fedora-security/audit fc4,1.121,1.122 fc5,1.31,1.32
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Mon Jan 9 13:54:14 UTC 2006
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28406
Modified Files:
fc4 fc5
Log Message:
Deal with pdf issues which got messed out of order in the files - so sort
the files as well
Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.121
retrieving revision 1.122
diff -u -r1.121 -r1.122
--- fc4 9 Jan 2006 12:51:04 -0000 1.121
+++ fc4 9 Jan 2006 13:54:05 -0000 1.122
@@ -5,27 +5,7 @@
CVE-2006-0095 VULNERABLE (kernel)
CVE-2006-0082 version (ImageMagick, not 6.2.2.0)
-CVE-2005-3628 backport (cups) [since FEDORA-2005-1142]
-CVE-2005-3628 backport (xpdf) [since FEDORA-2005-1169]
-CVE-2005-3628 backport (kdegraphics) [since FEDORA-2005-1160]
-CVE-2005-3628 backport (tetex) [since FEDORA-2005-1126]
-CVE-2005-3628 backport (poppler) [since FEDORA-2005-1171]
-CVE-2005-3627 VULNERABLE (cups)
-CVE-2005-3627 VULNERABLE (poppler)
-CVE-2005-3627 backport (xpdf) [since FEDORA-2006-010]
-CVE-2005-3627 backport (kdegraphics) [since FEDORA-2005-1160]
-CVE-2005-3626 VULNERABLE (cups)
-CVE-2005-3626 VULNERABLE (poppler)
-CVE-2005-3626 backport (xpdf) [since FEDORA-2006-010]
-CVE-2005-3626 backport (kdegraphics) [since FEDORA-2005-1160]
-CVE-2005-3625 VULNERABLE (cups)
-CVE-2005-3625 VULNERABLE (poppler)
-CVE-2005-3625 backport (xpdf) [since FEDORA-2006-010]
-CVE-2005-3625 backport (kdegraphics) [since FEDORA-2005-1160]
-CVE-2005-3624 VULNERABLE (cups)
-CVE-2005-3624 VULNERABLE (poppler)
-CVE-2005-3624 backport (xpdf) [since FEDORA-2006-010]
-CVE-2005-3624 backport (kdegraphics) [since FEDORA-2005-1160]
+CVE-2005-4635 backport (kernel, fixed 2.6.15) [since FEDORA-2006-013]
CVE-2005-4618 VULNERABLE (kernel)
CVE-2005-4605 backport (kernel) [since FEDORA-2006-013]
CVE-2005-4585 version (ethereal, fixed 0.10.14) [since FEDORA-2006-006]
@@ -67,9 +47,28 @@
CVE-2005-3651 version (ethereal, fixed 0.10.14) [since FEDORA-2006-006]
CVE-2005-3632 version (netpbm)
CVE-2005-3631 version (udev)
-CVE-2005-3627 backport (cups) [since FEDORA-2005-000**]
-CVE-2005-3626 backport (cups) [since FEDORA-2005-000**]
-CVE-2005-3625 backport (cups) [since FEDORA-2005-000**]
+CVE-2005-3628 backport (xpdf) [since FEDORA-2005-1169]
+CVE-2005-3628 backport (tetex) [since FEDORA-2005-1126]
+CVE-2005-3628 backport (poppler) [since FEDORA-2005-1171]
+CVE-2005-3628 backport (kdegraphics) [since FEDORA-2005-1160]
+CVE-2005-3628 backport (cups) [since FEDORA-2005-1142]
+CVE-2005-3627 VULNERABLE (xpdf)
+CVE-2005-3627 backport (kdegraphics) [since FEDORA-2005-1160]
+CVE-2005-3627 backport (cups) [since FEDORA-2006-010]
+CVE-2005-3627 VULNERABLE (poppler) bz#176873
+CVE-2005-3626 VULNERABLE (xpdf)
+CVE-2005-3626 backport (kdegraphics) [since FEDORA-2005-1160]
+CVE-2005-3626 backport (cups) [since FEDORA-2006-010]
+CVE-2005-3626 VULNERABLE (poppler) bz#176873
+CVE-2005-3625 VULNERABLE (xpdf)
+CVE-2005-3625 backport (kdegraphics) [since FEDORA-2005-1160]
+CVE-2005-3625 backport (cups) [since FEDORA-2006-010]
+CVE-2005-3625 VULNERABLE (poppler) bz#176873
+CVE-2005-3624 VULNERABLE (xpdf)
+CVE-2005-3624 backport (kdegraphics) [since FEDORA-2005-1160]
+CVE-2005-3624 VULNERABLE (poppler) bz#176873
+CVE-2005-3624 backport (cups) [since FEDORA-2006-010]
+CVE-2005-3623 backport (kernel, fixed 2.6.14.5) [since FEDORA-2006-013]
CVE-2005-3582 version (ImageMagick) gentoo only
CVE-2005-3573 VULNERABLE (mailman)
CVE-2005-3527 version (kernel, fixed 2.6.14 at least) [since FEDORA-2005-1067]
@@ -105,25 +104,25 @@
CVE-2005-3243 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
CVE-2005-3242 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
CVE-2005-3241 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
-CVE-2005-3193 backport (cups) [since FEDORA-2005-1142]
CVE-2005-3193 backport (xpdf) [since FEDORA-2005-1169]
-CVE-2005-3193 backport (kdegraphics) [since FEDORA-2005-1160]
CVE-2005-3193 backport (tetex) [since FEDORA-2005-1126]
CVE-2005-3193 backport (poppler) [since FEDORA-2005-1171]
-CVE-2005-3192 backport (cups) [since FEDORA-2005-1142]
+CVE-2005-3193 backport (kdegraphics) [since FEDORA-2005-1160]
+CVE-2005-3193 backport (cups) [since FEDORA-2005-1142]
CVE-2005-3192 backport (xpdf) [since FEDORA-2005-1169]
-CVE-2005-3192 backport (kdegraphics) [since FEDORA-2005-1160]
CVE-2005-3192 backport (tetex) [since FEDORA-2005-1126]
CVE-2005-3192 backport (poppler) [since FEDORA-2005-1171]
-CVE-2005-3191 backport (cups) [since FEDORA-2005-1142]
+CVE-2005-3192 backport (kdegraphics) [since FEDORA-2005-1160]
+CVE-2005-3192 backport (cups) [since FEDORA-2005-1142]
CVE-2005-3191 backport (xpdf) [since FEDORA-2005-1169]
-CVE-2005-3191 backport (kdegraphics) [since FEDORA-2005-1160]
CVE-2005-3191 backport (tetex) [since FEDORA-2005-1126]
CVE-2005-3191 backport (poppler) [since FEDORA-2005-1171]
-CVE-2005-3186 backport (gdk-pixbuf) [since FEDORA-2005-1085]
+CVE-2005-3191 backport (kdegraphics) [since FEDORA-2005-1160]
+CVE-2005-3191 backport (cups) [since FEDORA-2005-1142]
CVE-2005-3186 backport (gtk2) [since FEDORA-2005-1088]
-CVE-2005-3185 backport (curl) [since FEDORA-2005-1129] was blocked (curl) by FORTIFY_SOURCE
+CVE-2005-3186 backport (gdk-pixbuf) [since FEDORA-2005-1085]
CVE-2005-3185 blocked (wget) by FORTIFY_SOURCE
+CVE-2005-3185 backport (curl) [since FEDORA-2005-1129] was blocked (curl) by FORTIFY_SOURCE
CVE-2005-3184 version (ethereal, fixed 0.10.13) [since FEDORA-2005-1011]
CVE-2005-3183 backport (w3c-libwww) [since FEDORA-2005-952]
CVE-2005-3181 version (kernel, fixed 2.6.13.4 at least) [since FEDORA-2005-1067] was backport since FEDORA-2005-1013
@@ -149,29 +148,29 @@
CVE-2005-2978 version (netpbm, fixed 10.25)
CVE-2005-2977 backport (pam) [since FEDORA-2005-1031]
CVE-2005-2976 backport (gdk-pixbuf) [since FEDORA-2005-1085]
-CVE-2005-2975 backport (gdk-pixbuf) [since FEDORA-2005-1085]
CVE-2005-2975 backport (gtk2) [since FEDORA-2005-1088]
+CVE-2005-2975 backport (gdk-pixbuf) [since FEDORA-2005-1085]
CVE-2005-2974 version (libungif, fixed 4.1.3) [since FEDORA-2005-1046]
CVE-2005-2973 version (kernel, 2.6.14 at least) [since FEODRA-2005-1067]
CVE-2005-2970 VULNERABLE (httpd) bz#171759
-CVE-2005-2969 backport (openssl, fixed 0.9.7h) [since FEDORA-2005-986]
CVE-2005-2969 backport (openssl097a, fixed 0.9.7h) [since FEDORA-2005-986]
+CVE-2005-2969 backport (openssl, fixed 0.9.7h) [since FEDORA-2005-986]
+CVE-2005-2968 version (thunderbird) [since FEDORA-2005-963]
CVE-2005-2968 version (mozilla, not 1.7.10) +we include a different mozilla sh
CVE-2005-2968 version (firefox) [since FEDORA-2005-926]
-CVE-2005-2968 version (thunderbird) [since FEDORA-2005-963]
CVE-2005-2959 ignore (sudo) not a vulnerability
CVE-2005-2946 VULNERABLE (openssl, fixed 0.9.8) (as it uses md5 md)
-CVE-2005-2933 VULNERABLE (uw-imap) bz#171345
CVE-2005-2933 backport (libc-client) [since FEDORA-2005-1115]
+CVE-2005-2933 VULNERABLE (uw-imap) bz#171345
CVE-2005-2929 backport (lynx) [since FEDORA-2005-1079]
CVE-2005-2917 version (squid, fixed 2.5.STABLE11) [since FEDORA-2005-913]
CVE-2005-2876 backport (util-linux) [since FEDORA-2005-887]
CVE-2005-2874 version (cups, fixed 1.1.23)
CVE-2005-2873 VULNERABLE (kernel) not upstream fixed
CVE-2005-2872 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
-CVE-2005-2871 version (firefox, fixed 1.0.7) [since FEDORA-2005-926] was backport [since FEDORA-2005-871]
-CVE-2005-2871 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927] was backport [since FEDORA-2005-873]
CVE-2005-2871 version (thunderbird) (moderate only) [since FEDORA-2005-963]
+CVE-2005-2871 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927] was backport [since FEDORA-2005-873]
+CVE-2005-2871 version (firefox, fixed 1.0.7) [since FEDORA-2005-926] was backport [since FEDORA-2005-871]
CVE-2005-2811 version (net-snmp, not upstream) gentoo only
CVE-2005-2801 version (kernel, fixed 2.6.11)
CVE-2005-2800 version (kernel, fixed 2.6.12.6) [since FEDORA-2005-949] was backport since FEDORA-2005-906
@@ -184,25 +183,25 @@
