From Fedora Project Wiki

Revision as of 15:00, 26 March 2013 by Sparks (talk | contribs) (Sparks moved page Security/Status/2004 to Security Status/2004: Un-nesting)

2004-2136 ignore (dm-crypt) design 2004-2135 ignore (kernel) design 2004-2093 ignore (rsync, not security issue) 2004-2069 version (openssh, not 4) 2004-2014 PROBABLY VULNERABLE (wget) 2004-2013 ignore (kernel, not 2.6, also not exploitable) 2004-2004 version (SUSE configuration ponly) 2004-1880 version (openldap, fixed 2.2.21) 2004-1834 version (httpd, fixed 2.0.50) 2004-1773 backport (sharutils) from srpm 2004-1772 backport (sharutils) from srpm 2004-1761 version (ethereal, fixed 0.10.3) 2004-1689 version (sudo, fixed 1.6.8p1) 2004-1653 ignore (openssh) 2004-1639 version (mozilla, firefox) 2004-1617 ignore (lynx) not able to verify flaw 2004-1614 version (mozilla, fixed 1.7.5) 2004-1613 version (mozilla, fixed 1.7.5) 2004-1488 PROBABLY VULNERABLE (wget) 2004-1471 version (cvs, fixed 1.12.9) 2004-1453 version (glibc, fixed 2.3.5) 2004-1452 version (tomcat, fixed 5.0.27-r3) 2004-1451 version (mozilla, firefox, thunderbird) 2004-1450 version (mozilla, firefox, thunderbird) 2004-1449 version (mozilla, firefox, thunderbird) 2004-1392 version (php, fixed 5.0.4) 2004-1382 version (glibc, not 2.3.5) 2004-1381 version (firefox, mozilla) 2004-1380 version (firefox, mozilla) 2004-1377 backport (a2ps, fixed 4.13?) patch included in srpm 2004-1337 version (kernel, fixed 2.6.11) 2004-1336 version (tetex, fixed 3.0) at least, checked source 2004-1335 version (kernel, fixed 2.6.10) 2004-1334 version (kernel, fixed 2.6.10) 2004-1333 version (kernel, fixed 2.6.10) 2004-1316 version (thunderbird, fixed 0.9) 2004-1316 version (mozilla, fixed 1.7.5) 2004-1308 version (libtiff, fixed in 3.7.1 at least) 2004-1307 version (libtiff, was already fixed with 0886) 2004-1304 version (file, fixed 4.12) 2004-1296 backport (groff) from srpm 2004-1287 backport (nasm) from srpm 2004-1270 version (cups, fixed 1.1.23) 2004-1269 version (cups, fixed 1.1.23) 2004-1268 version (cups, fixed 1.1.23) 2004-1267 version (cups, fixed 1.1.23) 2004-1237 version (kernel, not upstream) 2004-1235 version (kernel, fixed 2.6.11) 2004-1234 version (kernel, not 2.6) 2004-1224 version (mtr, fixed after 0.65) 2004-1200 ignore (firefox, mozilla) not a security issue 2004-1191 version (kernel, fixed 2.6.9) 2004-1190 version (kernel, fixed 2.6.10) 2004-1189 version (krb5, fixed 1.4) 2004-1186 backport (enscript) in srpm 2004-1185 backport (enscript) in srpm 2004-1184 backport (enscript) in srpm 2004-1183 backport (libtiff) libtiff-3.5.7-dump.patch 2004-1180 version (rwho, fixed 0.17) 2004-1177 backport (mailman, fixed 2.1.6) in srpm 2004-1176 version (mc, fixed 4.6.0) 2004-1175 version (mc, fixed 4.6.0) 2004-1174 version (mc, fixed 4.6.0) 2004-1171 version (kdelibs, not 3.4) 2004-1170 backport (a2ps) fixed 4.13b-40 from srpm 2004-1165 