version (wine, fixed 0.9.10) *CVE-2006-0105 (postgresql) -*CVE-2006-0097 ignore (php) Windows only +CVE-2006-0097 ignore (php) Windows only *CVE-2006-0096 ignore (kernel) minor and requires root *CVE-2006-0095 version (kernel, fixed 2.6.16) *CVE-2006-0082 version (ImageMagick, not 6.2.5.4) @@ -1153,8 +1153,8 @@ *CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471] *CVE-2005-4348 version (fetchmail, fixed 6.3.1) CVE-2005-4268 backport (cpio) cpio-2.6-writeOutHeaderBufferOverflow.patch -*CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment -*CVE-2005-4154 ignore (php) don't install untrusted pear packages +CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment +CVE-2005-4154 ignore (php) don't install untrusted pear packages *CVE-2005-4153 version (mailman) *CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html *CVE-2005-4130 (helixplayer) @@ -1167,7 +1167,7 @@ *CVE-2005-3890 (pidgin) *CVE-2005-3889 (pidgin) *CVE-2005-3888 (pidgin) -*CVE-2005-3883 version (php, fixed 5.1.1 at least) +CVE-2005-3883 version (php, fixed 5.1.1 at least) *CVE-2005-3858 version (kernel, fixed 2.6.13) *CVE-2005-3857 version (kernel, fixed 2.6.15) *CVE-2005-3848 version (kernel, fixed 2.6.13) @@ -1195,23 +1195,23 @@ *CVE-2005-3629 version (initscripts, fixed 8.29 at least) *CVE-2005-3628 version (poppler, fixed 0.4.4) *CVE-2005-3628 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3628 version (cups, fixed 1.2.0) +CVE-2005-3628 version (cups, fixed 1.2.0) *CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3627 version (poppler, fixed 0.4.4) *CVE-2005-3627 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3627 version (cups, fixed 1.2.0) +CVE-2005-3627 version (cups, fixed 1.2.0) *CVE-2005-3627 backport (tetex) *CVE-2005-3626 version (poppler, fixed 0.4.4) *CVE-2005-3626 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3626 version (cups, fixed 1.2.0) +CVE-2005-3626 version (cups, fixed 1.2.0) *CVE-2005-3626 backport (tetex) *CVE-2005-3625 version (poppler, fixed 0.4.4) *CVE-2005-3625 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3625 version (cups, fixed 1.2.0) +CVE-2005-3625 version (cups, fixed 1.2.0) *CVE-2005-3625 backport (tetex) *CVE-2005-3624 version (poppler, fixed 0.4.4) *CVE-2005-3624 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3624 version (cups, fixed 1.2.0) +CVE-2005-3624 version (cups, fixed 1.2.0) *CVE-2005-3624 backport (tetex) *CVE-2005-3623 version (kernel, fixed 2.6.14.5) CVE-2005-3591 ignore, no-ship (flash-plugin) @@ -1220,22 +1220,22 @@ *CVE-2005-3527 version (kernel, fixed 2.6.14) *CVE-2005-3510 (tomcat) *CVE-2005-3402 ignore (thunderbird) mozilla say by design -*CVE-2005-3392 version (php, not 5.0) -*CVE-2005-3391 version (php, not 5.0) -*CVE-2005-3390 version (php, fixed 5.1.0) -*CVE-2005-3389 version (php, fixed 5.1.1) -*CVE-2005-3388 version (php, fixed 5.1.1) +CVE-2005-3392 version (php, not 5.0) +CVE-2005-3391 version (php, not 5.0) +CVE-2005-3390 version (php, fixed 5.1.0) +CVE-2005-3389 version (php, fixed 5.1.1) +CVE-2005-3388 version (php, fixed 5.1.1) *CVE-2005-3359 version (kernel, fixed 2.6.14) *CVE-2005-3358 version (kernel, fixed 2.6.11) *CVE-2005-3357 version (httpd, fixed 2.2.1) *CVE-2005-3356 version (kernel, fixed 2.6.16) *CVE-2005-3354 (sylpheed) -*CVE-2005-3353 version (php, not 5.0) +CVE-2005-3353 version (php, not 5.0) *CVE-2005-3352 version (httpd, fixed 2.2.1) *CVE-2005-3351 version (spamassassin, fixed 3.1.0) *CVE-2005-3350 (libungif) CVE-2005-3322 version (squid) not upstream, SUSE only -*CVE-2005-3319 ignore (mod_php) no security consequence +CVE-2005-3319 ignore (mod_php) no security consequence *CVE-2005-3313 version (wireshark, fixed after 0.10.13) *CVE-2005-3276 version (kernel, fixed 2.6.12.4) *CVE-2005-3275 version (kernel, fixed 2.6.13) @@ -1257,15 +1257,15 @@ *CVE-2005-3241 version (wireshark, fixed 0.10.13) *CVE-2005-3193 version (poppler, fixed 0.4.4) *CVE-2005-3193 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3193 version (cups, fixed 1.2.0) +CVE-2005-3193 version (cups, fixed 1.2.0) *CVE-2005-3193 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3192 version (poppler, fixed 0.4.4) *CVE-2005-3192 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3192 version (cups, fixed 1.2.0) +CVE-2005-3192 version (cups, fixed 1.2.0) *CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3191 version (poppler, fixed 0.4.4) *CVE-2005-3191 