fedora-security/audit fc7,1.1,1.2

Josh Bressers (bressers) fedora-extras-commits at redhat.com
Mon Jun 11 20:21:48 UTC 2007 

Author: bressers

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12078

Modified Files:
	fc7 
Log Message:
Add a number of outstanding CVE ids



Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- fc7	11 Jun 2007 17:23:05 -0000	1.1
+++ fc7	11 Jun 2007 20:21:46 -0000	1.2
@@ -9,46 +9,97 @@
 *CVE-2007-3113 VULNERABLE (cacti) #243592
 *CVE-2007-3112 VULNERABLE (cacti) #243592
 *CVE-2007-3025 ignore (clamav, Solaris only)
+*CVE-2007-3007 ignore (php) safe mode isn't safe
+*CVE-2007-2975 (openfire)
 *CVE-2007-2894 VULNERABLE (bochs) #241799
+*CVE-2007-2874 (wpa_supplicant) #242455
 *CVE-2007-2871 version (seamonkey, fixed 1.0.9)
 *CVE-2007-2870 version (seamonkey, fixed 1.0.9)
+*CVE-2007-2869 (firefox)
 *CVE-2007-2868 version (seamonkey, fixed 1.0.9)
 *CVE-2007-2867 version (seamonkey, fixed 1.0.9)
 *CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489
+*CVE-2007-2844 ignore (php) #241641
+*CVE-2007-2843 ignore (konqueror) safari specific
 *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970
+*CVE-2007-2799 (file)
+*CVE-2007-2768 (openssh)
+*CVE-2007-2756 ignore (gd) DoS only
+*CVE-2007-2754 (freetype)
 *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
+*CVE-2007-2683 (mutt)
 *CVE-2007-2654 VULNERABLE (xfsdump) #240396
 *CVE-2007-2650 ** (clamav) #240395
+*CVE-2007-2645 ignore (libexif) #240055 DoS only
 *CVE-2007-2637 patch (moin, fixed 1.5.7-2)
 *CVE-2007-2627 ** (wordpress) #239904
+*CVE-2007-2589 (squirrelmail)
+*CVE-2007-2583 (mysql)
+*CVE-2007-2519 ignore (php-pear) no trust boundary is crossed
+*CVE-2007-2511 ignore (php) #239011 see the bug
+*CVE-2007-2510 (php)
+*CVE-2007-2509 (php)
 *CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213
+*CVE-2007-2452 (locate)
+*CVE-2007-2447 (samba)
+*CVE-2007-2446 (samba)
 *CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398
+*CVE-2007-2444 (samba)
 *CVE-2007-2438 VULNERABLE (vim) #238734
+*CVE-2007-2437 ignore (xorg-x11) DoS only
+*CVE-2007-2435 (java)
 *CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615
 *CVE-2007-2381 ignore (MochiKit) #238616
+*CVE-2007-2356 (gimp)
+*CVE-2007-2353 (axis)
 *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882
+*CVE-2007-2243 (openssh)
+*CVE-2007-2241 (bind)
+*CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction
+*CVE-2007-2172 (kernel)
 *CVE-2007-2165 VULNERABLE (proftpd) #237533
+*CVE-2007-2138 (postgresql)
 *CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1)
 *CVE-2007-2029 ignore (clamav, 0.90/0.90.1 only)
+*CVE-2007-2028 (freeradius)
+*CVE-2007-2026 (file)
 *CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
 *CVE-2007-1997 ignore (clamav, 0.90/0.90.1 only)
+*CVE-2007-1995 (quagga) #240488
 *CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912
 *CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2)
 *CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912
 *CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
 *CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
+*CVE-2007-1864 (php)
+*CVE-2007-1862 (httpd)
+*CVE-2007-1859 (xscreensaver)
+*CVE-2007-1858 (tomcat)
 *CVE-2007-1856 VULNERABLE (vixie-cron) #235882
 *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052
 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013
 *CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014
 *CVE-2007-1745 ignore (clamav, 0.90/0.90.1 only) #236703
+*CVE-2007-1743 (httpd)
+*CVE-2007-1742 (httpd)
+*CVE-2007-1741 (httpd)
 *CVE-2007-1732 ignore (wordpress) #235015
+*CVE-2007-1718 (php)
+*CVE-2007-1717 (php)
+*CVE-2007-1711 (php)
+*CVE-2007-1710 (php)
+*CVE-2007-1709 (php)
+*CVE-2007-1667 (xorg-x11)
+*CVE-2007-1649 (php)
 *CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703
 *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
 *CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703
+*CVE-2007-1583 (php)
 *CVE-2007-1565 ignore (konqueror) client crash
 *CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564]
+*CVE-2007-1562 (firefox, seamonkey, thunderbird)
+*CVE-2007-1560 (squid)
 *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1)
 *CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
@@ -56,13 +107,19 @@
 *CVE-2007-1545 version (nas, fixed 1.8a-2) #233353
 *CVE-2007-1544 version (nas, fixed 1.8a-2) #233353
 *CVE-2007-1543 version (nas, fixed 1.8a-2) #233353
+*CVE-2007-1536 (file)
+*CVE-2007-1521 (php)
 *CVE-2007-1515 version (imp, fixed 4.1.4)
