FC6
Mark J Cox
mjc at redhat.com
Mon Sep 25 10:28:23 UTC 2006
On Sat, 23 Sep 2006, Jesse Keating wrote:
> For lack of a better process, I'd say each known (public) issue gets a
> bugzilla and blocks FC6Blocker .
Here is what I've marked FC6Blocker today. Seems sensible to get these
fixed before we release especially as the issues are all old.
CVE-2006-4624 VULNERABLE (mailman, fixed 2.1.9rc1) bz#206607 [FC6Blocker]
CVE-2006-4226 VULNERABLE (mysql, fixed 5.0.25,5.1.12) bz#203428 [FC6Blocker]
CVE-2006-4227 VULNERABLE (mysql, fixed 5.0.25,5.1.12) bz#203434 [FC6Blocker]
CVE-2006-4031 VULNERABLE (mysql, fixed 5.0.24) bz#202675 [FC6Blocker]
CVE-2006-3636 VULNERABLE (mailman, fixed 2.1.9) bz#206607 [FC6Blocker]
CVE-2006-2941 VULNERABLE (mailman, fixed 2.1.9) bz#206607 [FC6Blocker]
The following were vulnerable in Test3 but are fixed in dist-fc6 as of
today:
CVE-2006-4790 VULNERABLE (gnutls, fixed 1.4.4) [backported to 1.4.1-2 in rawhide]
CVE-2006-4571 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
CVE-2006-4571 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
CVE-2006-4570 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
CVE-2006-4569 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
CVE-2006-4568 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
CVE-2006-4567 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
CVE-2006-4567 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
CVE-2006-4566 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
CVE-2006-4566 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
CVE-2006-4565 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
CVE-2006-4565 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
CVE-2006-4538 VULNERABLE (kernel, fixed after 2.6.18-rc6)
CVE-2006-4340 VULNERABLE (nss, fixed 3.11.3) bz#206608 [in rawhide]
CVE-2006-4338 VULNERABLE (gzip) [in rawhide]
CVE-2006-4337 VULNERABLE (gzip) [in rawhide]
CVE-2006-4336 VULNERABLE (gzip) [in rawhide]
CVE-2006-4335 VULNERABLE (gzip) [in rawhide]
CVE-2006-4334 VULNERABLE (gzip) [in rawhide]
CVE-2006-4253 VULNERABLE (firefox, fixed 1.5.0.7) [in rawhide]
CVE-2006-4253 VULNERABLE (thunderbird, fixed 1.5.0.7) [in rawhide]
CVE-2006-3740 VULNERABLE (libXfont, fixed 1.2.2) bz#206609 [in rawhide]
CVE-2006-3739 VULNERABLE (libXfont, fixed 1.2.2) bz#206609 [in rawhide]
Which leaves the following which are the issues that are not fixed
upstream for whatever reason:
CVE-2006-4561 VULNERABLE (firefox)
CVE-2006-4261 VULNERABLE (firefox)
CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236
CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253
CVE-2005-4809 VULNERABLE (firefox)
CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix
CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
More information about the Fedora-security-list
mailing list