[Fedora-security-commits] fedora-security/audit f8, 1.41, 1.42 f9, 1.36, 1.37 fc7, 1.198, 1.199

Fri Dec 14 13:55:51 UTC 2007

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29581/audit

Modified Files:
	f8 f9 fc7 
Log Message:
mysql cleanup



Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42

--- f8	13 Dec 2007 12:41:06 -0000	1.41
+++ f8	14 Dec 2007 13:55:49 -0000	1.42
@@ -9,6 +9,8 @@
 
 CVE-2007-6321 VULENERABLE (roundcubemail) #423291
 CVE-2007-6318 VULNERABLE (wordpress)
+CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
+CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424931
 CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
 GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761
 GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761
@@ -32,6 +34,8 @@
 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
 CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
 CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
+CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
+CVE-2007-5969 VULNERABLE (mysql, fixed 5.0.51) #424931
 CVE-2007-5964 VULNERABLE (autofs) #409701
 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
 CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
@@ -43,7 +47,7 @@
 CVE-2007-5934 backport (php-pear-MDB2) #379101 [since FEDORA-2007-3376]
 CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379131 [since FEDORA-2007-3376]
 CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379161 [since FEDORA-2007-3376]
-CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql.
+CVE-2007-5925 VULNERABLE (mysql, fixed 5.0.54) #424931
 CVE-2007-5907 VULNERABLE (xen) #390111
 CVE-2007-5906 VULNERABLE (xen) #390111
 CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- f9	13 Dec 2007 12:41:06 -0000	1.36
+++ f9	14 Dec 2007 13:55:49 -0000	1.37
@@ -9,6 +9,8 @@
 
 CVE-2007-6321 VULENERABLE (roundcubemail) #423301
 CVE-2007-6318 VULNERABLE (wordpress)
+CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
+CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9]
 CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031
 CVE-2007-6283 VULNERABLE (bind) #423081
 CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9]
@@ -29,6 +31,8 @@
 CVE-2007-6013 VULNERABLE (wordpress)
 CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
 CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
+CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
+CVE-2007-5969 backport (mysql, fixed 5.0.51) [since mysql-5.0.45-6.fc9]
 CVE-2007-5964 VULNERABLE (autofs) #421371
 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
 CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
@@ -39,7 +43,7 @@
 CVE-2007-5934 version (php-pear-MDB2) #379111 [since php-pear-MDB2-2.4.1-2.fc9]
 CVE-2007-5934 version (php-pear-MDB2-Driver-mysql) #379141 [since php-pear-MDB2-Driver-mysql-1.4.1-3.fc9]
 CVE-2007-5934 version (php-pear-MDB2-Driver-mysqli) #379171 [since php-pear-MDB2-Driver-mysqli-1.4.1-3.fc9]
-CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql.
+CVE-2007-5925 backport (mysql, fixed 5.0.54) [since mysql-5.0.45-6.fc9]
 CVE-2007-5907 VULNERABLE (xen) #390121
 CVE-2007-5906 VULNERABLE (xen) #390121
 CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.198
retrieving revision 1.199
diff -u -r1.198 -r1.199
--- fc7	13 Dec 2007 12:41:06 -0000	1.198
+++ fc7	14 Dec 2007 13:55:49 -0000	1.199
@@ -10,6 +10,8 @@
 
 CVE-2007-6321 VULENERABLE (roundcubemail) #423281
 CVE-2007-6318 VULNERABLE (wordpress)
+CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
+CVE-2007-6303 VULNERABLE (mysql, fixed 5.0.52) #424921
 CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
 GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751
 GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751
@@ -22,7 +24,6 @@
 CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
 CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
 CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
-CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
 CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
 CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229]
 CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
@@ -33,6 +34,8 @@
 CVE-2007-6013 VULNERABLE (wordpress)
 CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
 CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
+CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
+CVE-2007-5969 VULNERABLE (mysql, fixed 5.0.51) #424921
 CVE-2007-5964 VULNERABLE (autofs) #421351
 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
 CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
@@ -44,7 +47,7 @@
 CVE-2007-5934 backport (php-pear-MDB2) #379091 [since FEDORA-2007-3369]
 CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379121 [since FEDORA-2007-3369]
 CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379151 [since FEDORA-2007-3369]
-CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql.
+CVE-2007-5925 VULNERABLE (mysql, fixed 5.0.54) #424921
 CVE-2007-5907 VULNERABLE (xen) #390101
 CVE-2007-5906 VULNERABLE (xen) #390101
 CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
@@ -239,8 +242,8 @@
 CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699]
 CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700]
 CVE-2007-3799 ** (php)
-CVE-2007-3781 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
 CVE-2007-3782 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
+CVE-2007-3781 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
 CVE-2007-3780 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
 CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620]
 CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138]
@@ -350,6 +353,9 @@
 CVE-2007-2756 ignore (gd) DoS only
 CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033]
 CVE-2007-2721 backport (jasper, fixed 1.900.1-2) #240397
+CVE-2007-2693 ignore (mysql, fixed 5.1.18) mysql 5.1+ only, requires partitioning
+CVE-2007-2692 version (mysql, fixed 5.0.45) [since FEDORA-2007-1197]
+CVE-2007-2691 version (mysql, fixed 5.0.45) [since FEDORA-2007-1197]
 CVE-2007-2683 backport (mutt)
 CVE-2007-2654 version (xfsdump) #240396
 CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154]
@@ -357,7 +363,7 @@
 *CVE-2007-2637 backport (moin, fixed 1.5.7-2)
 CVE-2007-2627 version (wordpress, fixed 2.2.1) #239904 [since FEDORA-2007-0894]
 *CVE-2007-2589 ** (squirrelmail)
-*CVE-2007-2583 ** (mysql)
+CVE-2007-2583 version (mysql, fixed 5.0.41)
 CVE-2007-2519 ignore (php-pear) no trust boundary is crossed
 CVE-2007-2511 ignore (php) #239011 see the bug
 CVE-2007-2510 version (php, fixed 5.2.2)