version (kdelibs, not 3.4) 2004-1158 version (kdelibs, not 3.4) 2004-1156 version (Mozilla, firefox) 2004-1154 version (samba, fixed 3.0.10) 2004-1151 version (kernel, fixed 2.6.10) 2004-1145 version (kde, not 3.4) 2004-1144 version (kernel, not 2.6) 2004-1143 version (mailman, fixed 2.1.5) 2004-1142 version (ethereal, fixed 0.10.8) 2004-1141 version (ethereal, fixed 0.10.8) 2004-1140 version (ethereal, fixed 0.10.8) 2004-1139 version (ethereal, fixed 0.10.8) 2004-1138 version (vim, fixed 6.3) 2004-1137 version (kernel, fixed 2.6.10) 2004-1125 version (kdegraphics, not 3.4) 2004-1125 version (tetex, at least 3.0) 2004-1125 backport (xpdf) xpdf-3.00-can-2004-1125.patch 2004-1096 version (perl-Archive-Zip, fixed 1.14) 2004-1093 version (mc, fixed 4.6.0) 2004-1092 version (mc, fixed 4.6.0) 2004-1091 version (mc, fixed 4.6.0) 2004-1090 version (mc, fixed 4.6.0) 2004-1079 backport (ncpfs) from srpm 2004-1074 version (kernel, fixed 2.6.10) 2004-1073 version (kernel, fixed 2.6.10) 2004-1072 version (kernel, fixed 2.6.10) 2004-1071 version (kernel, fixed 2.6.10) 2004-1070 version (kernel, fixed 2.6.10) 2004-1069 version (kernel, fixed 2.6.10) 2004-1068 version (kernel, fixed 2.6.10) 2004-1065 version (php, fixed after 5.0.2) 2004-1064 version (php, fixed after 5.0.2) 2004-1063 version (php, fixed after 5.0.2) 2004-1060 version (kernel, all verifies sequence number) 2004-1058 version (kernel, fixed 2.6.9) 2004-1057 version (kernel, fixed 2.6.10) 2004-1056 version (kernel, fixed 2.6.10) 2004-1051 version (sudo, fixed 1.6.8p2) 2004-1036 version (squirrelmail, fixed 1.4.4) 2004-1026 backport (imlib) imlib-1.9.14-bounds.patch 2004-1025 backport (imlib) imlib-1.9.14-bounds.patch 2004-1020 version (php, fixed after 5.0.2) 2004-1019 version (php, fixed after 5.0.2) 2004-1018 version (php, fixed after 5.0.2) 2004-1017 version (kernel, fixed 2.6.10) 2004-1016 version (kernel, fixed 2.6.10) 2004-1014 version (nfs-utils, fixed 1.0.7) 2004-1009 version (mc, fixed 4.6.0) 2004-1006 version (dhcp, not 3) 2004-1005 version (mc, fixed 4.6.0) 2004-1004 version (mc, fixed 4.6.0) 2004-1002 ignore (ppp) not a security issue 2004-0996 backport (cscope, not fixed in 15.5) 2004-0990 version (gd, fixed 2.0.29) 2004-0989 version (libxml2, fixed 2.6.15) 2004-0986 version (iptables, fixed 1.2.12) 2004-0983 version (ruby, fixed 1.8.2) 2004-0981 version (ImageMagick, fixed 6.1.0) 2004-0977 version (postgresql, fixed after 7.4.6) 2004-0976 version (perl, since 5.8.4) 2004-0975 backport (openssl097a, fixed 0.9.7f) from srpm 2004-0975 version (openssl, fixed 0.9.7f) 2004-0974 version (netatalk, fixed 2.0.1 says netatalk ChangeLog) 2004-0972 version (lvm2) version 2.2.01.8 is not vulnerable at least 2004-0971 backport (krb5, see bug 136307) fixed by patch in SRPM 2004-0970 version (gzip) gzip-1.3.5-openbsd-owl-tmp.patch 2004-0969 version (groff, fixed 1.18.1.1) 2004-0968 version (glibc, fixed in 2.3.5 at least) 2004-0967 backport (ghostscript) srpm 2004-0966 version (gettext, fixed in 0.14.3 at least) 2004-0961 version (freeradius, fixed 1.0.1) 2004-0960 version (freeradius, fixed 1.0.1) 2004-0959 version (php, fixed 4.3.9) 2004-0958 version (php, fixed 4.3.9) 2004-0957 version (mysql, fixed 4.0.21) 2004-0956 version (mysql, fixed 4.0.20) 2004-0883 upstream (kernel, fixed 2.6.11) 2004-0946 version (nfs-utils, fixed 1.0.6-r6) 2004-0942 version (httpd, fixed 2.0.53) 2004-0941 version (gd, fixed 2.0.22) 2004-0940 version (httpd, not 2.0) 2004-0938 version (freeradius, fixed 1.0.1) 2004-0930 version (samba, fixed 3.0.8) 2004-0929 verison (libtiff, fixed 3.7.0) 2004-0923 version (cups, fixed 1.2.22) 2004-0918 version (squid, fixed 2.4.STABLE7) 2004-0914 version (xorg-x11, fixed after 6.8.1) 2004-0909 version (Mozilla, Thunderbird, Firefox) 2004-0908 version (mozilla #133021, fixed 1.7.3) 2004-0907 version (Mozilla, Thunderbird, Firefox) 2004-0906 version (Mozilla, Thunderbird, Firefox) 2004-0905 version (mozilla #133012, fixed 1.7.3) 2004-0904 version (mozilla #133014, fixed 1.7.3) 2004-0903 version (mozilla #133016, fixed 1.7.3) 2004-0902 version (mozilla #133023, fixed 1.7.3) 2004-0891 version (gaim, fixed 1.0.2) 2004-0889 backport (xpdf) xpdf-3.00-can-2004-1125.patch 2004-0888 version (kpdegraphics, not 3.4) 2004-0888 version (tetex, fixed 3.0) 2004-0888 backport (cups) patch in SRPM 2004-0888 backport (xpdf) xpdf-3.00-can-2004-1125.patch 2004-0887 version (kernel, fixed 2.6.10) 2004-0886 version (kdegraphics, fixed by Update on 20041109) 2004-0886 version (libtiff, fixed 3.7.1 at least) 2004-0885 version (httpd, fixed after 2.0.52) 2004-0884 version (cyrus-sasl, fixed 2.1.20) 2004-0883 version (kernel, fixed 2.6.11) 2004-0882 version (samba, fixed 3.0.8) 2004-0871 ignore (mozilla, unfixed upstream with no patch) 2004-0870 ignore (kde) upstream won't fix 2004-0867 version (firefox, after 0.9.2) 2004-0837 version (mysql, fixed 4.0.21) 2004-0836 version (mysql, fixed 4.0.21) 2004-0835 version (mysql, fixed 4.1.2) 2004-0832 version (squid, fixed 2.5.STABLE7) 2004-0829 version (samba, fixed 2.2.11) 2004-0827 version (ImageMagick, fixed 6.0.6.2) 2004-0823 version (openldap, fixed after 2.1.19) 2004-0817 version (imlib, fixed at least by 2.1.20) 2004-0816 version (kernel, fixed 2.6.8) 2004-0815 version (samba, fixed 3.0.2a) 2004-0814 version (kernel, fixed 2.6.9) 2004-0813 version (kernel, fixed 2.6.8) 2004-0812 version (kernel, not 2.6) 2004-0811 version (httpd, fixed 2.0.52) 2004-0809 version (httpd, fixed 2.0.51) 2004-0808 version (samba, fixed 3.0.7) 2004-0807 version (samba, fixed 3.0.7) 2004-0806 version (cdrtools, fixed 2.0.1) 2004-0804 version (kdegraphics) 2004-0804 version (libtiff, fixed after 3.6.1) 2004-0803 version (kdegraphics) 2004-0803 version (libtiff, fixed after 3.6.1) 2004-0802 version (imlib, fixed 1.1.2) 