fedora-security/audit fc6,1.9,1.10

Tue Aug 15 09:28:13 UTC 2006

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4525

Modified Files:
	fc6 
Log Message:
Deal with some more easy reviews where looking at the filelist in the
srpm or changelog comments in association with the version change between
fc5/fc6 is sufficient.  The remainder require additional work looking at
patches and confirming by hand



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10

--- fc6	15 Aug 2006 07:47:33 -0000	1.9
+++ fc6	15 Aug 2006 09:28:10 -0000	1.10
@@ -13,9 +13,9 @@
 
 ** are items that need attention
 
-CVE-2006-4031 VULNERABLE (mysql, fixed 5.0.24) #202247 ###
-CVE-2006-4020 VULNERABLE (php) #201767 ###
-CVE-2006-4019 VULNERABLE (squirrelmail, fixed 1.4.8) #202196 ###
+CVE-2006-4031 VULNERABLE (mysql, fixed 5.0.24) fc5#202247
+CVE-2006-4020 VULNERABLE (php) fc5#201767
+CVE-2006-4019 VULNERABLE (squirrelmail, fixed 1.4.8) fc5#202196
 CVE-2006-3918 version (httpd, fixed 2.2.2)
 CVE-2006-3879 version (mikmod, not 3.1.6)
 CVE-2006-3835 version (tomcat, fixed 5.5.17)
@@ -43,11 +43,11 @@
 CVE-2006-3802 version (firefox, fixed 1.5.0.5)
 CVE-2006-3802 VULNERBALE (thunderbird, fixed 1.5.0.5)
 CVE-2006-3801 version (firefox, fixed 1.5.0.5)
-CVE-2006-3801 VULNERABLER (thunderbird, fixed 1.5.0.5)
-CVE-2006-3747 backport (httpd, fixed 2.2.3) ###
+CVE-2006-3801 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3747 VULNERABLE (httpd, fixed 2.2.3)
 CVE-2006-3746 version (gnupg, fixed 1.4.5)
 CVE-2006-3731 ignore (firefox) just a user complicit crash
-CVE-2006-3694 backport (ruby, fixed 1.8.5) #199538 #199543 [since FEDORA-2006-849] ###
+CVE-2006-3694 backport (ruby, fixed 1.8.5)
 CVE-2006-3677 version (firefox, fixed 1.5.0.5)
 CVE-2006-3677 VULNERABLE (thunderbird, fixed 1.5.0.5)
 CVE-2006-3672 ignore (konqueror) just a crash
@@ -60,36 +60,36 @@
 CVE-2006-3628 version (wireshark, fixed 0.99.2)
 CVE-2006-3627 version (wireshark, fixed 0.99.2)
 CVE-2006-3626 version (kernel, fixed 2.6.17.6)
-CVE-2006-3619 VULNERABLE (gcc/fastjar) ###
+CVE-2006-3619 VULNERABLE (gcc/fastjar 0.93) ###
 CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
-CVE-2006-3469 VULNERABLE (mysql) ###
+CVE-2006-3469 version (mysql)
 CVE-2006-3468 VULNERABLE (kernel, fixed 2.6.17.8) not fixed upstream
-CVE-2006-3467 VULNERABLE (freetype) ###
-CVE-2006-3467 VULNERABLE (xorg) #202475
-CVE-2006-3465 backport (libtiff) [since FEDORA-2006-877] ###
-CVE-2006-3464 backport (libtiff) [since FEDORA-2006-877] ###
-CVE-2006-3463 backport (libtiff) [since FEDORA-2006-877] ###
-CVE-2006-3462 backport (libtiff) [since FEDORA-2006-877] ###
-CVE-2006-3461 backport (libtiff) [since FEDORA-2006-877] ###
-CVE-2006-3460 backport (libtiff) [since FEDORA-2006-877] ###
-CVE-2006-3459 backport (libtiff) [since FEDORA-2006-877] ###
+CVE-2006-3467 version (freetype, fixed 2.2)
+CVE-2006-3467 VULNERABLE (libXfont) fc5#202475 ###
+CVE-2006-3465 backport (libtiff) libtiff-3.8.2-ormandy.patch
+CVE-2006-3464 backport (libtiff) libtiff-3.8.2-ormandy.patch
+CVE-2006-3463 backport (libtiff) libtiff-3.8.2-ormandy.patch
+CVE-2006-3462 backport (libtiff) libtiff-3.8.2-ormandy.patch
+CVE-2006-3461 backport (libtiff) libtiff-3.8.2-ormandy.patch
+CVE-2006-3460 backport (libtiff) libtiff-3.8.2-ormandy.patch
+CVE-2006-3459 backport (libtiff) libtiff-3.8.2-ormandy.patch
 CVE-2006-3404 version (gimp, fixed 2.2.12)
