fedora-security/audit fc5,1.279,1.280

Mark Cox (mjc) fedora-extras-commits at redhat.com
Wed Aug 16 11:40:32 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30461

Modified Files:
	fc5 
Log Message:
Backport some data from fc6 investigation to fc5



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.279
retrieving revision 1.280
diff -u -r1.279 -r1.280
--- fc5	16 Aug 2006 10:36:33 -0000	1.279
+++ fc5	16 Aug 2006 11:40:29 -0000	1.280
@@ -165,7 +165,7 @@
 CVE-2006-2440 backport (ImageMagick) #192279 [since FEDORA-2006-588]
 CVE-2006-2414 version (dovecot, fixed 1.0.beta8) [since FEDORA-2006-647] is not a security issue
 CVE-2006-2369 backport (vnc, fixed 4.1.2) #191692 [since FEDORA-2006-558]
-CVE-2006-2366 VULNERABLE (openobex) #192087
+CVE-2006-2366 ignore (openobex) we don't ship ircp
 CVE-2006-2362 ignore (binutils) minor crash (not exploitable)
 CVE-2006-2332 ignore (firefox) disputed
 CVE-2006-2314 version (postgresql, fixed 8.1.4) [since FEODRA-2006-578] [since FEDORA-2006-578]
@@ -182,8 +182,8 @@
 CVE-2006-2194 ignore (ppp) pppd not suid
 CVE-2006-2193 VULNERABLE (libtiff) #194363
 CVE-2006-2120 backport (libtiff) #189976 [since FEDORA-2006-473]
-CVE-2006-2073 VULNERABLE (bind)
 CVE-2006-2083 version (rsync, fixed 2.6.8) #190208 [since FEDORA-2006-599]
+CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP
 CVE-2006-2071 version (kernel, fixed 2.6.16.6) [since FEDORA-2006-421]
 CVE-2006-2057 ignore (firefox) not Linux
 CVE-2006-2026 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-473]
@@ -302,7 +302,7 @@
 CVE-2006-1490 version (php, fixed 5.1.4) [since FEDORA-2006-289]
 CVE-2006-1470 VULNERABLE (openldap) #197278
 CVE-2006-1368 version (kernel, fixed 2.6.16) [since FEDORA-2006-233]
-CVE-2006-1354 VULNERABLE (freeradius) bz#186084
+CVE-2006-1354 VULNERABLE (freeradius, fixed 1.1.2 at least) bz#186084
 CVE-2006-1343 version (kernel, fixed 2.6.16.19) [since FEDORA-2006-698]
 CVE-2006-1342 version (kernel, not 2.6) not vulnerable
 CVE-2006-1335 version (gnome-screensaver, fixed 2.14)
@@ -355,8 +355,8 @@
 CVE-2006-0554 version (kernel, fixed 2.6.16) patch-2.6.16-rc6 [since FEDORA-2006-233]
 CVE-2006-0553 version (postgresql, only 8.1, fixed 8.1.3)
 CVE-2006-0528 backport (cairo) cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch
-CVE-2006-0496 VULNERABLE (mozilla) not fixed upstream
-CVE-2006-0496 VULNERABLE (firefox) not fixed upstream
+CVE-2006-0496 VULNERABLE (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=324253
+CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253
 CVE-2006-0482 ignore (kernel) sparc only
 CVE-2006-0481 version (libpng, 1.2.7 only)
 CVE-2006-0459 version (flex) by inspection
@@ -371,7 +371,7 @@
 CVE-2006-0301 version (poppler, fixed 0.4.5)
 CVE-2006-0301 backport (xpdf) xpdf-3.01pl2.patch
 CVE-2006-0301 version (kdegraphics, fixed 3.5.2) [since FEDORA-2006-352] was backport since GA
-CVE-2006-0300 VULNERABLE (tar) [fixed rawhide in tar-1.15.1-13]
+CVE-2006-0300 VULNERABLE (tar, fixed 1.15.90 at least) [fixed rawhide in tar-1.15.1-13]
 CVE-2006-0299 version (thunderbird, fixed 1.5)
 CVE-2006-0299 version (mozilla, 1.8 branch only)
 CVE-2006-0299 version (firefox, fixed 1.5.0.1)
@@ -396,7 +396,7 @@
 CVE-2006-0292 version (thunderbird, fixed 1.5) [since FEDORA-2006-490]
 CVE-2006-0292 version (firefox, fixed 1.5.1)
 CVE-2006-0292 backport (mozilla) mozilla-1.7.12-CVE-2006-0292-javascript-unrooted.patch
-CVE-2006-0254 backport (tomcat5, fixed 5.5.16) #178179 **check this
+CVE-2006-0254 backport (tomcat5, fixed 5.5.16)
 CVE-2006-0236 ignore (thunderbird) windows only
 CVE-2006-0225 version (openssh, fixed 4.3p2)
 CVE-2006-0208 version (php, fixed 5.1.2)
@@ -900,7 +900,6 @@
 CVE-2005-0705 version (ethereal, fixed after 0.10.9)
 CVE-2005-0704 version (ethereal, fixed after 0.10.9)
 CVE-2005-0698 version (ethereal, fixed after 0.10.9)
-CVE-2005-0670 VULNERABLE (hcidump) bz#187946
 CVE-2005-0664 version (libexif, fixed 0.6.12)
 CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless
 CVE-2005-0627 version (qt, fixed 3.3.4)

More information about the fedora-extras-commits mailing list