Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19784 Modified Files: fc6 Log Message: Updated the updated updates :) Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.228 retrieving revision 1.229 diff -u -r1.228 -r1.229 --- fc6 2 Aug 2007 12:58:54 -0000 1.228 +++ fc6 2 Aug 2007 15:19:32 -0000 1.229 @@ -12,6 +12,7 @@ CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) +CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654] CVE-2007-3782 ** (mysql) CVE-2007-3781 ** (mysql) CVE-2007-3508 ignore (glibc) not an issue @@ -22,8 +23,10 @@ CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] +CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653] CVE-2007-3378 ignore (php) safe mode escape CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 [since FEDORA-2007-609] +CVE-2007-3741 version (gimp, fixed 2.2.16) #247567 [since FEDORA-2007-627] CVE-2007-3304 backport (httpd) #244660 [since FEDORA-2007-615] CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594] CVE-2007-3126 ignore (gimp) just a crash @@ -76,12 +79,12 @@ CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505] CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] -CVE-2007-1004 VULNERABLE (firefox, ...) +CVE-2007-1004 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390627 CVE-2007-1003 backport (xorg-x11-server, fixed > X11R7.2) #235263 [since FEDORA-2007-425] CVE-2007-1002 backport (evolution) #233587 [since FEDORA-2007-393] CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] -CVE-2007-0981 VULNERABLE (firefox, ...) +CVE-2007-0981 version (mozilla) CVE-2007-0823 ignore (xterm) feature, not a bug CVE-2007-0822 ignore (util-linux) NULL dereference CVE-2007-0772 version (kernel) [since FEDORA-2007-291] @@ -130,7 +133,7 @@ CVE-2006-6144 ** krb5 CVE-2006-6143 ** krb5 CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] -CVE-2006-6128 VULNERABLE (kernel, fixed **) +CVE-2006-6128 VULNERABLE (kernel) #250625 CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2) #219665 CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] @@ -138,8 +141,8 @@ CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] CVE-2006-6077 version (firefox, fixed 1.5.0.10) [since FEDORA-2007-293] CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support -CVE-2006-6058 VULNERABLE (kernel, fixed **) -CVE-2006-6057 VULNERABLE (kernel, fixed **) +CVE-2006-6058 VULNERABLE (kernel) #250623 +CVE-2006-6057 version (kernel, fixed kernel-2_6_20-1_2924_fc6) [since FEDORA-2007-432] CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 @@ -167,7 +170,7 @@ CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe -CVE-2006-5701 VULNERABLE (kernel) squashfs is not included upstream +CVE-2006-5701 version (kernel, fixed kernel-2_6_20-1_2927_fc6) #219534 [since FEDORA-2007-600] CVE-2006-5633 ignore (firefox) just a client DoS CVE-2006-5619 version (kernel, fixed 2.6.18.2, fixed 2.6.19-rc4) [since FEDORA-2006-1223] CVE-2006-5595 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] @@ -199,7 +202,7 @@ CVE-2006-5214 version (xorg-x11-xdm) CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167 -CVE-2006-5178 VULNERABLE (php) can't be fixed +CVE-2006-5178 ignore (php) safe mode escape CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield CVE-2006-5170 version (nss_ldap, fixed 183) @@ -240,10 +243,10 @@ CVE-2006-4566 version (firefox, fixed 1.5.0.7) CVE-2006-4565 version (thunderbird, fixed 1.5.0.7) CVE-2006-4565 version (firefox, fixed 1.5.0.7) -CVE-2006-4561 VULNERABLE (firefox) +CVE-2006-4561 ignore (firefox) An attacker needs to control DNS CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6) CVE-2006-4535 version (kernel, fixed 2.6.18-rc6) -CVE-2006-4519 VULNERABLE (gimp) #247567 +CVE-2006-4519 version (gimp, fixed 2.2.16) #247567 [since FEDORA-2007-627] CVE-2006-4514 backport (libgsf) [since FEDORA-2006-1417] CVE-2006-4507 ignore (libtiff) can't reproduce CVE-2006-4486 version (php, fixed 5.1.6) @@ -660,7 +663,7 @@ CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) CVE-2006-0019 version (kdelibs, fixed 3.5.1) CVE-2005-4811 version (kernel, fixed 2.6.13) -CVE-2005-4809 VULNERABLE (firefox) +CVE-2005-4809 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390630 CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug CVE-2005-4798 version (kernel, not 2.6) -- fedora-extras-commits mailing list fedora-extras-commits@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-commits -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