 CVE-2006-3403 version (samba, fixed 3.0.23)
 CVE-2006-3378 ignore (shadow-utils) we don't ship passwd from shadow-utils
-CVE-2006-3376 backport (libwmf) #198291 [since FEDORA-2006-805] ###
+CVE-2006-3376 backport (libwmf) from changelog
 CVE-2006-3352 ignore (firefox) not a vulnerability
 CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable
 CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12)
 CVE-2006-3174 version (squirrelmail, fixed 1.4.7)
 CVE-2006-3145 version (netpbm, fixed 10.34)
 CVE-2006-3127 version (nss, only affected 3.11)
-CVE-2006-3122 ** dhcp ###
+CVE-2006-3122 ** dhcp
 CVE-2006-3117 version (openoffice.org, fixed 2.0.3)
 CVE-2006-3113 version (firefox, fixed 1.5.0.5)
 CVE-2006-3113 VULNERABLE (thunderbird, fixed 1.5.0.5)
 CVE-2006-3085 version (kernel, fixed 2.6.17.1)
 CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux
-CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) [since FEDORA-2006-905] ###
+CVE-2006-3083 VULNERABLE (krb5, fixed 1.5.1, 1.4.4)
 CVE-2006-3082 version (gnupg, fixed 1.4.4)
 CVE-2006-3081 version (mysql, fixed 5.1.18)
 CVE-2006-3057 version (dhcdbd, fixed 1.14)
@@ -101,8 +101,8 @@
 CVE-2006-2935 version (kernel, fixed 2.6.17.7)
 CVE-2006-2934 version (kernel, fixed 2.6.17.3)
 CVE-2006-2933 version (kde, not 3.2+)
-CVE-2006-2916 ignore (arts) not shipped setuid ###
-CVE-2006-2906 VULNERABLE (gd) #194520 ###
+CVE-2006-2916 ignore (arts) not shipped setuid
+CVE-2006-2906 backport (gd) from changelog
 CVE-2006-2894 VULNERABLE (firefox) ###
 CVE-2006-2842 version (squirrelmail, fixed 1.4.6)
 CVE-2006-2789 version (evolution, fixed 2.4.X)
@@ -117,7 +117,7 @@
 CVE-2006-2783 version (thunderbird, fixed 1.5.0.4)
 CVE-2006-2782 version (firefox, fixed 1.5.0.4)
 CVE-2006-2781 version (thunderbird, fixed 1.5.0.4)
-CVE-2006-2780 VULNERABLE (firefox) ###
+CVE-2006-2780 version (firefox, fixed 1.5.0.4)
 CVE-2006-2780 version (thunderbird, fixed 1.5.0.4)
 CVE-2006-2779 version (firefox, fixed 1.5.0.4)
 CVE-2006-2779 version (thunderbird, fixed 1.5.0.4)
@@ -138,7 +138,7 @@
 CVE-2006-2613 ignore (firefox) This isn't an issue on FC
 CVE-2006-2607 backport (vixie-cron) #177476 ###
 CVE-2006-2563 ignore (php) safe mode isn't safe
-CVE-2006-2452 version (gdm) [since FEDORA-2006-674] ###
+CVE-2006-2452 version (gdm)
 CVE-2006-2451 version (kernel, fixed 2.6.17.4)
 CVE-2006-2449 version (kdebase, fixed 3.5.4)
 CVE-2006-2448 version (kernel, fixed 2.6.17)
@@ -165,7 +165,7 @@
 CVE-2006-2194 ignore (ppp) pppd not suid
 CVE-2006-2193 VULNERABLE (libtiff) #194363 ###
 CVE-2006-2120 backport (libtiff) #189976 [since FEDORA-2006-473] ###
-CVE-2006-2073 VULNERABLE (bind) ###
+CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP
 CVE-2006-2083 version (rsync, fixed 2.6.8)
 CVE-2006-2071 version (kernel, fixed 2.6.16.6)
 CVE-2006-2057 ignore (firefox) not Linux
@@ -243,9 +243,9 @@
 CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue
 CVE-2006-1608 ignore (php) safe mode isn't safe
 CVE-2006-1549 ignore (php) this is not a security issue
-CVE-2006-1548 VULNERABLE (struts, fixed 1.2.9)  ###
-CVE-2006-1547 VULNERABLE (struts, fixed 1.2.9)  ###
-CVE-2006-1546 VULNERABLE (struts, fixed 1.2.9)  ###
+CVE-2006-1548 VULNERABLE (struts, fixed 1.2.9)
+CVE-2006-1547 VULNERABLE (struts, fixed 1.2.9)
+CVE-2006-1546 VULNERABLE (struts, fixed 1.2.9)
