Up to date CVE as of CVE email 20061123
Up to date FC5 as of 20061123

This list is no longer maintained by the Red Hat security
response team as of 29th June 2007 (two months after the
release date of Fedora 7)

** are items that need attention

CVE-2007-4168 VULNERABLE (libexif) #243891
CVE-2007-2873 version (spamassassin, fixed 3.1.9)
CVE-2007-1565 ignore (konqueror) client crash
CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] 
CVE-2007-1475 ignore (php) unshipped ibase extension
CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604
CVE-2007-1413 ignore (php) Windows NT SNMP specific
CVE-2007-1412 ignore (php) unshipped cpdf extension
CVE-2007-1411 ignore (php) unshipped mssql extension
CVE-2007-1401 ignore (php) unshipped cracklib extension
CVE-2007-1396 ignore (php) feature, not a flaw
CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-316]
CVE-2007-1218 backport (tcpdump) #232349 [since FEDORA-2007-348]
CVE-2007-1006 backport (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-321] 
CVE-2007-1004 VULNERABLE (firefox, ...)
CVE-2007-1002 VULNERABLE (evolution) #233587
CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-336] 
CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-344]
CVE-2007-0988 backport (php) #228011 [since FEDORA-2007-261]
CVE-2007-0981 VULNERABLE (firefox, ...)
CVE-2007-0910 backport (php) #228011 [since FEDORA-2007-261]
CVE-2007-0909 backport (php) #228011 [since FEDORA-2007-261]
CVE-2007-0908 backport (php) #228011 [since FEDORA-2007-261]
CVE-2007-0907 backport (php) #228011 [since FEDORA-2007-261]
CVE-2007-0906 backport (php) #228011 [since FEDORA-2007-261]
CVE-2007-0823 ignore (xterm) feature, not a bug
CVE-2007-0822 ignore (util-linux) NULL dereference
CVE-2007-0772 version (kernel) [since FEDORA-2007-277]
CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456
CVE-2007-0720 version (cups, fixed 1.2.7) #232243 [since FEDORA-2007-1219]
CVE-2007-0650 ignore (tetex) needs user's assistance
CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-164]
CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-164]
CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-242]
CVE-2007-0247 backport(squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-092]
CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage
CVE-2007-0104 ignore (poppler) only client DoS
CVE-2007-0104 ignore (kdegraphics) only client DoS
CVE-2007-0086 ignore (apache) not a security issue
CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-278]
CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-278]
CVE-2007-0007 ignore (gnucsh) doesn't affect this version
CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-336] 
CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-225]
CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-336] 
CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-350]
CVE-2006-6939 VULNERABLE (ed, fixed 0.3) #223075
CVE-2006-6899 version (bluez-utils, fixed 2.23)
CVE-2006-6870 backport (avahi, fixed 0.6.16) #221726 [since FEDORA-2007-018]
CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-078]
CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-037]
CVE-2006-6698 VULNERABLE (GConf2) #219280
CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible
CVE-2006-6385 ignore (kernel) windows only
CVE-2006-6383 ignore (php) safe mode isn't safe
CVE-2006-6333 ignore (kernel, 2.6.19 only)
CVE-2006-6332 ignore (kernel) no support for madwifi
CVE-2006-6305 ignore (net-snmp) already have the backported patch
CVE-2006-6304 ignore (kernel, 2.6.19 only)
CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1440]
CVE-2006-6297 ignore (kdegraphics) just a crash
CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1405]
CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1405]
CVE-2006-6144 ** krb5
CVE-2006-6143 ** krb5
CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-088]
CVE-2006-6128 VULNERABLE (kernel, fixed **)
CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2)
CVE-2006-6106 version (kernel, fixed 2.6.18.6) [since FEDORA-2006-1470]
CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1467]
CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-068]
CVE-2006-6097 backport (tar) [since FEDORA-2006-6097]
CVE-2006-6077 VULNERABLE (firefox)
CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
CVE-2006-6058 VULNERABLE (kernel, fixed **)
CVE-2006-6057 ignore (kernel, fixed **) separate modules
CVE-2006-6056 backport (kernel, fixed 2.6.19) [since FEDORA-2006-1470]
CVE-2006-6054 VULNERABLE (kernel, fixed **)
CVE-2006-6053 backport (kernel) [since FEDORA-2006-1221]
CVE-2006-5989 backport (mod_auth_kerb) [since FEDORA-2006-1341]
CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5
CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508
CVE-2006-5925 backport (elinks) #215734 [since FEDORA-2006-1277]
CVE-2006-5876 VULNERABLE (libsoup) #223144
CVE-2006-5871 version (kernel, fixed 2.6.10)
CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560
CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-041]
CVE-2006-5864 VULNERABLE (evince) #217672
CVE-2006-5823 backport (kernel) [since FEDORA-2006-1221]
CVE-2006-5794 backport (openssh, fixed 4.5) #214641 [since FEDORA-2006-1214]
CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash
CVE-2006-5783 ignore (firefox) disputed
CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768
CVE-2006-5757 backport (kernel, fixed 2.6.19-rc2) [since FEDORA-2006-1221]
CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-277]
CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1470]
CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2)
CVE-2006-5748 version (thunderbird) [since FEDORA-2006-1194]
CVE-2006-5748 version (firefox) [since FEDORA-2006-1199]
CVE-2006-5747 version (thunderbird) [since FEDORA-2006-1194]
CVE-2006-5747 version (firefox) [since FEDORA-2006-1199]
CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe
CVE-2006-5701 VULNERABLE (kernel) squashfs is not included upstream
CVE-2006-5633 ignore (firefox) just a client DoS
CVE-2006-5619 version (kernel, fixed 2.6.18.2, fixed 2.6.19-rc4) [since FEDORA-2006-1221]
CVE-2006-5595 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1141]
CVE-2006-5542 version (postgresql, fixed 8.1.5) #212360 [since FEDORA-2007-054]
CVE-2006-5541 version (postgresql, fixed 8.1.5) #212360 [since FEDORA-2007-054]
CVE-2006-5540 version (postgresql, fixed 8.1.6) #212360 [since FEDORA-2007-054]
CVE-2006-5470 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1141]
CVE-2006-5469 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1141]
CVE-2006-5468 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1141]
CVE-2006-5467 backport (ruby) #212396 [since FEDORA-2006-1110]
CVE-2006-5466 VULNERABLE (rpm) #212833
CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDORA-2006-1168]
CVE-2006-5464 version (thunderbird) [since FEDORA-2006-1194]
CVE-2006-5464 version (firefox) [since FEDORA-2006-1199]
CVE-2006-5463 version (thunderbird) [since FEDORA-2006-1194]
CVE-2006-5463 version (firefox) [since FEDORA-2006-1199]
CVE-2006-5462 version (thunderbird) [since FEDORA-2006-1194]
CVE-2006-5462 version (firefox) [since FEDORA-2006-1199]
CVE-2006-5461 backport (avahi, fixed 0.6.15) [since FEDORA-2006-1339]
CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1286]
CVE-2006-5397 version (libX11, 1.0.2 and 1.0.3 only)
CVE-2006-5331 VULNERABLE (kernel, fixed 2.6.19-rc3)
CVE-2006-5298 backport (mutt) [since FEDORA-2006-1061]
CVE-2006-5297 backport (mutt) [since FEDORA-2006-1061]
CVE-2006-5229 ignore (openssh) reported not an issue
CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession
CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167
CVE-2006-5215 VULNERABLE (xorg-x11-xdm) #212167
CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession
CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167
CVE-2006-5214 VULNERABLE (xorg-x11-xdm) #212167
CVE-2006-5178 VULNERABLE (php) can't be fixed
CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only
CVE-2006-5173 version (kernel, fixed 2.6.18) [since FEDORA-2006-1022] protected by exec-shield
CVE-2006-5170 VULNERABLE (nss_ldap) #209361
CVE-2006-5160 ignore (firefox) unverified
CVE-2006-5159 ignore (firefox) unverified
CVE-2006-5158 version (kernel, fixed 2.6.15)
CVE-2006-5072 backport (mono) #209464 [since FEDORA-2006-1012]
CVE-2006-5052 VULNERABLE (openssh, fixed 4.4)
CVE-2006-5051 backport (openssh, fixed 4.4) [since FEDORA-2006-1011]
CVE-2006-4997 version (kernel, fixed 2.6.18) [since FEDORA-2006-1022]
CVE-2006-4980 backport (python, fixed 2.4.4 at least) #208166 [since FEDORA-2006-1049]
CVE-2006-4925 ignore (openssh) client crash only
CVE-2006-4924 backport (openssh) #207957 [since FEDORA-2006-1011]
CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr
CVE-2006-4813 version (kernel, fixed 2.6.13)
CVE-2006-4812 backport (php) [since FEDORA-2006-1024] **
CVE-2006-4811 version (qt, fixed 3.3.7) #211342 [since FEDORA-2006-1056]
CVE-2006-4810 backport (texinfo) [since FEDORA-2006-1202]
CVE-2006-4805 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1141]
CVE-2006-4790 backport (gnutls, fixed 1.4.4) [since FEDORA-2006-974]
CVE-2006-4663 ignore (kernel) not a vulnerability
CVE-2006-4625 version (php, fixed 5.1.6) [since FEDORA-2006-1024]
CVE-2006-4624 version (mailman, fixed 2.1.9rc1) #205652 [since FEDORA-2006-1013]
CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) [since FEDORA-2006-1022]
CVE-2006-4600 VULNERABLE (openldap, fixed 2.3.25) #205827
CVE-2006-4574 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1141]
CVE-2006-4573 VULNERABLE (screen) #212057
CVE-2006-4572 VULNERABLE (kernel, fixed 2.6.19-rc4)
CVE-2006-4571 version (thunderbird, fixed 1.5.0.7) [since FEDORA-2006-977]
CVE-2006-4571 version (firefox, fixed 1.5.0.7) [since FEDORA-2006-976]
CVE-2006-4571 VULNERABLE (mozilla)
CVE-2006-4570 version (thunderbird, fixed 1.5.0.7) [since FEDORA-2006-977]
CVE-2006-4570 VULNERABLE (mozilla)
CVE-2006-4569 version (firefox, fixed 1.5.0.7) [since FEDORA-2006-976]
CVE-2006-4569 VULNERABLE (mozilla)
CVE-2006-4568 version (firefox, fixed 1.5.0.7) [since FEDORA-2006-976]
CVE-2006-4568 VULNERABLE (mozilla)
CVE-2006-4567 version (thunderbird, fixed 1.5.0.7) [since FEDORA-2006-977]
CVE-2006-4567 version (firefox, fixed 1.5.0.7) [since FEDORA-2006-976]
CVE-2006-4566 version (thunderbird, fixed 1.5.0.7) [since FEDORA-2006-977]
CVE-2006-4566 version (firefox, fixed 1.5.0.7) [since FEDORA-2006-976]
CVE-2006-4566 VULNERABLE (mozilla)
CVE-2006-4565 version (thunderbird, fixed 1.5.0.7) [since FEDORA-2006-977]
CVE-2006-4565 version (firefox, fixed 1.5.0.7) [since FEDORA-2006-976]
CVE-2006-4565 VULNERABLE (mozilla)
CVE-2006-4561 VULNERABLE (firefox)
CVE-2006-4538 version (kernel, fixed 2.6.18) [since FEDORA-2006-1022] ia64 and sparc only
CVE-2006-4535 version (kernel, fixed 2.6.17.12, fixed 2.6.18-rc6) [since FEDORA-2006-967]
CVE-2006-4514 backport (libgsf, fixed 1.14.2) #217957 [since FEDORA-2006-1399]
CVE-2006-4507 ignore (libtiff) can't reproduce
CVE-2006-4486 version (php, fixed 5.1.6) [since FEDORA-2006-1024]
CVE-2006-4485 version (php, fixed 5.1.5) [since FEDORA-2006-1024]
CVE-2006-4484 version (php, fixed 5.1.5) [since FEDORA-2006-1024] also ignore
CVE-2006-4484 ignore (gd)
CVE-2006-4483 ignore (php) not linux
CVE-2006-4482 version (php, fixed 5.1.5) #204995 [since FEDORA-2006-1024]
CVE-2006-4481 ignore (php) safe mode isn't safe
CVE-2006-4455 ignore (xchat) client DoS
CVE-2006-4447 ignore (xorg) not a security issue
CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable
CVE-2006-4433 version (php, fixed 5.1.4) [since FEDORA-2006-1024]
CVE-2006-4380 version (mysql, fixed 4.1.13)
CVE-2006-4343 backport (openssl, fixed 0.9.8d) [since FEDORA-2006-1004]
CVE-2006-4342 ignore (kernel) rhel3 only
CVE-2006-4340 version (nss, fixed 3.11.3) [since FEDORA-2006-979]
CVE-2006-4339 backport (openssl097a) [since FEDORA-2006-953]
CVE-2006-4339 backport (openssl) [since FEDORA-2006-953]
CVE-2006-4338 version (gzip) #207643 [since FEDORA-2006-993]
CVE-2006-4337 version (gzip) #207643 [since FEDORA-2006-993]
CVE-2006-4336 version (gzip) #207643 [since FEDORA-2006-993]
CVE-2006-4335 version (gzip) #207643 [since FEDORA-2006-993]
CVE-2006-4334 version (gzip) #207643 [since FEDORA-2006-993]
CVE-2006-4333 version (wireshark, fixed 0.99.3) [since FEDORA-2006-936]
CVE-2006-4332 version (wireshark, fixed 0.99.3) [since FEDORA-2006-936]
CVE-2006-4331 version (wireshark, fixed 0.99.3) [since FEDORA-2006-936]
CVE-2006-4330 version (wireshark, fixed 0.99.3) [since FEDORA-2006-936]
CVE-2006-4310 VULNERABLE (firefox)
CVE-2006-4262 backport (cscope) #203649 [since FEDORA-2006-932]
CVE-2006-4253 version (thunderbird, fixed 1.5.0.7) [since FEDORA-2006-977]
CVE-2006-4253 version (firefox, fixed 1.5.0.7) [since FEDORA-2006-976]
CVE-2006-4227 version (mysql, fixed 5.0.25,5.1.12) #203432 [since FEDORA-2006-1298]
CVE-2006-4226 version (mysql, fixed 5.0.25,5.1.12) #203427 [since FEDORA-2006-1298]
CVE-2006-4146 backport (gdb) [since FEDORA-2006-975]
CVE-2006-4145 version (kernel, fixed 2.6.17.10) [since FEDORA-2006-967] needs a better upstream fix
CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) #202773 [since FEDORA-2006-929]
CVE-2006-4096 version (bind) [since FEDORA-2006-1024] was backport since FEDORA-2006-966
CVE-2006-4095 version (bind) [since FEDORA-2006-418] was backport since FEDORA-2006-966
CVE-2006-4093 version (kernel, fixed 2.6.17.9) [since FEDORA-2006-967]
CVE-2006-4031 version (mysql, fixed 5.0.24) #202247 [since FEDORA-2006-1298]
CVE-2006-4020 version (php) #201767 [since FEDORA-2006-1024]
CVE-2006-4019 version (squirrelmail, fixed 1.4.8) #202196 [since FEDORA-2006-913]
CVE-2006-3918 version httpd, fixed 2.2.2 [since FEDORA-2006-364]
CVE-2006-3879 version (mikmod, not 3.1.6)
CVE-2006-3835 VULNERABLE (tomcat, fixed 5.5.17)
CVE-2006-3813 version (perl) only Red Hat Enterprise Linux affected
CVE-2006-3812 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3812 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3812 VULNERABLE (mozilla)
CVE-2006-3811 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3811 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3811 VULNERABLE (mozilla)
CVE-2006-3810 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3810 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3810 VULNERABLE (mozilla)
CVE-2006-3809 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3809 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3809 VULNERABLE (mozilla)
CVE-2006-3808 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3808 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3808 VULNERABLE (mozilla)
CVE-2006-3807 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3807 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3807 VULNERABLE (mozilla)
CVE-2006-3806 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3806 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3806 VULNERABLE (mozilla)
CVE-2006-3805 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3805 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3805 VULNERABLE (mozilla)
CVE-2006-3804 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3804 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3804 VULNERABLE (mozilla)
CVE-2006-3803 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3803 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3803 VULNERABLE (mozilla)
CVE-2006-3802 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3802 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3802 VULNERABLE (mozilla)
CVE-2006-3801 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3801 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3801 VULNERABLE (mozilla)
CVE-2006-3747 backport (httpd, fixed 2.2.3) [since FEDORA-2006-863]
CVE-2006-3746 version (gnupg, fixed 1.4.5) #200904 [since FEDORA-2006-868]
CVE-2006-3745 version (kernel, fixed 2.6.17.10) [since FEDORA-2006-967]
CVE-2006-3744 backport (ImageMagick) #202193 [since FEDORA-2006-929]
CVE-2006-3743 backport (ImageMagick) #202193 [since FEDORA-2006-929]
CVE-2006-3742 backport (kdebase) #201507 [since FEDORA-2006-942]
CVE-2006-3741 version (kernel, fixed 2.6.18-rc7) [since FEDORA-2006-1022] ia64 only
CVE-2006-3740 VULNERABLE (libXfont, fixed 1.2.2)
CVE-2006-3739 VULNERABLE (libXfont, fixed 1.2.2)
CVE-2006-3738 backport (openssl, fixed 0.9.8d) [since FEDORA-2006-1004]
CVE-2006-3731 ignore (firefox) just a user complicit crash
CVE-2006-3694 backport (ruby, fixed 1.8.5) #199538 #199543 [since FEDORA-2006-849]
CVE-2006-3677 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3677 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3677 VULNERABLE (mozilla)
CVE-2006-3672 ignore (konqueror) just a crash
CVE-2006-3665 ignore (squirrelmail) don't enable register_globals!
