# $Id: fc6,v 1.306 2007/12/10 18:10:07 thoger Exp $ # ** are items that need attention # *CVE are items that need verification for Fedora Core 6 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # Up to date CVE as of CVE email 20071030 # Up to date FC6 as of 20071207 # This list is no longer maintained by the Red Hat Security Response # Team as of 7th December 2007 (EOL date of FC6, ~one month after the # release date of Fedora 8) # # Zod's dead baby, Zod's dead... CVE-2007-6209 ignore (zsh) #409871 We don't ship the script CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6110 backport (htdig) [since FEDORA-2007-757] CVE-2007-5960 backport (mozilla) [since FEDORA-2007-756] CVE-2007-5959 backport (mozilla) [since FEDORA-2007-756] CVE-2007-5947 backport (mozilla) [since FEDORA-2007-756] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379841 [since FEDORA-2007-750] Multiple dviljk buffer overflows CVE-2007-5936 backport (tetex) #379841 [since FEDORA-2007-750] dviljk uses insecure temporary file CVE-2007-5935 backport (tetex) #379841 [since FEDORA-2007-750] dvips -z buffer overflow with long href CVE-2007-5925 ignore (mysql) Authenticated user can restart mysql. CVE-2007-5907 VULNERABLE (xen) #390091 CVE-2007-5906 VULNERABLE (xen) #390091 CVE-2007-5795 version (emacs, only 21) CVE-2007-5770 backport (ruby) #373371 [since FEDORA-2007-738] CVE-2007-5708 backport (openldap) [since FEDORA-2007-741] CVE-2007-5707 backport (openldap) [since FEDORA-2007-741] CVE-2007-5501 version (kernel) [since FEDORA-2007-759] CVE-2007-5500 version (kernel) [since FEDORA-2007-759] CVE-2007-5461 VULNERABLE (tomcat5) #334521 CVE-2007-5398 backport (samba) [since FEDORA-2007-751] CVE-2007-5393 backport (cups) [since FEDORA-2007-746] CVE-2007-5393 VULNERABLE (poppler) #372491 CVE-2007-5393 VULNERABLE (kdegraphics) #372551 CVE-2007-5393 backport (tetex) [since FEDORA-2007-750] CVE-2007-5392 backport (cups) [since FEDORA-2007-746] CVE-2007-5392 VULNERABLE (poppler) #372491 CVE-2007-5392 VULNERABLE (kdegraphics) #372551 CVE-2007-5392 backport (tetex) [since FEDORA-2007-750] CVE-2007-5340 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5339 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5338 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5337 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5335 ignore (mozilla) ff2 only CVE-2007-5334 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-5269 backport (libpng, fixed 1.2.21) #337471 [since FEDORA-2007-734] CVE-2007-5268 ignore (libpng) shipped version too old and not affected CVE-2007-5267 ignore (libpng) shipped version too old and not affected CVE-2007-5266 ignore (libpng) shipped version too old and not affected CVE-2007-5208 backport (hplip) #329121 [since FEDORA-2007-724] CVE-2007-5197 backport (mono, fixed 1.2.5.1) #367571 [since FEDORA-2007-745] CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-722] CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-718] CVE-2007-5137 backport (tk, fixed 8.4.16) #332071 [since FEDORA-2007-728] CVE-2007-5135 backport (openssl, fixed 0.9.8d) [since FEDORA-2007-725] CVE-2007-5116 backport (perl) #378121 [since FEDORA-2007-748] CVE-2007-5079 VULNERABLE (gdm) #363031 CVE-2007-5034 version (elinks) #297611 [since FEDORA-2007-710] CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-725] CVE-2007-4993 backport (xen) [since FEDORA-2007-713] CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) #373321 [since FEDORA-2007-763] CVE-2007-4965 VULNERABLE (python) imageop module heap overflow #373281 CVE-2007-4924 VULNERABLE (opal, fixed 2.2.10) #297561 CVE-2007-4897 VULNERABLE (opal, fixed 2.2.8) #297561 CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137 CVE-2007-4841 ignore (mozilla) Windows only CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315331 CVE-2007-4826 VULNERABLE (quagga, fixed 0.99.9) #315301 CVE-2007-4752 backport (openssh) #280471 [since FEDORA-2007-715] CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-694] CVE-2007-4730 ignore (xorg-x11) #286061 ajax says FC6 is not vulnerable CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-4670 backport (php) [since FEDORA-2007-709] CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix CVE-2007-4660 ignore (php, fixed 5.2.4) CVE-2007-4661 duplicate, jorton mailed Mitre CVE-2007-4659 ignore (php, fixed 5.2.4) #276531 (FC7/php-5.2 only) CVE-2007-4658 backport (php, fixed 5.2.4) #278011 [since FEDORA-2007-709] CVE-2007-4657 ignore (php, fixed 5.2.4) arbitrary read not remotely triggerable CVE-2007-4619 backport (flac, fixed 1.2) #332581 [since FEDORA-2007-730] CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-762] CVE-2007-4572 backport (samba) [since FEDORA-2007-751] CVE-2007-4571 version (kernel) [since FEDORA-2007-714] CVE-2007-4569 backport (kdebase) #299741 [since FEDORA-2007-716] CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) #373251 [since FEDORA-2007-763] CVE-2007-4565 backport (fetchmail) #260881 [since FEDORA-2007-689] CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4476 backport (cpio) [since FEDORA-2007-742] CVE-2007-4476 backport (tar) [since FEDORA-2007-735] CVE-2007-4465 version (httpd) [since FEDORA-2007-707] CVE-2007-4357 ignore (firefox) status bar can be overwrittten CVE-2007-4352 backport (cups) [since FEDORA-2007-746] CVE-2007-4352 VULNERABLE (poppler) #372491 CVE-2007-4352 VULNERABLE (kdegraphics) #372551 CVE-2007-4352 backport (tetex) [since FEDORA-2007-750] CVE-2007-4351 backport (cups) #361671 [since FEDORA-2007-740] CVE-2007-4255 ignore (php) msql extension not shipped CVE-2007-4251 ignore (openoffice.org) just a crash CVE-2007-4229 ignore (kdebase) just an ASSERT fail CVE-2007-4225 ignore (kdebase) caused by fix to CVE-2007-3820 which we never shipped CVE-2007-4224 backport (kdebase) too obvious -- mouse pointer indicates script activity [since FEDORA-2007-716] CVE-2007-4211 version (dovecot, fixed 1.0.3) #251009 [since FEDORA-2007-664] CVE-2007-4137 backport (qt) #292951 [since FEDORA-2007-703] CVE-2007-4134 backport (star, fixed 1.5a84) #254129 CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-683] CVE-2007-4045 backport (cups) [since FEDORA-2007-746] CVE-2007-4029 backport (libvorbis) #250600 [since FEDORA-2007-677] CVE-2007-4168 backport (libexif) #243892 [since