2004-0801 version (foomatic, fixed 3.0.2) 2004-0797 version (zlib, fixed in 1.2.2.2 at least) 2004-0796 version (spamassassin, fixed 2.64) 2004-0792 version (rsync, fixed 2.6.3) 2004-0791 version (kernel, fixed 2.6.9) 2004-0790 version (doesn't affect linux 2.4, 2.6) 2004-0797 version (zlib) 2004-0788 version (gdk-pixbuf, fixed 0.22) 2004-0788 version (gtk2, fixed 2.6.7 at least by inspection) 2004-0786 version (apr-util, fixed 2.0.51) 2004-0785 version (gaim, fixed 0.82) 2004-0784 version (gaim, fixed 0.82) 2004-0783 version (gdk-pixbuf, fixed 0.22) 2004-0783 version (gtk2, fixed 2.6.7 at least by inspection) 2004-0782 version (gdk-pixbuf, fixed 0.22) 2004-0782 version (gtk2, fixed 2.6.7 at least by inspection) 2004-0779 version (mozilla, firefox, thunderbird) 2004-0778 version (cvs, fixed 1.11.17) 2004-0772 version (krb5, fixed after 1.2.8) 2004-0771 backport (lha, changelog) 2004-0769 backport (lha, changelog) 2004-0768 version (libpng, fixed 1.2.6) 2004-0765 version (mozilla #234058, fixed 1.7) 2004-0764 version (mozilla #244965, fixed 1.7) 2004-0763 version (mozilla #253121, fixed 1.7.2) 2004-0762 version (mozilla #162020, fixed 1.7) 2004-0761 version (mozilla #240053, fixed 1.7) 2004-0760 version (mozilla #250906, fixed 1.7.2) 2004-0759 version (mozilla #241924, fixed 1.7) 2004-0758 version (mozilla, fixed 1.7.2) 2004-0757 version (mozilla #229374, fixed 1.7) 2004-0755 version (ruby, fixed 1.8.1) 2004-0754 version (gaim, fixed 0.82) 2004-0753 version (gdk-pixbuf, fixed 0.22) 2004-0753 version (gtk2, fixed after 2.2.4) 2004-0752 version (openoffice.org, fixed after 1.1.2) 2004-0751 version (httpd, fixed 2.0.51) 2004-0750 version (system-config-nfs, fixed 1.0.13) 2004-0749 version (subversion, fixed 1.0.8) 2004-0748 version (httpd, fixed 2.0.51) 2004-0747 version (httpd, fixed 2.0.51) 2004-0746 version (kde, fixed 3.3) 2004-0745 backport (lha, changelog) 2004-0722 version (mozilla #236618, fixed 1.7) 2004-0721 version (kdelibs, fixed 3.3) 2004-0718 version (mozilla #246448, fixed 1.7) 2004-0700 version (httpd, not 2.0) 2004-0694 backport (lha, changelog) 2004-0693 version (qt, fixed 3.3.3) 2004-0692 version (qt, fixed 3.3.3) 2004-0691 version (gdk-pixbuf; qt, fixed 3.3.3) 2004-0690 version (kdelibs, fixed after 3.2.3) 2004-0689 version (kdelibs, fixed 3.3.0) 2004-0688 version (openmotif) 2004-0687 version (openmotif) 2004-0686 version (samba, fixed 3.0.6) 2004-0685 version (kernel, not 2.6) 2004-0658 ignore (kernel) not a security issue 2004-0648 version (mozilla, firefox, thunderbird) 2004-0644 version (krb5, fixed after 1.3.4) 2004-0643 version (krb5, fixed after 1.3.1) 2004-0642 version (krb5, fixed after 1.3.4) 2004-0639 version (squirrelmail, fixed after 1.2.10) 2004-0635 version (ethereal, fixed 0.10.5) 2004-0634 version (ethereal, fixed 0.10.5) 2004-0633 version (ethereal, fixed 0.10.5) 2004-0628 version (mysql, fixed 4.1.3) 2004-0627 