fedora-security/audit fc6,1.267,1.268 fc7,1.122,1.123

Tomas Hoger (thoger) fedora-extras-commits at redhat.com
Thu Sep 27 12:55:42 UTC 2007


Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19819/audit

Modified Files:
	fc6 fc7 
Log Message:
proccess large pile of fedora updates



Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.267
retrieving revision 1.268
diff -u -r1.267 -r1.268
--- fc6	21 Sep 2007 21:28:10 -0000	1.267
+++ fc6	27 Sep 2007 12:55:40 -0000	1.268
@@ -5,7 +5,7 @@
 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
 
 # Up to date CVE as of CVE email 20070914
-# Up to date FC6 as of 20070916
+# Up to date FC6 as of 20070926
 
 CVE-2007-5034 VULNERABLE (elinks) #297611
 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
@@ -17,17 +17,19 @@
 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694]
 CVE-2007-4730 VULNERABLE (xorg-x11) #286061
 CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-4670 backport (php) [since FEDORA-2007-709]
 CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
 CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
 CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix
 CVE-2007-4660 VULNERABLE (php, fixed 5.2.4) 
 CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only)
-CVE-2007-4658 VULNERABLE (php, fixed 5.2.4) #278011
+CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709]
 CVE-2007-4657 VULNERABLE (php, fixed 5.2.4)
 CVE-2007-4569 VULNERABLE (kdebase) #299741
 CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689]
 CVE-2007-4559 VULNERABLE (python) tarfile module - directory traversal
 CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
+CVE-2007-4465 version (httpd) [since FEDORA-2007-707]
 CVE-2007-4357 ignore (firefox) status bar can be overwrittten
 CVE-2007-4255 ignore (php) msql extension not shipped
 CVE-2007-4251 ignore (openoffice.org) just a crash
@@ -35,7 +37,7 @@
 CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped
 CVE-2007-4224 ignore (kdebase) too obvious -- mouse pointer indicates script activity
 CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664]
-CVE-2007-4137 VULNERABLE (qt) #292951
+CVE-2007-4137 backport (qt) #292951 [since FEDORA-2007-703]
 CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254129
 CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-683]
 CVE-2007-4029 backport (libvorbis) #250600 [since FEDORA-2007-677]
@@ -44,17 +46,19 @@
 CVE-2007-3999 backport (krb5) [since FEDORA-2007-690]
 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294911
 CVE-2007-3999 VULNERABLE (libtirpc) #294931
+CVE-2007-3998 backport (php) [since FEDORA-2007-709]
+CVE-2007-3996 backport (php) [since FEDORA-2007-709]
 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
 CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
 CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675]
 CVE-2007-3848 version (kernel) [since FEDORA-2007-679]
-CVE-2007-3847 VULNERABLE (httpd) #250756
+CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707]
 CVE-2007-3845 ignore (firefox) windows specific
 CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
 CVE-2007-3843 VULNERABLE (kernel) #246595
 CVE-2007-3841 ignore (pidgin) ethically disclosed
 CVE-2007-3820 ** (kdebase) #248537
-CVE-2007-3799 ** (php)
+CVE-2007-3799 backport (php) [since FEDORA-2007-709]
 CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654]
 CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.44)
 CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.44)
@@ -62,19 +66,20 @@
 CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655]
 CVE-2007-3508 ignore (glibc) not an issue
 CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561]
-CVE-2007-3478 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3477 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3476 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3475 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3474 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3473 VULNERABLE (gd, fixed 2.0.35) #277421
-CVE-2007-3472 VULNERABLE (gd, fixed 2.0.35) #277421
+CVE-2007-3478 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3477 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3476 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3475 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3474 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3473 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
+CVE-2007-3472 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692]
 CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809
 CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
 CVE-2007-3392 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
 CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
 CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
 CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628]
+CVE-2007-3388 backport (qt) [since FEDORA-2007-703]
 CVE-2007-3387 VULNERABLE (poppler) #251513
 CVE-2007-3387 backport (tetex) #251515 [since FEDORA-2007-669]
 CVE-2007-3387 backport (kdegraphics) #251511 [since FEDORA-2007-685]
@@ -94,14 +99,16 @@
 CVE-2007-2875 version (kernel) [since FEDORA-2007-600]
 *CVE-2007-2874 (wpa_supplicant) #242455
 CVE-2007-2873 version (spamassassin, fixed 3.1.9) [since FEDORA-2007-582]
+CVE-2007-2872 backport (php) [since FEDORA-2007-709]
 CVE-2007-2871 version (mozilla) #241840 [since FEDORA-2007-549]
 CVE-2007-2870 version (mozilla) #241840 [since FEDORA-2007-549]
 CVE-2007-2869 version (mozilla) #241840 [since FEDORA-2007-549]
 CVE-2007-2868 version (mozilla) #241840 [since FEDORA-2007-549]
 CVE-2007-2867 version (mozilla) #241840 [since FEDORA-2007-549]
-CVE-2007-2834 VULNERABLE (openoffice.org, fixed 2.3) #293371
+CVE-2007-2834 backport (openoffice.org, fixed 2.3) #293371 [since FEDORA-2007-700]
 CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-538]
 CVE-2007-2797 version (xterm)
+CVE-2007-2756 backport (php) [since FEDORA-2007-709]
 CVE-2007-2453 version (kernel) [since FEDORA-2007-600]
 CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600]
 CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529]
@@ -162,6 +169,7 @@
 CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
 CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
 CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
+CVE-2007-0242 backport (qt) [since FEDORA-2007-703]
 CVE-2007-0235 version (libgtop2, fixed 2.14.9) #222637 [since FEDORA-2007-657]
 CVE-2007-0104 ignore (poppler) only client DoS
 CVE-2007-0104 ignore (kdegraphics) only client DoS