+*CVE-2007-1496 (kernel)
+*CVE-2007-1484 (php)
 *CVE-2007-1475 ignore (php) unshipped ibase extension
 *CVE-2007-1474 version (horde, fixed 3.1.4)
 *CVE-2007-1474 ignore (imp, < 4.x only)
 *CVE-2007-1473 version (horde, fixed 3.1.4)
+*CVE-2007-1466 (openoffice.org)
 *CVE-2007-1464 version (inkscape, fixed 0.45.1)
 *CVE-2007-1463 version (inkscape, fixed 0.45.1)
+*CVE-2007-1460 (php)
 *CVE-2007-1429 version (moodle, fixed 1.6.5) #232103
 *CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604
 *CVE-2007-1413 ignore (php) Windows NT SNMP specific
@@ -78,41 +135,62 @@
 *CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3)
 *CVE-2007-1385 version (ktorrent, fixed 2.1.2)
 *CVE-2007-1384 version (ktorrent, fixed 2.1.2)
+*CVE-2007-1375 (php)
 *CVE-2007-1366 ** (qemu) #238723
 *CVE-2007-1362 version (seamonkey, fixed 1.0.9)
 *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728
+*CVE-2007-1354 (jboss)
 *CVE-2007-1352 VULNERABLE (libXfont) #235265
 *CVE-2007-1351 VULNERABLE (libXfont) #235265
 *CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2)
 *CVE-2007-1322 ** (qemu) #238723
 *CVE-2007-1321 ** (qemu) #238723
 *CVE-2007-1320 ** (qemu) #238723
+*CVE-2007-1287 (php)
+*CVE-2007-1286 (php)
+*CVE-2007-1285 (php)
 *CVE-2007-1282 version (seamonkey, fixed 1.0.8)
 *CVE-2007-1277 version (wordpress, fixed 2.1.2)
 *CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733
 *CVE-2007-1263 version (gpgme, fixed 1.1.4)
 *CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315]
+*CVE-2007-1262 (squirrelmail)
 *CVE-2007-1253 patch (blender, fixed 2.42a-21) #239338
 *CVE-2007-1246 patch (xine-lib, fixed 1.1.4-3)
 *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898
 *CVE-2007-1230 version (wordpress, fixed 2.1.2)
 *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
+*CVE-2007-1216 (krb5)
 *CVE-2007-1103 VULNERABLE (tor) #230927
 *CVE-2007-1092 version (seamonkey, fixed 1.0.8)
 *CVE-2007-1055 version (mediawiki, fixed 1.8.3)
 *CVE-2007-1054 version (mediawiki, fixed 1.8.4)
 *CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991
+*CVE-2007-1036 (jboss)
+*CVE-2007-1030 (libevent)
+*CVE-2007-1007 (ekiga)
 *CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322]
 *CVE-2007-1004 VULNERABLE (firefox, ...)
 *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed  > X11R7.2) #235263
 *CVE-2007-1002 VULNERABLE (evolution) #233587
+*CVE-2007-1001 (php)
 *CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
+*CVE-2007-0999 (ekiga)
 *CVE-2007-0998 version (qemu, fixed 0.8.2)
 *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343]
 *CVE-2007-0996 version (seamonkey, fixed 1.0.8)
 *CVE-2007-0995 version (seamonkey, fixed 1.0.8)
+*CVE-2007-0988 (php)
 *CVE-2007-0981 VULNERABLE (firefox, ...)
 *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253
+*CVE-2007-0957 (krb5)
+*CVE-2007-0956 (krb5)
+*CVE-2007-0911 (php)
+*CVE-2007-0910 (php)
+*CVE-2007-0909 (php)
+*CVE-2007-0908 (php)
+*CVE-2007-0907 (php)
+*CVE-2007-0906 (php)
 *CVE-2007-0903 version (ejabberd, fixed 1.1.3)
 *CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764
 *CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764
@@ -128,7 +206,9 @@
 *CVE-2007-0778 version (seamonkey, fixed 1.0.8)
 *CVE-2007-0777 version (seamonkey, fixed 1.0.8)
 *CVE-2007-0775 version (seamonkey, fixed 1.0.8)
+*CVE-2007-0774 (mod_jk)
 *CVE-2007-0772 version (kernel) [since FEDORA-2007-291]
+*CVE-2007-0771 (kernel)
 *CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758
 *CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456
 *CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated
@@ -137,6 +217,8 @@
 *CVE-2007-0653 VULNERABLE (xmms) #233705
 *CVE-2007-0650 ignore (tetex) needs user's assistance
 *CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
+*CVE-2007-0578 (mpg321)
+*CVE-2007-0555 (postgresql)
 *CVE-2007-0541 version (wordpress, fixed 2.1-0) #225469
 *CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469
 *CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469
@@ -153,18 +235,27 @@
 *CVE-2007-0457 VULNERABLE (wireshark, fixed 0.99.5) #227140
 *CVE-2007-0456 VULNERABLE (wireshark, fixed 0.99.5) #227140
 *CVE-2007-0455 VULNERABLE (gd) #224610
+*CVE-2007-0454 (samba)
+*CVE-2007-0452 (samba)
 *CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
+*CVE-2007-0450 (tomcat)
+*CVE-2007-0448 (php)
 *CVE-2007-0405 version (Django, fixed 0.95.1)
 *CVE-2007-0404 version (Django, fixed 0.95.1)
 *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only)
