fedora-security/audit fc5,1.319,1.320 fc6,1.76,1.77

Mark Cox (mjc) fedora-extras-commits at redhat.com
Tue Sep 12 13:46:59 UTC 2006 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10604

Modified Files:
	fc5 fc6 
Log Message:
Backport some fc6 knowledge to fc5.  Deal with the bind update later.



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.319
retrieving revision 1.320
diff -u -r1.319 -r1.320
--- fc5	12 Sep 2006 09:10:05 -0000	1.319
+++ fc5	12 Sep 2006 13:46:56 -0000	1.320
@@ -7,7 +7,7 @@
 CVE-2006-4624 VULNERABLE (mailman, fixed 2.1.9rc1) #205652
 CVE-2006-4623 VULNERABLE (kernel)
 CVE-2006-4600 VULNERABLE (openldap, fixed 2.3.25) #205827
-CVE-2006-4561 ** firefox
+CVE-2006-4561 VULNERABLE (firefox)
 CVE-2006-4538 VULNERABLE (kernel)
 CVE-2006-4535 VULNERABLE (kernel, fixed 2.6.17.12, fixed 2.6.18-rc6)
 CVE-2006-4507 ignore (libtiff) can't reproduce
@@ -15,13 +15,13 @@
 CVE-2006-4485 VULNERABLE (php, fixed 5.1.5)
 CVE-2006-4484 ignore (php, fixed 5.1.5)
 CVE-2006-4484 ignore (gd)
-CVE-2006-4483 ** php
+CVE-2006-4483 ignore (php) not linux
 CVE-2006-4482 VULNERABLE (php, fixed 5.1.5) [#204995]
 CVE-2006-4481 ignore (php) safe mode isn't safe
 CVE-2006-4455 ignore (xchat) client DoS
-CVE-2006-4447 ** xorg
+CVE-2006-4447 ignore (xorg) not a security issue
 CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable
-CVE-2006-4433 ** php
+CVE-2006-4433 VULNERABLE (php, fixed 5.1.4)
 CVE-2006-4380 version (mysql, fixed 4.1.13)
 CVE-2006-4339 backport (openssl) [since FEDORA-2006-953]
 CVE-2006-4339 backport (openssl097a) [since FEDORA-2006-953]
@@ -41,7 +41,7 @@
 CVE-2006-4145 VULNERABLE (kernel, fixed 2.6.17.10)
 CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) #202773 [since FEDORA-2006-929]
 CVE-2006-4096 ** bind
-CVE-2006-4095 ** bind
+CVE-2006-4095 ** bind [since FEDORA-2006-966]
 CVE-2006-4093 VULNERABLE (kernel, fixed 2.6.17.9)
 CVE-2006-4031 VULNERABLE (mysql, fixed 5.0.24) #202247
 CVE-2006-4020 VULNERABLE (php) #201767
@@ -99,7 +99,7 @@
 CVE-2006-3677 VULNERABLE (mozilla)
 CVE-2006-3672 ignore (konqueror) just a crash
 CVE-2006-3665 ignore (squirrelmail) don't enable register_globals!
-CVE-2006-3636 ** mailman
+CVE-2006-3636 VULNERABLE (mailman, fixed 2.1.9)
 CVE-2006-3634 ignore (kernel, fixed 2.6.17.8) s390 only
 CVE-2006-3632 version (ethereal, fixed wireshark-0.99.2) [since FEDORA-2006-860]
 CVE-2006-3631 version (ethereal, fixed wireshark-0.99.2) [since FEDORA-2006-860]
@@ -132,7 +132,7 @@
 CVE-2006-3174 version (squirrelmail, fixed 1.4.7) #197369 [since FEDORA-2006-788]
 CVE-2006-3145 version (netpbm, fixed 10.34) [since FEDORA-2006-909]
 CVE-2006-3127 version (nss, only affected 3.11) [since FEDORA-2006-728]
-CVE-2006-3122 ** dhcp
+CVE-2006-3122 version (dhcp, only 2.x)
 CVE-2006-3117 backport (openoffice.org, fixed 2.0.3) [since FEDORA-2006-770]
 CVE-2006-3113 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
 CVE-2006-3113 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
@@ -148,7 +148,7 @@
 CVE-2006-3016 VULNERABLE (php, fixed 5.1.3)
 CVE-2006-3011 VULNERABLE (php) (safe mode isn't)
 CVE-2006-3005 ignore (libjpeg) not a vuln
-CVE-2006-2941 ** mailman
+CVE-2006-2941 VULNERABLE (mailman, fixed 2.1.9)
 CVE-2006-2936 version (kernel, fixed 2.6.16.27, fixed 2.6.17.7) [since FEDORA-2006-906]
 CVE-2006-2935 version (kernel, fixed 2.6.17.7) [since FEDORA-2006-906]
 CVE-2006-2934 version (kernel, fixed 2.6.17.3) [since FEDORA-2006-772]
@@ -472,7 +472,6 @@
 CVE-2006-0019 version (kdelibs, fixed 3.5.1)
 CVE-2005-4809 ** firefox
 CVE-2005-4809 ** seamonkey
-CVE-2005-4809 ** thunderbird
 CVE-2005-4798 version (kernel, not 2.6)
 CVE-2005-4784 ignore (glibc) struct dirent is big enough
 CVE-2005-4746 version (freeradius) we don't build vulnerable bits


Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -r1.76 -r1.77
--- fc6	12 Sep 2006 13:04:58 -0000	1.76
+++ fc6	12 Sep 2006 13:46:56 -0000	1.77
@@ -412,7 +412,7 @@
 CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15)
 CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
 CVE-2006-0019 version (kdelibs, fixed 3.5.1)
-CVE-2005-4809 version (firefox, not 1.0.5.4 at least)
+CVE-2005-4809 VULNERABLE (firefox)
 CVE-2005-4798 version (kernel, not 2.6)
 CVE-2005-4784 ignore (glibc) struct dirent is big enough
 CVE-2005-4746 version (freeradius, fixed 1.0.5)

More information about the fedora-extras-commits mailing list