fedora-security/audit fc6,1.232,1.233 fc7,1.60,1.61

Lubomir Kundrak (lkundrak) fedora-extras-commits at redhat.com
Wed Aug 8 17:11:28 UTC 2007 

Author: lkundrak

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14717

Modified Files:
	fc6 fc7 
Log Message:
Up to date as of today's CVENEW mails and Fedora updates.



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.232
retrieving revision 1.233
diff -u -r1.232 -r1.233
--- fc6	8 Aug 2007 14:59:57 -0000	1.232
+++ fc6	8 Aug 2007 17:11:26 -0000	1.233
@@ -4,12 +4,14 @@
 # *CVE are items that need verification for Fedora Core 6
 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
 
-# Up to date CVE as of CVE email 20070801
-# Up to date FC6 as of 20070803
+# Up to date CVE as of CVE email 20070808
+# Up to date FC6 as of 20070808
 
-GENERIC-MAP-NOMATCH VULNERABLE (dovecot, fixed 1.0.3) #251009
+CVE-2007-4211 VULNERABLE (dovecot, fixed 1.0.3) #251009
 CVE-2007-4029 VULNERABLE (libvorbis) #250600
 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
+CVE-2007-3845 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
+CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
 CVE-2007-3841 ignore (pidgin) ethically disclosed
 CVE-2007-3820 ** (kdebase) #248537
 CVE-2007-3799 ** (php)
@@ -24,6 +26,7 @@
 CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
 CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
 CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
 CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653]
 CVE-2007-3378 ignore (php) safe mode escape
 CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 [since FEDORA-2007-609]


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- fc7	6 Aug 2007 15:08:43 -0000	1.60
+++ fc7	8 Aug 2007 17:11:26 -0000	1.61
@@ -5,10 +5,11 @@
 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
 # A couple of first F7 updates were marked as FEDORA-2007-0001
 
-# Up to date CVE as of CVE email 20070801
-# Up to date FC7 as of 20070802
+# Up to date CVE as of CVE email 20070808
+# Up to date FC7 as of 20070808
 
-GENERIC-MAP-NOMATCH VULNERABLE (dovecot, 1.0.3) #251008
+CVE-2007-4211 version (dovecot, 1.0.3) #251008 [since FEDORA-2007-1485]
+CVE-2007-4174 VULNERABLE (tor, fixed 0.1.2.16)
 GENERIC-MAP-NOMATCH VULNERABLE (tor, fixed 0.1.2.15) #249840
 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414]
 CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
@@ -20,7 +21,9 @@
 CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-CVE-2007-3841 WTF (pidgin)
+CVE-2007-3845 VULNERABLE (firefox, fixed 2.0.0.6) https://bugzilla.mozilla.org/show_bug.cgi?id=389580
+CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
+CVE-2007-3841 ignore (pidgin) ethically disclosed
 CVE-2007-3820 ** (kdebase) #248537
 CVE-2007-3799 ** (php)
 CVE-2007-3781 ** (mysql)
@@ -36,7 +39,7 @@
 CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138]
 CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130]
 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10)
-CVE-2007-3555 VULNERABLE (moodle) #247528
+CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445]
 CVE-2007-3546 ignore (nessus-core) Windows only
 CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904]
 CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
@@ -58,6 +61,7 @@
 CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
 CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
 CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
+CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
 CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362]
 CVE-2007-3378 ignore (php) safe mode escape
 CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since EDORA-2007-0668]
@@ -70,9 +74,10 @@
 CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
 CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366]
 CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
+CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444]
 CVE-2007-3106 VULNERABLE (libvorbis) #245991
-CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
 CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
+CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
 CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502
 CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
 CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
@@ -199,6 +204,7 @@
 CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564]
 CVE-2007-1562 version (mozilla) #241840
 CVE-2007-1560 version (squid, fixed 2.6.STABLE12)
+CVE-2007-1558 version (balsa) [since FEDORA-2007-1447]
 CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1)
 *CVE-2007-1558 VULNERABLE (evolution)
@@ -266,7 +272,7 @@
 *CVE-2007-1103 VULNERABLE (tor) #230927
 CVE-2007-1092 version (seamonkey, fixed 1.0.8)
 CVE-2007-1055 version (mediawiki, fixed 1.8.3)
-CVE-2007-1054 VULNERABLE (mediawiki, fixed 1.9.3)
+CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
 CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991
 *CVE-2007-1036 (jboss)
 *CVE-2007-1030 (libevent)
@@ -480,7 +486,7 @@
 *CVE-2006-6015 (pcre)
 CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6
 CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
-*CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508
+CVE-2006-5973 version (dovecot, fixed 1.0.rc15) #216508 [since ???]
 *CVE-2006-5969 (fvwm)
 CVE-2006-5941 ignore (net-snmp) dupe CVE-2005-2177
 *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support

More information about the fedora-extras-commits mailing list