fedora-security/audit fc5,1.2,1.3

Mark Cox (mjc) fedora-extras-commits at redhat.com
Wed Nov 23 09:57:05 UTC 2005 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16406

Modified Files:
	fc5 
Log Message:
Cherry-pick some more FC5 audit work



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- fc5	22 Nov 2005 13:32:29 -0000	1.2
+++ fc5	23 Nov 2005 09:57:02 -0000	1.3
@@ -1,4 +1,4 @@
-Up to date CVE as of CVE email 20051120
+Up to date CVE as of CVE email 20051121
 Up to date FC5 as of FC5-Test1-RC
 
 1. Removed packages with security issues that are no longer in FC5 
@@ -7,15 +7,19 @@
 and httpd
 3. Looked at those marked backport where we ship a newer version, manually
 looked at rest marked backport
-[todo: finish this, 78 CVE left]
+[todo: finish this, 58 CVE left]
 [todo: CVE from new packages added to FC5]
 [todo: file bugs for anything vulnerable]
 
 ** are items that need attention
 
-CVE-2005-3582 version (ImageMagick) gentoo only
+CVE-2005-3745 ** struts
+CVE-2005-3732 ** ipsec-tools
+CVE-2005-3662 version (netpbm)
+CVE-2005-3632 version (netpbm)
 CVE-2005-3675 VULNERABLE (kernel) optack
 CVE-2005-3671 VULNERABLE (openswan, fixed 2.4.4)
+CVE-2005-3582 version (ImageMagick) gentoo only
 **CVE-2005-3573 VULNERABLE (mailman)
 CVE-2005-3527 version (kernel, fixed 2.6.14 at least)
 CVE-2005-3402 ignore (thunderbird) mozilla say by design
@@ -46,12 +50,11 @@
 CVE-2005-3243 version (ethereal, fixed 0.10.13)
 CVE-2005-3242 version (ethereal, fixed 0.10.13)
 CVE-2005-3241 version (ethereal, fixed 0.10.13)
-**CVE-2005-3186 backport (gdk-pixbuf)
+CVE-2005-3186 backport (gdk-pixbuf)
 **CVE-2005-3186 backport (gtk2)
-**CVE-2005-3185 blocked (curl) by FORTIFY_SOURCE
+CVE-2005-3185 version (curl, fixed 7.15)
 **CVE-2005-3185 blocked (wget) by FORTIFY_SOURCE
 CVE-2005-3184 version (ethereal, fixed 0.10.13)
-**CVE-2005-3183 backport (w3c-libwww)
 CVE-2005-3181 version (kernel, fixed 2.6.13.4 at least)
 CVE-2005-3180 version (kernel, fixed 2.6.13.4 at least)
 CVE-2005-3179 version (kernel, fixed 2.6.13.4 at least)
@@ -73,9 +76,9 @@
 CVE-2005-3011 backport (texinfo)
 CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
 CVE-2005-2978 version (netpbm, fixed 10.25)
-**CVE-2005-2977 backport (pam)
-**CVE-2005-2976 backport (gdk-pixbuf)
-**CVE-2005-2975 backport (gdk-pixbuf)
+CVE-2005-2977 backport (pam)
+CVE-2005-2976 backport (gdk-pixbuf)
+CVE-2005-2975 backport (gdk-pixbuf)
 **CVE-2005-2975 backport (gtk2)
 CVE-2005-2973 version (kernel, 2.6.14 at least)
 CVE-2005-2970 VULNERABLE (httpd, fixed 2.0.55)
@@ -86,10 +89,10 @@
 CVE-2005-2968 version (thunderbird)
 CVE-2005-2959 ignore (sudo) not a vulnerability
 CVE-2005-2946 version (openssl, fixed 0.9.8)
-**CVE-2005-2933 VULNERABLE (uw-imap) bz#171345
+CVE-2005-2933 VULNERABLE (libc-client) fc4:bz#171345
 CVE-2005-2929 backport (lynx)
 CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
-**CVE-2005-2876 backport (util-linux)
+CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
 CVE-2005-2874 version (cups, fixed 1.1.23)
 CVE-2005-2873 VULNERABLE (kernel) not upstream fixed
 CVE-2005-2872 version (kernel, fixed 2.6.12)
@@ -127,7 +130,7 @@
 CVE-2005-2701 version (firefox, fixed 1.0.7)
 CVE-2005-2701 version (mozilla, fixed 1.7.12)
 CVE-2005-2700 backport (httpd, fixed 2.0.55) 
-**CVE-2005-2693 backport (cvs) [since FEDORA-2005-790]
+CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch
 CVE-2005-2672 backport (lm_sensors)
 **CVE-2005-2666 VULNERABLE (openssh) see bz#162681
 CVE-2005-2642 version (mutt, openbsd only)
@@ -255,8 +258,8 @@
 CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
 **CVE-2005-1740 backport (net-snmp, not fixed)
 CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
-**CVE-2005-1705 backport (gdb) [since FEDORA-2005-1033]
-**CVE-2005-1704 backport (gdb) [since FEDORA-2005-1033]
+CVE-2005-1705 backport (gdb)
+CVE-2005-1704 backport (gdb)
 **CVE-2005-1704 backport (binutils) ...eadelf-overflows.patch [since FEDORA-2005-498]
 **CVE-2005-1689 backport (krb5) [since FEDORA-2005-553]
 CVE-2005-1686 ignore (gedit, not a vulnerability)