CVE-2006-3636 version (mailman, fixed 2.1.9) [since FEDORA-2006-1013]
CVE-2006-3634 version (kernel, fixed 2.6.17.8) [since FEDORA-2006-906] s390 only
CVE-2006-3632 version (ethereal, fixed wireshark-0.99.2) [since FEDORA-2006-860]
CVE-2006-3631 version (ethereal, fixed wireshark-0.99.2) [since FEDORA-2006-860]
CVE-2006-3630 version (ethereal, fixed wireshark-0.99.2) [since FEDORA-2006-860]
CVE-2006-3629 version (ethereal, fixed wireshark-0.99.2) [since FEDORA-2006-860]
CVE-2006-3628 version (ethereal, fixed wireshark-0.99.2) [since FEDORA-2006-860]
CVE-2006-3627 version (ethereal, fixed wireshark-0.99.2) [since FEDORA-2006-860]
CVE-2006-3626 version (kernel, fixed 2.6.17.6) [since FEDORA-2006-906]
CVE-2006-3619 VULNERABLE (gcc/fastjar)
CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable
CVE-2006-3469 VULNERABLE (mysql)
CVE-2006-3468 version (kernel, fixed 2.6.17.8) [since FEDORA-2006-906]
CVE-2006-3467 ignore (vnc) #203174 not a vulnerability
CVE-2006-3467 backport (libXfont) #202475 [since FEDORA-2006-912]
CVE-2006-3467 VULNERABLE (freetype)
CVE-2006-3465 backport (libtiff) [since FEDORA-2006-877]
CVE-2006-3464 backport (libtiff) [since FEDORA-2006-877]
CVE-2006-3463 backport (libtiff) [since FEDORA-2006-877]
CVE-2006-3462 backport (libtiff) [since FEDORA-2006-877]
CVE-2006-3461 backport (libtiff) [since FEDORA-2006-877]
CVE-2006-3460 backport (libtiff) [since FEDORA-2006-877]
CVE-2006-3459 backport (libtiff) [since FEDORA-2006-877]
CVE-2006-3404 version (gimp, fixed 2.2.12) #198270 [since FEDORA-2006-794]
CVE-2006-3403 version (samba, fixed 3.0.23) #198297 [since FEDORA-2006-807]
CVE-2006-3378 ignore (shadow-utils) we don't ship passwd from shadow-utils
CVE-2006-3376 backport (libwmf) #198291 [since FEDORA-2006-805]
CVE-2006-3352 ignore (firefox) not a vulnerability
CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable
CVE-2006-3242 backport (mutt, fixed 1.4.2.2, 1.5.12) #197152 [since FEDORA-2006-760]
CVE-2006-3174 version (squirrelmail, fixed 1.4.7) #197369 [since FEDORA-2006-788]
CVE-2006-3145 version (netpbm, fixed 10.34) [since FEDORA-2006-909]
CVE-2006-3127 version (nss, only affected 3.11) [since FEDORA-2006-728]
CVE-2006-3122 version (dhcp, only 2.x)
CVE-2006-3117 backport (openoffice.org, fixed 2.0.3) [since FEDORA-2006-770]
CVE-2006-3113 version (thunderbird, fixed 1.5.0.5) [since FEDORA-2006-903]
CVE-2006-3113 version (firefox, fixed 1.5.0.5) [since FEDORA-2006-902]
CVE-2006-3113 VULNERABLE (mozilla)
CVE-2006-3085 version (kernel, fixed 2.6.16.21, fixed 2.6.17.1) [since FEDORA-2006-735]
CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux
CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) [since FEDORA-2006-905]
CVE-2006-3082 version (gnupg, fixed 1.4.4) #195946 [since FEDORA-2006-755]
CVE-2006-3081 version (mysql, fixed 5.1.18) [since FEDORA-2006-702]
CVE-2006-3057 version (dhcdbd, fixed 1.14) [since FEDORA-2006-609]
CVE-2006-3018 ignore (php, fixed 5.1.3) no verification of flaw
CVE-2006-3017 version (php, fixed 5.1.3) #197379 [since FEDORA-2006-1024]
CVE-2006-3016 version (php, fixed 5.1.3) [since FEDORA-2006-1024]
CVE-2006-3011 version (php, fixed 5.1.5) [since FEDORA-2006-1024]
CVE-2006-3005 ignore (libjpeg) not a vuln
CVE-2006-2941 version (mailman, fixed 2.1.9) [since FEDORA-2006-1013]
CVE-2006-2940 backport (openssl, fixed 0.9.8d) [since FEDORA-2006-1004]
CVE-2006-2937 backport (openssl, fixed 0.9.8d) [since FEDORA-2006-1004]
CVE-2006-2936 version (kernel, fixed 2.6.16.27, fixed 2.6.17.7) [since FEDORA-2006-906]
CVE-2006-2935 version (kernel, fixed 2.6.17.7) [since FEDORA-2006-906]
CVE-2006-2934 version (kernel, fixed 2.6.17.3) [since FEDORA-2006-772]
CVE-2006-2933 version (kde, not 3.2+)
CVE-2006-2932 ignore (kernel) no 4G/4G split support
CVE-2006-2916 ignore (arts) not shipped setuid
CVE-2006-2906 VULNERABLE (gd) #194520
CVE-2006-2894 VULNERABLE (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=56236
CVE-2006-2894 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=56236
CVE-2006-2842 version (squirrelmail, fixed 1.4.6) #194286 [since FEDORA-2006-680]
CVE-2006-2789 version (evolution, fixed 2.4.X)
CVE-2006-2788 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2787 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
CVE-2006-2787 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2787 VULNERABLE (mozilla)
CVE-2006-2786 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
CVE-2006-2786 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2786 VULNERABLE (mozilla)
CVE-2006-2785 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2785 VULNERABLE (mozilla)
CVE-2006-2784 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2784 VULNERABLE (mozilla)
CVE-2006-2783 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
CVE-2006-2783 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2783 VULNERABLE (mozilla)
CVE-2006-2782 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2781 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
CVE-2006-2780 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
CVE-2006-2780 VULNERABLE (mozilla)
CVE-2006-2780 VULNERABLE (firefox)
CVE-2006-2779 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
CVE-2006-2779 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2779 VULNERABLE (mozilla)
CVE-2006-2778 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
CVE-2006-2778 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2778 VULNERABLE (mozilla)
CVE-2006-2777 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2777 VULNERABLE (mozilla)
CVE-2006-2776 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
CVE-2006-2776 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2776 VULNERABLE (mozilla)
CVE-2006-2775 version (thunderbird, fixed 1.5.0.4) [since FEDORA-2006-717]
CVE-2006-2775 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-2775 VULNERABLE (mozilla)
CVE-2006-2754 ignore (openldap) This issue is not exploitable
CVE-2006-2753 version (mysql, fixed 5.0.22) #193828 [since FEDORA-2006-702]
CVE-2006-2723 ignore (firefox) disputed
CVE-2006-2661 VULNERABLE (freetype, fixed 2.2.1) #183677
CVE-2006-2660 ignore (php) #195539 see the bug
CVE-2006-2656 backport (libtiff) [since FEDORA-2006-592]
CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC
CVE-2006-2613 ignore (firefox) This isn't an issue on FC
CVE-2006-2607 backport (vixie-cron) #177476
CVE-2006-2563 ignore (php) safe mode isn't safe
CVE-2006-2452 version (gdm) [since FEDORA-2006-674]
CVE-2006-2451 version (kernel, fixed 2.6.17.4) [since FEDORA-2006-806]
CVE-2006-2449 version (kdebase, fixed 3.5.4) #194659 [since FEDORA-2006-910] was backport since FEDORA-2006-726
CVE-2006-2448 version (kernel, fixed 2.6.16.21, fixed 2.6.17) [since FEDORA-2006-735]
CVE-2006-2447 version (spamassassin, fixed 3.1.3) #194290 [since FEDORA-2006-598]
CVE-2006-2446 version (kernel, fixed 2.6.11)
CVE-2006-2445 version (kernel, fixed 2.6.16.21, fixed 2.6.17) [since FEDORA-2006-735]
CVE-2006-2444 version (kernel, fixed 2.6.16.18) [since FEDORA-2006-698]
CVE-2006-2440 backport (ImageMagick) #192279 [since FEDORA-2006-588]
CVE-2006-2414 version (dovecot, fixed 1.0.beta8) [since FEDORA-2006-647] is not a security issue
CVE-2006-2369 backport (vnc, fixed 4.1.2) #191692 [since FEDORA-2006-558]
CVE-2006-2366 ignore (openobex) we don't ship ircp
CVE-2006-2362 ignore (binutils) minor crash (not exploitable)
CVE-2006-2332 ignore (firefox) disputed
CVE-2006-2314 version (postgresql, fixed 8.1.4) [since FEODRA-2006-578]
CVE-2006-2313 version (postgresql, fixed 8.1.4) [since FEODRA-2006-578]
CVE-2006-2276 version (quagga, fixed 0.98.6) #191377 [since FEDORA-2006-845]
CVE-2006-2275 version (kernel, fixed 2.6.16.15) [since FEDORA-2006-572]
CVE-2006-2274 version (kernel, fixed 2.6.16.15) [since FEDORA-2006-572]
CVE-2006-2272 version (kernel, fixed 2.6.16.15) [since FEDORA-2006-572]
CVE-2006-2271 version (kernel, fixed 2.6.16.15) [since FEDORA-2006-572]
CVE-2006-2224 version (quagga, fixed 0.98.6) #191085 [since FEDORA-2006-845]
CVE-2006-2223 version (quagga, fixed 0.98.6) #191081 [since FEDORA-2006-845]
CVE-2006-2199 backport (openoffice.org, fixed 2.0.3) [since FEDORA-2006-770]
CVE-2006-2198 backport (openoffice.org, fixed 2.0.3) [since FEDORA-2006-770]
CVE-2006-2194 ignore (ppp) pppd not suid
CVE-2006-2193 backport (libtiff) #194363 [since FEDORA-2006-952]
CVE-2006-2191 ignore (mailman) disputed
CVE-2006-2120 backport (libtiff) #189976 [since FEDORA-2006-473]
CVE-2006-2083 version (rsync, fixed 2.6.8) #190208 [since FEDORA-2006-599]
CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP
CVE-2006-2071 version (kernel, fixed 2.6.16.6) [since FEDORA-2006-421]
CVE-2006-2057 ignore (firefox) not Linux
CVE-2006-2026 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-473]
CVE-2006-2025 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-473]
CVE-2006-2024 backport (libtiff, fixed 3.8.1) #189934 [since FEDORA-2006-473]
CVE-2006-1993 version (firefox, fixed 1.5.0.3) #190124 [since FEDORA-2006-547]
CVE-2006-1991 version (php) #190034 [since FEDORA-2006-289]
CVE-2006-1990 version (php) #190034 [since FEDORA-2006-289]
CVE-2006-1942 version (firefox, fixed 1.5.0.4) [since FEDORA-2006-715]
CVE-2006-1940 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
CVE-2006-1939 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
CVE-2006-1938 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
CVE-2006-1937 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
CVE-2006-1936 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
CVE-2006-1935 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
CVE-2006-1934 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
CVE-2006-1933 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
CVE-2006-1932 version (ethereal, fixed 0.99.0) #189909 [since FEDORA-2006-456]
CVE-2006-1931 version (ruby, fixed 1.8.3) #189540
CVE-2006-1902 ignore (gcc) not a vulnerability
CVE-2006-1865 version (beagle, fixed 0.2.5) [since FEDORA-2006-440]
CVE-2006-1864 ignore (kernel, fixed 2.6.16.14) not compiled in
CVE-2006-1863 version (kernel, fixed 2.6.16.11) [since FEDORA-2006-499]
CVE-2006-1862 version (kernel) not upstream kernels, only RHEL
CVE-2006-1861 VULNERABLE (freetype, fixed 2.2.1) #191771
CVE-2006-1860 version (kernel, fixed 2.6.16.16) [since FEDORA-2006-572]
CVE-2006-1859 version (kernel, fixed 2.6.16.16) [since FEDORA-2006-572]
CVE-2006-1858 version (kernel, fixed 2.6.16.17) [since FEDORA-2006-572]
CVE-2006-1857 version (kernel, fixed 2.6.16.17) [since FEDORA-2006-572]
CVE-2006-1856 version (kernel, fixed 2.6.16.12) [since FEDORA-2006-499]
CVE-2006-1855 version (kernel, fixed 2.6.11.12)
CVE-2006-1790 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1790 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1790 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1742 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1742 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1742 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1741 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1741 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1741 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1740 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1740 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1739 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1739 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1739 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1738 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1738 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1738 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1737 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1737 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1737 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1736 versions (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1736 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1735 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1735 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1735 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1734 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1734 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1734 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1733 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1733 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1733 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1732 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1732 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1732 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1731 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1731 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1731 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1730 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1730 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1730 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1729 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1729 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1728 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1728 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1728 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1727 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1727 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1727 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1726 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1726 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1725 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1724 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1724 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-1724 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1723 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1723 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1721 version (cyrus-sasl, fixed 2.1.21)