CVE-2005-2709 backport (kernel, fixed 2.6.14.3) [since FEDORA-2005-1104]
CVE-2005-2708 ignore (kernel) not reproducable on x86_64
CVE-2005-2707 version (thunderbird) [since FEDORA-2005-963]
-CVE-2005-2707 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2707 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
+CVE-2005-2707 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2706 version (thunderbird) [since FEDORA-2005-963]
-CVE-2005-2706 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2706 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
+CVE-2005-2706 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2705 version (thunderbird) [since FEDORA-2005-963]
-CVE-2005-2705 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2705 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
+CVE-2005-2705 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2704 version (thunderbird) [since FEDORA-2005-963]
-CVE-2005-2704 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2704 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
+CVE-2005-2704 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2703 version (thunderbird) [since FEDORA-2005-963]
-CVE-2005-2703 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2703 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
+CVE-2005-2703 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2702 version (thunderbird) [since FEDORA-2005-963]
-CVE-2005-2702 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2702 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
-CVE-2005-2701 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
+CVE-2005-2702 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2701 version (mozilla, fixed 1.7.12) [since FEDORA-2005-927]
+CVE-2005-2701 version (firefox, fixed 1.0.7) [since FEDORA-2005-926]
CVE-2005-2700 backport (httpd, fixed 2.0.55-dev) [since FEDORA-2005-849]
CVE-2005-2693 backport (cvs) [since FEDORA-2005-790]
CVE-2005-2672 backport (lm_sensors) [since FEDORA-2005-1053]
@@ -211,10 +210,10 @@
CVE-2005-2641 VULNERABLE (pam_ldap) bz#166164
CVE-2005-2629 version (helixplayer, fixed 1.0.6) [since FEDORA-2005-940]
CVE-2005-2617 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
-CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
CVE-2005-2602 ignore (thunderbird) probably
-CVE-2005-2558 ignore (mysql) not an issue
+CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
CVE-2005-2558 version (mysql, fixed 4.1.13) [since FEDORA-2005-974]
+CVE-2005-2558 ignore (mysql) not an issue
CVE-2005-2555 version (kernel, fixed 2.6.12.6pre) [since FEDORA-2005-949] was backport since FEDORA-2005-820
CVE-2005-2553 version (kernel, not 2.6)
CVE-2005-2550 backport (evolution) [since FEDORA-2005-743]
@@ -228,11 +227,11 @@
CVE-2005-2496 backport (ntp, fixed 4.2.0b) ...0a-20040617-ntpd_guid.patch
CVE-2005-2495 backport (xorg-x11) [since FEDORA-2005-894]
CVE-2005-2494 version (kdebase, fixed after 3.4.2) [since FEDORA-2005-1152]
+CVE-2005-2492 version (kernel, fixed 2.6.13.1) [since FEDORA-2005-949] was backport since FEDORA-2005-906
CVE-2005-2491 ignore (python, fc4 python does not contain pcre)
-CVE-2005-2491 backport (pcre, fixed 6.2) [since FEDORA-2005-803]
-CVE-2005-2491 ignore (httpd, pcre uses system pcre)
CVE-2005-2491 ignore (php, pcre uses system pcre)
-CVE-2005-2492 version (kernel, fixed 2.6.13.1) [since FEDORA-2005-949] was backport since FEDORA-2005-906
+CVE-2005-2491 ignore (httpd, pcre uses system pcre)
+CVE-2005-2491 backport (pcre, fixed 6.2) [since FEDORA-2005-803]
CVE-2005-2490 version (kernel, fixed 2.6.13.1) [since FEDORA-2005-949] was backport since FEDORA-2005-906
CVE-2005-2475 VULNERABLE (unzip) bz#164928
CVE-2005-2471 version (netpbm, 10.31 at least) [since FEDORA-2005-000**] was backport since FEDORA-2005-728
@@ -260,34 +259,34 @@
CVE-2005-2353 ignore (thunderbird) debug mode only
CVE-2005-2337 version (ruby, fixed 1.8.3) [since FEDORA-2005-936]
CVE-2005-2335 version (fetchmail, fixed 6.2.5.2) [since FEDORA-2005-1108] was backport since FEDORA-2005-613
-CVE-2005-2270 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-CVE-2005-2270 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
CVE-2005-2270 version (thunderbird, fixed 1.0.5) [since FEDORA-2005-606]
-CVE-2005-2269 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-CVE-2005-2269 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
+CVE-2005-2270 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
+CVE-2005-2270 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2269 version (thunderbird, fixed 1.0.5) [since FEDORA-2005-606]
-CVE-2005-2268 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
+CVE-2005-2269 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
+CVE-2005-2269 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2268 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
+CVE-2005-2268 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2267 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
CVE-2005-2267 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-CVE-2005-2266 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-CVE-2005-2266 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
CVE-2005-2266 version (thunderbird, fixed 1.0.5) [since FEDORA-2005-606]
-CVE-2005-2265 version (firefox, fixed 1.0.5) [since FEDORA-2005]
-CVE-2005-2265 version (mozilla, fixed 1.7.9) [si [since FEDORA-2005-619]
+CVE-2005-2266 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
+CVE-2005-2266 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2265 version (thunderbird, fixed 1.0.5) [since FEDORA-2005-606]
+CVE-2005-2265 version (mozilla, fixed 1.7.9) [si [since FEDORA-2005-619]
+CVE-2005-2265 version (firefox, fixed 1.0.5) [since FEDORA-2005]
CVE-2005-2264 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
-CVE-2005-2263 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2263 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
+CVE-2005-2263 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2262 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2261 version (thunderbird, fixed 1.0.5) [since FEDORA-2005-606]
-CVE-2005-2261 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2261 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
-CVE-2005-2260 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
+CVE-2005-2261 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2260 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
+CVE-2005-2260 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) [since FEDORA-2005-561]
-CVE-2005-2114 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2114 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
+CVE-2005-2114 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-2104 version (sysreport, fixed 1.4.1-5) [since FEDORA-2005-1071]
CVE-2005-2103 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
CVE-2005-2102 version (gaim, fixed 1.5.0) [since FEDORA-2005-751]
@@ -295,8 +294,8 @@
CVE-2005-2100 version (kernel, not upstream) only RHEL4
CVE-2005-2099 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
CVE-2005-2098 version (kernel, fixed 2.6.12.5) [since FEDORA-2005-820]
-CVE-2005-2097 backport (cups) [since FEDORA-2005-732]
CVE-2005-2097 version (xpdf, fixed 3.0.1) [since FEDORA-2005-755] was backport since FEDORA-2005-729
+CVE-2005-2097 backport (cups) [since FEDORA-2005-732]
CVE-2005-2096 backport (zlib) [since FEDORA-2005-523]
CVE-2005-2096 backport (rpm) [since FEDORA-2005-565]
CVE-2005-2095 version (squirrelmail, fixed 1.4.5) since [FEDORA-2005-780]
@@ -306,8 +305,8 @@
CVE-2005-2023 version (gnupg, fixed 1.9.15)
CVE-2005-1993 backport (sudo, fixed 1.6.8p9) [since FEDORA-2005-472]
CVE-2005-1992 version (ruby, fixed 1.8.3 at least) [since FEDORA-2005-936] was backport since FEDORA-2005-475
-CVE-2005-1937 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-1937 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
+CVE-2005-1937 version (firefox, fixed 1.0.5) [since FEDORA-2005-605]
