fedora-security/audit fc7,1.4,1.5

Christoph Trassl (trassl) fedora-extras-commits at redhat.com
Tue Jun 12 20:40:57 UTC 2007 

Author: trassl

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22232

Modified Files:
	fc7 
Log Message:
Processed rsync.



Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- fc7	12 Jun 2007 19:18:56 -0000	1.4
+++ fc7	12 Jun 2007 20:40:54 -0000	1.5
@@ -804,7 +804,7 @@
 *CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612
 *CVE-2006-2120 version (libtiff, fixed 3.8.2 at least)
 *CVE-2006-2093 version (nessus, fixed 2.2.7) bz#191053
-*CVE-2006-2083 version (rsync, fixed 2.6.8)
+CVE-2006-2083 version (rsync, fixed 2.6.8)
 *CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP
 *CVE-2006-2071 version (kernel, fixed 2.6.16.6)
 *CVE-2006-2057 ignore (firefox) not Linux
@@ -1750,7 +1750,7 @@
 *CVE-2004-2149 version (mysql, fixed 4.1.5)
 *CVE-2004-2136 ignore (dm-crypt) design
 *CVE-2004-2135 ignore (kernel) design
-*CVE-2004-2093 ignore (rsync) not security issue
+CVE-2004-2093 ignore (rsync) not a security issue (rsync is not setuid)
 *CVE-2004-2069 version (openssh, not 4)
 *CVE-2004-2014 version (wget, fixed 1.10.1)
 *CVE-2004-2013 version (kernel, not 2.6)
@@ -1946,7 +1946,7 @@
 *CVE-2004-0797 version (zlib, fixed 1.2.2.2 at least)
 *CVE-2004-0797 version (zlib)
 *CVE-2004-0796 version (spamassassin, fixed 2.64)
-*CVE-2004-0792 version (rsync, fixed 2.6.3)
+CVE-2004-0792 version (rsync, fixed 2.6.3)
 *CVE-2004-0791 version (kernel, fixed 2.6.9)
 *CVE-2004-0790 version (kernel, not 2.6)
 *CVE-2004-0788 version (gtk2, fixed 2.6.7 at least)
@@ -2035,7 +2035,7 @@
 *CVE-2004-0452 version (perl, fixed 5.8.8)
 *CVE-2004-0447 version (kernel, fixed 2.6.5)
 *CVE-2004-0427 version (kernel, fixed 2.6.6)
-*CVE-2004-0426 version (rsync, fixed 2.6.1)
+CVE-2004-0426 version (rsync, fixed 2.6.1)
 *CVE-2004-0424 version (kernel, fixed 2.6.4)
 *CVE-2004-0421 version (libpng, fixed 1.0.16)
 *CVE-2004-0419 version (xorg-x11, fixed 6.8.2 at least)
@@ -2163,7 +2163,7 @@
 *CVE-2003-0967 version (freeradius, fixed after 0.9.2)
 *CVE-2003-0965 version (mailman, fixed 2.1.4)
 *CVE-2003-0963 version (lftp, fixed after 2.6.9)
-*CVE-2003-0962 version (rsync, fixed 2.5.7)
+CVE-2003-0962 version (rsync, fixed 2.5.7)
 *CVE-2003-0961 version (kernel, fixed 2.4.23)
 *CVE-2003-0959 version (kernel, fixed 2.4.21)
 *CVE-2003-0956 version (kernel, fixed 2.4.22)
@@ -2576,16 +2576,17 @@
 *CVE-2002-0083 version (openssh, fixed 3.1)
 *CVE-2002-0082 version (mod_ssl, not httpd 2.2)
 *CVE-2002-0081 version (php, not 4.2+)
-*CVE-2002-0080 version (rsync, fixed 2.5.3)
+CVE-2002-0080 version (rsync, fixed 2.5.3)
 *CVE-2002-0069 version (squid, fixed 2.4STABLE4)
 *CVE-2002-0068 version (squid, fixed 2.4STABLE4)
 *CVE-2002-0067 version (squid, fixed 2.4STABLE4)
 *CVE-2002-0063 version (cups, fixed 1.1.14)
 *CVE-2002-0062 version (ncurses, only 5.0)
 *CVE-2002-0060 version (kernel, fixed 2.5.5)
-*CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, rsync, vnc)
+*CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc)
+CVE-2002-0059 version (rsync, fixed 2.5.4/2.6.6)
 *CVE-2002-0059 version (zlib, fixed 1.1.4)
-*CVE-2002-0048 version (rsync, fixed 2.5.2)
+CVE-2002-0048 version (rsync, fixed 2.5.2)
 *CVE-2002-0046 version (kernel, fixed 2.4.0)
 *CVE-2002-0045 version (openldap, fixed 2.0.20)
 *CVE-2002-0044 version (enscript, fixed 1.6.4 at least)
@@ -2615,4 +2616,5 @@
 *CVE-1999-1332 (gzip)
 CVE-1999-0997 ignore, no-ship (wu-ftpd)
 *CVE-1999-0710 (squid)
+CVE-1999-0473 version (rsync, fixed 2.3.1)
 *CVE-1999-0103 (bind)

More information about the fedora-extras-commits mailing list