fedora-security/audit fc4,1.176,1.177 fc5,1.88,1.89

Mark Cox (mjc) fedora-extras-commits at redhat.com
Tue Mar 21 16:15:52 UTC 2006


Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29476

Modified Files:
	fc4 fc5 
Log Message:
Expand the mozilla,firefox,thunderbird text we used in fc4 to make
an easier comparison with fc5 file.  Do a diff with fc4 to fc5 as a 
sanity check to make sure we're not missing anything.



Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.176
retrieving revision 1.177
diff -u -r1.176 -r1.177
--- fc4	21 Mar 2006 15:48:32 -0000	1.176
+++ fc4	21 Mar 2006 16:15:43 -0000	1.177
@@ -3,12 +3,14 @@
 
 ** are items that need attention
 
+CVE-2006-1273 ** firefox (prob win only, vague)
 CVE-2006-1244 ignore (xpdf) duplicate of other cve named issues
 CVE-2006-1242 ** kernel
 CVE-2006-1095 ignore (mod_python, 3.2.7 only)
 CVE-2006-1079 ignore (httpd) not a vulnerability
 CVE-2006-1078 ignore (httpd) not a vulnerability
 CVE-2006-1061 version (curl, 7.15.0 - 7.15.2 only)
+CVE-2006-1052 ** kernel
 CVE-2006-1045 VULNERABLE (thunderbird)
 CVE-2006-1015 ignore (php) safe mode isn't safe
 CVE-2006-1014 ignore (php) safe mode isn't safe
@@ -17,6 +19,7 @@
 CVE-2006-0836 version (thunderbird, 1.5 only)
 CVE-2006-0746 VULNERABLE (kpdf) bz#184308
 CVE-2006-0745 version (xorg-x11) not fc4
+CVE-2006-0744 ** kernel
 CVE-2006-0742 VULNERABLE (kernel)
 CVE-2006-0741 backport (kernel) [since FEDORA-2006-131] patch-2.6.15.5
 CVE-2006-0730 version (dovecot, 1.0beta[12] only)
@@ -494,15 +497,22 @@
 CVE-2005-1175 backport (krb5) [since FEDORA-2005-553]
 CVE-2005-1174 backport (krb5) [since FEDORA-2005-553]
 CVE-2005-1160 version (thunderbird) [since FEDORA-2005-606]
-CVE-2005-1160 version (firefox, mozilla)
+CVE-2005-1160 version (firefox)
+CVE-2005-1160 version (mozilla)
 CVE-2005-1159 version (thunderbird) [since FEDORA-2005-606]
-CVE-2005-1159 version (firefox, mozilla)
+CVE-2005-1159 version (firefox)
+CVE-2005-1159 version (mozilla)
 CVE-2005-1158 version (firefox, fixed 1.0.3)
-CVE-2005-1157 version (firefox, mozilla)
-CVE-2005-1156 version (firefox, mozilla)
-CVE-2005-1155 version (firefox, mozilla)
-CVE-2005-1154 version (firefox, mozilla)
-CVE-2005-1153 version (firefox, mozilla)
+CVE-2005-1157 version (firefox)
+CVE-2005-1157 version (mozilla)
+CVE-2005-1156 version (firefox)
+CVE-2005-1156 version (mozilla)
+CVE-2005-1155 version (firefox)
+CVE-2005-1155 version (mozilla)
+CVE-2005-1154 version (firefox)
+CVE-2005-1154 version (mozilla)
+CVE-2005-1153 version (firefox)
+CVE-2005-1153 version (mozilla)
 CVE-2005-1111 backport (cpio) from srpm
 CVE-2005-1065 version (tetex, not upstream)
 CVE-2005-1061 version (logwatch, in 4.3.2 at least)
@@ -565,20 +575,31 @@
 CVE-2005-0627 version (qt, fixed 3.3.4)
 CVE-2005-0626 version (squid, fixed 2.5.STABLE10) [since FEDORA-2005-913] was backport since GA
 CVE-2005-0605 backport (xorg-x11) ...-fix-CAN-2005-0605.patch
+CVE-2005-0605 ** openmotif
 CVE-2005-0602 VULNERABLE (unzip, fixed 5.52) not in srpm
 CVE-2005-0596 version (php, fixed 5.0)
-CVE-2005-0593 version (firefox, mozilla)
-CVE-2005-0592 version (firefox, mozilla)
+CVE-2005-0593 version (firefox)
+CVE-2005-0593 version (mozilla)
+CVE-2005-0592 version (firefox)
+CVE-2005-0592 version (mozilla)
 CVE-2005-0591 version (firefox, fixed 1.0.1)