FEDORA-2007-614] CVE-2007-4033 backport (tetex) [since FEDORA-2007-750] CVE-2007-4000 backport (krb5) [since FEDORA-2007-690] CVE-2007-3999 backport (krb5) [since FEDORA-2007-690] CVE-2007-3999 VULNERABLE (nfs-utils-lib) #294911 CVE-2007-3999 VULNERABLE (libtirpc) #294931 CVE-2007-3998 backport (php) [since FEDORA-2007-709] CVE-2007-3996 backport (php) [since FEDORA-2007-709] CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib CVE-2007-3920 VULNERABLE (compiz) #350271 CVE-2007-3919 backport (xen) #362001 [since FEDORA-2007-737] CVE-2007-3852 backport (sysstat) #252296 [since FEDORA-2007-675] CVE-2007-3848 version (kernel) [since FEDORA-2007-679] CVE-2007-3847 version (httpd) #250756 [since FEDORA-2007-707] CVE-2007-3845 ignore (firefox) windows specific CVE-2007-3844 version (firefox, fixed 2.0.0.6) #250648 "fixed on next update" CVE-2007-3843 version (kernel) #246595 CVE-2007-3841 ignore (pidgin) ethically disclosed CVE-2007-3820 backport (kdebase) #248537 [since FEDORA-2007-716] CVE-2007-3799 backport (php) [since FEDORA-2007-709] CVE-2007-3798 version (tcpdump, fixed 3.9.7) #250290 [since FEDORA-2007-654] CVE-2007-3782 VULNERABLE (mysql, fixed 5.0.45) #372881 CVE-2007-3781 VULNERABLE (mysql, fixed 5.0.45) #372881 CVE-2007-3780 VULNERABLE (mysql, fixed 5.0.45) #372881 CVE-2007-3642 version (kernel, fixed 2.6.22) [since FEDORA-2007-655] CVE-2007-3511 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-3508 ignore (glibc) not an issue CVE-2007-3506 backport (freetype, fixed 2.3.4) #235479 [since FEDORA-2007-561] CVE-2007-3478 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] CVE-2007-3477 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] CVE-2007-3476 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] CVE-2007-3475 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] CVE-2007-3474 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] CVE-2007-3473 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] CVE-2007-3472 version (gd, fixed 2.0.35) #277421 [since FEDORA-2007-692] CVE-2007-3409 version (perl-Net-DNS, fixed 0.60) #245809 CVE-2007-3393 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3392 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3391 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3390 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3389 version (wireshark, fixed 0.99.6) [since FEDORA-2007-628] CVE-2007-3388 backport (qt) [since FEDORA-2007-703] CVE-2007-3387 VULNERABLE (poppler) #251513 CVE-2007-3387 backport (tetex) #251515 [since FEDORA-2007-669] CVE-2007-3387 backport (kdegraphics) #251511 [since FEDORA-2007-685] CVE-2007-3387 backport (cups) #251519 [since FEDORA-2007-644] CVE-2007-3384 ignore (tomcat) only affects 3.3.x and just affects an example CVE-2007-3381 version (gdm, fixed 2.18.4) #250277 [since FEDORA-2007-653] CVE-2007-3378 ignore (php) safe mode escape CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245614 [since FEDORA-2007-609] CVE-2007-3741 version (gimp, fixed 2.2.16) #247567 [since FEDORA-2007-627] CVE-2007-3304 backport (httpd) #244660 [since FEDORA-2007-615] CVE-2007-3257 backport (evolution) #244287 [since FEDORA-2007-594] CVE-2007-3126 ignore (gimp) just a crash CVE-2007-3108 backport (openssl) #250574 [since FEDORA-2007-661] CVE-2007-3106 backport (libvorbis) #250600 [since FEDORA-2007-677] CVE-2007-3102 backport (openssh) [since FEDORA-2007-715] CVE-2007-2926 backport (bind, fixed 9.4.1) [since FEDORA-2007-647] CVE-2007-2876 version (kernel, fixed 2.6.21.5) [since FEDORA-2007-600] CVE-2007-2875 version (kernel) [since FEDORA-2007-600] *CVE-2007-2874 ** (wpa_supplicant) #242455 CVE-2007-2873 version (spamassassin, fixed 3.1.9) [since FEDORA-2007-582] CVE-2007-2872 backport (php) [since FEDORA-2007-709] CVE-2007-2871 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-2870 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-2869 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-2868 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-2867 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-2834 backport (openoffice.org, fixed 2.3) #293371 [since FEDORA-2007-700] CVE-2007-2799 version (file, fixed 4.21) #241034 [since FEDORA-2007-538] CVE-2007-2797 version (xterm) CVE-2007-2756 backport (php) [since FEDORA-2007-709] CVE-2007-2453 version (kernel) [since FEDORA-2007-600] CVE-2007-2451 version (kernel, fixed 2.6.21.4) [since FEDORA-2007-600] CVE-2007-2445 backport (libpng) #239542 [since FEDORA-2007-529] CVE-2007-2438 version (vim, fixed 7.0.235) #238734 [since FEDORA-2007-492] CVE-2007-2292 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-2242 version (kernel) [since FEDORA-2007-482] CVE-2007-2138 version (postgresql, fixed 8.1.9) [since FEDORA-2007-565] CVE-2007-2028 backport (freeradius) [since FEDORA-2007-499] CVE-2007-1995 version (quagga, fixed 0.99.7) [since FEDORA-2007-525] CVE-2007-1863 backport (httpd) #244660 [since FEDORA-2007-615] CVE-2007-1862 backport (httpd) #244660 [since FEDORA-2007-615] CVE-2007-1861 version (kernel) [since FEDORA-2007-482] CVE-2007-1856 backport (vixie-cron) #235882 [since FEDORA-2007-662] CVE-2007-1841 backport (ipsec-tools) #238052 [since FEDORA-2007-665] CVE-2007-1797 backport (ImageMagick) #235075 [since FEDORA-2007-413] CVE-2007-1667 backport (libX11) [since FEDORA-2007-426] CVE-2007-1660 VULNERABLE (pcre, fixed 7.3) #378401 CVE-2007-1659 VULNERABLE (pcre, fixed 7.3) #378401 CVE-2007-1565 ignore (kdebase) client crash CVE-2007-1564 ignore (kdebase) Correct behavior according to RFC CVE-2007-1562 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-1558 backport (evolution) #235290 [since FEDORA-2007-484] CVE-2007-1536 backport (file, fixed 4.20) #233164 [since FEDORA-2007-391] CVE-2007-1475 ignore (php) unshipped ibase extension CVE-2007-1420 ignore (mysql, fixed 5.0.36) #232604 mysql_safe keeps the server alive CVE-2007-1413 ignore (php) Windows NT SNMP specific CVE-2007-1412 ignore (php) unshipped cpdf extension CVE-2007-1411 ignore (php) unshipped mssql extension CVE-2007-1401 ignore (php) unshipped cracklib extension CVE-2007-1396 ignore (php) feature, not a flaw CVE-2007-1362 version (mozilla) #241840 [since FEDORA-2007-549] CVE-2007-1357 version (kernel) [since FEDORA-2007-432] CVE-2007-1352 backport (libXfont) #235265 [since