@@ -310,9 +313,9 @@
 CVE-2005-1262 version (gaim, fixed 1.3.0)
 CVE-2005-1261 version (gaim, fixed 1.3.0)
 **CVE-2005-1260 backport (bzip2) in srpm [since re0522.0]
-**CVE-2005-1229 backport (cpio) from srpm [since re0522.0]
-CVE-2005-1228 backport (gzip) from srpm
-**CVE-2005-1194 backport (nasm) from srpm
+CVE-2005-1229 backport (cpio)
+CVE-2005-1228 backport (gzip)
+CVE-2005-1194 backport (nasm)
 CVE-2005-1184 ignore (kernel) expected to not be an issue
 **CVE-2005-1175 backport (krb5) [since FEDORA-2005-553]
 **CVE-2005-1174 backport (krb5) [since FEDORA-2005-553]
@@ -326,7 +329,7 @@
 CVE-2005-1155 version (firefox, mozilla)
 CVE-2005-1154 version (firefox, mozilla)
 CVE-2005-1153 version (firefox, mozilla)
-**CVE-2005-1111 backport (cpio) from srpm
+CVE-2005-1111 backport (cpio)
 CVE-2005-1065 version (tetex, not upstream)
 CVE-2005-1061 version (logwatch, in 4.3.2 at least)
 CVE-2005-1046 version (kdelibs, fixed after 3.4.0)
@@ -334,7 +337,7 @@
 CVE-2005-1042 version (php, fixed 4.3.11)
 CVE-2005-1041 version (kernel, fixed 2.6.12)
 CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue
-**CVE-2005-1038 backport (vixie-cron) from srpm
+CVE-2005-1038 backport (vixie-cron)
 **CVE-2005-0990 backport (sharutils) from srpm
 CVE-2005-0989 version (mozilla, fixed 1.7.7)
 CVE-2005-0989 version (firefox, fixed 1.0.3)
@@ -370,7 +373,7 @@
 CVE-2005-0756 version (kernel, fixed 2.6.12)
 CVE-2005-0755 version (HelixPlayer, fixed 10.0.4)
 CVE-2005-0754 version (kdewebdev, fixed after 3.4.0)
-**CVE-2005-0753 backport (cvs, fixed 1.12.12) in cvs-1.11.17-CAN-2005-0753.patch
+CVE-2005-0753 version (cvs, fixed 1.11.20)
 CVE-2005-0752 version (firefox, fixed 1.0.3)
 CVE-2005-0750 version (kernel, fixed 2.6.11.6)
 CVE-2005-0749 version (kernel, fixed 2.6.11.6)
@@ -411,14 +414,14 @@
 CVE-2005-0524 version (php, fixed 5.0.4)
 CVE-2005-0504 version (kernel, doesn't build in 2.6)
 CVE-2005-0490 version (curl, fixed 7.13.1)
-**CVE-2005-0488 backport (telnet) since ga
+CVE-2005-0488 backport (telnet)
 **CVE-2005-0488 backport (krb5) [since FEDORA-2005-553]
 CVE-2005-0473 version (gaim, fixed 1.1.3)
 CVE-2005-0472 version (gaim, fixed 1.1.3)
 CVE-2005-0469 version (krb5, fixed 1.4.1)
-**CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
+CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
 CVE-2005-0468 version (krb5, fixed 1.4.1)
-**CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
+CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
 CVE-2005-0449 version (kernel, fixed 2.6.11)
 **CVE-2005-0448 VULNERABLE (perl) bz#173793
 CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
@@ -573,7 +576,7 @@
 CVE-2004-1614 version (mozilla, fixed 1.7.5)
 CVE-2004-1613 version (mozilla, fixed 1.7.5)
 CVE-2004-1488 version (wget, fixed 1.10.1)
-**CVE-2004-1471 version (cvs, fixed 1.12.9)
+CVE-2004-1471 version (cvs, fixed 1.12.9)
 CVE-2004-1453 version (glibc, fixed 2.3.5)
 CVE-2004-1452 version (tomcat, fixed 5.0.27-r3)
 CVE-2004-1451 version (mozilla, firefox, thunderbird)
@@ -595,7 +598,7 @@
 CVE-2004-1307 version (libtiff, was already fixed with 0886)
 CVE-2004-1304 version (file, fixed 4.12)
 CVE-2004-1296 backport (groff) from srpm
-CVE-2004-1287 backport (nasm) from srpm
+CVE-2004-1287 backport (nasm)
 CVE-2004-1270 version (cups, fixed 1.1.23)
 CVE-2004-1269 version (cups, fixed 1.1.23)
 CVE-2004-1268 version (cups, fixed 1.1.23)
@@ -1197,7 +1200,7 @@
 CVE-2002-1914 version (dump, fixed 0.4b29)
 CVE-2002-1850 version (mod_cgi, fixed 2.0.41)
 CVE-2002-1827 version (sendmail, fixed after 8.12.3)
-**CVE-2002-1814 ignore (bonobo) not shipped setuid
+CVE-2002-1814 ignore (bonobo) not shipped setuid
 CVE-2002-1793 version (mod_ssl), also only hp
 CVE-2002-1783 version (php, fixed after 4.2.3)
 CVE-2002-1765 version (evolution, fixed 1.0.5)
@@ -1209,4 +1212,4 @@
 CVE-2001-1490 version (mozilla, fixed 1.0.0)
 CVE-2001-1494 version (util-linux, fixed 2.11n)
 CVE-2001-0955 version (XFree86, fixed 4.2.0)
-**CVE-1999-1572 backport (cpio) from srpm
+CVE-1999-1572 backport (cpio) from srpm

More information about the fedora-extras-commits mailing list