fedora-security/audit fc6,1.15,1.16

Mark Cox (mjc) fedora-extras-commits at redhat.com
Tue Aug 15 20:55:13 UTC 2006


Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7211

Modified Files:
	fc6 
Log Message:
Create or clone bz for tracking fixing these outstanding issues in FC6.  There
are a few older issues not fixed upstream or "dodgy" that need bz adding to
explain why they are not issues etc.



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- fc6	15 Aug 2006 15:44:03 -0000	1.15
+++ fc6	15 Aug 2006 20:55:11 -0000	1.16
@@ -1,48 +1,45 @@
 Up to date CVE as of CVE email 20060813
 Up to date FC6 as of Test2
 
-ACTION: Deal with libutempter/utempter
-ACTION: Double check VULNERABLE and file fc6 bugs
-
 ** are items that need attention
 
-CVE-2006-4031 VULNERABLE (mysql, fixed 5.0.24) fc5#202247
-CVE-2006-4020 VULNERABLE (php) fc5#201767
-CVE-2006-4019 VULNERABLE (squirrelmail, fixed 1.4.8) fc5#202196
+CVE-2006-4031 VULNERABLE (mysql, fixed 5.0.24) bz#202675
+CVE-2006-4020 VULNERABLE (php) bz#202676
+CVE-2006-4019 VULNERABLE (squirrelmail, fixed 1.4.8) bz#202677
 CVE-2006-3918 version (httpd, fixed 2.2.2)
 CVE-2006-3879 version (mikmod, not 3.1.6)
 CVE-2006-3835 version (tomcat, fixed 5.5.17)
 CVE-2006-3813 version (perl) only Red Hat Enterprise Linux affected
 CVE-2006-3812 version (firefox, fixed 1.5.0.5)
-CVE-2006-3812 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3812 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3811 version (firefox, fixed 1.5.0.5)
-CVE-2006-3811 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3811 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3810 version (firefox, fixed 1.5.0.5)
-CVE-2006-3810 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3810 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3809 version (firefox, fixed 1.5.0.5)
-CVE-2006-3809 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3809 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3808 version (firefox, fixed 1.5.0.5)
-CVE-2006-3808 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3808 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3807 version (firefox, fixed 1.5.0.5)
-CVE-2006-3807 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3807 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3806 version (firefox, fixed 1.5.0.5)
-CVE-2006-3806 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3806 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3805 version (firefox, fixed 1.5.0.5)
-CVE-2006-3805 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3805 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3804 version (firefox, fixed 1.5.0.5)
-CVE-2006-3804 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3804 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3803 version (firefox, fixed 1.5.0.5)
-CVE-2006-3803 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3803 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3802 version (firefox, fixed 1.5.0.5)
-CVE-2006-3802 VULNERBALE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3802 VULNERBALE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3801 version (firefox, fixed 1.5.0.5)
-CVE-2006-3801 VULNERABLE (thunderbird, fixed 1.5.0.5)
-CVE-2006-3747 VULNERABLE (httpd, fixed 2.2.3)
+CVE-2006-3801 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
+CVE-2006-3747 VULNERABLE (httpd, fixed 2.2.3) bz#202679
 CVE-2006-3746 version (gnupg, fixed 1.4.5)
 CVE-2006-3731 ignore (firefox) just a user complicit crash
 CVE-2006-3694 backport (ruby, fixed 1.8.5)
 CVE-2006-3677 version (firefox, fixed 1.5.0.5)
-CVE-2006-3677 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3677 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3672 ignore (konqueror) just a crash