version (mysql, fixed 4.1.3) 2004-0626 version (kernel, fixed 2.6.8) 2004-0619 version (kernel, no driver) 2004-0607 version (racoon, note RHSA-2004:308 has wrong text) 2004-0603 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch 2004-0600 version (samba, fixed 3.0.6) 2004-0599 version (mozilla, fixed 1.7.2) 2004-0599 version (libpng10, fixed 1.0.16) 2004-0599 version (libpng, fixed 1.2.6) 2004-0598 version (libpng10, fixed 1.0.16) 2004-0598 version (libpng, fixed 1.2.6) 2004-0597 version (mozilla, fixed 1.7.2) 2004-0597 version (libpng10, fixed 1.0.16) 2004-0597 version (libpng, fixed 1.2.6) 2004-0595 version (php, fixed 4.3.8) 2004-0594 version (php, fixed 4.3.8) 2005-0590 version (openswan, fixed 2.1.4) 2004-0587 version (kernel, not upstream flaw) 2004-0558 version (cups, fixed 1.1.21) 2004-0557 version (sox, fixed after 12.17.4) 2005-0565 version (kernel, not 2.6) 2004-0554 version (kernel, fixed 2.6.7) 2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue 2004-0547 version (postgresql, fixed 7.2.1) 2004-0541 version (squid) 2004-0535 version (kernel, fixed 2.6.6) 2004-0527 version (konqueror, not 3+) 2004-0523 version (krb5, fixed 1.3.4) 2004-0521 version (squirrelmail, fixed 1.4.3a) 2004-0520 version (squirrelmail, fixed 1.4.3a) 2004-0519 version (squirrelmail, fixed 1.4.3a) 2004-0507 version (ethereal, fixed 0.10.4) 2004-0506 version (ethereal, fixed 0.10.4) 2004-0505 version (ethereal, fixed 0.10.4) 2004-0504 version (ethereal, fixed 0.10.4) 2004-0500 version (gaim, fixed 0.82) 2004-0497 version (kernel, fixed 2.6.8) 2004-0496 version (kernel, fixed 2.6.8) 2004-0495 version (kernel, fixed 2.6.8) 2004-0494 version (mc, fixed 4.6.1) 2004-0493 version (httpd, fixed 2.0.50) 2004-0492 version (httpd, not 2.0) 2004-0491 version (kernel, not upstream) 2004-0488 version (httpd, fixed 2.0.50) 2004-0461 version (dhcp, fixed after 3.0.1rc13) 2004-0460 version (dhcp, fixed after 3.0.1rc13) 2004-0478 ignore (mozilla) not a security issue 2004-0457 version (mysql, fixed after 4.0.20) 2004-0452 backport (perl, not 5.8.6) 2004-0447 version (kernel, fixed 2.6.5) 2004-0427 version (kernel, fixed 2.6.6) 2004-0426 version (rsync, fixed 2.6.1) 2004-0424 version (kernel, fixed 2.6.4) 2004-0421 version (libpng10, fixed 1.0.16) 2004-0421 version (libpng, fixed 1.0.16) 2004-0419 version (xorg-x11, fixed 6.8.2 at least) 2004-0418 version (cvs, fixed 1.11.17) 2004-0417 version (cvs, fixed 1.11.17) 2004-0416 version (cvs, fixed 1.11.17) 2004-0415 version (kernel, fixed 2.6.8) 2004-0414 version (cvs, fixed 1.11.17) 2004-0413 version (subversion, fixed 1.0.5) 2004-0412 version (mailman, fixed 2.1.5) 2004-0411 version (kdelibs, fixed 3.3) 2004-0409 version (xchat, fixed after 2.0.8) 2004-0405 version (cvs, fixed 1.11) 2004-0403 version (racoon, fixed 20040408a) 2004-0398 version (neon, fixed 0.24.6) 2004-0397 version (subversion, fixed 1.0.1) 2004-0396 