CVE-2005-1934 version (gaim, fixed 1.3.1) [since FEDORA-2005-411]
CVE-2005-1921 version (php, fixed xml_rpm 1.3.1) [since FEDORA-2005-518]
CVE-2005-1920 version (kdelibs, fixed 3.4.1) [since FEDORA-2005-437]
@@ -325,11 +324,11 @@
CVE-2005-1762 version (kernel, fixed 2.6.12) [since FEDORA-2005-510]
CVE-2005-1761 version (kernel, fixed 2.6.12.2) [since FEDORA-2005-510]
CVE-2005-1760 VULNERABLE (sysreport)
-CVE-2005-1759 ignore (openldap, fixed shtool 2.0.2) flawed code path not used
CVE-2005-1759 ignore (php) dead code path
-CVE-2005-1751 VULNERABLE (nmap, fixed shtool 2.0.2) #158996
+CVE-2005-1759 ignore (openldap, fixed shtool 2.0.2) flawed code path not used
CVE-2005-1751 ignore (openldap, fixed shtool 2.0.2) flawed code path not used
CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
+CVE-2005-1751 VULNERABLE (nmap, fixed shtool 2.0.2) #158996
CVE-2005-1740 backport (net-snmp, not fixed)
CVE-2005-1739 backport (ImageMagick, fixed 6.2.2.3) [since re0526.1]
CVE-2005-1705 backport (gdb) [since FEDORA-2005-1033]
@@ -341,11 +340,11 @@
CVE-2005-1589 version (kernel, fixed 2.6.11.10) [since FEDORA-2005-510] was backport...2-rc4-git5 since re0522.0
CVE-2005-1571 version (php, fixed shtool 2.0.2) [since FEDORA-2005-518]
CVE-2005-1544 version (libtiff, fixed 3.7.1 at least)
-CVE-2005-1532 version (firefox, fixed 1.0.4) [since re0522.0]
CVE-2005-1532 version (thunderbird) [since FEDORA-2005-606]
CVE-2005-1532 version (mozilla, fixed 1.7.8) [since re0522.0]
-CVE-2005-1531 version (firefox, fixed 1.0.4) [since re0522.0]
+CVE-2005-1532 version (firefox, fixed 1.0.4) [since re0522.0]
CVE-2005-1531 version (mozilla, fixed 1.7.8) [since re0522.0]
+CVE-2005-1531 version (firefox, fixed 1.0.4) [since re0522.0]
CVE-2005-1519 version (squid, fixed 2.5.STABLE10) [since FEDORA-2005-913] was backport since GA (re0522.0)
CVE-2005-1470 version (ethereal, fixed 0.10.11)
CVE-2005-1469 version (ethereal, fixed 0.10.11)
@@ -393,10 +392,10 @@
CVE-2005-1184 ignore (kernel) expected to not be an issue
CVE-2005-1175 backport (krb5) [since FEDORA-2005-553]
CVE-2005-1174 backport (krb5) [since FEDORA-2005-553]
-CVE-2005-1160 version (firefox, mozilla)
CVE-2005-1160 version (thunderbird) [since FEDORA-2005-606]
-CVE-2005-1159 version (firefox, mozilla)
+CVE-2005-1160 version (firefox, mozilla)
CVE-2005-1159 version (thunderbird) [since FEDORA-2005-606]
+CVE-2005-1159 version (firefox, mozilla)
CVE-2005-1158 version (firefox, fixed 1.0.3)
CVE-2005-1157 version (firefox, mozilla)
CVE-2005-1156 version (firefox, mozilla)
@@ -413,9 +412,9 @@
CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue
CVE-2005-1038 backport (cron) from srpm
CVE-2005-0990 backport (sharutils) from srpm
+CVE-2005-0989 version (thunderbird) [since FEDORA-2005-606]
CVE-2005-0989 version (mozilla, fixed 1.7.7)
CVE-2005-0989 version (firefox, fixed 1.0.3)
-CVE-2005-0989 version (thunderbird) [since FEDORA-2005-606]
CVE-2005-0988 backport (gzip) from srpm
CVE-2005-0977 version (kernel, fixed 2.6.11)
CVE-2005-0967 version (gaim, fixed 1.2.1)
@@ -470,6 +469,7 @@
CVE-2005-0593 version (firefox, mozilla)
CVE-2005-0592 version (firefox, mozilla)
CVE-2005-0591 version (firefox, fixed 1.0.1)
+CVE-2005-0590 version (openswan, fixed 2.1.4)
CVE-2005-0590 version (firefox, mozilla, thunderbird)
CVE-2005-0589 version (firefox, fixed 1.0.1)
CVE-2005-0588 version (firefox, mozilla)
@@ -478,6 +478,7 @@
CVE-2005-0585 version (firefox, mozilla)
CVE-2005-0584 version (firefox, mozilla)
CVE-2005-0578 version (firefox, mozilla)
+CVE-2005-0565 version (kernel, not 2.6)
CVE-2005-0532 version (kernel, fixed 2.6.11)
CVE-2005-0531 version (kernel, fixed 2.6.11)
CVE-2005-0530 version (kernel, fixed 2.6.11)
@@ -502,8 +503,8 @@
CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020
CVE-2005-0403 version (kernel, not upstream)
CVE-2005-0402 version (firefox, fixed 1.0.2)
-CVE-2005-0401 version (firefox, fixed 1.0.2)
CVE-2005-0401 version (mozilla, fixed 1.7.7)
+CVE-2005-0401 version (firefox, fixed 1.0.2)
CVE-2005-0400 version (kernel, fixed in bk since 20050325, therefore 2.6.11.6) [since FEDORA-2005-510] was backport
CVE-2005-0399 version (mozilla, Firefox, thunderbird)
CVE-2005-0398 version (ipsec-tools, fixed 0.5)
@@ -513,8 +514,8 @@
CVE-2005-0372 version (gftp, fixed in 2.0.18 at least by inspection)
CVE-2005-0365 version (kdelibs, not 3.4)
CVE-2005-0337 version (postfix, not 2.2)
-CVE-2005-0255 version (mozilla, fixed 1.7.6)
CVE-2005-0255 version (thunderbird, fixed 1.0.2)
+CVE-2005-0255 version (mozilla, fixed 1.7.6)
CVE-2005-0255 version (firefox, fixed 1.0.1)
CVE-2005-0247 version (postgresql, fixed after 8.0)
CVE-2005-0246 version (postgresql, fixed 8.0.1)
@@ -529,8 +530,8 @@
CVE-2005-0232 version (firefox, fixed 1.0.1)
CVE-2005-0231 version (mozilla, fixed 1.7.6)
CVE-2005-0231 version (firefox, fixed 1.0.1)
-CVE-2005-0230 version (mozilla, fixed 1.7.6)
CVE-2005-0230 version (thunderbird, fixed 1.0.2)
+CVE-2005-0230 version (mozilla, fixed 1.7.6)
CVE-2005-0230 version (firefox, fixed 1.0.1)
CVE-2005-0227 version (postgresql, fixed 8.0.1)
CVE-2005-0215 version (mozilla)
@@ -593,10 +594,10 @@
CVE-2005-0077 version (perl-DBI, fixed in 1.48 at least)
CVE-2005-0075 version (squirrelmail, fixed 1.4.4)
CVE-2005-0069 backport (vim) in vim-6.3-tmpfile.patch
+CVE-2005-0064 version (xpdf, fixed 3.0.1) [since FEDORA-2005-775] was backport since GA
CVE-2005-0064 version (tetex, fixed 3.0)
CVE-2005-0064 version (kpdf, not 3.4)
CVE-2005-0064 backport (cups) patch in SRPM
-CVE-2005-0064 version (xpdf, fixed 3.0.1) [since FEDORA-2005-775] was backport since GA
CVE-2005-0039 ignore (not a vulnerability) don't do this says the rfc
CVE-2005-0034 version (bind, fixed after 9.3.0)
CVE-2005-0033 version (bind, not 9)
@@ -713,9 +714,9 @@
CVE-2004-1139 version (ethereal, fixed 0.10.8)
CVE-2004-1138 version (vim, fixed 6.3)
CVE-2004-1137 version (kernel, fixed 2.6.10)
-CVE-2004-1125 version (kdegraphics, not 3.4)
-CVE-2004-1125 version (tetex, at least 3.0)
CVE-2004-1125 version (xpdf, fixed 3.0.1) [since FEDORA-2005-775] was backport since ga
+CVE-2004-1125 version (tetex, at least 3.0)
+CVE-2004-1125 version (kdegraphics, not 3.4)
CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14)
CVE-2004-1093 version (mc, fixed 4.6.0)
CVE-2004-1092 version (mc, fixed 4.6.0)
@@ -759,8 +760,8 @@
CVE-2004-0981 version (ImageMagick, fixed 6.1.0)
CVE-2004-0977 version (postgresql, fixed after 7.4.6)
CVE-2004-0976 backport (perl) [since FEDORA-2005-1077]
-CVE-2004-0975 backport (openssl097a, fixed 0.9.7f) from srpm
CVE-2004-0975 version (openssl, fixed 0.9.7f)
+CVE-2004-0975 backport (openssl097a, fixed 0.9.7f) from srpm
CVE-2004-0974 version (netatalk, fixed 2.0.1 says netatalk ChangeLog)
CVE-2004-0972 version (lvm2, fixed 2.2.01.8 at least)
CVE-2004-0971 backport (krb5, see bug 136307) fixed by patch in SRPM
@@ -775,7 +776,6 @@
CVE-2004-0958 version (php, fixed 4.3.9)
CVE-2004-0957 version (mysql, fixed 4.0.21)
CVE-2004-0956 version (mysql, fixed 4.0.20)
-CVE-2004-0883 version (kernel, fixed 2.6.11)
CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6)
CVE-2004-0942 version (httpd, fixed 2.0.53)
CVE-2004-0941 VULNERABLE (gd) seems wasn't fixed upstream bz#175414
@@ -796,16 +796,17 @@
CVE-2004-0902 version (mozilla #133023, fixed 1.7.3)
CVE-2004-0891 version (gaim, fixed 1.0.2)
CVE-2004-0889 version (xpdf, fixed 3.0.1) [since FEDORA-2005-775] was backport since ga
-CVE-2004-0888 version (kpdegraphics, not 3.4)
+CVE-2004-0888 version (xpdf, fixed 3.0.1) [since FEDORA-2005-775] was backport since ga
CVE-2004-0888 version (tetex, fixed 3.0)
+CVE-2004-0888 version (kpdegraphics, not 3.4)
CVE-2004-0888 backport (cups) patch in SRPM
-CVE-2004-0888 version (xpdf, fixed 3.0.1) [since FEDORA-2005-775] was backport since ga
CVE-2004-0887 version (kernel, fixed 2.6.10)
-CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109)
CVE-2004-0886 version (libtiff, fixed 3.7.1 at least)
+CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109)
CVE-2004-0885 version (httpd, fixed after 2.0.52)