 CVE-2006-1542 backport (python)  [since FEDORA-2006-689] ###
 CVE-2006-1531 version (thunderbird, fixed 1.5.0.2)
 CVE-2006-1531 version (firefox, fixed 1.5.0.2)
@@ -284,7 +284,7 @@
 CVE-2006-1066 version (kernel, fixed 2.6.16)
 CVE-2006-1061 version (curl, fixed 7.15.3)
 CVE-2006-1059 version (samba, fixed 3.0.22 at least)
-CVE-2006-1058 backport (busybox)  [since FEDORA-2006-510] ###
+CVE-2006-1058 version (busybox, fixed 1.2.x)
 CVE-2006-1057 version (gdm, fixed 2.14.1)
 CVE-2006-1056 version (kernel, fixed 2.6.16.9)
 CVE-2006-1055 version (kernel, fixed 2.6.17)
@@ -311,13 +311,13 @@
 CVE-2006-0670 VULNERABLE (bluez-hcidump) ###
 CVE-2006-0645 version (gnutls, fixed 1.2.10)
 CVE-2006-0591 version (postgresql, fixed 8.0.6)
-CVE-2006-0576 backport (oprofile) oprofile_opcontrol.patch ###
+CVE-2006-0576 backport (oprofile) oprofile_opcontrol.patch
 CVE-2006-0558 version (kernel, fixed 2.6.16)
 CVE-2006-0557 version (kernel, fixed 2.6.15.6)
 CVE-2006-0555 version (kernel, fixed 2.6.16)
 CVE-2006-0554 version (kernel, fixed 2.6.16)
 CVE-2006-0553 version (postgresql, only 8.1, fixed 8.1.3)
-CVE-2006-0528 backport (cairo) cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch ###
+CVE-2006-0528 version (cairo, fixed 1.0.4)
 CVE-2006-0496 VULNERABLE (firefox) not fixed upstream ###
 CVE-2006-0482 ignore (kernel) sparc only
 CVE-2006-0481 version (libpng, 1.2.7 only)
@@ -331,9 +331,9 @@
 CVE-2006-0369 ignore (mysql) this is not a security issue
 CVE-2006-0321 version (fetchmail, fixed 6.3.2)
 CVE-2006-0301 version (poppler, fixed 0.4.5)
-CVE-2006-0301 backport (xpdf) xpdf-3.01pl2.patch ###
+CVE-2006-0301 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2006-0301 version (kdegraphics, fixed 3.5.2)
-CVE-2006-0300 VULNERABLE (tar) [fixed rawhide in tar-1.15.1-13] ###
+CVE-2006-0300 backport (tar) ###
 CVE-2006-0299 version (thunderbird, fixed 1.5)
 CVE-2006-0299 version (firefox, fixed 1.5.0.1)
 CVE-2006-0298 version (thunderbird, fixed 1.5)
@@ -382,7 +382,7 @@
 CVE-2005-4703 ignore (tomcat) windows only
 CVE-2005-4685 VULNERABLE (firefox) not fixed upstream ###
 CVE-2005-4684 ignore (kdebase) not fixed upstream, low, can't fix
-CVE-2005-4667 backport (unzip) ###
+CVE-2005-4667 backport (unzip) changelog
 CVE-2005-4639 version (kernel, fixed 2.6.15)
 CVE-2005-4636 version (openoffice.org, fixed 2.0.1)
 CVE-2005-4635 version (kernel, fixed 2.6.15)
@@ -391,13 +391,13 @@
 CVE-2005-4585 version (wireshark, fixed 0.10.14)
 CVE-2005-4442 version (openldap) gentoo only
 CVE-2005-4348 version (fetchmail, fixed 6.3.1)
-CVE-2005-4268 backport (cpio) also blocked by FORTIFY_SOURCE ###
+CVE-2005-4268 backport (cpio) cpio-2.6-writeOutHeaderBufferOverflow.patch
 CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment
 CVE-2005-4154 ignore (php) don't install untrusted pear packages
 CVE-2005-4153 version (mailman)
 CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html
 CVE-2005-4077 version (curl, fixed 7.15.1)
-CVE-2005-3964 backport (openmotif) ###
+CVE-2005-3964 backport (openmotif) from changelog
 CVE-2005-3962 version (perl, fixed 5.8.8)
 CVE-2005-3883 version (php, fixed 5.1.1 at least)
 CVE-2005-3858 version (kernel, fixed 2.6.13)
@@ -425,28 +425,28 @@
 CVE-2005-3629 version (initscripts, fixed 8.29 at least)
 CVE-2005-3628 version (poppler, fixed 0.4.4)
 CVE-2005-3628 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3628 backport (xpdf) xpdf-3.01pl2.patch ###
-CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch ###
+CVE-2005-3628 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch
 CVE-2005-3628 version (cups, fixed 1.2.0)
 CVE-2005-3627 version (poppler, fixed 0.4.4)
 CVE-2005-3627 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3627 backport (xpdf) xpdf-3.01pl2.patch ###
-CVE-2005-3627 backport (tetex) ###
+CVE-2005-3627 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3627 backport (tetex)
 CVE-2005-3627 version (cups, fixed 1.2.0)
 CVE-2005-3626 version (poppler, fixed 0.4.4)
 CVE-2005-3626 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3626 backport (xpdf) xpdf-3.01pl2.patch ###
-CVE-2005-3626 backport (tetex) ###
+CVE-2005-3626 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3626 backport (tetex)
 CVE-2005-3626 version (cups, fixed 1.2.0)
 CVE-2005-3625 version (poppler, fixed 0.4.4)
 CVE-2005-3625 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3625 backport (xpdf) xpdf-3.01pl2.patch ###
-CVE-2005-3625 backport (tetex) ###
+CVE-2005-3625 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3625 backport (tetex)
 CVE-2005-3625 version (cups, fixed 1.2.0)
 CVE-2005-3624 version (poppler, fixed 0.4.4)
 CVE-2005-3624 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3624 backport (xpdf) xpdf-3.01pl2.patch ###
-CVE-2005-3624 backport (tetex) ###
+CVE-2005-3624 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3624 backport (tetex)
 CVE-2005-3624 version (cups, fixed 1.2.0)
 CVE-2005-3623 version (kernel, fixed 2.6.14.5)
 CVE-2005-3582 version (ImageMagick) gentoo only
@@ -487,18 +487,18 @@
 CVE-2005-3241 version (wireshark, fixed 0.10.13)
 CVE-2005-3193 version (poppler, fixed 0.4.4)
 CVE-2005-3193 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3193 backport (xpdf) xpdf-3.01pl2.patch ###
-CVE-2005-3193 backport (tetex) tetex-3.0-CVE-2005-3193.patch ###
+CVE-2005-3193 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3193 backport (tetex) tetex-3.0-CVE-2005-3193.patch
 CVE-2005-3193 version (cups, fixed 1.2.0)
 CVE-2005-3192 version (poppler, fixed 0.4.4)
 CVE-2005-3192 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3192 backport (xpdf) xpdf-3.01pl2.patch ###
-CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch ###
+CVE-2005-3192 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch
 CVE-2005-3192 version (cups, fixed 1.2.0)
 CVE-2005-3191 version (poppler, fixed 0.4.4)
 CVE-2005-3191 version (kdegraphics, fixed 3.5.1)
-CVE-2005-3191 backport (xpdf) xpdf-3.01pl2.patch ###
-CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch ###
+CVE-2005-3191 backport (xpdf) xpdf-3.01pl2.patch
+CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch
 CVE-2005-3191 version (cups, fixed 1.2.0)
 CVE-2005-3186 version (gtk2, fixed 2.8.7 at least)
 CVE-2005-3185 version (wget, fixed 1.10.2 at least)
@@ -508,7 +508,7 @@
 CVE-2005-3180 version (kernel, fixed 2.6.13.4)
 CVE-2005-3179 version (kernel, fixed 2.6.13.4)
 CVE-2005-3164 version (tomcat, not 5)
-CVE-2005-3120 backport (lynx) ###
+CVE-2005-3120 backport (lynx) changelog
 CVE-2005-3119 version (kernel, fixed 2.6.13.4)
 CVE-2005-3110 version (kernel, fixed 2.6.12)
 CVE-2005-3109 version (kernel, fixed 2.6.12)
@@ -522,8 +522,8 @@
 CVE-2005-3054 ignore (php)
 CVE-2005-3053 version (kernel, fixed 2.6.12.5)
 CVE-2005-3044 version (kernel, fixed 2.6.13.2)
