Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3670/audit Modified Files: fc6 fc7 fe6 Log Message: - CVE update - Fedora update - add CVE-2007-2958 Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.245 retrieving revision 1.246 diff -u -r1.245 -r1.246 --- fc6 23 Aug 2007 10:30:39 -0000 1.245 +++ fc6 24 Aug 2007 10:27:36 -0000 1.246 @@ -4,8 +4,8 @@ # *CVE are items that need verification for Fedora Core 6 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070822 -# Up to date FC6 as of 20070820 +# Up to date CVE as of CVE email 20070823 +# Up to date FC6 as of 20070823 CVE-2007-4357 ignore (firefox) status bar can be overwrittten CVE-2007-4255 ignore (php) msql extension not shipped @@ -20,6 +20,7 @@ CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3852 VULNERABLE (sysstat) #252296 +CVE-2007-3847 VULNERABLE (httpd) #250756 CVE-2007-3845 ignore (firefox) windows specific CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" CVE-2007-3843 VULNERABLE (kernel) #246595 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.78 retrieving revision 1.79 diff -u -r1.78 -r1.79 --- fc7 23 Aug 2007 10:30:39 -0000 1.78 +++ fc7 24 Aug 2007 10:27:37 -0000 1.79 @@ -5,11 +5,12 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Up to date CVE as of CVE email 20070822 -# Up to date FC7 as of 20070820 +# Up to date CVE as of CVE email 20070823 +# Up to date FC7 as of 20070823 -CVE-2007-4462 VULNERABLE (po4a) #253541 -CVE-2007-4460 VULNERABLE (id3lib) #253553 +CVE-2007-4510 VULNERABLE (clamav, 0.91.2) #253780 +CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] +CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774] CVE-2007-4400 VULNERABLE (konversation) #253545 CVE-2007-4357 ignore (firefox) status bar can be overwrittten CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] @@ -27,7 +28,7 @@ CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" CVE-2007-4139 VULNERABLE (wordpress) #250751 CVE-2007-4131 VULNERABLE (tar) #253684 -CVE-2007-4029 VULNERABLE (libvorbis) #245991 +CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697] @@ -36,6 +37,8 @@ CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] +CVE-2007-3848 version (kernel) [since FEDORA-2007-1785] +CVE-2007-3847 VULNERABLE (httpd) #250755 CVE-2007-3845 ignore (firefox) windows specific CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update" CVE-2007-3843 VULNERABLE (kernel) #246595 @@ -99,7 +102,7 @@ CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366] CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444] -CVE-2007-3106 VULNERABLE (libvorbis) #245991 +CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674] @@ -119,12 +122,13 @@ CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) +CVE-2007-2958 VULNERABLE (claws-mail) #254121 +CVE-2007-2958 VULNERABLE (sylpheed) #254123 CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581] CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725] CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247] CVE-2007-2925 version (bind, fixed 9.4.1) [since FEDORA-2007-1247] -*CVE-2007-2894 VULNERABLE (bochs) #241799 -CVE-2007-2894 ignore (bochs, unreproducible) #241799 +CVE-2007-2894 backport (bochs) #241799 [since FEDORA-2007-1778] CVE-2007-2893 patch (bochs, fixed 2.3-5) #241799 [since FEDORA-2007-1153] CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] CVE-2007-2874 remove-patch (wpa_supplicant) #242455 [since FEDORA-2007-0185] @@ -332,7 +336,7 @@ CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 CVE-2007-0884 ignore (mimedefang 2.59/2.60 not shipped) #228757 CVE-2007-0857 version (moin, fixed 1.5.7) #228139 -CVE-2007-0844 VULNERABLE (pam_ssh, fixed 1.92) #253959 +CVE-2007-0844 version (pam_ssh, fixed 1.92) #253959 [since FEDORA-2007-1793] CVE-2007-0823 ignore (xterm) feature, not a bug CVE-2007-0822 ignore (util-linux) NULL dereference CVE-2007-0780 version (seamonkey, fixed 1.0.8) Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.132 retrieving revision 1.133 diff -u -r1.132 -r1.133 --- fe6 9 Aug 2007 15:53:20 -0000 1.132 +++ fe6 24 Aug 2007 10:27:37 -0000 1.133 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-2007-4510 VULNERABLE (clamav, 0.91.2) #253780 CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 -- fedora-extras-commits mailing list fedora-extras-commits@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-commits -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