CVE-2006-1712 version (mailman, only 2.1.7) #188605 [since FEDORA-2006-535]
CVE-2006-1650 ignore (firefox) a number of reports don't confirm this
CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon
CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue
CVE-2006-1608 ignore (php) safe mode isn't safe
CVE-2006-1549 ignore (php) this is not a security issue
CVE-2006-1548 VULNERABLE (struts, fixed 1.2.9) #187544
CVE-2006-1547 VULNERABLE (struts, fixed 1.2.9) #187544
CVE-2006-1546 VULNERABLE (struts, fixed 1.2.9) #187544
CVE-2006-1542 backport (python) #169046 [since FEDORA-2006-689]
CVE-2006-1531 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1531 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1530 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1530 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1529 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1529 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-1528 version (kernel, fixed 2.6.13)
CVE-2006-1527 version (kernel, fixed 2.6.16.13, fixed 2.6.17-rc4) [since FEDORA-2006-499]
CVE-2006-1526 backport (xorg-x11-server, fixed 1.1.1 at least) #189802 [since FEDORA-2006-483] xorg-x11-server-1.0.1-render-tris-CVE-2006-1526.patch
CVE-2006-1525 version (kernel, fixed 2.6.16.8) [since FEDORA-2006-421]
CVE-2006-1524 version (kernel, fixed 2.6.16.7) [since FEDORA-2006-421]
CVE-2006-1523 version (kernel, fixed 2.6.16.4) [since FEDORA-2006-421]
CVE-2006-1522 version (kernel, fixed 2.6.16.3) [since FEDORA-2006-421]
CVE-2006-1518 version (mysql, fixed 5.0.21) #190870 [since FEDORA-2006-553]
CVE-2006-1517 version (mysql, fixed 5.0.21) #190870 [since FEDORA-2006-553]
CVE-2006-1516 version (mysql, fixed 5.0.21) #190870 [since FEDORA-2006-553]
CVE-2006-1494 version (php) #189592 [since FEDORA-2006-289]
CVE-2006-1490 version (php, fixed 5.1.4) [since FEDORA-2006-289]
CVE-2006-1470 version (openldap, not 2.3.24 at least) #197278
CVE-2006-1368 version (kernel, fixed 2.6.16) [since FEDORA-2006-233]
CVE-2006-1354 VULNERABLE (freeradius, fixed 1.1.2 at least) #186084
CVE-2006-1343 version (kernel, fixed 2.6.16.19) [since FEDORA-2006-698]
CVE-2006-1342 version (kernel, not 2.6) not vulnerable
CVE-2006-1335 version (gnome-screensaver, fixed 2.14)
CVE-2006-1296 version (beagle, fixed 0.2.4) #185981 [since FEDORA-2006-305] was backport since FEDORA-2006-188
CVE-2006-1273 ignore (firefox) this issue only affects IE
CVE-2006-1244 ignore (xpdf) duplicate of other cve named issues
CVE-2006-1242 version (kernel, fixed 2.6.16.1) [since FEDORA-2006-233]
CVE-2006-1174 version (shadow-utils, fixed 4.0.3)
CVE-2006-1173 version (sendmail, fixed 8.13.7) [since FEDORA-2006-837]
CVE-2006-1168 backport (ncompress) #201919 [since FEDORA-2006-922]
CVE-2006-1095 ignore (mod_python, 3.2.7 only)
CVE-2006-1079 ignore (httpd) not a vulnerability
CVE-2006-1078 ignore (httpd) not a vulnerability
CVE-2006-1066 version (kernel, fixed 2.6.16) [since FEDORA-2006-233]
CVE-2006-1061 version (curl, fixed 7.15.3) [since FEDORA-2006-933] was backport since FEDORA-2006-189
CVE-2006-1059 version (samba, fixed 3.0.22 at least) #187170 [since FEDORA-2006-259]
CVE-2006-1058 backport (busybox) #187386 [since FEDORA-2006-510]
CVE-2006-1057 version (gdm, fixed 2.14.1) #188303 [since FEDORA-2006-338]
CVE-2006-1056 version (kernel, fixed 2.6.16.9) [since FEDORA-2006-421]
CVE-2006-1055 version (kernel, fixed 2.6.17-rc1) [since FEDORA-2006-421]
CVE-2006-1052 version (kernel, fixed 2.6.16) [since FEDORA-2006-421] was patch-2.6.16-rc6 since FEDORA-2006-233
CVE-2006-1045 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-1015 ignore (php) safe mode isn't safe
CVE-2006-1014 ignore (php) safe mode isn't safe
CVE-2006-0996 version (php, fixed 5.1.4) #187511 [since FEDORA-2006-289]
CVE-2006-0903 version (mysql, 4.1.19) #183261 [since FEDORA-2006-553]
CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-0836 ignore (thunderbird) only crash on manual import
CVE-2006-0749 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-0749 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-0749 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-0748 version (thunderbird, fixed 1.5.0.2) [since FEDORA-2006-490]
CVE-2006-0748 version (mozilla, fixed 1.7.13) [since FEDORA-2006-487]
CVE-2006-0748 version (firefox, fixed 1.5.0.2) [since FEDORA-2006-411]
CVE-2006-0747 VULNERABLE (freetype, fixed 2.2.1) #183677
CVE-2006-0746 version (kdegraphics, fixed 3.4)
CVE-2006-0745 backport (xorg-x11-server, fixed 1.1.1 at least) [since FEDORA-2006-172] xorg-server-1.0.1-CVE-2006-0745.patch
CVE-2006-0744 version (kernel, fixed 2.6.16.5) [since FEDORA-2006-421]
CVE-2006-0742 version (kernel, fixed 2.6.16) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0741 version (kernel, fixed 2.6.15.5) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0730 version (dovecot, 1.0beta[12] only)
CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert
CVE-2006-0670 VULNERABLE (bluez-hcidump)
CVE-2006-0645 version (gnutls, fixed 1.2.10)
CVE-2006-0591 version (postgresql, fixed 8.0.6)
CVE-2006-0576 backport (oprofile, fixed 0.9.2 at least) oprofile_opcontrol.patch
CVE-2006-0558 version (kernel, fixed 2.6.16) [since FEDORA-2006-233]
CVE-2006-0557 version (kernel, fixed 2.6.15.6) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0555 version (kernel, fixed 2.6.16) patch-2.6.16-rc6-git3 [since FEDORA-2006-233]
CVE-2006-0554 version (kernel, fixed 2.6.16) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0553 version (postgresql, only 8.1, fixed 8.1.3)
CVE-2006-0528 backport (cairo) cairo-1.0.2-chunk-glyphs-CVE-2006-0528.patch
CVE-2006-0496 VULNERABLE (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=324253
CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253
CVE-2006-0482 ignore (kernel) sparc only
CVE-2006-0481 version (libpng, 1.2.7 only)
CVE-2006-0459 version (flex) by inspection
CVE-2006-0457 version (kernel, fixed 2.6.16) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0456 ignore (kernel, s390 only)
CVE-2006-0455 version (gnupg, fixed 1.4.2.1)
CVE-2006-0454 version (kernel, fixed 2.6.15.3) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0405 version (libtiff, 3.8.0 only)
CVE-2006-0377 version (squirrelmail, fixed 1.4.6)
CVE-2006-0369 ignore (mysql) this is not a security issue
CVE-2006-0321 version (fetchmail, fixed 6.3.2)
CVE-2006-0301 version (poppler, fixed 0.4.5)
CVE-2006-0301 version (kdegraphics, fixed 3.5.2) [since FEDORA-2006-352] was backport since GA
CVE-2006-0301 backport (xpdf) xpdf-3.01pl2.patch
CVE-2006-0300 version (tar, fixed 1.15.90 at least) [since FEDORA-2006-958]
CVE-2006-0299 version (thunderbird, fixed 1.5)
CVE-2006-0299 version (mozilla, 1.8 branch only)
CVE-2006-0299 version (firefox, fixed 1.5.0.1)
CVE-2006-0298 version (thunderbird, fixed 1.5)
CVE-2006-0298 version (mozilla, 1.8 branch only)
CVE-2006-0298 version (firefox, fixed 1.5.0.1)
CVE-2006-0297 version (thunderbird, fixed 1.5)
CVE-2006-0297 version (mozilla, 1.8 branch only)
CVE-2006-0297 version (firefox, fixed 1.5.0.1)
CVE-2006-0296 version (thunderbird, fixed 1.5) [since FEDORA-2006-490]
CVE-2006-0296 version (firefox, fixed 1.5.0.1)
CVE-2006-0296 backport (mozilla) mozilla-1.7.12-CVE-2006-0296-XULDocument.persist.patch
CVE-2006-0295 version (thunderbird, fixed 1.5)
CVE-2006-0295 version (mozilla, 1.8 branch only)
CVE-2006-0295 version (firefox, fixed 1.5.0.1)
CVE-2006-0294 version (thunderbird, fixed 1.5)
CVE-2006-0294 version (mozilla, 1.8 branch only)
CVE-2006-0294 version (firefox, fixed 1.5.0.1)
CVE-2006-0293 version (thunderbird, fixed 1.5)
CVE-2006-0293 version (mozilla, 1.8 branch only)
CVE-2006-0293 version (firefox, fixed 1.5.0.1)
CVE-2006-0292 version (thunderbird, fixed 1.5) [since FEDORA-2006-490]
CVE-2006-0292 version (firefox, fixed 1.5.1)
CVE-2006-0292 backport (mozilla) mozilla-1.7.12-CVE-2006-0292-javascript-unrooted.patch
CVE-2006-0254 backport (tomcat5, fixed 5.5.16)
CVE-2006-0236 ignore (thunderbird) windows only
CVE-2006-0225 version (openssh, fixed 4.3p2)
CVE-2006-0208 version (php, fixed 5.1.2)
CVE-2006-0207 version (php, fixed 5.1.2)
CVE-2006-0200 version (php, fixed 5.1.2)
CVE-2006-0197 ignore (xorg-x11) not an issue
CVE-2006-0195 version (squirrelmail, fixed 1.4.6)
CVE-2006-0188 version (squirrelmail, fixed 1.4.6)
CVE-2006-0144 version (php-pear, not 1.4.4)
CVE-2006-0097 ignore (php) Windows only
CVE-2006-0096 ignore (kernel) minor and requires root
CVE-2006-0095 version (kernel, fixed 2.6.16) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0082 version (ImageMagick, not 6.2.5.4)
CVE-2006-0058 version (sendmail, fixed 8.13.6) [since FEDORA-2006-193]
CVE-2006-0052 version (mailman, fixed 2.1.6)
CVE-2006-0049 version (gnupg, fixed 1.4.2.2)
CVE-2006-0040 VULNERABLE (gtkhtml) #183680 no upstream fix
CVE-2006-0040 ** (gtkhtml3)
CVE-2006-0040 ** (gtkhtml2)
CVE-2006-0039 version (kernel, fixed 2.6.16.17) [since FEDORA-2006-572]
CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2006-0019 version (kdelibs, fixed 3.5.1)
CVE-2005-4811 version (kernel, fixed 2.6.13)
CVE-2005-4809 VULNERABLE (seamonkey)
CVE-2005-4809 VULNERABLE (firefox)
CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug
CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug
CVE-2005-4798 version (kernel, not 2.6)
CVE-2005-4784 ignore (glibc) struct dirent is big enough
CVE-2005-4746 version (freeradius) we don't build vulnerable bits
CVE-2005-4745 version (freeradius) we don't build vulnerable bits
CVE-2005-4744 version (freeradius, fixed 1.0.5)
CVE-2005-4720 version (thunderbird, fixed 1.5)
CVE-2005-4720 version (firefox, fixed 1.5)
CVE-2005-4720 VULNERABLE (mozilla) not fixed upstream plus only DoS
CVE-2005-4703 ignore (tomcat) windows only
CVE-2005-4685 ignore (mozilla) not fixed upstream, low, can't fix
CVE-2005-4685 ignore (firefox) not fixed upstream, low, can't fix
CVE-2005-4684 ignore (kdebase) not fixed upstream, low, can't fix
CVE-2005-4667 backport (unzip)
CVE-2005-4639 version (kernel, fixed 2.6.15)
CVE-2005-4636 version (openoffice.org, fixed 2.0.1)
CVE-2005-4635 version (kernel, fixed 2.6.15)
CVE-2005-4618 version (kernel, fixed 2.6.15)
CVE-2005-4605 version (kernel, fixed 2.6.15)
CVE-2005-4585 version (ethereal, fixed 0.10.14)
CVE-2005-4442 version (openldap) gentoo only
CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1470]
CVE-2005-4348 version (fetchmail, fixed 6.3.1)
CVE-2005-4268 backport (cpio) also blocked by FORTIFY_SOURCE
CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment
CVE-2005-4154 ignore (php) don't install untrusted pear packages
CVE-2005-4153 version (mailman) [since FEDORA-2006-535] was backport mailman-2.1.5-date_overflows.patch since GA
CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html
