fedora-security/audit fc6,1.242,1.243 fc7,1.75,1.76

["Tomas Hoger" (thoger) <fedora-extras-commits@xxxxxxxxxx>]

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv681

Modified Files:
	fc6 fc7 
Log Message:
Add CVE-2007-4131 - tar directory traversal.
Update status of resolved issues.



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.242
retrieving revision 1.243
diff -u -r1.242 -r1.243
--- fc6	20 Aug 2007 16:01:57 -0000	1.242
+++ fc6	21 Aug 2007 08:39:05 -0000	1.243
@@ -15,6 +15,7 @@
 CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
 CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
 CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664]
+CVE-2007-4131 VULNERABLE (tar) #253684
 CVE-2007-4029 VULNERABLE (libvorbis) #250600
 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- fc7	20 Aug 2007 16:01:57 -0000	1.75
+++ fc7	21 Aug 2007 08:39:05 -0000	1.76
@@ -14,12 +14,12 @@
 CVE-2007-4400 VULNERABLE (konversation) #253545
 CVE-2007-4357 ignore (firefox) status bar can be overwrittten
 CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
-CVE-2007-4321 VULNERABLE (fail2ban) #252290
+CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643
 CVE-2007-4255 ignore (php) msql extension not shipped
 CVE-2007-4251 ignore (openoffice.org) just a crash
 CVE-2007-4229 ignore (kdebase) just an ASSERT fail
-CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
-CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
+CVE-2007-4225 backport (kdebase) [since FEDORA-2007-1700]
+CVE-2007-4224 backport (kdebase) [since FEDORA-2007-1700]
 CVE-2007-4211 version (dovecot, 1.0.3) #251008 [since FEDORA-2007-1485]
 CVE-2007-4174 version (tor, fixed 0.1.2.16) [since FEDORA-2007-1674]
 GENERIC-MAP-NOMATCH version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
@@ -27,10 +27,11 @@
 CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
 CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
 CVE-2007-4139 VULNERABLE (wordpress) #250751
+CVE-2007-4131 VULNERABLE (tar) #253684
 CVE-2007-4029 VULNERABLE (libvorbis) #245991
 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
 CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
-CVE-2007-3852 VULNERABLE (sysstat) #252295
+CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
 CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
@@ -40,7 +41,7 @@
 CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
 CVE-2007-3843 VULNERABLE (kernel) #246595
 CVE-2007-3841 ignore (pidgin) ethically disclosed
-CVE-2007-3820 ** (kdebase) #248537
+CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700]
 CVE-2007-3799 ** (php)
 CVE-2007-3781 ** (mysql)
 CVE-2007-3782 ** (mysql)

-- 
fedora-extras-commits mailing list
fedora-extras-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-extras-commits

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list