CVE-2004-0884 version (cyrus-sasl, fixed 2.1.20)
CVE-2004-0883 version (kernel, fixed 2.6.11)
+CVE-2004-0883 version (kernel, fixed 2.6.11)
CVE-2004-0882 version (samba, fixed 3.0.8)
CVE-2004-0871 ignore (mozilla, unfixed upstream with no patch)
CVE-2004-0870 ignore (kde) upstream won't fix
@@ -828,27 +829,27 @@
CVE-2004-0808 version (samba, fixed 3.0.7)
CVE-2004-0807 version (samba, fixed 3.0.7)
CVE-2004-0806 version (cdrtools, fixed 2.0.1)
-CVE-2004-0804 version (kdegraphics)
CVE-2004-0804 version (libtiff, fixed after 3.6.1)
-CVE-2004-0803 version (kdegraphics)
+CVE-2004-0804 version (kdegraphics)
CVE-2004-0803 version (libtiff, fixed after 3.6.1)
+CVE-2004-0803 version (kdegraphics)
CVE-2004-0802 version (imlib, fixed 1.1.2)
CVE-2004-0801 version (foomatic, fixed 3.0.2)
CVE-2004-0797 version (zlib, fixed in 1.2.2.2 at least)
+CVE-2004-0797 version (zlib)
CVE-2004-0796 version (spamassassin, fixed 2.64)
CVE-2004-0792 version (rsync, fixed 2.6.3)
CVE-2004-0791 version (kernel, fixed 2.6.9)
CVE-2004-0790 version (doesn't affect linux 2.4, 2.6)
-CVE-2004-0797 version (zlib)
-CVE-2004-0788 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0788 version (gtk2, fixed 2.6.7 at least by inspection)
+CVE-2004-0788 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0786 version (apr-util, fixed 2.0.51)
CVE-2004-0785 version (gaim, fixed 0.82)
CVE-2004-0784 version (gaim, fixed 0.82)
-CVE-2004-0783 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0783 version (gtk2, fixed 2.6.7 at least by inspection)
-CVE-2004-0782 version (gdk-pixbuf, fixed 0.22)
+CVE-2004-0783 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0782 version (gtk2, fixed 2.6.7 at least by inspection)
+CVE-2004-0782 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0779 version (mozilla, firefox, thunderbird)
CVE-2004-0778 version (cvs, fixed 1.11.17)
CVE-2004-0772 version (krb5, fixed after 1.2.8)
@@ -866,8 +867,8 @@
CVE-2004-0757 version (mozilla #229374, fixed 1.7)
CVE-2004-0755 version (ruby, fixed 1.8.1)
CVE-2004-0754 version (gaim, fixed 0.82)
-CVE-2004-0753 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0753 version (gtk2, fixed after 2.2.4)
+CVE-2004-0753 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0752 version (openoffice.org, fixed after 1.1.2)
CVE-2004-0751 version (httpd, fixed 2.0.51)
CVE-2004-0750 version (system-config-nfs, fixed 1.0.13)
@@ -916,11 +917,9 @@
CVE-2004-0597 version (libpng, fixed 1.2.6)
CVE-2004-0595 version (php, fixed 4.3.8)
CVE-2004-0594 version (php, fixed 4.3.8)
-CVE-2005-0590 version (openswan, fixed 2.1.4)
CVE-2004-0587 version (kernel, not upstream flaw)
CVE-2004-0558 version (cups, fixed 1.1.21)
CVE-2004-0557 version (sox, fixed after 12.17.4)
-CVE-2005-0565 version (kernel, not 2.6)
CVE-2004-0554 version (kernel, fixed 2.6.7)
CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue
CVE-2004-0547 version (postgresql, fixed 7.2.1)
@@ -944,9 +943,9 @@
CVE-2004-0492 version (httpd, not 2.0)
CVE-2004-0491 version (kernel, not upstream)
CVE-2004-0488 version (httpd, fixed 2.0.50)
+CVE-2004-0478 ignore (mozilla) not a security issue
CVE-2004-0461 version (dhcp, fixed after 3.0.1rc13)
CVE-2004-0460 version (dhcp, fixed after 3.0.1rc13)
-CVE-2004-0478 ignore (mozilla) not a security issue
CVE-2004-0457 version (mysql, fixed after 4.0.20)
CVE-2004-0452 backport (perl, not 5.8.6)
CVE-2004-0447 version (kernel, fixed 2.6.5)
@@ -1009,8 +1008,8 @@
CVE-2004-0150 version (python, fixed 2.2.2)
CVE-2004-0133 version (kernel, 2.6.4)
CVE-2004-0113 version (httpd, fixed 2.0.49)
-CVE-2004-0112 backport (openssl097a, fixed 0.9.7d) from srpm
CVE-2004-0112 version (openssl, fixed 0.9.7d)
+CVE-2004-0112 backport (openssl097a, fixed 0.9.7d) from srpm
CVE-2004-0111 version (gdk-pixbuf, fixed 0.20)
CVE-2004-0110 version (libxml2, fixed 2.6.6)
CVE-2004-0109 version (kernel, fixed 2.6.6)
@@ -1028,8 +1027,8 @@
CVE-2004-0081 version (openssl097a, fixed 0.9.6d)
CVE-2004-0081 version (openssl, fixed 0.9.6d)
CVE-2004-0080 version (util-linux, fixed after 2.11f)
-CVE-2004-0079 backport (openssl097a, fixed 0.9.7c) in srpm
CVE-2004-0079 version (openssl, fixed 0.9.7c)
+CVE-2004-0079 backport (openssl097a, fixed 0.9.7c) in srpm
CVE-2004-0078 version (mutt, fixed 1.4.2)
CVE-2004-0077 version (kernel, fixed 2.6.3)
CVE-2004-0075 version (kernel, not 2.6)
@@ -1043,8 +1042,8 @@
CVE-2004-0005 version (gaim, fixed 0.76)
CVE-2004-0003 version (kernel, not 2.6)
CVE-2004-0001 version (kernel, not 2.6)
-CVE-2003-1265 VULNERABLE (firefox)
CVE-2003-1265 VULNERABLE (mozilla)
+CVE-2003-1265 VULNERABLE (firefox)
CVE-2003-1232 version (emacs, fixed 21.3)
CVE-2003-1201 version (openldap, not 2.2)
CVE-2003-1161 version (kernel, not released version)
@@ -1054,14 +1053,14 @@
CVE-2003-1013 version (ethereal, fixed 0.10.0)
CVE-2003-1012 version (ethereal, fixed 0.10.0)
CVE-2003-0993 version (httpd, not 2.0)
+CVE-2003-0992 version (mailman, fixed 2.1.4)
CVE-2003-0992 version (mailman, fixed 2.1.3)
CVE-2003-0991 version (mailman, fixed 2.0.14)
CVE-2003-0990 version (squirrelmail, fixed after 1.4.0)
CVE-2003-0989 version (tcpdump, fixed 3.8.1)
-CVE-2003-0988 version (kde, fixed 3.1.5)
-CVE-2003-0992 version (mailman, fixed 2.1.4)
CVE-2003-0989 version (tcpdump, fixed 3.8.1)
CVE-2003-0988 version (kdepim, fixed 3.1.5)
+CVE-2003-0988 version (kde, fixed 3.1.5)
CVE-2003-0987 version (httpd, not 2.0)
CVE-2003-0985 version (kernel, not 2.6)
CVE-2003-0984 version (kernel, fixed 2.4.23)
@@ -1143,12 +1142,12 @@
CVE-2003-0548 version (gdm, fixed 2.4.1.6)
CVE-2003-0547 version (gdm, fixed 2.4.1.6)
CVE-2003-0546 version (up2date, fixed after 3.1.23)
-CVE-2003-0545 backport (openssl097a, fixed 0.9.7c) in srpm
CVE-2003-0545 version (openssl, fixed 0.9.7c)
-CVE-2003-0544 backport (openssl097a, fixed 0.9.7c) in srpm
+CVE-2003-0545 backport (openssl097a, fixed 0.9.7c) in srpm
CVE-2003-0544 version (openssl, fixed 0.9.7c)
-CVE-2003-0543 backport (openssl097a, fixed 0.9.7c) in srpm
+CVE-2003-0544 backport (openssl097a, fixed 0.9.7c) in srpm
CVE-2003-0543 version (openssl, fixed 0.9.7c)
+CVE-2003-0543 backport (openssl097a, fixed 0.9.7c) in srpm
CVE-2003-0542 version (httpd, fixed 2.0.48)
CVE-2003-0541 backport (gtkhtml, fixed 1.1.10) gtkhtml-1.1.9-textslave.patch
CVE-2003-0540 version (postfix, not 2.0 onwards)
@@ -1190,13 +1189,13 @@
CVE-2003-0289 version (cdrtools, fixed 2.01a14)
CVE-2003-0282 version (unzip, fixed 5.51)
CVE-2003-0255 version (gnupg, fixed 1.2.2)
-CVE-2003-0245 version (httpd, fixed 2.0.47)
CVE-2003-0253 version (httpd, fixed 2.0.47)
CVE-2003-0252 version (nfs-utils, fixed 1.0.4)
CVE-2003-0251 version (ypserv, fixed 2.7)
CVE-2003-0248 version (kernel, not 2.6)
CVE-2003-0247 version (kernel, not 2.6)
CVE-2003-0246 version (kernel, not 2.6)
+CVE-2003-0245 version (httpd, fixed 2.0.47)
CVE-2003-0245 version (httpd, fixed 2.0.46)
CVE-2003-0244 version (kernel, not 2.6)
CVE-2003-0211 version (xinetd, fixed 2.3.11)
@@ -1217,8 +1216,8 @@
CVE-2003-0160 version (squirrelmail, fixed 1.2.11)
CVE-2003-0159 version (ethereal, fixed after 0.9.9)
CVE-2003-0150 version (mysql, fixed 3.23.56)
-CVE-2003-0147 backport (openssl097a, fixed 0.9.7b) in srpm
CVE-2003-0147 version (openssl, fixed 0.9.7b)
+CVE-2003-0147 backport (openssl097a, fixed 0.9.7b) in srpm
CVE-2003-0146 version (netpbm, fixed 10.18)
CVE-2003-0145 version (tcpdump, fixed 3.7.2)
CVE-2003-0140 version (mutt, fixed 1.4.1)
@@ -1227,8 +1226,8 @@
CVE-2003-0135 version (vsftpd, not upstream)
CVE-2003-0133 version (evolution, fixed 1.2.4)
CVE-2003-0132 version (httpd, fixed 2.0.45)
-CVE-2003-0131 backport (openssl097a, fixed 0.9.7b) in srpm
CVE-2003-0131 version (openssl, fixed 0.9.7b)
+CVE-2003-0131 backport (openssl097a, fixed 0.9.7b) in srpm
CVE-2003-0130 version (evolution, fixed 1.2.3)
CVE-2003-0129 version (evolution, fixed 1.2.3)
CVE-2003-0128 version (evolution, fixed 1.2.3)
@@ -1259,8 +1258,8 @@
CVE-2003-0043 version (tomcat, fixed 3.3.1a)
CVE-2003-0041 version (krb5, fixed after 1.2.7)
CVE-2003-0038 version (mailman, fixed 2.0.13 at least)
