Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830
Summary: CVE-2006-2453 Additional dia format string flaws
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: dia
AssignedTo: j.w.r.degoede(a)hhs.nl
ReportedBy: bressers(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
A number of additional format string issues were discovered by Hans de Goede and
has been assigned the CVE id CVE-2006-2453.
The fix is attachment 129852
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167
Summary: seamonkey < 1.0.5 multiple vulnerabilities
Product: Fedora Extras
Version: fc4
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: seamonkey
AssignedTo: kengert(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
seamonkey 1.0.4 in FE4 is probably affected by CVE-2006-4253, CVE-2006-4340,
CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4570 and CVE-2006-4571.
According to upstream, these are fixed in 1.0.5 (FE5+)
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212699
Summary: CVE-2006-5602: xsupplicant < 1.2.6 memory leaks
Product: Fedora Extras
Version: fc3
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5602
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: xsupplicant
AssignedTo: tcallawa(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5602 (FC3 only)
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208299
Summary: CVE-2006-4976: php-adodb information disclosure
Product: Fedora Extras
Version: fc5
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4976
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: php-adodb
AssignedTo: gauret(a)free.fr
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
CVE-2006-4976: The Date Library in John Lim ADOdb Library for PHP allows remote
attackers to obtain sensitive information via a direct request for [...]
There's not much information about this issue (?) available at the moment.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212698
Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3
Product: Fedora Extras
Version: fc6
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: abiword
AssignedTo: uwog(a)uwog.net
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
+++ This bug was initially created as a clone of Bug #212696 +++
Multiple integer overflows in wv < 1.2.3:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513
abiword uses an internal copy of wv, which seems to be 1.0.3 as of abiword
2.4.5, so it may be affected.
Additionally, would it be possible to change abiword to use the system
installed wv instead of the internal one?
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210825
Summary: RSA signature forgery issues in BouncyCastle < 1.34
Product: Fedora Core
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: java-1.4.2-gcj-compat
AssignedTo: fitzsim(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
CC: fedora-security-list(a)redhat.com
>From BouncyCastle 1.34 release notes:
Security Advisory If you are using RSA with a public exponent of three you
must upgrade to this release if you want to avoid recent forgery attacks that
have been described against specific implementations of the RSA signature
algorithm.
java-1.4.2-gcj-compat in FC5 ship with BC 1.31 and may thus be affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
Summary: CVE-2006-3458: Zope local information disclosure
Product: Fedora Extras
Version: fc5
Platform: All
URL: http://www.zope.org/Products/Zope/Hotfix-2006-07-
05/Hotfix-20060705/README.txt
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: zope
AssignedTo: gauret(a)free.fr
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to
2.9.3 (Zope2) allows local users to obtain sensitive information via unknown
attack vectors related to the docutils module and "restructured text".
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3458http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.…
Based on the version numbers, all FC-3+ appear to be vulnerable.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212700
Summary: CVE-2006-5601: xsupplicant < 1.2.8 (?) stack smashing
vulnerability
Product: Fedora Extras
Version: fc6
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5601
OS/Version: Linux
Status: NEW
Severity: high
Priority: normal
Component: xsupplicant
AssignedTo: tcallawa(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5601http://open1x.sourceforge.net/
"7 Oct 2006 -- Xsupplicant 1.2.8 is now available for download. This release
has several bug fixes in it, including a fix to a stack smash that could
potentially lead to a remote root exploit."
Seems to affect all FE versions.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212355
Summary: CVE-2006-5453, CVE-2006-5454, CVE-2006-5455 bugzilla
vulnerabilities
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: bugzilla
AssignedTo: jwb(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
According to CVE descriptions, Bugzilla in FE-4 and later is vulnerable to:
CVE-2006-5453 (unauthorized write access)
CVE-2006-5454 (unauthorized information access)
CVE-2006-5455 (unauthorized write access)
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212696
Summary: CVE-2006-4513: multiple integer overflows in wv < 1.2.3
Product: Fedora Extras
Version: fc6
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: wv
AssignedTo: gauret(a)free.fr
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
Multiple integer overflows in wv < 1.2.3:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4513
All FE versions seem affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.