Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5215 Modified Files: fc6 fc7 Log Message: New kernel issue, some stuff fixed. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.236 retrieving revision 1.237 diff -u -r1.236 -r1.237 --- fc6 10 Aug 2007 14:48:41 -0000 1.236 +++ fc6 13 Aug 2007 12:22:22 -0000 1.237 @@ -19,12 +19,14 @@ CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3845 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=389580 CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" +CVE-2007-3843 VULNERABLE (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654] CVE-2007-3782 ** (mysql) CVE-2007-3781 ** (mysql) +CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655] CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809 @@ -69,7 +71,7 @@ CVE-2007-1863 backport (httpd) #244660 [since FEDORA-2007-615] CVE-2007-1862 backport (httpd) #244660 [since FEDORA-2007-615] CVE-2007-1861 version (kernel) [since FEDORA-2007-482] -CVE-2007-1856 backport (vixie-cron) #235882 [since ???] +CVE-2007-1856 backport (vixie-cron) #235882 [since FEDORA-2007-662] CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 [sconklin] Developer busy -- next week. CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413] CVE-2007-1667 backport (libX11) [since FEDORA-2007-426] @@ -117,7 +119,7 @@ CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] -CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since ???] +CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since FEDORA-2007-657] CVE-2007-0104 ignore (poppler) only client DoS CVE-2007-0104 ignore (kdegraphics) only client DoS CVE-2007-0086 ignore (apache) not a security issue @@ -149,7 +151,7 @@ CVE-2006-6144 ** krb5 CVE-2006-6143 ** krb5 CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] -CVE-2006-6128 VULNERABLE (kernel) #250625 +CVE-2006-6128 patch (kernel) #250625 [since FEDORA-2007-226] This was bug in our patch, not upstream CVE-2006-6107 backport (dbus, fixed 1.0.2) #219665 [since FEDORA-2006-1475] CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] @@ -217,7 +219,7 @@ CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167 CVE-2006-5214 version (xorg-x11-xdm) CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession -CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167 +CVE-2006-5214 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-659] CVE-2006-5178 ignore (php) safe mode escape CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.66 retrieving revision 1.67 diff -u -r1.66 -r1.67 --- fc7 10 Aug 2007 14:48:41 -0000 1.66 +++ fc7 13 Aug 2007 12:22:22 -0000 1.67 @@ -30,6 +30,7 @@ CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3845 VULNERABLE (firefox, fixed 2.0.0.6) https://bugzilla.mozilla.org/show_bug.cgi?id=389580 CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" +CVE-2007-3843 VULNERABLE (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) -- fedora-extras-commits mailing list fedora-extras-commits@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-commits -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