 *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101
 *CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
 *CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
+*CVE-2007-0243 (java-ibm)
 *CVE-2007-0242 patch (qt4, fixed 4.2.3-7)
 *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378
+*CVE-2007-0239 (openoffice.org)
+*CVE-2007-0238 (openoffice.org)
 *CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage
+*CVE-2007-0227 (slocate)
 *CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958
 *CVE-2007-0160 patch (centericq, fixed 4.21.0-9) #227791
+*CVE-2007-0157 (neon)
 *CVE-2007-0109 version (wordpress, fixed 2.1-0) #223101
 *CVE-2007-0107 version (wordpress, fixed 2.1-0) #223101
 *CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101
@@ -172,6 +263,12 @@
 *CVE-2007-0104 ignore (kdegraphics) only client DoS
 *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694
 *CVE-2007-0086 ignore (apache) not a security issue
+*CVE-2007-0080 (freeradius)
+*CVE-2007-0048 (acroread)
+*CVE-2007-0046 (acroread)
+*CVE-2007-0045 (acroread)
+*CVE-2007-0044 (acroread)
+*CVE-2007-0010 (gtk2)
 *CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
 *CVE-2007-0009 ignore (seamonkey, uses system NSS)
 *CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
@@ -181,29 +278,48 @@
 *CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226]
 *CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
 *CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
+*CVE-2007-0001 (kernel)
+*CVE-2006-7205 (php)
+*CVE-2006-7204 (php)
+*CVE-2006-7197 (tomcat)
+*CVE-2006-7196 (tomcat)
+*CVE-2006-7195 (tomcat)
+*CVE-2006-7195 (tomcat)
 *CVE-2006-7193 ignore (php-Smarty, SMARTY_DIR is a constant)
+*CVE-2006-7176 (sendmail)
+*CVE-2006-7175 (sendmail)
 *CVE-2006-7162 version (putty, fixed 0.59) #231726
+*CVE-2006-7151 (libtool)
+*CVE-2006-7139 (kmail)
+*CVE-2006-7108 (util-linux)
 *CVE-2006-6979 backport (amarok, fixed 1.4.5-2) #228138
+*CVE-2006-6948 (myodbc)
 *CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1)
 *CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1)
 *CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1)
 *CVE-2006-6939 VULNERABLE (ed, fixed 0.3) #223075
 *CVE-2006-6899 version (bluez-utils, fixed 2.23)
 *CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019]
+*CVE-2006-6811 ignore (ksirc) DoS only
 *CVE-2006-6808 version (wordpress, fixed 2.1-0) #221023
 *CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410
 *CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077]
+*CVE-2006-6745 (java-ibm)
+*CVE-2006-6736 (java-ibm)
+*CVE-2006-6731 (java-ibm)
 *CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043]
 *CVE-2006-6698 VULNERABLE (GConf2) #219280
 *CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
 *CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
 *CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible
+*CVE-2006-6628 (openoffice.org)
 *CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
 *CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
 *CVE-2006-6610 version (nexuiz, fixed 2.2.1) #220034
 *CVE-2006-6609 version (nexuiz, fixed 2.2.1) #220034
 *CVE-2006-6574 backport (mantis, fixed 1.0.6-2) #219937
 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938
+*CVE-2006-6561 (openoffice.org)
 *CVE-2006-6515 version (mantis, fixed 1.0.6) #219720
 *CVE-2006-6505 version (seamonkey, fixed 1.0.7) #220516
 *CVE-2006-6504 version (seamonkey, fixed 1.0.7) #220516
@@ -214,6 +330,7 @@
 *CVE-2006-6499 version (seamonkey, fixed 1.0.7) #220516
 *CVE-2006-6498 version (seamonkey, fixed 1.0.7) #220516
 *CVE-2006-6497 version (seamonkey, fixed 1.0.7) #220516
+*CVE-2006-6493 (openldap)
 *CVE-2006-6481 version (clamav, fixed 0.88.7)
 *CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
 *CVE-2006-6385 ignore (kernel) windows only
@@ -227,6 +344,8 @@
 *CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441]
 *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
 *CVE-2006-6297 ignore (kdegraphics) just a crash
+*CVE-2006-6238 (konqueror) probably safari only
+*CVE-2006-6236 (acroread)
 *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821
 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
 *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820
@@ -243,6 +362,9 @@
 *CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
 *CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
 *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067]
+*CVE-2006-6103 (xorg-x11)
+*CVE-2006-6102 (xorg-x11)
+*CVE-2006-6101 (xorg-x11)