-CVE-2003-0028 version (glibc, fixed after 2.3.1)
CVE-2003-0028 version (krb5, fixed after 1.2.7)
+CVE-2003-0028 version (glibc, fixed after 2.3.1)
CVE-2003-0026 version (dhcpd, fixed 3.0.1)
CVE-2003-0020 version (httpd, fixed 2.0.49)
CVE-2003-0019 version (kernel-utils, not upstream)
Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- fc5 9 Jan 2006 09:35:13 -0000 1.31
+++ fc5 9 Jan 2006 13:54:05 -0000 1.32
@@ -14,26 +14,7 @@
CVE-2006-0095 VULNERABLE (kernel)
CVE-2006-0082 version (ImageMagick, not 6.2.5.4)
-CVE-2005-3628 VULNERABLE (cups)
-CVE-2005-3628 VULNERABLE (poppler)
-CVE-2005-3628 VULNERABLE (xpdf)
-CVE-2005-3628 backport (kdegraphics)
-CVE-2005-3627 VULNERABLE (cups)
-CVE-2005-3627 VULNERABLE (poppler)
-CVE-2005-3627 VULNERABLE (xpdf)
-CVE-2005-3627 backport (kdegraphics)
-CVE-2005-3626 VULNERABLE (cups)
-CVE-2005-3626 VULNERABLE (poppler)
-CVE-2005-3626 VULNERABLE (xpdf)
-CVE-2005-3626 backport (kdegraphics)
-CVE-2005-3625 VULNERABLE (cups)
-CVE-2005-3625 VULNERABLE (poppler)
-CVE-2005-3625 VULNERABLE (xpdf)
-CVE-2005-3625 backport (kdegraphics)
-CVE-2005-3624 VULNERABLE (cups)
-CVE-2005-3624 VULNERABLE (poppler)
-CVE-2005-3624 VULNERABLE (xpdf)
-CVE-2005-3624 backport (kdegraphics)
+CVE-2005-4635 backport (kernel, fixed 2.6.15) [since FEDORA-2006-013]
CVE-2005-4618 VULNERABLE (kernel)
CVE-2005-4605 VULNERABLE (kernel) bz#176814
CVE-2005-4585 VULNERABLE (ethereal, fixed 0.10.14)
@@ -48,29 +29,10 @@
CVE-2005-4130 ** (HelixPlayer) no information available
CVE-2005-4126 ** (HelixPlayer) no information available
CVE-2005-4077 VULNERABLE (curl)
-CVE-2005-3896 ignore (mozilla) recoverable DoS only
-CVE-2005-3651 VULNERABLE (ethereal)
-CVE-2005-3627 VULNERABLE (cups)
-CVE-2005-3626 VULNERABLE (cups)
-CVE-2005-3625 VULNERABLE (cups)
-CVE-2005-3358 version (kernel, fixed 2.6.11)
-CVE-2005-3357 VULNERABLE (httpd, fixed 2.0.56, or 2.2.0)
-CVE-2005-3352 VULNERABLE (httpd, fixed 2.2.1)
-CVE-2005-3193 VULNERABLE (xpdf)
-CVE-2005-3193 VULNERABLE (kdegraphics)
-CVE-2005-3193 VULNERABLE (tetex)
-CVE-2005-3193 VULNERABLE (poppler)
-CVE-2005-3192 VULNERABLE (xpdf)
-CVE-2005-3192 VULNERABLE (kdegraphics)
-CVE-2005-3192 VULNERABLE (tetex)
-CVE-2005-3192 VULNERABLE (poppler)
-CVE-2005-3191 VULNERABLE (xpdf)
-CVE-2005-3191 VULNERABLE (kdegraphics)
-CVE-2005-3191 VULNERABLE (tetex)
-CVE-2005-3191 VULNERABLE (poppler)
CVE-2005-3964 VULNERABLE (openmotif)
CVE-2005-3962 VULNERABLE (perl)
CVE-2005-3912 ** (perl)
+CVE-2005-3896 ignore (mozilla) recoverable DoS only
CVE-2005-3883 VULNERABLE (php)
CVE-2005-3858 version (kernel, fixed 2.6.13)
CVE-2005-3857 backport (kernel, fixed 2.6.15) patch-2.6.15-rc1-git3
@@ -91,8 +53,33 @@
CVE-2005-3671 VULNERABLE (openswan, fixed 2.4.4) BZ#174165
CVE-2005-3662 version (netpbm)
CVE-2005-3656 VULNERABLE (mod_auth_pgsql, fixed 2.0.3)
+CVE-2005-3651 VULNERABLE (ethereal)
CVE-2005-3632 version (netpbm)
CVE-2005-3631 version (udev)
+CVE-2005-3628 VULNERABLE (xpdf)
+CVE-2005-3628 VULNERABLE (poppler)
+CVE-2005-3628 VULNERABLE (kdegraphics)
+CVE-2005-3628 VULNERABLE (cups)
+CVE-2005-3627 VULNERABLE (xpdf)
+CVE-2005-3627 VULNERABLE (poppler)
+CVE-2005-3627 VULNERABLE (kdegraphics)
+CVE-2005-3627 VULNERABLE (cups)
+CVE-2005-3627 VULNERABLE (cups)
+CVE-2005-3626 VULNERABLE (xpdf)
+CVE-2005-3626 VULNERABLE (poppler)
+CVE-2005-3626 VULNERABLE (kdegraphics)
+CVE-2005-3626 VULNERABLE (cups)
+CVE-2005-3626 VULNERABLE (cups)
+CVE-2005-3625 VULNERABLE (xpdf)
+CVE-2005-3625 VULNERABLE (poppler)
+CVE-2005-3625 VULNERABLE (kdegraphics)
+CVE-2005-3625 VULNERABLE (cups)
+CVE-2005-3625 VULNERABLE (cups)
+CVE-2005-3624 VULNERABLE (xpdf)
+CVE-2005-3624 VULNERABLE (poppler)
+CVE-2005-3624 VULNERABLE (kdegraphics)
+CVE-2005-3624 VULNERABLE (cups)
+CVE-2005-3623 VULNERABLE (kernel, fixed 2.6.14.5)
CVE-2005-3582 version (ImageMagick) gentoo only
CVE-2005-3573 VULNERABLE (mailman) not fixed 2.1.6 BZ#174166
CVE-2005-3527 version (kernel, fixed 2.6.14 at least)
@@ -102,7 +89,10 @@
CVE-2005-3390 VULNERABLE (php) BZ#174167
CVE-2005-3389 VULNERABLE (php) BZ#174168
CVE-2005-3388 VULNERABLE (php) BZ#174169
+CVE-2005-3358 version (kernel, fixed 2.6.11)
+CVE-2005-3357 VULNERABLE (httpd, fixed 2.0.56, or 2.2.0)
CVE-2005-3353 version (php, not 5.0)
+CVE-2005-3352 VULNERABLE (httpd, fixed 2.2.1)
CVE-2005-3351 version (spamassassin, fixed 3.1.0)
CVE-2005-3322 version (squid) not upstream, SUSE only
CVE-2005-3319 ignore (mod_php) no security consequence
@@ -125,12 +115,21 @@
CVE-2005-3242 version (ethereal, fixed 0.10.13)
CVE-2005-3241 version (ethereal, fixed 0.10.13)
CVE-2005-3193 VULNERABLE (xpdf, fixed 3.0.1pl1)
+CVE-2005-3193 VULNERABLE (tetex)
+CVE-2005-3193 VULNERABLE (poppler)
+CVE-2005-3193 VULNERABLE (kdegraphics)
CVE-2005-3192 VULNERABLE (xpdf, fixed 3.0.1pl1)
+CVE-2005-3192 VULNERABLE (tetex)
+CVE-2005-3192 VULNERABLE (poppler)
+CVE-2005-3192 VULNERABLE (kdegraphics)
CVE-2005-3191 VULNERABLE (xpdf, fixed 3.0.1pl1)
-CVE-2005-3186 backport (gdk-pixbuf)
+CVE-2005-3191 VULNERABLE (tetex)
+CVE-2005-3191 VULNERABLE (poppler)
+CVE-2005-3191 VULNERABLE (kdegraphics)
CVE-2005-3186 version (gtk2, fixed 2.8.7 at least)
-CVE-2005-3185 version (curl, fixed 7.15)
+CVE-2005-3186 backport (gdk-pixbuf)
CVE-2005-3185 version (wget, fixed 1.10.2 at least)
+CVE-2005-3185 version (curl, fixed 7.15)
CVE-2005-3184 version (ethereal, fixed 0.10.13)
CVE-2005-3181 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3180 version (kernel, fixed 2.6.13.4 at least)
@@ -155,15 +154,15 @@
CVE-2005-2978 version (netpbm, fixed 10.25)
CVE-2005-2977 backport (pam)
CVE-2005-2976 backport (gdk-pixbuf)
-CVE-2005-2975 backport (gdk-pixbuf)
CVE-2005-2975 version (gtk2, fixed 2.8.7)
+CVE-2005-2975 backport (gdk-pixbuf)
CVE-2005-2973 version (kernel, fixed 2.6.14 at least)
CVE-2005-2970 VULNERABLE (httpd, fixed 2.0.55) BZ#174170
CVE-2005-2969 version (openssl, fixed 0.9.8a)
CVE-2005-2969 backport (openssl097a, fixed 0.9.7h)
+CVE-2005-2968 version (thunderbird)
CVE-2005-2968 version (mozilla, not 1.7.10)
CVE-2005-2968 version (firefox)
-CVE-2005-2968 version (thunderbird)
CVE-2005-2959 ignore (sudo) not a vulnerability
CVE-2005-2946 version (openssl, fixed 0.9.8)
CVE-2005-2933 VULNERABLE (libc-client) BZ#174171
@@ -173,9 +172,9 @@
CVE-2005-2874 version (cups, fixed 1.1.23)
CVE-2005-2873 VULNERABLE (kernel) not fixed upstream
CVE-2005-2872 version (kernel, fixed 2.6.12)
-CVE-2005-2871 version (firefox, fixed 1.0.7)
-CVE-2005-2871 version (mozilla, fixed 1.7.12)
CVE-2005-2871 version (thunderbird)
+CVE-2005-2871 version (mozilla, fixed 1.7.12)
+CVE-2005-2871 version (firefox, fixed 1.0.7)
CVE-2005-2811 version (net-snmp) not upstream, gentoo only
CVE-2005-2801 version (kernel, fixed 2.6.11)
CVE-2005-2800 version (kernel, fixed 2.6.12.6)
@@ -188,25 +187,25 @@
CVE-2005-2709 VULNERABLE (kernel, fixed 2.6.14.3)
CVE-2005-2708 ignore (kernel) not reproducable on x86_64
CVE-2005-2707 version (thunderbird)
-CVE-2005-2707 version (firefox, fixed 1.0.7)
CVE-2005-2707 version (mozilla, fixed 1.7.12)
+CVE-2005-2707 version (firefox, fixed 1.0.7)
CVE-2005-2706 version (thunderbird)
-CVE-2005-2706 version (firefox, fixed 1.0.7)
CVE-2005-2706 version (mozilla, fixed 1.7.12)
+CVE-2005-2706 version (firefox, fixed 1.0.7)
CVE-2005-2705 version (thunderbird)
-CVE-2005-2705 version (firefox, fixed 1.0.7)
CVE-2005-2705 version (mozilla, fixed 1.7.12)
+CVE-2005-2705 version (firefox, fixed 1.0.7)
CVE-2005-2704 version (thunderbird)
-CVE-2005-2704 version (firefox, fixed 1.0.7)
CVE-2005-2704 version (mozilla, fixed 1.7.12)
+CVE-2005-2704 version (firefox, fixed 1.0.7)
CVE-2005-2703 version (thunderbird)
-CVE-2005-2703 version (firefox, fixed 1.0.7)
CVE-2005-2703 version (mozilla, fixed 1.7.12)
+CVE-2005-2703 version (firefox, fixed 1.0.7)
CVE-2005-2702 version (thunderbird)
-CVE-2005-2702 version (firefox, fixed 1.0.7)
CVE-2005-2702 version (mozilla, fixed 1.7.12)
-CVE-2005-2701 version (firefox, fixed 1.0.7)
+CVE-2005-2702 version (firefox, fixed 1.0.7)
CVE-2005-2701 version (mozilla, fixed 1.7.12)
+CVE-2005-2701 version (firefox, fixed 1.0.7)