FEDORA-2007-423] CVE-2007-1351 backport (libXfont) #235265 [since FEDORA-2007-423] CVE-2007-1349 backport (mod_perl) [since FEDORA-2007-577] CVE-2007-1321 backport (xen) #238723 [since FEDORA-2007-713] CVE-2007-1320 backport (xen) #238723 [since FEDORA-2007-713] CVE-2007-1308 version (kdelibs) CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] CVE-2007-1262 version (squirrelmail, fixed 1.4.10a) #239704 [since FEDORA-2007-505] CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] CVE-2007-1095 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] CVE-2007-1004 version (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=390627 CVE-2007-1003 backport (xorg-x11-server, fixed > X11R7.2) #235263 [since FEDORA-2007-425] CVE-2007-1002 backport (evolution) #233587 [since FEDORA-2007-393] CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] CVE-2007-0981 version (mozilla) CVE-2007-0823 ignore (xterm) feature, not a bug CVE-2007-0822 ignore (util-linux) NULL dereference CVE-2007-0772 version (kernel) [since FEDORA-2007-291] CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated CVE-2007-0650 ignore (tetex) needs user's assistance CVE-2007-0537 backport (kdebase) #225420 [since FEDORA-2007-195] CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147] CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147] CVE-2007-0459 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0458 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0457 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0456 version (wireshark, fixed 0.99.5) #227140 CVE-2007-0455 backport (gd) #224610 [since FEDORA-2007-149] CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] CVE-2007-0242 backport (qt) [since FEDORA-2007-703] CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 [since FEDORA-2007-657] CVE-2007-0104 ignore (poppler) only client DoS CVE-2007-0104 ignore (kdegraphics) only client DoS CVE-2007-0086 ignore (apache) not a security issue CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226] CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] CVE-2006-7224 VULNERABLE (pcre, fixed 6.7) #378401 CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib CVE-2006-6939 version (ed, fixed 0.3) #223075 [since FEDORA-2007-100] CVE-2006-6899 version (bluez-utils, fixed 2.23) CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019] CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077] CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043] CVE-2006-6698 VULNERABLE (GConf2) #219280 wontfix CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible CVE-2006-6385 ignore (kernel) windows only CVE-2006-6383 ignore (php) safe mode isn't safe CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] CVE-2006-6332 ignore (kernel) no support for madwifi CVE-2006-6305 ignore (net-snmp) already have the backported patch CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441] CVE-2006-6297 ignore (kdegraphics) just a crash CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] CVE-2006-6144 ** (krb5) CVE-2006-6143 ** (krb5) CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] CVE-2006-6128 backport (kernel) #250625 [since FEDORA-2007-226] This was bug in our patch, not upstream CVE-2006-6107 backport (dbus, fixed 1.0.2) #219665 [since FEDORA-2006-1475] CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067] CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] CVE-2006-6077 version (firefox, fixed 1.5.0.10) [since FEDORA-2007-293] CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support CVE-2006-6058 VULNERABLE (kernel, fixed 2.6.24) #250623 CVE-2006-6057 version (kernel, fixed kernel-2_6_20-1_2924_fc6) [since FEDORA-2007-432] CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6 CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 CVE-2006-5973 version (dovecot, fixed 1.0.rc15) #216508 [since ???] CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] CVE-2006-5871 version (kernel, fixed 2.6.10) CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560 CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] CVE-2006-5864 backport (evince) #217672 [since ???] CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 CVE-2006-5794 backport (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215] CVE-2006-5793 backport (libpng, fixed 1.2.13) #215405 [since FEDORA-2007-529] CVE-2006-5783 ignore (firefox) disputed CVE-2006-5779 version (openldap, fixed 2.3.29) #214768 [since FEDORA-2007-467] CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] CVE-2006-5752 backport (httpd) #244660 [since FEDORA-2007-615] CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471] CVE-2006-5749 version (kernel, fixed 2.6.20-rc2) [since FEDORA-2007-335] CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5748 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe CVE-2006-5701 version (kernel, fixed kernel-2_6_20-1_2927_fc6) #219534 [since FEDORA-2007-600] CVE-2006-5633 ignore (firefox) just a client DoS CVE-2006-5619 version (kernel, fixed 2.6.18.2, fixed 2.6.19-rc4) [since FEDORA-2006-1223] CVE-2006-5595 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] CVE-2006-5542 version (postgresql, fixed 8.1.5) #212360 [since FEDORA-2007-053] CVE-2006-5541 version (postgresql, fixed 8.1.5) #212360 [since FEDORA-2007-053] CVE-2006-5540 version (postgresql, fixed 8.1.5) #212360 [since FEDORA-2007-053] CVE-2006-5470 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] CVE-2006-5469 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] CVE-2006-5468 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] CVE-2006-5467 backport (ruby) #212396 [since FEDORA-2006-1109] CVE-2006-5466 version (rpm) #212833 [since FEDORA-2007-668] CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169] CVE-2006-5464 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5464 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5463 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5463 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5462 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] CVE-2006-5462 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] CVE-2006-5461 version (avahi, fixed 0.6.15) [since FEDORA-2007-019] CVE-2006-5456 backport (ImageMagick) #210921 [since FEDORA-2006-1285] CVE-2006-5397 backport (libX11, 1.0.2 and 1.0.3 only) #213280 [since FEDORA-2007-162] CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] CVE-2006-5229 ignore (openssh) not reproduced CVE-2006-5215 version (xorg-x11-xdm) CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession CVE-2006-5215 ignore (xorg-x11-xinit) #212167 FC6 was not vulnerabe really CVE-2006-5214 version (xorg-x11-xdm) CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession CVE-2006-5214 backport (xorg-x11-xinit) #212167 [since FEDORA-2007-659] CVE-2006-5178 ignore (php) safe mode escape CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield CVE-2006-5170 version (nss_ldap, fixed 183) CVE-2006-5160 ignore (firefox) unverified CVE-2006-5159 ignore (firefox) unverified CVE-2006-5158 version (kernel, fixed 2.6.15) CVE-2006-5072 backport (mono) CVE-2006-5052 backport (openssh, fixed 4.4) [since FEDORA-2007-394] CVE-2006-5051 backport (openssh, fixed 4.4) CVE-2006-4997 version (kernel, fixed 2.6.18) CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA CVE-2006-4965 ignore (firefox, fixed 2.0.0.7) windows only CVE-2006-4965 ignore (seamonkey) windows only CVE-2006-4925 ignore (openssh) client crash only CVE-2006-4924 backport (openssh, fixed 4.4) CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] CVE-2006-4813 version (kernel, fixed 2.6.13) CVE-2006-4812 backport (php) php-5.1.6-ecalloc.patch CVE-2006-4811 version (qt, fixed 3.3.7) [since FEDORA-2006-1055] CVE-2006-4810 backport (texinfo) [since FEDORA-2006-1203] CVE-2006-4805 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] CVE-2006-4790 backport (gnutls, fixed 1.4.4) CVE-2006-4663 ignore (kernel) not a vulnerability CVE-2006-4625 ignore (php) safe mode isn't safe CVE-2006-4624 version (mailman, fixed 2.1.9rc1) CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) CVE-2006-4600 version (openldap, fixed 2.3.25) CVE-2006-4574 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] CVE-2006-4573 version (screen, fixed 4.0.3) #212057 [since FEDORA-2007-106] CVE-2006-4572 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] CVE-2006-4571 version (thunderbird, fixed 1.5.0.7) CVE-2006-4571 version (firefox, fixed 1.5.0.7) CVE-2006-4570 version (thunderbird, fixed 1.5.0.7) CVE-2006-4569 version (firefox, fixed 1.5.0.7) CVE-2006-4568 version (firefox, fixed 1.5.0.7) CVE-2006-4567 version (thunderbird, fixed 1.5.0.7) CVE-2006-4567 version (firefox, fixed 1.5.0.7) CVE-2006-4566 version (thunderbird, fixed 1.5.0.7) CVE-2006-4566 version (firefox, fixed 1.5.0.7) CVE-2006-4565 version (thunderbird, fixed 1.5.0.7) CVE-2006-4565 version (firefox, fixed 1.5.0.7) CVE-2006-4561 ignore (firefox) An attacker needs to control DNS CVE-2006-4538 version (kernel, fixed after 2.6.18-rc6) CVE-2006-4535 version (kernel, fixed 2.6.18-rc6) CVE-2006-4519 version (gimp, fixed 2.2.16) #247567 [since FEDORA-2007-627] CVE-2006-4514 backport (libgsf) [since FEDORA-2006-1417] CVE-2006-4507 ignore (libtiff) can't reproduce CVE-2006-4486 version (php, fixed 5.1.6) CVE-2006-4485 version (php, fixed 5.1.5) CVE-2006-4484 version (php, fixed 5.1.5) CVE-2006-4484 ignore (gd) CVE-2006-4483 ignore (php) not linux CVE-2006-4482 version (php, fixed 5.1.5) CVE-2006-4481 ignore (php) safe mode isn't safe CVE-2006-4455 ignore (xchat) client DoS CVE-2006-4447 ignore (xorg) not a security issue CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable CVE-2006-4433 version (php, fixed 5.1.4) CVE-2006-4433 version (php, fixed 5.1.4) CVE-2006-4380 version (mysql, fixed 4.1.13) CVE-2006-4343 backport (openssl, fixed 0.9.8d) CVE-2006-4342 ignore (kernel) rhel3 only CVE-2006-4340 version (nss, fixed 3.11.3) CVE-2006-4339 backport (openssl097) CVE-2006-4339 backport (openssl, fixed 0.9.8c) CVE-2006-4338 backport (gzip) CVE-2006-4337 backport (gzip) CVE-2006-4336 backport (gzip) CVE-2006-4335 backport (gzip) CVE-2006-4334 backport (gzip) CVE-2006-4333 version (wireshark, fixed 0.99.3) CVE-2006-4332 version (wireshark, fixed 0.99.3) CVE-2006-4331 version (wireshark, fixed 0.99.3) CVE-2006-4330 version (wireshark, fixed 0.99.3) CVE-2006-4310 ignore (firefox) crash only CVE-2006-4262 backport (cscope) CVE-2006-4253 version (thunderbird, fixed 1.5.0.7) CVE-2006-4253 version (firefox, fixed 1.5.0.7) CVE-2006-4227 version (mysql, fixed 5.0.26,5.1.12) #203434 [since FEDORA-2006-1297] CVE-2006-4226 version (mysql, fixed 5.0.26,5.1.12) #203428 [since FEDORA-2006-1297] CVE-2006-4146 backport (gdb) CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) CVE-2006-4096 backport (bind) CVE-2006-4095 backport (bind) CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5) CVE-2006-4031 version (mysql, fixed 5.0.24) #202675 [since FEDORA-2006-1297] CVE-2006-4020 version (php, fixed 5.1.5) CVE-2006-4019 version (squirrelmail, fixed 1.4.8) CVE-2006-3918 version (httpd, fixed 2.2.2) CVE-2006-3879 version (mikmod, not 3.1.6) CVE-2006-3835 version (tomcat, fixed 5.5.17) CVE-2006-3813 version (perl) only Red Hat Enterprise Linux affected CVE-2006-3812 version (thunderbird, fixed 1.5.0.5) CVE-2006-3812 version (firefox, fixed 1.5.0.5) CVE-2006-3811 version (thunderbird, fixed 1.5.0.5) CVE-2006-3811 version (firefox, fixed 1.5.0.5) CVE-2006-3810 version (thunderbird, fixed 1.5.0.5) CVE-2006-3810 version (firefox, fixed 1.5.0.5) CVE-2006-3809 version (thunderbird, fixed 1.5.0.5) CVE-2006-3809 version (firefox, fixed 1.5.0.5) CVE-2006-3808 version (thunderbird, fixed 1.5.0.5) CVE-2006-3808 version (firefox, fixed 1.5.0.5) CVE-2006-3807 version (thunderbird, fixed 1.5.0.5) CVE-2006-3807 version (firefox, fixed 1.5.0.5) CVE-2006-3806 version (thunderbird, fixed 1.5.0.5) CVE-2006-3806 version (firefox, fixed 1.5.0.5) CVE-2006-3805 version (thunderbird, fixed 1.5.0.5) CVE-2006-3805 version (firefox, fixed 1.5.0.5) CVE-2006-3804 version (thunderbird, fixed 1.5.0.5) CVE-2006-3804 version (firefox, fixed 1.5.0.5) CVE-2006-3803 version (thunderbird, fixed 1.5.0.5) CVE-2006-3803 version (firefox, fixed 1.5.0.5) CVE-2006-3802 version (thunderbird, fixed 1.5.0.5) CVE-2006-3802 version (firefox, fixed 1.5.0.5) CVE-2006-3801 version (thunderbird, fixed 1.5.0.5) CVE-2006-3801 version (firefox, fixed 1.5.0.5) CVE-2006-3747 version (httpd, fixed 2.2.3) CVE-2006-3746 version (gnupg, fixed 1.4.5) CVE-2006-3745 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) CVE-2006-3744 