 CVE-2006-3665 ignore (squirrelmail) don't enable register_globals!
 CVE-2006-3634 ignore (kernel, fixed 2.6.17.8) s390 only
@@ -53,12 +50,12 @@
 CVE-2006-3628 version (wireshark, fixed 0.99.2)
 CVE-2006-3627 version (wireshark, fixed 0.99.2)
 CVE-2006-3626 version (kernel, fixed 2.6.17.6)
-CVE-2006-3619 VULNERABLE (libgcj/fastjar 0.93)
+CVE-2006-3619 VULNERABLE (libgcj/fastjar 0.93) bz#202680
 CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
 CVE-2006-3469 version (mysql)
 CVE-2006-3468 VULNERABLE (kernel, fixed 2.6.17.8) not fixed upstream
 CVE-2006-3467 version (freetype, fixed 2.2)
-CVE-2006-3467 VULNERABLE (libXfont) fc5#202475
+CVE-2006-3467 VULNERABLE (libXfont) bz#202683
 CVE-2006-3465 backport (libtiff) libtiff-3.8.2-ormandy.patch
 CVE-2006-3464 backport (libtiff) libtiff-3.8.2-ormandy.patch
 CVE-2006-3463 backport (libtiff) libtiff-3.8.2-ormandy.patch
@@ -79,10 +76,10 @@
 CVE-2006-3122 version (dhcp, only 2.x)
 CVE-2006-3117 version (openoffice.org, fixed 2.0.3)
 CVE-2006-3113 version (firefox, fixed 1.5.0.5)
-CVE-2006-3113 VULNERABLE (thunderbird, fixed 1.5.0.5)
+CVE-2006-3113 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678
 CVE-2006-3085 version (kernel, fixed 2.6.17.1)
 CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux
-CVE-2006-3083 VULNERABLE (krb5, fixed 1.5.1, 1.4.4)
+CVE-2006-3083 VULNERABLE (krb5, fixed 1.5.1, 1.4.4) bz#202688
 CVE-2006-3082 version (gnupg, fixed 1.4.4)
 CVE-2006-3081 version (mysql, fixed 5.1.18)
 CVE-2006-3057 version (dhcdbd, fixed 1.14)
@@ -156,7 +153,7 @@
 CVE-2006-2199 version (openoffice.org, fixed 2.0.3)
 CVE-2006-2198 version (openoffice.org, fixed 2.0.3)
 CVE-2006-2194 ignore (ppp) pppd not suid
-CVE-2006-2193 VULNERABLE (libtiff) fc5#194363
+CVE-2006-2193 VULNERABLE (libtiff) bz#202690
 CVE-2006-2120 version (libtiff, fixed 3.8.2 at least)
 CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP
 CVE-2006-2083 version (rsync, fixed 2.6.8)
@@ -236,9 +233,9 @@
 CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue
 CVE-2006-1608 ignore (php) safe mode isn't safe
 CVE-2006-1549 ignore (php) this is not a security issue
-CVE-2006-1548 VULNERABLE (struts, fixed 1.2.9)
-CVE-2006-1547 VULNERABLE (struts, fixed 1.2.9)
-CVE-2006-1546 VULNERABLE (struts, fixed 1.2.9)
+CVE-2006-1548 VULNERABLE (struts, fixed 1.2.9) bz#202692
+CVE-2006-1547 VULNERABLE (struts, fixed 1.2.9) bz#202692
+CVE-2006-1546 VULNERABLE (struts, fixed 1.2.9) bz#202692
 CVE-2006-1542 backport (python) python-2.4.1-canonicalize.patch
 CVE-2006-1531 version (thunderbird, fixed 1.5.0.2)
 CVE-2006-1531 version (firefox, fixed 1.5.0.2)
@@ -258,7 +255,7 @@
 CVE-2006-1516 version (mysql, fixed 5.0.21)
 CVE-2006-1494 version (php)
 CVE-2006-1490 version (php, fixed 5.1.4)
-CVE-2006-1470 VULNERABLE (openldap) fc5#197278
+CVE-2006-1470 VULNERABLE (openldap) bz#202691
 CVE-2006-1368 version (kernel, fixed 2.6.16)
 CVE-2006-1354 version (freeradius, fixed 1.1.2 at least)
 CVE-2006-1343 version (kernel, fixed 2.6.16.19)
@@ -270,7 +267,7 @@
 CVE-2006-1242 version (kernel, fixed 2.6.16.1)
 CVE-2006-1174 version (shadow-utils, fixed 4.0.3)
 CVE-2006-1173 version (sendmail, fixed 8.13.7)
-CVE-2006-1168 VULNERABLE (ncompress) fc5#201919
+CVE-2006-1168 VULNERABLE (ncompress) bz#202693
 CVE-2006-1095 version (mod_python, 3.2.7 only)
 CVE-2006-1079 ignore (httpd) not a vulnerability
 CVE-2006-1078 ignore (httpd) not a vulnerability
@@ -1297,6 +1294,7 @@
 CVE-2004-0256 version (libtool, fixed 1.5.2)
 CVE-2004-0235 backport (lha) changelog
 CVE-2004-0234 backport (lha) changelog
+CVE-2004-0233 version (libutempter, fixed 0.5.5)
 CVE-2004-0232 version (mc, fixed 4.6.0)
 CVE-2004-0231 version (mc, fixed 4.6.0)
 CVE-2004-0229 version (kernel, fixed 2.6.6)




More information about the fedora-extras-commits mailing list