CVE-2005-2700 backport (httpd, fixed 2.0.55)
CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch
CVE-2005-2672 backport (lm_sensors)
@@ -215,10 +214,10 @@
CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
CVE-2005-2629 version (HelixPlayer, fixed 1.0.6)
CVE-2005-2617 version (kernel, fixed 2.6.12.5)
-CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
CVE-2005-2602 ignore (thunderbird) probably
-CVE-2005-2558 ignore (mysql) not an issue
+CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
CVE-2005-2558 version (mysql, fixed 4.1.13)
+CVE-2005-2558 ignore (mysql) not an issue
CVE-2005-2555 version (kernel, fixed 2.6.12.6pre)
CVE-2005-2553 version (kernel, not 2.6)
CVE-2005-2550 version (evolution, fixed after 2.3.6.1)
@@ -231,11 +230,11 @@
CVE-2005-2496 backport (ntp, fixed 4.2.0b) ...0a-20040617-ntpd_guid.patch
CVE-2005-2495 version (xorg-x11-server, fixed 0.99.3 at least)
CVE-2005-2494 version (kdebase, fixed after 3.4.2)
-CVE-2005-2491 ignore (python) fc4 python does not contain pcre
+CVE-2005-2492 version (kernel, fixed 2.6.13.1)
CVE-2005-2491 version (pcre, fixed 6.2)
-CVE-2005-2491 ignore (httpd) httpd uses system pcre
+CVE-2005-2491 ignore (python) fc4 python does not contain pcre
CVE-2005-2491 ignore (php) php uses system pcre
-CVE-2005-2492 version (kernel, fixed 2.6.13.1)
+CVE-2005-2491 ignore (httpd) httpd uses system pcre
CVE-2005-2490 version (kernel, fixed 2.6.13.1)
CVE-2005-2475 backport (unzip)
CVE-2005-2471 backport (netpbm, fixed 10.31 at least) netpbm-10.28-CAN-2005-2471.patch
@@ -263,34 +262,34 @@
CVE-2005-2353 ignore (thunderbird) debug mode only
CVE-2005-2337 version (ruby, fixed 1.8.3)
CVE-2005-2335 version (fetchmail, fixed 6.2.5.2)
-CVE-2005-2270 version (firefox, fixed 1.0.5)
-CVE-2005-2270 version (mozilla, fixed 1.7.9)
CVE-2005-2270 version (thunderbird, fixed 1.0.5)
-CVE-2005-2269 version (firefox, fixed 1.0.5)
-CVE-2005-2269 version (mozilla, fixed 1.7.9)
+CVE-2005-2270 version (mozilla, fixed 1.7.9)
+CVE-2005-2270 version (firefox, fixed 1.0.5)
CVE-2005-2269 version (thunderbird, fixed 1.0.5)
-CVE-2005-2268 version (firefox, fixed 1.0.5)
+CVE-2005-2269 version (mozilla, fixed 1.7.9)
+CVE-2005-2269 version (firefox, fixed 1.0.5)
CVE-2005-2268 version (mozilla, fixed 1.7.9)
+CVE-2005-2268 version (firefox, fixed 1.0.5)
CVE-2005-2267 version (mozilla, fixed 1.7.9)
CVE-2005-2267 version (firefox, fixed 1.0.5)
-CVE-2005-2266 version (firefox, fixed 1.0.5)
-CVE-2005-2266 version (mozilla, fixed 1.7.9)
CVE-2005-2266 version (thunderbird, fixed 1.0.5)
-CVE-2005-2265 version (firefox, fixed 1.0.5)
-CVE-2005-2265 version (mozilla, fixed 1.7.9)
+CVE-2005-2266 version (mozilla, fixed 1.7.9)
+CVE-2005-2266 version (firefox, fixed 1.0.5)
CVE-2005-2265 version (thunderbird, fixed 1.0.5)
+CVE-2005-2265 version (mozilla, fixed 1.7.9)
+CVE-2005-2265 version (firefox, fixed 1.0.5)
CVE-2005-2264 version (firefox, fixed 1.0.5)
-CVE-2005-2263 version (firefox, fixed 1.0.5)
CVE-2005-2263 version (mozilla, fixed 1.7.9)
+CVE-2005-2263 version (firefox, fixed 1.0.5)
CVE-2005-2262 version (firefox, fixed 1.0.5)
CVE-2005-2261 version (thunderbird, fixed 1.0.5)
-CVE-2005-2261 version (firefox, fixed 1.0.5)
CVE-2005-2261 version (mozilla, fixed 1.7.9)
-CVE-2005-2260 version (firefox, fixed 1.0.5)
+CVE-2005-2261 version (firefox, fixed 1.0.5)
CVE-2005-2260 version (mozilla, fixed 1.7.9)
+CVE-2005-2260 version (firefox, fixed 1.0.5)
CVE-2005-2177 version (net-snmp, fixed 5.2.1.2)
-CVE-2005-2114 version (firefox, fixed 1.0.5)
CVE-2005-2114 version (mozilla, fixed 1.7.9)
+CVE-2005-2114 version (firefox, fixed 1.0.5)
CVE-2005-2104 version (sysreport, fixed 1.4.1-5)
CVE-2005-2103 version (gaim, fixed 1.5.0)
CVE-2005-2102 version (gaim, fixed 1.5.0)
@@ -298,19 +297,19 @@
CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4
CVE-2005-2099 version (kernel, fixed 2.6.12.5)
CVE-2005-2098 version (kernel, fixed 2.6.12.5)
-CVE-2005-2097 backport (cups)
CVE-2005-2097 version (xpdf, fixed 3.0.1)
-CVE-2005-2096 backport (zlib, fixed 1.2.2.4)
+CVE-2005-2097 backport (cups)
CVE-2005-2096 version (rpm, fixed 4.4.2)
+CVE-2005-2096 backport (zlib, fixed 1.2.2.4)
CVE-2005-2095 version (squirrelmail, fixed 1.4.5)
CVE-2005-2088 backport (httpd, fixed 2.0.55)
-CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch
CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180)
+CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch
CVE-2005-2023 version (gnupg, fixed 1.9.15)
CVE-2005-1993 version (sudo, fixed 1.6.8p9)
CVE-2005-1992 version (ruby, fixed 1.8.3 at least)
-CVE-2005-1937 version (firefox, fixed 1.0.5)
CVE-2005-1937 version (mozilla, fixed 1.7.9)
+CVE-2005-1937 version (firefox, fixed 1.0.5)
CVE-2005-1934 version (gaim, fixed 1.3.1)
CVE-2005-1921 version (php, fixed xml_rpc:1.3.1)
CVE-2005-1920 version (kdelibs, fixed 3.4.1)
@@ -328,27 +327,27 @@
CVE-2005-1762 version (kernel, fixed 2.6.12)
CVE-2005-1761 version (kernel, fixed 2.6.12.2)
CVE-2005-1760 version (sysreport, fixed 1.4.1-3)
-CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used
CVE-2005-1759 ignore (php) dead code path
+CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used
CVE-2005-1751 version (nmap, fixed 3.93 at least)
CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used
CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least)
CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
CVE-2005-1705 backport (gdb)
-CVE-2005-1704 backport (gdb)
CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least)
+CVE-2005-1704 backport (gdb)
CVE-2005-1689 version (krb5, fixed 1.4.2)
CVE-2005-1686 ignore (gedit) not a vulnerability
CVE-2005-1636 version (mysql, fixed 4.1.12)
CVE-2005-1589 version (kernel, fixed 2.6.11.10)
CVE-2005-1571 version (php, fixed shtool 2.0.2)
CVE-2005-1544 version (libtiff, fixed 3.7.1 at least)
-CVE-2005-1532 version (firefox, fixed 1.0.4)
CVE-2005-1532 version (thunderbird)
CVE-2005-1532 version (mozilla, fixed 1.7.8)
-CVE-2005-1531 version (firefox, fixed 1.0.4)
+CVE-2005-1532 version (firefox, fixed 1.0.4)
CVE-2005-1531 version (mozilla, fixed 1.7.8)
+CVE-2005-1531 version (firefox, fixed 1.0.4)
CVE-2005-1519 version (squid, fixed 2.5.STABLE10)
CVE-2005-1470 version (ethereal, fixed 0.10.11)
CVE-2005-1469 version (ethereal, fixed 0.10.11)
@@ -396,12 +395,12 @@
CVE-2005-1184 ignore (kernel) expected to not be an issue
CVE-2005-1175 version (krb5, fixed 1.4.2)
CVE-2005-1174 version (krb5, fixed 1.4.2)
+CVE-2005-1160 version (thunderbird)
CVE-2005-1160 version (mozilla)
CVE-2005-1160 version (firefox)
-CVE-2005-1160 version (thunderbird)
+CVE-2005-1159 version (thunderbird)
CVE-2005-1159 version (mozilla)
CVE-2005-1159 version (firefox)
-CVE-2005-1159 version (thunderbird)
CVE-2005-1158 version (firefox, fixed 1.0.3)
CVE-2005-1157 version (mozilla)
CVE-2005-1157 version (firefox)
@@ -423,9 +422,9 @@
CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue
CVE-2005-1038 backport (vixie-cron)
CVE-2005-0990 version (sharutils, fixed 4.6 at least)
+CVE-2005-0989 version (thunderbird)
CVE-2005-0989 version (mozilla, fixed 1.7.7)
CVE-2005-0989 version (firefox, fixed 1.0.3)
-CVE-2005-0989 version (thunderbird)
CVE-2005-0988 backport (gzip)
CVE-2005-0977 version (kernel, fixed 2.6.11)
CVE-2005-0967 version (gaim, fixed 1.2.1)
@@ -482,9 +481,10 @@
CVE-2005-0592 version (mozilla)
CVE-2005-0592 version (firefox)
CVE-2005-0591 version (firefox, fixed 1.0.1)
-CVE-2005-0590 version (firefox)
-CVE-2005-0590 version (mozilla)
CVE-2005-0590 version (thunderbird)
+CVE-2005-0590 version (openswan, fixed 2.1.4)
+CVE-2005-0590 version (mozilla)
+CVE-2005-0590 version (firefox)
CVE-2005-0589 version (firefox, fixed 1.0.1)
CVE-2005-0588 version (mozilla)
CVE-2005-0588 version (firefox)
@@ -498,6 +498,7 @@
CVE-2005-0584 version (firefox)
CVE-2005-0578 version (mozilla)
CVE-2005-0578 version (firefox)
+CVE-2005-0565 version (kernel, not 2.6)
CVE-2005-0532 version (kernel, fixed 2.6.11)
CVE-2005-0531 version (kernel, fixed 2.6.11)
CVE-2005-0530 version (kernel, fixed 2.6.11)