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3191 version (cups, fixed 1.2.0) +CVE-2005-3191 version (cups, fixed 1.2.0) *CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3186 version (gtk2, fixed 2.8.7 at least) *CVE-2005-3185 version (wget, fixed 1.10.2 at least) @@ -1287,7 +1287,7 @@ *CVE-2005-3089 version (firefox, fixed 1.0.7) *CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped *CVE-2005-3055 version (kernel, fixed 2.6.14) -*CVE-2005-3054 ignore (php) +CVE-2005-3054 ignore (php) *CVE-2005-3053 version (kernel, fixed 2.6.12.5) *CVE-2005-3044 version (kernel, fixed 2.6.13.2) *CVE-2005-3011 backport (texinfo) texinfo-CAN-2005-3011.patch @@ -1303,7 +1303,7 @@ *CVE-2005-2969 backport (openssl097a, fixed 0.9.7h) *CVE-2005-2968 version (thunderbird) *CVE-2005-2968 version (firefox) -*CVE-2005-2959 ignore (sudo) not a vulnerability +CVE-2005-2959 ignore (sudo) not a vulnerability *CVE-2005-2958 (libgda) *CVE-2005-2946 version (openssl, fixed 0.9.8) *CVE-2005-2933 version (libc-client, fixed 2004g at least) @@ -1311,7 +1311,7 @@ *CVE-2005-2922 (helixplayer) CVE-2005-2917 version (squid, fixed 2.5.STABLE11) *CVE-2005-2876 version (util-linux, fixed 2.13-pre3) -*CVE-2005-2874 version (cups, fixed 1.1.23) +CVE-2005-2874 version (cups, fixed 1.1.23) *CVE-2005-2873 version (kernel, fixed 2.6.18-rc1) *CVE-2005-2872 version (kernel, fixed 2.6.12) *CVE-2005-2871 version (thunderbird) @@ -1361,14 +1361,14 @@ *CVE-2005-2547 version (bluez-pin, fixed 2.19) not before 2.16 *CVE-2005-2541 ignore (tar) is documented behaviour *CVE-2005-2500 version (kernel, fixed 2.6.13) -*CVE-2005-2498 version (php, fixed xml_rpc:1.4.0) +CVE-2005-2498 version (php, fixed xml_rpc:1.4.0) *CVE-2005-2496 version (ntp, fixed 4.2.0b) *CVE-2005-2495 version (xorg-x11-server, fixed 0.99.3 at least) *CVE-2005-2494 version (kdebase, fixed after 3.4.2) *CVE-2005-2492 version (kernel, fixed 2.6.13.1) *CVE-2005-2491 version (pcre, fixed 6.2) *CVE-2005-2491 ignore (python) fc6 python does not contain pcre -*CVE-2005-2491 ignore (php) php uses system pcre +CVE-2005-2491 ignore (php) php uses system pcre *CVE-2005-2491 ignore (httpd) httpd uses system pcre *CVE-2005-2490 version (kernel, fixed 2.6.13.1) *CVE-2005-2475 backport (unzip) unzip-5.52-toctou.patch @@ -1422,7 +1422,7 @@ *CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4 *CVE-2005-2099 version (kernel, fixed 2.6.12.5) *CVE-2005-2098 version (kernel, fixed 2.6.12.5) -*CVE-2005-2097 version (cups) +CVE-2005-2097 version (cups, fixed 1.2) *CVE-2005-2096 version (rpm, fixed 4.4.2) *CVE-2005-2096 backport (zlib, fixed 1.2.2.4) *CVE-2005-2095 version (squirrelmail, fixed 1.4.5) @@ -1431,17 +1431,17 @@ *CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch *CVE-2005-2023 version (gnupg, only 1.9.14) -*CVE-2005-1993 version (sudo, fixed 1.6.8p9) +CVE-2005-1993 version (sudo, fixed 1.6.8p9) *CVE-2005-1992 version (ruby, fixed 1.8.3 at least) *CVE-2005-1937 version (firefox, fixed 1.0.5) CVE-2005-1934 version (gaim, fixed gaim:1.5.0) -*CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) +CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) *CVE-2005-1920 version (kdelibs, fixed 3.4.1) *CVE-2005-1918 version (tar) *CVE-2005-1913 version (kernel, fixed 2.6.12.2) *CVE-2005-1852 version (kdenetwork, fixed 3.4.2) *CVE-2005-1849 version (zlib, fixed 1.2.3) -*CVE-2005-1831 ignore (sudo) unsubstantiated report +CVE-2005-1831 ignore (sudo) unsubstantiated report *CVE-2005-1769 version (squirrelmail, fixed 1.4.5) *CVE-2005-1768 version (kernel, fixed 2.6.6) *CVE-2005-1767 version (kernel, fixed 2.6.7) @@ -1451,7 +1451,7 @@ *CVE-2005-1762 version (kernel, fixed 2.6.12) *CVE-2005-1761 version (kernel, fixed 2.6.12.2) *CVE-2005-1760 version (sysreport, fixed 1.4.1-3) -*CVE-2005-1759 ignore (php) dead code path +CVE-2005-1759 ignore (php) dead code path *CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used *CVE-2005-1753 (tomcat) *CVE-2005-1751 version (nmap, fixed 3.93 at least) @@ -1463,11 +1463,11 @@ *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch *CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least) *CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch -*CVE-2005-1689 version (krb5, fixed 1.4.2) +CVE-2005-1689 version (krb5, fixed 1.4.2) *CVE-2005-1686 ignore (gedit) not a vulnerability *CVE-2005-1636 version (mysql, fixed 4.1.12) *CVE-2005-1589 version (kernel, fixed 2.6.11.10) -*CVE-2005-1571 version (php, fixed shtool 