Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4695/audit Modified Files: fc6 fc7 Log Message: Note Fedora updates. Clean-up some old stuff. Move few misplaced lines. Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.253 retrieving revision 1.254 diff -u -r1.253 -r1.254 --- fc6 7 Sep 2007 08:42:54 -0000 1.253 +++ fc6 11 Sep 2007 17:24:18 -0000 1.254 @@ -4,10 +4,10 @@ # *CVE are items that need verification for Fedora Core 6 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070907 -# Up to date FC6 as of 20070905 +# Up to date CVE as of CVE email 20070910 +# Up to date FC6 as of 20070910 -CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix +CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf @@ -42,8 +42,9 @@ CVE-2007-3820 ** (kdebase) #248537 CVE-2007-3799 ** (php) CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654] -CVE-2007-3782 ** (mysql) -CVE-2007-3781 ** (mysql) +CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44) CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655] CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.95 retrieving revision 1.96 diff -u -r1.95 -r1.96 --- fc7 10 Sep 2007 12:20:21 -0000 1.95 +++ fc7 11 Sep 2007 17:24:18 -0000 1.96 @@ -5,11 +5,11 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -# Up to date CVE as of CVE email 20070907 -# Up to date FC7 as of 20070905 +# Up to date CVE as of CVE email 20070910 +# Up to date FC7 as of 20070910 CVE-2007-4727 VULNERABLE (lighttpd) #284511 -CVE-2007-4743 VULNERABLE (krb5) incomplete CVE-2007-3999 fix +CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf @@ -20,19 +20,19 @@ CVE-2007-4657 VULNERABLE (php, fixed 5.2.4) CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020] CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] -CVE-2007-4631 VULNERABLE (qgit) #268381 +CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108] CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] -CVE-2007-4560 VULNERABLE (clamav) #260583 +CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal CVE-2007-4558 version (star, fixed 1.5a84) [since FEDORA-2007-1852] CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018] CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -CVE-2007-4534 backport (vavoom) #256621 [since CVE-2007-4533] -CVE-2007-4533 backport (vavoom) #256621 [since CVE-2007-4533] -CVE-2007-4532 backport (vavoom) #256621 [since CVE-2007-4533] -CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 +CVE-2007-4534 backport (vavoom) #256621 [since FEDORA-2007-1977] +CVE-2007-4533 backport (vavoom) #256621 [since FEDORA-2007-1977] +CVE-2007-4532 backport (vavoom) #256621 [since FEDORA-2007-1977] +CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 [since FEDORA-2007-2050] CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774] CVE-2007-4400 VULNERABLE (konversation) #253545 @@ -53,6 +53,7 @@ CVE-2007-4153 ignore (wordpress) "remote authenticated administrators" CVE-2007-4154 ignore (wordpress) "remote authenticated administrators" CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885] +CVE-2007-4138 VULNERABLE (samba, fixed 3.0.26) #286311 CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852] CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890] CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765] @@ -77,15 +78,16 @@ CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699] CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700] CVE-2007-3799 ** (php) -CVE-2007-3781 ** (mysql) -CVE-2007-3782 ** (mysql) +CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44) +CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.44) CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620] CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3735 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3728 ignore (libsilc, 1.1.1 only) -CVE-2007-3725 ** (clamav) +CVE-2007-3725 version (clamav) [since FEDORA-2007-2050] CVE-2007-3713 backport (centericq) #247979 [since FEDORA-2007-1160] CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130] @@ -98,13 +100,13 @@ CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033] CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045] -CVE-2007-3478 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3477 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3476 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3475 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3474 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3473 VULNERABLE (gd, fixed 2.0.35) #277411 -CVE-2007-3472 VULNERABLE (gd, fixed 2.0.35) #277411 +CVE-2007-3478 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3477 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3476 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3475 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3474 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3473 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] +CVE-2007-3472 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055] CVE-2007-3410 backport (HelixPlayer) #245838 [since FEDORA-2007-0756] CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807 CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] @@ -130,28 +132,27 @@ CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3239 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3238 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] -CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366] CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) -CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444] -CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765] -CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] -CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674] CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] CVE-2007-3145 VULNERABLE (galeon) ** CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3126 ignore (gimp) just a crash -CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] +CVE-2007-3122 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] CVE-2007-3121 version (zvbi, fixed 0.2.25) [since FEDORA-2007-0175] *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 +CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444] +CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765] +CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] +CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543] CVE-2007-3089 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3025 ignore (clamav, Solaris only) -CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3024 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] +CVE-2007-3023 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009] @@ -182,7 +183,7 @@ CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033] CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 CVE-2007-2683 backport (mutt) -*CVE-2007-2654 VULNERABLE (xfsdump) #240396 +CVE-2007-2654 version (xfsdump) #240396 CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] CVE-2007-2645 backport (libexif) #240055 [since FEDORA-2007-0414] *CVE-2007-2637 patch (moin, fixed 1.5.7-2) @@ -222,8 +223,8 @@ *CVE-2007-2165 VULNERABLE (proftpd) #237533 CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174] CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) -CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-2028 (freeradius) +CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050] +CVE-2007-2028 version (freeradius) *CVE-2007-2026 (file) CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) CVE-2007-1997 version (clamav, fixed in 0.90.2) @@ -297,7 +298,7 @@ CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 CVE-2007-1401 ignore (php) unshipped cracklib extension CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) -*CVE-2007-1398 ignore (snort, inline mode not shipped) #232109 +CVE-2007-1398 ignore (snort, inline mode not shipped) #232109, new upstream [since FEDORA-2007-2060] CVE-2007-1396 ignore (php) feature, not a flaw *CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3) @@ -622,7 +623,7 @@ *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 -*CVE-2006-5276 VULNERABLE (snort) #229265 +CVE-2006-5276 version (snort) #229265 [since FEDORA-2007-2060] CVE-2006-5229 ignore (openssh) not reproduced CVE-2006-5215 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-1409] *CVE-2006-5215 version (xorg-x11-xdm) -- fedora-extras-commits mailing list fedora-extras-commits@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-commits -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