CVE-2005-4134 backport (mozilla) mozilla-1.7.12-CVE-2005-4134-long-history-dos.patch
CVE-2005-4130 ignore (HelixPlayer) not verified
CVE-2005-4126 ignore (HelixPlayer) not verified
CVE-2005-4077 version (curl, fixed 7.15.1)
CVE-2005-3964 backport (openmotif)
CVE-2005-3962 version (perl, fixed 5.8.8)
CVE-2005-3896 ignore (mozilla) recoverable DoS only
CVE-2005-3883 version (php, fixed 5.1.1 at least)
CVE-2005-3858 version (kernel, fixed 2.6.13)
CVE-2005-3857 version (kernel, fixed 2.6.15)
CVE-2005-3848 version (kernel, fixed 2.6.13)
CVE-2005-3847 version (kernel, fixed 2.6.12.6)
CVE-2005-3810 version (kernel, fixed 2.6.15)
CVE-2005-3809 version (kernel, fixed 2.6.15)
CVE-2005-3808 version (kernel, fixed 2.6.15)
CVE-2005-3807 version (kernel, fixed 2.6.15)
CVE-2005-3806 version (kernel, fixed 2.6.14)
CVE-2005-3805 version (kernel, fixed 2.6.14)
CVE-2005-3784 version (kernel, fixed 2.6.15)
CVE-2005-3783 version (kernel, fixed 2.6.15)
CVE-2005-3753 version (kernel, fixed 2.6.14) also not a vuln
CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
CVE-2005-3732 version (ipsec-tools, fixed 0.6.3)
CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix
CVE-2005-3671 version (openswan, fixed 2.4.4)
CVE-2005-3662 version (netpbm)
CVE-2005-3656 version (mod_auth_pgsql, fixed 2.0.3)
CVE-2005-3651 version (ethereal, fixed 0.10.14)
CVE-2005-3632 version (netpbm)
CVE-2005-3631 version (udev)
CVE-2005-3629 version (initscripts, fixed 8.29 at least)
CVE-2005-3628 version (poppler, fixed 0.4.4)
CVE-2005-3628 version (kdegraphics, fixed 3.5.1)
CVE-2005-3628 version (cups, fixed 1.2.0) [since FEDORA-2006-252] was backport since GA
CVE-2005-3628 backport (xpdf) xpdf-3.01pl2.patch
CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch
CVE-2005-3627 version (poppler, fixed 0.4.4)
CVE-2005-3627 version (kdegraphics, fixed 3.5.1)
CVE-2005-3627 version (cups, fixed 1.2.0) [since FEDORA-2006-252] was backport since GA
CVE-2005-3627 backport (xpdf) xpdf-3.01pl2.patch
CVE-2005-3627 backport (tetex)
CVE-2005-3626 version (poppler, fixed 0.4.4)
CVE-2005-3626 version (kdegraphics, fixed 3.5.1)
CVE-2005-3626 version (cups, fixed 1.2.0) [since FEDORA-2006-252] was backport since GA
CVE-2005-3626 backport (xpdf) xpdf-3.01pl2.patch
CVE-2005-3626 backport (tetex)
CVE-2005-3625 version (poppler, fixed 0.4.4)
CVE-2005-3625 version (kdegraphics, fixed 3.5.1)
CVE-2005-3625 version (cups, fixed 1.2.0) [since FEDORA-2006-252] was backport since GA
CVE-2005-3625 backport (xpdf) xpdf-3.01pl2.patch
CVE-2005-3625 backport (tetex)
CVE-2005-3624 version (poppler, fixed 0.4.4)
CVE-2005-3624 version (kdegraphics, fixed 3.5.1)
CVE-2005-3624 version (cups, fixed 1.2.0) [since FEDORA-2006-252] was backport since GA
CVE-2005-3624 backport (xpdf) xpdf-3.01pl2.patch
CVE-2005-3624 backport (tetex)
CVE-2005-3623 version (kernel, fixed 2.6.14.5)
CVE-2005-3582 version (ImageMagick) gentoo only
CVE-2005-3573 version (mailman, fixed 2.1.7)
CVE-2005-3527 version (kernel, fixed 2.6.14 at least)
CVE-2005-3402 ignore (thunderbird) mozilla say by design
CVE-2005-3392 version (php, not 5.0)
CVE-2005-3391 version (php, not 5.0)
CVE-2005-3390 version (php, fixed 5.1.0)
CVE-2005-3389 version (php, fixed 5.1.1)
CVE-2005-3388 version (php, fixed 5.1.1)
CVE-2005-3359 version (kernel, fixed 2.6.14)
CVE-2005-3358 version (kernel, fixed 2.6.11)
CVE-2005-3357 version (httpd, fixed 2.2.1) [since FEDORA-2006-364] was backport since GA
CVE-2005-3356 version (kernel, fixed 2.6.16) patch-2.6.16-rc6 [since FEDORA-2006-233]
CVE-2005-3353 version (php, not 5.0)
CVE-2005-3352 version (httpd, fixed 2.2.1) [since FEDORA-2006-364] was backport since GA
CVE-2005-3351 version (spamassassin, fixed 3.1.0)
CVE-2005-3322 version (squid) not upstream, SUSE only
CVE-2005-3319 ignore (mod_php) no security consequence
CVE-2005-3313 version (ethereal, fixed after 0.10.13)
CVE-2005-3276 version (kernel, fixed 2.6.12.4)
CVE-2005-3275 version (kernel, fixed 2.6.13)
CVE-2005-3274 version (kernel, fixed 2.6.13)
CVE-2005-3273 version (kernel, fixed 2.6.12)
CVE-2005-3272 version (kernel, fixed 2.6.13)
CVE-2005-3271 version (kernel, fixed 2.6.9)
CVE-2005-3258 version (squid, fixed 2.5STABLE12)
CVE-2005-3257 version (kernel, fixed 2.6.15)
CVE-2005-3249 version (ethereal, fixed 0.10.13)
CVE-2005-3248 version (ethereal, fixed 0.10.13)
CVE-2005-3247 version (ethereal, fixed 0.10.13)
CVE-2005-3246 version (ethereal, fixed 0.10.13)
CVE-2005-3245 version (ethereal, fixed 0.10.13)
CVE-2005-3244 version (ethereal, fixed 0.10.13)
CVE-2005-3243 version (ethereal, fixed 0.10.13)
CVE-2005-3242 version (ethereal, fixed 0.10.13)
CVE-2005-3241 version (ethereal, fixed 0.10.13)
CVE-2005-3193 version (poppler, fixed 0.4.4)
CVE-2005-3193 version (kdegraphics, fixed 3.5.1)
CVE-2005-3193 version (cups, fixed 1.2.0) [since FEDORA-2006-252] was backport since GA
CVE-2005-3193 backport (xpdf) xpdf-3.01pl2.patch
CVE-2005-3193 backport (tetex) tetex-3.0-CVE-2005-3193.patch
CVE-2005-3192 version (poppler, fixed 0.4.4)
CVE-2005-3192 version (kdegraphics, fixed 3.5.1)
CVE-2005-3192 version (cups, fixed 1.2.0) [since FEDORA-2006-252] was backport since GA
CVE-2005-3192 backport (xpdf) xpdf-3.01pl2.patch
CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch
CVE-2005-3191 version (poppler, fixed 0.4.4)
CVE-2005-3191 version (kdegraphics, fixed 3.5.1)
CVE-2005-3191 version (cups, fixed 1.2.0) [since FEDORA-2006-252] was backport since GA
CVE-2005-3191 backport (xpdf) xpdf-3.01pl2.patch
CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch
CVE-2005-3186 version (gtk2, fixed 2.8.7 at least)
CVE-2005-3186 backport (gdk-pixbuf)
CVE-2005-3185 version (wget, fixed 1.10.2 at least)
CVE-2005-3185 version (curl, fixed 7.15)
CVE-2005-3184 version (ethereal, fixed 0.10.13)
CVE-2005-3181 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3180 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3179 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3164 version (tomcat, not 5)
CVE-2005-3120 backport (lynx)
CVE-2005-3119 version (kernel, fixed 2.6.13.4 at least)
CVE-2005-3110 version (kernel, fixed 2.6.12)
CVE-2005-3109 version (kernel, fixed 2.6.12)
CVE-2005-3108 version (kernel, fixed 2.6.12)
CVE-2005-3107 version (kernel, fixed 2.6.11)
CVE-2005-3106 version (kernel, fixed 2.6.11)
CVE-2005-3105 version (kernel, fixed 2.6.12)
CVE-2005-3089 version (firefox, fixed 1.0.7)
CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped
CVE-2005-3055 version (kernel, fixed 2.6.14 at least)
CVE-2005-3054 ignore (php) see #169857
CVE-2005-3053 version (kernel)
CVE-2005-3044 version (kernel, fixed 2.6.13.2)
CVE-2005-3011 backport (texinfo) texinfo-CAN-2005-3011.patch
CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts
CVE-2005-2978 version (netpbm, fixed 10.25)
CVE-2005-2977 version (pam, fixed 0.99.2.1 at least)
CVE-2005-2976 backport (gdk-pixbuf)
CVE-2005-2975 version (gtk2, fixed 2.8.7)
CVE-2005-2975 backport (gdk-pixbuf)
CVE-2005-2973 version (kernel, fixed 2.6.14 at least)
CVE-2005-2970 version (httpd, fixed 2.0.55)
CVE-2005-2969 version (openssl, fixed 0.9.8a)
CVE-2005-2969 backport (openssl097a, fixed 0.9.7h)
CVE-2005-2968 version (thunderbird)
CVE-2005-2968 version (mozilla, not 1.7.10)
CVE-2005-2968 version (firefox)
CVE-2005-2959 ignore (sudo) not a vulnerability
CVE-2005-2946 version (openssl, fixed 0.9.8)
CVE-2005-2933 version (libc-client, fixed 2004g at least)
CVE-2005-2929 backport (lynx)
CVE-2005-2922 version (HelixPlayer, fixed 1.0.6)
CVE-2005-2917 version (squid, fixed 2.5.STABLE11)
CVE-2005-2876 version (util-linux, fixed 2.13-pre3)
CVE-2005-2874 version (cups, fixed 1.1.23)
CVE-2005-2873 VULNERABLE (kernel) not fixed upstream
CVE-2005-2872 version (kernel, fixed 2.6.12)
CVE-2005-2871 version (thunderbird)
CVE-2005-2871 version (mozilla, fixed 1.7.12)
CVE-2005-2871 version (firefox, fixed 1.0.7)
CVE-2005-2811 version (net-snmp) not upstream, gentoo only
CVE-2005-2801 version (kernel, fixed 2.6.11)
CVE-2005-2800 version (kernel, fixed 2.6.12.6)
CVE-2005-2798 version (openssh, fixed 4.2)
CVE-2005-2797 version (openssh, fixed 4.2)
CVE-2005-2796 version (squid, fixed 2.5.STABLE11)
CVE-2005-2794 version (squid, fixed 2.5.STABLE11)
CVE-2005-2728 version (httpd, fixed 2.0.55) 
CVE-2005-2710 version (HelixPlayer, fixed 1.0.6)
CVE-2005-2709 version (kernel, fixed 2.6.14.3)
CVE-2005-2708 ignore (kernel) not reproducable on x86_64
CVE-2005-2707 version (thunderbird)
CVE-2005-2707 version (mozilla, fixed 1.7.12)
CVE-2005-2707 version (firefox, fixed 1.0.7)
CVE-2005-2706 version (thunderbird)
CVE-2005-2706 version (mozilla, fixed 1.7.12)
CVE-2005-2706 version (firefox, fixed 1.0.7)
CVE-2005-2705 version (thunderbird)
CVE-2005-2705 version (mozilla, fixed 1.7.12)
CVE-2005-2705 version (firefox, fixed 1.0.7)
CVE-2005-2704 version (thunderbird)
CVE-2005-2704 version (mozilla, fixed 1.7.12)
CVE-2005-2704 version (firefox, fixed 1.0.7)
CVE-2005-2703 version (thunderbird)
CVE-2005-2703 version (mozilla, fixed 1.7.12)
CVE-2005-2703 version (firefox, fixed 1.0.7)
CVE-2005-2702 version (thunderbird)
CVE-2005-2702 version (mozilla, fixed 1.7.12)
CVE-2005-2702 version (firefox, fixed 1.0.7)
CVE-2005-2701 version (mozilla, fixed 1.7.12)
CVE-2005-2701 version (firefox, fixed 1.0.7)
CVE-2005-2700 version (httpd, fixed 2.0.55) 
CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch
CVE-2005-2672 version (lm_sensors, fixed 2.9.2)
CVE-2005-2666 version (openssh, fixed 4.0p1)
CVE-2005-2642 version (mutt) openbsd only
CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
CVE-2005-2629 version (HelixPlayer, fixed 1.0.6)
CVE-2005-2617 version (kernel, fixed 2.6.12.5)
CVE-2005-2602 ignore (thunderbird) probably
CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085
CVE-2005-2558 version (mysql, fixed 4.1.13)
CVE-2005-2558 ignore (mysql) not an issue
CVE-2005-2555 version (kernel, fixed 2.6.12.6pre)
CVE-2005-2553 version (kernel, not 2.6)
CVE-2005-2550 version (evolution, fixed after 2.3.6.1)
CVE-2005-2549 version (evolution, fixed after 2.3.6.1)
CVE-2005-2548 version (kernel, fixed 2.6.9) only affected 2.6.8
CVE-2005-2547 version (bluez-pin, fixed 2.19) not before 2.16
CVE-2005-2541 ignore (tar) is documented behaviour
CVE-2005-2500 version (kernel, fixed 2.6.13)
CVE-2005-2498 version (php, fixed xml_rpc:1.4.0)
CVE-2005-2496 backport (ntp, fixed 4.2.0b) ...0a-20040617-ntpd_guid.patch
CVE-2005-2495 version (xorg-x11-server, fixed 0.99.3 at least)
CVE-2005-2494 version (kdebase, fixed after 3.4.2)
CVE-2005-2492 version (kernel, fixed 2.6.13.1)
CVE-2005-2491 version (pcre, fixed 6.2)
CVE-2005-2491 ignore (python) fc4 python does not contain pcre
CVE-2005-2491 ignore (php) php uses system pcre
CVE-2005-2491 ignore (httpd) httpd uses system pcre
CVE-2005-2490 version (kernel, fixed 2.6.13.1)
CVE-2005-2475 backport (unzip) unzip-5.52-toctou.patch
CVE-2005-2471 version (netpbm, fixed 10.31)
CVE-2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible
CVE-2005-2458 version (kernel, fixed 2.6.12.5)
CVE-2005-2457 version (kernel, fixed 2.6.12.5)
CVE-2005-2456 version (kernel, fixed 2.6.12.5)
CVE-2005-2452 version (libtiff, fixed 3.7.0)
CVE-2005-2448 version (kdenetwork, fixed 3.4.2)
CVE-2005-2414 ignore (mozilla) not being fixed upstream, just a crash
CVE-2005-2410 version (NetworkManager, fixed 5.0)
CVE-2005-2395 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=281851
CVE-2005-2370 version (kdenetwork, fixed 3.4.2)
CVE-2005-2370 version (gaim, fixed 1.5.0)
CVE-2005-2369 version (kdenetwork, fixed 3.4.2)
CVE-2005-2368 version (vim, fixed 6.3.086 at least)
CVE-2005-2367 version (ethereal, fixed 0.10.12)
CVE-2005-2366 version (ethereal, fixed 0.10.12)
CVE-2005-2365 version (ethereal, fixed 0.10.12)
CVE-2005-2364 version (ethereal, fixed 0.10.12)
CVE-2005-2363 version (ethereal, fixed 0.10.12)
CVE-2005-2362 version (ethereal, fixed 0.10.12)
CVE-2005-2361 version (ethereal, fixed 0.10.12)
CVE-2005-2360 version (ethereal, fixed 0.10.12)
CVE-2005-2353 ignore (thunderbird) debug mode only
CVE-2005-2337 version (ruby, fixed 1.8.3)
CVE-2005-2335 version (fetchmail, fixed 6.2.5.2)
CVE-2005-2270 version (thunderbird, fixed 1.0.5)
CVE-2005-2270 version (mozilla, fixed 1.7.9)
CVE-2005-2270 version (firefox, fixed 1.0.5)
CVE-2005-2269 version (thunderbird, fixed 1.0.5)
CVE-2005-2269 version (mozilla, fixed 1.7.9)
CVE-2005-2269 version (firefox, fixed 1.0.5)