-CVE-2005-3011 backport (texinfo) texinfo-CAN-2005-3011.patch ###
-CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts ####
+CVE-2005-3011 backport (texinfo) texinfo-CAN-2005-3011.patch
+CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
 CVE-2005-2978 version (netpbm, fixed 10.25)
 CVE-2005-2977 version (pam, fixed 0.99.2.1 at least)
 CVE-2005-2975 version (gtk2, fixed 2.8.7)
@@ -536,7 +536,7 @@
 CVE-2005-2959 ignore (sudo) not a vulnerability
 CVE-2005-2946 version (openssl, fixed 0.9.8)
 CVE-2005-2933 version (libc-client, fixed 2004g at least)
-CVE-2005-2929 backport (lynx) ###
+CVE-2005-2929 backport (lynx) changelog
 CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
 CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
 CVE-2005-2874 version (cups, fixed 1.1.23)
@@ -568,7 +568,7 @@
 CVE-2005-2702 version (firefox, fixed 1.0.7)
 CVE-2005-2701 version (firefox, fixed 1.0.7)
 CVE-2005-2700 version (httpd, not 2.2)
-CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch ###
+CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch
 CVE-2005-2672 version (lm_sensors, fixed 2.9.2)
 CVE-2005-2666 version (openssh, fixed 4.0p1)
 CVE-2005-2642 version (mutt) openbsd only
@@ -596,7 +596,7 @@
 CVE-2005-2491 ignore (php) php uses system pcre
 CVE-2005-2491 ignore (httpd) httpd uses system pcre
 CVE-2005-2490 version (kernel, fixed 2.6.13.1)
-CVE-2005-2475 backport (unzip) unzip-5.52-toctou.patch ###
+CVE-2005-2475 backport (unzip) unzip-5.52-toctou.patch
 CVE-2005-2471 version (netpbm, fixed 10.31)
 CVE-2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible
 CVE-2005-2458 version (kernel, fixed 2.6.12.5)
@@ -653,7 +653,7 @@
 CVE-2005-2095 version (squirrelmail, fixed 1.4.5)
 CVE-2005-2088 version (httpd, not 2.2)
 CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180)
-CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch ###
+CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch
 CVE-2005-2023 version (gnupg, fixed 1.9.15??) ###
 CVE-2005-1993 version (sudo, fixed 1.6.8p9)
 CVE-2005-1992 version (ruby, fixed 1.8.3 at least)
@@ -682,9 +682,9 @@
 CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
 CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least)
 CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
-CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch ###
+CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch
 CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least)
-CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch ###
+CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch
 CVE-2005-1689 version (krb5, fixed 1.4.2)
 CVE-2005-1686 ignore (gedit) not a vulnerability
 CVE-2005-1636 version (mysql, fixed 4.1.12)
@@ -735,9 +735,9 @@
 CVE-2005-1262 version (gaim, fixed 1.3.0)
 CVE-2005-1261 version (gaim, fixed 1.3.0)
 CVE-2005-1260 version (bzip2, fixed 1.0.3)
-CVE-2005-1229 backport (cpio) ###
-CVE-2005-1228 backport (gzip) ###
-CVE-2005-1194 backport (nasm) ###
+CVE-2005-1229 backport (cpio) cpio-2.6-dirTraversal.patch
+CVE-2005-1228 backport (gzip) changelog
+CVE-2005-1194 backport (nasm) changelog
 CVE-2005-1184 ignore (kernel) expected to not be an issue
 CVE-2005-1175 version (krb5, fixed 1.4.2)
 CVE-2005-1174 version (krb5, fixed 1.4.2)
@@ -751,24 +751,24 @@
 CVE-2005-1155 version (firefox)
 CVE-2005-1154 version (firefox)