 *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393]
 *CVE-2006-6085 version (kile, fixed 1.9.3) #217238
 *CVE-2006-6077 VULNERABLE (firefox)
@@ -252,18 +374,24 @@
 *CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
 *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
+*CVE-2006-6027 (acroread)
+*CVE-2006-6015 (pcre)
 *CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6
 *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
 *CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508
+*CVE-2006-5969 (fvwm)
+*CVE-2006-5941 (net-snmp)
 *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support
 *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109]
 *CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4)
 *CVE-2006-5874 version (clamav, fixed 0.88.1)
 *CVE-2006-5871 version (kernel, fixed 2.6.10)
+*CVE-2006-5870 (openoffice.org)
 *CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560
 *CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042]
 *CVE-2006-5864 VULNERABLE (evince) #217672
 *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136
+*CVE-2006-5857 (acroread)
 *CVE-2006-5848 version (trac, fixed 0.10.1) #215077
 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
@@ -273,8 +401,10 @@
 *CVE-2006-5783 ignore (firefox) disputed
 *CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768
 *CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
+*CVE-2006-5754 (kernel)
 *CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
 *CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471]
+*CVE-2006-5750 (jboss)
 *CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2)
 *CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
 *CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822
@@ -314,6 +444,7 @@
 *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355
 *CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280
 *CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
+*CVE-2006-5330 (flash-plugin)
 *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
 *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
 *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
@@ -352,6 +483,7 @@
 *CVE-2006-4925 ignore (openssh) client crash only
 *CVE-2006-4924 backport (openssh, fixed 4.4)
 *CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr
+*CVE-2006-4816 (php)
 *CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058]
 *CVE-2006-4813 version (kernel, fixed 2.6.13)
 *CVE-2006-4812 backport (php) php-5.1.6-ecalloc.patch
@@ -369,6 +501,7 @@
 *CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514
 *CVE-2006-4684 version (zope, fixed 2.9.2)
 *CVE-2006-4663 ignore (kernel) not a vulnerability
+*CVE-2006-4640 (flash-plugin)
 *CVE-2006-4625 ignore (php) safe mode isn't safe
 *CVE-2006-4624 version (mailman, fixed 2.1.9rc1)
 *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1)
@@ -429,6 +562,7 @@
 *CVE-2006-4330 version (wireshark, fixed 0.99.3)
 *CVE-2006-4310 ignore (firefox) crash only
 *CVE-2006-4262 backport (cscope) 
+*CVE-2006-4261 (firefox)
 *CVE-2006-4253 version (thunderbird, fixed 1.5.0.7)
 *CVE-2006-4253 version (seamonkey, fixed 1.0.5) #209167
 *CVE-2006-4253 version (firefox, fixed 1.5.0.7)
@@ -439,9 +573,11 @@
 *CVE-2006-4226 version (mysql, fixed 5.0.26,5.1.12) #203428 [since FEDORA-2006-1297]
 *CVE-2006-4192 patch (libmodplug, fixed 0.8-3)
 *CVE-2006-4182 version (clamav, fixed 0.88.5) #210973
+*CVE-2006-4181 (gnuradius)
 *CVE-2006-4146 backport (gdb)
 *CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix
 *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9)
+*CVE-2006-4124 (lesstif)
 *CVE-2006-4096 backport (bind)
 *CVE-2006-4095 backport (bind)
 *CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5)
@@ -503,6 +639,7 @@
 *CVE-2006-3740 version (libXfont, fixed 1.2.2)
 *CVE-2006-3739 version (libXfont, fixed 1.2.2)
 *CVE-2006-3738 backport (openssl, fixed 0.9.8d)
+*CVE-2006-3733 ignore (jboss) cisco only
 *CVE-2006-3731 ignore (firefox) just a user complicit crash
 *CVE-2006-3694 version (ruby, fixed 1.8.5)
 *CVE-2006-3677 version (thunderbird, fixed 1.5.0.5)
@@ -521,6 +658,7 @@
 *CVE-2006-3627 version (wireshark, fixed 0.99.2)
 *CVE-2006-3626 version (kernel, fixed 2.6.17.6)
 *CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least)
+*CVE-2006-3587 (flash-plugin)
 *CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108
 *CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108
 *CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
@@ -544,6 +682,8 @@