@@ -522,12 +523,12 @@
CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020
CVE-2005-0403 version (kernel) not upstream
CVE-2005-0402 version (firefox, fixed 1.0.2)
-CVE-2005-0401 version (firefox, fixed 1.0.2)
CVE-2005-0401 version (mozilla, fixed 1.7.7)
+CVE-2005-0401 version (firefox, fixed 1.0.2)
CVE-2005-0400 version (kernel, fixed 2.6.11.6)
+CVE-2005-0399 version (thunderbird)
CVE-2005-0399 version (mozilla)
CVE-2005-0399 version (firefox)
-CVE-2005-0399 version (thunderbird)
CVE-2005-0398 version (ipsec-tools, fixed 0.5)
CVE-2005-0397 version (ImageMagick, fixed 6.0.2.5)
CVE-2005-0396 version (kdelibs, fixed 3.4.0)
@@ -535,8 +536,8 @@
CVE-2005-0372 version (gftp, fixed 2.0.18 at least)
CVE-2005-0365 version (kdelibs, not 3.4)
CVE-2005-0337 version (postfix, not 2.2)
-CVE-2005-0255 version (mozilla, fixed 1.7.6)
CVE-2005-0255 version (thunderbird, fixed 1.0.2)
+CVE-2005-0255 version (mozilla, fixed 1.7.6)
CVE-2005-0255 version (firefox, fixed 1.0.1)
CVE-2005-0247 version (postgresql, fixed after 8.0)
CVE-2005-0246 version (postgresql, fixed 8.0.1)
@@ -551,8 +552,8 @@
CVE-2005-0232 version (firefox, fixed 1.0.1)
CVE-2005-0231 version (mozilla, fixed 1.7.6)
CVE-2005-0231 version (firefox, fixed 1.0.1)
-CVE-2005-0230 version (mozilla, fixed 1.7.6)
CVE-2005-0230 version (thunderbird, fixed 1.0.2)
+CVE-2005-0230 version (mozilla, fixed 1.7.6)
CVE-2005-0230 version (firefox, fixed 1.0.1)
CVE-2005-0227 version (postgresql, fixed 8.0.1)
CVE-2005-0215 version (mozilla)
@@ -580,27 +581,27 @@
CVE-2005-0155 backport (perl) perl-5.8.5-CAN-2005-0155+0156.patch
CVE-2005-0152 version (squirrelmail, not 1.4)
CVE-2005-0150 version (firefox, fixed 1.0)
-CVE-2005-0149 version (firefox)
CVE-2005-0149 version (mozilla)
-CVE-2005-0147 version (firefox)
+CVE-2005-0149 version (firefox)
CVE-2005-0147 version (mozilla)
-CVE-2005-0146 version (firefox)
+CVE-2005-0147 version (firefox)
CVE-2005-0146 version (mozilla)
+CVE-2005-0146 version (firefox)
CVE-2005-0145 version (firefox, fixed 1.0)
-CVE-2005-0144 version (firefox)
CVE-2005-0144 version (mozilla)
-CVE-2005-0143 version (firefox)
+CVE-2005-0144 version (firefox)
CVE-2005-0143 version (mozilla)
+CVE-2005-0143 version (firefox)
CVE-2005-0142 version (thunderbird)
-CVE-2005-0142 version (firefox)
CVE-2005-0142 version (mozilla)
-CVE-2005-0141 version (firefox)
+CVE-2005-0142 version (firefox)
CVE-2005-0141 version (mozilla)
+CVE-2005-0141 version (firefox)
CVE-2005-0137 version (kernel, not 2.6)
CVE-2005-0135 version (kernel, fixed 2.6.11)
CVE-2005-0124 version (kernel, fixed 2.6.11)
-CVE-2005-0109 backport (openssl097a)
CVE-2005-0109 version (openssl, not 0.9.8a)
+CVE-2005-0109 backport (openssl097a)
CVE-2005-0104 version (squirrelmail, fixed 1.4.4)
CVE-2005-0103 version (squirrelmail, fixed 1.4.4)
CVE-2005-0102 version (evolution-data-server, fixed 1.2.2 at least)
@@ -623,10 +624,10 @@
CVE-2005-0077 version (perl-DBI, fixed 1.48 at least)
CVE-2005-0075 version (squirrelmail, fixed 1.4.4)
CVE-2005-0069 VULNERABLE (vim) fc4 fixes vim-6.3-tmpfile.patch BZ#174173
+CVE-2005-0064 version (xpdf, fixed 3.0.1)
CVE-2005-0064 version (tetex, fixed 3.0)
CVE-2005-0064 version (kpdf, not 3.4)
CVE-2005-0064 backport (cups)
-CVE-2005-0064 version (xpdf, fixed 3.0.1)
CVE-2005-0039 ignore (kernel) not a vulnerability: don't do this says the rfc
CVE-2005-0034 version (bind, fixed after 9.3.0)
CVE-2005-0033 version (bind, not 9)
@@ -677,8 +678,8 @@
CVE-2004-1761 version (ethereal, fixed 0.10.3)
CVE-2004-1689 version (sudo, fixed 1.6.8p1)
CVE-2004-1653 ignore (openssh)
-CVE-2004-1639 version (firefox)
CVE-2004-1639 version (mozilla)
+CVE-2004-1639 version (firefox)
CVE-2004-1617 ignore (lynx) not able to verify flaw
CVE-2004-1614 version (mozilla, fixed 1.7.5)
CVE-2004-1613 version (mozilla, fixed 1.7.5)
@@ -687,18 +688,18 @@
CVE-2004-1453 version (glibc, fixed 2.3.5)
CVE-2004-1452 version (tomcat, fixed 5.0.27-r3)
CVE-2004-1451 version (thunderbird)
-CVE-2004-1451 version (firefox)
CVE-2004-1451 version (mozilla)
+CVE-2004-1451 version (firefox)
CVE-2004-1450 version (thunderbird)
-CVE-2004-1450 version (firefox)
CVE-2004-1450 version (mozilla)
+CVE-2004-1450 version (firefox)
CVE-2004-1449 version (thunderbird)
-CVE-2004-1449 version (firefox)
CVE-2004-1449 version (mozilla)
+CVE-2004-1449 version (firefox)
CVE-2004-1392 version (php, fixed 5.0.4)
CVE-2004-1382 version (glibc, not 2.3.5)
-CVE-2004-1381 version (firefox)
CVE-2004-1381 version (mozilla)
+CVE-2004-1381 version (firefox)
CVE-2004-1380 version (mozilla)
CVE-2004-1380 version (firefox)
CVE-2004-1377 backport (a2ps) a2ps-4.13-security.patch
@@ -751,9 +752,9 @@
CVE-2004-1139 version (ethereal, fixed 0.10.8)
CVE-2004-1138 version (vim, fixed 6.3)
CVE-2004-1137 version (kernel, fixed 2.6.10)
-CVE-2004-1125 version (kdegraphics, not 3.4)
-CVE-2004-1125 version (tetex, at least 3.0)
CVE-2004-1125 version (xpdf, fixed 3.0.1)
+CVE-2004-1125 version (tetex, at least 3.0)
+CVE-2004-1125 version (kdegraphics, not 3.4)
CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14)
CVE-2004-1093 version (mc, fixed 4.6.0)
CVE-2004-1092 version (mc, fixed 4.6.0)
@@ -797,8 +798,8 @@
CVE-2004-0981 version (ImageMagick, fixed 6.1.0)
CVE-2004-0977 version (postgresql, fixed after 7.4.6)
CVE-2004-0976 backport (perl) perl-5.8.7-CAN-2004-0976.patch
-CVE-2004-0975 backport (openssl097a, fixed 0.9.7f)
CVE-2004-0975 version (openssl, not 0.9.8)
+CVE-2004-0975 backport (openssl097a, fixed 0.9.7f)
CVE-2004-0974 version (netatalk, fixed 2.0.1)
CVE-2004-0972 version (lvm2, fixed 2.2.01.8 at least)
CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch
@@ -813,7 +814,6 @@
CVE-2004-0958 version (php, fixed 4.3.9)
CVE-2004-0957 version (mysql, fixed 4.0.21)
CVE-2004-0956 version (mysql, fixed 4.0.20)
-CVE-2004-0883 version (kernel, fixed 2.6.11)
CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6)
CVE-2004-0942 version (httpd, fixed 2.0.53)
CVE-2004-0941 VULNERABLE (gd) seems wasn't fixed upstream fc4bz#175414
@@ -824,15 +824,15 @@
CVE-2004-0923 version (cups, fixed 1.2.22)
CVE-2004-0918 version (squid, fixed 2.4.STABLE7)
CVE-2004-0914 version (xorg-x11, fixed after 6.8.1)
-CVE-2004-0909 version (mozilla)
CVE-2004-0909 version (thunderbird)
+CVE-2004-0909 version (mozilla)
CVE-2004-0909 version (firefox)
CVE-2004-0908 version (mozilla, fixed 1.7.3)
-CVE-2004-0907 version (mozilla)
CVE-2004-0907 version (thunderbird)
+CVE-2004-0907 version (mozilla)
CVE-2004-0907 version (firefox)
-CVE-2004-0906 version (mozilla)
CVE-2004-0906 version (thunderbird)
+CVE-2004-0906 version (mozilla)
CVE-2004-0906 version (firefox)
CVE-2004-0905 version (mozilla, fixed 1.7.3)
CVE-2004-0904 version (mozilla, fixed 1.7.3)
@@ -840,16 +840,17 @@
CVE-2004-0902 version (mozilla, fixed 1.7.3)
CVE-2004-0891 version (gaim, fixed 1.0.2)
CVE-2004-0889 version (xpdf, fixed 3.0.1)
-CVE-2004-0888 version (kpdegraphics, not 3.4)
+CVE-2004-0888 version (xpdf, fixed 3.0.1)
CVE-2004-0888 version (tetex, fixed 3.0)
+CVE-2004-0888 version (kpdegraphics, not 3.4)
CVE-2004-0888 backport (cups)
-CVE-2004-0888 version (xpdf, fixed 3.0.1)
CVE-2004-0887 version (kernel, fixed 2.6.10)
-CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109)
CVE-2004-0886 version (libtiff, fixed 3.7.1 at least)
+CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109)
CVE-2004-0885 version (httpd, fixed after 2.0.52)
CVE-2004-0884 version (cyrus-sasl, fixed 2.1.20)
CVE-2004-0883 version (kernel, fixed 2.6.11)
+CVE-2004-0883 version (kernel, fixed 2.6.11)
CVE-2004-0882 version (samba, fixed 3.0.8)
CVE-2004-0871 ignore (mozilla) unfixed upstream with no patch
CVE-2004-0870 ignore (kde) upstream won't fix
@@ -872,30 +873,30 @@
CVE-2004-0808 version (samba, fixed 3.0.7)
CVE-2004-0807 version (samba, fixed 3.0.7)
CVE-2004-0806 version (cdrtools, fixed 2.0.1)
-CVE-2004-0804 version (kdegraphics)
CVE-2004-0804 version (libtiff, fixed after 3.6.1)
-CVE-2004-0803 version (kdegraphics)
+CVE-2004-0804 version (kdegraphics)
CVE-2004-0803 version (libtiff, fixed after 3.6.1)