 CVE-2005-1153 version (firefox)
-CVE-2005-1111 backport (cpio) ###
-CVE-2005-1065 version (tetex) not upstream version ###
+CVE-2005-1111 backport (cpio) cpio-2.6-chmodRaceC.patch
+CVE-2005-1065 version (tetex) not upstream version
 CVE-2005-1061 version (logwatch, fixed 4.3.2 at least)
 CVE-2005-1046 version (kdelibs, fixed after 3.4.0)
 CVE-2005-1043 version (php, fixed 4.3.11)
 CVE-2005-1042 version (php, fixed 4.3.11)
 CVE-2005-1041 version (kernel, fixed 2.6.12)
 CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue
-CVE-2005-1038 backport (vixie-cron) ###
+CVE-2005-1038 backport (vixie-cron)
 CVE-2005-0990 version (sharutils, fixed 4.6 at least)
 CVE-2005-0989 version (thunderbird)
 CVE-2005-0989 version (firefox, fixed 1.0.3)
-CVE-2005-0988 backport (gzip) ###
+CVE-2005-0988 backport (gzip) changelog
 CVE-2005-0977 version (kernel, fixed 2.6.11)
 CVE-2005-0967 version (gaim, fixed 1.2.1)
 CVE-2005-0966 version (gaim, fixed 1.2.1)
 CVE-2005-0965 version (gaim, fixed 1.2.1)
-CVE-2005-0953 backport (bzip2) bzip2-1.0.2-chmod.patch ###
+CVE-2005-0953 backport (bzip2) bzip2-1.0.2-chmod.patch
 CVE-2005-0941 version (openoffice.org, fixed 1.9 m95)
 CVE-2005-0937 version (kernel, fixed 2.6.11)
 CVE-2005-0916 version (kernel, fixed 2.6.12)
@@ -789,7 +789,7 @@
 CVE-2005-0760 version (ImageMagick, fixed 6.0)
 CVE-2005-0759 version (ImageMagick, fixed 6.0)
 CVE-2005-0758 version (gzip, fixed 1.3.5)
-CVE-2005-0758 backport (bzip2) ###
+CVE-2005-0758 backport (bzip2)
 CVE-2005-0757 version (kernel, not 2.6)
 CVE-2005-0756 version (kernel, fixed 2.6.12)
 CVE-2005-0754 version (kdewebdev, fixed after 3.4.0)
@@ -812,7 +812,7 @@
 CVE-2005-0627 version (qt, fixed 3.3.4)
 CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
 CVE-2005-0605 version (libXpm, fixed 3.5.4 at least)
-CVE-2005-0605 backport (openmotif) ###
+CVE-2005-0605 backport (openmotif)
 CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour
 CVE-2005-0596 version (php, fixed 5.0)
 CVE-2005-0593 version (firefox)
@@ -840,14 +840,14 @@
 CVE-2005-0504 version (kernel, not 2.6) doesn't build in 2.6
 CVE-2005-0490 version (curl, fixed 7.13.1)
 CVE-2005-0489 version (kernel, not 2.6)
-CVE-2005-0488 backport (telnet) ###
-CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch ###
+CVE-2005-0488 backport (telnet)
+CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch
 CVE-2005-0473 version (gaim, fixed 1.1.3)
 CVE-2005-0472 version (gaim, fixed 1.1.3)
 CVE-2005-0469 version (krb5, fixed 1.4.1)
-CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch ###
+CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
 CVE-2005-0468 version (krb5, fixed 1.4.1)
-CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch ###
+CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
 CVE-2005-0449 version (kernel, fixed 2.6.11)
 CVE-2005-0448 version (perl, fixed 5.8.6)
 CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
@@ -1014,7 +1014,7 @@
 CVE-2004-1382 version (glibc, not 2.3.5)
 CVE-2004-1381 version (firefox)
 CVE-2004-1380 version (firefox)
-CVE-2004-1377 backport (a2ps) a2ps-4.13-security.patch ###
+CVE-2004-1377 backport (a2ps) a2ps-4.13-security.patch
 CVE-2004-1337 version (kernel, fixed 2.6.11)
 CVE-2004-1336 version (tetex, fixed 3.0 at least)
 CVE-2004-1335 version (kernel, fixed 2.6.10)
@@ -1024,8 +1024,8 @@
 CVE-2004-1308 version (libtiff, fixed 3.7.1 at least)