 *CVE-2006-3376 backport (libwmf) from changelog
 *CVE-2006-3352 ignore (firefox) not a vulnerability
 *CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable
+*CVE-2006-3311 (flash-plugin)
+*CVE-2006-3276 (helixplayer)
 *CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12)
 *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped)
 *CVE-2006-3174 version (squirrelmail, fixed 1.4.7)
@@ -556,6 +696,7 @@
 *CVE-2006-3113 version (thunderbird, fixed 1.5.0.5)
 *CVE-2006-3113 version (seamonkey, fixed 1.0.4) #200455
 *CVE-2006-3113 version (firefox, fixed 1.5.0.5)
+*CVE-2006-3093 ignore (acroread) windows only
 *CVE-2006-3085 version (kernel, fixed 2.6.17.1)
 *CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux
 *CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4)
@@ -565,6 +706,7 @@
 *CVE-2006-3018 version (php, fixed 5.1.3)
 *CVE-2006-3017 version (php, fixed 5.1.3)
 *CVE-2006-3016 version (php, fixed 5.1.3)
+*CVE-2006-3014 ignore (flash-plugin) windows only
 *CVE-2006-3011 ignore (php) safe mode isn't safe
 *CVE-2006-3005 ignore (libjpeg) not a vuln
 *CVE-2006-2941 version (mailman, fixed 2.1.9)
@@ -613,17 +755,20 @@
 *CVE-2006-2661 version (freetype, fixed 2.2.1)
 *CVE-2006-2660 ignore (php) see #195539
 *CVE-2006-2658 version (xsp, fixed 1.1.14) #206510
+*CVE-2006-2657 (php)
 *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch
 *CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC
 *CVE-2006-2613 ignore (firefox) This isn't an issue on FC
 *CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_42-bz178431.patch
 *CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983
 *CVE-2006-2563 ignore (php) safe mode isn't safe
+*CVE-2006-2502 (cyrus-imapd)
 *CVE-2006-2489 version (nagios, fixed 2.3.1)
 *CVE-2006-2480 patch (dia, fixed 0.95-2) bz#192535
 *CVE-2006-2453 patch (dia, fixed 0.95-3) #192830
 *CVE-2006-2452 version (gdm)
 *CVE-2006-2451 version (kernel, fixed 2.6.17.4)
+*CVE-2006-2450 (vnc)
 *CVE-2006-2449 version (kdebase, fixed 3.5.4)
 *CVE-2006-2448 version (kernel, fixed 2.6.17)
 *CVE-2006-2447 version (spamassassin, fixed 3.1.3)
@@ -801,6 +946,7 @@
 *CVE-2006-1490 version (php, fixed 5.1.4)
 *CVE-2006-1470 version (openldap, not 2.3.24 at least)
 *CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353
+*CVE-2006-1370 (helixplayer)
 *CVE-2006-1368 version (kernel, fixed 2.6.16)
 *CVE-2006-1354 version (freeradius, fixed 1.1.2 at least)
 *CVE-2006-1343 version (kernel, fixed 2.6.16.19)
@@ -827,13 +973,16 @@
 *CVE-2006-1057 version (gdm, fixed 2.14.1)
 *CVE-2006-1056 version (kernel, fixed 2.6.16.9)
 *CVE-2006-1055 version (kernel, fixed 2.6.17)
+*CVE-2006-1053 (fedora directory server)
 *CVE-2006-1052 version (kernel, fixed 2.6.16)
 *CVE-2006-1045 version (thunderbird, fixed 1.5.0.2)
 *CVE-2006-1015 ignore (php) safe mode isn't safe
 *CVE-2006-1014 ignore (php) safe mode isn't safe
 *CVE-2006-0996 version (php, fixed 5.1.4)
+*CVE-2006-0987 (bind)
 *CVE-2006-0903 version (mysql, 4.1.19)
 *CVE-2006-0884 version (thunderbird, fixed 1.5.0.2)
+*CVE-2006-0883 (openssh)
 *CVE-2006-0855 patch (zoo, patched in OpenSUSE "upstream", fixed 2.10-7)
 *CVE-2006-0847 version (python-cherrypy, fixed 2.1.1)
 *CVE-2006-0841 version (mantis, fixed 1.0.1)
@@ -853,9 +1002,11 @@
 *CVE-2006-0746 version (kdegraphics, fixed 3.4)
 *CVE-2006-0745 version (xorg-x11-server, fixed 1.1.1 at least)
 *CVE-2006-0744 version (kernel, fixed 2.6.16.5)
+*CVE-2006-0743 (log4net)
 *CVE-2006-0742 version (kernel, fixed 2.6.16)
 *CVE-2006-0741 version (kernel, fixed 2.6.15.5)
 *CVE-2006-0730 version (dovecot, 1.0beta[12] only)
+*CVE-2006-0709 (metamail)
 *CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert
 *CVE-2006-0670 version (bluez-hcidump, fixed 1.30)
 *CVE-2006-0665 version (mantis, fixed 1.0.1)
@@ -879,9 +1030,13 @@
 *CVE-2006-0456 ignore (kernel) s390 only
 *CVE-2006-0455 version (gnupg, fixed 1.4.2.1)
 *CVE-2006-0454 version (kernel, fixed 2.6.15.3)
+*CVE-2006-0453 (fedora directory server)
+*CVE-2006-0452 (fedora directory server)
+*CVE-2006-0451 (fedora directory server)
 *CVE-2006-0405 version (libtiff, 3.8.0 only)
 *CVE-2006-0377 version (squirrelmail, fixed 1.4.6)
 *CVE-2006-0369 ignore (mysql) this is not a security issue
+*CVE-2006-0323 (helixplayer)
 *CVE-2006-0322 version (mediawiki, fixed 1.5.8)
 *CVE-2006-0321 version (fetchmail, fixed 6.3.2)
 *CVE-2006-0301 version (poppler, fixed 0.4.5)
@@ -919,9 +1074,12 @@
 *CVE-2006-0195 version (squirrelmail, fixed 1.4.6)
 *CVE-2006-0188 version (squirrelmail, fixed 1.4.6)
