[Fedora-security-commits] fedora-security/audit f8, 1.4, 1.5 f9, 1.3, 1.4 fc6, 1.290, 1.291 fc7, 1.163, 1.164

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Fri Nov 2 00:06:49 UTC 2007 

Author: lkundrak

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15980

Modified Files:
	f8 f9 fc6 fc7 
Log Message:
Created some tracking bug hierarchies, cleaned some stuff up a bit.
More to come.



Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- f8	1 Nov 2007 19:35:36 -0000	1.4
+++ f8	2 Nov 2007 00:06:47 -0000	1.5
@@ -10,18 +10,18 @@
 CVE-2007-5770 backport (ruby)
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
 CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641
-CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #357051
-CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081
-CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081
-CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #349011
+CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362771
+CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #362991
+CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #362991
+CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362801
 CVE-2007-5623 VULNERABLE (nagios-plugins, not fixed 1.4.10) #348731
 CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
-CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531
+CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #363001
 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
-CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #293081
-CVE-2007-5200 VULNERABLE (hugin) #332401
-CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #315101
-CVE-2007-5079 VULNERABLE (gdm) #239820 Red Hat specific problem
+CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362831
+CVE-2007-5200 VULNERABLE (hugin) #362861
+CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891
+CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem
 CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
 CVE-2007-5007 version (balsa, before 2.3.20) #297601
 CVE-2007-4999 version (pidgin, fixed 2.2.2)
@@ -32,18 +32,19 @@
 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5)
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
 CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) #339691
-CVE-2007-4400 VULNERABLE (konversation) #253545 Remove media script?
+CVE-2007-4400 VULNERABLE (konversation) #362921 Remove media script?
+CVE-2007-4351 VULNERABLE (cups) #362971
 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091
 CVE-2007-3999 VULNERABLE (libtirpc) #362111
-CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #350271
+CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #363061
 CVE-2007-3919 backport (xen, fixed 3.1.0-13) #361991
 CVE-2007-3844 version (firefox, fixed 2.0.0.6)
 CVE-2007-3843 version (kernel) #246595 No idea which version fixed this
 CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512
 CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
-CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244810
-CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244810
+CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #363081
+CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #363081
 CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
 CVE-2007-2165 version (proftpd, fixed 1.3.1rc3) #237533
 CVE-2007-1841 version (ipsec-tools, fixed 0.6.7) #238052
@@ -87,7 +88,7 @@
 CVE-2006-0987 ignore (bind) example config file only
 CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253
 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways
-CVE-2005-4790 VULNERABLE (tomboy) #252294
+CVE-2005-4790 VULNERABLE (tomboy) #362951
 CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness
 CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore")
 CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore")


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- f9	1 Nov 2007 19:35:36 -0000	1.3
+++ f9	2 Nov 2007 00:06:47 -0000	1.4
@@ -1,26 +1,26 @@
 # $Id$
 
 # ** are items that need attention
-# *CVE are items that need verification for Fedora 8
+# *CVE are items that need verification for Fedora 9
 # (mozilla) = (gecko-libs dependent stuff)
 
 # Up to date CVE as of CVE email 20071030
-# Up to date F8 as of 20071029
+# Up to date F9 as of 20071029
 
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
 CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641
-CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #357051
-CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081
-CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081
-CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #349011
-CVE-2007-5623 VULNERABLE (nagios-plugins, not fixed 1.4.10) #348731
-CVE-2007-5589 VULNERABLE (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
+CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362781
+CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360091
+CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360091
+CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362811
+CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731
+CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531
 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
-CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #293081
-CVE-2007-5200 VULNERABLE (hugin) #332401
-CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #315101
-CVE-2007-5079 VULNERABLE (gdm) #239820 Red Hat specific problem
+CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841
+CVE-2007-5200 VULNERABLE (hugin) #362871
+CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901
+CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
 CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
 CVE-2007-5007 version (balsa, before 2.3.20) #297601
 CVE-2007-4999 version (pidgin, fixed 2.2.2)
@@ -31,7 +31,8 @@
 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5)
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
 CVE-2007-4476 VULNERABLE (cpio, not fixed 2.9) #339691
-CVE-2007-4400 VULNERABLE (konversation) #253545 Remove media script?
+CVE-2007-4400 VULNERABLE (konversation) #362931 Remove media script?
+CVE-2007-4351 version (cups) #361681
 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101
 CVE-2007-3999 VULNERABLE (libtirpc) #362121
 CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #350271
@@ -41,8 +42,8 @@
 CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512
 CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
-CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244810
-CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244810
+CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244812
+CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244812
 CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
 CVE-2007-2165 version (proftpd, fixed 1.3.1rc3) #237533
 CVE-2007-1841 version (ipsec-tools, fixed 0.6.7) #238052
@@ -86,7 +87,7 @@
 CVE-2006-0987 ignore (bind) example config file only
 CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253
 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways
-CVE-2005-4790 VULNERABLE (tomboy) #252294
+CVE-2005-4790 VULNERABLE (tomboy) #362961
 CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness
 CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore")
 CVE-2003-1265 VULNERABLE (seamonkey) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 (probably "ignore")


Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.290
retrieving revision 1.291
diff -u -r1.290 -r1.291
--- fc6	1 Nov 2007 18:00:34 -0000	1.290
+++ fc6	2 Nov 2007 00:06:47 -0000	1.291
@@ -24,6 +24,7 @@
 CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718]
 CVE-2007-5137 backport (tk, fixed 8.4.16) #332071 [since FEDORA-2007-728]
 CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-725]
+CVE-2007-5079 VULNERABLE (gdm) #363031
 CVE-2007-5034 version (elinks) #297611 [since FEDORA-2007-710]
 CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-725]
 CVE-2007-4993 backport (xen) [since FEDORA-2007-713]
@@ -62,7 +63,7 @@
 CVE-2007-4224 backport (kdebase) too obvious -- mouse pointer indicates script activity [since FEDORA-2007-716]
 CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664]
 CVE-2007-4137 backport (qt) #292951 [since FEDORA-2007-703]
-CVE-2007-4134 VULNERABLE (star, fixed 1.5a84) #254129
+CVE-2007-4134 backport (star, fixed 1.5a84) #254129
 CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-683]
 CVE-2007-4029 backport (libvorbis) #250600 [since FEDORA-2007-677]
 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614]
@@ -74,13 +75,13 @@
 CVE-2007-3996 backport (php) [since FEDORA-2007-709]
 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
 CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
-CVE-2007-3920 VULNERABLE (gnome-screensaver) #350271
+CVE-2007-3920 VULNERABLE (compiz) #350271
 CVE-2007-3919 VULNERABLE (xen) #362001
 CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675]
 CVE-2007-3848 version (kernel) [since FEDORA-2007-679]
 CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707]
 CVE-2007-3845 ignore (firefox) windows specific
-CVE-2007-3844 VULNERABLE (firefox, fixed 2.0.0.6) #250648 "fixed on next update"
+CVE-2007-3844 version (firefox, fixed 2.0.0.6) #250648 "fixed on next update"
 CVE-2007-3843 VULNERABLE (kernel) #246595
 CVE-2007-3841 ignore (pidgin) ethically disclosed
 CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-716]
@@ -120,7 +121,7 @@
 CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594]
 CVE-2007-3126 ignore (gimp) just a crash
 CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-661]
-CVE-2007-3106 VULNERABLE (libvorbis) #250600
+CVE-2007-3106 backport (libvorbis) #250600 [since FEDORA-2007-677]
 CVE-2007-3102 backport (openssh) [since FEDORA-2007-715]
 CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647]
 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600]


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.163
retrieving revision 1.164
diff -u -r1.163 -r1.164
--- fc7	1 Nov 2007 18:00:34 -0000	1.163
+++ fc7	2 Nov 2007 00:06:47 -0000	1.164
@@ -9,26 +9,26 @@
 # Up to date FC7 as of 20071029
 
