Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4386 Modified Files: epel4 Log Message: Process a ton of epel4 items. Index: epel4 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel4,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- epel4 1 Sep 2007 18:49:37 -0000 1.1 +++ epel4 22 Sep 2007 04:07:57 -0000 1.2 @@ -3,99 +3,102 @@ # *CVE are items that need verification for EPEL-4 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20070829 -# Up to date EPEL4 as of +# Up to date CVE as of CVE email 20070914 +# Up to date EPEL4 as of 20070916 # -*CVE-2007-4631 VULNERABLE (qgit) #268381 +GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081 +*CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 +CVE-2007-4727 version (lighttpd, fixed 1.4.18) #284511 +*CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] +CVE-2007-4631 version (qgit, fixed 1.5.7) #268381 *CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 -*CVE-2007-4560 VULNERABLE (clamav) #260583 +CVE-2007-4560 VULNERABLE (clamav) #260583 *CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561 *CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -*CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 +CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 *CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] *CVE-2007-4400 VULNERABLE (konversation) #253545 -*CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589] +CVE-2007-4323 backport (denyhosts) #252291 *CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643 -*CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] -*CVE-2007-3725 ** (clamav) -*CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445] -*CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) -*CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] -*CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724] -*CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3113 VULNERABLE (cacti) #243592 -*CVE-2007-3112 VULNERABLE (cacti) #243592 -*CVE-2007-3025 ignore (clamav, Solaris only) -*CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 +CVE-2007-3725 ** (clamav) +CVE-2007-3555 version (moodle, fixed 1.8.2) #247528 +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) +CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3113 patch (cacti, fixed 0.8.7) #243592 +CVE-2007-3112 patch (cacti, fixed 0.8.7) #243592 +CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-2958 VULNERABLE (claws-mail) #254121 -*CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469] -*CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 -*CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154] -*CVE-2007-2637 patch (moin, fixed 1.5.7-2) -*CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 +*CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 +CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 +CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395 +CVE-2007-2637 patch (moin, fixed 1.5.7-2) +CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 -*CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 +CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 *CVE-2007-2165 VULNERABLE (proftpd) #237533 -*CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) -*CVE-2007-1997 version (clamav, fixed in 0.90.2) -*CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 -*CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 +CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) +CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2) +CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 +CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703 +CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 -*CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 -*CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 +CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 +CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 *CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 -*CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) +CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 -*CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) +CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) *CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] -*CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 -*CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 -*CVE-2007-0898 version (clamav, fixed 0.90) #229202 -*CVE-2007-0897 version (clamav, fixed 0.90) #229202 +CVE-2007-0902 version (moin, fixed 1.5.7-2) #228764 +CVE-2007-0901 version (moin, fixed 1.5.7-2) #228764 +CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202 +CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202 *CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 -*CVE-2007-0857 version (moin, fixed 1.5.7) #228139 +CVE-2007-0857 version (moin, fixed 1.5.7) #228139 *CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 -*CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) -*CVE-2007-0242 patch (qt4, fixed 4.2.3-7) +CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 *CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 -*CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 -*CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 -*CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 +CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 +CVE-2007-0007 version (gnucash, fixed 2.0.5) #223233 +CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) +CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 *CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) -*CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 -*CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 +CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 +CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 -*CVE-2006-6481 version (clamav, fixed 0.88.7) -*CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 -*CVE-2006-6374 ** (phpMyAdmin) #218853 -*CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 -*CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 +CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7) +CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095 +CVE-2006-6374 ** (phpMyAdmin) #218853 +CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 +CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 -*CVE-2006-5874 version (clamav, fixed 0.88.1) -*CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 +CVE-2006-5874 version (clamav, fixed 0.88.1) +CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 *CVE-2006-5602 version (xsupplicant, fixed 1.2.6) @@ -103,51 +106,51 @@ *CVE-2006-5455 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5454 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 -*CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 -*CVE-2006-5129 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4943 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4942 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4941 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4940 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4939 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4938 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4937 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4936 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4935 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4786 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4785 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4784 version (moodle, fixed 1.6.3) #206516 +CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 +CVE-2006-5129 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4943 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4942 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4941 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4940 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4939 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4938 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4937 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4936 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4935 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4786 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4785 version (moodle, fixed 1.6.3) #206516 +CVE-2006-4784 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4249 patch (plone, fixed 2.5.1-3) #213983 *CVE-2006-4248 ignore (thttpd, Debian specific issue) *CVE-2006-4247 patch (plone, fixed 2.5-4) #209163 -*CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 -*CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 +CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 +CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 *CVE-2006-3458 patch (zope, fixed 2.9.3-3) #198106 *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) -*CVE-2006-2489 version (nagios, fixed 2.3.1) -*CVE-2006-2427 ignore (clamav) not an issue bz#192076 +CVE-2006-2489 version (nagios, fixed 2.3.1) +CVE-2006-2427 ignore (clamav) not an issue bz#192076 *CVE-2006-2237 backport (awstats, fixed 6.5-5) bz#190923 -*CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612 +CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612 *CVE-2006-2017 version (dnsmasq, fixed 2.30) -*CVE-2006-1989 version (clamav, fixed 0.88.2) +CVE-2006-1989 version (clamav, fixed 0.88.2) *CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch *CVE-2006-1711 version (plone, fixed 2.1.2) bz#188886 -*CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050 -*CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) +CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050 +CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) *CVE-2006-1498 version (mediawiki, fixed 1.5.8) bz#188122 *CVE-2006-1079 patch (thttpd, fixed 2.25b-11) bz#191095 *CVE-2006-1078 patch (thttpd, fixed 2.25b-11) bz#191095 -*CVE-2006-0814 ignore (lighttpd, Windows-specific problem) -*CVE-2006-0760 version (lighttpd, fixed 1.4.10) -*CVE-2006-0458 version (irssi, fixed 0.8.10) bz#184509 +CVE-2006-0814 ignore (lighttpd, Windows-specific problem) +CVE-2006-0760 version (lighttpd, fixed 1.4.10) +CVE-2006-0458 VULNERABLE (irssi, fixed 0.8.10) bz#184509 *CVE-2006-0322 version (mediawiki, fixed 1.5.8) -*CVE-2006-0162 version (clamav, fixed 0.88) -*CVE-2006-0126 version (rxvt-unicode, fixed 7.5) -*CVE-2006-0106 version (wine, fixed 0.9.10) -*CVE-2006-0071 ignore (pinentry, Gentoo-specific problem) -*CVE-2005-4803 version (graphviz, fixed 2.2.1) +CVE-2006-0162 version (clamav, fixed 0.88) +CVE-2006-0126 version (rxvt-unicode, fixed 7.5) +CVE-2006-0106 version (wine, fixed 0.9.10) +CVE-2006-0071 ignore (pinentry, Gentoo-specific problem) +CVE-2005-4803 version (graphviz, fixed 2.2.1) *CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14) -- fedora-extras-commits mailing list fedora-extras-commits@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-commits -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list