fedora-security/audit fc4,1.94,1.95

Mark Cox (mjc) fedora-extras-commits at redhat.com
Wed Nov 23 16:37:22 UTC 2005 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30280

Modified Files:
	fc4 
Log Message:
Some fc4 fixes whilst dealing with fc5



Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- fc4	23 Nov 2005 14:14:09 -0000	1.94
+++ fc4	23 Nov 2005 16:37:20 -0000	1.95
@@ -3,9 +3,9 @@
 
 ** are items that need attention
 
-CVE-2005-3745 ** struts
-CVE-2005-3732 ** ipsec-tools
-CVE-2005-3675 ** kernel (optack)
+CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
+CVE-2005-3732 VULNERABLE (ipsec-tools, fixed 0.6.3) bz#173842
+CVE-2005-3675 VULNERABLE (kernel) optack
 CVE-2005-3671 version (openswan, fixed 2.4.4) [since FEDORA-2005-1093]
 CVE-2005-3662 version (netpbm)
 CVE-2005-3632 version (netpbm)
@@ -130,8 +130,8 @@
 CVE-2005-2641 VULNERABLE (pam_ldap) bz#166164
 CVE-2005-2629 version (helixplayer, fixed 1.0.6) [since FEDORA-2005-940]
 CVE-2005-2617 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
-CVE-2005-2602 VULNERABLE (firefox) probably
-CVE-2005-2602 VULNERABLE (thunderbird) probably
+CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
+CVE-2005-2602 ignore (thunderbird) probably
 CVE-2005-2558 ignore (mysql) not an issue
 CVE-2005-2558 version (mysql, fixed 4.1.13) [since FEDORA-2005-974]
 CVE-2005-2555 version (kernel, fixed 2.6.12.6pre) [since FEDORA-2005-949] was backport since FEDORA-2005-820
@@ -163,7 +163,7 @@
 CVE-2005-2448 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
 CVE-2005-2414 ignore (mozilla) not being fixed upstream, just a crash
 CVE-2005-2410 version (NetworkManager, fixed 5.0) [since FEDORA-2005-1027] was backport since FEDORA-2005-680
-CVE-2005-2395 VULNERABLE (firefox) not fixed upstream, maybe not security
+CVE-2005-2395 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=281851
 CVE-2005-2370 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
 CVE-2005-2370 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
 CVE-2005-2369 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624

More information about the fedora-extras-commits mailing list