 CVE-2004-1307 version (libtiff, was already fixed with 0886)
 CVE-2004-1304 version (file, fixed 4.12)
-CVE-2004-1296 backport (groff) from srpm ###
-CVE-2004-1287 backport (nasm) ###
+CVE-2004-1296 backport (groff) from srpm
+CVE-2004-1287 backport (nasm) changelog
 CVE-2004-1270 version (cups, fixed 1.1.23)
 CVE-2004-1269 version (cups, fixed 1.1.23)
 CVE-2004-1268 version (cups, fixed 1.1.23)
@@ -1038,8 +1038,8 @@
 CVE-2004-1191 version (kernel, fixed 2.6.9)
 CVE-2004-1190 version (kernel, fixed 2.6.10)
 CVE-2004-1189 version (krb5, fixed 1.4)
-CVE-2004-1186 backport (enscript) ###
-CVE-2004-1185 backport (enscript) ###
+CVE-2004-1186 backport (enscript) enscript-1.6.1-CAN-2004-1186.patch
+CVE-2004-1185 backport (enscript) enscript-1.6.1-CAN-2004-1185.patch
 CVE-2004-1184 version (enscript, fixed 1.6.4 at least)
 CVE-2004-1183 version (libtiff, fixed 3.7.2)
 CVE-2004-1180 version (rwho, fixed 0.17)
@@ -1048,7 +1048,7 @@
 CVE-2004-1175 version (mc, fixed 4.6.0)
 CVE-2004-1174 version (mc, fixed 4.6.0)
 CVE-2004-1171 version (kdelibs, not 3.4)
-CVE-2004-1170 backport (a2ps) a2ps-shell.patch ###
+CVE-2004-1170 backport (a2ps) a2ps-shell.patch
 CVE-2004-1165 version (kdelibs, not 3.4)
 CVE-2004-1158 version (kdelibs, not 3.4)
 CVE-2004-1156 version (firefox)
@@ -1100,19 +1100,19 @@
 CVE-2004-1004 version (mc, fixed 4.6.0)
 CVE-2004-1002 ignore (ppp) not a security issue
 CVE-2004-0997 version (kernel, not 2.6)
-CVE-2004-0996 backport (cscope) not fixed in 15.5 ###
+CVE-2004-0996 backport (cscope) not fixed in 15.5
 CVE-2004-0990 version (gd, fixed 2.0.33 at least)
 CVE-2004-0989 version (libxml2, fixed 2.6.15)
 CVE-2004-0986 version (iptables, fixed 1.2.12)
 CVE-2004-0983 version (ruby, fixed 1.8.2)
 CVE-2004-0981 version (ImageMagick, fixed 6.1.0)
 CVE-2004-0977 version (postgresql, fixed after 7.4.6)
-CVE-2004-0976 backport (perl) perl-5.8.7-CAN-2004-0976.patch ###
+CVE-2004-0976 backport (perl) perl-5.8.7-CAN-2004-0976.patch
 CVE-2004-0975 version (openssl, not 0.9.8)
 CVE-2004-0975 backport (openssl097a, fixed 0.9.7f)
 CVE-2004-0974 version (netatalk, fixed 2.0.1)
 CVE-2004-0972 version (lvm2, fixed 2.2.01.8 at least)
-CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch ###
+CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch
 CVE-2004-0970 version (gzip)
 CVE-2004-0969 version (groff, fixed 1.18.1.1)
 CVE-2004-0968 version (glibc, fixed 2.3.5 at least)
@@ -1126,7 +1126,7 @@
 CVE-2004-0956 version (mysql, fixed 4.0.20)
 CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6)
 CVE-2004-0942 version (httpd, not 2.2)
-CVE-2004-0941 backport (gd) ###
+CVE-2004-0941 backport (gd)
 CVE-2004-0940 version (httpd, not 2.2)
 CVE-2004-0938 version (freeradius, fixed 1.0.1)
 CVE-2004-0930 version (samba, fixed 3.0.8)
@@ -1134,7 +1134,7 @@
 CVE-2004-0923 version (cups, fixed 1.2.22)
 CVE-2004-0918 version (squid, fixed 2.4.STABLE7)
 CVE-2004-0914 version (xorg-x11, fixed after 6.8.1)
-CVE-2004-0914 backport (openmotif) ###
+CVE-2004-0914 backport (openmotif)
 CVE-2004-0909 version (thunderbird)
 CVE-2004-0909 version (firefox)
 CVE-2004-0907 version (thunderbird)
@@ -1145,7 +1145,7 @@
 CVE-2004-0889 version (xpdf, fixed 3.0.1)
 CVE-2004-0888 version (xpdf, fixed 3.0.1)
 CVE-2004-0888 version (tetex, fixed 3.0)
-CVE-2004-0888 version (kdegraphics, not 3.4) ###
+CVE-2004-0888 version (kdegraphics, not 3.4)