 CVE-2005-0590 version (openswan, fixed 2.1.4)
-CVE-2005-0590 version (firefox, mozilla, thunderbird)
+CVE-2005-0590 version (firefox)
+CVE-2005-0590 version (mozilla)
+CVE-2005-0590 version (thunderbird)
 CVE-2005-0589 version (firefox, fixed 1.0.1)
-CVE-2005-0588 version (firefox, mozilla)
-CVE-2005-0587 version (firefox, mozilla)
-CVE-2005-0586 version (firefox, mozilla)
-CVE-2005-0585 version (firefox, mozilla)
-CVE-2005-0584 version (firefox, mozilla)
-CVE-2005-0578 version (firefox, mozilla)
+CVE-2005-0588 version (firefox)
+CVE-2005-0588 version (mozilla)
+CVE-2005-0587 version (firefox)
+CVE-2005-0587 version (mozilla)
+CVE-2005-0586 version (firefox)
+CVE-2005-0586 version (mozilla)
+CVE-2005-0585 version (firefox)
+CVE-2005-0585 version (mozilla)
+CVE-2005-0584 version (firefox)
+CVE-2005-0584 version (mozilla)
+CVE-2005-0578 version (firefox)
+CVE-2005-0578 version (mozilla)
 CVE-2005-0565 version (kernel, not 2.6)
 CVE-2005-0532 version (kernel, fixed 2.6.11)
 CVE-2005-0531 version (kernel, fixed 2.6.11)
@@ -607,7 +628,9 @@
 CVE-2005-0401 version (mozilla, fixed 1.7.7)
 CVE-2005-0401 version (firefox, fixed 1.0.2)
 CVE-2005-0400 version (kernel, fixed in bk since 20050325, therefore 2.6.11.6) [since FEDORA-2005-510] was backport
-CVE-2005-0399 version (mozilla, Firefox, thunderbird)
+CVE-2005-0399 version (mozilla)
+CVE-2005-0399 verison (firefox)
+CVE-2005-0399 version (thunderbird)
 CVE-2005-0398 version (ipsec-tools, fixed 0.5)
 CVE-2005-0397 version (ImageMagick, fixed 6.0.2.5)
 CVE-2005-0396 version (kdelibs, fixed 3.4.0)
@@ -660,14 +683,22 @@
 CVE-2005-0155 backport (perl, not 5.8.6) perl-5.8.5-CAN-2005-0155+0156.patch
 CVE-2005-0152 version (squirrelmail, not 1.4)
 CVE-2005-0150 version (firefox, fixed 1.0)
-CVE-2005-0149 version (mozilla, firefox)
-CVE-2005-0147 version (mozilla, firefox)
-CVE-2005-0146 version (mozilla, firefox)
+CVE-2005-0149 version (mozilla)
+CVE-2005-0149 version (firefox)
+CVE-2005-0147 version (mozilla)
+CVE-2005-0147 version (firefox)
+CVE-2005-0146 version (mozilla)
+CVE-2005-0146 version (firefox)
 CVE-2005-0145 version (firefox, fixed 1.0)
-CVE-2005-0144 version (mozilla, firefox)
-CVE-2005-0143 version (mozilla, firefox)
-CVE-2005-0142 version (mozilla, firefox, thunderbird)
-CVE-2005-0141 version (mozilla, firefox)
+CVE-2005-0144 version (mozilla)
+CVE-2005-0144 version (firefox)
+CVE-2005-0143 version (mozilla)
+CVE-2005-0143 version (firefox)
+CVE-2005-0142 version (mozilla)
+CVE-2005-0142 version (firefox)
+CVE-2005-0142 version (thunderbird)
+CVE-2005-0141 version (mozilla)
+CVE-2005-0141 version (firefox)
 CVE-2005-0137 version (kernel, not 2.6)
 CVE-2005-0135 version (kernel, fixed 2.6.11)
 CVE-2005-0124 version (kernel, fixed 2.6.11)
@@ -751,7 +782,8 @@
 CVE-2004-1761 version (ethereal, fixed 0.10.3)
 CVE-2004-1689 version (sudo, fixed 1.6.8p1)
 CVE-2004-1653 ignore (openssh)
-CVE-2004-1639 version (mozilla, firefox)
+CVE-2004-1639 version (mozilla)
+CVE-2004-1639 version (firefox)
 CVE-2004-1617 ignore (lynx) not able to verify flaw
 CVE-2004-1614 version (mozilla, fixed 1.7.5)
 CVE-2004-1613 version (mozilla, fixed 1.7.5)
@@ -759,13 +791,21 @@
 CVE-2004-1471 version (cvs, fixed 1.12.9)
 CVE-2004-1453 version (glibc, fixed 2.3.5)
 CVE-2004-1452 version (tomcat, fixed 5.0.27-r3)
-CVE-2004-1451 version (mozilla, firefox, thunderbird)
