fedora-security/audit fc6,1.235,1.236 fc7,1.65,1.66

"Tomas Hoger" (thoger) <fedora-extras-commits@xxxxxxxxxx> · Fri, 10 Aug 2007 10:48:43 -0400

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32280/audit

Modified Files:
	fc6 fc7 
Log Message:
Add fsplib issues affecting gftp 2.0.18 - see NVD for explanation of ignore



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.235
retrieving revision 1.236
diff -u -r1.235 -r1.236

--- fc6	9 Aug 2007 16:00:14 -0000	1.235
+++ fc6	10 Aug 2007 14:48:41 -0000	1.236
@@ -15,6 +15,8 @@
 CVE-2007-4211 VULNERABLE (dovecot, fixed 1.0.3) #251009
 CVE-2007-4029 VULNERABLE (libvorbis) #250600
 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
+CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
+CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
 CVE-2007-3845 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
 CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
 CVE-2007-3841 ignore (pidgin) ethically disclosed
@@ -126,6 +128,7 @@
 CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226]
 CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
 CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
+CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib
 CVE-2006-6939 version (ed, fixed 0.3) #223075 [since FEDORA-2007-100]
 CVE-2006-6899 version (bluez-utils, fixed 2.23)
 CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019]


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- fc7	10 Aug 2007 11:38:12 -0000	1.65
+++ fc7	10 Aug 2007 14:48:41 -0000	1.66
@@ -21,6 +21,8 @@
 CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
 CVE-2007-4139 VULNERABLE (wordpress) #250751
 CVE-2007-4029 VULNERABLE (libvorbis) #245991
+CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
+CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
 CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
@@ -401,6 +403,7 @@
 CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
 CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
 CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected
+CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib
 CVE-2006-7205 ignore (php) See NVD
 CVE-2006-7204 ignore (php) See NVD
 *CVE-2006-7197 (tomcat)

-- 
fedora-extras-commits mailing list
fedora-extras-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-commits

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list