CVE-2005-2268 version (mozilla, fixed 1.7.9)
CVE-2005-2268 version (firefox, fixed 1.0.5)
CVE-2005-2267 version (mozilla, fixed 1.7.9)
CVE-2005-2267 version (firefox, fixed 1.0.5)
CVE-2005-2266 version (thunderbird, fixed 1.0.5)
CVE-2005-2266 version (mozilla, fixed 1.7.9)
CVE-2005-2266 version (firefox, fixed 1.0.5)
CVE-2005-2265 version (thunderbird, fixed 1.0.5)
CVE-2005-2265 version (mozilla, fixed 1.7.9)
CVE-2005-2265 version (firefox, fixed 1.0.5)
CVE-2005-2264 version (firefox, fixed 1.0.5)
CVE-2005-2263 version (mozilla, fixed 1.7.9)
CVE-2005-2263 version (firefox, fixed 1.0.5)
CVE-2005-2262 version (firefox, fixed 1.0.5)
CVE-2005-2261 version (thunderbird, fixed 1.0.5)
CVE-2005-2261 version (mozilla, fixed 1.7.9)
CVE-2005-2261 version (firefox, fixed 1.0.5)
CVE-2005-2260 version (mozilla, fixed 1.7.9)
CVE-2005-2260 version (firefox, fixed 1.0.5)
CVE-2005-2177 version (net-snmp, fixed 5.2.1.2)
CVE-2005-2114 version (mozilla, fixed 1.7.9)
CVE-2005-2114 version (firefox, fixed 1.0.5)
CVE-2005-2104 version (sysreport, fixed 1.4.1-5)
CVE-2005-2103 version (gaim, fixed 1.5.0)
CVE-2005-2102 version (gaim, fixed 1.5.0)
CVE-2005-2101 version (kdeedu, fixed after 3.4.2)
CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4
CVE-2005-2099 version (kernel, fixed 2.6.12.5)
CVE-2005-2098 version (kernel, fixed 2.6.12.5)
CVE-2005-2097 version (xpdf, fixed 3.0.1)
CVE-2005-2097 version (cups) [since FEDORA-2006-252] was backport since GA
CVE-2005-2096 version (rpm, fixed 4.4.2)
CVE-2005-2096 backport (zlib, fixed 1.2.2.4)
CVE-2005-2095 version (squirrelmail, fixed 1.4.5)
CVE-2005-2088 version (httpd, fixed 2.0.55)
CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180)
CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch
CVE-2005-2023 version (gnupg, fixed 1.9.15)
CVE-2005-1993 version (sudo, fixed 1.6.8p9)
CVE-2005-1992 version (ruby, fixed 1.8.3 at least)
CVE-2005-1937 version (mozilla, fixed 1.7.9)
CVE-2005-1937 version (firefox, fixed 1.0.5)
CVE-2005-1934 version (gaim, fixed 1.3.1)
CVE-2005-1921 version (php, fixed xml_rpc:1.3.1)
CVE-2005-1920 version (kdelibs, fixed 3.4.1)
CVE-2005-1918 version (tar)
CVE-2005-1913 version (kernel, fixed 2.6.12.2)
CVE-2005-1852 version (kdenetwork, fixed 3.4.2)
CVE-2005-1849 version (zlib, fixed 1.2.3)
CVE-2005-1831 ignore (sudo) unsubstantiated report
CVE-2005-1769 version (squirrelmail, fixed 1.4.5)
CVE-2005-1768 version (kernel, fixed 2.6.6)
CVE-2005-1767 version (kernel, fixed 2.6.7)
CVE-2005-1766 version (HelixPlayer, fixed 1.0.5)
CVE-2005-1765 version (kernel, fixed 2.6.12)
CVE-2005-1764 version (kernel, fixed 2.6.12)
CVE-2005-1763 version (kernel, fixed 2.6.12)
CVE-2005-1762 version (kernel, fixed 2.6.12)
CVE-2005-1761 version (kernel, fixed 2.6.12.2)
CVE-2005-1760 version (sysreport, fixed 1.4.1-3)
CVE-2005-1759 ignore (php) dead code path
CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used
CVE-2005-1751 version (nmap, fixed 3.93 at least)
CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used
CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least)
CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch
CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least)
CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch
CVE-2005-1689 version (krb5, fixed 1.4.2)
CVE-2005-1686 ignore (gedit) not a vulnerability
CVE-2005-1636 version (mysql, fixed 4.1.12)
CVE-2005-1589 version (kernel, fixed 2.6.11.10)
CVE-2005-1571 version (php, fixed shtool 2.0.2)
CVE-2005-1544 version (libtiff, fixed 3.7.1 at least)
CVE-2005-1532 version (thunderbird)
CVE-2005-1532 version (mozilla, fixed 1.7.8)
CVE-2005-1532 version (firefox, fixed 1.0.4)
CVE-2005-1531 version (mozilla, fixed 1.7.8)
CVE-2005-1531 version (firefox, fixed 1.0.4)
CVE-2005-1519 version (squid, fixed 2.5.STABLE10)
CVE-2005-1470 version (ethereal, fixed 0.10.11)
CVE-2005-1469 version (ethereal, fixed 0.10.11)
CVE-2005-1468 version (ethereal, fixed 0.10.11)
CVE-2005-1467 version (ethereal, fixed 0.10.11)
CVE-2005-1466 version (ethereal, fixed 0.10.11)
CVE-2005-1465 version (ethereal, fixed 0.10.11)
CVE-2005-1464 version (ethereal, fixed 0.10.11)
CVE-2005-1463 version (ethereal, fixed 0.10.11)
CVE-2005-1462 version (ethereal, fixed 0.10.11)
CVE-2005-1461 version (ethereal, fixed 0.10.11)
CVE-2005-1460 version (ethereal, fixed 0.10.11)
CVE-2005-1459 version (ethereal, fixed 0.10.11)
CVE-2005-1458 version (ethereal, fixed 0.10.11)
CVE-2005-1457 version (ethereal, fixed 0.10.11)
CVE-2005-1456 version (ethereal, fixed 0.10.11)
CVE-2005-1455 version (freeradius, fixed 1.0.3)
CVE-2005-1454 version (freeradius, fixed 1.0.3)
CVE-2005-1431 version (gnutls, fixed 1.0.25)
CVE-2005-1410 version (postgresql, fixed 8.0.2)
CVE-2005-1409 version (postgresql, fixed 8.0.1)
CVE-2005-1369 version (kernel, fixed 2.6.12)
CVE-2005-1368 version (kernel, fixed 2.6.12)
CVE-2005-1345 version (squid, fixed 2.5.STABLE10)
CVE-2005-1344 ignore (httpd) not a vulnerability
CVE-2005-1281 version (ethereal, fixed 0.10.11)
CVE-2005-1280 version (tcpdump, fixed 3.9.2)
CVE-2005-1279 version (tcpdump, fixed 3.9.2)
CVE-2005-1278 version (tcpdump, fixed 3.9.2)
CVE-2005-1277 ignore (dupe)
CVE-2005-1275 version (ImageMagick, fixed 6.2.2)
CVE-2005-1269 version (gaim, fixed 1.3.1)
CVE-2005-1268 version (httpd, fixed 2.0.55)
CVE-2005-1267 version (tcpdump, fixed 3.9.4 at least)
CVE-2005-1266 version (spamassassin, fixed 3.0.4)
CVE-2005-1265 version (kernel)
CVE-2005-1264 version (kernel)
CVE-2005-1263 version (kernel)
CVE-2005-1262 version (gaim, fixed 1.3.0)
CVE-2005-1261 version (gaim, fixed 1.3.0)
CVE-2005-1260 version (bzip2, fixed 1.0.3)
CVE-2005-1229 backport (cpio)
CVE-2005-1228 backport (gzip)
CVE-2005-1194 backport (nasm)
CVE-2005-1184 ignore (kernel) expected to not be an issue
CVE-2005-1175 version (krb5, fixed 1.4.2)
CVE-2005-1174 version (krb5, fixed 1.4.2)
CVE-2005-1160 version (thunderbird)
CVE-2005-1160 version (mozilla)
CVE-2005-1160 version (firefox)
CVE-2005-1159 version (thunderbird)
CVE-2005-1159 version (mozilla)
CVE-2005-1159 version (firefox)
CVE-2005-1158 version (firefox, fixed 1.0.3)
CVE-2005-1157 version (mozilla)
CVE-2005-1157 version (firefox)
CVE-2005-1156 version (mozilla)
CVE-2005-1156 version (firefox)
CVE-2005-1155 version (mozilla)
CVE-2005-1155 version (firefox)
CVE-2005-1154 version (mozilla)
CVE-2005-1154 version (firefox)
CVE-2005-1153 version (mozilla)
CVE-2005-1153 version (firefox)
CVE-2005-1111 backport (cpio)
CVE-2005-1065 version (tetex) not upstream version
CVE-2005-1061 version (logwatch, fixed 4.3.2 at least)
CVE-2005-1046 version (kdelibs, fixed after 3.4.0)
CVE-2005-1043 version (php, fixed 4.3.11)
CVE-2005-1042 version (php, fixed 4.3.11)
CVE-2005-1041 version (kernel, fixed 2.6.12)
CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue
CVE-2005-1038 backport (vixie-cron)
CVE-2005-0990 version (sharutils, fixed 4.6 at least)
CVE-2005-0989 version (thunderbird)
CVE-2005-0989 version (mozilla, fixed 1.7.7)
CVE-2005-0989 version (firefox, fixed 1.0.3)
CVE-2005-0988 backport (gzip)
CVE-2005-0977 version (kernel, fixed 2.6.11)
CVE-2005-0967 version (gaim, fixed 1.2.1)
CVE-2005-0966 version (gaim, fixed 1.2.1)
CVE-2005-0965 version (gaim, fixed 1.2.1)
CVE-2005-0953 backport (bzip2) bzip2-1.0.2-chmod.patch
CVE-2005-0941 version (ooffice, fixed 1.9 m95)
CVE-2005-0937 version (kernel, fixed 2.6.11)
CVE-2005-0916 version (kernel, fixed 2.6.12)
CVE-2005-0891 version (gtk2, fixed 2.2.4)
CVE-2005-0867 version (kernel, fixed 2.6.11)
CVE-2005-0866 version (cdrecord) DEBUG isn't enabled anyway
CVE-2005-0839 version (kernel, fixed 2.6.11)
CVE-2005-0815 version (kernel, fixed 2.6.11.6)
CVE-2005-0808 version (tomcat, fixed 5.x)
CVE-2005-0806 version (evolution, fixed 2.0.4)
CVE-2005-0799 version (mysql) not linux
CVE-2005-0767 version (kernel, fixed 2.6.11)
CVE-2005-0766 version (ethereal, fixed after 0.10.9)
CVE-2005-0765 version (ethereal, fixed after 0.10.9)
CVE-2005-0763 version (mc, fixed 4.6.0)
CVE-2005-0762 version (ImageMagick, fixed 6.0)
CVE-2005-0761 version (ImageMagick, fixed 6.1.8)
CVE-2005-0760 version (ImageMagick, fixed 6.0)
CVE-2005-0759 version (ImageMagick, fixed 6.0)
CVE-2005-0758 version (gzip, fixed 1.3.5)
CVE-2005-0758 backport (bzip2)
CVE-2005-0757 version (kernel, not 2.6)
CVE-2005-0756 version (kernel, fixed 2.6.12)
CVE-2005-0755 version (HelixPlayer, fixed 10.0.4)
CVE-2005-0754 version (kdewebdev, fixed after 3.4.0)
CVE-2005-0753 version (cvs, fixed 1.11.20)
CVE-2005-0752 version (firefox, fixed 1.0.3)
CVE-2005-0750 version (kernel, fixed 2.6.11.6)
CVE-2005-0749 version (kernel, fixed 2.6.11.6)
CVE-2005-0739 version (ethereal, fixed after 0.10.9)
CVE-2005-0736 version (kernel, fixed 2.6.11)
CVE-2005-0718 version (squid, fixed 2.5.STABLE8)
CVE-2005-0711 version (mysql, fixed 4.1.11)
CVE-2005-0710 version (mysql, fixed 4.1.11)
CVE-2005-0709 version (mysql, fixed 4.1.11)
CVE-2005-0705 version (ethereal, fixed after 0.10.9)
CVE-2005-0704 version (ethereal, fixed after 0.10.9)
CVE-2005-0698 version (ethereal, fixed after 0.10.9)
CVE-2005-0664 version (libexif, fixed 0.6.12)
CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless
CVE-2005-0627 version (qt, fixed 3.3.4)
CVE-2005-0626 version (squid, fixed 2.5.STABLE10)
CVE-2005-0611 version (HelixPlayer, fixed 1.0.3)
CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) 
CVE-2005-0605 backport (openmotif)
CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour
CVE-2005-0596 version (php, fixed 5.0)
CVE-2005-0593 version (mozilla)
CVE-2005-0593 version (firefox)
CVE-2005-0592 version (mozilla)
CVE-2005-0592 version (firefox)
CVE-2005-0591 version (firefox, fixed 1.0.1)
CVE-2005-0590 version (thunderbird)
CVE-2005-0590 version (openswan, fixed 2.1.4)
CVE-2005-0590 version (mozilla)
CVE-2005-0590 version (firefox)
CVE-2005-0589 version (firefox, fixed 1.0.1)
CVE-2005-0588 version (mozilla)
CVE-2005-0588 version (firefox)
CVE-2005-0587 version (mozilla)
CVE-2005-0587 version (firefox)
CVE-2005-0586 version (mozilla)
CVE-2005-0586 version (firefox)
CVE-2005-0585 version (mozilla)
CVE-2005-0585 version (firefox)
CVE-2005-0584 version (mozilla)
CVE-2005-0584 version (firefox)
CVE-2005-0578 version (mozilla)
CVE-2005-0578 version (firefox)
CVE-2005-0565 version (kernel, not 2.6)
CVE-2005-0532 version (kernel, fixed 2.6.11)
CVE-2005-0531 version (kernel, fixed 2.6.11)
CVE-2005-0530 version (kernel, fixed 2.6.11)
CVE-2005-0529 version (kernel, fixed 2.6.11)
CVE-2005-0527 version (mozilla, fixed 1.7.6)
CVE-2005-0527 version (firefox, fixed 1.0.1)
CVE-2005-0525 version (php, fixed 5.0.4)
CVE-2005-0524 version (php, fixed 5.0.4)
CVE-2005-0509 version (mono, not after 1.0.5)
CVE-2005-0504 version (kernel, not 2.6) doesn't build in 2.6
CVE-2005-0490 version (curl, fixed 7.13.1)
CVE-2005-0489 version (kernel, not 2.6)
CVE-2005-0488 backport (telnet)
CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch
CVE-2005-0473 version (gaim, fixed 1.1.3)
CVE-2005-0472 version (gaim, fixed 1.1.3)
CVE-2005-0470 version (wpa_supplicant, fixed 0.2.7)
CVE-2005-0469 version (krb5, fixed 1.4.1)
CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
CVE-2005-0468 version (krb5, fixed 1.4.1)
CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
CVE-2005-0455 version (HelixPlayer, fixed 1.0.3)
CVE-2005-0449 version (kernel, fixed 2.6.11)
CVE-2005-0448 version (perl, fixed 5.8.6) #173793
CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020
CVE-2005-0403 version (kernel) not upstream
CVE-2005-0402 version (firefox, fixed 1.0.2)
CVE-2005-0401 version (mozilla, fixed 1.7.7)
CVE-2005-0401 version (firefox, fixed 1.0.2)
CVE-2005-0400 version (kernel, fixed 2.6.11.6)
CVE-2005-0399 version (thunderbird)
CVE-2005-0399 version (mozilla)
CVE-2005-0399 version (firefox)
CVE-2005-0398 version (ipsec-tools, fixed 0.5)
CVE-2005-0397 version (ImageMagick, fixed 6.0.2.5)
CVE-2005-0396 version (kdelibs, fixed 3.4.0)
CVE-2005-0384 version (kernel, fixed 2.6.11.4)
CVE-2005-0372 version (gftp, fixed 2.0.18 at least)
CVE-2005-0365 version (kdelibs, not 3.4)
CVE-2005-0337 version (postfix, not 2.2)
CVE-2005-0255 version (thunderbird, fixed 1.0.2)
CVE-2005-0255 version (mozilla, fixed 1.7.6)
CVE-2005-0255 version (firefox, fixed 1.0.1)
CVE-2005-0247 version (postgresql, fixed after 8.0)
CVE-2005-0246 version (postgresql, fixed 8.0.1)
CVE-2005-0245 version (postgresql, fixed 8.0.1)