+CVE-2004-0803 version (kdegraphics)
CVE-2004-0802 version (imlib, fixed 1.1.2)
CVE-2004-0801 version (foomatic, fixed 3.0.2)
CVE-2004-0797 version (zlib, fixed 1.2.2.2 at least)
+CVE-2004-0797 version (zlib)
CVE-2004-0796 version (spamassassin, fixed 2.64)
CVE-2004-0792 version (rsync, fixed 2.6.3)
CVE-2004-0791 version (kernel, fixed 2.6.9)
CVE-2004-0790 version (doesn't affect linux 2.6)
-CVE-2004-0797 version (zlib)
-CVE-2004-0788 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0788 version (gtk2, fixed 2.6.7 at least)
+CVE-2004-0788 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0786 version (apr-util, fixed 2.0.51)
CVE-2004-0785 version (gaim, fixed 0.82)
CVE-2004-0784 version (gaim, fixed 0.82)
-CVE-2004-0783 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0783 version (gtk2, fixed 2.6.7 at least)
-CVE-2004-0782 version (gdk-pixbuf, fixed 0.22)
+CVE-2004-0783 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0782 version (gtk2, fixed 2.6.7 at least)
+CVE-2004-0782 version (gdk-pixbuf, fixed 0.22)
+CVE-2004-0779 version (thunderbird)
CVE-2004-0779 version (mozilla)
CVE-2004-0779 version (firefox)
-CVE-2004-0779 version (thunderbird)
CVE-2004-0778 version (cvs, fixed 1.11.17)
CVE-2004-0772 version (krb5, fixed after 1.2.8)
CVE-2004-0771 backport (lha, changelog)
@@ -912,8 +913,8 @@
CVE-2004-0757 version (mozilla, fixed 1.7)
CVE-2004-0755 version (ruby, fixed 1.8.1)
CVE-2004-0754 version (gaim, fixed 0.82)
-CVE-2004-0753 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0753 version (gtk2, fixed after 2.2.4)
+CVE-2004-0753 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0752 version (openoffice.org, fixed after 1.1.2)
CVE-2004-0751 version (httpd, fixed 2.0.51)
CVE-2004-0750 version (system-config-nfs, fixed 1.0.13)
@@ -937,8 +938,8 @@
CVE-2004-0686 version (samba, fixed 3.0.6)
CVE-2004-0685 version (kernel, not 2.6)
CVE-2004-0658 ignore (kernel) not a security issue
-CVE-2004-0648 version (mozilla)
CVE-2004-0648 version (thunderbird)
+CVE-2004-0648 version (mozilla)
CVE-2004-0648 version (firefox)
CVE-2004-0644 version (krb5, fixed after 1.3.4)
CVE-2004-0643 version (krb5, fixed after 1.3.1)
@@ -964,11 +965,9 @@
CVE-2004-0597 version (libpng, fixed 1.2.6)
CVE-2004-0595 version (php, fixed 4.3.8)
CVE-2004-0594 version (php, fixed 4.3.8)
-CVE-2005-0590 version (openswan, fixed 2.1.4)
CVE-2004-0587 version (kernel) not upstream flaw
CVE-2004-0558 version (cups, fixed 1.1.21)
CVE-2004-0557 version (sox, fixed after 12.17.4)
-CVE-2005-0565 version (kernel, not 2.6)
CVE-2004-0554 version (kernel, fixed 2.6.7)
CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue
CVE-2004-0547 version (postgresql, fixed 7.2.1)
@@ -992,9 +991,9 @@
CVE-2004-0492 version (httpd, not 2.0)
CVE-2004-0491 version (kernel, not upstream)
CVE-2004-0488 version (httpd, fixed 2.0.50)
+CVE-2004-0478 ignore (mozilla) not a security issue
CVE-2004-0461 version (dhcp, fixed after 3.0.1rc13)
CVE-2004-0460 version (dhcp, fixed after 3.0.1rc13)
-CVE-2004-0478 ignore (mozilla) not a security issue
CVE-2004-0457 version (mysql, fixed after 4.0.20)
CVE-2004-0452 backport (perl) perl-5.8.5-CAN-2005-0155+0156.patch
CVE-2004-0447 version (kernel, fixed 2.6.5)
@@ -1057,8 +1056,8 @@
CVE-2004-0150 version (python, fixed 2.2.2)
CVE-2004-0133 version (kernel, 2.6.4)
CVE-2004-0113 version (httpd, fixed 2.0.49)
-CVE-2004-0112 backport (openssl097a, fixed 0.9.7d)
CVE-2004-0112 version (openssl, not 0.9.8)
+CVE-2004-0112 backport (openssl097a, fixed 0.9.7d)
CVE-2004-0111 version (gdk-pixbuf, fixed 0.20)
CVE-2004-0110 version (libxml2, fixed 2.6.6)
CVE-2004-0109 version (kernel, fixed 2.6.6)
@@ -1076,8 +1075,8 @@
CVE-2004-0081 version (openssl097a, not 0.9.7)
CVE-2004-0081 version (openssl, not 0.9.8)
CVE-2004-0080 version (util-linux, fixed after 2.11f)
-CVE-2004-0079 backport (openssl097a, fixed 0.9.7c)
CVE-2004-0079 version (openssl, not 0.9.8)
+CVE-2004-0079 backport (openssl097a, fixed 0.9.7c)
CVE-2004-0078 version (mutt, fixed 1.4.2)
CVE-2004-0077 version (kernel, fixed 2.6.3)
CVE-2004-0075 version (kernel, not 2.6)
@@ -1091,8 +1090,8 @@
CVE-2004-0005 version (gaim, fixed 0.76)
CVE-2004-0003 version (kernel, not 2.6)
CVE-2004-0001 version (kernel, not 2.6)
-CVE-2003-1265 VULNERABLE (firefox)
CVE-2003-1265 VULNERABLE (mozilla)
+CVE-2003-1265 VULNERABLE (firefox)
CVE-2003-1232 version (emacs, fixed 21.3)
CVE-2003-1201 version (openldap, not 2.2)
CVE-2003-1161 version (kernel, not released version)
@@ -1102,14 +1101,14 @@
CVE-2003-1013 version (ethereal, fixed 0.10.0)
CVE-2003-1012 version (ethereal, fixed 0.10.0)
CVE-2003-0993 version (httpd, not 2.0)
+CVE-2003-0992 version (mailman, fixed 2.1.4)
CVE-2003-0992 version (mailman, fixed 2.1.3)
CVE-2003-0991 version (mailman, fixed 2.0.14)
CVE-2003-0990 version (squirrelmail, fixed after 1.4.0)
CVE-2003-0989 version (tcpdump, fixed 3.8.1)
-CVE-2003-0988 version (kde, fixed 3.1.5)
-CVE-2003-0992 version (mailman, fixed 2.1.4)
CVE-2003-0989 version (tcpdump, fixed 3.8.1)
CVE-2003-0988 version (kdepim, fixed 3.1.5)
+CVE-2003-0988 version (kde, fixed 3.1.5)
CVE-2003-0987 version (httpd, not 2.0)
CVE-2003-0985 version (kernel, not 2.6)
CVE-2003-0984 version (kernel, fixed 2.4.23)
@@ -1190,12 +1189,12 @@
CVE-2003-0548 version (gdm, fixed 2.4.1.6)
CVE-2003-0547 version (gdm, fixed 2.4.1.6)
CVE-2003-0546 version (up2date, fixed after 3.1.23)
-CVE-2003-0545 backport (openssl097a, fixed 0.9.7c)
CVE-2003-0545 version (openssl, not 0.9.8)
-CVE-2003-0544 backport (openssl097a, fixed 0.9.7c)
+CVE-2003-0545 backport (openssl097a, fixed 0.9.7c)
CVE-2003-0544 version (openssl, not 0.9.8)
-CVE-2003-0543 backport (openssl097a, fixed 0.9.7c)
+CVE-2003-0544 backport (openssl097a, fixed 0.9.7c)
CVE-2003-0543 version (openssl, not 0.9.8)
+CVE-2003-0543 backport (openssl097a, fixed 0.9.7c)
CVE-2003-0542 version (httpd, fixed 2.0.48)
CVE-2003-0541 backport (gtkhtml, fixed 1.1.10) gtkhtml-1.1.9-textslave.patch
CVE-2003-0540 version (postfix, not 2.0 onwards)
@@ -1236,13 +1235,13 @@
CVE-2003-0289 version (cdrtools, fixed 2.01a14)
CVE-2003-0282 version (unzip, fixed 5.51)
CVE-2003-0255 version (gnupg, fixed 1.2.2)
-CVE-2003-0245 version (httpd, fixed 2.0.47)
CVE-2003-0253 version (httpd, fixed 2.0.47)
CVE-2003-0252 version (nfs-utils, fixed 1.0.4)
CVE-2003-0251 version (ypserv, fixed 2.7)
CVE-2003-0248 version (kernel, not 2.6)
CVE-2003-0247 version (kernel, not 2.6)
CVE-2003-0246 version (kernel, not 2.6)
+CVE-2003-0245 version (httpd, fixed 2.0.47)
CVE-2003-0245 version (httpd, fixed 2.0.46)
CVE-2003-0244 version (kernel, not 2.6)
CVE-2003-0211 version (xinetd, fixed 2.3.11)
@@ -1263,8 +1262,8 @@
CVE-2003-0160 version (squirrelmail, fixed 1.2.11)
CVE-2003-0159 version (ethereal, fixed after 0.9.9)
CVE-2003-0150 version (mysql, fixed 3.23.56)
-CVE-2003-0147 backport (openssl097a, fixed 0.9.7b)
CVE-2003-0147 version (openssl, not 0.9.8)
+CVE-2003-0147 backport (openssl097a, fixed 0.9.7b)
CVE-2003-0146 version (netpbm, fixed 10.18)
CVE-2003-0145 version (tcpdump, fixed 3.7.2)
CVE-2003-0140 version (mutt, fixed 1.4.1)
@@ -1273,8 +1272,8 @@
CVE-2003-0135 version (vsftpd, not upstream)
CVE-2003-0133 version (evolution, fixed 1.2.4)
CVE-2003-0132 version (httpd, fixed 2.0.45)
-CVE-2003-0131 backport (openssl097a, fixed 0.9.7b)
CVE-2003-0131 version (openssl, not 0.9.8)
+CVE-2003-0131 backport (openssl097a, fixed 0.9.7b)
CVE-2003-0130 version (evolution, fixed 1.2.3)
CVE-2003-0129 version (evolution, fixed 1.2.3)
CVE-2003-0128 version (evolution, fixed 1.2.3)
@@ -1304,8 +1303,8 @@
CVE-2003-0043 version (tomcat, fixed 3.3.1a)
CVE-2003-0041 version (krb5, fixed after 1.2.7)
CVE-2003-0038 version (mailman, fixed 2.0.13 at least)
-CVE-2003-0028 version (glibc, fixed after 2.3.1)
CVE-2003-0028 version (krb5, fixed after 1.2.7)
+CVE-2003-0028 version (glibc, fixed after 2.3.1)
CVE-2003-0026 version (dhcpd, fixed 3.0.1)
CVE-2003-0020 version (httpd, fixed 2.0.49)
CVE-2003-0019 version (kernel-utils, not upstream)
More information about the fedora-extras-commits
mailing list