Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830
Summary: CVE-2006-2453 Additional dia format string flaws
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: dia
AssignedTo: j.w.r.degoede(a)hhs.nl
ReportedBy: bressers(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
A number of additional format string issues were discovered by Hans de Goede and
has been assigned the CVE id CVE-2006-2453.
The fix is attachment 129852
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106
Summary: CVE-2006-3458: Zope local information disclosure
Product: Fedora Extras
Version: fc5
Platform: All
URL: http://www.zope.org/Products/Zope/Hotfix-2006-07-
05/Hotfix-20060705/README.txt
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: zope
AssignedTo: gauret(a)free.fr
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to
2.9.3 (Zope2) allows local users to obtain sensitive information via unknown
attack vectors related to the docutils module and "restructured text".
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3458http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.…
Based on the version numbers, all FC-3+ appear to be vulnerable.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200545
Summary: CVE-2006-3913, freeciv: server buffer overflow issues
Product: Fedora Extras
Version: fc5
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3913
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: freeciv
AssignedTo: bdpepple(a)ameritech.net
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
CVE-2006-3913, http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3913 :
Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and
earlier, allows remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a (1) negative chunk_length or a (2) large
chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the
generic_handle_player_attribute_chunk function in common/packets.c, and (3) a
large packet->length value in the handle_unit_orders function in server/unithand.c.
All FE-[345] and devel are probably affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200795
Summary: xboard: world writable chess.png
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: xboard
AssignedTo: kaboom(a)oobleck.net
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
/usr/share/pixmaps/chess.png is world writable apparently due to bad umask
setting in the FE build system; its maintainers have been notified.
FE5 and devel are affected and this should be fixed in the package anyway, a fix
is to use "install -pm 644" instead of cp to install the file. In the FE4
package the file is 664, not world writable, but I'd recommend fixing this in it
too.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200794
Summary: zope: world writable files
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: high
Priority: urgent
Component: zope
AssignedTo: gauret(a)free.fr
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
The following files in zope are world writable apparently due to bad umask
setting in the FE build system; its maintainers have been notified.
/usr/lib/zope/skel/etc/logrotate.conf.in
/usr/share/doc/zope-2.8.3/README.Fedora
/var/lib/zope/etc/logrotate.conf
FE[345] and devel are affected and this should be fixed in the package anyway, a
fix is to use "install -pm 644" instead of cp when copying files around.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200793
Summary: gallery2: world writable .htaccess
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: high
Priority: high
Component: gallery2
AssignedTo: jwb(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
/usr/share/gallery2/.htaccess is world writable apparently due to bad umask
setting in the FE build system; its maintainers have been notified.
FE[45] and devel are affected and this should be fixed in the package anyway, a
fix is to use "install -pm 644" instead of cp to install the file.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Hi everyone,
I finally checked in an extras errata generation system. It's rather
trivial. I've been sitting on this for a few weeks and just haven't had
time to clean it up enough to commit it.
The bits are here:
http://cvs.fedora.redhat.com/viewcvs/fedora-security/extras-errata/?root=fe…
If you have the fedora-security CVS repository checked out you should just
have to do a cvs up to get it.
The readme file has some details on how things work. In a nutshell you
just have to run the errata-gen command, which places an advisory into the
errata directory for you. Then just edit away.
Now we have to think about how editing should be handled. I'm thinking at
least one other team member should approve an errata before it gets mailed.
Thoughts?
--
JB
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200323
Summary: CVE-2006-3816, krusader: cleartext passwords in
bookmarks file
Product: Fedora Extras
Version: fc5
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3816
OS/Version: Linux
Status: NEW
Severity: high
Priority: normal
Component: krusader
AssignedTo: mgarski(a)post.pl
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3816http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965
Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in
cleartext in the bookmark file (krbookmarks.xml), which allows attackers to
steal passwords by obtaining the file.
FE[345] and devel affected.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357
kengert(a)redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kengert(a)redhat.com
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.