 *CVE-2006-0162 version (clamav, fixed 0.88)
+*CVE-2006-0151 (sudo)
+*CVE-2006-0150 (auth_ldap)
 *CVE-2006-0144 version (php-pear, not 1.4.4)
 *CVE-2006-0126 version (rxvt-unicode, fixed 7.5)
 *CVE-2006-0106 version (wine, fixed 0.9.10)
+*CVE-2006-0105 (postgresql)
 *CVE-2006-0097 ignore (php) Windows only
 *CVE-2006-0096 ignore (kernel) minor and requires root
 *CVE-2006-0095 version (kernel, fixed 2.6.16)
@@ -931,12 +1089,19 @@
 *CVE-2006-0052 version (mailman, fixed 2.1.6)
 *CVE-2006-0049 version (gnupg, fixed 1.4.2.2)
 *CVE-2006-0047 version (freeciv, fixed 2.0.8) bz#184507
+*CVE-2006-0043 ignore (nfs-server) we use the kernel nfs server
 *CVE-2006-0042 version (libapreq2, fixed 2.0.7)
 *CVE-2006-0039 version (kernel, fixed 2.6.16.17)
 *CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15)
 *CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15)
 *CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
+*CVE-2006-0024 (flash-plugin)
 *CVE-2006-0019 version (kdelibs, fixed 3.5.1)
+*CVE-2006-0017 (fedora directory server)
+*CVE-2006-0016 (fedora directory server)
+*CVE-2005-4838 (tomcat)
+*CVE-2005-4837 (net-snmp)
+*CVE-2005-4836 (tomcat)
 *CVE-2005-4811 version (kernel, fixed 2.6.13)
 *CVE-2005-4809 VULNERABLE (firefox)
 *CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug
@@ -958,6 +1123,7 @@
 *CVE-2005-4635 version (kernel, fixed 2.6.15)
 *CVE-2005-4618 version (kernel, fixed 2.6.15)
 *CVE-2005-4605 version (kernel, fixed 2.6.15)
+*CVE-2005-4601 (ImageMagick)
 *CVE-2005-4585 version (wireshark, fixed 0.10.14)
 *CVE-2005-4442 version (openldap) gentoo only
 *CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471]
@@ -967,13 +1133,22 @@
 *CVE-2005-4154 ignore (php) don't install untrusted pear packages
 *CVE-2005-4153 version (mailman)
 *CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html
+*CVE-2005-4130 (helixplayer)
+*CVE-2005-4126 (helixplayer)
 *CVE-2005-4077 version (curl, fixed 7.15.1)
+*CVE-2005-3964 (openmotif)
 *CVE-2005-3962 version (perl, fixed 5.8.8)
+*CVE-2005-3896 (firefox,seamonkey,thunderbird)
+*CVE-2005-3891 (pidgin)
+*CVE-2005-3890 (pidgin)
+*CVE-2005-3889 (pidgin)
+*CVE-2005-3888 (pidgin)
 *CVE-2005-3883 version (php, fixed 5.1.1 at least)
 *CVE-2005-3858 version (kernel, fixed 2.6.13)
 *CVE-2005-3857 version (kernel, fixed 2.6.15)
 *CVE-2005-3848 version (kernel, fixed 2.6.13)
 *CVE-2005-3847 version (kernel, fixed 2.6.12.6)
+*CVE-2005-3812 (firefox,seamonkey,thunderbird)
 *CVE-2005-3810 version (kernel, fixed 2.6.15)
 *CVE-2005-3809 version (kernel, fixed 2.6.15)
 *CVE-2005-3808 version (kernel, fixed 2.6.15)
@@ -992,6 +1167,7 @@
 *CVE-2005-3651 version (wireshark, fixed 0.10.14)
 *CVE-2005-3632 version (netpbm)
 *CVE-2005-3631 version (udev)
+*CVE-2005-3630 (fedora directory server)
 *CVE-2005-3629 version (initscripts, fixed 8.29 at least)
 *CVE-2005-3628 version (poppler, fixed 0.4.4)
 *CVE-2005-3628 version (kdegraphics, fixed 3.5.1)
@@ -1014,9 +1190,11 @@
 *CVE-2005-3624 version (cups, fixed 1.2.0)
 *CVE-2005-3624 backport (tetex)
 *CVE-2005-3623 version (kernel, fixed 2.6.14.5)
+*CVE-2005-3591 (flash-plugin)
 *CVE-2005-3582 version (ImageMagick) gentoo only
 *CVE-2005-3573 version (mailman, fixed 2.1.7)
 *CVE-2005-3527 version (kernel, fixed 2.6.14)
+*CVE-2005-3510 (tomcat)
 *CVE-2005-3402 ignore (thunderbird) mozilla say by design
 *CVE-2005-3392 version (php, not 5.0)
 *CVE-2005-3391 version (php, not 5.0)
@@ -1027,9 +1205,11 @@
 *CVE-2005-3358 version (kernel, fixed 2.6.11)
 *CVE-2005-3357 version (httpd, fixed 2.2.1)
 *CVE-2005-3356 version (kernel, fixed 2.6.16)
+*CVE-2005-3354 (sylpheed)
 *CVE-2005-3353 version (php, not 5.0)
 *CVE-2005-3352 version (httpd, fixed 2.2.1)
 *CVE-2005-3351 version (spamassassin, fixed 3.1.0)
+*CVE-2005-3350 (libungif)
 *CVE-2005-3322 version (squid) not upstream, SUSE only
 *CVE-2005-3319 ignore (mod_php) no security consequence
 *CVE-2005-3313 version (wireshark, fixed after 0.10.13)
@@ -1039,6 +1219,7 @@
 *CVE-2005-3273 version (kernel, fixed 2.6.12)
 *CVE-2005-3272 version (kernel, fixed 2.6.13)
 *CVE-2005-3271 version (kernel, fixed 2.6.9)
+*CVE-2005-3269 (fedora directory server)
 *CVE-2005-3258 version (squid, fixed 2.5STABLE12)
 *CVE-2005-3257 version (kernel, fixed 2.6.15)
 *CVE-2005-3249 version (wireshark, fixed 0.10.13)
@@ -1066,6 +1247,7 @@
 *CVE-2005-3185 version (wget, fixed 1.10.2 at least)
 *CVE-2005-3185 version (curl, fixed 7.15)
 *CVE-2005-3184 version (wireshark, fixed 0.10.13)
+*CVE-2005-3183 (w3c-libwww)
 *CVE-2005-3181 version (kernel, fixed 2.6.13.4)
