Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14717 Modified Files: fc6 fc7 Log Message: Up to date as of today's CVENEW mails and Fedora updates. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.232 retrieving revision 1.233 diff -u -r1.232 -r1.233 --- fc6 8 Aug 2007 14:59:57 -0000 1.232 +++ fc6 8 Aug 2007 17:11:26 -0000 1.233 @@ -4,12 +4,14 @@ # *CVE are items that need verification for Fedora Core 6 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070801 -# Up to date FC6 as of 20070803 +# Up to date CVE as of CVE email 20070808 +# Up to date FC6 as of 20070808 -GENERIC-MAP-NOMATCH VULNERABLE (dovecot, fixed 1.0.3) #251009 +CVE-2007-4211 VULNERABLE (dovecot, fixed 1.0.3) #251009 CVE-2007-4029 VULNERABLE (libvorbis) #250600 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] +CVE-2007-3845 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=389580 +CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) @@ -24,6 +26,7 @@ CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] +CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653] CVE-2007-3378 ignore (php) safe mode escape CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 [since FEDORA-2007-609] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.60 retrieving revision 1.61 diff -u -r1.60 -r1.61 --- fc7 6 Aug 2007 15:08:43 -0000 1.60 +++ fc7 8 Aug 2007 17:11:26 -0000 1.61 @@ -5,10 +5,11 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Up to date CVE as of CVE email 20070801 -# Up to date FC7 as of 20070802 +# Up to date CVE as of CVE email 20070808 +# Up to date FC7 as of 20070808 -GENERIC-MAP-NOMATCH VULNERABLE (dovecot, 1.0.3) #251008 +CVE-2007-4211 version (dovecot, 1.0.3) #251008 [since FEDORA-2007-1485] +CVE-2007-4174 VULNERABLE (tor, fixed 0.1.2.16) GENERIC-MAP-NOMATCH VULNERABLE (tor, fixed 0.1.2.15) #249840 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414] CVE-2007-4153 ignore (wordpress) "remote authenticated administrators" @@ -20,7 +21,9 @@ CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -CVE-2007-3841 WTF (pidgin) +CVE-2007-3845 VULNERABLE (firefox, fixed 2.0.0.6) https://bugzilla.mozilla.org/show_bug.cgi?id=389580 +CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" +CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) CVE-2007-3781 ** (mysql) @@ -36,7 +39,7 @@ CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130] CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) -CVE-2007-3555 VULNERABLE (moodle) #247528 +CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445] CVE-2007-3546 ignore (nessus-core) Windows only CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904] CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 @@ -58,6 +61,7 @@ CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] +CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362] CVE-2007-3378 ignore (php) safe mode escape CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since EDORA-2007-0668] @@ -70,9 +74,10 @@ CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366] CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) +CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444] CVE-2007-3106 VULNERABLE (libvorbis) #245991 -CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] +CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] @@ -199,6 +204,7 @@ CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] CVE-2007-1562 version (mozilla) #241840 CVE-2007-1560 version (squid, fixed 2.6.STABLE12) +CVE-2007-1558 version (balsa) [since FEDORA-2007-1447] CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) *CVE-2007-1558 VULNERABLE (evolution) @@ -266,7 +272,7 @@ *CVE-2007-1103 VULNERABLE (tor) #230927 CVE-2007-1092 version (seamonkey, fixed 1.0.8) CVE-2007-1055 version (mediawiki, fixed 1.8.3) -CVE-2007-1054 VULNERABLE (mediawiki, fixed 1.9.3) +CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991 *CVE-2007-1036 (jboss) *CVE-2007-1030 (libevent) @@ -480,7 +486,7 @@ *CVE-2006-6015 (pcre) CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6 CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 -*CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508 +CVE-2006-5973 version (dovecot, fixed 1.0.rc15) #216508 [since ???] *CVE-2006-5969 (fvwm) CVE-2006-5941 ignore (net-snmp) dupe CVE-2005-2177 *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support -- fedora-extras-commits mailing list fedora-extras-commits@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-commits -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