2.0.2) +CVE-2005-1571 version (php, fixed shtool 2.0.2) *CVE-2005-1544 version (libtiff, fixed 3.7.1 at least) *CVE-2005-1532 version (thunderbird) *CVE-2005-1532 version (firefox, fixed 1.0.4) @@ -1518,8 +1518,8 @@ *CVE-2005-1228 backport (gzip) changelog *CVE-2005-1194 backport (nasm) changelog *CVE-2005-1184 ignore (kernel) expected to not be an issue -*CVE-2005-1175 version (krb5, fixed 1.4.2) -*CVE-2005-1174 version (krb5, fixed 1.4.2) +CVE-2005-1175 version (krb5, fixed 1.4.2) +CVE-2005-1174 version (krb5, fixed 1.4.2) *CVE-2005-1160 version (thunderbird) *CVE-2005-1160 version (firefox) *CVE-2005-1159 version (thunderbird) @@ -1534,8 +1534,8 @@ *CVE-2005-1065 version (tetex) not upstream version *CVE-2005-1061 version (logwatch, fixed 4.3.2 at least) *CVE-2005-1046 version (kdelibs, fixed after 3.4.0) -*CVE-2005-1043 version (php, fixed 4.3.11) -*CVE-2005-1042 version (php, fixed 4.3.11) +CVE-2005-1043 version (php, fixed 4.3.11) +CVE-2005-1042 version (php, fixed 4.3.11) *CVE-2005-1041 version (kernel, fixed 2.6.12) *CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue CVE-2005-1038 backport (vixie-cron) vixie-cron-4.1-CAN-2005-1038-fix-race.patch @@ -1593,7 +1593,7 @@ *CVE-2005-0611 (helixplayer) *CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) *CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour -*CVE-2005-0596 version (php, fixed 5.0) +CVE-2005-0596 version (php, fixed 5.0) *CVE-2005-0593 version (firefox) *CVE-2005-0592 version (firefox) *CVE-2005-0591 version (firefox, fixed 1.0.1) @@ -1614,20 +1614,20 @@ *CVE-2005-0530 version (kernel, fixed 2.6.11) *CVE-2005-0529 version (kernel, fixed 2.6.11) *CVE-2005-0527 version (firefox, fixed 1.0.1) -*CVE-2005-0525 version (php, fixed 5.0.4) -*CVE-2005-0524 version (php, fixed 5.0.4) +CVE-2005-0525 version (php, fixed 5.0.4) +CVE-2005-0524 version (php, fixed 5.0.4) *CVE-2005-0509 version (mono, not after 1.0.5) *CVE-2005-0504 version (kernel, not 2.6) doesn't build in 2.6 *CVE-2005-0490 version (curl, fixed 7.13.1) *CVE-2005-0489 version (kernel, not 2.6) *CVE-2005-0488 backport (telnet) -*CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch +CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch CVE-2005-0473 version (gaim, fixed gaim:1.5.0) CVE-2005-0472 version (gaim, fixed gaim:1.5.0) *CVE-2005-0470 version (wpa_supplicant, fixed 0.2.7) -*CVE-2005-0469 version (krb5, fixed 1.4.1) +CVE-2005-0469 version (krb5, fixed 1.4.1) *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch -*CVE-2005-0468 version (krb5, fixed 1.4.1) +CVE-2005-0468 version (krb5, fixed 1.4.1) *CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch *CVE-2005-0455 (helixplayer) *CVE-2005-0452 (perl) @@ -1728,10 +1728,10 @@ *CVE-2005-0069 version (vim, fixed 7.0 at least) *CVE-2005-0064 version (tetex, fixed 3.0) *CVE-2005-0064 version (kdegraphics, not 3.4) -*CVE-2005-0064 version (cups, fixed 1.2.2) +CVE-2005-0064 version (cups, fixed 1.2.2) *CVE-2005-0039 ignore (kernel) not a vulnerability: don't do this says the rfc -*CVE-2005-0034 version (bind, fixed after 9.3.0) -*CVE-2005-0033 version (bind, not 9) +CVE-2005-0034 version (bind, fixed after 9.3.0) +CVE-2005-0033 version (bind, not 9) *CVE-2005-0023 ignore (libvte) not a security risk *CVE-2005-0022 (exim) *CVE-2005-0014 version (ncpfs, fixed 2.2.6) @@ -1770,7 +1770,7 @@ *CVE-2004-2228 version (firefox, fixed 1.0) *CVE-2004-2227 version (firefox, fixed 1.0) *CVE-2004-2225 version (firefox, fixed 0.10.1) -*CVE-2004-2154 version (cups, fixed 1.2.21rc1) +CVE-2004-2154 version (cups, fixed 1.1.21rc1) *CVE-2004-2149 version (mysql, fixed 4.1.5) *CVE-2004-2136 ignore (dm-crypt) design *CVE-2004-2135 ignore (kernel) design @@ -1784,7 +1784,7 @@ *CVE-2004-1773 version (sharutils, not 4.6) *CVE-2004-1772 version (sharutils, not 4.6) *CVE-2004-1761 version (wireshark, fixed 0.10.3) -*CVE-2004-1689 version (sudo, fixed 1.6.8p1) +CVE-2004-1689 version (sudo, fixed 1.6.8p1) CVE-2004-1653 ignore (openssh) *CVE-2004-1639 version (firefox) *CVE-2004-1617 ignore (lynx) not able to verify flaw @@ -1798,7 +1798,7 @@ *CVE-2004-1450 version (firefox) *CVE-2004-1449 version (thunderbird) *CVE-2004-1449 version (firefox) -*CVE-2004-1392 version (php, fixed 5.0.4) +CVE-2004-1392 version (php, fixed 5.0.4) *CVE-2004-1382 version (glibc, not 2.3.5) *CVE-2004-1381 version (firefox) *CVE-2004-1380 version (firefox) @@ -1812,12 +1812,12 @@ *CVE-2004-1308 version (libtiff, fixed 3.7.1 at least) *CVE-2004-1307 version (libtiff, was already fixed with 0886) *CVE-2004-1304 version (file, fixed 4.12) -*CVE-2004-1296 backport (groff) from srpm +CVE-2004-1296 backport (groff) patch groff-1.18.1.1-tempfile.patch *CVE-2004-1287 backport (nasm) changelog -*CVE-2004-1270 version (cups, fixed 1.1.23) -*CVE-2004-1269 version (cups, fixed 1.1.23) -*CVE-2004-1268 version (cups, fixed 1.1.23) -*CVE-2004-1267 version (cups, fixed 1.1.23) +CVE-2004-1270 version (cups, fixed 1.1.23) +CVE-2004-1269 version (cups, fixed 1.1.23) +CVE-2004-1268 version (cups, fixed 1.1.23) +CVE-2004-1267 version (cups, fixed 1.1.23) *CVE-2004-1237 version (kernel, not 2.6) not upstream *CVE-2004-1235 version (kernel, fixed 2.6.11) *CVE-2004-1234 version (kernel, not 2.6) @@ -1825,7 +1825,7 @@ *CVE-2004-1200 ignore (firefox, mozilla) not a security issue *CVE-2004-1191 version (kernel, fixed 2.6.9) *CVE-2004-1190 version (kernel, fixed 2.6.10) -*CVE-2004-1189 version (krb5, fixed 1.4) +CVE-2004-1189 version (krb5, fixed 1.4) *CVE-2004-1186 backport (enscript) enscript-1.6.1-CAN-2004-1186.patch *CVE-2004-1185 backport (enscript) enscript-1.6.1-CAN-2004-1185.patch *CVE-2004-1184 version (enscript, fixed 1.6.4 at least) @@ -1867,20 +1867,20 @@ *CVE-2004-1070 version (kernel, fixed 2.6.10) *CVE-2004-1069 version (kernel, fixed 2.6.10) *CVE-2004-1068 version (kernel, fixed 2.6.10) -*CVE-2004-1065 version (php, fixed after 5.0.2) -*CVE-2004-1064 version (php, fixed after 5.0.2) -*CVE-2004-1063 version (php, fixed after 5.0.2) +CVE-2004-1065 version (php, fixed after 5.0.2) +CVE-2004-1064 version (php, fixed after 5.0.2) +CVE-2004-1063 version (php, fixed after 5.0.2) *CVE-2004-1060 version (kernel) all verifies sequence number *CVE-2004-1058 version (kernel, fixed 2.6.9) *CVE-2004-1057 version (kernel, fixed 2.6.10) *CVE-2004-1056 version (kernel, fixed 2.6.10) -*CVE-2004-1051 version (sudo, fixed 1.6.8p2) +CVE-2004-1051 version (sudo, fixed 1.6.8p2) *CVE-2004-1036 version (squirrelmail, fixed 1.4.4) *CVE-2004-1026 patch (imlib, fixed 1.9.15-2) #235416 *CVE-2004-1025 patch (imlib, fixed 1.9.15-2) #235416 -*CVE-2004-1020 version (php, fixed after 5.0.2) -*CVE-2004-1019 version (php, fixed after 5.0.2) -*CVE-2004-1018 version (php, fixed after 5.0.2) +CVE-2004-1020 version (php, fixed after 5.0.2) +CVE-2004-1019 version (php, fixed after 5.0.2) +CVE-2004-1018 version (php, fixed after 5.0.2) *CVE-2004-1017 version (kernel, fixed 2.6.10) *CVE-2004-1016 version (kernel, fixed 2.6.10) *CVE-2004-1014 version (nfs-utils, fixed 1.0.7) @@ -1902,16 +1902,16 @@ *CVE-2004-0975 backport (openssl097a, fixed 0.9.7f) *CVE-2004-0974 version (netatalk, fixed 2.0.1) *CVE-2004-0972 version (lvm2, fixed 2.2.01.8 at least) -*CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch +CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch *CVE-2004-0970 version (gzip) -*CVE-2004-0969 version (groff, fixed 1.18.1.1) +CVE-2004-0969 version (groff, fixed 1.18.1.1) *CVE-2004-0968 version (glibc, fixed 2.3.5 at least) *CVE-2004-0967 version (ghostscript, fixed 8.15.1) *CVE-2004-0966 version (gettext, fixed 0.14.3 at least) *CVE-2004-0961 version (freeradius, fixed 1.0.1) *CVE-2004-0960 version (freeradius, fixed 1.0.1) -*CVE-2004-0959 version (php, fixed 4.3.9) -*CVE-2004-0958 version (php, fixed 4.3.9) +CVE-2004-0959 version (php, fixed 4.3.9) +CVE-2004-0958 version (php, fixed 4.3.9) *CVE-2004-0957 version (mysql, fixed 4.0.21) *CVE-2004-0956 version (mysql, fixed 4.0.20) *CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6) @@ -1921,7 +1921,7 @@ *CVE-2004-0938 version (freeradius, fixed 1.0.1) *CVE-2004-0930 version (samba, fixed 3.0.8) *CVE-2004-0929 version (libtiff, fixed 3.7.0) -*CVE-2004-0923 version (cups, fixed 1.2.22) +CVE-2004-0923 version (cups, fixed 1.1.22) CVE-2004-0918 version (squid, fixed 2.4.STABLE7) *CVE-2004-0914 version (xorg-x11, fixed after 6.8.1) *CVE-2004-0909 version (thunderbird) @@ -1933,7 +1933,7 @@ CVE-2004-0891 version (gaim, fixed gaim:1.0.2) *CVE-2004-0888 version (tetex, fixed 3.0) *CVE-2004-0888 version (kdegraphics, not 3.4) -*CVE-2004-0888 version (cups) +*CVE-2004-0888 version (cups, fixed 1.2) *CVE-2004-0887 version (kernel, fixed 2.6.10) *CVE-2004-0886 version (libtiff, fixed 3.7.1 at least) *CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109) @@ -1982,7 +1982,7 @@ *CVE-2004-0779 version (thunderbird) *CVE-2004-0779 version (firefox) *CVE-2004-0778 version (cvs, fixed 1.11.17) -*CVE-2004-0772 version (krb5, fixed after 1.2.8) +CVE-2004-0772 version (krb5, fixed after 1.2.8) *CVE-2004-0768 version (libpng, fixed 1.2.6) *CVE-2004-0755 version (ruby, fixed 1.8.1) CVE-2004-0754 version (gaim, fixed gaim:0.82.1) @@ -2006,9 +2006,9 @@ *CVE-2004-0658 ignore (kernel) not a security issue *CVE-2004-0648 version (thunderbird) *CVE-2004-0648 version (firefox) -*CVE-2004-0644 version (krb5, fixed after 1.3.4) -*CVE-2004-0643 version (krb5, fixed after 1.3.1) -*CVE-2004-0642 version (krb5, fixed after 1.3.4) +CVE-2004-0644 version (krb5, fixed after 1.3.4) +CVE-2004-0643 version (krb5, fixed after 1.3.1) +CVE-2004-0642 version (krb5, fixed after 1.3.4) *CVE-2004-0639 version (squirrelmail, fixed after 1.2.10) *CVE-2004-0635 version (wireshark, fixed 0.10.5) *CVE-2004-0634 version (wireshark, fixed 0.10.5) @@ -2023,11 +2023,11 @@ *CVE-2004-0599 version (libpng, fixed 1.2.6) *CVE-2004-0598 version (libpng, fixed 1.2.6) *CVE-2004-0597 version (libpng, fixed 1.2.6) -*CVE-2004-0595 version (php, fixed 4.3.8) -*CVE-2004-0594 version (php, fixed 4.3.8) +CVE-2004-0595 version (php, fixed 4.3.8) +CVE-2004-0594 version (php, fixed 4.3.8) *CVE-2004-0592 version (kernel) not upstream flaw *CVE-2004-0587 version (kernel) not upstream flaw -*CVE-2004-0558 version (cups, fixed 1.1.21) +CVE-2004-0558 version (cups, fixed 1.1.21) *CVE-2004-0557 version (sox, fixed after 12.17.4) *CVE-2004-0554 version (kernel, fixed 2.6.7) *CVE-2004-0550 (helixplayer) @@ -2036,7 +2036,7 @@ CVE-2004-0541 version (squid, fixed 2.5.STABLE6) *CVE-2004-0535 version (kernel, fixed 2.6.6) *CVE-2004-0527 version (konqueror, not 3+) -*CVE-2004-0523 version (krb5, fixed 1.3.4) +CVE-2004-0523 version (krb5, fixed 1.3.4) *CVE-2004-0521 version (squirrelmail, fixed 1.4.3a) *CVE-2004-0520 version (squirrelmail, fixed 1.4.3a) *CVE-2004-0519 version (squirrelmail, fixed 1.4.3a) @@ -2071,7 +2071,7 @@ *CVE-2004-0413 version (subversion, fixed 1.0.5) *CVE-2004-0412 version (mailman, fixed 2.1.5) *CVE-2004-0411 version (kdelibs, fixed 3.3) -*CVE-2004-0409 version (xchat, fixed 2.0.9) +CVE-2004-0409 version (xchat, fixed 2.0.9) *CVE-2004-0405 version (cvs, fixed 1.11) *CVE-2004-0403 version (racoon, fixed ipsec-tools-0.6.5 at least) *CVE-2004-0398 version (neon, fixed 0.24.6) @@ -2084,7 +2084,7 @@ *CVE-2004-0381 version (mysql, fixed 4.1.11 at least) *CVE-2004-0367 version (wireshark, fixed 0.10.3) *CVE-2004-0365 version (wireshark, fixed 0.10.3) -*CVE-2004-0263 version (php, fixed 4.3.5) +CVE-2004-0263 version (php, fixed 4.3.5) *CVE-2004-0256 version (libtool, fixed 1.5.2) *CVE-2004-0233 version (libutempter, fixed 0.5.5) *CVE-2004-0232 version (mc, fixed 4.6.0) @@ -2107,7 +2107,7 @@ *CVE-2004-0177 version (kernel, fixed 2.6.6) *CVE-2004-0176 version (wireshark, fixed 0.10.3) CVE-2004-0175 version (openssh, fixed 3.4p1) -*CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch +CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch *CVE-2004-0174 version (httpd, not 2.2) *CVE-2004-0173 version (httpd, not 2.2) *CVE-2004-0164 version (racoon) @@ -2124,7 +2124,7 @@ *CVE-2004-0108 version (sysstat) *CVE-2004-0107 version (sysstat, fixed after 4.0.7) *CVE-2004-0106 version (XFree86) -*CVE-2004-0098 version (php) +CVE-2004-0098 ignore (php) no security implications *CVE-2004-0097 version (pwlib, fixed 1.6.0) *CVE-2004-0096 version (mod_python, fixed after 2.7.9) *CVE-2004-0094 version (XFree86, fixed 4.3.0) @@ -2151,9 +2151,9 @@ *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) CVE-2003-1329 ignore, no-ship (wu-ftpd) -*CVE-2003-1307 ignore (mod_php) not a vulnerability -*CVE-2003-1303 version (php, fixed 4.3.3) -*CVE-2003-1302 version (php, fixed 4.3.1) +CVE-2003-1307 ignore (mod_php) not a vulnerability +CVE-2003-1303 version (php, fixed 4.3.3) +CVE-2003-1302 version (php, fixed 4.3.1) *CVE-2003-1295 (xscreensaver) *CVE-2003-1294 (xscreensaver) *CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 @@ -2196,14 +2196,14 @@ *CVE-2003-0926 version (wireshark, fixed 0.9.16) *CVE-2003-0925 version (wireshark, fixed 0.9.16) *CVE-2003-0924 version (netpbm, fixed 9.26) -*CVE-2003-0914 version (bind, not 9) +CVE-2003-0914 version (bind, not 9) *CVE-2003-0901 version (postgresql, not 8) *CVE-2003-0900 version (perl, only 5.8.1) *CVE-2003-0885 (xscreensaver) *CVE-2003-0865 version (tomcat, fixed after 4.0.3) -*CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html -*CVE-2003-0861 version (php, fixed 4.3.3) -*CVE-2003-0860 version (php, fixed 4.3.3) +CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html +CVE-2003-0861 version (php, fixed 4.3.3) +CVE-2003-0860 version (php, fixed 4.3.3) *CVE-2003-0859 version (glibc, checked fc5 source) *CVE-2003-0858 version (quagga, fixed 0.95) *CVE-2003-0856 version (iproute) @@ -2216,7 +2216,7 @@ *CVE-2003-0793 version (gdm, fixed 2.4.1.7) *CVE-2003-0792 version (fetchmail, 6.2.4 only) *CVE-2003-0789 version (httpd, not 2.2) -*CVE-2003-0788 version (cups, fixed 1.1.19) +CVE-2003-0788 version (cups, fixed 1.1.19) CVE-2003-0787 version (openssh, fixed 3.7.1p2) CVE-2003-0786 version (openssh, fixed 3.7.1p2) *CVE-2003-0780 version (mysql, not 4.1) @@ -2275,7 +2275,7 @@ *CVE-2003-0461 version (kernel, fixed 2.6.1) *CVE-2003-0459 version (kdelibs, not 3.2) *CVE-2003-0455 version (ImageMagick) -*CVE-2003-0442 version (php, fixed 4.3.2) +CVE-2003-0442 version (php, fixed 4.3.2) *CVE-2003-0432 version (wireshark, fixed after 0.9.12) *CVE-2003-0431 version (wireshark, fixed after 0.9.12) *CVE-2003-0430 version (wireshark, fixed after 0.9.12) @@ -2301,7 +2301,7 @@ *CVE-2003-0253 version (httpd, not 2.2) *CVE-2003-0252 version (nfs-utils, fixed 1.0.4) *CVE-2003-0251 version (ypserv, fixed 2.7) -*CVE-2003-0249 ignore (php) see CVE +CVE-2003-0249 ignore (php) see CVE *CVE-2003-0248 version (kernel, not 2.6) *CVE-2003-0247 version (kernel, not 2.6) *CVE-2003-0246 version (kernel, not 2.6) @@ -2312,7 +2312,7 @@ *CVE-2003-0204 version (kde, fixed after 3.1.1) *CVE-2003-0201 version (samba, fixed 2.2.8a) *CVE-2003-0196 version (samba, fixed 2.2.8a) -*CVE-2003-0195 version (cups, fixed 1.1.19) +CVE-2003-0195 version (cups, fixed 1.1.19) *CVE-2003-0194 version (tcpdump, not upstream) *CVE-2003-0192 version (httpd, not 2.2) CVE-2003-0190 version (openssh, fixed after 3.6.1p1) @@ -2320,7 +2320,7 @@ *CVE-2003-0188 version (lv, fixed 4.51 at least) *CVE-2003-0187 version (kernel, not 2.6) *CVE-2003-0167 version (mutt, fixed 1.4.1) -*CVE-2003-0166 version (php, fixed 4.3.2) +CVE-2003-0166 version (php, fixed 4.3.2) *CVE-2003-0165 version (eog, fixed 2.2.2) *CVE-2003-0161 version (sendmail, fixed 8.12.9) *CVE-2003-0160 version (squirrelmail, fixed 1.2.11) @@ -2331,8 +2331,8 @@ *CVE-2003-0146 version (netpbm, fixed 10.18) *CVE-2003-0145 version (tcpdump, fixed 3.7.2) *CVE-2003-0140 version (mutt, fixed 1.4.1) -*CVE-2003-0139 version (krb5, fixed 1.3) -*CVE-2003-0138 version (krb5, fixed 1.3) +CVE-2003-0139 version (krb5, fixed 1.3) +CVE-2003-0138 version (krb5, fixed 1.3) *CVE-2003-0135 version (vsftpd, not upstream) *CVE-2003-0133 version (evolution, fixed 1.2.4) *CVE-2003-0132 version (httpd, not 2.2) @@ -2346,28 +2346,28 @@ *CVE-2003-0108 version (tcpdump, fixed after 3.7.1) *CVE-2003-0107 version (zlib, fixed 1.2.0.2 at least) *CVE-2003-0102 version (file, fixed 3.41) -*CVE-2003-0097 version (php, fixed 4.3.1) +CVE-2003-0097 version (php, fixed 4.3.1) *CVE-2003-0093 version (tcpdump, fixed 3.7.2) *CVE-2003-0086 version (samba, fixed 2.2.8) *CVE-2003-0085 version (samba, fixed 2.2.8) *CVE-2003-0083 version (httpd, not 2.2) -*CVE-2003-0082 version (krb5, fixed after 1.2.7) +CVE-2003-0082 version (krb5, fixed after 1.2.7) *CVE-2003-0081 version (wireshark, fixed after 0.9.9) *CVE-2003-0078 version (openssl, not 0.9.8) *CVE-2003-0078 version (openssl097a, fixed 0.9.7a) *CVE-2003-0073 version (mysql, fixed 3.23.55) -*CVE-2003-0072 version (krb5, fixed after 1.2.7) +CVE-2003-0072 version (krb5, fixed after 1.2.7) *CVE-2003-0071 version (xorg-x11, fixed in 6.8.2 at least) *CVE-2003-0070 version (vte, fixed 0.11.1 at least) *CVE-2003-0063 version (xorg-x11, fixed in 4.2.99 at least) -*CVE-2003-0060 version (krb5, fixed 1.2.5) -*CVE-2003-0059 version (krb5, fixed 1.2.5) -*CVE-2003-0058 version (krb5, fixed 1.2.5) +CVE-2003-0060 version (krb5, fixed 1.2.5) +CVE-2003-0059 version (krb5, fixed 1.2.5) +CVE-2003-0058 version (krb5, fixed 1.2.5) *CVE-2003-0044 version (tomcat, fixed after 3.3.1a) *CVE-2003-0043 version (tomcat, fixed 3.3.1a) -*CVE-2003-0041 version (krb5, fixed after 1.2.7) +CVE-2003-0041 version (krb5, fixed after 1.2.7) *CVE-2003-0038 version (mailman, fixed 2.0.13 at least) -*CVE-2003-0028 version (krb5, fixed after 1.2.7) +CVE-2003-0028 version (krb5, fixed after 1.2.7) *CVE-2003-0028 version (glibc, fixed after 2.3.1) *CVE-2003-0026 version (dhcp, fixed 3.0.1) *CVE-2003-0020 