version (cvs, fixed 1.12.8) 2004-0394 version (kernel, not 2.6 and not a vuln) 2004-0392 version (racoon, fixed 20040407b) 2004-0388 version (mysql, 4.1.11 is okay at least) 2004-0381 version (mysql, 4.1.11 is okay at least) 2004-0367 version (ethereal, fixed 0.10.3) 2004-0365 version (ethereal, fixed 0.10.3) 2004-0263 version (php, fixed 4.3.5) 2004-0256 version (libtool, fixed 1.5.2) 2004-0235 backport (lha, changelog) 2004-0234 backport (lha, changelog) 2004-0233 version (utempter, fixed 0.5.5) 2004-0232 version (mc, fixed 4.6.0) 2004-0231 version (mc, fixed 4.6.0) 2004-0229 version (kernel, fixed 2.6.6) 2004-0228 version (kernel, fixed 2.6.6) 2004-0226 version (mc, fixed 4.6.0) 2004-0191 version (Mozilla, fixed 1.4.2) 2004-0189 version (squid, fixed 2.5.STABLE5) 2004-0186 version (samba, not 3.0.2a) 2004-0184 version (tcpdump, fixed 3.8.2) 2004-0183 version (tcpdump, fixed 3.8.2) 2004-0182 version (mailman, only affected RH packages) 2004-0181 version (kernel, fixed 2.6.5) 2004-0180 version (cvs, fixed 1.11.15) 2004-0179 version (openoffice.org) 2004-0179 version (neon, fixed 0.24.5) 2004-0178 version (kernel, not 2.6) 2004-0177 version (kernel, fixed 2.6.6) 2004-0176 version (ethereal, fixed 0.10.3) 2004-0175 version (openssh, fixed 3.4p1) 2004-0174 version (httpd, fixed 2.0.49) 2004-0173 version (httpd, fixed 2.0.49) 2004-0164 version (racoon) 2004-0155 version (racoon) 2004-0154 version (nfs-utils, fixed 1.0.6) 2004-0150 version (python, fixed 2.2.2) 2004-0133 version (kernel, 2.6.4) 2004-0113 version (httpd, fixed 2.0.49) 2004-0112 backport (openssl097a, fixed 0.9.7d) from srpm 2004-0112 version (openssl, fixed 0.9.7d) 2004-0111 version (gdk-pixbuf, fixed 0.20) 2004-0110 version (libxml2, fixed 2.6.6) 2004-0109 version (kernel, fixed 2.6.6) 2004-0108 version (sysstat) 2004-0107 version (sysstat, fixed after 4.0.7) 2004-0106 version (XFree86) 2004-0098 version (php) 2004-0097 version (pwlib, fixed 1.6.0) 2004-0096 version (mod_python, fixed after 2.7.9) 2004-0094 version (XFree86, fixed 4.3.0) 2004-0093 version (XFree86, fixed 4.3.0) 2004-0084 version (XFree86) 2004-0083 version (XFree86) 2004-0082 version (samba, fixed 3.0.2) 2004-0081 version (openssl097a, fixed 0.9.6d) 2004-0081 version (openssl, fixed 0.9.6d) 2004-0080 version (util-linux, fixed after 2.11f) 2004-0079 backport (openssl097a, fixed 0.9.7c) in srpm 2004-0079 version (openssl, fixed 0.9.7c) 2004-0078 version (mutt, fixed 1.4.2) 2004-0077 version (kernel, fixed 2.6.3) 2004-0075 version (kernel, not 2.6) 2004-0057 version (tcpdump, fixed 3.8.2) 2004-0055 version (tcpdump, fixed 3.8.2) 2004-0042 ignore (vsftpd) disputed 2004-0010 version (kernel, not 2.6) 2004-0008 version (gaim, fixed 0.75) 2004-0007 version (gaim, fixed 0.75) 2004-0006 version (gaim, fixed 0.76) 2004-0005 version (gaim, fixed 0.76) 2004-0003 version (kernel, not 2.6) 2004-0001 version (kernel, not 2.6)