fedora-security/audit fc4,1.26,1.27

Mark Cox (mjc) fedora-extras-commits at redhat.com
Wed Jul 20 09:45:56 UTC 2005 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1924

Modified Files:
	fc4 
Log Message:
Get around to dealing with some issues that needed attention.  The only
significant issue left is a Mozilla issue where I can't yet find out what
release fixed the flaw.  Josh opened a bug in bugzilla.mozilla.org for this
but it was dupe'd to a private bug I can't access, so we'll need to wait
to finish this one off.



Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- fc4	20 Jul 2005 08:28:11 -0000	1.26
+++ fc4	20 Jul 2005 09:45:53 -0000	1.27
@@ -24,7 +24,7 @@
 2005-2260 VULNERABLE (firefox, fixed 1.0.5)
 2005-2260 VULNERABLE (mozilla, fixed 1.7.9)
 2005-2177 version (net-snmp, fixed 5.2.1.2) [since FEDORA-2005-561]
-2005-2114 ** mozilla
+2005-2114 ** mozilla, can't find out when this was fixed upstream
 2005-2096 backport (zlib) [since FEDORA-2005-523]
 2005-2096 backport (rpm) [since FEDORA-2005-565]
 2005-2095 VULNERABLE (squirrelmail)
@@ -40,8 +40,7 @@
 2005-1763 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
 2005-1762 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
 2005-1761 version (kernel, fixed 2.6.12.2) [since FEDORA-2005-510]
-2005-2069 ** openldap
-2005-2069 ** pam_ldap
+2005-2069 VULNERABLE (nss_ldap) http://bugzilla.padl.com/attachment.cgi?id=10&action=view
 2005-2023 version (gnupg, fixed 1.9.15)
 2005-1993 backport (sudo, fixed 1.6.8p9) [since FEDORA-2005-472]
 2005-1992 backport (ruby) [since FEDORA-2005-475]
@@ -50,20 +49,21 @@
 2005-1934 version (gaim, fixed 1.3.1) [since FEDORA-2005-411]
 2005-1831 ignore (sudo) unsubstantiated report
 2005-1763 version (kernel) [since FEDORA-2005-510]
-2005-1769 ** squirrelmail
+2005-1769 VULNERABLE (squirrelmail, fixed 1.4.5)
 2005-1766 version (HelixPlayer, fixed 1.0.5) [since FEDORA-2005-483]
-2005-1760 ** probably vulnerable sysreport
+2005-1760 VULNERABLE (sysreport)
 2005-1759 VULNERABLE (nmap)
 2005-1759 VULNERABLE (openldap)
 2005-1759 VULNERABLE (php)
-2005-1751 ** nmap
-2005-1751 ** openldap
+2005-1751 VULNERABLE (nmap, fixed shtool 2.0.2) #158996
+2005-1751 VULNERABLE (openldap, fixed shtool 2.0.2)
+2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
 2005-1571 version (php, fixed shtool 2.0.2) [since FEDORA-2005-518]
 2005-1740 backport (net-snmp, not fixed)
 2005-1739 backport (ImageMagick, fixed 6.2.2.3) [since re0526.1]
 2005-1705 version (gdb, fixed 6.3)
 2005-1704 version (gdb, fixed 6.3)
-2005-1704 ** (binutils) [since FEDORA-2005-498]
+2005-1704 backport (binutils) ...eadelf-overflows.patch [since FEDORA-2005-498]
 2005-1689 backport (krb5) [since FEDORA-2005-553]
 2005-1686 ignore (gedit, not a vulnerability)
 2005-1636 VULNERABLE (mysql, fixed 4.1.12) minor issue
@@ -975,13 +975,12 @@
 
 older, happened to deal with at same time:
 
-2002-1963 ** kernel
-2002-1976 ** kernel
+2002-1963 version (kernel, not 2.6)
+2002-1976 ignore (ifconfig) "use ip"
 2002-1914 version (dump, fixed 0.4b29)
-2002-1890 ** rhmask
-2002-1850 ** mod_cgi
-2002-1827 ** sendmail
-2002-1814 ** bonobo
+2002-1850 version (mod_cgi, fixed 2.0.41)
+2002-1827 version (sendmail, fixed after 8.12.3)
+2002-1814 ignore (bonobo) not shipped setuid
 2002-1793 version (mod_ssl), also only hp
 2002-1783 version (php, fixed after 4.2.3)
 2002-1765 version (evolution, fixed 1.0.5)

More information about the fedora-extras-commits mailing list