CVE-2005-0244 version (postgresql, fixed 8.0.1)
CVE-2005-0241 version (squid, fixed 2.5.STABLE8)
CVE-2005-0238 version (epiphany, fixed since mozilla 1.7.6)
CVE-2005-0237 version (kdelibs, fixed 3.4.0)
CVE-2005-0233 version (mozilla, fixed 1.7.6)
CVE-2005-0233 version (firefox, fixed 1.0.1)
CVE-2005-0232 version (mozilla, fixed 1.7.6)
CVE-2005-0232 version (firefox, fixed 1.0.1)
CVE-2005-0231 version (mozilla, fixed 1.7.6)
CVE-2005-0231 version (firefox, fixed 1.0.1)
CVE-2005-0230 version (thunderbird, fixed 1.0.2)
CVE-2005-0230 version (mozilla, fixed 1.7.6)
CVE-2005-0230 version (firefox, fixed 1.0.1)
CVE-2005-0227 version (postgresql, fixed 8.0.1)
CVE-2005-0215 version (mozilla)
CVE-2005-0211 version (squid, fixed 2.5.STABLE8)
CVE-2005-0210 version (kernel, fixed 2.6.11)
CVE-2005-0209 version (kernel, fixed 2.6.11)
CVE-2005-0208 version (gaim, fixed 1.1.4)
CVE-2005-0207 version (kernel, fixed 2.6.11)
CVE-2005-0206 version (xpdf) only bad patch for 2004-0888
CVE-2005-0205 version (kdenetwork, not 3.3+)
CVE-2005-0204 version (kernel) didn't affect upstream
CVE-2005-0202 version (mailman, fixed 2.1.6)
CVE-2005-0201 version (dbus, fixed 0.36.1)
CVE-2005-0194 version (squid, fixed 2.5.STABLE8)
CVE-2005-0180 version (kernel, fixed 2.6.11)
CVE-2005-0179 version (kernel, fixed 2.6.11)
CVE-2005-0178 version (kernel, fixed 2.6.11)
CVE-2005-0177 version (kernel, fixed 2.6.11)
CVE-2005-0176 version (kernel, fixed 2.6.10) only affected 2.6.9
CVE-2005-0175 version (squid, fixed 2.5.STABLE8)
CVE-2005-0174 version (squid, fixed 2.5.STABLE8)
CVE-2005-0173 version (squid, fixed 2.5.STABLE8)
CVE-2005-0162 version (openswan, fixed 2.3.0)
CVE-2005-0156 version (perl, fixed 5.8.8)
CVE-2005-0155 version (perl, fixed 5.8.8)
CVE-2005-0152 version (squirrelmail, not 1.4)
CVE-2005-0150 version (firefox, fixed 1.0)
CVE-2005-0149 version (mozilla)
CVE-2005-0149 version (firefox)
CVE-2005-0147 version (mozilla)
CVE-2005-0147 version (firefox)
CVE-2005-0146 version (mozilla)
CVE-2005-0146 version (firefox)
CVE-2005-0145 version (firefox, fixed 1.0)
CVE-2005-0144 version (mozilla)
CVE-2005-0144 version (firefox)
CVE-2005-0143 version (mozilla)
CVE-2005-0143 version (firefox)
CVE-2005-0142 version (thunderbird)
CVE-2005-0142 version (mozilla)
CVE-2005-0142 version (firefox)
CVE-2005-0141 version (mozilla)
CVE-2005-0141 version (firefox)
CVE-2005-0137 version (kernel, not 2.6)
CVE-2005-0136 version (kernel, fixed 2.6.11)
CVE-2005-0135 version (kernel, fixed 2.6.11)
CVE-2005-0124 version (kernel, fixed 2.6.11)
CVE-2005-0109 version (openssl, not 0.9.8a) 
CVE-2005-0109 backport (openssl097a)
CVE-2005-0104 version (squirrelmail, fixed 1.4.4)
CVE-2005-0103 version (squirrelmail, fixed 1.4.4)
CVE-2005-0102 version (evolution-data-server, fixed 1.2.2 at least)
CVE-2005-0100 version (emacs, fixed 21.4 at least)
CVE-2005-0097 version (squid, fixed 2.5.STABLE8)
CVE-2005-0096 version (squid, fixed 2.5.STABLE8)
CVE-2005-0095 version (squid, fixed 2.5.STABLE8)
CVE-2005-0094 version (squid, fixed 2.5.STABLE8)
CVE-2005-0092 version (kernel, not affected)
CVE-2005-0091 version (kernel, not affected)
CVE-2005-0090 version (kernel, not affected)
CVE-2005-0089 version (python, fixed 2.4.1 at least)
CVE-2005-0088 version (mod_python, fixed after 2.7.8)
CVE-2005-0087 version (alsa-lib, fixed 1.0.9)
CVE-2005-0086 version (less) didn't affect upstream
CVE-2005-0085 version (htdig, fixed 3.1.6-r7)
CVE-2005-0084 version (ethereal, fixed 0.10.9)
CVE-2005-0080 version (mailman) not upstream
CVE-2005-0078 version (kde, fixed 3.0.5)
CVE-2005-0077 version (perl-DBI, fixed 1.48 at least)
CVE-2005-0075 version (squirrelmail, fixed 1.4.4)
CVE-2005-0069 backport (vim) vim-6.4-tmpfile.patch
CVE-2005-0064 version (xpdf, fixed 3.0.1)
CVE-2005-0064 version (tetex, fixed 3.0)
CVE-2005-0064 version (kdegraphics, not 3.4)
CVE-2005-0064 version (cups, fixed 1.2.2) [since FEDORA-2006-776] was backport cups-CAN-2005-0064.patch since GA
CVE-2005-0039 ignore (kernel) not a vulnerability: don't do this says the rfc
CVE-2005-0034 version (bind, fixed after 9.3.0)
CVE-2005-0033 version (bind, not 9)
CVE-2005-0023 ignore (libvte) not a security risk
CVE-2005-0014 version (ncpfs, fixed 2.2.6)
CVE-2005-0013 version (ncpfs, fixed 2.2.6)
CVE-2005-0011 version (kdeedu, not 3.4)
CVE-2005-0010 version (ethereal, fixed 0.10.9)
CVE-2005-0009 version (ethereal, fixed 0.10.9)
CVE-2005-0008 version (ethereal, fixed 0.10.9)
CVE-2005-0007 version (ethereal, fixed 0.10.9)
CVE-2005-0006 version (ethereal, fixed 0.10.9)
CVE-2005-0005 version (ImageMagick, fixed after 6.1.7)
CVE-2005-0004 version (mysql, fixed 4.1.10)
CVE-2005-0003 version (kernel, fixed 2.6.10)
CVE-2005-0001 version (kernel, fixed 2.6.10)
CVE-2004-2660 version (kernel, fixed 2.6.10)
CVE-2004-2657 ignore (firefox) windows only
CVE-2004-2655 version (xscreensaver)
CVE-2004-2654 version (squid, fixed 2.6STABLE6)
CVE-2004-2607 version (kernel, fixed 2.6.5)
CVE-2004-2589 version (gaim, fixed 0.82)
CVE-2004-2546 version (samba, fixed 3.0.6)
CVE-2004-2541 ignore (cscope) blocked by FORTIFY_SOURCE
CVE-2004-2536 version (kernel, fixed 2.6.7)
CVE-2004-2531 version (gnutls, fixed 1.0.17)
CVE-2004-2480 ignore (squid) #166523, not reproducable
CVE-2004-2479 version (squid, fixed 2.5.STABLE8)
CVE-2004-2396 version (passwd, fixed 0.69)
CVE-2004-2395 version (passwd, fixed 0.69)
CVE-2004-2394 version (passwd, fixed 0.69)
CVE-2004-2392 version (libuser, fixed 0.51.10)
CVE-2004-2343 ignore (httpd) not a security issue
CVE-2004-2302 version (kernel, fixed 2.6.10)
CVE-2004-2259 version (vsftpd, fixed 1.2.2)
CVE-2004-2228 version (firefox, fixed 1.0)
CVE-2004-2227 version (firefox, fixed 1.0)
CVE-2004-2225 version (firefox, fixed 0.10.1)
CVE-2004-2154 version (cups, fixed 1.2.21rc1)
CVE-2004-2149 version (mysql, fixed 4.1.5)
CVE-2004-2136 ignore (dm-crypt) design
CVE-2004-2135 ignore (kernel) design
CVE-2004-2093 ignore (rsync) not security issue
CVE-2004-2069 version (openssh, not 4)
CVE-2004-2014 version (wget, fixed 1.10.1)
CVE-2004-2013 ignore (kernel, not 2.6) also not exploitable
CVE-2004-2004 version (configuration) SUSE only
CVE-2004-1880 version (openldap, fixed 2.2.21)
CVE-2004-1834 version (httpd, fixed 2.0.50)
CVE-2004-1773 version (sharutils, not 4.6)
CVE-2004-1772 version (sharutils, not 4.6)
CVE-2004-1761 version (ethereal, fixed 0.10.3)
CVE-2004-1689 version (sudo, fixed 1.6.8p1)
CVE-2004-1653 ignore (openssh)
CVE-2004-1639 version (mozilla)
CVE-2004-1639 version (firefox)
CVE-2004-1617 ignore (lynx) not able to verify flaw
CVE-2004-1614 version (mozilla, fixed 1.7.5)
CVE-2004-1613 version (mozilla, fixed 1.7.5)
CVE-2004-1488 version (wget, fixed 1.10.1)
CVE-2004-1471 version (cvs, fixed 1.12.9)
CVE-2004-1453 version (glibc, fixed 2.3.5)
CVE-2004-1452 version (tomcat, fixed 5.0.27-r3)
CVE-2004-1451 version (thunderbird)
CVE-2004-1451 version (mozilla)
CVE-2004-1451 version (firefox)
CVE-2004-1450 version (thunderbird)
CVE-2004-1450 version (mozilla)
CVE-2004-1450 version (firefox)
CVE-2004-1449 version (thunderbird)
CVE-2004-1449 version (mozilla)
CVE-2004-1449 version (firefox)
CVE-2004-1392 version (php, fixed 5.0.4)
CVE-2004-1382 version (glibc, not 2.3.5)
CVE-2004-1381 version (mozilla)
CVE-2004-1381 version (firefox)
CVE-2004-1380 version (mozilla)
CVE-2004-1380 version (firefox)
CVE-2004-1377 backport (a2ps) a2ps-4.13-security.patch
CVE-2004-1337 version (kernel, fixed 2.6.11)
CVE-2004-1336 version (tetex, fixed 3.0 at least)
CVE-2004-1335 version (kernel, fixed 2.6.10)
CVE-2004-1334 version (kernel, fixed 2.6.10)
CVE-2004-1333 version (kernel, fixed 2.6.10)
CVE-2004-1316 version (thunderbird, fixed 0.9)
CVE-2004-1316 version (mozilla, fixed 1.7.5)
CVE-2004-1308 version (libtiff, fixed 3.7.1 at least)
CVE-2004-1307 version (libtiff, was already fixed with 0886)
CVE-2004-1304 version (file, fixed 4.12)
CVE-2004-1296 backport (groff) from srpm
CVE-2004-1287 backport (nasm)
CVE-2004-1270 version (cups, fixed 1.1.23)
CVE-2004-1269 version (cups, fixed 1.1.23)
CVE-2004-1268 version (cups, fixed 1.1.23)
CVE-2004-1267 version (cups, fixed 1.1.23)
CVE-2004-1237 version (kernel, not 2.6) not upstream
CVE-2004-1235 version (kernel, fixed 2.6.11)
CVE-2004-1234 version (kernel, not 2.6)
CVE-2004-1224 version (mtr, fixed after 0.65)
CVE-2004-1200 ignore (firefox, mozilla) not a security issue
CVE-2004-1191 version (kernel, fixed 2.6.9)
CVE-2004-1190 version (kernel, fixed 2.6.10)
CVE-2004-1189 version (krb5, fixed 1.4)
CVE-2004-1186 backport (enscript)
CVE-2004-1185 backport (enscript)
CVE-2004-1184 version (enscript, fixed 1.6.4 at least)
CVE-2004-1183 version (libtiff, fixed 3.7.2)
CVE-2004-1180 version (rwho, fixed 0.17)
CVE-2004-1177 version (mailman, fixed 2.1.6)
CVE-2004-1176 version (mc, fixed 4.6.0)
CVE-2004-1175 version (mc, fixed 4.6.0)
CVE-2004-1174 version (mc, fixed 4.6.0)
CVE-2004-1171 version (kdelibs, not 3.4)
CVE-2004-1170 backport (a2ps) a2ps-shell.patch
CVE-2004-1165 version (kdelibs, not 3.4)
CVE-2004-1158 version (kdelibs, not 3.4)
CVE-2004-1156 version (mozilla, firefox)
CVE-2004-1154 version (samba, fixed 3.0.10)
CVE-2004-1151 version (kernel, fixed 2.6.10)
CVE-2004-1145 version (kde, not 3.4)
CVE-2004-1144 version (kernel, not 2.6)
CVE-2004-1143 version (mailman, fixed 2.1.5)
CVE-2004-1142 version (ethereal, fixed 0.10.8)
CVE-2004-1141 version (ethereal, fixed 0.10.8)
CVE-2004-1140 version (ethereal, fixed 0.10.8)
CVE-2004-1139 version (ethereal, fixed 0.10.8)
CVE-2004-1138 version (vim, fixed 6.3)
CVE-2004-1137 version (kernel, fixed 2.6.10)
CVE-2004-1125 version (xpdf, fixed 3.0.1)
CVE-2004-1125 version (tetex, at least 3.0)
CVE-2004-1125 version (kdegraphics, not 3.4)
CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14)
CVE-2004-1093 version (mc, fixed 4.6.0)
CVE-2004-1092 version (mc, fixed 4.6.0)
CVE-2004-1091 version (mc, fixed 4.6.0)
CVE-2004-1090 version (mc, fixed 4.6.0)
CVE-2004-1079 version (ncpfs, fixed 2.2.6 at least)
CVE-2004-1074 version (kernel, fixed 2.6.10)
CVE-2004-1073 version (kernel, fixed 2.6.10)
CVE-2004-1072 version (kernel, fixed 2.6.10)
CVE-2004-1071 version (kernel, fixed 2.6.10)
CVE-2004-1070 version (kernel, fixed 2.6.10)
CVE-2004-1069 version (kernel, fixed 2.6.10)
CVE-2004-1068 version (kernel, fixed 2.6.10)
CVE-2004-1065 version (php, fixed after 5.0.2)
CVE-2004-1064 version (php, fixed after 5.0.2)
CVE-2004-1063 version (php, fixed after 5.0.2)
CVE-2004-1060 version (kernel) all verifies sequence number
CVE-2004-1058 version (kernel, fixed 2.6.9)
CVE-2004-1057 version (kernel, fixed 2.6.10)
CVE-2004-1056 version (kernel, fixed 2.6.10)
CVE-2004-1051 version (sudo, fixed 1.6.8p2)
CVE-2004-1036 version (squirrelmail, fixed 1.4.4)
CVE-2004-1026 backport (imlib) imlib-1.9.14-bounds.patch
CVE-2004-1025 backport (imlib) imlib-1.9.14-bounds.patch
CVE-2004-1020 version (php, fixed after 5.0.2)
CVE-2004-1019 version (php, fixed after 5.0.2)
CVE-2004-1018 version (php, fixed after 5.0.2)
CVE-2004-1017 version (kernel, fixed 2.6.10)
CVE-2004-1016 version (kernel, fixed 2.6.10)
CVE-2004-1014 version (nfs-utils, fixed 1.0.7)
CVE-2004-1009 version (mc, fixed 4.6.0)
CVE-2004-1006 version (dhcp, not 3)
CVE-2004-1005 version (mc, fixed 4.6.0)
CVE-2004-1004 version (mc, fixed 4.6.0)
CVE-2004-1002 ignore (ppp) not a security issue
CVE-2004-0997 version (kernel, not 2.6)
CVE-2004-0996 backport (cscope) not fixed in 15.5
CVE-2004-0990 version (gd, fixed 2.0.33 at least)
CVE-2004-0989 version (libxml2, fixed 2.6.15)
CVE-2004-0986 version (iptables, fixed 1.2.12)
CVE-2004-0983 version (ruby, fixed 1.8.2)
CVE-2004-0981 version (ImageMagick, fixed 6.1.0)
CVE-2004-0977 version (postgresql, fixed after 7.4.6)
CVE-2004-0976 backport (perl) perl-5.8.7-CAN-2004-0976.patch
CVE-2004-0975 version (openssl, not 0.9.8)
CVE-2004-0975 backport (openssl097a, fixed 0.9.7f)
CVE-2004-0974 version (netatalk, fixed 2.0.1)
CVE-2004-0972 version (lvm2, fixed 2.2.01.8 at least)
CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch
CVE-2004-0970 version (gzip)
CVE-2004-0969 version (groff, fixed 1.18.1.1)
CVE-2004-0968 version (glibc, fixed 2.3.5 at least)
CVE-2004-0967 version (ghostscript, fixed 8.15.1)
CVE-2004-0966 version (gettext, fixed 0.14.3 at least)
CVE-2004-0961 version (freeradius, fixed 1.0.1)
CVE-2004-0960 version (freeradius, fixed 1.0.1)
CVE-2004-0959 version (php, fixed 4.3.9)
CVE-2004-0958 version (php, fixed 4.3.9)