backport (ImageMagick) CVE-2006-3743 backport (ImageMagick) CVE-2006-3742 backport (kdebase) inside kdebase-3.5.5-redhat-pam.patch CVE-2006-3741 ignore (kernel, fixed 2.6.18-rc7) ia64 only CVE-2006-3740 version (libXfont, fixed 1.2.2) CVE-2006-3739 version (libXfont, fixed 1.2.2) CVE-2006-3738 backport (openssl, fixed 0.9.8d) CVE-2006-3731 ignore (firefox) just a user complicit crash CVE-2006-3694 version (ruby, fixed 1.8.5) CVE-2006-3677 version (thunderbird, fixed 1.5.0.5) CVE-2006-3677 version (firefox, fixed 1.5.0.5) CVE-2006-3672 ignore (konqueror) just a crash CVE-2006-3665 ignore (squirrelmail) don't enable register_globals! CVE-2006-3636 version (mailman, fixed 2.1.9) CVE-2006-3634 ignore (kernel, fixed 2.6.17.8) s390 only CVE-2006-3632 version (wireshark, fixed 0.99.2) CVE-2006-3631 version (wireshark, fixed 0.99.2) CVE-2006-3630 version (wireshark, fixed 0.99.2) CVE-2006-3629 version (wireshark, fixed 0.99.2) CVE-2006-3628 version (wireshark, fixed 0.99.2) CVE-2006-3627 version (wireshark, fixed 0.99.2) CVE-2006-3626 version (kernel, fixed 2.6.17.6) CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least) CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable CVE-2006-3469 version (mysql) CVE-2006-3468 version (kernel, fixed 2.6.17.8, fixed 2.6.18-rc4) CVE-2006-3467 version (freetype, fixed 2.2) CVE-2006-3467 ignore (vnc) #204052 not a vulnerability CVE-2006-3467 backport (libXfont) fdo-7535.patch CVE-2006-3465 backport (libtiff) libtiff-3.8.2-ormandy.patch CVE-2006-3464 backport (libtiff) libtiff-3.8.2-ormandy.patch CVE-2006-3463 backport (libtiff) libtiff-3.8.2-ormandy.patch CVE-2006-3462 backport (libtiff) libtiff-3.8.2-ormandy.patch CVE-2006-3461 backport (libtiff) libtiff-3.8.2-ormandy.patch CVE-2006-3460 backport (libtiff) libtiff-3.8.2-ormandy.patch CVE-2006-3459 backport (libtiff) libtiff-3.8.2-ormandy.patch CVE-2006-3404 version (gimp, fixed 2.2.12) CVE-2006-3403 version (samba, fixed 3.0.23) CVE-2006-3378 ignore (shadow-utils) we don't ship passwd from shadow-utils CVE-2006-3376 backport (libwmf) from changelog CVE-2006-3352 ignore (firefox) not a vulnerability CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12) CVE-2006-3174 version (squirrelmail, fixed 1.4.7) CVE-2006-3145 version (netpbm, fixed 10.34) CVE-2006-3127 version (nss, only affected 3.11) CVE-2006-3122 version (dhcp, only 2.x) CVE-2006-3117 version (openoffice.org, fixed 2.0.3) CVE-2006-3113 version (thunderbird, fixed 1.5.0.5) CVE-2006-3113 version (firefox, fixed 1.5.0.5) CVE-2006-3085 version (kernel, fixed 2.6.17.1) CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) CVE-2006-3082 version (gnupg, fixed 1.4.4) CVE-2006-3081 version (mysql, fixed 5.1.18) CVE-2006-3057 version (dhcdbd, fixed 1.14) CVE-2006-3018 version (php, fixed 5.1.3) CVE-2006-3017 version (php, fixed 5.1.3) CVE-2006-3016 version (php, fixed 5.1.3) CVE-2006-3011 ignore (php) safe mode isn't safe CVE-2006-3005 ignore (libjpeg) not a vuln CVE-2006-2941 version (mailman, fixed 2.1.9) CVE-2006-2940 backport (openssl, fixed 0.9.8d) CVE-2006-2937 backport (openssl, fixed 0.9.8d) CVE-2006-2936 version (kernel, fixed 2.6.17.7) CVE-2006-2935 version (kernel, fixed 2.6.17.7) CVE-2006-2934 version (kernel, fixed 2.6.17.3) CVE-2006-2933 version (kde, not 3.2+) CVE-2006-2932 ignore (kernel) no 4G/4G split support CVE-2006-2916 ignore (arts) not shipped setuid CVE-2006-2906 backport (gd) from changelog CVE-2006-2894 version (firefox, fixed 2.0.0.8) CVE-2006-2842 version (squirrelmail, fixed 1.4.6) CVE-2006-2789 version (evolution, fixed 2.4.X) CVE-2006-2788 version (firefox, fixed 1.5.0.4) CVE-2006-2787 version (thunderbird, fixed 1.5.0.4) CVE-2006-2787 version (firefox, fixed 1.5.0.4) CVE-2006-2786 version (thunderbird, fixed 1.5.0.4) CVE-2006-2786 version (firefox, fixed 1.5.0.4) CVE-2006-2785 version (firefox, fixed 1.5.0.4) CVE-2006-2784 version (firefox, fixed 1.5.0.4) CVE-2006-2783 version (thunderbird, fixed 1.5.0.4) CVE-2006-2783 version (firefox, fixed 1.5.0.4) CVE-2006-2782 version (firefox, fixed 1.5.0.4) CVE-2006-2781 version (thunderbird, fixed 1.5.0.4) CVE-2006-2780 version (thunderbird, fixed 1.5.0.4) CVE-2006-2780 version (firefox, fixed 1.5.0.4) CVE-2006-2779 version (thunderbird, fixed 1.5.0.4) CVE-2006-2779 version (firefox, fixed 1.5.0.4) CVE-2006-2778 version (thunderbird, fixed 1.5.0.4) CVE-2006-2778 version (firefox, fixed 1.5.0.4) CVE-2006-2777 version (firefox, fixed 1.5.0.4) CVE-2006-2776 version (thunderbird, fixed 1.5.0.4) CVE-2006-2776 version (firefox, fixed 1.5.0.4) CVE-2006-2775 version (thunderbird, fixed 1.5.0.4) CVE-2006-2775 version (firefox, fixed 1.5.0.4) CVE-2006-2754 ignore (openldap) This issue is not exploitable CVE-2006-2753 version (mysql, fixed 5.0.22) CVE-2006-2723 ignore (firefox) disputed CVE-2006-2661 version (freetype, fixed 2.2.1) CVE-2006-2660 ignore (php) see #195539 CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC CVE-2006-2613 ignore (firefox) This isn't an issue on FC CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_42-bz178431.patch CVE-2006-2563 ignore (php) safe mode isn't safe CVE-2006-2452 version (gdm) CVE-2006-2451 version (kernel, fixed 2.6.17.4) CVE-2006-2449 version (kdebase, fixed 3.5.4) CVE-2006-2448 version (kernel, fixed 2.6.17) CVE-2006-2447 version (spamassassin, fixed 3.1.3) CVE-2006-2446 version (kernel, fixed 2.6.11) CVE-2006-2445 version (kernel, fixed 2.6.17) CVE-2006-2444 version (kernel, fixed 2.6.17) CVE-2006-2440 version (ImageMagick, fixed 6.2.8 at least) CVE-2006-2414 version (dovecot, fixed 1.0.beta8) not a security issue CVE-2006-2369 version (vnc, fixed 4.1.2) CVE-2006-2366 ignore (openobex) we don't ship ircp CVE-2006-2362 ignore (binutils) minor crash (not exploitable) CVE-2006-2332 ignore (firefox) disputed CVE-2006-2314 version (postgresql, fixed 8.1.4) CVE-2006-2313 version (postgresql, fixed 8.1.4) CVE-2006-2276 version (quagga, fixed 0.98.6) CVE-2006-2275 version (kernel, fixed 2.6.16.15) CVE-2006-2274 version (kernel, fixed 2.6.16.15) CVE-2006-2272 version (kernel, fixed 2.6.16.15) CVE-2006-2271 version (kernel, fixed 2.6.16.15) CVE-2006-2224 version (quagga, fixed 0.98.6) CVE-2006-2223 version (quagga, fixed 0.98.6) CVE-2006-2199 version (openoffice.org, fixed 2.0.3) CVE-2006-2198 version (openoffice.org, fixed 2.0.3) CVE-2006-2194 ignore (ppp) pppd not suid CVE-2006-2193 backport (libtiff) libtiff-3.8.2-CVE-2006-2193.patch CVE-2006-2191 ignore (mailman) disputed CVE-2006-2120 version (libtiff, fixed 3.8.2 at least) CVE-2006-2083 version (rsync, fixed 2.6.8) CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP CVE-2006-2071 version (kernel, fixed 2.6.16.6) CVE-2006-2057 ignore (firefox) not Linux CVE-2006-2026 version (libtiff, fixed 3.8.1) CVE-2006-2025 version (libtiff, fixed 3.8.1) CVE-2006-2024 version (libtiff, fixed 3.8.1) CVE-2006-1993 version (firefox, fixed 1.5.0.3) CVE-2006-1991 version (php) CVE-2006-1990 version (php) CVE-2006-1942 version (firefox, fixed 1.5.0.4) CVE-2006-1940 version (wireshark, fixed 0.99.0) CVE-2006-1939 version (wireshark, fixed 0.99.0) CVE-2006-1938 version (wireshark, fixed 0.99.0) CVE-2006-1937 version (wireshark, fixed 0.99.0) CVE-2006-1936 version (wireshark, fixed 0.99.0) CVE-2006-1935 version (wireshark, fixed 0.99.0) CVE-2006-1934 version (wireshark, fixed 0.99.0) CVE-2006-1933 version (wireshark, fixed 0.99.0) CVE-2006-1932 version (wireshark, fixed 0.99.0) CVE-2006-1931 version (ruby, fixed 1.8.3) CVE-2006-1902 ignore (gcc) not a vulnerability CVE-2006-1865 version (beagle, fixed 0.2.5) CVE-2006-1864 ignore (kernel, fixed 2.6.16.14) not compiled in CVE-2006-1863 version (kernel, fixed 2.6.16.11) CVE-2006-1862 version (kernel) not upstream kernels, only RHEL CVE-2006-1861 version (freetype, fixed 2.2.1) CVE-2006-1860 version (kernel, fixed 2.6.16.16) CVE-2006-1859 version (kernel, fixed 2.6.16.16) CVE-2006-1858 version (kernel, fixed 2.6.16.17) CVE-2006-1857 version (kernel, fixed 2.6.16.17) CVE-2006-1856 version (kernel, fixed 2.6.16.12) CVE-2006-1855 version (kernel, fixed 2.6.11.12) CVE-2006-1790 version (thunderbird, fixed 1.5.0.2) CVE-2006-1790 version (firefox, fixed 1.5.0.2) CVE-2006-1742 version (thunderbird, fixed 1.5.0.2) CVE-2006-1742 version (firefox, fixed 1.5.0.2) CVE-2006-1741 version (thunderbird, fixed 1.5.0.2) CVE-2006-1741 version (firefox, fixed 1.5.0.2) CVE-2006-1740 version (firefox, fixed 1.5.0.2) CVE-2006-1739 version (thunderbird, fixed 1.5.0.2) CVE-2006-1739 version (firefox, fixed 1.5.0.2) CVE-2006-1738 version (thunderbird, fixed 1.5.0.2) CVE-2006-1738 version (firefox, fixed 1.5.0.2) CVE-2006-1737 version (thunderbird, fixed 1.5.0.2) CVE-2006-1737 version (firefox, fixed 1.5.0.2) CVE-2006-1736 version (firefox, fixed 1.5.0.2) CVE-2006-1735 version (thunderbird, fixed 1.5.0.2) CVE-2006-1735 version (firefox, fixed 1.5.0.2) CVE-2006-1734 version (thunderbird, fixed 1.5.0.2) CVE-2006-1734 version (firefox, fixed 1.5.0.2) CVE-2006-1733 version (thunderbird, fixed 1.5.0.2) CVE-2006-1733 version (firefox, fixed 1.5.0.2) CVE-2006-1732 version (thunderbird, fixed 1.5.0.2) CVE-2006-1732 version (firefox, fixed 1.5.0.2) CVE-2006-1731 version (thunderbird, fixed 1.5.0.2) CVE-2006-1731 version (firefox, fixed 1.5.0.2) CVE-2006-1730 version (thunderbird, fixed 1.5.0.2) CVE-2006-1730 version (firefox, fixed 1.5.0.2) CVE-2006-1729 version (firefox, fixed 1.5.0.2) CVE-2006-1728 version (thunderbird, fixed 1.5.0.2) CVE-2006-1728 version (firefox, fixed 1.5.0.2) CVE-2006-1727 version (thunderbird, fixed 1.5.0.2) CVE-2006-1727 version (firefox, fixed 1.5.0.2) CVE-2006-1726 version (thunderbird, fixed 1.5.0.2) CVE-2006-1726 version (firefox, fixed 1.5.0.2) CVE-2006-1725 version (firefox, fixed 1.5.0.2) CVE-2006-1724 version (thunderbird, fixed 1.5.0.2) CVE-2006-1724 version (firefox, fixed 1.5.0.2) CVE-2006-1723 version (thunderbird, fixed 1.5.0.2) CVE-2006-1723 version (firefox, fixed 1.5.0.2) CVE-2006-1721 version (cyrus-sasl, fixed 2.1.21) CVE-2006-1712 version (mailman, only 2.1.7) CVE-2006-1650 ignore (firefox) a number of reports don't confirm this CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue CVE-2006-1608 ignore (php) safe mode isn't safe CVE-2006-1549 ignore (php) this is not a security issue CVE-2006-1548 version (struts, fixed 1.2.9) CVE-2006-1547 version (struts, fixed 1.2.9) CVE-2006-1546 version (struts, fixed 1.2.9) CVE-2006-1542 backport (python) python-2.4.1-canonicalize.patch CVE-2006-1531 version (thunderbird, fixed 1.5.0.2) CVE-2006-1531 version (firefox, fixed 1.5.0.2) CVE-2006-1530 version (thunderbird, fixed 1.5.0.2) CVE-2006-1530 version (firefox, fixed 1.5.0.2) CVE-2006-1529 version (thunderbird, fixed 1.5.0.2) CVE-2006-1529 version (firefox, fixed 1.5.0.2) CVE-2006-1528 version (kernel, fixed 2.6.13) CVE-2006-1527 version (kernel, fixed 2.6.17) CVE-2006-1526 version (xorg-x11-server, fixed 1.1.1 at least) CVE-2006-1525 version (kernel, fixed 2.6.16.8) CVE-2006-1524 version (kernel, fixed 2.6.16.7) CVE-2006-1523 version (kernel, fixed 2.6.16.4) CVE-2006-1522 version (kernel, fixed 2.6.16.3) CVE-2006-1518 version (mysql, fixed 5.0.21) CVE-2006-1517 version (mysql, fixed 5.0.21) CVE-2006-1516 version (mysql, fixed 5.0.21) CVE-2006-1494 version (php) CVE-2006-1490 version (php, fixed 5.1.4) CVE-2006-1470 version (openldap, not 2.3.24 at least) CVE-2006-1368 version (kernel, fixed 2.6.16) CVE-2006-1354 version (freeradius, fixed 1.1.2 at least) CVE-2006-1343 version (kernel, fixed 2.6.16.19) CVE-2006-1342 version (kernel, not 2.6) CVE-2006-1335 version (gnome-screensaver, fixed 2.14) CVE-2006-1296 version (beagle, fixed 0.2.4) CVE-2006-1273 ignore (firefox) this issue only affects IE CVE-2006-1242 version (kernel, fixed 2.6.16.1) CVE-2006-1174 version (shadow-utils, fixed 4.0.3) CVE-2006-1173 version (sendmail, fixed 8.13.7) CVE-2006-1168 backport (ncompress) ncompress-4.2.4-bssUnderflow.patch CVE-2006-1095 version (mod_python, 3.2.7 only) CVE-2006-1079 ignore (httpd) not a vulnerability CVE-2006-1078 ignore (httpd) not a vulnerability CVE-2006-1066 version (kernel, fixed 2.6.16) CVE-2006-1061 version (curl, fixed 7.15.3) CVE-2006-1059 version (samba, fixed 3.0.22 at least) CVE-2006-1058 version (busybox, fixed 1.2.x) CVE-2006-1057 version (gdm, fixed 2.14.1) CVE-2006-1056 version (kernel, fixed 2.6.16.9) CVE-2006-1055 version (kernel, fixed 2.6.17) CVE-2006-1052 version (kernel, fixed 2.6.16) CVE-2006-1045 version (thunderbird, fixed 1.5.0.2) CVE-2006-1015 ignore (php) safe mode isn't safe CVE-2006-1014 ignore (php) safe mode isn't safe CVE-2006-0996 version (php, fixed 5.1.4) CVE-2006-0903 