 *CVE-2005-3180 version (kernel, fixed 2.6.13.4)
 *CVE-2005-3179 version (kernel, fixed 2.6.13.4)
@@ -1088,7 +1270,9 @@
 *CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
 *CVE-2005-2978 version (netpbm, fixed 10.25)
 *CVE-2005-2977 version (pam, fixed 0.99.2.1 at least)
+*CVE-2005-2976 (gdk-pixbuf)
 *CVE-2005-2975 version (gtk2, fixed 2.8.7)
+*CVE-2005-2974 (libungif)
 *CVE-2005-2973 version (kernel, fixed 2.6.14)
 *CVE-2005-2970 version (httpd, not 2.2)
 *CVE-2005-2969 version (openssl, fixed 0.9.8a)
@@ -1096,9 +1280,11 @@
 *CVE-2005-2968 version (thunderbird)
 *CVE-2005-2968 version (firefox)
 *CVE-2005-2959 ignore (sudo) not a vulnerability
+*CVE-2005-2958 (libgda)
 *CVE-2005-2946 version (openssl, fixed 0.9.8)
 *CVE-2005-2933 version (libc-client, fixed 2004g at least)
 *CVE-2005-2929 backport (lynx) changelog
+*CVE-2005-2922 (helixplayer)
 *CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
 *CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
 *CVE-2005-2874 version (cups, fixed 1.1.23)
@@ -1114,6 +1300,7 @@
 *CVE-2005-2796 version (squid, fixed 2.5.STABLE11)
 *CVE-2005-2794 version (squid, fixed 2.5.STABLE11)
 *CVE-2005-2728 version (httpd, not 2.2)
+*CVE-2005-2710 (helixplayer)
 *CVE-2005-2709 version (kernel, fixed 2.6.14.3)
 *CVE-2005-2708 ignore (kernel) not reproducable on x86_64
 *CVE-2005-2707 version (thunderbird)
@@ -1135,6 +1322,8 @@
 *CVE-2005-2666 version (openssh, fixed 4.0p1)
 *CVE-2005-2642 version (mutt) openbsd only
 *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
+*CVE-2005-2629 (helixplayer)
+*CVE-2005-2628 (flash-plugin)
 *CVE-2005-2617 version (kernel, fixed 2.6.12.5)
 *CVE-2005-2602 ignore (thunderbird) probably
 *CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
@@ -1213,6 +1402,7 @@
 *CVE-2005-2096 version (rpm, fixed 4.4.2)
 *CVE-2005-2096 backport (zlib, fixed 1.2.2.4)
 *CVE-2005-2095 version (squirrelmail, fixed 1.4.5)
+*CVE-2005-2090 (tomcat)
 *CVE-2005-2088 version (httpd, not 2.2)
 *CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180)
 *CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch
@@ -1239,11 +1429,13 @@
 *CVE-2005-1760 version (sysreport, fixed 1.4.1-3)
 *CVE-2005-1759 ignore (php) dead code path
 *CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used
+*CVE-2005-1753 (tomcat)
 *CVE-2005-1751 version (nmap, fixed 3.93 at least)
 *CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used
 *CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
 *CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least)
 *CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
+*CVE-2005-1730 (openssl)
 *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch
 *CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least)
 *CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch
@@ -1257,6 +1449,7 @@
 *CVE-2005-1532 version (firefox, fixed 1.0.4)
 *CVE-2005-1531 version (firefox, fixed 1.0.4)
 *CVE-2005-1519 version (squid, fixed 2.5.STABLE10)
+*CVE-2005-1476 (firefox,seamonkey,thunderbird)
 *CVE-2005-1470 version (wireshark, fixed 0.10.11)
 *CVE-2005-1469 version (wireshark, fixed 0.10.11)
 *CVE-2005-1468 version (wireshark, fixed 0.10.11)
@@ -1367,11 +1560,13 @@
 *CVE-2005-0709 version (mysql, fixed 4.1.11)
 *CVE-2005-0705 version (wireshark, fixed after 0.10.9)
 *CVE-2005-0704 version (wireshark, fixed after 0.10.9)
+*CVE-2005-0699 (wireshark)
 *CVE-2005-0698 version (wireshark, fixed after 0.10.9)
 *CVE-2005-0664 version (libexif, fixed 0.6.12)
 *CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless
 *CVE-2005-0627 version (qt, fixed 3.3.4)
 *CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
+*CVE-2005-0611 (helixplayer)
 *CVE-2005-0605 version (libXpm, fixed 3.5.4 at least)
 *CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour
 *CVE-2005-0596 version (php, fixed 5.0)
@@ -1389,6 +1584,7 @@
 *CVE-2005-0584 version (firefox)
 *CVE-2005-0578 version (firefox)
 *CVE-2005-0565 version (kernel, not 2.6)
+*CVE-2005-0546 (cyrus-imapd)
 *CVE-2005-0532 version (kernel, fixed 2.6.11)
 *CVE-2005-0531 version (kernel, fixed 2.6.11)
 *CVE-2005-0530 version (kernel, fixed 2.6.11)
@@ -1409,6 +1605,8 @@
 *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
 *CVE-2005-0468 version (krb5, fixed 1.4.1)
 *CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
+*CVE-2005-0455 (helixplayer)
+*CVE-2005-0452 (perl)
 *CVE-2005-0449 version (kernel, fixed 2.6.11)
 *CVE-2005-0448 version (perl, fixed 5.8.6)
 *CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