 CVE-2004-0888 version (cups)
 CVE-2004-0887 version (kernel, fixed 2.6.10)
 CVE-2004-0886 version (libtiff, fixed 3.7.1 at least)
@@ -1196,8 +1196,8 @@
 CVE-2004-0779 version (firefox)
 CVE-2004-0778 version (cvs, fixed 1.11.17)
 CVE-2004-0772 version (krb5, fixed after 1.2.8)
-CVE-2004-0771 backport (lha, changelog) ###
-CVE-2004-0769 backport (lha, changelog) ###
+CVE-2004-0771 backport (lha) changelog
+CVE-2004-0769 backport (lha) changelog
 CVE-2004-0768 version (libpng, fixed 1.2.6)
 CVE-2004-0755 version (ruby, fixed 1.8.1)
 CVE-2004-0754 version (gaim, fixed 0.82)
@@ -1209,10 +1209,10 @@
 CVE-2004-0748 version (httpd, not 2.2)
 CVE-2004-0747 version (httpd, not 2.2)
 CVE-2004-0746 version (kde, fixed 3.3)
-CVE-2004-0745 backport (lha) ###
+CVE-2004-0745 backport (lha) changelog
 CVE-2004-0721 version (kdelibs, fixed 3.3)
 CVE-2004-0700 version (httpd, not 2.2)
-CVE-2004-0694 backport (lha, changelog) ###
+CVE-2004-0694 backport (lha) changelog
 CVE-2004-0693 version (qt, fixed 3.3.3)
 CVE-2004-0692 version (qt, fixed 3.3.3)
 CVE-2004-0691 version (qt, fixed 3.3.3)
@@ -1237,7 +1237,7 @@
 CVE-2004-0626 version (kernel, fixed 2.6.8)
 CVE-2004-0619 version (kernel) no driver
 CVE-2004-0607 version (racoon)
-CVE-2004-0603 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch ###
+CVE-2004-0603 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch
 CVE-2004-0600 version (samba, fixed 3.0.6)
 CVE-2004-0599 version (libpng, fixed 1.2.6)
 CVE-2004-0598 version (libpng, fixed 1.2.6)
@@ -1303,8 +1303,8 @@
 CVE-2004-0365 version (wireshark, fixed 0.10.3)
 CVE-2004-0263 version (php, fixed 4.3.5)
 CVE-2004-0256 version (libtool, fixed 1.5.2)
-CVE-2004-0235 backport (lha, changelog) ###
-CVE-2004-0234 backport (lha, changelog) ###
+CVE-2004-0235 backport (lha) changelog
+CVE-2004-0234 backport (lha) changelog
 CVE-2004-0232 version (mc, fixed 4.6.0)
 CVE-2004-0231 version (mc, fixed 4.6.0)
 CVE-2004-0229 version (kernel, fixed 2.6.6)
@@ -1490,7 +1490,7 @@
 CVE-2003-0430 version (wireshark, fixed after 0.9.12)
 CVE-2003-0429 version (wireshark, fixed after 0.9.12)
 CVE-2003-0428 version (wireshark, fixed after 0.9.12)
-CVE-2003-0427 backport (mikmod) ###
+CVE-2003-0427 backport (mikmod) from changelog
 CVE-2003-0418 version (kernel, not 2.6)
 CVE-2003-0388 version (pam, fixed 0.78)
 CVE-2003-0386 version (openssh, fixed after 3.6.1)
@@ -1591,7 +1591,7 @@
 
 CVE-2002-2215 version (php, fixed 4.3.0)
 CVE-2002-2214 version (php, fixed 4.2.2)
-CVE-2002-2211 ** bind ###
+CVE-2002-2211 ** bind
 CVE-2002-2210 ignore (openoffice) binary install only (not rpm install)
 CVE-2002-2204 ignore (rpm) by design
 CVE-2002-2196 version (samba, fixed 2.2.5)
@@ -1602,7 +1602,7 @@
 CVE-2002-1914 version (dump, fixed 0.4b29)
 CVE-2002-1850 version (mod_cgi, fixed 2.0.41)
 CVE-2002-1827 version (sendmail, fixed after 8.12.3)
-CVE-2002-1814 ignore (bonobo) not shipped setuid ###
+CVE-2002-1814 ignore (libbonobo) not shipped setuid
 CVE-2002-1793 version (mod_ssl), also only hp
 CVE-2002-1783 version (php, fixed after 4.2.3)
 CVE-2002-1765 version (evolution, fixed 1.0.5)
@@ -1619,4 +1619,4 @@
 CVE-2001-0955 version (XFree86, fixed 4.2.0)
 CVE-2001-0474 version (mesa, fixed 3.3-14)
 CVE-2000-0504 version (libICE, fixed XFree86:4.0.1)
-CVE-1999-1572 backport (cpio) ###
+CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch


