/[fedora]/fedora-security/audit/fc7
ViewVC logotype

Contents of /fedora-security/audit/fc7

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1.381 - (show annotations) (download)
Fri Jun 20 08:50:45 2008 UTC (17 months ago) by thoger
Branch: MAIN
CVS Tags: HEAD
Changes since 1.380: +3 -3 lines 
another week of issues
last update of fc7 file
1 # $Id: fc7,v 1.381 2008/06/20 08:50:45 thoger Exp $
2
3 # ** are items that need attention
4 # *CVE are items that need verification for Fedora 7
5 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
6 # A couple of first F7 updates were marked as FEDORA-2007-0001
7
8 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
9 rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
10 CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4440]
11 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4950]
12 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4606]
13 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
14 CVE-2008-2363 VULNERABLE (pan)
15 CVE-2008-2362 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285]
16 CVE-2008-2361 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285]
17 CVE-2008-2360 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285]
18 CVE-2008-2359 ignore (system-config-network) F8 specific issue
19 CVE-2008-2357 fixed (mtr, fixed 0.73)
20 CVE-2008-2302 fixed (Django, fixed 0.96.2) #447257 [since FEDORA-2008-4191]
21 CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5224]
22 CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
23 CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
24 CVE-2008-2168 ignore (httpd) browser issue, not apache
25 CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) #450649 [since FEDORA-2008-5239]
26 CVE-2008-2146 version (wordpress, fixed 2.2.3)
27 CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
28 CVE-2008-2109 fixed (libid3tag) #445813 [since FEDORA-2008-3874]
29 CVE-2008-2108 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734]
30 CVE-2008-2107 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734]
31 CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488]
32 CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
33 CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488]
34 CVE-2008-2085 VULNERABLE (sipp) #446219
35 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804
36 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319]
37 CVE-2008-2051 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734]
38 CVE-2008-2050 ignore (php, fixed 5.2.6)
39 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
40 CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-3.fc7]
41 CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
42 CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
43 CVE-2008-2000 ignore (WebKit) browser DoS
44 CVE-2008-1999 VULNERABLE (WebKit)
45 CVE-2008-1996 fixed (licq, fixed 1.3.6) #445237 [since FEDORA-2008-3909]
46 CVE-2008-1974 fixed (kronolith, fixed 3.1.8) #444403 [since FEDORA-2008-3460]
47 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
48 CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3508]
49 CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447509 [since FEDORA-2008-4274]
50 CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447509 [since FEDORA-2008-4274]
51 CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447509 [since FEDORA-2008-4274]
52 CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27)
53 CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc7]
54 CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc7]
55 CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
56 CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0
57 CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443939 [since FEDORA-2008-3920]
58 CVE-2008-1927 fixed (perl) [since FEDORA-2008-3399]
59 CVE-2008-1926 VULNERABLE (util-linux)
60 CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since FEDORA-2008-3560] PMASA-2008-3
61 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
62 CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3365]
63 CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443054 [since FEDORA-2008-3326] nsf demuxer overflow
64 CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3070]
65 CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
66 CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
67 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
68 CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358]
69 CVE-2008-1808 VULNERABLE (freetype, fixed 2.3.6)
70 CVE-2008-1807 VULNERABLE (freetype, fixed 2.3.6)
71 CVE-2008-1806 VULNERABLE (freetype, fixed 2.3.6)
72 CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5045]
73 CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985]
74 CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985]
75 CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985]
76 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993]
77 CVE-2008-1767 version (libxslt, fixed 1.1.24) [since libxslt-1.1.24-1.fc7]
78 CVE-2008-1729 ignore (drupal) 6.x only
79 CVE-2008-1722 fixed (cups) #445801 [since FEDORA-2008-3449]
80 CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060]
81 CVE-2008-1693 version (xpdf, fixed 3.02)
82 CVE-2008-1693 ignore (kdegraphics) not affected
83 CVE-2008-1693 ignore (koffice) not affected
84 CVE-2008-1693 fixed (poppler, fixed 0.6.2) #443026 [since FEDORA-2008-3312]
85 CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue
86 CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
87 CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117]
88 CVE-2008-1686 fixed (speex) #442571 [since FEDORA-2008-3191]
89 CVE-2008-1678 ignore (httpd) only affects systems with openssl >= 0.9.8e
90 CVE-2008-1677 VULNERABLE (fedora-ds-base) #445808
91 CVE-2008-1672 ignore (openssl, fixed 0.9.8h) not affected
92 CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
93 CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
94 CVE-2008-1670 fixed (kdelibs4) #444398 [since FEDORA-2008-3379] kdelibs 4.x only
95 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461
96 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788]
97 CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440248 [since FEDORA-2008-3010]
98 CVE-2008-1628 ignore (audit) affected function not used by anything
99 CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2815]
100 CVE-2008-1612 backport (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2729]
101 CVE-2008-1568 fixed (comix) improper shell escaping, bz#430635 [since FEDORA-2008-2993]
102 CVE-2008-1567 fixed (phpMyAdmin, fixed 2.11.5.1) [since FEDORA-2008-2874]
103 CVE-2008-1563 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941]
104 CVE-2008-1562 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941]
105 CVE-2008-1561 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941]
106 CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641]
107 CVE-2008-1532 version (Perlbal, fixed 1.70) #439055 [since FEDORA-2008-2788]
108 CVE-2008-1531 fixed (lighttpd) #439067 [since FEDORA-2008-3343]
109 CVE-2008-1515 fixed (otrs) #439933 [since FEDORA-2008-3100]
110 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846
111 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
112 CVE-2008-1482 fixed (xine-lib) #438669 [since FEDORA-2008-2945]
113 CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5)
114 CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471]
115 CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438666 [since FEDORA-2008-2678]
116 CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
117 CVE-2008-1423 fixed (libvorbis) #446341 [since FEDORA-2008-3898]
118 CVE-2008-1420 fixed (libvorbis) #446341 [since FEDORA-2008-3898]
119 CVE-2008-1419 fixed (libvorbis) #446341 [since FEDORA-2008-3898]
120 CVE-2008-1394 ignore (plone)
121 CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620]
122 CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
123 CVE-2008-1384 ignore (php, fixed 5.2.6)
124 CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4947]
125 CVE-2008-1382 fixed (libpng10) [since FEDORA-2008-3979]
126 CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444435 [since FEDORA-2008-3516]
127 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
128 CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442850 [since FEDORA-2008-3231]
129 CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519]
130 CVE-2008-1379 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285]
131 CVE-2008-1377 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285]
132 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
133 CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897]
134 CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
135 CVE-2008-1364 ignore (dhcp) not affected
136 CVE-2008-1360 VULNERABLE (nagios, fixed 2.11) #437851
137 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
138 CVE-2008-1333 ignore (asterisk) not affected
139 CVE-2008-1332 fixed (asterisk, fixed 1.4.18.1) #438132 [since FEDORA-2008-2620]
140 CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped
141 CVE-2008-1304 ignore (wordpress) bogus CVE id description?
142 CVE-2008-1292 fixed (viewvc) #435349 [since FEDORA-2008-2159]
143 CVE-2008-1291 fixed (viewvc) #435349 [since FEDORA-2008-2159]
144 CVE-2008-1290 fixed (viewvc) #435349 [since FEDORA-2008-2159]
145 CVE-2008-1289 fixed (asterisk, fixed 1.4.18.1) #438132 [since FEDORA-2008-2620]
146 CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2406]
147 CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
148 CVE-2008-1241 version (firefox, fixed 2.0.0.13)
149 CVE-2008-1241 version (seamonkey, fixed 1.1.9)
150 CVE-2008-1240 version (firefox, fixed 2.0.0.13)
151 CVE-2008-1240 version (seamonkey, fixed 1.1.9)
152 CVE-2008-1238 version (firefox, fixed 2.0.0.13)
153 CVE-2008-1238 version (seamonkey, fixed 1.1.9)
154 CVE-2008-1237 version (firefox, fixed 2.0.0.13)
155 CVE-2008-1237 version (seamonkey, fixed 1.1.9)
156 CVE-2008-1237 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519]
157 CVE-2008-1236 version (firefox, fixed 2.0.0.13)
158 CVE-2008-1236 version (seamonkey, fixed 1.1.9)
159 CVE-2008-1236 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519]
160 CVE-2008-1235 version (firefox, fixed 2.0.0.13)
161 CVE-2008-1235 version (seamonkey, fixed 1.1.9)
162 CVE-2008-1235 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519]
163 CVE-2008-1234 version (firefox, fixed 2.0.0.13)
164 CVE-2008-1234 version (seamonkey, fixed 1.1.9)
165 CVE-2008-1234 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519]
166 CVE-2008-1233 version (firefox, fixed 2.0.0.13)
167 CVE-2008-1233 version (seamonkey, fixed 1.1.9)
168 CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519]
169 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
170 CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2475] marginally affected
171 CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2475] not in default config
172 CVE-2008-1195 version (firefox, fixed 2.0.0.13)
173 CVE-2008-1195 version (seamonkey, fixed 1.1.9)
174 CVE-2008-1184 version (dnssec-tools, fixed 1.3.2) [since FEDORA-2008-1758]
175 CVE-2008-1161 version (xine-lib, fixed 1.1.10.1) [since FEDORA-2008-1581]
176 CVE-2008-1149 version (phpMyAdmin, fixed 2.11.5) [since FEDORA-2008-2229]
177 CVE-2008-1145 version (ruby, fixed 1.8.6-p114) [since FEDORA-2008-2458]
178 CVE-2008-1136 VULNERABLE (vdccm, fixed 0.10.1) #436025
179 CVE-2008-1133 ignore (drupal) #435815 drupal 6.x only
180 CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only
181 CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
182 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
183 CVE-2008-1109 fixed (evolution) #449922 [since FEDORA-2008-5018]
184 CVE-2008-1108 fixed (evolution) #449922 [since FEDORA-2008-5018]
185 CVE-2008-1105 fixed (samba, fixed 3.0.30) [since FEDORA-2008-4797]
186 CVE-2008-1103 VULNERABLE (blender) not fixed upstream
187 CVE-2008-1102 fixed (blender) #443935 [since FEDORA-2008-3862]
188 CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
189 CVE-2008-1099 fixed (moin) #438672 [since FEDORA-2008-3328]
190 CVE-2008-1098 fixed (moin) #438672 [since FEDORA-2008-3328]
191 CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package
192 CVE-2008-1072 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941]
193 CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941]
194 CVE-2008-1070 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941]
195 CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928]
196 CVE-2008-1066 fixed (gallery2) #438059 [since FEDORA-2008-2650]
197 CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656]
198 CVE-2008-1033 ignore (cups) only affected 1.3.6
199 CVE-2008-1026 fixed (WebKit, fixed r31388) [since FEDORA-2008-3415]
200 CVE-2008-1025 fixed (WebKit, fixed r31438) [since FEDORA-2008-3415]
201 CVE-2008-1011 fixed (WebKit) [since FEDORA-2008-3415]
202 CVE-2008-1010 fixed (WebKit) [since FEDORA-2008-3415]
203 CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
204 CVE-2008-0960 fixed (net-snmp, fixed 5.4.1.1) [since FEDORA-2008-5224]
205 CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
206 CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...
207 CVE-2008-0928 fixed (qemu) #433562 [since FEDORA-2008-1995]
208 CVE-2008-0928 fixed (kvm) #433565 [since FEDORA-2008-1993]
209 CVE-2008-0928 fixed (xen) #434638 [since FEDORA-2008-2083]
210 CVE-2008-0891 ignore (openssl, fixed 0.9.8h) not affected
211 CVE-2008-0888 ignore (unzip) caught by glibc malloc checks
212 CVE-2008-0887 fixed (gnome-screensaver) #440255 [since FEDORA-2008-2967]
213 CVE-2008-0806 fixed (wyrd) #433721 [since FEDORA-2008-1986]
214 CVE-2008-0882 fixed (cups, fixed 1.3.6) #433802 [since FEDORA-2008-1976]
215 CVE-2008-0782 fixed (moin) #432020 [since FEDORA-2008-1486]
216 CVE-2008-0781 fixed (moin) #432749 [since FEDORA-2008-1880]
217 CVE-2008-0780 fixed (moin) #432749 [since FEDORA-2008-1880]
218 CVE-2008-0807 fixed (turba) #433318 [since FEDORA-2008-2040]
219 CVE-2008-0786 version (cacti, fixed 0.8.7b) #432759
220 CVE-2008-0785 version (cacti, fixed 0.8.7b) #432759
221 CVE-2008-0784 version (cacti, fixed 0.8.7b) #432759
222 CVE-2008-0783 version (cacti, fixed 0.8.7b) #432759
223 CVE-2008-0728 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1608]
224 CVE-2008-0674 fixed (pcre, fixed 7.6) #431676 [since FEDORA-2008-1842]
225 CVE-2008-0668 fixed (gnumeric, fixed 1.8.1) #431228 [since FEDORA-2008-1313] SA28725
226 CVE-2008-0664 fixed (wordpress, fixed 2.3.3) #431550 [since FEDORA-2008-1559]
227 CVE-2008-0658 fixed (openldap) #432013 [since FEDORA-2008-1568]
228 CVE-2008-0646 fixed (deluge, fixed 0.5.8.3) [since FEDORA-2008-1198]
229 CVE-2008-0646 fixed (rb_libtorrent) [since FEDORA-2008-1245]
230 CVE-2008-0599 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734]
231 CVE-2008-0597 version (cups) only old CUPS versions affected
232 CVE-2008-0596 version (cups) only old CUPS versions affected
233 CVE-2008-0595 backport (dbus, fixed 1.1.20) [since FEDORA-2008-2043]
234 CVE-2008-0594 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
235 CVE-2008-0593 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
236 CVE-2008-0593 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
237 CVE-2008-0593 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
238 CVE-2008-0592 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
239 CVE-2008-0592 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
240 CVE-2008-0592 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
241 CVE-2008-0591 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
242 CVE-2008-0591 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
243 CVE-2008-0591 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
244 CVE-2008-0564 backport (mailman, fixed 2.1.10b1) [since FEDORA-2008-1356]
245 CVE-2008-0554 version (netpbm, fixed 10.27)
246 CVE-2008-0553 fixed (perl-Tk) #431531 [since FEDORA-2008-1384]
247 CVE-2008-0553 backport (tk, fixed 8.5.1) [since FEDORA-2008-1131]
248 CVE-2008-0553 fixed (tkimg) #444950 [since FEDORA-2008-3545]
249 CVE-2008-0544 fixed (SDL_image) #430695 [since FEDORA-2008-1208] ILBM overflow
250 CVE-2008-0486 fixed (xine-lib, fixed 1.1.10.1) #431542 [since FEDORA-2008-1581]
251 CVE-2008-0460 fixed (mediawiki) #430287 [since FEDORA-2008-2245]
252 CVE-2008-0420 version (firefox, fixed 2.0.0.12) [since FEDORA-2008-1435]
253 CVE-2008-0420 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1669]
254 CVE-2008-0420 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
255 CVE-2008-0419 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
256 CVE-2008-0419 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
257 CVE-2008-0419 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
258 CVE-2008-0418 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
259 CVE-2008-0418 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
260 CVE-2008-0418 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
261 CVE-2008-0417 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
262 CVE-2008-0417 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
263 CVE-2008-0416 version (firefox, fixed 2.0.0.12)
264 CVE-2008-0416 version (thunderbird, fixed 2.0.0.12)
265 CVE-2008-0416 version (seamonkey, fixed 1.1.8)
266 CVE-2008-0415 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
267 CVE-2008-0415 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
268 CVE-2008-0415 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
269 CVE-2008-0414 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
270 CVE-2008-0414 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
271 CVE-2008-0413 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
272 CVE-2008-0413 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
273 CVE-2008-0413 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
274 CVE-2008-0412 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
275 CVE-2008-0412 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
276 CVE-2008-0412 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
277 CVE-2008-0411 fixed (ghostscript) #435145 [since FEDORA-2008-2084]
278 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796]
279 CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015]
280 CVE-2008-0364 ignore (bittorrent) Windows only
281 CVE-2008-0320 fixed (openoffice.org, fixed 2.4) #442845 [since FEDORA-2008-4104]
282 CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1608]
283 CVE-2008-0314 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
284 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1669]
285 CVE-2008-0304 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
286 CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644]
287 CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469]
288 CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469]
289 CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469]
290 CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926
291 CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333]
292 CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since FEDORA-2008-1047]
293 CVE-2008-0225 version (xine-lib, fixed 1.1.9.1) [since FEDORA-2008-1047]
294 **CVE-2008-0196 version (wordpress, not fixed 2.0.11)
295 CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
296 **CVE-2008-0194 version (wordpress, not fixed 2.0.4)
297 CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2
298 **CVE-2008-0192 version (wordpress, not fixed 2.0.9)
299 CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
300 CVE-2008-0172 fixed (boost) #428974 [since FEDORA-2008-0880]
301 CVE-2008-0171 fixed (boost) #428974 [since FEDORA-2008-0880]
302 CVE-2008-0166 ignore (openssl) Debian specific
303 CVE-2008-0128 VULNERABLE (tomcat5) #429903
304 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
305 CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
306 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
307 CVE-2008-0073 fixed (xine-lib, fixed 1.1.11) #438191 [since FEDORA-2008-2945]
308 CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290]
309 CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
310 CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
311 CVE-2008-0053 fixed (cups) #440042 [since FEDORA-2008-2897]
312 CVE-2008-0047 fixed (cups) #440042 [since FEDORA-2008-2897]
313 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994]
314 CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891]
315 CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
316 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506]
317 CVE-2008-0002 ignore (tomcat5) #432475 tomcat 6.x only
318 CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443020 [since FEDORA-2008-3371]
319 CVE-2007-6703 VULNERABLE (vdccm, fixed 0.10.1) #436025
320 CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307]
321 CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430239 [since FEDORA-2008-1231]
322 CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
323 CVE-2007-6692 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
324 CVE-2007-6691 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
325 CVE-2007-6690 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
326 CVE-2007-6689 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
327 CVE-2007-6688 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
328 CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
329 CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
330 CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
331 CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104]
332 CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped
333 CVE-2007-6611 fixed (mantis) #427279 [since FEDORA-2008-0353]
334 CVE-2007-6601 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
335 CVE-2007-6600 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
336 CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password
337 CVE-2007-6596 ignore (clamav) Might be considered a mail client flaw, not security for upstream
338 CVE-2007-6595 version (clamav, fixed 0.92.1) #427287 issue (2) not security for upstream
339 CVE-2007-6532 version (libxfcegui4) #412751 [since FEDORA-2007-4385]
340 CVE-2007-6531 version (xfce-panel) #412751 [since FEDORA-2007-4385]
341 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584]
342 CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
343 CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
344 CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
345 CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
346 CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
347 CVE-2007-6429 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
348 CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
349 CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
350 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
351 CVE-2007-6422 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
352 CVE-2007-6421 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
353 CVE-2007-6420 ignore (httpd, fixed 2.2.9) wontfix by upstream
354 CVE-2007-6415 fixed (scponly, fixed 4.8) #429731 [since FEDORA-2008-1728]
355 CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
356 CVE-2007-6341 ignore (perl-Net-DNS) no impact
357 CVE-2007-6337 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
358 CVE-2007-6336 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
359 CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
360 CVE-2007-6437 fixed (syslog-ng) #426305 [since FEDORA-2008-0559]
361 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593]
362 CVE-2007-6389 fixed (gnome-screensaver) #426169 [since FEDORA-2008-2818]
363 CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551]
364 CVE-2007-6352 fixed (libexif) #425621 [since FEDORA-2007-4608]
365 CVE-2007-6351 fixed (libexif) #425621 [since FEDORA-2007-4608]
366 CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
367 CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
368 CVE-2007-6328 ignore (dosbox) design decision
369 CVE-2007-6321 fixed (roundcubemail) #423281 [since FEDORA-2008-5315]
370 CVE-2007-6318 VULNERABLE (wordpress)
371 CVE-2007-6313 ignore (mysql) 5.1+ only
372 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
373 CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471]
374 CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
375 CVE-2007-6286 fixed (tomcat5) #432475 [since FEDORA-2008-1603]
376 CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709]
377 CVE-2007-6284 version (libxml2, fixed 2.6.31) [since FEDORA-2008-0477]
378 CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658]
379 CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161]
380 CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]
381 CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
382 CVE-2007-6208 ignore (claws) We don't ship the script
383 CVE-2007-6207 ignore (kernel-xen) Xen cross-domain memory read, ia64 only
384 CVE-2007-6206 version (kernel, fixed 2.6.22.17) Core dump owner issue
385 CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
386 CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
387 CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229]
388 CVE-2007-6131 VULNERABLE (scanbuttond)
389 CVE-2007-6121 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
390 CVE-2007-6120 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
391 CVE-2007-6119 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
392 CVE-2007-6118 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
393 CVE-2007-6117 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
394 CVE-2007-6116 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
395 CVE-2007-6115 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
396 CVE-2007-6114 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
397 CVE-2007-6113 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
398 CVE-2007-6112 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
399 CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
400 CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
401 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
402 CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
403 CVE-2007-6061 fixed (audacity) #393251 [since FEDORA-2008-3456]
404 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
405 CVE-2007-6029 ignore (clamav) insufficient information about the issue
406 CVE-2007-6018 fixed (horde) #428629 [since FEDORA-2008-2087]
407 CVE-2007-6018 fixed (imp) #428633 [since FEDORA-2008-2087]
408 CVE-2007-6018 fixed (wordpress) #426432 [since FEDORA-2008-0126]
409 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269]
410 CVE-2007-6013 fixed (wordpress, fixed 2.5) [since wordpress-2.5.1-1.fc7]
411 CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
412 CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
413 CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
414 CVE-2007-5971 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
415 CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
416 CVE-2007-5969 backport (mysql, fixed 5.0.51) #424921 [since FEDORA-2007-4471]
417 CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4354]
418 CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469]
419 CVE-2007-5963 backport (kdebase) [since FEDORA-2008-1264]
420 CVE-2007-5962 fixed (vsftpd) [since FEDORA-2008-4373]
421 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
422 CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
423 CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
424 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
425 CVE-2007-5938 fixed (kernel) #385861 iwlwifi [since kernel-2.6.23.9-39.fc7]
426 CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows
427 CVE-2007-5936 backport (tetex) #379831 [since FEDORA-2007-3390] dviljk uses insecure temporary file
428 CVE-2007-5935 backport (tetex) #379831 [since FEDORA-2007-3390] dvips -z buffer overflow with long href
429 CVE-2007-5934 backport (php-pear-MDB2) #379091 [since FEDORA-2007-3369]
430 CVE-2007-5934 backport (php-pear-MDB2-Driver-mysql) #379121 [since FEDORA-2007-3369]
431 CVE-2007-5934 backport (php-pear-MDB2-Driver-mysqli) #379151 [since FEDORA-2007-3369]
432 CVE-2007-5925 backport (mysql, fixed 5.0.54) #424921 [since FEDORA-2007-4471]
433 CVE-2007-5907 VULNERABLE (xen) #390101
434 CVE-2007-5906 VULNERABLE (xen) #390101
435 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
436 CVE-2007-5901 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
437 CVE-2007-5900 ignore (php, fixed 5.2.5)
438 CVE-2007-5899 fixed (php, fixed 5.2.5) [since FEDORA-2008-1734]
439 CVE-2007-5898 fixed (php, fixed 5.2.5) [since FEDORA-2008-1734]
440 CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
441 CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
442 CVE-2007-5848 version (cups, fixed 1.2.0)
443 CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
444 CVE-2007-5803 VULNERABLE (nagios, fixed 2.12) #437851
445 CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
446 CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
447 CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
448 CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
449 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
450 CVE-2007-5747 fixed (openoffice.org, fixed 2.4) #442845 [since FEDORA-2008-4104]
451 CVE-2007-5746 fixed (openoffice.org, fixed 2.4) #442845 [since FEDORA-2008-4104]
452 CVE-2007-5745 fixed (openoffice.org, fixed 2.4) #442845 [since FEDORA-2008-4104]
453 CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
454 CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
455 CVE-2007-5715 backport (denyhosts) fixed long ago
456 CVE-2007-5712 version (Django, fixed 0.96.1) #362761 [since FEDORA-2007-3157]
457 CVE-2007-5708 backport (openldap, fixed 2.3.39) #360081 [since FEDORA-2007-3124]
458 CVE-2007-5707 backport (openldap, fixed 2.3.39) #360081 [since FEDORA-2007-3124]
459 CVE-2007-5690 version (zaptel) [since FEDORA-2007-3094] not really an issue
460 CVE-2007-5626 ignore (bacula) known, documented limitation
461 CVE-2007-5624 version (nagios, fixed 2.10) #362791 [since FEDORA-2007-4123]
462 CVE-2007-5623 backport (nagios-plugins) #348731 [since FEDORA-2007-2713]
463 CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
464 CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
465 CVE-2007-5595 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
466 CVE-2007-5594 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
467 CVE-2007-5593 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
468 CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738]
469 CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652]
470 CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652]
471 CVE-2007-5503 version (cairo, fixed 1.4.12) [since FEDORA-2007-3818]
472 CVE-2007-5501 version (kernel) [since FEDORA-2007-3751]
473 CVE-2007-5500 version (kernel) [since FEDORA-2007-3751]
474 CVE-2007-5497 fixed (e2fsprogs) #414571 [since FEDORA-2007-4461]
475 CVE-2007-5496 ignore (setroubleshoot, fixed 2.0)
476 CVE-2007-5495 version (setroubleshoot, fixed 1.9.4)
477 CVE-2007-5461 version (tomcat5) #334511 [since FEDORA-2007-3456]
478 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe
479 CVE-2007-5398 version (samba) [since FEDORA-2007-3402]
480 CVE-2007-5395 version (link-grammar) #372341 [since FEDORA-2007-3339]
481 CVE-2007-5393 backport (xpdf) #372461 [since FEDORA-2007-3031]
482 CVE-2007-5393 backport (cups) [since FEDORA-2007-3100]
483 CVE-2007-5393 fixed (poppler) #372501 [since FEDORA-2008-1651]
484 CVE-2007-5393 backport (kdegraphics) #372561 [since FEDORA-2007-2985]
485 CVE-2007-5393 backport (koffice) #372591 [since FEDORA-2007-3059]
486 CVE-2007-5393 backport (tetex) #372651 [since FEDORA-2007-3390]
487 CVE-2007-5392 backport (xpdf) #372461 [since FEDORA-2007-3031]
488 CVE-2007-5392 backport (cups) [since FEDORA-2007-3100]
489 CVE-2007-5392 fixed (poppler) #372501 [since FEDORA-2008-1651]
490 CVE-2007-5392 backport (kdegraphics) #372561 [since FEDORA-2007-2985]
491 CVE-2007-5392 backport (koffice) #372591 [since FEDORA-2007-3059]
492 CVE-2007-5392 backport (tetex) #372651 [since FEDORA-2007-3390]
493 CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 [since FEDORA-2007-2738]
494 CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
495 CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
496 CVE-2007-5339 version (thunderbird) [since FEDORA-2007-3431]
497 CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
498 CVE-2007-5337 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
499 CVE-2007-5335 version (mozilla) ff 2.0.0.8, does not affect ff1.5 [since FEDORA-2007-2664]
500 CVE-2007-5334 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
501 CVE-2007-5333 fixed (tomcat5) #428256 [since FEDORA-2008-1603]
502 CVE-2007-5269 version (libpng10) [since FEDORA-2007-2521]
503 CVE-2007-5269 version (libpng, fixed 1.2.21) #337461 [since FEDORA-2007-2666]
504 CVE-2007-5268 ignore (libpng) shipped version too old and not affected
505 CVE-2007-5267 ignore (libpng) shipped version too old and not affected
506 CVE-2007-5266 ignore (libpng) shipped version too old and not affected
507 CVE-2007-5226 backport (dircproxy) #319301 [since FEDORA-2007-2419]
508 CVE-2007-5208 backport (hplip) #329111 [since FEDORA-2007-2527]
509 CVE-2007-5201 fixed (duplicity) #362821 [since FEDORA-2008-1584]
510 CVE-2007-5200 backport (hugin) #362851 [since FEDORA-2007-2989]
511 CVE-2007-5198 fixed (nagios-plugins, fixed 1.4.10) #362881 [since FEDORA-2008-3146]
512 CVE-2007-5197 backport (mono, fixed 1.2.5.1) #367531 [since FEDORA-2007-3130]
513 CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462]
514 CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406]
515 CVE-2007-5159 backport (ntfs-3g) #298651 [since FEDORA-2007-2295]
516 CVE-2007-5137 backport (tk, fixed 8.4.16) #332061 [since FEDORA-2007-2564]
517 CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-2530]
518 CVE-2007-5116 backport (perl) #378131 [since FEDORA-2007-3255]
519 CVE-2007-5106 ignore (wordpress) affects old 2.0.x versions
520 CVE-2007-5105 ignore (wordpress) affects old 2.0.x versions
521 CVE-2007-5079 VULNERABLE (gdm) #363011
522 CVE-2007-5038 version (bugzilla, fixed 3.0.2, 3.1.2) #299981 [since FEDORA-2007-2299]
523 CVE-2007-5037 version (inotify-tools) #299771 [since FEDORA-2007-3074]
524 CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224]
525 CVE-2007-5007 version (balsa) #297601 [since FEDORA-2007-2302]
526 CVE-2007-5000 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
527 CVE-2007-4999 version (pidgin, fixed 2.2.2) [since FEDORA-2007-2714]
528 CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368]
529 CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530]
530 CVE-2007-4993 backport (xen) [since FEDORA-2007-2270]
531 CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) #373331 [since FEDORA-2007-4263]
532 CVE-2007-4974 backport (libsndfile) #296221 [since FEDORA-2007-2236]
533 CVE-2007-4965 backport (python) imageop module heap overflow [since FEDORA-2007-2663]
534 CVE-2007-4924 version (opal, fixed 2.2.10) #297551 [since FEDORA-2007-2245]
535 CVE-2007-4897 version (opal, fixed 2.2.9)
536 CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
537 CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
538 CVE-2007-4887 ignore (php, fixed 5.2.5)
539 CVE-2007-4879 version (firefox, fixed 2.0.0.13)
540 CVE-2007-4879 version (seamonkey, fixed 1.1.9)
541 CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137
542 CVE-2007-4850 ignore (php, fixed 5.2.6)
543 CVE-2007-4841 ignore (mozilla) Windows only
544 CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3431] windows only anyway
545 CVE-2007-4840 ignore (php, fixed 5.2.5)
546 CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321
547 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189]
548 CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196]
549 CVE-2007-4825 ignore (php, fixed 5.2.5)
550 CVE-2007-4784 ignore (php, fixed 5.2.5)
551 CVE-2007-4783 ignore (php, fixed 5.2.5)
552 CVE-2007-4782 fixed (php, fixed 5.2.5) [since FEDORA-2008-1734]
553 CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
554 CVE-2007-4771 fixed (icu) #430232 [since FEDORA-2008-1076]
555 CVE-2007-4770 fixed (icu) #430232 [since FEDORA-2008-1076]
556 CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
557 CVE-2007-4768 fixed (pcre, fixed 7.3) #378411 [since FEDORA-2008-1842]
558 CVE-2007-4767 fixed (pcre, fixed 7.3) #378411 [since FEDORA-2008-1842]
559 CVE-2007-4766 fixed (pcre, fixed 7.3) #378411 [since FEDORA-2008-1842]
560 CVE-2007-4752 VULNERABLE (openssh) #280461
561 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
562 CVE-2007-4730 ignore (xorg-x11) #286051 ajax says F7 is not vulnerable
563 CVE-2007-4727 version (lighttpd) #284511 [since FEDORA-2007-2132]
564 CVE-2007-4721 ignore (wireshark) duplicate of CVE-2007-6113
565 CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode
566 CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf
567 CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix
568 CVE-2007-4660 version (php, fixed 5.2.4) [since FEDORA-2007-2215]
569 CVE-2007-4659 version (php, fixed 5.2.4) #276531 [since FEDORA-2007-2215]
570 CVE-2007-4658 version (php, fixed 5.2.4) #278011 [since FEDORA-2007-2215]
571 CVE-2007-4657 version (php, fixed 5.2.4) [since FEDORA-2007-2215]
572 CVE-2007-4650 version (gallery2) #267421 [since FEDORA-2007-2020]
573 CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
574 CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
575 CVE-2007-4619 version (flac, fixed 1.2) #332571 [since FEDORA-2007-2596]
576 CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-4120]
577 CVE-2007-4573 version (kernel) [since FEDORA-2007-2298]
578 CVE-2007-4572 version (samba) [since FEDORA-2007-3402]
579 CVE-2007-4571 version (kernel) [since FEDORA-2007-2349]
580 CVE-2007-4569 backport (kdebase) #299731 [since FEDORA-2007-2361]
581 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) #373261 [since FEDORA-2007-4263]
582 CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
583 CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
584 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315281 Upstream WONTFIX. See where we use the code.
585 CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
586 CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
587 CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]
588 CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
589 CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
590 CVE-2007-4534 backport (vavoom) #256621 [since FEDORA-2007-1977]
591 CVE-2007-4533 backport (vavoom) #256621 [since FEDORA-2007-1977]
592 CVE-2007-4532 backport (vavoom) #256621 [since FEDORA-2007-1977]
593 CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 [since FEDORA-2007-2050]
594 CVE-2007-4476 backport (cpio) [since FEDORA-2007-2744]
595 CVE-2007-4476 backport (tar) [since FEDORA-2007-2673]
596 CVE-2007-4465 version (httpd) [since FEDORA-2007-2214]
597 CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
598 CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
599 CVE-2007-4400 fixed (konversation) #362911 [since FEDORA-2008-2122]
600 CVE-2007-4357 ignore (firefox) status bar can be overwrittten
601 CVE-2007-4352 backport (xpdf) #372461 [since FEDORA-2007-3031]
602 CVE-2007-4352 backport (cups) [since FEDORA-2007-3100]
603 CVE-2007-4352 fixed (poppler) #372501 [since FEDORA-2008-1651]
604 CVE-2007-4352 backport (kdegraphics) #372561 [since FEDORA-2007-2985]
605 CVE-2007-4352 backport (koffice) #372591 [since FEDORA-2007-3059]
606 CVE-2007-4352 backport (tetex) #372651 [since FEDORA-2007-3390]
607 CVE-2007-4351 backport (cups) #361661 [since FEDORA-2007-2715]
608 CVE-2007-4323 backport (denyhosts) #252291 [since FEDORA-2007-0589]
609 CVE-2007-4321 backport (fail2ban) #252290 [since FEDORA-2007-0621] version since FEDORA-2007-1643
610 CVE-2007-4255 ignore (php) msql extension not shipped
611 CVE-2007-4251 ignore (openoffice.org) just a crash
612 CVE-2007-4229 ignore (kdebase) just an ASSERT fail
613 CVE-2007-4255 backport (kdelibs) [since FEDORA-2007-1699]
614 CVE-2007-4225 backport (kdebase) [since FEDORA-2007-1700]
615 CVE-2007-4224 backport (kdelibs) [since FEDORA-2007-1699]
616 CVE-2007-4224 backport (kdebase) [since FEDORA-2007-1700]
617 CVE-2007-4211 version (dovecot, fixed 1.0.3) #251008 [since FEDORA-2007-1485]
618 CVE-2007-4174 version (tor, fixed 0.1.2.16) [since FEDORA-2007-1674]
619 CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-0414]
620 CVE-2007-4153 ignore (wordpress) "remote authenticated administrators"
621 CVE-2007-4154 ignore (wordpress) "remote authenticated administrators"
622 CVE-2007-4139 version (wordpress) #250751 [since FEDORA-2007-1885]
623 CVE-2007-4138 version (samba, fixed 3.0.26) #286311 [since FEDORA-2007-2145]
624 CVE-2007-4137 backport (qt) #292941 [since FEDORA-2007-2216]
625 CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852]
626 CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890]
627 CVE-2007-4129 VULNERABLE (coolkey) #280091
628 CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765]
629 CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765]
630 CVE-2007-4045 backport (cups) [since FEDORA-2007-3100]
631 CVE-2007-4033 backport (t1lib) #303021 [since FEDORA-2007-2343]
632 CVE-2007-4033 backport (tetex) [since FEDORA-2007-3390]
633 CVE-2007-4029 backport (libvorbis) #245991 [since FEDORA-2007-1765]
634 CVE-2007-4000 backport (krb5) [since FEDORA-2007-2017]
635 CVE-2007-3999 backport (krb5) [since FEDORA-2007-2017]
636 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294901
637 CVE-2007-3999 VULNERABLE (libtirpc) #294921
638 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
639 CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
640 CVE-2007-3920 fixed (compiz) #357071 [since xorg-x11-server-1.3.0.0-16.fc7]
641 CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
642 CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
643 CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
644 CVE-2007-3948 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
645 CVE-2007-3947 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
646 CVE-2007-3946 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
647 CVE-2007-3919 backport (xen) #361981 [since FEDORA-2007-2708]
648 CVE-2007-3917 version (wesnoth, fixed 1.2.7) #324841 [since FEDORA-2007-2496]
649 CVE-2007-3848 version (kernel) [since FEDORA-2007-1785]
650 CVE-2007-3847 version (httpd) #250755 [since FEDORA-2007-2214]
651 CVE-2007-3845 ignore (firefox) windows specific
652 CVE-2007-3844 version (firefox, fixed 2.0.0.6) #250648 "fixed on next update"
653 CVE-2007-3843 version (kernel) #246595
654 CVE-2007-3841 ignore (pidgin) ethically disclosed
655 CVE-2007-3820 backport (kdelibs) [since FEDORA-2007-1699]
656 CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-1700]
657 CVE-2007-3799 ** (php)
658 CVE-2007-3782 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
659 CVE-2007-3781 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
660 CVE-2007-3780 version (mysql, fixed 5.0.44) [since FEDORA-2007-1197]
661 CVE-2007-3770 backport (terminal/xfce) [since FEDORA-2007-1620]
662 CVE-2007-3738 version (mozilla) #248518 [since FEDORA-2007-1138]
663 CVE-2007-3737 version (mozilla) #248518 [since FEDORA-2007-1138]
664 CVE-2007-3736 version (mozilla) #248518 [since FEDORA-2007-1138]
665 CVE-2007-3735 version (mozilla) #248518 [since FEDORA-2007-1138]
666 CVE-2007-3728 ignore (libsilc, only 1.1.1)
667 CVE-2007-3725 version (clamav) [since FEDORA-2007-2050]
668 CVE-2007-3713 backport (centericq) #247979 [since FEDORA-2007-1160]
669 CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138]
670 CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130]
671 CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10)
672 CVE-2007-3568 backport (imlib) [since FEDORA-2007-4561]
673 CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445]
674 CVE-2007-3546 ignore (nessus-core) Windows only
675 CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904]
676 CVE-2007-3544 fixed (wordpress, NOT fixed 2.2.1) #245211 [since FEDORA-2007-0894] Incomplete fix for CVE-2007-3543
677 CVE-2007-3543 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
678 CVE-2007-3511 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
679 CVE-2007-3508 ignore (glibc) not an issue
680 CVE-2007-3506 version (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-0033]
681 CVE-2007-3507 version (flac123, fixed 0.0.10) #246322 [since FEDORA-2007-1045]
682 CVE-2007-3478 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
683 CVE-2007-3477 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
684 CVE-2007-3476 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
685 CVE-2007-3475 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
686 CVE-2007-3474 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
687 CVE-2007-3473 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
688 CVE-2007-3472 version (gd, fixed 2.0.35) #277411 [since FEDORA-2007-2055]
689 CVE-2007-3410 backport (HelixPlayer) #245838 [since FEDORA-2007-0756]
690 CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245807
691 CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
692 CVE-2007-3392 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
693 CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
694 CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
695 CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982]
696 CVE-2007-3388 backport (qt, fixed qt-3.3.8-20070727) patch available: 170529.diff [since FEDORA-2007-2216]
697 CVE-2007-3387 version (xpdf, fixed 3.02pl1) [since FEDORA-2007-1383]
698 CVE-2007-3387 backport (tetex) #251514 [since FEDORA-2007-1547]
699 CVE-2007-3387 fixed (poppler) #251512 [since FEDORA-2008-1651]
700 CVE-2007-3387 backport (kdegraphics) #251509 [since FEDORA-2007-1594]
701 CVE-2007-3387 backport (koffice) #251522 [since FEDORA-2007-1614]
702 CVE-2007-3387 backport (cups) #251518 [since FEDORA-2007-1541]
703 CVE-2007-3387 ignore (libextractor) http://bugs.gentoo.org/show_bug.cgi?id=188169
704 CVE-2007-3386 version (tomcat5) [since FEDORA-2007-3456]
705 CVE-2007-3385 version (tomcat5) [since FEDORA-2007-3456]
706 CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example
707 CVE-2007-3382 version (tomcat5) [since FEDORA-2007-3456]
708 CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-1362]
709 CVE-2007-3378 ignore (php) safe mode escape
710 CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since FEDORA-2007-0668]
711 CVE-2007-3304 backport (httpd) #244665 [since FEDORA-2007-0704]
712 CVE-2007-3294 ignore (php-extras) win only
713 CVE-2007-3280 ignore (postgresql) bogus CVE assignment
714 CVE-2007-3279 ignore (postgresql) bogus CVE assignment
715 CVE-2007-3278 version (postgresql, fixed 8.2.5)
716 CVE-2007-3257 backport (evolution) #244283 [since FEDORA-2007-0464]
717 CVE-2007-3241 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
718 CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
719 CVE-2007-3239 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
720 CVE-2007-3238 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
721 CVE-2007-3231 version (mecab, fixed 0.96) [since FEDORA-2007-0366]
722 CVE-2007-3209 ignore (mail-notification) shipped with SSL enabled
723 CVE-2007-3165 version (tor, fixed 0.1.2.14) #244502 [since FEDORA-2007-1674]
724 CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
725 CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 [since FEDORA-2007-0724]
726 CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
727 CVE-2007-3140 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
728 CVE-2007-3126 ignore (gimp) just a crash
729 CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
730 CVE-2007-3122 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
731 CVE-2007-3121 version (zvbi, fixed 0.2.25) [since FEDORA-2007-0175]
732 CVE-2007-3113 backport (cacti) #243592 [since FEDORA-2007-2199]
733 CVE-2007-3112 backport (cacti) #243592 [since FEDORA-2007-2199]
734 CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-1444]
735 CVE-2007-3106 backport (libvorbis) #245991 [since FEDORA-2007-1765]
736 CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
737 CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) [since FEDORA-2007-0543]
738 CVE-2007-3089 version (mozilla) #248518 [since FEDORA-2007-1138]
739 CVE-2007-3025 ignore (clamav, Solaris only)
740 CVE-2007-3024 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
741 CVE-2007-3023 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
742 CVE-2007-3007 ignore (php) safe mode isn't safe
743 *CVE-2007-2975 ** (openfire)
744 CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009]
745 CVE-2007-2958 backport (sylpheed) #254123 [since FEDORA-2007-1841]
746 CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581]
747 CVE-2007-2949 version (gimp, fixed 2.2.16) [since FEDORA-2007-0725]
748 CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
749 CVE-2007-2925 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
750 CVE-2007-2894 backport (bochs) #241799 [since FEDORA-2007-1778]
751 CVE-2007-2893 backport (bochs, fixed 2.3-5) #241799 [since FEDORA-2007-1153]
752 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ]
753 CVE-2007-2874 backport (wpa_supplicant) #242455 [since FEDORA-2007-0185]
754 CVE-2007-2873 version (spamassassin, fixed 3.2.1) [since FEDORA-2007-0390]
755 CVE-2007-2871 version (mozilla) #241840
756 CVE-2007-2870 version (mozilla) #241840
757 CVE-2007-2869 version (mozilla) #241840
758 CVE-2007-2868 version (mozilla) #241840
759 CVE-2007-2867 version (mozilla) #241840
760 CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 [since FEDORA-2007-0469]
761 CVE-2007-2844 ignore (php) #241641
762 CVE-2007-2843 ignore (konqueror) safari specific
763 CVE-2007-2834 backport (openoffice.org, fixed 2.3) #293361 [since FEDORA-2007-2372]
764 CVE-2007-2821 version (wordpress, fixed 2.2) #245211 [since FEDORA-2007-0894]
765 CVE-2007-2807 backport (eggdrop) [since FEDORA-2007-4325]
766 CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-0836]
767 CVE-2007-2798 version (krb5, fixed 1.6.1) [since FEDORA-2007-0740]
768 CVE-2007-2797 version (xterm) fixed in fc5 and fc6 before f7 release
769 CVE-2007-2768 ignore (openssh) needs pam OPIE which is not shipped.
770 CVE-2007-2756 ignore (gd) DoS only
771 CVE-2007-2754 backport (freetype) [since FEDORA-2007-0033]
772 CVE-2007-2721 backport (jasper, fixed 1.900.1-2) #240397
773 CVE-2007-2693 ignore (mysql, fixed 5.1.18) mysql 5.1+ only, requires partitioning
774 CVE-2007-2692 version (mysql, fixed 5.0.45) [since FEDORA-2007-1197]
775 CVE-2007-2691 version (mysql, fixed 5.0.45) [since FEDORA-2007-1197]
776 CVE-2007-2683 backport (mutt)
777 CVE-2007-2654 version (xfsdump) #240396
778 CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 [since FEDORA-2007-1154]
779 CVE-2007-2645 backport (libexif) #240055 [since FEDORA-2007-0414]
780 *CVE-2007-2637 backport (moin, fixed 1.5.7-2)
781 CVE-2007-2627 version (wordpress, fixed 2.2.1) #239904 [since FEDORA-2007-0894]
782 *CVE-2007-2589 ** (squirrelmail)
783 CVE-2007-2583 version (mysql, fixed 5.0.41)
784 CVE-2007-2519 ignore (php-pear) no trust boundary is crossed
785 CVE-2007-2511 ignore (php) #239011 see the bug
786 CVE-2007-2510 version (php, fixed 5.2.2)
787 CVE-2007-2509 version (php, fixed 5.2.2)
788 *CVE-2007-2500 backport (gnash, fixed 0.7.2-2) #239213
789 CVE-2007-2459 ignore (perl-Imager, fixed 0.57) not security according to upstream
790 CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ]
791 CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ]
792 *CVE-2007-2452 ** (locate)
793 CVE-2007-2450 version (tomcat5) #244810 [since FEDORA-2007-3456]
794 CVE-2007-2449 version (tomcat5) #244810 [since FEDORA-2007-3456]
795 CVE-2007-2448 version (subversion, fixed 1.4.4) #243856 [since FEDORA-2007-2635]
796 *CVE-2007-2447 ** (samba)
797 *CVE-2007-2446 ** (samba)
798 CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398
799 *CVE-2007-2444 ** (samba)
800 CVE-2007-2443 version (krb5, fixed 1.6.1) [since FEDORA-2007-0740]
801 CVE-2007-2442 version (krb5, fixed 1.6.1) [since FEDORA-2007-0740]
802 CVE-2007-2438 version (vim, fixed 7.0.235) #238734 [since FEDORA-2007-492]
803 CVE-2007-2437 ignore (xorg-x11) DoS only
804 *CVE-2007-2435 ** (java)
805 *CVE-2007-2423 backport (moin, fixed 1.5.7-2) #238722
806 CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615
807 CVE-2007-2381 ignore (MochiKit) #238616
808 *CVE-2007-2356 ** (gimp)
809 *CVE-2007-2353 ** (axis)
810 CVE-2007-2292 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
811 CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
812 CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped.
813 CVE-2007-2241 backport (bind) [since FEDORA-2007-0300]
814 CVE-2007-2241 version (bind, fixed 9.4.1)
815 CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction
816 CVE-2007-2172 version (kernel, fixed 2.6.21-rc6)
817 CVE-2007-2165 version (proftpd) #237533 [since FEDORA-2007-2613]
818 CVE-2007-2138 version (postgresql, fixed 8.2.4) #237682 [since FEDORA-2007-0174]
819 CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1)
820 CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 [since FEDORA-2007-2050]
821 CVE-2007-2028 version (freeradius)
822 *CVE-2007-2026 ** (file)
823 CVE-2007-2016 ignore (phpMyAdmin) < 2.8.0.2 never shipped
824 CVE-2007-1997 version (clamav, fixed in 0.90.2)
825 CVE-2007-1995 version (quagga, fixed CVE-2007-1995) #240488
826 CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912
827 CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2)
828 CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912
829 CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
830 CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
831 CVE-2007-1864 version (php, fixed 5.2.2)
832 CVE-2007-1863 backport (httpd) #244665 [since FEDORA-2007-0704]
833 CVE-2007-1862 backport (httpd) #242606 [since FEDORA-2007-0704]
834 *CVE-2007-1859 ** (xscreensaver)
835 *CVE-2007-1858 ** (tomcat)
836 CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch
837 CVE-2007-1841 version (ipsec-tools) #238052
838 CVE-2007-1804 version (pulseaudio) #235013
839 CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014
840 CVE-2007-1797 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
841 CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703
842 *CVE-2007-1743 ** (httpd)
843 *CVE-2007-1742 ** (httpd)
844 *CVE-2007-1741 ** (httpd)
845 CVE-2007-1732 ignore (wordpress) #235015
846 CVE-2007-1718 version (php, fixed 5.2.2)
847 CVE-2007-1717 version (php, fixed 5.2.2)
848 CVE-2007-1711 version (php, 4.4.5 and 4.4.6 only)
849 CVE-2007-1710 version (php, fixed 5.2.2)
850 CVE-2007-1709 ignore (php) no security impact
851 *CVE-2007-1667 ** (xorg-x11)
852 CVE-2007-1665 version (ekg) #246034 [since FEDORA-2007-0791]
853 CVE-2007-1664 version (ekg) #246034 [since FEDORA-2007-0791]
854 CVE-2007-1663 version (ekg) #246034 [since FEDORA-2007-0791]
855 CVE-2007-1662 fixed (pcre, fixed 7.3) #378411 [since FEDORA-2008-1842]
856 CVE-2007-1661 fixed (pcre, fixed 7.3) #378411 [since FEDORA-2008-1842]
857 CVE-2007-1660 fixed (pcre, fixed 7.3) #378411 [since FEDORA-2008-1842]
858 CVE-2007-1659 fixed (pcre, fixed 7.3) #378411 [since FEDORA-2008-1842]
859 CVE-2007-1649 version (php, fixed 5.2.2)
860 CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703
861 CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
862 CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703
863 CVE-2007-1583 version (php, fixed 5.2.2)
864 CVE-2007-1565 ignore (konqueror) client crash, duplicate of CVE-2007-1308
865 CVE-2007-1564 version (kdelibs) affects konqueror
866 CVE-2007-1562 version (mozilla) #241840
867 CVE-2007-1560 version (squid, fixed 2.6.STABLE12)
868 CVE-2007-1558 version (balsa) [since FEDORA-2007-1447]
869 CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
870 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1)
871 CVE-2007-1558 version (evolution)
872 CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
873 CVE-2007-1546 version (nas, fixed 1.8a-2) #233353
874 CVE-2007-1545 version (nas, fixed 1.8a-2) #233353
875 CVE-2007-1544 version (nas, fixed 1.8a-2) #233353
876 CVE-2007-1543 version (nas, fixed 1.8a-2) #233353
877 *CVE-2007-1536 ** (file)
878 CVE-2007-1521 ignore (php) See NVD
879 CVE-2007-1515 version (imp, fixed 4.1.4)
880 CVE-2007-1496 version (kernel, fixed 2.6.20.3)
881 CVE-2007-1484 ignore (php) See NVD
882 CVE-2007-1475 ignore (php) unshipped ibase extension
883 CVE-2007-1474 version (horde, fixed 3.1.4)
884 CVE-2007-1474 ignore (imp, < 4.x only)
885 CVE-2007-1473 version (horde, fixed 3.1.4)
886 *CVE-2007-1466 ** (openoffice.org)
887 CVE-2007-1464 version (inkscape, fixed 0.45.1)
888 CVE-2007-1463 version (inkscape, fixed 0.45.1)
889 CVE-2007-1460 version (php, fixed 5.2.2)
890 CVE-2007-1429 version (moodle, fixed 1.6.5) #232103
891 CVE-2007-1420 version (mysql, fixed 5.0.36) #232604
892 CVE-2007-1413 ignore (php) Windows NT SNMP specific
893 CVE-2007-1412 ignore (php) unshipped cpdf extension
894 CVE-2007-1411 ignore (php) unshipped mssql extension
895 CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729
896 CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729
897 CVE-2007-1401 ignore (php) unshipped cracklib extension
898 CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5)
899 CVE-2007-1398 ignore (snort, inline mode not shipped) #232109, new upstream [since FEDORA-2007-2060]
900 CVE-2007-1396 ignore (php) feature, not a flaw
901 *CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2)
902 *CVE-2007-1387 backport (xine-lib, fixed 1.1.4-3)
903 *CVE-2007-1385 version (ktorrent, fixed 2.1.2)
904 *CVE-2007-1384 version (ktorrent, fixed 2.1.2)
905 CVE-2007-1375 version (php, fixed 5.2.2)
906 *CVE-2007-1366 ** (qemu) #238723
907 CVE-2007-1362 version (seamonkey, fixed 1.0.9) #241840
908 *CVE-2007-1359 backport (mod_security, fixed 2.1.0-3) #231728
909 CVE-2007-1358 version (tomcat5) #244810 [since FEDORA-2007-3456]
910 CVE-2007-1355 version (tomcat5) [since FEDORA-2007-3456]
911 *CVE-2007-1354 ** (jboss)
912 CVE-2007-1352 version (libXfont) #235265
913 CVE-2007-1351 version (libXfont) #235265
914 CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-0316]
915 CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2)
916 *CVE-2007-1322 ** (qemu) #238723
917 *CVE-2007-1321 ** (qemu) #238723
918 CVE-2007-1321 backport (xen) [since FEDORA-2007-2270]
919 CVE-2007-1320 VULNERABLE (qemu)
920 CVE-2007-1320 VULNERABLE (kvm)
921 CVE-2007-1308 version (kdelibs)
922 CVE-2007-1287 ignore (php) See NVD
923 CVE-2007-1286 version (php, PHP4 only)
924 CVE-2007-1285 version (php, fixed 5.2.2)
925 CVE-2007-1282 version (seamonkey, fixed 1.0.8)
926 CVE-2007-1277 version (wordpress, fixed 2.1.2)
927 CVE-2007-1267 ignore (sylpheed) uses gpgme #231733
928 CVE-2007-1263 version (gpgme, fixed 1.1.4)
929 CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315]
930 *CVE-2007-1262 ** (squirrelmail)
931 *CVE-2007-1253 backport (blender, fixed 2.42a-21) #239338
932 *CVE-2007-1246 backport (xine-lib, fixed 1.1.4-3)
933 CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898
934 CVE-2007-1230 version (wordpress, fixed 2.1.2)
935 *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347]
936 CVE-2007-1216 version (krb5, fixed 1.6-3) #231537
937 CVE-2007-1103 version (tor) #230927
938 CVE-2007-1095 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664]
939 CVE-2007-1092 version (seamonkey, fixed 1.0.8)
940 CVE-2007-1055 version (mediawiki, fixed 1.8.3)
941 CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
942 CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991
943 *CVE-2007-1036 ** (jboss)
944 *CVE-2007-1030 ** (libevent)
945 *CVE-2007-1007 ** (ekiga)
946 *CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322]
947 CVE-2007-1004 version (mozilla)
948 CVE-2007-1003 version (xorg-x11-server, fixed > X11R7.2) #235263
949 CVE-2007-1002 version (evolution) #233587
950 CVE-2007-1001 version (php, fixed 5.2.2)
951 CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335]
952 *CVE-2007-0999 ** (ekiga)
953 CVE-2007-0998 version (qemu, fixed 0.8.2)
954 *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343]
955 CVE-2007-0996 version (seamonkey, fixed 1.0.8)
956 CVE-2007-0995 version (seamonkey, fixed 1.0.8)
957 CVE-2007-0988 version (php, fixed 5.2.1)
958 CVE-2007-0981 version (mozilla)
959 CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253
960 CVE-2007-0957 backport (krb5, fixed 1.6-3) #231528
961 CVE-2007-0956 backport (krb5, fixed 1.6-3) #229782
962 CVE-2007-0911 version (php, 5.2.1 only)
963 CVE-2007-0910 version (php, fixed 5.2.1)
964 CVE-2007-0909 version (php, fixed 5.2.1)
965 CVE-2007-0908 version (php, fixed 5.2.1)
966 CVE-2007-0907 version (php, fixed 5.2.1)
967 CVE-2007-0906 version (php, fixed 5.2.1)
968 CVE-2007-0903 version (ejabberd, fixed 1.1.3)
969 *CVE-2007-0902 backport (moin, fixed 1.5.7-2) #228764
970 *CVE-2007-0901 backport (moin, fixed 1.5.7-2) #228764
971 CVE-2007-0898 version (clamav, fixed 0.90) #229202
972 CVE-2007-0897 version (clamav, fixed 0.90) #229202
973 CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
974 CVE-2007-0884 ignore (mimedefang) #228757 2.59/2.60 not shipped
975 CVE-2007-0857 version (moin, fixed 1.5.7) #228139
976 CVE-2007-0844 version (pam_ssh, fixed 1.92) #253959 [since FEDORA-2007-1793]
977 CVE-2007-0823 ignore (xterm) feature, not a bug
978 CVE-2007-0822 ignore (util-linux) NULL dereference
979 CVE-2007-0780 version (seamonkey, fixed 1.0.8)
980 CVE-2007-0779 version (seamonkey, fixed 1.0.8)
981 CVE-2007-0778 version (seamonkey, fixed 1.0.8)
982 CVE-2007-0777 version (seamonkey, fixed 1.0.8)
983 CVE-2007-0775 version (seamonkey, fixed 1.0.8)
984 *CVE-2007-0774 ** (mod_jk)
985 CVE-2007-0772 version (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
986 CVE-2007-0771 backport (kernel, fixed 2.6.20-1.2933) #227952
987 CVE-2007-0770 backport (GraphicsMagick, fixed 1.1.7-7) #228758
988 CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456
989 CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated
990 CVE-2007-0657 ignore (nexuiz, 2.2.2 only (not shipped), fixed 2.2.3)
991 *CVE-2007-0650 ignore (tetex) needs user's assistance
992 CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
993 *CVE-2007-0578 ** (mpg321)
994 *CVE-2007-0555 ** (postgresql)
995 CVE-2007-0541 version (wordpress, fixed 2.1-0) #225469
996 CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469
997 CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469
998 CVE-2007-0537 version (kdebase) #225420
999 CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147]
1000 CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147]
1001 CVE-2007-0475 version (smb4k, fixed 0.8.0)
1002 CVE-2007-0474 version (smb4k, fixed 0.8.0)
1003 CVE-2007-0473 version (smb4k, fixed 0.8.0)
1004 CVE-2007-0472 version (smb4k, fixed 0.8.0)
1005 CVE-2007-0469 version (rubygems, fixed 0.9.1)
1006 CVE-2007-0459 version (wireshark, fixed 0.99.5) #227140
1007 CVE-2007-0458 version (wireshark, fixed 0.99.5) #227140
1008 CVE-2007-0457 version (wireshark, fixed 0.99.5) #227140
1009 CVE-2007-0456 version (wireshark, fixed 0.99.5) #227140
1010 CVE-2007-0455 version (gd, fixed 2.0.34) #224610
1011 *CVE-2007-0454 ** (samba)
1012 *CVE-2007-0452 ** (samba)
1013 CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241]
1014 *CVE-2007-0450 ** (tomcat)
1015 CVE-2007-0448 ignore (php) safe mode isn't safe
1016 CVE-2007-0405 version (Django, fixed 0.95.1)
1017 CVE-2007-0404 version (Django, fixed 0.95.1)
1018 CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only)
1019 *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101
1020 CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073]
1021 CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073]
1022 CVE-2007-0245 backport (openoffice.org) [since FEDORA-2007-0410]
1023 *CVE-2007-0242 backport (qt4, fixed 4.2.3-7)
1024 *CVE-2007-0240 backport (zope, fixed 2.9.6-2) #233378
1025 *CVE-2007-0239 ** (openoffice.org)
1026 *CVE-2007-0238 ** (openoffice.org)
1027 CVE-2007-0235 version (libgtop2, 2.14.6) #222637
1028 *CVE-2007-0227 ** (slocate)
1029 CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958
1030 *CVE-2007-0160 backport (centericq, fixed 4.21.0-9) #227791
1031 *CVE-2007-0157 ** (neon)
1032 CVE-2007-0109 version (wordpress, fixed 2.1-0) #223101
1033 CVE-2007-0107 version (wordpress, fixed 2.1-0) #223101
1034 CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101
1035 CVE-2007-0104 ignore (poppler) only client DoS
1036 CVE-2007-0104 ignore (kdegraphics) only client DoS
1037 CVE-2007-0095 backport (phpMyAdmin) #221694 [since FEDORA-2007-4298]
1038 CVE-2007-0086 ignore (apache) not a security issue
1039 *CVE-2007-0080 ** (freeradius)
1040 CVE-2007-0063 ignore (dhcp) duplicate of CVE-2007-5365
1041 CVE-2007-0062 ignore (dhcp, fixed 3.0.7)
1042 CVE-2007-0061 ignore (dhcp) not affected
1043 *CVE-2007-0010 ** (gtk2)
1044 CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
1045 CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
1046 CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233
1047 CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
1048 CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335]
1049 CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351]
1050 CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected
1051 CVE-2006-7232 version (mysql, fixed 5.0.32)
1052 CVE-2006-7228 version (pcre, fixed 6.7)
1053 CVE-2006-7227 version (pcre, fixed 6.7)
1054 CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib
1055 CVE-2006-7205 ignore (php) See NVD
1056 CVE-2006-7204 ignore (php) See NVD
1057 *CVE-2006-7197 ** (tomcat)
1058 *CVE-2006-7196 ** (tomcat)
1059 *CVE-2006-7195 ** (tomcat)
1060 *CVE-2006-7195 ** (tomcat)
1061 CVE-2006-7193 ignore (php-Smarty) SMARTY_DIR is a constant
1062 *CVE-2006-7176 ** (sendmail)
1063 *CVE-2006-7175 ** (sendmail)
1064 CVE-2006-7162 version (putty, fixed 0.59) #231726
1065 *CVE-2006-7151 ** (libtool)
1066 *CVE-2006-7139 ** (kmail)
1067 *CVE-2006-7108 ** (util-linux)
1068 *CVE-2006-6979 backport (amarok, fixed 1.4.5-2) #228138
1069 *CVE-2006-6948 ** (myodbc)
1070 CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1)
1071 CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1)
1072 CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1)
1073 CVE-2006-6939 version (ed, fixed 0.3) #223075
1074 CVE-2006-6899 version (bluez-utils, fixed 2.23)
1075 CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019]
1076 CVE-2006-6811 ignore (ksirc) DoS only
1077 CVE-2006-6808 version (wordpress, fixed 2.1-0) #221023
1078 *CVE-2006-6799 backport (cacti, fixed 0.8.6i-5) #222410
1079 *CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077]
1080 *CVE-2006-6745 ** (java-ibm)
1081 *CVE-2006-6736 ** (java-ibm)
1082 *CVE-2006-6731 ** (java-ibm)
1083 *CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043]
1084 *CVE-2006-6698 ignore (GConf2) #219280 minimal impact
1085 CVE-2006-6698 fixed (GConf2) [since GConf2-2.22.0-5.fc10]
1086 CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
1087 CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
1088 CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible
1089 *CVE-2006-6628 ** (openoffice.org)
1090 CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
1091 CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
1092 CVE-2006-6610 version (nexuiz, fixed 2.2.1) #220034
1093 CVE-2006-6609 version (nexuiz, fixed 2.2.1) #220034
1094 *CVE-2006-6574 backport (mantis, fixed 1.0.6-2) #219937
1095 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938
1096 *CVE-2006-6561 ** (openoffice.org)
1097 CVE-2006-6515 version (mantis, fixed 1.0.6) #219720
1098 CVE-2006-6505 version (seamonkey, fixed 1.0.7) #220516
1099 CVE-2006-6504 version (seamonkey, fixed 1.0.7) #220516
1100 CVE-2006-6503 version (seamonkey, fixed 1.0.7) #220516
1101 CVE-2006-6502 version (seamonkey, fixed 1.0.7) #220516
1102 CVE-2006-6501 version (seamonkey, fixed 1.0.7) #220516
1103 CVE-2006-6500 version (seamonkey, fixed 1.0.7) #220516
1104 CVE-2006-6499 version (seamonkey, fixed 1.0.7) #220516
1105 CVE-2006-6498 version (seamonkey, fixed 1.0.7) #220516
1106 CVE-2006-6497 version (seamonkey, fixed 1.0.7) #220516
1107 *CVE-2006-6493 ** (openldap)
1108 CVE-2006-6481 version (clamav, fixed 0.88.7)
1109 CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
1110 CVE-2006-6385 ignore (kernel) windows only
1111 CVE-2006-6383 ignore (php) safe mode isn't safe
1112 *CVE-2006-6374 ** (phpMyAdmin) #218853
1113 CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
1114 CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
1115 CVE-2006-6332 ignore (kernel) no support for madwifi
1116 CVE-2006-6305 ignore (net-snmp) already have the backported patch
1117 CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058]
1118 CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441]
1119 CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
1120 CVE-2006-6297 ignore (kdegraphics) just a crash
1121 CVE-2006-6238 ignore (konqueror) safari only
1122 *CVE-2006-6235 backport (gnupg2, fixed 2.0.1-2) #218821
1123 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
1124 *CVE-2006-6171 backport (proftpd, fixed 1.3.0a-1) #214820
1125 *CVE-2006-6170 backport (proftpd, fixed 1.3.0a-1) #214820
1126 CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950
1127 *CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406]
1128 CVE-2006-6144 backport (krb5, fixed 1.5-14) #218456
1129 CVE-2006-6143 backport (krb5, fixed 1.5-14) #218456
1130 *CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089]
1131 CVE-2006-6128 VULNERABLE (kernel, fixed **)
1132 CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped)
1133 CVE-2006-6120 version (koffice, fixed 1.6.1) #218030
1134 CVE-2006-6107 version (dbus, fixed 1.0.2) #219665
1135 CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471]
1136 CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468]
1137 *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067]
1138 *CVE-2006-6103 ** (xorg-x11)
1139 *CVE-2006-6102 ** (xorg-x11)
1140 *CVE-2006-6101 ** (xorg-x11)
1141 *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393]
1142 CVE-2006-6085 version (kile, fixed 1.9.3) #217238
1143 CVE-2006-6077 version (firefox, fixed 1.5.0.10)
1144 CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
1145 CVE-2006-6058 version (kernel, fixed 2.6.23.7) 250623
1146 CVE-2006-6057 version (kernel, fixed **)
1147 CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
1148 CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
1149 CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
1150 *CVE-2006-6015 ** (pcre)
1151 CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6
1152 CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
1153 CVE-2006-5973 version (dovecot, fixed 1.0.rc15) #216508 [since ???]
1154 *CVE-2006-5969 ** (fvwm)
1155 CVE-2006-5941 ignore (net-snmp) dupe CVE-2005-2177
1156 *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support
1157 *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109]
1158 CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4)
1159 CVE-2006-5874 version (clamav, fixed 0.88.1)
1160 CVE-2006-5871 version (kernel, fixed 2.6.10)
1161 *CVE-2006-5870 ** (openoffice.org)
1162 CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560
1163 CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042]
1164 CVE-2006-5864 backport (evince) #217672
1165 *CVE-2006-5864 backport (gv, fixed 3.6.2-2) #215136
1166 CVE-2006-5848 version (trac, fixed 0.10.1) #215077
1167 CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
1168 CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820
1169 CVE-2006-5794 version (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215]
1170 CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263
1171 CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash
1172 CVE-2006-5783 ignore (firefox) disputed
1173 CVE-2006-5779 version (openldap, fixed 2.3.29) #214768
1174 CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223
1175 *CVE-2006-5754 ** (kernel)
1176 *CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291]
1177 CVE-2006-5752 backport (httpd) #244665 [since FEDORA-2007-0704]
1178 CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471]
1179 *CVE-2006-5750 ** (jboss)
1180 CVE-2006-5749 version (kernel, fixed 2.6.20-rc2)
1181 CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
1182 CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822
1183 CVE-2006-5748 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
1184 CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
1185 CVE-2006-5747 version (seamonkey, fixed 1.0.6) #214822
1186 CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
1187 CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe
1188 *CVE-2006-5705 backport (wordpress, fixed 2.0.4-3) #213985
1189 CVE-2006-5701 version (kernel) squashfs is not included upstream
1190 CVE-2006-5633 ignore (firefox) just a client DoS
1191 CVE-2006-5619 version (kernel, fixed 2.6.18.2, fixed 2.6.19-rc4) [since FEDORA-2006-1223]
1192 CVE-2006-5602 version (xsupplicant, fixed 1.2.6)
1193 CVE-2006-5601 version (xsupplicant, fixed 1.2.8) #212700
1194 CVE-2006-5595 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
1195 CVE-2006-5542 version (postgresql, fixed 8.1.5) #212360 [since FEDORA-2007-053]
1196 CVE-2006-5541 version (postgresql, fixed 8.1.5) #212360 [since FEDORA-2007-053]
1197 CVE-2006-5540 version (postgresql, fixed 8.1.5) #212360 [since FEDORA-2007-053]
1198 CVE-2006-5470 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
1199 CVE-2006-5469 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
1200 CVE-2006-5468 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
1201 *CVE-2006-5467 backport (ruby) #212396 [since FEDORA-2006-1109]
1202 CVE-2006-5466 version (rpm) #212833
1203 CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169]
1204 CVE-2006-5464 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
1205 CVE-2006-5464 version (seamonkey, fixed 1.0.6) #214822
1206 CVE-2006-5464 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
1207 CVE-2006-5463 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
1208 CVE-2006-5463 version (seamonkey, fixed 1.0.6) #214822
1209 CVE-2006-5463 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
1210 CVE-2006-5462 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192]
1211 CVE-2006-5462 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191]
1212 CVE-2006-5461 version (avahi, fixed 0.6.15)
1213 *CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285]
1214 CVE-2006-5456 version (GraphicsMagick, fixed 1.1.7) [since FEDORA-2007-1340]
1215 *CVE-2006-5455 backport (bugzilla, fixed 2.22-7) #212355
1216 *CVE-2006-5454 backport (bugzilla, fixed 2.22-7) #212355
1217 *CVE-2006-5453 backport (bugzilla, fixed 2.22-7) #212355
1218 CVE-2006-5397 backport (libX11, 1.0.2 and 1.0.3 only) #213280
1219 CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
1220 *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063]
1221 *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063]
1222 CVE-2006-5295 version (clamav, fixed 0.88.5) #210973
1223 CVE-2006-5276 version (snort) #229265 [since FEDORA-2007-2060]
1224 CVE-2006-5229 ignore (openssh) not reproduced
1225 CVE-2006-5215 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-1409]
1226 *CVE-2006-5215 version (xorg-x11-xdm)
1227 CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession
1228 CVE-2006-5214 version (xorg-x11-xinit) #212167
1229 *CVE-2006-5214 version (xorg-x11-xdm)
1230 CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession
1231 CVE-2006-5178 ignore (php) safe_mode WONTFIX
1232 CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only
1233 CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield
1234 CVE-2006-5170 version (nss_ldap, fixed 183)
1235 CVE-2006-5160 ignore (firefox) unverified
1236 CVE-2006-5159 ignore (firefox) unverified
1237 CVE-2006-5158 version (kernel, fixed 2.6.15)
1238 CVE-2006-5129 version (moodle, fixed 1.6.3) #206516
1239 CVE-2006-5111 version (libksba, fixed 0.9.14)
1240 *CVE-2006-5072 backport (mono)
1241 CVE-2006-5052 version (openssh, fixed 4.4)
1242 CVE-2006-5051 version (openssh, fixed 4.4) #208459
1243 CVE-2006-4997 version (kernel, fixed 2.6.18)
1244 CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA
1245 *CVE-2006-4976 ** (php-adodb) #208299
1246 CVE-2006-4965 ignore (firefox, fixed 2.0.0.7) windows only
1247 CVE-2006-4965 ignore (seamonkey) windows only
1248 CVE-2006-4943 version (moodle, fixed 1.6.3) #206516
1249 CVE-2006-4942 version (moodle, fixed 1.6.3) #206516
1250 CVE-2006-4941 version (moodle, fixed 1.6.3) #206516
1251 CVE-2006-4940 version (moodle, fixed 1.6.3) #206516
1252 CVE-2006-4939 version (moodle, fixed 1.6.3) #206516
1253 CVE-2006-4938 version (moodle, fixed 1.6.3) #206516
1254 CVE-2006-4937 version (moodle, fixed 1.6.3) #206516
1255 CVE-2006-4936 version (moodle, fixed 1.6.3) #206516
1256 CVE-2006-4935 version (moodle, fixed 1.6.3) #206516
1257 CVE-2006-4925 ignore (openssh) client crash only
1258 CVE-2006-4924 version (openssh, fixed 4.4) #207957
1259 *CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr
1260 *CVE-2006-4816 ** (php)
1261 CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058]
1262 CVE-2006-4813 version (kernel, fixed 2.6.13)
1263 CVE-2006-4812 version (php, fixed 5.2)
1264 CVE-2006-4811 version (qt, fixed 3.3.7) [since FEDORA-2006-1055]
1265 *CVE-2006-4810 backport (texinfo) [since FEDORA-2006-1203]
1266 *CVE-2006-4809 backport (imlib2, fixed 1.3.0-3) #214676
1267 *CVE-2006-4808 backport (imlib2, fixed 1.3.0-3) #214676
1268 *CVE-2006-4807 backport (imlib2, fixed 1.3.0-3) #214676
1269 *CVE-2006-4806 backport (imlib2, fixed 1.3.0-3) #214676
1270 CVE-2006-4805 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
1271 *CVE-2006-4790 backport (gnutls, fixed 1.4.4)
1272 CVE-2006-4786 version (moodle, fixed 1.6.3) #206516
1273 CVE-2006-4785 version (moodle, fixed 1.6.3) #206516
1274 CVE-2006-4784 version (moodle, fixed 1.6.3) #206516
1275 CVE-2006-4743 ignore (wordpress) dupe of an old non-issue #206514
1276 CVE-2006-4684 version (zope, fixed 2.9.2)
1277 *CVE-2006-4663 ignore (kernel) not a vulnerability
1278 CVE-2006-4625 ignore (php) safe mode isn't safe
1279 CVE-2006-4624 version (mailman, fixed 2.1.9rc1)
1280 CVE-2006-4623 version (kernel, fixed 2.6.18-rc1)
1281 CVE-2006-4600 version (openldap, fixed 2.3.25)
1282 CVE-2006-4574 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140]
1283 CVE-2006-4573 version (screen, fixed 4.0.3) #212057
1284 CVE-2006-4572 version (kernel, fixed 2.6.19) [since FEDORA-2007-058]
1285 CVE-2006-4571 version (thunderbird, fixed 1.5.0.7)
1286 CVE-2006-4571 version (seamonkey, fixed 1.0.5) #209167
1287 CVE-2006-4571 version (firefox, fixed 1.5.0.7)
1288 CVE-2006-4570 version (thunderbird, fixed 1.5.0.7)
1289 CVE-2006-4570 version (seamonkey, fixed 1.0.5) #209167
1290 CVE-2006-4569 version (firefox, fixed 1.5.0.7)
1291 CVE-2006-4568 version (seamonkey, fixed 1.0.5) #209167
1292 CVE-2006-4568 version (firefox, fixed 1.5.0.7)
1293 CVE-2006-4567 version (thunderbird, fixed 1.5.0.7)
1294 CVE-2006-4567 version (firefox, fixed 1.5.0.7)
1295 CVE-2006-4566 version (thunderbird, fixed 1.5.0.7)
1296 CVE-2006-4566 version (seamonkey, fixed 1.0.5) #209167
1297 CVE-2006-4566 version (firefox, fixed 1.5.0.7)
1298 CVE-2006-4565 version (thunderbird, fixed 1.5.0.7)
1299 CVE-2006-4565 version (seamonkey, fixed 1.0.5) #209167
1300 CVE-2006-4565 version (firefox, fixed 1.5.0.7)
1301 CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this.
1302 CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6)
1303 CVE-2006-4535 version (kernel, fixed 2.6.18-rc6)
1304 CVE-2006-4519 version (gimp, fixed 2.2.16) #247566 [since FEDORA-2007-1044]
1305 *CVE-2006-4514 backport (libgsf) [since FEDORA-2006-1417]
1306 CVE-2006-4513 version (wv, fixed 1.2.4) #212696
1307 *CVE-2006-4513 ** (abiword) #212698
1308 CVE-2006-4507 ignore (libtiff) can't reproduce
1309 CVE-2006-4486 version (php, fixed 5.1.6)
1310 CVE-2006-4485 version (php, fixed 5.1.5)
1311 CVE-2006-4484 version (php, fixed 5.1.5)
1312 CVE-2006-4484 ignore (gd)
1313 CVE-2006-4483 ignore (php) not linux
1314 CVE-2006-4482 version (php, fixed 5.1.5)
1315 CVE-2006-4481 ignore (php) safe mode isn't safe
1316 CVE-2006-4455 ignore (xchat) client DoS
1317 CVE-2006-4447 ignore (xorg) not a security issue
1318 CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable
1319 CVE-2006-4433 version (php, fixed 5.1.4)
1320 CVE-2006-4433 version (php, fixed 5.1.4)
1321 CVE-2006-4380 version (mysql, fixed 4.1.13)
1322 *CVE-2006-4343 backport (openssl, fixed 0.9.8d)
1323 CVE-2006-4342 ignore (kernel) rhel3 only
1324 CVE-2006-4340 version (seamonkey, fixed 1.0.5) #209167
1325 CVE-2006-4340 version (nss, fixed 3.11.3)
1326 *CVE-2006-4339 backport (openssl, fixed 0.9.8c)
1327 *CVE-2006-4339 backport (openssl097)
1328 CVE-2006-4338 backport (gzip)
1329 CVE-2006-4337 backport (gzip)
1330 CVE-2006-4336 backport (gzip)
1331 CVE-2006-4335 backport (gzip)
1332 CVE-2006-4334 backport (gzip)
1333 CVE-2006-4333 version (wireshark, fixed 0.99.3)
1334 CVE-2006-4332 version (wireshark, fixed 0.99.3)
1335 CVE-2006-4331 version (wireshark, fixed 0.99.3)
1336 CVE-2006-4330 version (wireshark, fixed 0.99.3)
1337 CVE-2006-4310 ignore (firefox) crash only
1338 *CVE-2006-4262 backport (cscope)
1339 CVE-2006-4253 version (thunderbird, fixed 1.5.0.7)
1340 CVE-2006-4253 version (seamonkey, fixed 1.0.5) #209167
1341 CVE-2006-4253 version (firefox, fixed 1.5.0.7)
1342 *CVE-2006-4249 backport (plone, fixed 2.5.1-3) #213983
1343 CVE-2006-4248 ignore (thttpd) Debian specific issue
1344 *CVE-2006-4247 backport (plone, fixed 2.5-4) #209163
1345 CVE-2006-4227 version (mysql, fixed 5.0.26,5.1.12) #203434 [since FEDORA-2006-1297]
1346 CVE-2006-4226 version (mysql, fixed 5.0.26,5.1.12) #203428 [since FEDORA-2006-1297]
1347 *CVE-2006-4192 backport (libmodplug, fixed 0.8-3)
1348 CVE-2006-4182 version (clamav, fixed 0.88.5) #210973
1349 *CVE-2006-4181 ** (gnuradius)
1350 CVE-2006-4146 backport (gdb)
1351 CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix
1352 *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9)
1353 CVE-2006-4144 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
1354 *CVE-2006-4124 ** (lesstif)
1355 CVE-2006-4096 version (bind, fixed 9.3.2-P1)
1356 CVE-2006-4095 version (bind, fixed 9.3.2-P1)
1357 CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5)
1358 CVE-2006-4031 version (mysql, fixed 5.0.24) #202675 [since FEDORA-2006-1297]
1359 CVE-2006-4028 version (wordpress, fixed 2.0.4) #201989
1360 CVE-2006-4020 version (php, fixed 5.1.5)
1361 CVE-2006-4019 version (squirrelmail, fixed 1.4.8)
1362 CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688
1363 CVE-2006-3918 version (httpd, fixed 2.2.2)
1364 CVE-2006-3913 backport (freeciv, fixed 2.0.9) #200545
1365 CVE-2006-3879 version (libmikmod, loaders/load_gt2 not in bundled libmikmod-3.1.11)
1366 CVE-2006-3835 version (tomcat, fixed 5.5.17)
1367 CVE-2006-3816 version (krusader, fixed 1.70.1) #200323
1368 CVE-2006-3815 version (heartbeat, fixed 2.0.6)
1369 CVE-2006-3813 version (perl) only Red Hat Enterprise Linux affected
1370 CVE-2006-3812 version (mozilla) #200455
1371 CVE-2006-3811 version (mozilla) #200455
1372 CVE-2006-3810 version (mozilla) #200455
1373 CVE-2006-3809 version (mozilla) #200455
1374 CVE-2006-3808 version (mozilla) #200455
1375 CVE-2006-3807 version (mozilla) #200455
1376 CVE-2006-3806 version (mozilla) #200455
1377 CVE-2006-3805 version (mozilla) #200455
1378 CVE-2006-3804 version (mozilla) #200455
1379 CVE-2006-3803 version (mozilla) #200455
1380 CVE-2006-3802 version (mozilla) #200455
1381 CVE-2006-3801 version (mozilla) #200455
1382 CVE-2007-3798 version (tcpdump, fixed 3.9.7) #244860 [since FEDORA-2007-1361]
1383 CVE-2006-3747 version (httpd, fixed 2.2.3)
1384 CVE-2006-3746 version (gnupg, fixed 1.4.5)
1385 CVE-2006-3745 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5)
1386 *CVE-2006-3744 backport (ImageMagick)
1387 *CVE-2006-3743 backport (ImageMagick)
1388 *CVE-2006-3742 backport (kdebase) inside kdebase-3.5.5-redhat-pam.patch
1389 *CVE-2006-3741 ignore (kernel, fixed 2.6.18-rc7) ia64 only
1390 CVE-2006-3740 version (libXfont, fixed 1.2.2)
1391 CVE-2006-3739 version (libXfont, fixed 1.2.2)
1392 *CVE-2006-3738 backport (openssl, fixed 0.9.8d)
1393 CVE-2007-3734 version (mozilla) #248518 [since FEDORA-2007-1138]
1394 *CVE-2006-3733 ignore (jboss) cisco only
1395 CVE-2006-3731 ignore (firefox) just a user complicit crash
1396 CVE-2006-3694 version (ruby, fixed 1.8.5)
1397 CVE-2006-3677 version (thunderbird, fixed 1.5.0.5)
1398 CVE-2006-3677 version (seamonkey, fixed 1.0.4) #200455
1399 CVE-2006-3677 version (firefox, fixed 1.5.0.5)
1400 CVE-2006-3672 ignore (konqueror) just a crash
1401 *CVE-2006-3668 backport (dumb, fixed 0.9.3-4) #200370
1402 CVE-2006-3665 ignore (squirrelmail) don't enable register_globals!
1403 CVE-2006-3636 version (mailman, fixed 2.1.9)
1404 CVE-2006-3634 ignore (kernel, fixed 2.6.17.8) s390 only
1405 CVE-2006-3632 version (wireshark, fixed 0.99.2)
1406 CVE-2006-3631 version (wireshark, fixed 0.99.2)
1407 CVE-2006-3630 version (wireshark, fixed 0.99.2)
1408 CVE-2006-3629 version (wireshark, fixed 0.99.2)
1409 CVE-2006-3628 version (wireshark, fixed 0.99.2)
1410 CVE-2006-3627 version (wireshark, fixed 0.99.2)
1411 CVE-2006-3626 version (kernel, fixed 2.6.17.6)
1412 CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least)
1413 CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108
1414 CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108
1415 CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
1416 *CVE-2006-3469 version (mysql)
1417 CVE-2006-3468 version (kernel, fixed 2.6.17.8, fixed 2.6.18-rc4)
1418 CVE-2006-3467 version (freetype, fixed 2.2)
1419 CVE-2006-3467 ignore (vnc) #204052 not a vulnerability
1420 *CVE-2006-3467 backport (libXfont) fdo-7535.patch
1421 *CVE-2006-3465 backport (libtiff) libtiff-3.8.2-ormandy.patch
1422 *CVE-2006-3464 backport (libtiff) libtiff-3.8.2-ormandy.patch
1423 *CVE-2006-3463 backport (libtiff) libtiff-3.8.2-ormandy.patch
1424 *CVE-2006-3462 backport (libtiff) libtiff-3.8.2-ormandy.patch
1425 *CVE-2006-3461 backport (libtiff) libtiff-3.8.2-ormandy.patch
1426 *CVE-2006-3460 backport (libtiff) libtiff-3.8.2-ormandy.patch
1427 *CVE-2006-3459 backport (libtiff) libtiff-3.8.2-ormandy.patch
1428 *CVE-2006-3458 backport (zope, fixed 2.9.3-3) #198106
1429 CVE-2006-3404 version (gimp, fixed 2.2.12)
1430 CVE-2006-3403 version (samba, fixed 3.0.23)
1431 CVE-2006-3390 ignore (wordpress, not an issue) #198107
1432 CVE-2006-3378 ignore (shadow-utils) we don't ship passwd from shadow-utils
1433 *CVE-2006-3376 backport (libwmf) from changelog
1434 CVE-2006-3352 ignore (firefox) not a vulnerability
1435 CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable
1436 *CVE-2006-3276 ** (helixplayer)
1437 CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12)
1438 CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped)
1439 CVE-2006-3174 version (squirrelmail, fixed 1.4.7)
1440 CVE-2006-3145 version (netpbm, fixed 10.34)
1441 CVE-2006-3127 version (nss, only affected 3.11)
1442 CVE-2006-3122 version (dhcp, only 2.x)
1443 CVE-2006-3121 version (heartbeat, fixed 2.0.7)
1444 *CVE-2006-3119 backport (fbida, fixed 2.0.3-12) #200321
1445 CVE-2006-3117 version (openoffice.org, fixed 2.0.3)
1446 CVE-2006-3113 version (thunderbird, fixed 1.5.0.5)
1447 CVE-2006-3113 version (seamonkey, fixed 1.0.4) #200455
1448 CVE-2006-3113 version (firefox, fixed 1.5.0.5)
1449 CVE-2006-3093 ignore (acroread) windows only
1450 CVE-2006-3085 version (kernel, fixed 2.6.17.1)
1451 CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux
1452 CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4)
1453 CVE-2006-3082 version (gnupg, fixed 1.4.4)
1454 CVE-2006-3081 version (mysql, fixed 5.1.18)
1455 CVE-2006-3057 version (dhcdbd, fixed 1.14)
1456 CVE-2006-3018 version (php, fixed 5.1.3)
1457 CVE-2006-3017 version (php, fixed 5.1.3)
1458 CVE-2006-3016 version (php, fixed 5.1.3)
1459 CVE-2006-3014 ignore (flash-plugin) windows only
1460 CVE-2006-3011 ignore (php) safe mode isn't safe
1461 CVE-2006-3005 ignore (libjpeg) not a vuln
1462 CVE-2006-2941 version (mailman, fixed 2.1.9)
1463 *CVE-2006-2940 backport (openssl, fixed 0.9.8d)
1464 *CVE-2006-2937 backport (openssl, fixed 0.9.8d)
1465 CVE-2006-2936 version (kernel, fixed 2.6.17.7)
1466 CVE-2006-2935 version (kernel, fixed 2.6.17.7)
1467 CVE-2006-2934 version (kernel, fixed 2.6.17.3)
1468 CVE-2006-2933 version (kde, not 3.2+)
1469 CVE-2006-2932 ignore (kernel) no 4G/4G split support
1470 CVE-2006-2920 version (sylpheed-claws, fixed 2.2.2)
1471 CVE-2006-2916 ignore (arts) not shipped setuid
1472 CVE-2006-2906 backport (gd) from changelog
1473 CVE-2006-2894 version (firefox, fixed 2.0.0.8)
1474 CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511
1475 CVE-2006-2842 version (squirrelmail, fixed 1.4.6)
1476 CVE-2006-2789 version (evolution, fixed 2.4.X)
1477 CVE-2006-2788 version (firefox, fixed 1.5.0.4)
1478 CVE-2006-2787 version (thunderbird, fixed 1.5.0.4)
1479 CVE-2006-2787 version (firefox, fixed 1.5.0.4)
1480 CVE-2006-2786 version (thunderbird, fixed 1.5.0.4)
1481 CVE-2006-2786 version (firefox, fixed 1.5.0.4)
1482 CVE-2006-2785 version (firefox, fixed 1.5.0.4)
1483 CVE-2006-2784 version (firefox, fixed 1.5.0.4)
1484 CVE-2006-2783 version (thunderbird, fixed 1.5.0.4)
1485 CVE-2006-2783 version (firefox, fixed 1.5.0.4)
1486 CVE-2006-2782 version (firefox, fixed 1.5.0.4)
1487 CVE-2006-2781 version (thunderbird, fixed 1.5.0.4)
1488 CVE-2006-2781 version (seamonkey, fixed 1.0.2-1) #193963
1489 CVE-2006-2780 version (thunderbird, fixed 1.5.0.4)
1490 CVE-2006-2780 version (firefox, fixed 1.5.0.4)
1491 CVE-2006-2779 version (thunderbird, fixed 1.5.0.4)
1492 CVE-2006-2779 version (firefox, fixed 1.5.0.4)
1493 CVE-2006-2778 version (thunderbird, fixed 1.5.0.4)
1494 CVE-2006-2778 version (firefox, fixed 1.5.0.4)
1495 CVE-2006-2777 version (seamonkey, fixed 1.0.2-1) #193962
1496 CVE-2006-2777 version (firefox, fixed 1.5.0.4)
1497 CVE-2006-2776 version (thunderbird, fixed 1.5.0.4)
1498 CVE-2006-2776 version (firefox, fixed 1.5.0.4)
1499 CVE-2006-2775 version (thunderbird, fixed 1.5.0.4)
1500 CVE-2006-2775 version (firefox, fixed 1.5.0.4)
1501 CVE-2006-2769 backport (snort, fixed 2.4.4-4) #193809
1502 CVE-2006-2754 ignore (openldap) This issue is not exploitable
1503 CVE-2006-2753 version (mysql, fixed 5.0.22)
1504 CVE-2006-2723 ignore (firefox) disputed
1505 CVE-2006-2661 version (freetype, fixed 2.2.1)
1506 CVE-2006-2660 ignore (php) see #195539
1507 CVE-2006-2658 version (xsp, fixed 1.1.14) #206510
1508 *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch
1509 CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC
1510 CVE-2006-2613 ignore (firefox) This isn't an issue on FC
1511 CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_48-security.patch
1512 *CVE-2006-2575 backport (netpanzer, fixed 0.8-4) bz#192983
1513 CVE-2006-2563 ignore (php) safe mode isn't safe
1514 *CVE-2006-2502 ** (cyrus-imapd)
1515 CVE-2006-2489 version (nagios, fixed 2.3.1)
1516 *CVE-2006-2480 backport (dia, fixed 0.95-2) bz#192535
1517 *CVE-2006-2453 backport (dia, fixed 0.95-3) #192830
1518 CVE-2006-2452 version (gdm)
1519 CVE-2006-2451 version (kernel, fixed 2.6.17.4)
1520 *CVE-2006-2450 ** (vnc)
1521 CVE-2006-2449 version (kdebase, fixed 3.5.4)
1522 CVE-2006-2448 version (kernel, fixed 2.6.17)
1523 CVE-2006-2447 version (spamassassin, fixed 3.1.3)
1524 CVE-2006-2446 version (kernel, fixed 2.6.11)
1525 CVE-2006-2445 version (kernel, fixed 2.6.17)
1526 CVE-2006-2444 version (kernel, fixed 2.6.17)
1527 *CVE-2006-2442 backport (kphone, fixed 4.2-9) bz#192202
1528 CVE-2006-2440 version (ImageMagick, fixed 6.2.8 at least)
1529 CVE-2006-2427 ignore (clamav) not an issue bz#192076
1530 CVE-2006-2414 version (dovecot, fixed 1.0.beta8) not a security issue
1531 CVE-2006-2369 version (vnc, fixed 4.1.2)
1532 *CVE-2006-2366 ignore (openobex) we don't ship ircp
1533 CVE-2006-2362 ignore (binutils) minor crash (not exploitable)
1534 CVE-2006-2332 ignore (firefox) disputed
1535 CVE-2006-2314 version (postgresql, fixed 8.1.4) [since FEDORA-2007-0249]
1536 CVE-2006-2313 version (postgresql, fixed 8.1.4) [since FEDORA-2007-0249]
1537 CVE-2006-2276 version (quagga, fixed 0.98.6)
1538 CVE-2006-2275 version (kernel, fixed 2.6.16.15)
1539 CVE-2006-2274 version (kernel, fixed 2.6.16.15)
1540 CVE-2006-2272 version (kernel, fixed 2.6.16.15)
1541 CVE-2006-2271 version (kernel, fixed 2.6.16.15)
1542 *CVE-2006-2237 backport (awstats, fixed 6.5-5) bz#190923
1543 *CVE-2006-2229 ** (openvpn)
1544 CVE-2006-2224 version (quagga, fixed 0.98.6)
1545 CVE-2006-2223 version (quagga, fixed 0.98.6)
1546 CVE-2006-2199 version (openoffice.org, fixed 2.0.3)
1547 CVE-2006-2198 version (openoffice.org, fixed 2.0.3)
1548 CVE-2006-2197 version (wv2, fixed 0.2.3-1) #195019
1549 CVE-2006-2194 ignore (ppp) pppd not suid
1550 *CVE-2006-2193 backport (libtiff) libtiff-3.8.2-CVE-2006-2193.patch
1551 CVE-2006-2191 ignore (mailman) disputed
1552 *CVE-2006-2169 ** (rt3)
1553 CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612
1554 CVE-2006-2120 version (libtiff, fixed 3.8.2 at least)
1555 CVE-2006-2093 version (nessus, fixed 2.2.7) bz#191053
1556 CVE-2006-2083 version (rsync, fixed 2.6.8)
1557 CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP
1558 CVE-2006-2071 version (kernel, fixed 2.6.16.6)
1559 CVE-2006-2057 ignore (firefox) not Linux
1560 CVE-2006-2026 version (libtiff, fixed 3.8.1)
1561 CVE-2006-2025 version (libtiff, fixed 3.8.1)
1562 CVE-2006-2024 version (libtiff, fixed 3.8.1)
1563 CVE-2006-2017 version (dnsmasq, fixed 2.30)
1564 CVE-2006-2016 version (phpldapadmin, fixed 0.9.8.1)
1565 CVE-2006-1993 version (firefox, fixed 1.5.0.3)
1566 CVE-2006-1991 version (php, fixed 5.1.3)
1567 CVE-2006-1990 version (php, fixed 5.1.3)
1568 CVE-2006-1989 version (clamav, fixed 0.88.2)
1569 *CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch
1570 CVE-2006-1942 version (firefox, fixed 1.5.0.4)
1571 CVE-2006-1940 version (wireshark, fixed 0.99.0)
1572 CVE-2006-1939 version (wireshark, fixed 0.99.0)
1573 CVE-2006-1938 version (wireshark, fixed 0.99.0)
1574 CVE-2006-1937 version (wireshark, fixed 0.99.0)
1575 CVE-2006-1936 version (wireshark, fixed 0.99.0)
1576 CVE-2006-1935 version (wireshark, fixed 0.99.0)
1577 CVE-2006-1934 version (wireshark, fixed 0.99.0)
1578 CVE-2006-1933 version (wireshark, fixed 0.99.0)
1579 CVE-2006-1932 version (wireshark, fixed 0.99.0)
1580 CVE-2006-1931 version (ruby, fixed 1.8.3)
1581 CVE-2006-1902 ignore (gcc) not a vulnerability
1582 CVE-2006-1900 version (amaya, fixed 9.5) bz#190324
1583 CVE-2006-1865 version (beagle, fixed 0.2.5)
1584 CVE-2006-1864 ignore (kernel, fixed 2.6.16.14) not compiled in
1585 CVE-2006-1863 version (kernel, fixed 2.6.16.11)
1586 CVE-2006-1862 version (kernel) not upstream kernels, only RHEL
1587 CVE-2006-1861 version (freetype, fixed 2.2.1)
1588 CVE-2006-1860 version (kernel, fixed 2.6.16.16)
1589 CVE-2006-1859 version (kernel, fixed 2.6.16.16)
1590 CVE-2006-1858 version (kernel, fixed 2.6.16.17)
1591 CVE-2006-1857 version (kernel, fixed 2.6.16.17)
1592 CVE-2006-1856 version (kernel, fixed 2.6.16.12)
1593 CVE-2006-1855 version (kernel, fixed 2.6.11.12)
1594 CVE-2006-1790 version (thunderbird, fixed 1.5.0.2)
1595 CVE-2006-1790 version (firefox, fixed 1.5.0.2)
1596 CVE-2006-1742 version (thunderbird, fixed 1.5.0.2)
1597 CVE-2006-1742 version (seamonkey, fixed 1.0)
1598 CVE-2006-1742 version (firefox, fixed 1.5.0.2)
1599 CVE-2006-1741 version (thunderbird, fixed 1.5.0.2)
1600 CVE-2006-1741 version (seamonkey, fixed 1.0)
1601 CVE-2006-1741 version (firefox, fixed 1.5.0.2)
1602 CVE-2006-1740 version (seamonkey, fixed 1.0)
1603 CVE-2006-1740 version (firefox, fixed 1.5.0.2)
1604 CVE-2006-1739 version (thunderbird, fixed 1.5.0.2)
1605 CVE-2006-1739 version (seamonkey, fixed 1.0)
1606 CVE-2006-1739 version (firefox, fixed 1.5.0.2)
1607 CVE-2006-1738 version (thunderbird, fixed 1.5.0.2)
1608 CVE-2006-1738 version (seamonkey, fixed 1.0)
1609 CVE-2006-1738 version (firefox, fixed 1.5.0.2)
1610 CVE-2006-1737 version (thunderbird, fixed 1.5.0.2)
1611 CVE-2006-1737 version (seamonkey, fixed 1.0)
1612 CVE-2006-1737 version (firefox, fixed 1.5.0.2)
1613 CVE-2006-1736 version (seamonkey, fixed 1.0)
1614 CVE-2006-1736 version (firefox, fixed 1.5.0.2)
1615 CVE-2006-1735 version (thunderbird, fixed 1.5.0.2)
1616 CVE-2006-1735 version (seamonkey, fixed 1.0)
1617 CVE-2006-1735 version (firefox, fixed 1.5.0.2)
1618 CVE-2006-1734 version (thunderbird, fixed 1.5.0.2)
1619 CVE-2006-1734 version (seamonkey, fixed 1.0)
1620 CVE-2006-1734 version (firefox, fixed 1.5.0.2)
1621 CVE-2006-1733 version (thunderbird, fixed 1.5.0.2)
1622 CVE-2006-1733 version (seamonkey, fixed 1.0)
1623 CVE-2006-1733 version (firefox, fixed 1.5.0.2)
1624 CVE-2006-1732 version (thunderbird, fixed 1.5.0.2)
1625 CVE-2006-1732 version (seamonkey, fixed 1.0)
1626 CVE-2006-1732 version (firefox, fixed 1.5.0.2)
1627 CVE-2006-1731 version (thunderbird, fixed 1.5.0.2)
1628 CVE-2006-1731 version (seamonkey, fixed 1.0)
1629 CVE-2006-1731 version (firefox, fixed 1.5.0.2)
1630 CVE-2006-1730 version (thunderbird, fixed 1.5.0.2)
1631 CVE-2006-1730 version (seamonkey, fixed 1.0.1)
1632 CVE-2006-1730 version (firefox, fixed 1.5.0.2)
1633 CVE-2006-1729 version (seamonkey, fixed 1.0.1)
1634 CVE-2006-1729 version (firefox, fixed 1.5.0.2)
1635 CVE-2006-1728 version (thunderbird, fixed 1.5.0.2)
1636 CVE-2006-1728 version (seamonkey, fixed 1.0.1)
1637 CVE-2006-1728 version (firefox, fixed 1.5.0.2)
1638 CVE-2006-1727 version (thunderbird, fixed 1.5.0.2)
1639 CVE-2006-1727 version (seamonkey, fixed 1.0.1)
1640 CVE-2006-1727 version (firefox, fixed 1.5.0.2)
1641 CVE-2006-1726 version (thunderbird, fixed 1.5.0.2)
1642 CVE-2006-1726 version (seamonkey, fixed 1.0.1)
1643 CVE-2006-1726 version (firefox, fixed 1.5.0.2)
1644 CVE-2006-1725 version (seamonkey, fixed 1.0.1)
1645 CVE-2006-1725 version (firefox, fixed 1.5.0.2)
1646 CVE-2006-1724 version (thunderbird, fixed 1.5.0.2)
1647 CVE-2006-1724 version (seamonkey, fixed 1.0.1)
1648 CVE-2006-1724 version (firefox, fixed 1.5.0.2)
1649 CVE-2006-1723 version (thunderbird, fixed 1.5.0.2)
1650 CVE-2006-1723 version (seamonkey, fixed 1.0.1)
1651 CVE-2006-1723 version (firefox, fixed 1.5.0.2)
1652 CVE-2006-1721 version (cyrus-sasl, fixed 2.1.21)
1653 CVE-2006-1712 version (mailman, only 2.1.7)
1654 CVE-2006-1711 version (plone, fixed 2.1.2) bz#188886
1655 *CVE-2006-1695 backport (fbida, fixed 2.03-11) bz#189721
1656 CVE-2006-1656 version (util-vserver, fixed 0.30.210)
1657 CVE-2006-1650 ignore (firefox) a number of reports don't confirm this
1658 CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon
1659 CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286
1660 CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050
1661 CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue
1662 CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286
1663 CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286
1664 CVE-2006-1608 ignore (php) safe mode isn't safe
1665 CVE-2006-1577 version (mantis, fixed 1.0.5) bz#191089
1666 CVE-2006-1566 ignore (libtunepimp) Debian-specific problem
1667 CVE-2006-1550 version (dia, fixed 0.95) bz#187556
1668 CVE-2006-1549 ignore (php) this is not a security issue
1669 CVE-2006-1548 version (struts, fixed 1.2.9)
1670 CVE-2006-1547 version (struts, fixed 1.2.9)
1671 CVE-2006-1546 version (struts, fixed 1.2.9)
1672 *CVE-2006-1542 backport (python) python-2.4.1-canonicalize.patch
1673 CVE-2006-1539 ignore (bsd-games) Gentoo-specific problem
1674 CVE-2006-1531 version (thunderbird, fixed 1.5.0.2)
1675 CVE-2006-1531 version (seamonkey, fixed 1.0.1)
1676 CVE-2006-1531 version (firefox, fixed 1.5.0.2)
1677 CVE-2006-1530 version (thunderbird, fixed 1.5.0.2)
1678 CVE-2006-1530 version (seamonkey, fixed 1.0.1)
1679 CVE-2006-1530 version (firefox, fixed 1.5.0.2)
1680 CVE-2006-1529 version (thunderbird, fixed 1.5.0.2)
1681 CVE-2006-1529 version (seamonkey, fixed 1.0.1)
1682 CVE-2006-1529 version (firefox, fixed 1.5.0.2)
1683 CVE-2006-1528 version (kernel, fixed 2.6.13)
1684 CVE-2006-1527 version (kernel, fixed 2.6.17)
1685 CVE-2006-1526 version (xorg-x11-server, fixed 1.1.1 at least)
1686 CVE-2006-1525 version (kernel, fixed 2.6.16.8)
1687 CVE-2006-1524 version (kernel, fixed 2.6.16.7)
1688 CVE-2006-1523 version (kernel, fixed 2.6.16.4)
1689 CVE-2006-1522 version (kernel, fixed 2.6.16.3)
1690 CVE-2006-1518 version (mysql, fixed 5.0.21)
1691 CVE-2006-1517 version (mysql, fixed 5.0.21)
1692 CVE-2006-1516 version (mysql, fixed 5.0.21)
1693 CVE-2006-1498 version (mediawiki, fixed 1.5.8) bz#188122
1694 CVE-2006-1494 version (php, fixed 5.1.3)
1695 CVE-2006-1490 version (php, fixed 5.1.4)
1696 CVE-2006-1470 version (openldap, not 2.3.24 at least)
1697 CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group
1698 *CVE-2006-1370 ** (helixplayer)
1699 CVE-2006-1368 version (kernel, fixed 2.6.16)
1700 CVE-2006-1354 version (freeradius, fixed 1.1.2 at least)
1701 CVE-2006-1343 version (kernel, fixed 2.6.16.19)
1702 CVE-2006-1342 version (kernel, not 2.6)
1703 CVE-2006-1335 version (gnome-screensaver, fixed 2.14)
1704 CVE-2006-1329 version (jabberd, fixed 2.0s11)
1705 CVE-2006-1296 version (beagle, fixed 0.2.4)
1706 CVE-2006-1273 ignore (firefox) this issue only affects IE
1707 *CVE-2006-1269 backport (zoo, fixed 2.10-7) bz#183109
1708 CVE-2006-1251 ignore (exim-sa, configuration not vulnerable) bz#191082
1709 CVE-2006-1242 version (kernel, fixed 2.6.16.1)
1710 CVE-2006-1174 version (shadow-utils, fixed 4.0.3)
1711 CVE-2006-1173 version (sendmail, fixed 8.13.7)
1712 *CVE-2006-1168 backport (ncompress) ncompress-4.2.4-bssUnderflow.patch
1713 CVE-2006-1095 version (mod_python, 3.2.7 only)
1714 *CVE-2006-1079 backport (thttpd, fixed 2.25b-11) bz#191095
1715 CVE-2006-1079 ignore (httpd) not a vulnerability
1716 *CVE-2006-1078 backport (thttpd, fixed 2.25b-11) bz#191095
1717 CVE-2006-1078 ignore (httpd) not a vulnerability
1718 CVE-2006-1066 version (kernel, fixed 2.6.16)
1719 CVE-2006-1061 version (curl, fixed 7.15.3)
1720 CVE-2006-1059 version (samba, fixed 3.0.22 at least)
1721 CVE-2006-1058 version (busybox, fixed 1.2.x)
1722 CVE-2006-1057 version (gdm, fixed 2.14.1)
1723 CVE-2006-1056 version (kernel, fixed 2.6.16.9)
1724 CVE-2006-1055 version (kernel, fixed 2.6.17)
1725 *CVE-2006-1053 ** (fedora-ds-base) Publish CVE!
1726 CVE-2006-1052 version (kernel, fixed 2.6.16)
1727 CVE-2006-1045 version (thunderbird, fixed 1.5.0.2)
1728 CVE-2006-1015 ignore (php) safe mode isn't safe
1729 CVE-2006-1014 ignore (php) safe mode isn't safe
1730 CVE-2006-0996 version (php, fixed 5.1.4)
1731 CVE-2006-0987 ignore (bind) example config file only
1732 CVE-2006-0903 version (mysql, fixed 4.1.19)
1733 CVE-2006-0884 version (thunderbird, fixed 1.5.0.2)
1734 CVE-2006-0883 version (openssh, fixed 3.8.1p1)
1735 *CVE-2006-0855 backport (zoo, patched in OpenSUSE "upstream", fixed 2.10-7)
1736 CVE-2006-0847 version (python-cherrypy, fixed 2.1.1)
1737 CVE-2006-0841 version (mantis, fixed 1.0.1)
1738 CVE-2006-0840 version (mantis, fixed 1.0.1)
1739 CVE-2006-0839 version (snort, fixed in 2.4.4) bz#183297
1740 CVE-2006-0836 ignore (thunderbird) only crash on manual import
1741 CVE-2006-0814 ignore (lighttpd) Windows-specific problem
1742 CVE-2006-0804 ignore (tin, <= 1.8.0 not shipped)
1743 CVE-2006-0760 version (lighttpd, fixed 1.4.10)
1744 CVE-2006-0749 version (thunderbird, fixed 1.5.0.2)
1745 CVE-2006-0749 version (seamonkey, fixed 1.0)
1746 CVE-2006-0749 version (firefox, fixed 1.5.0.2)
1747 CVE-2006-0748 version (thunderbird, fixed 1.5.0.2)
1748 CVE-2006-0748 version (seamonkey, fixed 1.0.1)
1749 CVE-2006-0748 version (firefox, fixed 1.5.0.2)
1750 CVE-2006-0747 version (freetype, fixed 2.2.1)
1751 CVE-2006-0746 version (kdegraphics, fixed 3.4)
1752 CVE-2006-0745 version (xorg-x11-server, fixed 1.1.1 at least)
1753 CVE-2006-0744 version (kernel, fixed 2.6.16.5)
1754 *CVE-2006-0743 ** (log4net)
1755 CVE-2006-0742 version (kernel, fixed 2.6.16)
1756 CVE-2006-0741 version (kernel, fixed 2.6.15.5)
1757 CVE-2006-0730 version (dovecot, 1.0beta[12] only)
1758 *CVE-2006-0709 ** (metamail)
1759 CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert
1760 CVE-2006-0670 version (bluez-hcidump, fixed 1.30)
1761 CVE-2006-0665 version (mantis, fixed 1.0.1)
1762 CVE-2006-0664 version (mantis, fixed 1.0.1)
1763 CVE-2006-0645 version (libtasn1, fixed 0.3.0) bz#184097
1764 CVE-2006-0645 version (gnutls, fixed 1.2.10)
1765 CVE-2006-0591 version (postgresql, fixed 8.0.6)
1766 CVE-2006-0576 version (oprofile, fixed 0.9.2 at least) [since FEDORA-2006-1172] was backport since GA
1767 CVE-2006-0558 version (kernel, fixed 2.6.16)
1768 CVE-2006-0557 version (kernel, fixed 2.6.15.6)
1769 CVE-2006-0555 version (kernel, fixed 2.6.16)
1770 CVE-2006-0554 version (kernel, fixed 2.6.16)
1771 CVE-2006-0553 version (postgresql, only 8.1, fixed 8.1.3)
1772 CVE-2006-0528 version (cairo, fixed 1.0.4)
1773 CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253
1774 *CVE-2006-0482 ignore (kernel) sparc only
1775 CVE-2006-0481 version (libpng, 1.2.7 only)
1776 *CVE-2006-0459 version (flex) by inspection
1777 CVE-2006-0458 version (irssi, fixed 0.8.10) bz#184509
1778 CVE-2006-0457 version (kernel, fixed 2.6.16)
1779 CVE-2006-0456 ignore (kernel) s390 only
1780 CVE-2006-0455 version (gnupg, fixed 1.4.2.1)
1781 CVE-2006-0454 version (kernel, fixed 2.6.15.3)
1782 CVE-2006-0453 version (fedora-ds-base, 1.1.0-1.2) #179135
1783 CVE-2006-0452 version (fedora-ds-base, 1.1.0-1.2) #179137
1784 CVE-2006-0451 version (fedora-ds-base, 1.1.0-1.2) #179135
1785 CVE-2006-0405 version (libtiff, 3.8.0 only)
1786 CVE-2006-0377 version (squirrelmail, fixed 1.4.6)
1787 CVE-2006-0369 ignore (mysql) this is not a security issue
1788 *CVE-2006-0323 ** (helixplayer)
1789 CVE-2006-0322 version (mediawiki, fixed 1.5.8)
1790 CVE-2006-0321 version (fetchmail, fixed 6.3.2)
1791 CVE-2006-0301 version (poppler, fixed 0.4.5)
1792 CVE-2006-0301 version (kdegraphics, fixed 3.5.2)
1793 CVE-2006-0300 version (tar, fixed 1.15.90 at least)
1794 CVE-2006-0299 version (thunderbird, fixed 1.5)
1795 CVE-2006-0299 version (seamonkey, fixed 1.0)
1796 CVE-2006-0299 version (firefox, fixed 1.5.0.1)
1797 CVE-2006-0298 version (thunderbird, fixed 1.5)
1798 CVE-2006-0298 version (seamonkey, fixed 1.0)
1799 CVE-2006-0298 version (firefox, fixed 1.5.0.1)
1800 CVE-2006-0297 version (thunderbird, fixed 1.5)
1801 CVE-2006-0297 version (seamonkey, fixed 1.0)
1802 CVE-2006-0297 version (firefox, fixed 1.5.0.1)
1803 CVE-2006-0296 version (thunderbird, fixed 1.5)
1804 CVE-2006-0296 version (seamonkey, fixed 1.0)
1805 CVE-2006-0296 version (firefox, fixed 1.5.0.1)
1806 CVE-2006-0295 version (thunderbird, fixed 1.5)
1807 CVE-2006-0295 version (seamonkey, fixed 1.0)
1808 CVE-2006-0295 version (firefox, fixed 1.5.0.1)
1809 CVE-2006-0294 version (thunderbird, fixed 1.5)
1810 CVE-2006-0294 version (seamonkey, fixed 1.0)
1811 CVE-2006-0294 version (firefox, fixed 1.5.0.1)
1812 CVE-2006-0293 version (thunderbird, fixed 1.5)
1813 CVE-2006-0293 version (firefox, fixed 1.5.0.1)
1814 CVE-2006-0292 version (thunderbird, fixed 1.5)
1815 CVE-2006-0292 version (firefox, fixed 1.5.1)
1816 CVE-2006-0254 version (tomcat5, fixed 5.5.16)
1817 CVE-2006-0236 ignore (thunderbird) windows only
1818 CVE-2006-0225 version (openssh, fixed 4.3p2) #168167
1819 CVE-2006-0208 version (php, fixed 5.1.2)
1820 CVE-2006-0207 version (php, fixed 5.1.2)
1821 CVE-2006-0200 version (php, fixed 5.1.2)
1822 CVE-2006-0197 ignore (xorg-x11) not an issue
1823 CVE-2006-0195 version (squirrelmail, fixed 1.4.6)
1824 CVE-2006-0188 version (squirrelmail, fixed 1.4.6)
1825 CVE-2006-0162 version (clamav, fixed 0.88)
1826 CVE-2006-0151 ignore (sudo) only env_reset will properly clean the environment
1827 *CVE-2006-0150 ** (auth_ldap)
1828 CVE-2006-0144 version (php-pear, not 1.4.4)
1829 CVE-2006-0126 version (rxvt-unicode, fixed 7.5)
1830 CVE-2006-0106 version (wine, fixed 0.9.10)
1831 *CVE-2006-0105 ** (postgresql)
1832 CVE-2006-0097 ignore (php) Windows only
1833 CVE-2006-0096 ignore (kernel) minor and requires root
1834 CVE-2006-0095 version (kernel, fixed 2.6.16)
1835 CVE-2006-0082 version (ImageMagick, not 6.2.5.4)
1836 CVE-2006-0082 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
1837 CVE-2006-0071 ignore (pinentry) Gentoo-specific problem
1838 CVE-2006-0058 version (sendmail, fixed 8.13.6)
1839 CVE-2006-0052 version (mailman, fixed 2.1.6)
1840 CVE-2006-0049 version (gnupg, fixed 1.4.2.2)
1841 CVE-2006-0047 version (freeciv, fixed 2.0.8) bz#184507
1842 CVE-2006-0043 ignore (nfs-server) we use the kernel nfs server
1843 CVE-2006-0042 version (libapreq2, fixed 2.0.7)
1844 CVE-2006-0039 version (kernel, fixed 2.6.16.17)
1845 CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15)
1846 CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15)
1847 CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15)
1848 CVE-2006-0019 version (kdelibs, fixed 3.5.1)
1849 *CVE-2006-0017 ** (fedora-ds-base) Publish CVE!
1850 *CVE-2006-0016 ** (fedora-ds-base) Publish CVE!
1851 CVE-2005-4791 version (liferea, fixed 1.2.8) #393291 [since FEDORA-2007-3733]
1852 *CVE-2005-4838 ** (tomcat)
1853 CVE-2005-4837 version (net-snmp, fixed 5.2.2)
1854 *CVE-2005-4836 ** (tomcat)
1855 CVE-2005-4811 version (kernel, fixed 2.6.13)
1856 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways
1857 CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug
1858 CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug
1859 CVE-2005-4803 version (graphviz, fixed 2.2.1)
1860 CVE-2005-4798 version (kernel, not 2.6)
1861 CVE-2005-4790 backport (blam, fixed 1.8.4) #395751 [since FEDORA-2007-3792]
1862 CVE-2005-4790 backport (tomboy) #362941 [since FEDORA-2007-3011]
1863 CVE-2005-4784 ignore (glibc) struct dirent is big enough
1864 CVE-2005-4746 version (freeradius, fixed 1.0.5)
1865 CVE-2005-4745 version (freeradius, fixed 1.0.5)
1866 CVE-2005-4744 version (freeradius, fixed 1.0.5)
1867 CVE-2005-4720 version (thunderbird, fixed 1.5)
1868 CVE-2005-4720 version (firefox, fixed 1.5)
1869 CVE-2005-4703 ignore (tomcat) windows only
1870 CVE-2005-4685 ignore (firefox) not fixed upstream, low, can't fix
1871 CVE-2005-4684 ignore (kdebase) not fixed upstream, low, can't fix
1872 *CVE-2005-4667 backport (unzip) changelog
1873 CVE-2005-4639 version (kernel, fixed 2.6.15)
1874 CVE-2005-4636 version (openoffice.org, fixed 2.0.1)
1875 CVE-2005-4635 version (kernel, fixed 2.6.15)
1876 CVE-2005-4618 version (kernel, fixed 2.6.15)
1877 CVE-2005-4605 version (kernel, fixed 2.6.15)
1878 *CVE-2005-4601 ** (ImageMagick)
1879 CVE-2005-4601 version (GraphicsMagick, fixed 1.1.8) [since FEDORA-2007-1340]
1880 CVE-2005-4585 version (wireshark, fixed 0.10.14)
1881 CVE-2005-4442 version (openldap) gentoo only
1882 CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471]
1883 CVE-2005-4348 version (fetchmail, fixed 6.3.1)
1884 CVE-2005-4268 backport (cpio) cpio-2.6-writeOutHeaderBufferOverflow.patch
1885 CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment
1886 CVE-2005-4154 ignore (php) don't install untrusted pear packages
1887 *CVE-2005-4153 version (mailman)
1888 CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html
1889 *CVE-2005-4130 ** (helixplayer)
1890 *CVE-2005-4126 ** (helixplayer)
1891 CVE-2005-4077 version (curl, fixed 7.15.1)
1892 *CVE-2005-3964 ** (openmotif)
1893 CVE-2005-3962 version (perl, fixed 5.8.8)
1894 CVE-2005-3896 ignore (mozilla) client DoS
1895 CVE-2005-3883 version (php, fixed 5.1.1 at least)
1896 CVE-2005-3858 version (kernel, fixed 2.6.13)
1897 CVE-2005-3857 version (kernel, fixed 2.6.15)
1898 CVE-2005-3848 version (kernel, fixed 2.6.13)
1899 CVE-2005-3847 version (kernel, fixed 2.6.12.6)
1900 CVE-2005-3810 version (kernel, fixed 2.6.15)
1901 CVE-2005-3809 version (kernel, fixed 2.6.15)
1902 CVE-2005-3808 version (kernel, fixed 2.6.15)
1903 CVE-2005-3807 version (kernel, fixed 2.6.15)
1904 CVE-2005-3806 version (kernel, fixed 2.6.14)
1905 CVE-2005-3805 version (kernel, fixed 2.6.14)
1906 CVE-2005-3784 version (kernel, fixed 2.6.15)
1907 CVE-2005-3783 version (kernel, fixed 2.6.15)
1908 CVE-2005-3753 version (kernel, fixed 2.6.14)
1909 CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
1910 CVE-2005-3732 version (ipsec-tools, fixed 0.6.3)
1911 CVE-2005-3675 ignore (kernel) optack, no upstream fix, wontfix upstream
1912 CVE-2005-3671 version (openswan, fixed 2.4.4)
1913 *CVE-2005-3662 version (netpbm)
1914 CVE-2005-3656 version (mod_auth_pgsql, fixed 2.0.3)
1915 CVE-2005-3651 version (wireshark, fixed 0.10.14)
1916 *CVE-2005-3632 version (netpbm)
1917 *CVE-2005-3631 version (udev)
1918 CVE-2005-3630 version (fedora-ds-base, since 1.0) #174837
1919 CVE-2005-3629 version (initscripts, fixed 8.29 at least)
1920 CVE-2005-3628 version (poppler, fixed 0.4.4)
1921 CVE-2005-3628 version (kdegraphics, fixed 3.5.1)
1922 CVE-2005-3628 version (cups, fixed 1.2.0)
1923 *CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch
1924 CVE-2005-3627 version (poppler, fixed 0.4.4)
1925 CVE-2005-3627 version (kdegraphics, fixed 3.5.1)
1926 CVE-2005-3627 version (cups, fixed 1.2.0)
1927 *CVE-2005-3627 backport (tetex)
1928 CVE-2005-3626 version (poppler, fixed 0.4.4)
1929 CVE-2005-3626 version (kdegraphics, fixed 3.5.1)
1930 CVE-2005-3626 version (cups, fixed 1.2.0)
1931 *CVE-2005-3626 backport (tetex)
1932 CVE-2005-3625 version (poppler, fixed 0.4.4)
1933 CVE-2005-3625 version (kdegraphics, fixed 3.5.1)
1934 CVE-2005-3625 version (cups, fixed 1.2.0)
1935 *CVE-2005-3625 backport (tetex)
1936 CVE-2005-3624 version (poppler, fixed 0.4.4)
1937 CVE-2005-3624 version (kdegraphics, fixed 3.5.1)
1938 CVE-2005-3624 version (cups, fixed 1.2.0)
1939 *CVE-2005-3624 backport (tetex)
1940 CVE-2005-3623 version (kernel, fixed 2.6.14.5)
1941 CVE-2005-3582 version (ImageMagick) gentoo only
1942 CVE-2005-3573 version (mailman, fixed 2.1.7)
1943 CVE-2005-3527 version (kernel, fixed 2.6.14)
1944 *CVE-2005-3510 ** (tomcat)
1945 CVE-2005-3402 ignore (thunderbird) mozilla say by design
1946 CVE-2005-3392 version (php, not 5.0)
1947 CVE-2005-3391 version (php, not 5.0)
1948 CVE-2005-3390 version (php, fixed 5.1.0)
1949 CVE-2005-3389 version (php, fixed 5.1.1)
1950 CVE-2005-3388 version (php, fixed 5.1.1)
1951 CVE-2005-3359 version (kernel, fixed 2.6.14)
1952 CVE-2005-3358 version (kernel, fixed 2.6.11)
1953 CVE-2005-3357 version (httpd, fixed 2.2.1)
1954 CVE-2005-3356 version (kernel, fixed 2.6.16)
1955 *CVE-2005-3354 ** (sylpheed)
1956 CVE-2005-3353 version (php, not 5.0)
1957 CVE-2005-3352 version (httpd, fixed 2.2.1)
1958 CVE-2005-3351 version (spamassassin, fixed 3.1.0)
1959 *CVE-2005-3350 ** (libungif)
1960 CVE-2005-3322 version (squid) not upstream, SUSE only
1961 CVE-2005-3319 ignore (mod_php) no security consequence
1962 CVE-2005-3313 version (wireshark, fixed after 0.10.13)
1963 CVE-2005-3276 version (kernel, fixed 2.6.12.4)
1964 CVE-2005-3275 version (kernel, fixed 2.6.13)
1965 CVE-2005-3274 version (kernel, fixed 2.6.13)
1966 CVE-2005-3273 version (kernel, fixed 2.6.12)
1967 CVE-2005-3272 version (kernel, fixed 2.6.13)
1968 CVE-2005-3271 version (kernel, fixed 2.6.9)
1969 CVE-2005-3269 ignore (fedora-ds-base) "This flaw did not affect Fedora Directory Server"
1970 CVE-2005-3258 version (squid, fixed 2.5STABLE12)
1971 CVE-2005-3257 version (kernel, fixed 2.6.15)
1972 CVE-2005-3249 version (wireshark, fixed 0.10.13)
1973 CVE-2005-3248 version (wireshark, fixed 0.10.13)
1974 CVE-2005-3247 version (wireshark, fixed 0.10.13)
1975 CVE-2005-3246 version (wireshark, fixed 0.10.13)
1976 CVE-2005-3245 version (wireshark, fixed 0.10.13)
1977 CVE-2005-3244 version (wireshark, fixed 0.10.13)
1978 CVE-2005-3243 version (wireshark, fixed 0.10.13)
1979 CVE-2005-3242 version (wireshark, fixed 0.10.13)
1980 CVE-2005-3241 version (wireshark, fixed 0.10.13)
1981 CVE-2005-3193 version (poppler, fixed 0.4.4)
1982 CVE-2005-3193 version (kdegraphics, fixed 3.5.1)
1983 CVE-2005-3193 version (cups, fixed 1.2.0)
1984 *CVE-2005-3193 backport (tetex) tetex-3.0-CVE-2005-3193.patch
1985 CVE-2005-3192 version (poppler, fixed 0.4.4)
1986 CVE-2005-3192 version (kdegraphics, fixed 3.5.1)
1987 CVE-2005-3192 version (cups, fixed 1.2.0)
1988 *CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch
1989 CVE-2005-3191 version (poppler, fixed 0.4.4)
1990 CVE-2005-3191 version (kdegraphics, fixed 3.5.1)
1991 CVE-2005-3191 version (cups, fixed 1.2.0)
1992 *CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch
1993 CVE-2005-3186 version (gtk2, fixed 2.8.7 at least)
1994 CVE-2005-3185 version (wget, fixed 1.10.2 at least)
1995 CVE-2005-3185 version (curl, fixed 7.15)
1996 CVE-2005-3184 version (wireshark, fixed 0.10.13)
1997 *CVE-2005-3183 ** (w3c-libwww)
1998 CVE-2005-3181 version (kernel, fixed 2.6.13.4)
1999 CVE-2005-3180 version (kernel, fixed 2.6.13.4)
2000 CVE-2005-3179 version (kernel, fixed 2.6.13.4)
2001 CVE-2005-3164 version (tomcat, not 5)
2002 *CVE-2005-3120 backport (lynx) changelog
2003 CVE-2005-3119 version (kernel, fixed 2.6.13.4)
2004 CVE-2005-3110 version (kernel, fixed 2.6.12)
2005 CVE-2005-3109 version (kernel, fixed 2.6.12)
2006 CVE-2005-3108 version (kernel, fixed 2.6.12)
2007 CVE-2005-3107 version (kernel, fixed 2.6.11)
2008 CVE-2005-3106 version (kernel, fixed 2.6.11)
2009 CVE-2005-3105 version (kernel, fixed 2.6.12)
2010 CVE-2005-3089 version (firefox, fixed 1.0.7)
2011 CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped
2012 CVE-2005-3055 version (kernel, fixed 2.6.14)
2013 CVE-2005-3054 ignore (php)
2014 CVE-2005-3053 version (kernel, fixed 2.6.12.5)
2015 CVE-2005-3044 version (kernel, fixed 2.6.13.2)
2016 *CVE-2005-3011 backport (texinfo) texinfo-CAN-2005-3011.patch
2017 CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
2018 CVE-2005-2978 version (netpbm, fixed 10.25)
2019 CVE-2005-2977 version (pam, fixed 0.99.2.1 at least)
2020 *CVE-2005-2976 ** (gdk-pixbuf)
2021 CVE-2005-2975 version (gtk2, fixed 2.8.7)
2022 *CVE-2005-2974 ** (libungif)
2023 CVE-2005-2973 version (kernel, fixed 2.6.14)
2024 CVE-2005-2970 version (httpd, not 2.2)
2025 CVE-2005-2969 version (openssl, fixed 0.9.8a)
2026 *CVE-2005-2969 backport (openssl097a, fixed 0.9.7h)
2027 CVE-2005-2968 version (thunderbird)
2028 CVE-2005-2968 version (firefox)
2029 CVE-2005-2959 ignore (sudo) not a vulnerability
2030 *CVE-2005-2958 ** (libgda)
2031 CVE-2005-2946 version (openssl, fixed 0.9.8)
2032 *CVE-2005-2933 version (libc-client, fixed 2004g at least)
2033 *CVE-2005-2929 backport (lynx) changelog
2034 *CVE-2005-2922 ** (helixplayer)
2035 CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
2036 CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
2037 CVE-2005-2874 version (cups, fixed 1.1.23)
2038 CVE-2005-2873 version (kernel, fixed 2.6.18-rc1)
2039 CVE-2005-2872 version (kernel, fixed 2.6.12)
2040 CVE-2005-2871 version (thunderbird)
2041 CVE-2005-2871 version (firefox, fixed 1.0.7)
2042 CVE-2005-2811 version (net-snmp) not upstream, gentoo only
2043 CVE-2005-2801 version (kernel, fixed 2.6.11)
2044 CVE-2005-2800 version (kernel, fixed 2.6.12.6)
2045 CVE-2005-2798 version (openssh, fixed 4.2)
2046 CVE-2005-2797 version (openssh, fixed 4.2)
2047 CVE-2005-2796 version (squid, fixed 2.5.STABLE11)
2048 CVE-2005-2794 version (squid, fixed 2.5.STABLE11)
2049 CVE-2005-2728 version (httpd, not 2.2)
2050 *CVE-2005-2710 ** (helixplayer)
2051 CVE-2005-2709 version (kernel, fixed 2.6.14.3)
2052 CVE-2005-2708 ignore (kernel) not reproducable on x86_64
2053 CVE-2005-2707 version (thunderbird)
2054 CVE-2005-2707 version (firefox, fixed 1.0.7)
2055 CVE-2005-2706 version (thunderbird)
2056 CVE-2005-2706 version (firefox, fixed 1.0.7)
2057 CVE-2005-2705 version (thunderbird)
2058 CVE-2005-2705 version (firefox, fixed 1.0.7)
2059 CVE-2005-2704 version (thunderbird)
2060 CVE-2005-2704 version (firefox, fixed 1.0.7)
2061 CVE-2005-2703 version (thunderbird)
2062 CVE-2005-2703 version (firefox, fixed 1.0.7)
2063 CVE-2005-2702 version (thunderbird)
2064 CVE-2005-2702 version (firefox, fixed 1.0.7)
2065 CVE-2005-2701 version (firefox, fixed 1.0.7)
2066 CVE-2005-2700 version (httpd, not 2.2)
2067 *CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch
2068 CVE-2005-2672 version (lm_sensors, fixed 2.9.2)
2069 CVE-2005-2666 version (openssh, fixed 4.0p1)
2070 CVE-2005-2642 version (mutt) openbsd only
2071 *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
2072 *CVE-2005-2629 ** (helixplayer)
2073 CVE-2005-2617 version (kernel, fixed 2.6.12.5)
2074 CVE-2005-2602 ignore (thunderbird) probably
2075 CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
2076 CVE-2005-2558 version (mysql, fixed 4.1.13)
2077 CVE-2005-2558 ignore (mysql) not an issue
2078 CVE-2005-2555 version (kernel, fixed 2.6.12.6)
2079 CVE-2005-2553 version (kernel, not 2.6)
2080 CVE-2005-2550 version (evolution, fixed after 2.3.6.1)
2081 CVE-2005-2549 version (evolution, fixed after 2.3.6.1)
2082 CVE-2005-2548 version (kernel, fixed 2.6.9) only affected 2.6.8
2083 CVE-2005-2547 version (bluez-pin, fixed 2.19) not before 2.16
2084 CVE-2005-2541 ignore (tar) is documented behaviour
2085 CVE-2005-2500 version (kernel, fixed 2.6.13)
2086 CVE-2005-2498 version (php, fixed xml_rpc:1.4.0)
2087 CVE-2005-2496 version (ntp, fixed 4.2.0b)
2088 CVE-2005-2495 version (xorg-x11-server, fixed 0.99.3 at least)
2089 CVE-2005-2494 version (kdebase, fixed after 3.4.2)
2090 CVE-2005-2492 version (kernel, fixed 2.6.13.1)
2091 CVE-2005-2491 version (pcre, fixed 6.2)
2092 CVE-2005-2491 ignore (python) fc6 python does not contain pcre
2093 CVE-2005-2491 ignore (php) php uses system pcre
2094 CVE-2005-2491 ignore (httpd) httpd uses system pcre
2095 CVE-2005-2490 version (kernel, fixed 2.6.13.1)
2096 *CVE-2005-2475 backport (unzip) unzip-5.52-toctou.patch
2097 CVE-2005-2471 version (netpbm, fixed 10.31)
2098 CVE-2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible
2099 CVE-2005-2458 version (kernel, fixed 2.6.12.5)
2100 CVE-2005-2457 version (kernel, fixed 2.6.12.5)
2101 CVE-2005-2456 version (kernel, fixed 2.6.12.5)
2102 CVE-2005-2452 version (libtiff, fixed 3.7.0)
2103 CVE-2005-2448 version (kdenetwork, fixed 3.4.2)
2104 CVE-2005-