 CVE-2007-5770 backport (ruby) [since FEDORA-2007-2685]
-CVE-2007-5751 VULNERABLE (liferea, fixed 1.4.6) #360641
+CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
 CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
 CVE-2007-5715 backport (denyhosts) fixed long ago
-CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #357051
+CVE-2007-5712 VULNERABLE (Django, fixed 0.96.1) #362761
 CVE-2007-5708 VULNERABLE (openldap, fixed 2.3.39) #360081
 CVE-2007-5707 VULNERABLE (openldap, fixed 2.3.39) #360081
 CVE-2007-5626 ignore (bacula) known, documented limitation
-CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #349011
-CVE-2007-5623 VULNERABLE (nagios-plugins) #348731
+CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362791
+CVE-2007-5623 backport (nagios-plugins) #348731 [since FEDORA-2007-2713]
 CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
 CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
 CVE-2007-5595 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
 CVE-2007-5594 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
 CVE-2007-5593 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
-CVE-2007-5589 VULNERABLE (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6
+CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738]
 CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652]
 CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652]
 CVE-2007-5461 VULNERABLE (tomcat5) #334511 #334531
 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe
-CVE-2007-5386 VULNERABLE (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
+CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738]
 CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
 CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
 CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
@@ -42,9 +42,9 @@
 CVE-2007-5266 ignore (libpng) shipped version too old and not affected
 CVE-2007-5226 backport (dircproxy) #319301 [since FEDORA-2007-2419]
 CVE-2007-5208 backport (hplip) #329111 [since FEDORA-2007-2527]
-CVE-2007-5201 VULNERABLE (duplicity) #293081
-CVE-2007-5200 VULNERABLE (hugin) #332401
-CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #315101
+CVE-2007-5201 VULNERABLE (duplicity) #362821
+CVE-2007-5200 VULNERABLE (hugin) #362851
+CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881
 CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462]
 CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406]
 CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295]
@@ -52,13 +52,13 @@
 CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-2530]
 CVE-2007-5106 ignore (wordpress) affects old 2.0.x versions
 CVE-2007-5105 ignore (wordpress) affects old 2.0.x versions
-CVE-2007-5079 VULNERABLE (gdm) #239820
+CVE-2007-5079 VULNERABLE (gdm) #363011
 CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 [since FEDORA-2007-2299]
 CVE-2007-5037 VULNERABLE (inotify-tools) #299771
 CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224]
 CVE-2007-5007 VULNERABLE (balsa) #297601
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-4999 VULNERABLE (pidgin, fixed 2.2.2)
+CVE-2007-4999 version (pidgin, fixed 2.2.2) [since FEDORA-2007-2714]
 CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368]
 CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530]
 CVE-2007-4993 backport (xen) [since FEDORA-2007-2270]
@@ -112,9 +112,9 @@
 CVE-2007-4465 version (httpd) [since FEDORA-2007-2214]
 CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
 CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
-CVE-2007-4400 VULNERABLE (konversation) #253545
+CVE-2007-4400 VULNERABLE (konversation) #362911
 CVE-2007-4357 ignore (firefox) status bar can be overwrittten
-CVE-2007-4351 VULNERABLE (cups) #361661
+CVE-2007-4351 backport (cups) #361661 [since FEDORA-2007-2715]
 CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
 CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643
 CVE-2007-4255 ignore (php) msql extension not shipped
@@ -145,19 +145,19 @@
 CVE-2007-3999 VULNERABLE (libtirpc) #294921
 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
 CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
-CVE-2007-3920 VULNERABLE (gnome-screensaver) #350271
+CVE-2007-3920 VULNERABLE (compiz) #350271
 CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
 CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
-CVE-2007-3919 VULNERABLE (xen) #361981
+CVE-2007-3919 backport (xen) #361981 [since FEDORA-2007-2708]
 CVE-2007-3917 version (wesnoth, fixed 1.2.7) #324841 [since FEDORA-2007-2496]
 CVE-2007-3848 version (kernel) [since FEDORA-2007-1785]
 CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214]
 CVE-2007-3845 ignore (firefox) windows specific
-CVE-2007-3844 VULNERABLE (firefox, fixed 2.0.0.6) #250648 "fixed on next update"
+CVE-2007-3844 version (firefox, fixed 2.0.0.6) #250648 "fixed on next update"
 CVE-2007-3843 VULNERABLE (kernel) #246595
 CVE-2007-3841 ignore (pidgin) ethically disclosed
 CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699]
@@ -329,8 +329,8 @@
 *CVE-2007-1859 ** (xscreensaver)
 *CVE-2007-1858 ** (tomcat)
 CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch
-*CVE-2007-1841 VULNERABLE (ipsec-tools) #238052
-*CVE-2007-1804 VULNERABLE (pulseaudio) #235013
+CVE-2007-1841 version (ipsec-tools) #238052
+CVE-2007-1804 version (pulseaudio) #235013
 CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014
 CVE-2007-1797 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
 CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703
@@ -359,7 +359,7 @@
 CVE-2007-1558 version (balsa) [since FEDORA-2007-1447]
 CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1)
-*CVE-2007-1558 VULNERABLE (evolution)
+CVE-2007-1558 version (evolution)
 CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
 CVE-2007-1546 version (nas, fixed 1.8a-2) #233353
 CVE-2007-1545 version (nas, fixed 1.8a-2) #233353
@@ -399,8 +399,8 @@
 *CVE-2007-1359 backport (mod_security, fixed 2.1.0-3) #231728
 CVE-2007-1358 ** (tomcat5) #244810
 *CVE-2007-1354 ** (jboss)
-*CVE-2007-1352 VULNERABLE (libXfont) #235265
-*CVE-2007-1351 VULNERABLE (libXfont) #235265
+CVE-2007-1352 version (libXfont) #235265
+CVE-2007-1351 version (libXfont) #235265
 CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-0316]
 CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2)
 *CVE-2007-1322 ** (qemu) #238723
@@ -423,7 +423,7 @@
 CVE-2007-1230 version (wordpress, fixed 2.1.2)
 *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
 CVE-2007-1216 version (krb5, fixed 1.6-3) #231537
-*CVE-2007-1103 VULNERABLE (tor) #230927
+CVE-2007-1103 version (tor) #230927
 CVE-2007-1095 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
 CVE-2007-1092 version (seamonkey, fixed 1.0.8)
 CVE-2007-1055 version (mediawiki, fixed 1.8.3)
@@ -1341,7 +1341,7 @@
 CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug
 CVE-2005-4803 version (graphviz, fixed 2.2.1)
 CVE-2005-4798 version (kernel, not 2.6)
-CVE-2005-4790 VULNERABLE (tomboy) #252294
+CVE-2005-4790 VULNERABLE (tomboy) #362941
 CVE-2005-4784 ignore (glibc) struct dirent is big enough
 CVE-2005-4746 version (freeradius, fixed 1.0.5)
 CVE-2005-4745 version (freeradius, fixed 1.0.5)

More information about the Fedora-security-commits mailing list