fedora-security/audit fc5,1.7,1.8

[Mark Cox (mjc)]

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16077

Modified Files:
	fc5 
Log Message:
Do some quick bugs for the outstanding vulnerables



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- fc5	25 Nov 2005 12:36:03 -0000	1.7
+++ fc5	25 Nov 2005 13:11:29 -0000	1.8
@@ -8,7 +8,7 @@
 3. Looked at those marked backport where we ship a newer version, manually
 looked at rest marked backport
 4. Looked at CVE for any new packages added to FC5
-[todo: file bugs for anything vulnerable]
+5. Filed tracking bugs for vulnerable issues
 
 ** are items that need attention
 
@@ -16,20 +16,20 @@
 CVE-2005-3783 backport (kernel, fixed 2.6.15) patch-2.6.15-rc1
 CVE-2005-3753 version (kernel, fixed 2.6.14) also not a vuln
 CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
-CVE-2005-3732 VULNERABLE (ipsec-tools, fixed 0.6.3) fc4:bz#173842
+CVE-2005-3732 VULNERABLE (ipsec-tools, fixed 0.6.3) BZ#174165
 CVE-2005-3675 VULNERABLE (kernel) optack
-CVE-2005-3671 VULNERABLE (openswan, fixed 2.4.4)
+CVE-2005-3671 VULNERABLE (openswan, fixed 2.4.4) BZ#174165
 CVE-2005-3662 version (netpbm)
 CVE-2005-3632 version (netpbm)
 CVE-2005-3582 version (ImageMagick) gentoo only
-CVE-2005-3573 VULNERABLE (mailman) not fixed 2.1.6
+CVE-2005-3573 VULNERABLE (mailman) not fixed 2.1.6 BZ#174166
 CVE-2005-3527 version (kernel, fixed 2.6.14 at least)
 CVE-2005-3402 ignore (thunderbird) mozilla say by design
 CVE-2005-3392 version (php, not 5.0)
 CVE-2005-3391 version (php, not 5.0)
-CVE-2005-3390 VULNERABLE (php)
-CVE-2005-3389 VULNERABLE (php)
-CVE-2005-3388 VULNERABLE (php)
+CVE-2005-3390 VULNERABLE (php) BZ#174167
+CVE-2005-3389 VULNERABLE (php) BZ#174168
+CVE-2005-3388 VULNERABLE (php) BZ#174169
 CVE-2005-3353 version (php, not 5.0)
 CVE-2005-3351 version (spamassassin, fixed 3.1.0)
 CVE-2005-3322 version (squid) not upstream, SUSE only
@@ -83,7 +83,7 @@
 CVE-2005-2975 backport (gdk-pixbuf)
 CVE-2005-2975 version (gtk2, fixed 2.8.7)
 CVE-2005-2973 version (kernel, fixed 2.6.14 at least)
-CVE-2005-2970 VULNERABLE (httpd, fixed 2.0.55)
+CVE-2005-2970 VULNERABLE (httpd, fixed 2.0.55) BZ#174170
 CVE-2005-2969 version (openssl, fixed 0.9.8a)
 CVE-2005-2969 backport (openssl097a, fixed 0.9.7h)
 CVE-2005-2968 version (mozilla, not 1.7.10)
@@ -91,7 +91,7 @@
 CVE-2005-2968 version (thunderbird)
 CVE-2005-2959 ignore (sudo) not a vulnerability
 CVE-2005-2946 version (openssl, fixed 0.9.8)
-CVE-2005-2933 VULNERABLE (libc-client) fc4:bz#171345
+CVE-2005-2933 VULNERABLE (libc-client) BZ#174171
 CVE-2005-2929 backport (lynx)
 CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
 CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
@@ -376,7 +376,7 @@
 CVE-2005-0760 version (ImageMagick, fixed 6.0)
 CVE-2005-0759 version (ImageMagick, fixed 6.0)
 CVE-2005-0758 version (gzip, fixed 1.3.5)
-CVE-2005-0758 VULNERABLE (bzip2) fc4:bz#159819
+CVE-2005-0758 VULNERABLE (bzip2) BZ#174172
 CVE-2005-0757 version (kernel, not 2.6)
 CVE-2005-0756 version (kernel, fixed 2.6.12)
 CVE-2005-0755 version (HelixPlayer, fixed 10.0.4)
@@ -399,7 +399,7 @@
 CVE-2005-0627 version (qt, fixed 3.3.4)
 CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
 CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) 
-CVE-2005-0602 VULNERABLE (unzip, fixed 5.52)
+CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour
 CVE-2005-0596 version (php, fixed 5.0)
 CVE-2005-0593 version (mozilla)
 CVE-2005-0593 version (firefox)
@@ -546,7 +546,7 @@
 CVE-2005-0078 version (kde, fixed 3.0.5)
 CVE-2005-0077 version (perl-DBI, fixed 1.48 at least)
 CVE-2005-0075 version (squirrelmail, fixed 1.4.4)
-CVE-2005-0069 VULNERABLE (vim) fc4 fixed by vim-6.3-tmpfile.patch
+CVE-2005-0069 VULNERABLE (vim) fc4 fixes vim-6.3-tmpfile.patch BZ#174173
 CVE-2005-0064 version (tetex, fixed 3.0)
 CVE-2005-0064 version (kpdf, not 3.4)
 CVE-2005-0064 backport (cups)