fedora-security/audit fc5,1.211,1.212

Mark Cox (mjc) fedora-extras-commits at redhat.com
Fri Jun 16 12:24:30 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21152

Modified Files:
	fc5 
Log Message:
We've got a few issues marked as needed more attention; so give them a quick
rinse to reduce the number of unknowns



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.211
retrieving revision 1.212
diff -u -r1.211 -r1.212
--- fc5	16 Jun 2006 11:05:08 -0000	1.211
+++ fc5	16 Jun 2006 12:24:27 -0000	1.212
@@ -3,56 +3,56 @@
 
 ** are items that need attention
 
-CVE-2006-3057 ** networkmanager
-CVE-2006-3018 ** (php, fixed 5.1.3)
-CVE-2006-3017 ** (php, fixed 5.1.3)
-CVE-2006-3016 ** (php, fixed 5.1.3)
+CVE-2006-3057 ** dhcdbd
+CVE-2006-3018 VULNERABLE (php, fixed 5.1.3)
+CVE-2006-3017 VULNERABLE (php, fixed 5.1.3)
+CVE-2006-3016 VULNERABLE (php, fixed 5.1.3)
 CVE-2006-2916 ignore (arts) not shipped setuid
 CVE-2006-2906 VULNERABLE (gd) #194520
-CVE-2006-2894 ** firefox
-CVE-2006-2894 ** mozilla
+CVE-2006-2894 VULNERABLE (firefox)
+CVE-2006-2894 VULNERABLE (mozilla)
 CVE-2006-2842 version (squirrelmail, fixed 1.4.6) #194286 [since FEDORA-2006-680]
 CVE-2006-2789 version (evolution, fixed 2.4.X)
 CVE-2006-2788 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
 CVE-2006-2787 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
 CVE-2006-2787 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
-CVE-2006-2787 ** mozilla
+CVE-2006-2787 VULNERABLE (mozilla)
 CVE-2006-2786 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
 CVE-2006-2786 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
-CVE-2006-2786 ** mozilla
+CVE-2006-2786 VULNERABLE (mozilla)
 CVE-2006-2785 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
-CVE-2006-2785 ** mozilla
+CVE-2006-2785 VULNERABLE (mozilla)
 CVE-2006-2784 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
-CVE-2006-2784 ** mozilla
+CVE-2006-2784 VULNERABLE (mozilla)
 CVE-2006-2783 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
 CVE-2006-2783 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
-CVE-2006-2783 ** mozilla
+CVE-2006-2783 VULNERABLE (mozilla)
 CVE-2006-2782 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
 CVE-2006-2781 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
-CVE-2006-2780 ** firefox
+CVE-2006-2780 VULNERABLE (firefox)
 CVE-2006-2780 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
-CVE-2006-2780 ** mozilla
+CVE-2006-2780 VULNERABLE (mozilla)
 CVE-2006-2779 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
 CVE-2006-2779 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
-CVE-2006-2779 ** mozilla
+CVE-2006-2779 VULNERABLE (mozilla)
 CVE-2006-2778 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
 CVE-2006-2778 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
-CVE-2006-2778 ** mozilla
+CVE-2006-2778 VULNERABLE (mozilla)
 CVE-2006-2777 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
-CVE-2006-2777 ** mozilla
+CVE-2006-2777 VULNERABLE (mozilla)
 CVE-2006-2776 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
 CVE-2006-2776 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
-CVE-2006-2776 ** mozilla
+CVE-2006-2776 VULNERABLE (mozilla)
 CVE-2006-2775 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
 CVE-2006-2775 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
-CVE-2006-2775 ** mozilla
+CVE-2006-2775 VULNERABLE (mozilla)
 CVE-2006-2754 ignore (openldap) This issue is not exploitable
 CVE-2006-2753 version (mysql, fixed 5.0.22) #193828 [since FEDRA-2006-702]
-CVE-2006-2723 ** firefox (probably ignore)
+CVE-2006-2723 ignore (firefox) disputed
 CVE-2006-2661 VULNERABLE (freetype, fixed 2.2.1) #183677
 CVE-2006-2660 VULNERABLE (php) #195539
 CVE-2006-2656 backport (libtiff) [since FEDORA-2006-592]
-CVE-2006-2629 ** kernel
+CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC
 CVE-2006-2613 ignore (firefox) This isn't an issue on FC
 CVE-2006-2607 backport (vixie-cron) #177476
 CVE-2006-2563 ignore (php) safe mode isn't safe
@@ -65,7 +65,7 @@
 CVE-2006-2369 backport (vnc, fixed 4.1.2) #191692 [since FEDORA-2006-558]
 CVE-2006-2366 VULNERABLE (openobex) #192087
 CVE-2006-2362 ignore (binutils) minor crash (not exploitable)
-CVE-2006-2332 ** firefox
+CVE-2006-2332 ignore (firefox) disputed
 CVE-2006-2314 version (postgresql, fixed 8.1.4) [since FEODRA-2006-578]
 CVE-2006-2313 version (postgresql, fixed 8.1.4) [since FEODRA-2006-578]
 CVE-2006-2276 VULNERABLE (quagga) #191377
@@ -80,14 +80,14 @@
 CVE-2006-2073 VULNERABLE (bind)
 CVE-2006-2083 version (rsync, fixed 2.6.8) #190208 [since FEDORA-2006-599]
 CVE-2006-2071 version (kernel, fixed 2.6.16.6) [since FEDORA-2006-421]
-CVE-2006-2057 ** firefox
+CVE-2006-2057 ignore (firefox) not Linux
 CVE-2006-2026 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-473]
 CVE-2006-2025 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-473]
 CVE-2006-2024 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-473]
 CVE-2006-1993 version (firefox, fixed 1.5.0.3) #190124 [since FEDORA-2006-547]
 CVE-2006-1991 version (php) #190034 [since FEDORA-2006-289]
 CVE-2006-1990 version (php) #190034 [since FEDORA-2006-289]
-CVE-2006-1942 ** firefox
+CVE-2006-1942 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
 CVE-2006-1940 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
 CVE-2006-1939 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
 CVE-2006-1938 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
@@ -102,7 +102,7 @@
 CVE-2006-1865 version (beagle, fixed 0.2.5) [since FEDORA-2006-440]
 CVE-2006-1864 ignore (kernel, fixed 2.6.16.14) not compiled in
 CVE-2006-1863 version (kernel, fixed 2.6.16.11) [since FEDORA-2006-499]
-CVE-2006-1862 ** kernel
+CVE-2006-1862 version (kernel) not upstream kernels, only RHEL
 CVE-2006-1861 VULNERABLE (freetype, fixed 2.2.1) #191771
 CVE-2006-1860 version (kernel, fixed 2.6.16.16) [since FEDORA-2006-572]
 CVE-2006-1859 version (kernel, fixed 2.6.16.16) [since FEDORA-2006-572]
@@ -168,7 +168,7 @@
 CVE-2006-1723 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
 CVE-2006-1721 version (cyrus-sasl, fixed 2.1.21)
 CVE-2006-1712 version (mailman, only 2.1.7) #188605 [since FEDORA-2006-535]
-CVE-2006-1650 ** firefox
+CVE-2006-1650 ignore (firefox) a number of reports don't confirm this
 CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon
 CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue
 CVE-2006-1608 ignore (php) safe mode isn't safe

More information about the fedora-extras-commits mailing list