fedora-security/audit fc5,1.78,1.79
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Mon Mar 13 13:28:34 UTC 2006
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29631
Modified Files:
fc5
Log Message:
Fill in the missing issues that needed work
Check all FC5 VULNERABLEs; most are fixed in rawhide hence will be
okay in FC5 when released; some others don't have fixes yet (especially
the browser suite stuff)
Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- fc5 9 Mar 2006 12:04:35 -0000 1.78
+++ fc5 13 Mar 2006 13:28:27 -0000 1.79
@@ -1,4 +1,4 @@
-Up to date CVE as of CVE email 20060308
+Up to date CVE as of CVE email 20060312
Up to date FC5 as of FC5-Test3
1. Removed packages with security issues that are no longer in FC5
@@ -24,17 +24,20 @@
CVE-2006-1015 ignore (php) safe mode isn't safe
CVE-2006-1014 ignore (php) safe mode isn't safe
CVE-2006-0975 version (flex) by inspection
-CVE-2006-0903 VULNERABLE (mysql)
-CVE-2006-0884 ** thunderbird
+CVE-2006-0903 VULNERABLE (mysql) low/not upstream yet
+CVE-2006-0884 VULNERABLE (thunderbird)
CVE-2006-0836 VULNERABLE (thunderbird)
-CVE-2006-0746 VULNERABLE (kpdf)
+CVE-2006-0746 version (kdegraphics, fixed 3.4)
+CVE-2006-0742 VULNERABLE (kernel) [fixed rawhide 1.2045]
+CVE-2006-0741 VULNERABLE (kernel, fixed 2.6.15.5) [fixed rawhide 1.2045]
CVE-2006-0730 version (dovecot, 1.0beta[12] only)
CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert
CVE-2006-0645 version (gnutls, fixed 1.2.10)
CVE-2006-0591 version (postgresql, fixed 8.0.6)
CVE-2006-0576 backport (oprofile) oprofile_opcontrol.patch
+CVE-2006-0557 VULNERABLE (kernel, fixed 2.6.15.6) [fixed rawhide 1.2045]
CVE-2006-0553 version (postgresql, only 8.1, fixed 8.1.3)
-CVE-2006-0528 VULNERABLE (evolution) bz#182416
+CVE-2006-0528 VULNERABLE (cairo) bz#182416 [fixed rawhide cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch]
CVE-2006-0496 VULNERABLE (mozilla) not fixed upstream
CVE-2006-0496 VULNERABLE (firefox) not fixed upstream
CVE-2006-0482 ignore (kernel) sparc only
@@ -48,7 +51,7 @@
CVE-2006-0301 backport (xpdf) xpdf-3.01pl2.patch
CVE-2006-0301 version (poppler, fixed 0.4.5)
CVE-2006-0301 backport (kdegraphics) post-3.5.1-kdegraphics-CVE-2006-0301.diff
-CVE-2006-0300 VULNERABLE (tar)
+CVE-2006-0300 VULNERABLE (tar) [fixed rawhide in tar-1.15.1-13]
CVE-2006-0299 version (firefox, fixed 1.5.0.1)
CVE-2006-0299 version (mozilla, 1.8 branch only)
CVE-2006-0299 version (thunderbird, fixed 1.5)
@@ -87,6 +90,7 @@
CVE-2006-0096 ignore (kernel) minor and requires root
CVE-2006-0095 backport (kernel) patch-2.6.16-rc3
CVE-2006-0082 version (ImageMagick, not 6.2.5.4)
+CVE-2006-0040 VULNERABLE (gtkhtml) no upstream fix
CVE-2006-0037 backport (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc3
CVE-2006-0036 backport (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc3
CVE-2006-0035 backport (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc3
@@ -95,8 +99,8 @@
CVE-2005-4720 VULNERABLE (mozilla) not fixed upstream plus only DoS
CVE-2005-4720 version (firefox, fixed 1.5)
CVE-2005-4720 versoin (thunderbird, fixed 1.5)
-CVE-2005-4685 VULNERABLE (mozilla)
-CVE-2005-4685 VULNERABLE (firefox)
+CVE-2005-4685 VULNERABLE (mozilla) not fixed upstream
+CVE-2005-4685 VULNERABLE (firefox) not fixed upstream
CVE-2005-4684 VULNERABLE (kdebase) not fixed upstream
CVE-2005-4667 backport (unzip)
CVE-2005-4639 version (kernel, fixed 2.6.15)
@@ -142,7 +146,7 @@
CVE-2005-3651 version (ethereal, fixed 0.10.14)
CVE-2005-3632 version (netpbm)
CVE-2005-3631 version (udev)
-CVE-2005-3629 ** initscripts
+CVE-2005-3629 version (initscripts, fixed 8.29 at least)
CVE-2005-3628 backport (xpdf) xpdf-3.01pl2.patch
CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch
CVE-2005-3628 version (poppler, fixed 0.4.4)
@@ -555,7 +559,6 @@
CVE-2005-0752 version (firefox, fixed 1.0.3)
CVE-2005-0750 version (kernel, fixed 2.6.11.6)
CVE-2005-0749 version (kernel, fixed 2.6.11.6)
-CVE-2006-0741 VULNERABLE (kernel, fixed 2.6.15.5)
CVE-2005-0739 version (ethereal, fixed after 0.10.9)
CVE-2005-0736 version (kernel, fixed 2.6.11)
CVE-2005-0718 version (squid, fixed 2.5.STABLE8)
@@ -724,7 +727,7 @@
CVE-2005-0069 backport (vim) vim-6.4-tmpfile.patch
CVE-2005-0064 version (xpdf, fixed 3.0.1)
CVE-2005-0064 version (tetex, fixed 3.0)
-CVE-2005-0064 version (kpdf, not 3.4)
+CVE-2005-0064 version (kdegraphics, not 3.4)
CVE-2005-0064 backport (cups) cups-CAN-2005-0064.patch
CVE-2005-0039 ignore (kernel) not a vulnerability: don't do this says the rfc
CVE-2005-0034 version (bind, fixed after 9.3.0)
@@ -961,7 +964,7 @@
CVE-2004-0832 version (squid, fixed 2.5.STABLE7)
CVE-2004-0829 version (samba, fixed 2.2.11)
CVE-2004-0827 version (ImageMagick, fixed 6.0.6.2)
-CVE-2004-0826 ** NSS
+CVE-2004-0826 verson (nss, fixed 3.9.2)
CVE-2004-0823 version (openldap, fixed after 2.1.19)
CVE-2004-0817 version (imlib, fixed 2.1.20 at least)
CVE-2004-0816 version (kernel, fixed 2.6.8)
More information about the fedora-extras-commits
mailing list