CVE-2004-0957 version (mysql, fixed 4.0.21)
CVE-2004-0956 version (mysql, fixed 4.0.20)
CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6)
CVE-2004-0942 version (httpd, fixed 2.0.53)
CVE-2004-0941 backport (gd)
CVE-2004-0940 version (httpd, not 2.0)
CVE-2004-0938 version (freeradius, fixed 1.0.1)
CVE-2004-0930 version (samba, fixed 3.0.8)
CVE-2004-0929 version (libtiff, fixed 3.7.0)
CVE-2004-0923 version (cups, fixed 1.2.22)
CVE-2004-0918 version (squid, fixed 2.4.STABLE7)
CVE-2004-0914 version (xorg-x11, fixed after 6.8.1)
CVE-2004-0914 backport (openmotif)
CVE-2004-0909 version (thunderbird)
CVE-2004-0909 version (mozilla)
CVE-2004-0909 version (firefox)
CVE-2004-0908 version (mozilla, fixed 1.7.3)
CVE-2004-0907 version (thunderbird)
CVE-2004-0907 version (mozilla)
CVE-2004-0907 version (firefox)
CVE-2004-0906 version (thunderbird)
CVE-2004-0906 version (mozilla)
CVE-2004-0906 version (firefox)
CVE-2004-0905 version (mozilla, fixed 1.7.3)
CVE-2004-0904 version (mozilla, fixed 1.7.3)
CVE-2004-0903 version (mozilla, fixed 1.7.3)
CVE-2004-0902 version (mozilla, fixed 1.7.3)
CVE-2004-0891 version (gaim, fixed 1.0.2)
CVE-2004-0889 version (xpdf, fixed 3.0.1)
CVE-2004-0888 version (xpdf, fixed 3.0.1)
CVE-2004-0888 version (tetex, fixed 3.0)
CVE-2004-0888 version (kpdegraphics, not 3.4)
CVE-2004-0888 version (cups) [since FEDORA-2006-252] was backport since GA
CVE-2004-0887 version (kernel, fixed 2.6.10)
CVE-2004-0886 version (libtiff, fixed 3.7.1 at least)
CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109)
CVE-2004-0885 version (httpd, fixed after 2.0.52)
CVE-2004-0884 version (cyrus-sasl, fixed 2.1.20)
CVE-2004-0883 version (kernel, fixed 2.6.11)
CVE-2004-0883 version (kernel, fixed 2.6.11)
CVE-2004-0882 version (samba, fixed 3.0.8)
CVE-2004-0871 ignore (mozilla) unfixed upstream with no patch
CVE-2004-0870 ignore (kde) upstream won't fix
CVE-2004-0867 version (firefox, after 0.9.2)
CVE-2004-0837 version (mysql, fixed 4.0.21)
CVE-2004-0836 version (mysql, fixed 4.0.21)
CVE-2004-0835 version (mysql, fixed 4.1.2)
CVE-2004-0832 version (squid, fixed 2.5.STABLE7)
CVE-2004-0829 version (samba, fixed 2.2.11)
CVE-2004-0827 version (ImageMagick, fixed 6.0.6.2)
CVE-2004-0826 version (nss, fixed 3.9.2)
CVE-2004-0823 version (openldap, fixed after 2.1.19)
CVE-2004-0817 version (imlib, fixed 2.1.20 at least)
CVE-2004-0816 version (kernel, fixed 2.6.8)
CVE-2004-0815 version (samba, fixed 3.0.2a)
CVE-2004-0814 version (kernel, fixed 2.6.9)
CVE-2004-0813 version (kernel, fixed 2.6.8)
CVE-2004-0812 version (kernel, not 2.6)
CVE-2004-0811 version (httpd, fixed 2.0.52)
CVE-2004-0809 version (httpd, fixed 2.0.51)
CVE-2004-0808 version (samba, fixed 3.0.7)
CVE-2004-0807 version (samba, fixed 3.0.7)
CVE-2004-0806 version (cdrtools, fixed 2.0.1)
CVE-2004-0804 version (libtiff, fixed after 3.6.1)
CVE-2004-0804 version (kdegraphics)
CVE-2004-0803 version (libtiff, fixed after 3.6.1)
CVE-2004-0803 version (kdegraphics)
CVE-2004-0802 version (imlib, fixed 1.1.2)
CVE-2004-0801 version (foomatic, fixed 3.0.2)
CVE-2004-0797 version (zlib, fixed 1.2.2.2 at least)
CVE-2004-0797 version (zlib)
CVE-2004-0796 version (spamassassin, fixed 2.64)
CVE-2004-0792 version (rsync, fixed 2.6.3)
CVE-2004-0791 version (kernel, fixed 2.6.9)
CVE-2004-0790 version (kernel) doesn't affect linux 2.6
CVE-2004-0788 version (gtk2, fixed 2.6.7 at least)
CVE-2004-0788 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0786 version (apr-util, fixed 2.0.51)
CVE-2004-0785 version (gaim, fixed 0.82)
CVE-2004-0784 version (gaim, fixed 0.82)
CVE-2004-0783 version (gtk2, fixed 2.6.7 at least)
CVE-2004-0783 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0782 version (gtk2, fixed 2.6.7 at least)
CVE-2004-0782 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0779 version (thunderbird)
CVE-2004-0779 version (mozilla)
CVE-2004-0779 version (firefox)
CVE-2004-0778 version (cvs, fixed 1.11.17)
CVE-2004-0772 version (krb5, fixed after 1.2.8)
CVE-2004-0771 backport (lha, changelog)
CVE-2004-0769 backport (lha, changelog)
CVE-2004-0768 version (libpng, fixed 1.2.6)
CVE-2004-0765 version (mozilla, fixed 1.7)
CVE-2004-0764 version (mozilla, fixed 1.7)
CVE-2004-0763 version (mozilla, fixed 1.7.2)
CVE-2004-0762 version (mozilla, fixed 1.7)
CVE-2004-0761 version (mozilla, fixed 1.7)
CVE-2004-0760 version (mozilla, fixed 1.7.2)
CVE-2004-0759 version (mozilla, fixed 1.7)
CVE-2004-0758 version (mozilla, fixed 1.7.2)
CVE-2004-0757 version (mozilla, fixed 1.7)
CVE-2004-0755 version (ruby, fixed 1.8.1)
CVE-2004-0754 version (gaim, fixed 0.82)
CVE-2004-0753 version (gtk2, fixed after 2.2.4)
CVE-2004-0753 version (gdk-pixbuf, fixed 0.22)
CVE-2004-0752 version (openoffice.org, fixed after 1.1.2)
CVE-2004-0751 version (httpd, fixed 2.0.51)
CVE-2004-0750 version (system-config-nfs, fixed 1.0.13)
CVE-2004-0749 version (subversion, fixed 1.0.8)
CVE-2004-0748 version (httpd, fixed 2.0.51)
CVE-2004-0747 version (httpd, fixed 2.0.51)
CVE-2004-0746 version (kde, fixed 3.3)
CVE-2004-0745 backport (lha)
CVE-2004-0722 version (mozilla, fixed 1.7)
CVE-2004-0721 version (kdelibs, fixed 3.3)
CVE-2004-0718 version (mozilla, fixed 1.7)
CVE-2004-0700 version (httpd, not 2.0)
CVE-2004-0694 backport (lha, changelog)
CVE-2004-0693 version (qt, fixed 3.3.3)
CVE-2004-0692 version (qt, fixed 3.3.3)
CVE-2004-0691 version (qt, fixed 3.3.3)
CVE-2004-0690 version (kdelibs, fixed after 3.2.3)
CVE-2004-0689 version (kdelibs, fixed 3.3.0)
CVE-2004-0688 version (openmotif)
CVE-2004-0687 version (openmotif)
CVE-2004-0686 version (samba, fixed 3.0.6)
CVE-2004-0685 version (kernel, not 2.6)
CVE-2004-0658 ignore (kernel) not a security issue
CVE-2004-0648 version (thunderbird)
CVE-2004-0648 version (mozilla)
CVE-2004-0648 version (firefox)
CVE-2004-0644 version (krb5, fixed after 1.3.4)
CVE-2004-0643 version (krb5, fixed after 1.3.1)
CVE-2004-0642 version (krb5, fixed after 1.3.4)
CVE-2004-0639 version (squirrelmail, fixed after 1.2.10)
CVE-2004-0635 version (ethereal, fixed 0.10.5)
CVE-2004-0634 version (ethereal, fixed 0.10.5)
CVE-2004-0633 version (ethereal, fixed 0.10.5)
CVE-2004-0628 version (mysql, fixed 4.1.3)
CVE-2004-0627 version (mysql, fixed 4.1.3)
CVE-2004-0626 version (kernel, fixed 2.6.8)
CVE-2004-0619 version (kernel) no driver
CVE-2004-0607 version (racoon) note RHSA-2004:308 has wrong text
CVE-2004-0603 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch
CVE-2004-0600 version (samba, fixed 3.0.6)
CVE-2004-0599 version (mozilla, fixed 1.7.2)
CVE-2004-0599 version (libpng10, fixed 1.0.16)
CVE-2004-0599 version (libpng, fixed 1.2.6)
CVE-2004-0598 version (libpng10, fixed 1.0.16)
CVE-2004-0598 version (libpng, fixed 1.2.6)
CVE-2004-0597 version (mozilla, fixed 1.7.2)
CVE-2004-0597 version (libpng10, fixed 1.0.16)
CVE-2004-0597 version (libpng, fixed 1.2.6)
CVE-2004-0595 version (php, fixed 4.3.8)
CVE-2004-0594 version (php, fixed 4.3.8)
CVE-2004-0592 version (kernel, not upstream flaw)
CVE-2004-0587 version (kernel) not upstream flaw
CVE-2004-0558 version (cups, fixed 1.1.21)
CVE-2004-0557 version (sox, fixed after 12.17.4)
CVE-2004-0554 version (kernel, fixed 2.6.7)
CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue
CVE-2004-0547 version (postgresql, fixed 7.2.1)
CVE-2004-0541 version (squid)
CVE-2004-0535 version (kernel, fixed 2.6.6)
CVE-2004-0527 version (konqueror, not 3+)
CVE-2004-0523 version (krb5, fixed 1.3.4)
CVE-2004-0521 version (squirrelmail, fixed 1.4.3a)
CVE-2004-0520 version (squirrelmail, fixed 1.4.3a)
CVE-2004-0519 version (squirrelmail, fixed 1.4.3a)
CVE-2004-0507 version (ethereal, fixed 0.10.4)
CVE-2004-0506 version (ethereal, fixed 0.10.4)
CVE-2004-0505 version (ethereal, fixed 0.10.4)
CVE-2004-0504 version (ethereal, fixed 0.10.4)
CVE-2004-0500 version (gaim, fixed 0.82)
CVE-2004-0497 version (kernel, fixed 2.6.8)
CVE-2004-0496 version (kernel, fixed 2.6.8)
CVE-2004-0495 version (kernel, fixed 2.6.8)
CVE-2004-0494 version (mc, fixed 4.6.1)
CVE-2004-0493 version (httpd, fixed 2.0.50)
CVE-2004-0492 version (httpd, not 2.0)
CVE-2004-0491 version (kernel, not upstream)
CVE-2004-0488 version (httpd, fixed 2.0.50)
CVE-2004-0478 ignore (mozilla) not a security issue
CVE-2004-0461 version (dhcp, fixed after 3.0.1rc13)
CVE-2004-0460 version (dhcp, fixed after 3.0.1rc13)
CVE-2004-0457 version (mysql, fixed after 4.0.20)
CVE-2004-0452 version (perl, fixed 5.8.8)
CVE-2004-0447 version (kernel, fixed 2.6.5)
CVE-2004-0427 version (kernel, fixed 2.6.6)
CVE-2004-0426 version (rsync, fixed 2.6.1)
CVE-2004-0424 version (kernel, fixed 2.6.4)
CVE-2004-0421 version (libpng10, fixed 1.0.16)
CVE-2004-0421 version (libpng, fixed 1.0.16)
CVE-2004-0419 version (xorg-x11, fixed 6.8.2 at least)
CVE-2004-0418 version (cvs, fixed 1.11.17)
CVE-2004-0417 version (cvs, fixed 1.11.17)
CVE-2004-0416 version (cvs, fixed 1.11.17)
CVE-2004-0415 version (kernel, fixed 2.6.8)
CVE-2004-0414 version (cvs, fixed 1.11.17)
CVE-2004-0413 version (subversion, fixed 1.0.5)
CVE-2004-0412 version (mailman, fixed 2.1.5)
CVE-2004-0411 version (kdelibs, fixed 3.3)
CVE-2004-0409 version (xchat, fixed after 2.0.8)
CVE-2004-0405 version (cvs, fixed 1.11)
CVE-2004-0403 version (racoon, fixed 20040408a)
CVE-2004-0398 version (neon, fixed 0.24.6)
CVE-2004-0397 version (subversion, fixed 1.0.1)
CVE-2004-0396 version (cvs, fixed 1.12.8)
CVE-2004-0394 version (kernel, not 2.6) also not a vulnerability
CVE-2004-0392 version (racoon, fixed 20040407b)
CVE-2004-0388 version (mysql, fixed 4.1.11 at least)
CVE-2004-0381 version (mysql, fixed 4.1.11 at least)
CVE-2004-0367 version (ethereal, fixed 0.10.3)
CVE-2004-0365 version (ethereal, fixed 0.10.3)
CVE-2004-0263 version (php, fixed 4.3.5)
CVE-2004-0256 version (libtool, fixed 1.5.2)
CVE-2004-0235 backport (lha, changelog)
CVE-2004-0234 backport (lha, changelog)
CVE-2004-0233 version (utempter, fixed 0.5.5)
CVE-2004-0232 version (mc, fixed 4.6.0)
CVE-2004-0231 version (mc, fixed 4.6.0)
CVE-2004-0229 version (kernel, fixed 2.6.6)
CVE-2004-0228 version (kernel, fixed 2.6.6)
CVE-2004-0226 version (mc, fixed 4.6.0)
CVE-2004-0191 version (mozilla, fixed 1.4.2)
CVE-2004-0189 version (squid, fixed 2.5.STABLE5)
CVE-2004-0186 version (samba, not 3.0.2a)
CVE-2004-0184 version (tcpdump, fixed 3.8.2)
CVE-2004-0183 version (tcpdump, fixed 3.8.2)
CVE-2004-0182 version (mailman) only affected Red Hat packages
CVE-2004-0181 version (kernel, fixed 2.6.5)
CVE-2004-0180 version (cvs, fixed 1.11.15)
CVE-2004-0179 version (openoffice.org)
CVE-2004-0179 version (neon, fixed 0.24.5)
CVE-2004-0178 version (kernel, not 2.6)
CVE-2004-0177 version (kernel, fixed 2.6.6)
CVE-2004-0176 version (ethereal, fixed 0.10.3)
CVE-2004-0175 version (openssh, fixed 3.4p1)
CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch
CVE-2004-0174 version (httpd, fixed 2.0.49)
CVE-2004-0173 version (httpd, fixed 2.0.49)
CVE-2004-0164 version (racoon)
CVE-2004-0155 version (racoon)
CVE-2004-0154 version (nfs-utils, fixed 1.0.6)
CVE-2004-0150 version (python, fixed 2.2.2)
CVE-2004-0138 version (kernel, fixed 2.6.0)
CVE-2004-0133 version (kernel, 2.6.4)
CVE-2004-0113 version (httpd, fixed 2.0.49)
CVE-2004-0112 version (openssl, not 0.9.8)
CVE-2004-0112 backport (openssl097a, fixed 0.9.7d)
CVE-2004-0111 version (gdk-pixbuf, fixed 0.20)
CVE-2004-0110 version (libxml2, fixed 2.6.6)
CVE-2004-0109 version (kernel, fixed 2.6.6)
CVE-2004-0108 version (sysstat)
CVE-2004-0107 version (sysstat, fixed after 4.0.7)
CVE-2004-0106 version (XFree86)
CVE-2004-0098 version (php)
CVE-2004-0097 version (pwlib, fixed 1.6.0)
CVE-2004-0096 version (mod_python, fixed after 2.7.9)
CVE-2004-0094 version (XFree86, fixed 4.3.0)
CVE-2004-0093 version (XFree86, fixed 4.3.0)
CVE-2004-0084 version (XFree86)
CVE-2004-0083 version (XFree86)
CVE-2004-0082 version (samba, fixed 3.0.2)
CVE-2004-0081 version (openssl097a, not 0.9.7)
CVE-2004-0081 version (openssl, not 0.9.8)
CVE-2004-0080 version (util-linux, fixed after 2.11f)
CVE-2004-0079 version (openssl, not 0.9.8)
CVE-2004-0079 backport (openssl097a, fixed 0.9.7c)
CVE-2004-0078 version (mutt, fixed 1.4.2)
CVE-2004-0077 version (kernel, fixed 2.6.3)
CVE-2004-0075 version (kernel, not 2.6)
CVE-2004-0057 version (tcpdump, fixed 3.8.2)
CVE-2004-0055 version (tcpdump, fixed 3.8.2)
CVE-2004-0042 ignore (vsftpd) disputed
CVE-2004-0010 version (kernel, not 2.6)