@@ -1451,6 +1649,8 @@
 *CVE-2005-0202 version (mailman, fixed 2.1.6)
 *CVE-2005-0201 version (dbus, fixed 0.36.1)
 *CVE-2005-0194 version (squid, fixed 2.5.STABLE8)
+*CVE-2005-0191 (helixplayer)
+*CVE-2005-0189 (helixplayer)
 *CVE-2005-0180 version (kernel, fixed 2.6.11)
 *CVE-2005-0179 version (kernel, fixed 2.6.11)
 *CVE-2005-0178 version (kernel, fixed 2.6.11)
@@ -1509,6 +1709,7 @@
 *CVE-2005-0034 version (bind, fixed after 9.3.0)
 *CVE-2005-0033 version (bind, not 9)
 *CVE-2005-0023 ignore (libvte) not a security risk
+*CVE-2005-0022 (exim)
 *CVE-2005-0014 version (ncpfs, fixed 2.2.6)
 *CVE-2005-0013 version (ncpfs, fixed 2.2.6)
 *CVE-2005-0011 version (kdeedu, not 3.4)
@@ -1523,7 +1724,10 @@
 *CVE-2005-0001 version (kernel, fixed 2.6.10)
 *CVE-2004-2660 version (kernel, fixed 2.6.10)
 *CVE-2004-2657 ignore (firefox) windows only
+*CVE-2004-2655 (xscreensaver)
 *CVE-2004-2654 version (squid, fixed 2.6STABLE6)
+*CVE-2004-2645 (asn1c)
+*CVE-2004-2644 (asn1c)
 *CVE-2004-2607 version (kernel, fixed 2.6.5)
 *CVE-2004-2589 version (gaim, fixed 0.82)
 *CVE-2004-2546 version (samba, fixed 3.0.6)
@@ -1603,6 +1807,7 @@
 *CVE-2004-1184 version (enscript, fixed 1.6.4 at least)
 *CVE-2004-1183 version (libtiff, fixed 3.7.2)
 *CVE-2004-1180 version (rwho, fixed 0.17)
+*CVE-2004-1178 (mailman)
 *CVE-2004-1177 version (mailman, fixed 2.1.6)
 *CVE-2004-1176 version (mc, fixed 4.6.0)
 *CVE-2004-1175 version (mc, fixed 4.6.0)
@@ -1801,6 +2006,7 @@
 *CVE-2004-0558 version (cups, fixed 1.1.21)
 *CVE-2004-0557 version (sox, fixed after 12.17.4)
 *CVE-2004-0554 version (kernel, fixed 2.6.7)
+*CVE-2004-0550 (helixplayer)
 *CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue
 *CVE-2004-0547 version (postgresql, fixed 7.2.1)
 *CVE-2004-0541 version (squid)
@@ -1850,6 +2056,7 @@
 *CVE-2004-0394 version (kernel, not 2.6) also not a vulnerability
 *CVE-2004-0392 version (racoon, fixed 20040407b)
 *CVE-2004-0388 version (mysql, fixed 4.1.11 at least)
+*CVE-2004-0387 (helixplayer)
 *CVE-2004-0381 version (mysql, fixed 4.1.11 at least)
 *CVE-2004-0367 version (wireshark, fixed 0.10.3)
 *CVE-2004-0365 version (wireshark, fixed 0.10.3)
@@ -1858,11 +2065,13 @@
 *CVE-2004-0233 version (libutempter, fixed 0.5.5)
 *CVE-2004-0232 version (mc, fixed 4.6.0)
 *CVE-2004-0231 version (mc, fixed 4.6.0)
+*CVE-2004-0230 (kernel)
 *CVE-2004-0229 version (kernel, fixed 2.6.6)
 *CVE-2004-0228 version (kernel, fixed 2.6.6)
 *CVE-2004-0226 version (mc, fixed 4.6.0)
 *CVE-2004-0189 version (squid, fixed 2.5.STABLE5)
 *CVE-2004-0186 version (samba, not 3.0.2a)
+*CVE-2004-0185 (wu-ftpd)
 *CVE-2004-0184 version (tcpdump, fixed 3.8.2)
 *CVE-2004-0183 version (tcpdump, fixed 3.8.2)
 *CVE-2004-0182 version (mailman) only affected Red Hat packages
@@ -1917,9 +2126,12 @@
 *CVE-2004-0005 version (gaim, fixed 0.76)
 *CVE-2004-0003 version (kernel, not 2.6)
 *CVE-2004-0001 version (kernel, not 2.6)
+*CVE-2003-1329 (wu-ftpd)
 *CVE-2003-1307 ignore (mod_php) not a vulnerability
 *CVE-2003-1303 version (php, fixed 4.3.3)
 *CVE-2003-1302 version (php, fixed 4.3.1)
+*CVE-2003-1295 (xscreensaver)
+*CVE-2003-1294 (xscreensaver)
 *CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
 *CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442
 *CVE-2003-1232 version (emacs, fixed 21.3)
@@ -1963,6 +2175,7 @@
 *CVE-2003-0914 version (bind, not 9)
 *CVE-2003-0901 version (postgresql, not 8)
 *CVE-2003-0900 version (perl, only 5.8.1)
+*CVE-2003-0885 (xscreensaver)
 *CVE-2003-0865 version (tomcat, fixed after 4.0.3)
 *CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html
 *CVE-2003-0861 version (php, fixed 4.3.3)
@@ -2387,8 +2600,19 @@
 *CVE-2002-0002 version (stunnel, fixed 3.22)
 *CVE-2002-0001 version (mutt, fixed 1.3.25)
 *CVE-2001-1494 version (util-linux, fixed 2.11n)
+*CVE-2001-1429 (mc)
 *CVE-2001-0955 version (XFree86, fixed 4.2.0)
+*CVE-2001-0935 (wu-ftpd)
 *CVE-2001-0474 version (mesa, fixed 3.3-14)
+*CVE-2001-0310 (sort)
+*CVE-2001-0235 (vixie-cron)
+*CVE-2001-0187 (wu-ftpd)
 *CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch
+*CVE-2000-1137 (ed)
+*CVE-2000-0992 (krb5)
 *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1)
 *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch
+*CVE-1999-1332 (gzip)
+*CVE-1999-0997 (wu-ftpd)
+*CVE-1999-0710 (squid)
+*CVE-1999-0103 (bind)

-- 
fedora-extras-commits mailing list
fedora-extras-commits at redhat.com
https://www.redhat.com/mailman/listinfo/fedora-extras-commits

More information about the Fedora-security-list mailing list