fedora-security/audit fc4,1.70,1.71
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Tue Oct 18 08:32:51 UTC 2005
- Previous message (by thread): rpms/ngrep/devel ngrep.spec,1.1,1.2
- Next message (by thread): rpms/maxima/FC-3 maxima-5.9.2-sbcl-disable-debugger.patch, NONE, 1.1 .cvsignore, 1.4, 1.5 maxima.spec, 1.9, 1.10 sources, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11643
Modified Files:
fc4
Log Message:
Deal with some recent FC4 updates, and invent a new keyword "blocked"
for issues that are totally blocked by something like FORTIFY_SOURCY
Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -r1.70 -r1.71
--- fc4 9 Oct 2005 15:37:53 -0000 1.70
+++ fc4 18 Oct 2005 08:32:49 -0000 1.71
@@ -1,9 +1,17 @@
-Up to date CVE as of CVE email 20051008
-Up to date FC4 as of 200501008
+Up to date CVE as of CVE email 20051017
+Up to date FC4 as of 200501017
** are items that need attention
+2005-3185 blocked (curl) by FORTIFY_SOURCE
+2005-3185 blocked (wget) by FORTIFY_SOURCE
+2005-3183 backport (w3c-libwww) [since FEDORA-2005-952]
+2005-3181 VULNERABLE (kernel)
+2005-3180 VULNERABLE (kernel)
+2005-3179 VULNERABLE (kernel)
2005-3164 version (tomcat, not 5)
+2005-3120 backport (lynx) [since FEDORA-2005-994]
+2005-3119 VULNERABLE (kernel)
2005-3110 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
2005-3109 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
2005-3108 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
@@ -12,15 +20,18 @@
2005-3105 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
2005-3089 ** firefox
2005-3055 VULNERABLE (kernel)
-2005-3054 ** php
+2005-3054 ignore (php) see bz#169857
2005-3053 version (kernel) [since FEDORA-2005-949] was backport since FEDORA-2005-820
2005-3044 backport (kernel, fixed 2.6.13.2) [since FEODRA-2005-949] patch-2.6.13.2
-2005-3011 ** texinfo
+2005-3011 backport (texinfo) [since FEDORA-2005-991]
2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
+2005-2969 backport (openssl, fixed 0.9.7h) [since FEDORA-2005-986]
+2005-2969 backport (openssl097a, fixed 0.9.7h) [since FEDORA-2005-986]
2005-2968 version (mozilla, not 1.7.10) +we include a different mozilla sh
2005-2968 version (firefox) [since FEDORA-2005-926]
2005-2968 version (thunderbird) [since FEDORA-2005-963]
2005-2946 VULNERABLE (openssl, fixed 0.9.8) (as it uses md5 md)
+2005-2933 ** uw-imap
2005-2917 ** squid
2005-2876 backport (util-linux) [since FEDORA-2005-887]
2005-2874 version (cups, fixed 1.1.23)
@@ -65,8 +76,8 @@
2005-2642 version (mutt, openbsd only)
2005-2641 VULNERABLE (pam_ldap) bz#166164
2005-2617 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
-2005-2602 ** VULNERABLE (firefox) probably
-2005-2602 ** VULNERABLE (thunderbird) probably
+2005-2602 VULNERABLE (firefox) probably
+2005-2602 VULNERABLE (thunderbird) probably
2005-2558 ignore (mysql) not an issue
2005-2558 version (mysql, fixed 4.1.13) [since FEDORA-2005-974]
2005-2555 version (kernel, fixed 2.6.12.6pre) [since FEDORA-2005-949] was backport since FEDORA-2005-820
@@ -422,8 +433,8 @@
2005-0137 version (kernel, not 2.6)
2005-0135 version (kernel, fixed 2.6.11)
2005-0124 version (kernel, fixed 2.6.11)
-2005-0109 backport (openssl097a) [since re0522.0]
-2005-0109 backport (openssl) [since re0522.0]
+2005-0109 backport (openssl097a) [since FEDORA-2005-986]
+2005-0109 backport (openssl) [since FEDORA-2005-986]
2005-0104 version (squirrelmail, fixed 1.4.4)
2005-0103 version (squirrelmail, fixed 1.4.4)
2005-0102 version (evolution-data-server, fixed 1.2.2 at least)
@@ -484,7 +495,7 @@
2004-2135 ignore (kernel) design
2004-2093 ignore (rsync, not security issue)
2004-2069 version (openssh, not 4)
-2004-2014 VULNERABLE (wget) bz#142832
+2004-2014 version (wget, fixed 1.10.1) [since FEDORA-2005-882]
2004-2013 ignore (kernel, not 2.6, also not exploitable)
2004-2004 version (SUSE configuration ponly)
2004-1880 version (openldap, fixed 2.2.21)
@@ -498,7 +509,7 @@
2004-1617 ignore (lynx) not able to verify flaw
2004-1614 version (mozilla, fixed 1.7.5)
2004-1613 version (mozilla, fixed 1.7.5)
-2004-1488 VULNERABLE (wget) bz#142832
+2004-1488 version (wget, fixed 1.10.1) [since FEDORA-2005-882]
2004-1471 version (cvs, fixed 1.12.9)
2004-1453 version (glibc, fixed 2.3.5)
2004-1452 version (tomcat, fixed 5.0.27-r3)
- Previous message (by thread): rpms/ngrep/devel ngrep.spec,1.1,1.2
- Next message (by thread): rpms/maxima/FC-3 maxima-5.9.2-sbcl-disable-debugger.patch, NONE, 1.1 .cvsignore, 1.4, 1.5 maxima.spec, 1.9, 1.10 sources, 1.3, 1.4
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list