fedora-security/audit fc6,1.12,1.13

Mark Cox (mjc) fedora-extras-commits at redhat.com
Tue Aug 15 13:49:06 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17281

Modified Files:
	fc6 
Log Message:
More source code review



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- fc6	15 Aug 2006 10:11:15 -0000	1.12
+++ fc6	15 Aug 2006 13:49:03 -0000	1.13
@@ -60,12 +60,12 @@
 CVE-2006-3628 version (wireshark, fixed 0.99.2)
 CVE-2006-3627 version (wireshark, fixed 0.99.2)
 CVE-2006-3626 version (kernel, fixed 2.6.17.6)
-CVE-2006-3619 VULNERABLE (gcc/fastjar 0.93) ###
+CVE-2006-3619 VULNERABLE (libgcj/fastjar 0.93)
 CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
 CVE-2006-3469 version (mysql)
 CVE-2006-3468 VULNERABLE (kernel, fixed 2.6.17.8) not fixed upstream
 CVE-2006-3467 version (freetype, fixed 2.2)
-CVE-2006-3467 VULNERABLE (libXfont) fc5#202475 ###
+CVE-2006-3467 VULNERABLE (libXfont) fc5#202475
 CVE-2006-3465 backport (libtiff) libtiff-3.8.2-ormandy.patch
 CVE-2006-3464 backport (libtiff) libtiff-3.8.2-ormandy.patch
 CVE-2006-3463 backport (libtiff) libtiff-3.8.2-ormandy.patch
@@ -83,7 +83,7 @@
 CVE-2006-3174 version (squirrelmail, fixed 1.4.7)
 CVE-2006-3145 version (netpbm, fixed 10.34)
 CVE-2006-3127 version (nss, only affected 3.11)
-CVE-2006-3122 ** dhcp
+CVE-2006-3122 version (dhcp, only 2.x)
 CVE-2006-3117 version (openoffice.org, fixed 2.0.3)
 CVE-2006-3113 version (firefox, fixed 1.5.0.5)
 CVE-2006-3113 VULNERABLE (thunderbird, fixed 1.5.0.5)
@@ -136,7 +136,7 @@
 CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch
 CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC
 CVE-2006-2613 ignore (firefox) This isn't an issue on FC
-CVE-2006-2607 backport (vixie-cron) #177476 ###
+CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_42-bz178431.patch
 CVE-2006-2563 ignore (php) safe mode isn't safe
 CVE-2006-2452 version (gdm)
 CVE-2006-2451 version (kernel, fixed 2.6.17.4)
@@ -308,7 +308,7 @@
 CVE-2006-0741 version (kernel, fixed 2.6.15.5)
 CVE-2006-0730 version (dovecot, 1.0beta[12] only)
 CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert ###
-CVE-2006-0670 VULNERABLE (bluez-hcidump) ###
+CVE-2006-0670 version (bluez-hcidump, fixed 1.30)
 CVE-2006-0645 version (gnutls, fixed 1.2.10)
 CVE-2006-0591 version (postgresql, fixed 8.0.6)
 CVE-2006-0576 backport (oprofile) oprofile_opcontrol.patch
@@ -654,7 +654,7 @@
 CVE-2005-2088 version (httpd, not 2.2)
 CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180)
 CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch
-CVE-2005-2023 version (gnupg, fixed 1.9.15??) ###
+CVE-2005-2023 version (gnupg, only 1.9.14)
 CVE-2005-1993 version (sudo, fixed 1.6.8p9)
 CVE-2005-1992 version (ruby, fixed 1.8.3 at least)
 CVE-2005-1937 version (firefox, fixed 1.0.5)
@@ -806,7 +806,6 @@
 CVE-2005-0705 version (wireshark, fixed after 0.10.9)
 CVE-2005-0704 version (wireshark, fixed after 0.10.9)
 CVE-2005-0698 version (wireshark, fixed after 0.10.9)
-CVE-2005-0670 VULNERABLE (hcidump)  ###
 CVE-2005-0664 version (libexif, fixed 0.6.12)
 CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless
 CVE-2005-0627 version (qt, fixed 3.3.4)
@@ -940,11 +939,11 @@
 CVE-2005-0078 version (kde, fixed 3.0.5)
 CVE-2005-0077 version (perl-DBI, fixed 1.48 at least)
 CVE-2005-0075 version (squirrelmail, fixed 1.4.4)
-CVE-2005-0069 backport (vim) vim-6.4-tmpfile.patch ###
+CVE-2005-0069 version (vim, fixed 7.0 at least)
 CVE-2005-0064 version (xpdf, fixed 3.0.1)
 CVE-2005-0064 version (tetex, fixed 3.0)
 CVE-2005-0064 version (kdegraphics, not 3.4)
-CVE-2005-0064 backport (cups) cups-CAN-2005-0064.patch ###
+CVE-2005-0064 version (cups, fixed 1.2.2)
 CVE-2005-0039 ignore (kernel) not a vulnerability: don't do this says the rfc
 CVE-2005-0034 version (bind, fixed after 9.3.0)
 CVE-2005-0033 version (bind, not 9)
@@ -1291,12 +1290,12 @@
 CVE-2004-0411 version (kdelibs, fixed 3.3)
 CVE-2004-0409 version (xchat, fixed after 2.0.8)
 CVE-2004-0405 version (cvs, fixed 1.11)
-CVE-2004-0403 version (racoon, fixed 20040408a) ###
+CVE-2004-0403 version (racoon, fixed ipsec-tools-0.6.5 at least)
 CVE-2004-0398 version (neon, fixed 0.24.6)
 CVE-2004-0397 version (subversion, fixed 1.0.1)
 CVE-2004-0396 version (cvs, fixed 1.12.8)
 CVE-2004-0394 version (kernel, not 2.6) also not a vulnerability
-CVE-2004-0392 version (racoon, fixed 20040407b) ###
+CVE-2004-0392 version (racoon, fixed 20040407b)
 CVE-2004-0388 version (mysql, fixed 4.1.11 at least)
 CVE-2004-0381 version (mysql, fixed 4.1.11 at least)
 CVE-2004-0367 version (wireshark, fixed 0.10.3)
@@ -1326,8 +1325,8 @@
 CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch ###
 CVE-2004-0174 version (httpd, not 2.2)
 CVE-2004-0173 version (httpd, not 2.2)
-CVE-2004-0164 version (racoon) ###
-CVE-2004-0155 version (racoon) ###
+CVE-2004-0164 version (racoon)
+CVE-2004-0155 version (racoon)
 CVE-2004-0154 version (nfs-utils, fixed 1.0.6)
 CVE-2004-0150 version (python, fixed 2.2.2)
 CVE-2004-0138 version (kernel, fixed 2.6.0)

More information about the fedora-extras-commits mailing list