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.122
retrieving revision 1.123
diff -u -r1.122 -r1.123
--- fc7	26 Sep 2007 15:57:23 -0000	1.122
+++ fc7	27 Sep 2007 12:55:40 -0000	1.123
@@ -6,16 +6,17 @@
 # A couple of first F7 updates were marked as FEDORA-2007-0001
 
 # Up to date CVE as of CVE email 20070914
-# Up to date FC7 as of 20070916
+# Up to date FC7 as of 20070926
 
-GENERIC-MAP-NOMATCH VULNERABLE (t1lib) #303021
-CVE-2007-5038 VULNERABLE (bugzilla, fixed 3.0.2, 3.1.2) #299981
+CVE-2007-5106 version (wordpress) affects old 2.0.x versions
+CVE-2007-5105 version (wordpress) affects old 2.0.x versions
+CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 [since FEDORA-2007-2299]
 CVE-2007-5037 VULNERABLE (inotify-tools) #299771
-CVE-2007-5034 VULNERABLE (elinks) #297981
+CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224]
 CVE-2007-5007 VULNERABLE (balsa) #297601
 GENERIC-MAP-NOMATCH VULNERABLE (duplicity) #293081
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-4974 VULNERABLE (libsndfile) #296221
+CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236]
 CVE-2007-4965 VULNERABLE (python) imageop module heap overflow
 CVE-2007-4924 VULNERABLE (ekiga, version 2.0.10) really opal 2.2.10 #297551
 CVE-2007-4897 version (ekiga, version 2.0.9) really opal 2.2.8
@@ -24,8 +25,8 @@
 CVE-2007-4841 ignore (mozilla suite) Windows only
 CVE-2007-4840 ignore (php)
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar)
-CVE-2007-4828 (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881
-CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) in updates-testing
+CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189]
+CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196]
 CVE-2007-4752 VULNERABLE (openssh) #280461
 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
 CVE-2007-4730 VULNERABLE (xorg-x11) #286051
@@ -41,6 +42,7 @@
 CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020]
 CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
 CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
+CVE-2007-4573 version (kernel) [since FEDORA-2007-2298]
 CVE-2007-4569 VULNERABLE (kdebase) #299731
 CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
 CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
@@ -54,6 +56,7 @@
 CVE-2007-4533 backport (vavoom) #256621 [since FEDORA-2007-1977]
 CVE-2007-4532 backport (vavoom) #256621 [since FEDORA-2007-1977]
 CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 [since FEDORA-2007-2050]
+CVE-2007-4465 version (httpd) [since FEDORA-2007-2214]
 CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
 CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
 CVE-2007-4400 VULNERABLE (konversation) #253545
@@ -75,11 +78,12 @@
 CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
 CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885]
 CVE-2007-4138 version (samba, fixed 3.0.26) #286311 [since FEDORA-2007-2145]
-CVE-2007-4137 VULNERABLE (qt) #292941
+CVE-2007-4137 backport (qt) #292941 [since FEDORA-2007-2216]
 CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852]
 CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890]
 CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765]
 CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765]
+CVE-2007-4033 VULNERABLE (t1lib) #303021
 CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
 CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017]
 CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017]
@@ -94,7 +98,7 @@
 CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3848 version (kernel) [since FEDORA-2007-1785]
-CVE-2007-3847 VULNERABLE (httpd) #250755
+CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214]
 CVE-2007-3845 ignore (firefox) windows specific
 CVE-2007-3844 VULNERABLE (firefox) #250648 "fixed on next update"
 CVE-2007-3843 VULNERABLE (kernel) #246595
@@ -138,7 +142,7 @@
 CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
 CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
 CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
-CVE-2007-3388 VULNERABLE (qt, fixed qt-3.3.8-20070727) patch available: 170529.diff
+CVE-2007-3388 backport (qt, fixed qt-3.3.8-20070727) patch available: 170529.diff [since FEDORA-2007-2216]
 CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383]
 CVE-2007-3387 backport (tetex) #251514 [since FEDORA-2007-1547]
 CVE-2007-3387 VULNERABLE (poppler) #251512
@@ -168,8 +172,8 @@
 CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
 CVE-2007-3122 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
 CVE-2007-3121 version (zvbi, fixed 0.2.25) [since FEDORA-2007-0175]
-*CVE-2007-3113 VULNERABLE (cacti) #243592
-*CVE-2007-3112 VULNERABLE (cacti) #243592
+CVE-2007-3113 backport (cacti) #243592 [since FEDORA-2007-2199]
+CVE-2007-3112 backport (cacti) #243592 [since FEDORA-2007-2199]
 CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444]
 CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765]
 CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]




More information about the fedora-extras-commits mailing list