version (httpd, not 2.2) @@ -2377,9 +2377,9 @@ *CVE-2003-0016 version (httpd, not 2.2) *CVE-2003-0015 version (cvs, fixed 1.11.5) *CVE-2003-0001 version (kernel, not 2.6) -*CVE-2002-2215 version (php, fixed 4.3.0) -*CVE-2002-2214 version (php, fixed 4.2.2) -*CVE-2002-2211 ignore (bind) see http://www.kb.cert.org/vuls/id/457875 +CVE-2002-2215 version (php, fixed 4.3.0) +CVE-2002-2214 version (php, fixed 4.2.2) +CVE-2002-2211 ignore (bind) see http://www.kb.cert.org/vuls/id/457875 *CVE-2002-2210 ignore (openoffice) binary install only (not rpm install) *CVE-2002-2204 ignore (rpm) by design *CVE-2002-2196 version (samba, fixed 2.2.5) @@ -2399,7 +2399,7 @@ *CVE-2002-1827 version (sendmail, fixed after 8.12.3) *CVE-2002-1814 ignore (libbonobo) not shipped setuid *CVE-2002-1793 version (mod_ssl) not upstream, only hp -*CVE-2002-1783 version (php, fixed after 4.2.3) +CVE-2002-1783 version (php, fixed after 4.2.3) *CVE-2002-1765 version (evolution, fixed 1.0.5) *CVE-2002-1658 ignore (httpd) not a vulnerability *CVE-2002-1657 ignore (postgresql) upstream disagree @@ -2433,13 +2433,13 @@ *CVE-2002-1399 version (postgresql, fixed 7.2.3) *CVE-2002-1398 version (postgresql, fixed 7.2.2) *CVE-2002-1397 version (postgresql, fixed 7.2.3) -*CVE-2002-1396 version (php, fixed 4.3.0) +CVE-2002-1396 version (php, fixed 4.3.0) *CVE-2002-1394 version (tomcat, fixed 4.0.6) *CVE-2002-1393 version (kde, fixed 3.0.5a) *CVE-2002-1392 version (mgetty, fixed 1.1.29) *CVE-2002-1391 version (mgetty, fixed 1.1.29) -*CVE-2002-1384 version (cups, fixed 1.1.18) -*CVE-2002-1383 version (cups, fixed 1.1.18) +CVE-2002-1384 version (cups, fixed 1.1.18) +CVE-2002-1383 version (cups, fixed 1.1.18) *CVE-2002-1380 version (kernel, not 2.6) *CVE-2002-1379 version (openldap, not 2.3.24+) *CVE-2002-1378 version (openldap, not 2.3.24+) @@ -2448,12 +2448,12 @@ *CVE-2002-1375 version (mysql, fixed 4.0.6) *CVE-2002-1374 version (mysql, fixed 4.0.6) *CVE-2002-1373 version (mysql, fixed 3.23.54) -*CVE-2002-1372 version (cups, fixed 1.1.18) -*CVE-2002-1371 version (cups, fixed 1.1.18) -*CVE-2002-1369 version (cups, fixed 1.1.18) -*CVE-2002-1368 version (cups, fixed 1.1.18) -*CVE-2002-1367 version (cups, fixed 1.1.18) -*CVE-2002-1366 version (cups, fixed 1.1.18) +CVE-2002-1372 version (cups, fixed 1.1.18) +CVE-2002-1371 version (cups, fixed 1.1.18) +CVE-2002-1369 version (cups, fixed 1.1.18) +CVE-2002-1368 version (cups, fixed 1.1.18) +CVE-2002-1367 version (cups, fixed 1.1.18) +CVE-2002-1366 version (cups, fixed 1.1.18) *CVE-2002-1365 version (fetchmail, fixed 6.2.0) *CVE-2002-1363 version (libpng, fixed 1.2.6) *CVE-2002-1356 version (wireshark, fixed after 0.9.7) @@ -2474,15 +2474,15 @@ *CVE-2002-1281 version (kde, fixed 3.0.5) *CVE-2002-1276 version (squirrelmail, fixed 1.4.2) *CVE-2002-1247 version (kdenetwork, fixed 3.0.5) -*CVE-2002-1235 version (krb5, fixed after 1.2.6) +CVE-2002-1235 version (krb5, fixed after 1.2.6) *CVE-2002-1233 ignore (httpd) Debian regression *CVE-2002-1232 version (ypserv, fixed 2.5) *CVE-2002-1227 version (pam, only 0.76) *CVE-2002-1224 version (kde, fixed 3.0.4) *CVE-2002-1223 version (kdegraphics, fixed 3.0.4) -*CVE-2002-1221 version (bind, not 9) -*CVE-2002-1220 version (bind, not 9) -*CVE-2002-1219 version (bind, not 9) +CVE-2002-1221 version (bind, not 9) +CVE-2002-1220 version (bind, not 9) +CVE-2002-1219 version (bind, not 9) *CVE-2002-1217 version (tar, fixed 1.13.25) *CVE-2002-1175 version (fetchmail, fixed 6.2.0) *CVE-2002-1174 version (fetchmail, fixed 6.2.0) @@ -2495,12 +2495,12 @@ *CVE-2002-1151 version (kdenetwork, fixed 3.0.3a) *CVE-2002-1148 version (tomcat, fixed 4.0.5) *CVE-2002-1146 version (glibc, fixed 2.2.6) -*CVE-2002-1146 version (bind, not 8.3+) +CVE-2002-1146 version (bind, not 8.3+) *CVE-2002-1131 version (squirrelmail, fixed 1.2.8) *CVE-2002-1119 version (python, fixed 2.2.2) CVE-2002-0989 version (gaim, fixed gaim:0.59.1) -*CVE-2002-0986 version (php, fixed 4.2.3) -*CVE-2002-0985 version (php, fixed 4.2.3) +CVE-2002-0986 version (php, fixed 4.2.3) +CVE-2002-0985 version (php, fixed 4.2.3) *CVE-2002-0972 version (postgresql, fixed 7.2.2) *CVE-2002-0970 version (kdenetwork, fixed 3.0.3) *CVE-2002-0935 version (tomcat, fixed 4.1.3) @@ -2524,7 +2524,7 @@ *CVE-2002-0760 version (bzip2, fixed 1.0.2) *CVE-2002-0759 version (bzip2, fixed 1.0.2) *CVE-2002-0728 version (libpng, fixed 1.2.4) -*CVE-2002-0717 version (php, fixed 4.2.2) +CVE-2002-0717 