CVE-2004-0008 version (gaim, fixed 0.75)
CVE-2004-0007 version (gaim, fixed 0.75)
CVE-2004-0006 version (gaim, fixed 0.76)
CVE-2004-0005 version (gaim, fixed 0.76)
CVE-2004-0003 version (kernel, not 2.6)
CVE-2004-0001 version (kernel, not 2.6)
CVE-2003-1307 ignore (mod_php) not a vulnerability
CVE-2003-1303 version (php, fixed 4.3.3)
CVE-2003-1302 version (php, fixed 4.3.1)
CVE-2003-1295 version (xscreensaver)
CVE-2003-1294 version (xscreensaver, fixed 4.15)
CVE-2003-1265 VULNERABLE (mozilla) not fixed upstream
CVE-2003-1265 VULNERABLE (firefox) not fixed upstream
CVE-2003-1232 version (emacs, fixed 21.3)
CVE-2003-1201 version (openldap, not 2.2)
CVE-2003-1161 version (kernel, not released version)
CVE-2003-1138 backport (httpd, Red Hat only) contains /+ now
CVE-2003-1029 version (tcpdump, fixed after 3.8.1)
CVE-2003-1023 version (mc, 4.6.1)
CVE-2003-1013 version (ethereal, fixed 0.10.0)
CVE-2003-1012 version (ethereal, fixed 0.10.0)
CVE-2003-0993 version (httpd, not 2.0)
CVE-2003-0992 version (mailman, fixed 2.1.4)
CVE-2003-0992 version (mailman, fixed 2.1.3)
CVE-2003-0991 version (mailman, fixed 2.0.14)
CVE-2003-0990 version (squirrelmail, fixed after 1.4.0)
CVE-2003-0989 version (tcpdump, fixed 3.8.1)
CVE-2003-0989 version (tcpdump, fixed 3.8.1)
CVE-2003-0988 version (kdepim, fixed 3.1.5)
CVE-2003-0988 version (kde, fixed 3.1.5)
CVE-2003-0987 version (httpd, not 2.0)
CVE-2003-0986 version (kernel, fixed 2.6.2)
CVE-2003-0985 version (kernel, not 2.6)
CVE-2003-0984 version (kernel, fixed 2.4.23)
CVE-2003-0977 version (cvs, fixed 1.11.10)
CVE-2003-0973 version (mod_python, fixed 3.0.4)
CVE-2003-0972 version (screen, fixed after 4.0.1)
CVE-2003-0971 version (gnupg, fixed after 1.0.2)
CVE-2003-0968 version (freeradius, fixed after 0.9.3)
CVE-2003-0967 version (freeradius, fixed after 0.9.2)
CVE-2003-0965 version (mailman, fixed 2.1.4)
CVE-2003-0963 version (lftp, fixed after 2.6.9)
CVE-2003-0962 version (rsync, fixed 2.5.7)
CVE-2003-0961 version (kernel, fixed 2.4.23)
CVE-2003-0959 version (kernel, fixed 2.4.21)
CVE-2003-0956 version (kernel, fixed 2.4.22)
CVE-2003-0935 version (netsnmp, fixed 5.0.9)
CVE-2003-0927 version (ethereal, fixed 0.9.16)
CVE-2003-0926 version (ethereal, fixed 0.9.16)
CVE-2003-0925 version (ethereal, fixed 0.9.16)
CVE-2003-0924 version (netpbm, fixed 9.26)
CVE-2003-0914 version (bind, not 9)
CVE-2003-0901 version (postgresql, not 8)
CVE-2003-0900 version (perl, only 5.8.1)
CVE-2003-0885 version (xscreensaver, fixed 4.15)
CVE-2003-0865 version (tomcat, fixed after 4.0.3)
CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html
CVE-2003-0861 version (php, fixed 4.3.3)
CVE-2003-0860 version (php, fixed 4.3.3)
CVE-2003-0859 version (glibc, checked source)
CVE-2003-0858 version (quagga, fixed 0.95)
CVE-2003-0856 version (iproute)
CVE-2003-0854 version (coreutils, fixed 5.1.3)
CVE-2003-0853 version (coreutils, fixed 5.1.3)
CVE-2003-0851 version (openssl097a, not 0.9.7)
CVE-2003-0851 version (openssl, not 0.9.8)
CVE-2003-0795 version (quagga, fixed 0.96.4)
CVE-2003-0794 version (gdm, fixed 2.4.1.7)
CVE-2003-0793 version (gdm, fixed 2.4.1.7)
CVE-2003-0792 version (fetchmail, 6.2.4 only)
CVE-2003-0791 version (mozilla, not after 1.4)
CVE-2003-0789 version (httpd, fixed 2.0.48)
CVE-2003-0788 version (cups, fixed 1.1.19)
CVE-2003-0787 version (openssh, fixed 3.7.1p2)
CVE-2003-0786 version (openssh, fixed 3.7.1p2)
CVE-2003-0780 version (mysql, not 4.1)
CVE-2003-0778 version (sane-backends, fixed 1.0.10)
CVE-2003-0777 version (sane-backends, fixed 1.0.10)
CVE-2003-0776 version (sane-backends, fixed 1.0.10)
CVE-2003-0775 version (sane-backends, fixed 1.0.10)
CVE-2003-0774 version (sane-backends, fixed 1.0.10)
CVE-2003-0773 version (sane-backends, fixed 1.0.10)
CVE-2003-0740 version (stunnel, fixed 3.26)
CVE-2003-0730 version (xfree86, fixed after 4.3.0)
CVE-2003-0700 version (kernel, not 2.6)
CVE-2003-0699 version (kernel, not 2.6)
CVE-2003-0695 version (openssh, fixed 3.7.1)
CVE-2003-0694 version (sendmail, fixed 8.12.10)
CVE-2003-0693 version (openssh, fixed 3.7)
CVE-2003-0692 version (kde, fixed after 3.1.3)
CVE-2003-0690 version (kde, fixed after 3.1.3)
CVE-2003-0689 version (glibc, fixed 2.3.2 at least)
CVE-2003-0688 version (sendmail, fixed 8.12.9)
CVE-2003-0686 version (pam_smb, fixed 1.1.7)
CVE-2003-0682 version (openssh, fixed 4.0p1 at least)
CVE-2003-0681 version (sendmail, fixed 8.12.10)
CVE-2003-0655 version (cdrtools, fixed 2.01a18)
CVE-2003-0644 version (kdbg, not after 1.2.8)
CVE-2003-0643 version (kernel, not 2.6)
CVE-2003-0619 version (kernel, not 2.6)
CVE-2003-0618 version (suidperl, fixed 5.8.6 at least)
CVE-2003-0594 version (mozilla, ICAT)
CVE-2003-0592 version (kde, fixed 3.1.3)
CVE-2003-0564 version (mozilla, ICAT)
CVE-2003-0555 ignore (ImageMagick) wasn't reproducable
CVE-2003-0552 version (kernel, not 2.6)
CVE-2003-0551 version (kernel, not 2.6)
CVE-2003-0550 version (kernel, not 2.6)
CVE-2003-0549 version (gdm, fixed 2.4.1.6)
CVE-2003-0548 version (gdm, fixed 2.4.1.6)
CVE-2003-0547 version (gdm, fixed 2.4.1.6)
CVE-2003-0546 version (up2date, fixed after 3.1.23)
CVE-2003-0545 version (openssl, not 0.9.8)
CVE-2003-0545 backport (openssl097a, fixed 0.9.7c)
CVE-2003-0544 version (openssl, not 0.9.8)
CVE-2003-0544 backport (openssl097a, fixed 0.9.7c)
CVE-2003-0543 version (openssl, not 0.9.8)
CVE-2003-0543 backport (openssl097a, fixed 0.9.7c)
CVE-2003-0542 version (httpd, fixed 2.0.48)
CVE-2003-0541 backport (gtkhtml, fixed 1.1.10) gtkhtml-1.1.9-textslave.patch
CVE-2003-0540 version (postfix, not 2.0 onwards)
CVE-2003-0517 version (mgetty, fixed 1.1.29)
CVE-2003-0516 version (mgetty, fixed 1.1.29)
CVE-2003-0501 version (kernel, fixed 2.6.1)
CVE-2003-0476 version (kernel, fixed 2.6.1)
CVE-2003-0468 version (postfix, fixed 1.1.12)
CVE-2003-0467 version (kernel, not 2.6)
CVE-2003-0465 version (kernel, not 2.6)
CVE-2003-0464 version (kernel, not 2.6)
CVE-2003-0462 version (kernel, fixed 2.6.1)
CVE-2003-0461 version (kernel, fixed 2.6.1)
CVE-2003-0459 version (kdelibs, not 3.2)
CVE-2003-0455 version (ImageMagick)
CVE-2003-0442 version (php, fixed 4.3.2)
CVE-2003-0434 version (xpdf, fixed 2.02pl1)
CVE-2003-0432 version (ethereal, fixed after 0.9.12)
CVE-2003-0431 version (ethereal, fixed after 0.9.12)
CVE-2003-0430 version (ethereal, fixed after 0.9.12)
CVE-2003-0429 version (ethereal, fixed after 0.9.12)
CVE-2003-0428 version (ethereal, fixed after 0.9.12)
CVE-2003-0427 backport (mikmod)
CVE-2003-0418 version (kernel, not 2.6)
CVE-2003-0388 version (pam, fixed 0.78)
CVE-2003-0386 version (openssh, fixed after 3.6.1)
CVE-2003-0370 version (kde, fixed 3.0)
CVE-2003-0367 backport (gzip)
CVE-2003-0364 version (kernel, not 2.6)
CVE-2003-0357 version (ethereal, fixed after 0.9.11)
CVE-2003-0356 version (ethereal, fixed after 0.9.11)
CVE-2003-0354 version (ghostscript, fixed 7.07)
CVE-2003-0328 version (epic, fixed epic4-2.2 at least)
CVE-2003-0300 ignore (sylpheed) only a crasher
CVE-2003-0299 ignore (mutt) only a crasher
CVE-2003-0298 version (mozilla, fixed after 1.4a)
CVE-2003-0296 version (evolution, fixed 1.4.5 at least)
CVE-2003-0289 version (cdrtools, fixed 2.01a14)
CVE-2003-0282 version (unzip, fixed 5.51)
CVE-2003-0255 version (gnupg, fixed 1.2.2)
CVE-2003-0253 version (httpd, fixed 2.0.47)
CVE-2003-0252 version (nfs-utils, fixed 1.0.4)
CVE-2003-0251 version (ypserv, fixed 2.7)
CVE-2003-0249 ignore (php) see CVE
CVE-2003-0248 version (kernel, not 2.6)
CVE-2003-0247 version (kernel, not 2.6)
CVE-2003-0246 version (kernel, not 2.6)
CVE-2003-0245 version (httpd, fixed 2.0.47)
CVE-2003-0245 version (httpd, fixed 2.0.46)
CVE-2003-0244 version (kernel, not 2.6)
CVE-2003-0211 version (xinetd, fixed 2.3.11)
CVE-2003-0204 version (kde, fixed after 3.1.1)
CVE-2003-0201 version (samba, fixed 2.2.8a)
CVE-2003-0196 version (samba, fixed 2.2.8a)
CVE-2003-0195 version (cups, fixed 1.1.19)
CVE-2003-0194 version (tcpdump, not upstream)
CVE-2003-0192 version (httpd, fixed 2.0.47)
CVE-2003-0190 version (openssh, fixed 3.6.1p1)
CVE-2003-0189 version (httpd, fixed 2.0.46)
CVE-2003-0188 version (lv, fixed 4.51 at least)
CVE-2003-0187 version (kernel, not 2.6)
CVE-2003-0167 version (mutt, fixed 1.4.1)
CVE-2003-0166 version (php, fixed 4.3.2)
CVE-2003-0165 version (eog, fixed 2.2.2)
CVE-2003-0161 version (sendmail, fixed 8.12.9)
CVE-2003-0160 version (squirrelmail, fixed 1.2.11)
CVE-2003-0159 version (ethereal, fixed after 0.9.9)
CVE-2003-0150 version (mysql, fixed 3.23.56)
CVE-2003-0147 version (openssl, not 0.9.8)
CVE-2003-0147 backport (openssl097a, fixed 0.9.7b)
CVE-2003-0146 version (netpbm, fixed 10.18)
CVE-2003-0145 version (tcpdump, fixed 3.7.2)
CVE-2003-0140 version (mutt, fixed 1.4.1)
CVE-2003-0139 version (krb5, fixed 1.3)
CVE-2003-0138 version (krb5, fixed 1.3)
CVE-2003-0135 version (vsftpd, not upstream)
CVE-2003-0133 version (evolution, fixed 1.2.4)
CVE-2003-0132 version (httpd, fixed 2.0.45)
CVE-2003-0131 version (openssl, not 0.9.8)
CVE-2003-0131 backport (openssl097a, fixed 0.9.7b)
CVE-2003-0130 version (evolution, fixed 1.2.3)
CVE-2003-0129 version (evolution, fixed 1.2.3)
CVE-2003-0128 version (evolution, fixed 1.2.3)
CVE-2003-0127 version (kernel, not 2.6)
CVE-2003-0124 version (man, fixed 1.5l)
CVE-2003-0108 version (tcpdump, fixed after 3.7.1)
CVE-2003-0107 version (zlib, fixed 1.2.0.2 at least)
CVE-2003-0102 version (file, fixed 3.41)
CVE-2003-0097 version (php, fixed 4.3.1)
CVE-2003-0093 version (tcpdump, fixed 3.7.2)
CVE-2003-0086 version (samba, fixed 2.2.8)
CVE-2003-0085 version (samba, fixed 2.2.8)
CVE-2003-0083 version (httpd, fixed 2.0.46)
CVE-2003-0082 version (krb5, fixed after 1.2.7)
CVE-2003-0081 version (ethereal, fixed after 0.9.9)
CVE-2003-0078 version (openssl097a, fixed 0.9.7a)
CVE-2003-0078 version (openssl, not 0.9.8)
CVE-2003-0073 version (mysql, fixed 3.23.55)
CVE-2003-0072 version (krb5, fixed after 1.2.7)
CVE-2003-0071 version (xorg-x11, fixed in 6.8.2 at least)
CVE-2003-0070 version (vte, fixed 0.11.1 at least)
CVE-2003-0063 version (xorg-x11, fixed at least in 4.2.99)
CVE-2003-0060 version (krb5, fixed 1.2.5)
CVE-2003-0059 version (krb5, fixed 1.2.5)
CVE-2003-0058 version (krb5, fixed 1.2.5)
CVE-2003-0044 version (tomcat, fixed after 3.3.1a)
CVE-2003-0043 version (tomcat, fixed 3.3.1a)
CVE-2003-0041 version (krb5, fixed after 1.2.7)
CVE-2003-0038 version (mailman, fixed 2.0.13 at least)
CVE-2003-0028 version (krb5, fixed after 1.2.7)
CVE-2003-0028 version (glibc, fixed after 2.3.1)
CVE-2003-0026 version (dhcpd, fixed 3.0.1)
CVE-2003-0020 version (httpd, fixed 2.0.49)
CVE-2003-0019 version (kernel-utils, not upstream)
CVE-2003-0018 version (kernel, not 2.6)
CVE-2003-0017 version (httpd, fixed 2.0.44)
CVE-2003-0016 version (httpd, fixed 2.0.44)
CVE-2003-0015 version (cvs, fixed 1.11.5)
CVE-2003-0001 version (kernel, not 2.6)

older, happened to deal with at same time:

CVE-2002-2215 version (php, fixed 4.3.0)
CVE-2002-2214 version (php, fixed 4.2.2)
CVE-2002-2211 ignore (bind) see http://www.kb.cert.org/vuls/id/457875
CVE-2002-2210 ignore (openoffice) binary install only (not rpm install)
CVE-2002-2204 ignore (rpm) by design
CVE-2002-2196 version (samba, fixed 2.2.5)
CVE-2002-2185 version (kernel, fixed 2.6.15)
CVE-2002-2103 version (apache, not 2.0)
CVE-2002-1963 version (kernel, not 2.6)
CVE-2002-1976 ignore (ifconfig) "use ip"
CVE-2002-1914 version (dump, fixed 0.4b29)
CVE-2002-1850 version (mod_cgi, fixed 2.0.41)
CVE-2002-1827 version (sendmail, fixed after 8.12.3)
CVE-2002-1814 ignore (bonobo) not shipped setuid
CVE-2002-1793 version (mod_ssl), also only hp
CVE-2002-1783 version (php, fixed after 4.2.3)
CVE-2002-1765 version (evolution, fixed 1.0.5)
CVE-2002-1593 version (httpd, fixed 2.0.42)
CVE-2002-1573 version (kernel, not 2.6)
CVE-2002-1572 version (kernel, not 2.6)
CVE-2002-1571 version (kernel, not 2.6)
CVE-2002-1510 version (XFree86, fixed 4.2.0)
CVE-2002-1472 version (XFree86, fixed 4.2.1)
CVE-2002-1363 version (libpng, fixed 1.2.6)
CVE-2002-0517 version (XFree86, didn't affect Linux)
CVE-2002-0164 version (XFree86, fixed 4.2.1)
CVE-2001-1490 version (mozilla, fixed 1.0.0)
CVE-2001-1494 version (util-linux, fixed 2.11n)
CVE-2001-0955 version (XFree86, fixed 4.2.0)
CVE-2001-0474 version (mesa, fixed 3.3-14) 
CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch
CVE-2000-0504 version (libICE, fixed XFree86:4.0.1)
CVE-1999-1572 backport (cpio)