-CVE-2004-1450 version (mozilla, firefox, thunderbird)
-CVE-2004-1449 version (mozilla, firefox, thunderbird)
+CVE-2004-1451 version (mozilla)
+CVE-2004-1451 version (firefox)
+CVE-2004-1451 version (thunderbird)
+CVE-2004-1450 version (mozilla)
+CVE-2004-1450 version (firefox)
+CVE-2004-1450 version (thunderbird)
+CVE-2004-1449 version (mozilla)
+CVE-2004-1449 version (firefox)
+CVE-2004-1449 verison (thunderbird)
 CVE-2004-1392 version (php, fixed 5.0.4)
 CVE-2004-1382 version (glibc, not 2.3.5)
-CVE-2004-1381 version (firefox, mozilla)
-CVE-2004-1380 version (firefox, mozilla)
+CVE-2004-1381 version (firefox)
+CVE-2004-1381 version (mozilla)
+CVE-2004-1380 version (firefox)
+CVE-2004-1380 version (mozilla)
 CVE-2004-1377 backport (a2ps, fixed 4.13?) patch included in srpm
 CVE-2004-1337 version (kernel, fixed 2.6.11)
 CVE-2004-1336 version (tetex, fixed 3.0) at least, checked source
@@ -888,10 +928,17 @@
 CVE-2004-0923 version (cups, fixed 1.2.22)
 CVE-2004-0918 version (squid, fixed 2.4.STABLE7)
 CVE-2004-0914 version (xorg-x11, fixed after 6.8.1)
-CVE-2004-0909 version (Mozilla, Thunderbird, Firefox)
+CVE-2004-0914 ** openmotif
+CVE-2004-0909 version (mozilla)
+CVE-2004-0909 version (thunderbird)
+CVE-2004-0909 version (firefox)
 CVE-2004-0908 version (mozilla #133021, fixed 1.7.3)
-CVE-2004-0907 version (Mozilla, Thunderbird, Firefox)
-CVE-2004-0906 version (Mozilla, Thunderbird, Firefox)
+CVE-2004-0907 version (mozilla)
+CVE-2004-0907 version (thunderbird)
+CVE-2004-0907 version (firefox)
+CVE-2004-0906 version (mozilla)
+CVE-2004-0906 version (thunderbird)
+CVE-2004-0906 version (firefox)
 CVE-2004-0905 version (mozilla #133012, fixed 1.7.3)
 CVE-2004-0904 version (mozilla #133014, fixed 1.7.3)
 CVE-2004-0903 version (mozilla #133016, fixed 1.7.3)
@@ -952,7 +999,9 @@
 CVE-2004-0783 version (gdk-pixbuf, fixed 0.22)
 CVE-2004-0782 version (gtk2, fixed 2.6.7 at least by inspection)
 CVE-2004-0782 version (gdk-pixbuf, fixed 0.22)
-CVE-2004-0779 version (mozilla, firefox, thunderbird)
+CVE-2004-0779 version (mozilla)
+CVE-2004-0779 version (firefox)
+CVE-2004-0779 version (thunderbird)
 CVE-2004-0778 version (cvs, fixed 1.11.17)
 CVE-2004-0772 version (krb5, fixed after 1.2.8)
 CVE-2004-0771 backport (lha, changelog)
@@ -994,7 +1043,9 @@
 CVE-2004-0686 version (samba, fixed 3.0.6)
 CVE-2004-0685 version (kernel, not 2.6)
 CVE-2004-0658 ignore (kernel) not a security issue
-CVE-2004-0648 version (mozilla, firefox, thunderbird)
+CVE-2004-0648 version (mozilla)
+CVE-2004-0648 version (firefox)
+CVE-2004-0648 version (thunderbird)
 CVE-2004-0644 version (krb5, fixed after 1.3.4)
 CVE-2004-0643 version (krb5, fixed after 1.3.1)
 CVE-2004-0642 version (krb5, fixed after 1.3.4)
@@ -1219,12 +1270,10 @@
 CVE-2003-0775 version (sane-backends, fixed 1.0.10)
 CVE-2003-0774 version (sane-backends, fixed 1.0.10)
 CVE-2003-0773 version (sane-backends, fixed 1.0.10)
-CVE-2003-0743 version (exim, fixed 4.21)
 CVE-2003-0740 version (stunnel, fixed 3.26)
 CVE-2003-0730 version (xfree86, fixed after 4.3.0)
 CVE-2003-0700 version (kernel, not 2.6)
 CVE-2003-0699 version (kernel, not 2.6)
-CVE-2003-0698 version (exim, fixed 4.21)
 CVE-2003-0695 version (openssh, fixed 3.7.1)
 CVE-2003-0694 version (sendmail, fixed 8.12.10)
 CVE-2003-0693 version (openssh, fixed 3.7)


Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.88
retrieving revision 1.89
diff -u -r1.88 -r1.89
--- fc5	21 Mar 2006 15:48:32 -0000	1.88
+++ fc5	21 Mar 2006 16:15:43 -0000	1.89
@@ -6,7 +6,6 @@
 CVE-2006-1335 version (gnome-screensaver, fixed 2.14)
 CVE-2006-1296 VULNERABLE (beagle) bz#185981
 CVE-2006-1273 ** firefox (prob win only, vague)
-CVE-2006-1251 version (exim) script not shipped
 CVE-2006-1244 ignore (xpdf) duplicate of other cve named issues
 CVE-2006-1242 ** kernel
 CVE-2006-1095 ignore (mod_python, 3.2.7 only)
@@ -122,6 +121,7 @@
 CVE-2005-4077 version (curl, fixed 7.15.1)
 CVE-2005-3964 backport (openmotif)
 CVE-2005-3962 version (perl, fixed 5.8.8)
+CVE-2005-3912 ** perl
 CVE-2005-3896 ignore (mozilla) recoverable DoS only
 CVE-2005-3883 version (php, fixed 5.1.1 at least)
 CVE-2005-3858 version (kernel, fixed 2.6.13)
@@ -1268,12 +1268,10 @@
 CVE-2003-0775 version (sane-backends, fixed 1.0.10)
 CVE-2003-0774 version (sane-backends, fixed 1.0.10)
 CVE-2003-0773 version (sane-backends, fixed 1.0.10)
-CVE-2003-0743 version (exim, fixed 4.21)
 CVE-2003-0740 version (stunnel, fixed 3.26)
 CVE-2003-0730 version (xfree86, fixed after 4.3.0)
 CVE-2003-0700 version (kernel, not 2.6)
 CVE-2003-0699 version (kernel, not 2.6)
-CVE-2003-0698 version (exim, fixed 4.21)
 CVE-2003-0695 version (openssh, fixed 3.7.1)
 CVE-2003-0694 version (sendmail, fixed 8.12.10)
 CVE-2003-0693 version (openssh, fixed 3.7)




More information about the fedora-extras-commits mailing list