version (php, fixed 4.2.2) CVE-2002-0715 version (squid, fixed 2.4.STABLE6) CVE-2002-0714 version (squid, fixed 2.4.STABLE6) CVE-2002-0713 version (squid, fixed 2.4.STABLE6) @@ -2543,7 +2543,7 @@ *CVE-2002-0655 version (openssl, not 0.9.8) *CVE-2002-0655 version (openssl097a, not 0.9.7) *CVE-2002-0653 version (mod_ssl, not httpd 2.2) -*CVE-2002-0651 version (bind, not 9) +CVE-2002-0651 version (bind, not 9) CVE-2002-0640 version (openssh, fixed after 3.3) CVE-2002-0639 version (openssh, fixed after 3.3) *CVE-2002-0638 version (util-linux, fixed 2.13 at least) @@ -2562,15 +2562,15 @@ *CVE-2002-0403 version (wireshark, fixed ethereal 0.9.3) *CVE-2002-0402 version (wireshark, fixed ethereal 0.9.3) *CVE-2002-0401 version (wireshark, fixed ethereal 0.9.3) -*CVE-2002-0400 version (bind, fixed 9.2.1) +CVE-2002-0400 version (bind, fixed 9.2.1) *CVE-2002-0399 version (tar, fixed 1.13.26) *CVE-2002-0392 version (httpd, not 2.2) -*CVE-2002-0391 version (krb5, fixed after 1.2.5) +CVE-2002-0391 version (krb5, fixed after 1.2.5) *CVE-2002-0391 version (glibc, fixed after 2.2.5) *CVE-2002-0389 ignore (mailman) upstream say not a vulnerability *CVE-2002-0388 version (mailman, fixed 2.0.11) CVE-2002-0384 version (gaim, fixed gaim:0.58) -*CVE-2002-0382 version (xchat, fixed 1.9.1) +CVE-2002-0382 version (xchat, fixed 1.9.1) *CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) *CVE-2002-0379 version (imap, vuln code removed imap-2002) CVE-2002-0377 version (gaim, fixed gaim:0.58) @@ -2579,12 +2579,12 @@ *CVE-2002-0353 version (wireshark, fixed ethereal 0.9.3) *CVE-2002-0342 version (kde, not 2.2+) *CVE-2002-0318 version (freeradius, fixed 0.7) -*CVE-2002-0253 ignore (php) not a vulnerability -*CVE-2002-0240 ignore (php) windows only +CVE-2002-0253 ignore (php) not a vulnerability +CVE-2002-0240 ignore (php) windows only *CVE-2002-0232 version (mrtg, not 2.11.1 at least) -*CVE-2002-0229 version (php) +CVE-2002-0229 ignore (php) safe mode isn't safe *CVE-2002-0185 version (mod_python, fixed 2.7.7) -*CVE-2002-0184 version (sudo, fixed 1.6.6) +CVE-2002-0184 version (sudo, fixed 1.6.6) *CVE-2002-0180 version (webalizer, fixed 2.01-10) *CVE-2002-0169 ignore (docbook) was RHL only *CVE-2002-0165 version (logwatch, fixed 2.6) @@ -2595,16 +2595,16 @@ *CVE-2002-0146 version (fetchmail, fixed 5.9.10) *CVE-2002-0130 ignore (efax) not setuid root *CVE-2002-0129 ignore (efax) not setuid root -*CVE-2002-0121 version (php, fixed after 4.1.1) +CVE-2002-0121 version (php, fixed after 4.1.1) *CVE-2002-0092 version (cve, fixed 1.10.8) CVE-2002-0083 version (openssh, fixed 3.1) *CVE-2002-0082 version (mod_ssl, not httpd 2.2) -*CVE-2002-0081 version (php, not 4.2+) +CVE-2002-0081 version (php, not 4.2+) CVE-2002-0080 version (rsync, fixed 2.5.3) CVE-2002-0069 version (squid, fixed 2.4STABLE4) CVE-2002-0068 version (squid, fixed 2.4STABLE4) CVE-2002-0067 version (squid, fixed 2.4STABLE4) -*CVE-2002-0063 version (cups, fixed 1.1.14) +CVE-2002-0063 version (cups, fixed 1.1.14) *CVE-2002-0062 version (ncurses, only 5.0) *CVE-2002-0060 version (kernel, fixed 2.5.5) *CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc) @@ -2614,14 +2614,14 @@ *CVE-2002-0046 version (kernel, fixed 2.4.0) *CVE-2002-0045 version (openldap, fixed 2.0.20) *CVE-2002-0044 version (enscript, fixed 1.6.4 at least) -*CVE-2002-0043 version (sudo, fixed 1.6.4) -*CVE-2002-0036 version (krb5, fixed 1.2.5) -*CVE-2002-0029 version (bind, not 9) +CVE-2002-0043 version (sudo, fixed 1.6.4) +CVE-2002-0036 version (krb5, fixed 1.2.5) +CVE-2002-0029 version (bind, not 9) CVE-2002-0013 version (net-snmp, fixed 4.2.3) CVE-2002-0012 version (net-snmp, fixed 4.2.3) -*CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong +CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-11-lexer-parser.diff -*CVE-2002-0003 version (groff, fixed 1.17.2) +CVE-2002-0003 version (groff, fixed 1.17.2) *CVE-2002-0002 version (stunnel, fixed 3.22) *CVE-2002-0001 version (mutt, fixed 1.3.25) *CVE-2001-1494 version (util-linux, fixed 2.11n) @@ -2641,4 +2641,4 @@ CVE-1999-0997 ignore, no-ship (wu-ftpd) CVE-1999-0710 version (squid, fixed 2.5.STABLE10) CVE-1999-0473 version (rsync, fixed 2.3.1) -*CVE-1999-0103 (bind) +CVE-1999-0103 ignore (bind) this is the nature of UDP -- fedora-extras-commits mailing list fedora-extras-commits@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-commits -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