version (mysql, 4.1.19) CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) CVE-2006-0836 ignore (thunderbird) only crash on manual import CVE-2006-0749 version (thunderbird, fixed 1.5.0.2) CVE-2006-0749 version (firefox, fixed 1.5.0.2) CVE-2006-0748 version (thunderbird, fixed 1.5.0.2) CVE-2006-0748 version (firefox, fixed 1.5.0.2) CVE-2006-0747 version (freetype, fixed 2.2.1) CVE-2006-0746 version (kdegraphics, fixed 3.4) CVE-2006-0745 version (xorg-x11-server, fixed 1.1.1 at least) CVE-2006-0744 version (kernel, fixed 2.6.16.5) CVE-2006-0742 version (kernel, fixed 2.6.16) CVE-2006-0741 version (kernel, fixed 2.6.15.5) CVE-2006-0730 version (dovecot, 1.0beta[12] only) CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert CVE-2006-0670 version (bluez-hcidump, fixed 1.30) CVE-2006-0645 version (gnutls, fixed 1.2.10) CVE-2006-0591 version (postgresql, fixed 8.0.6) CVE-2006-0576 version (oprofile, fixed 0.9.2 at least) [since FEDORA-2006-1172] was backport since GA CVE-2006-0558 version (kernel, fixed 2.6.16) CVE-2006-0557 version (kernel, fixed 2.6.15.6) CVE-2006-0555 version (kernel, fixed 2.6.16) CVE-2006-0554 version (kernel, fixed 2.6.16) CVE-2006-0553 version (postgresql, only 8.1, fixed 8.1.3) CVE-2006-0528 version (cairo, fixed 1.0.4) CVE-2006-0496 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=324253 CVE-2006-0482 ignore (kernel) sparc only CVE-2006-0481 version (libpng, 1.2.7 only) CVE-2006-0459 version (flex) by inspection CVE-2006-0457 version (kernel, fixed 2.6.16) CVE-2006-0456 ignore (kernel) s390 only CVE-2006-0455 version (gnupg, fixed 1.4.2.1) CVE-2006-0454 version (kernel, fixed 2.6.15.3) CVE-2006-0405 version (libtiff, 3.8.0 only) CVE-2006-0377 version (squirrelmail, fixed 1.4.6) CVE-2006-0369 ignore (mysql) this is not a security issue CVE-2006-0321 version (fetchmail, fixed 6.3.2) CVE-2006-0301 version (poppler, fixed 0.4.5) CVE-2006-0301 version (kdegraphics, fixed 3.5.2) CVE-2006-0300 version (tar, fixed 1.15.90 at least) CVE-2006-0299 version (thunderbird, fixed 1.5) CVE-2006-0299 version (firefox, fixed 1.5.0.1) CVE-2006-0298 version (thunderbird, fixed 1.5) CVE-2006-0298 version (firefox, fixed 1.5.0.1) CVE-2006-0297 version (thunderbird, fixed 1.5) CVE-2006-0297 version (firefox, fixed 1.5.0.1) CVE-2006-0296 version (thunderbird, fixed 1.5) CVE-2006-0296 version (firefox, fixed 1.5.0.1) CVE-2006-0295 version (thunderbird, fixed 1.5) CVE-2006-0295 version (firefox, fixed 1.5.0.1) CVE-2006-0294 version (thunderbird, fixed 1.5) CVE-2006-0294 version (firefox, fixed 1.5.0.1) CVE-2006-0293 version (thunderbird, fixed 1.5) CVE-2006-0293 version (firefox, fixed 1.5.0.1) CVE-2006-0292 version (thunderbird, fixed 1.5) CVE-2006-0292 version (firefox, fixed 1.5.1) CVE-2006-0254 version (tomcat5, fixed 5.5.16) CVE-2006-0236 ignore (thunderbird) windows only CVE-2006-0225 version (openssh, fixed 4.3p2) CVE-2006-0208 version (php, fixed 5.1.2) CVE-2006-0207 version (php, fixed 5.1.2) CVE-2006-0200 version (php, fixed 5.1.2) CVE-2006-0197 ignore (xorg-x11) not an issue CVE-2006-0195 version (squirrelmail, fixed 1.4.6) CVE-2006-0188 version (squirrelmail, fixed 1.4.6) CVE-2006-0144 version (php-pear, not 1.4.4) CVE-2006-0097 ignore (php) Windows only CVE-2006-0096 ignore (kernel) minor and requires root CVE-2006-0095 version (kernel, fixed 2.6.16) CVE-2006-0082 version (ImageMagick, not 6.2.5.4) CVE-2006-0058 version (sendmail, fixed 8.13.6) CVE-2006-0052 version (mailman, fixed 2.1.6) CVE-2006-0049 version (gnupg, fixed 1.4.2.2) CVE-2006-0039 version (kernel, fixed 2.6.16.17) CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15) CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) CVE-2006-0019 version (kdelibs, fixed 3.5.1) CVE-2005-4811 version (kernel, fixed 2.6.13) CVE-2005-4809 ignore (firefox) Status bar can be modified anyways CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug CVE-2005-4807 ignore (binutils, gas fixed 20050721) this is a bug CVE-2005-4798 version (kernel, not 2.6) CVE-2005-4790 VULNERABLE (tomboy) #252294 CVE-2005-4784 ignore (glibc) struct dirent is big enough CVE-2005-4746 version (freeradius, fixed 1.0.5) CVE-2005-4745 version (freeradius, fixed 1.0.5) CVE-2005-4744 version (freeradius, fixed 1.0.5) CVE-2005-4720 version (thunderbird, fixed 1.5) CVE-2005-4720 version (firefox, fixed 1.5) CVE-2005-4703 ignore (tomcat) windows only CVE-2005-4685 ignore (firefox) not fixed upstream, low, can't fix CVE-2005-4684 ignore (kdebase) not fixed upstream, low, can't fix CVE-2005-4667 backport (unzip) changelog CVE-2005-4639 version (kernel, fixed 2.6.15) CVE-2005-4636 version (openoffice.org, fixed 2.0.1) CVE-2005-4635 version (kernel, fixed 2.6.15) CVE-2005-4618 version (kernel, fixed 2.6.15) CVE-2005-4605 version (kernel, fixed 2.6.15) CVE-2005-4585 version (wireshark, fixed 0.10.14) CVE-2005-4442 version (openldap) gentoo only CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471] CVE-2005-4348 version (fetchmail, fixed 6.3.1) CVE-2005-4268 backport (cpio) cpio-2.6-writeOutHeaderBufferOverflow.patch CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment CVE-2005-4154 ignore (php) don't install untrusted pear packages CVE-2005-4153 version (mailman) CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html CVE-2005-4077 version (curl, fixed 7.15.1) CVE-2005-3962 version (perl, fixed 5.8.8) CVE-2005-3883 version (php, fixed 5.1.1 at least) CVE-2005-3858 version (kernel, fixed 2.6.13) CVE-2005-3857 version (kernel, fixed 2.6.15) CVE-2005-3848 version (kernel, fixed 2.6.13) CVE-2005-3847 version (kernel, fixed 2.6.12.6) CVE-2005-3810 version (kernel, fixed 2.6.15) CVE-2005-3809 version (kernel, fixed 2.6.15) CVE-2005-3808 version (kernel, fixed 2.6.15) CVE-2005-3807 version (kernel, fixed 2.6.15) CVE-2005-3806 version (kernel, fixed 2.6.14) CVE-2005-3805 version (kernel, fixed 2.6.14) CVE-2005-3784 version (kernel, fixed 2.6.15) CVE-2005-3783 version (kernel, fixed 2.6.15) CVE-2005-3753 version (kernel, fixed 2.6.14) CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat CVE-2005-3732 version (ipsec-tools, fixed 0.6.3) CVE-2005-3675 ignore (kernel) optack, not a bug CVE-2005-3671 version (openswan, fixed 2.4.4) CVE-2005-3662 version (netpbm) CVE-2005-3656 version (mod_auth_pgsql, fixed 2.0.3) CVE-2005-3651 version (wireshark, fixed 0.10.14) CVE-2005-3632 version (netpbm) CVE-2005-3631 version (udev) CVE-2005-3629 version (initscripts, fixed 8.29 at least) CVE-2005-3628 version (poppler, fixed 0.4.4) CVE-2005-3628 version (kdegraphics, fixed 3.5.1) CVE-2005-3628 version (cups, fixed 1.2.0) CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch CVE-2005-3627 version (poppler, fixed 0.4.4) CVE-2005-3627 version (kdegraphics, fixed 3.5.1) CVE-2005-3627 version (cups, fixed 1.2.0) CVE-2005-3627 backport (tetex) CVE-2005-3626 version (poppler, fixed 0.4.4) CVE-2005-3626 version (kdegraphics, fixed 3.5.1) CVE-2005-3626 version (cups, fixed 1.2.0) CVE-2005-3626 backport (tetex) CVE-2005-3625 version (poppler, fixed 0.4.4) CVE-2005-3625 version (kdegraphics, fixed 3.5.1) CVE-2005-3625 version (cups, fixed 1.2.0) CVE-2005-3625 backport (tetex) CVE-2005-3624 version (poppler, fixed 0.4.4) CVE-2005-3624 version (kdegraphics, fixed 3.5.1) CVE-2005-3624 version (cups, fixed 1.2.0) CVE-2005-3624 backport (tetex) CVE-2005-3623 version (kernel, fixed 2.6.14.5) CVE-2005-3582 version (ImageMagick) gentoo only CVE-2005-3573 version (mailman, fixed 2.1.7) CVE-2005-3527 version (kernel, fixed 2.6.14) CVE-2005-3402 ignore (thunderbird) mozilla say by design CVE-2005-3392 version (php, not 5.0) CVE-2005-3391 version (php, not 5.0) CVE-2005-3390 version (php, fixed 5.1.0) CVE-2005-3389 version (php, fixed 5.1.1) CVE-2005-3388 version (php, fixed 5.1.1) CVE-2005-3359 version (kernel, fixed 2.6.14) CVE-2005-3358 version (kernel, fixed 2.6.11) CVE-2005-3357 version (httpd, fixed 2.2.1) CVE-2005-3356 version (kernel, fixed 2.6.16) CVE-2005-3353 version (php, not 5.0) CVE-2005-3352 version (httpd, fixed 2.2.1) CVE-2005-3351 version (spamassassin, fixed 3.1.0) CVE-2005-3322 version (squid) not upstream, SUSE only CVE-2005-3319 ignore (mod_php) no security consequence CVE-2005-3313 version (wireshark, fixed after 0.10.13) CVE-2005-3276 version (kernel, fixed 2.6.12.4) CVE-2005-3275 version (kernel, fixed 2.6.13) CVE-2005-3274 version (kernel, fixed 2.6.13) CVE-2005-3273 version (kernel, fixed 2.6.12) CVE-2005-3272 version (kernel, fixed 2.6.13) CVE-2005-3271 version (kernel, fixed 2.6.9) CVE-2005-3258 version (squid, fixed 2.5STABLE12) CVE-2005-3257 version (kernel, fixed 2.6.15) CVE-2005-3249 version (wireshark, fixed 0.10.13) CVE-2005-3248 version (wireshark, fixed 0.10.13) CVE-2005-3247 version (wireshark, fixed 0.10.13) CVE-2005-3246 version (wireshark, fixed 0.10.13) CVE-2005-3245 version (wireshark, fixed 0.10.13) CVE-2005-3244 version (wireshark, fixed 0.10.13) CVE-2005-3243 version (wireshark, fixed 0.10.13) CVE-2005-3242 version (wireshark, fixed 0.10.13) CVE-2005-3241 version (wireshark, fixed 0.10.13) CVE-2005-3193 version (poppler, fixed 0.4.4) CVE-2005-3193 version (kdegraphics, fixed 3.5.1) CVE-2005-3193 version (cups, fixed 1.2.0) CVE-2005-3193 backport (tetex) tetex-3.0-CVE-2005-3193.patch CVE-2005-3192 version (poppler, fixed 0.4.4) CVE-2005-3192 version (kdegraphics, fixed 3.5.1) CVE-2005-3192 version (cups, fixed 1.2.0) CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch CVE-2005-3191 version (poppler, fixed 0.4.4) CVE-2005-3191 version (kdegraphics, fixed 3.5.1) CVE-2005-3191 version (cups, fixed 1.2.0) CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch CVE-2005-3186 version (gtk2, fixed 2.8.7 at least) CVE-2005-3185 version (wget, fixed 1.10.2 at least) CVE-2005-3185 version (curl, fixed 7.15) CVE-2005-3184 version (wireshark, fixed 0.10.13) CVE-2005-3181 version (kernel, fixed 2.6.13.4) CVE-2005-3180 version (kernel, fixed 2.6.13.4) CVE-2005-3179 version (kernel, fixed 2.6.13.4) CVE-2005-3164 version (tomcat, not 5) CVE-2005-3120 backport (lynx) changelog CVE-2005-3119 version (kernel, fixed 2.6.13.4) CVE-2005-3110 version (kernel, fixed 2.6.12) CVE-2005-3109 version (kernel, fixed 2.6.12) CVE-2005-3108 version (kernel, fixed 2.6.12) CVE-2005-3107 version (kernel, fixed 2.6.11) CVE-2005-3106 version (kernel, fixed 2.6.11) CVE-2005-3105 version (kernel, fixed 2.6.12) CVE-2005-3089 version (firefox, fixed 1.0.7) CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped CVE-2005-3055 version (kernel, fixed 2.6.14) CVE-2005-3054 ignore (php) CVE-2005-3053 version (kernel, fixed 2.6.12.5) CVE-2005-3044 version (kernel, fixed 2.6.13.2) CVE-2005-3011 backport (texinfo) texinfo-CAN-2005-3011.patch CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts CVE-2005-2978 version (netpbm, fixed 10.25) CVE-2005-2977 version (pam, fixed 0.99.2.1 at least) CVE-2005-2975 version (gtk2, fixed 2.8.7) CVE-2005-2973 version (kernel, fixed 2.6.14) CVE-2005-2970 version (httpd, not 2.2) CVE-2005-2969 version (openssl, fixed 0.9.8a) CVE-2005-2969 backport (openssl097a, fixed 0.9.7h) CVE-2005-2968 version (thunderbird) CVE-2005-2968 version (firefox) CVE-2005-2959 ignore (sudo) not a vulnerability CVE-2005-2946 version (openssl, fixed 0.9.8) CVE-2005-2933 version (libc-client, fixed 2004g at least) CVE-2005-2929 backport (lynx) changelog CVE-2005-2917 version (squid, fixed 2.5.STABLE11) CVE-2005-2876 version (util-linux, fixed 2.13-pre3) CVE-2005-2874 version (cups, fixed 1.1.23) CVE-2005-2873 version (kernel, fixed 2.6.18-rc1) CVE-2005-2872 version (kernel, fixed 2.6.12) CVE-2005-2871 version (thunderbird) CVE-2005-2871 version (firefox, fixed 1.0.7) CVE-2005-2811 version (net-snmp) not upstream, gentoo only CVE-2005-2801 version (kernel, fixed 2.6.11) CVE-2005-2800 version (kernel, fixed 2.6.12.6) CVE-2005-2798 version (openssh, fixed 4.2) CVE-2005-2797 version (openssh, fixed 4.2) CVE-2005-2796 version (squid, fixed 2.5.STABLE11) CVE-2005-2794 version (squid, fixed 2.5.STABLE11) CVE-2005-2728 version (httpd, not 2.2) CVE-2005-2709 version (kernel, fixed 2.6.14.3) CVE-2005-2708 ignore (kernel) not reproducable on x86_64 CVE-2005-2707 version (thunderbird) CVE-2005-2707 version (firefox, fixed 1.0.7) CVE-2005-2706 version (thunderbird) CVE-2005-2706 version (firefox, fixed 1.0.7) CVE-2005-2705 version (thunderbird) CVE-2005-2705 version (firefox, fixed 1.0.7) CVE-2005-2704 version (thunderbird) CVE-2005-2704 version (firefox, fixed 1.0.7) CVE-2005-2703 version (thunderbird) CVE-2005-2703 version (firefox, fixed 1.0.7) CVE-2005-2702 version (thunderbird) CVE-2005-2702 version (firefox, fixed 1.0.7) CVE-2005-2701 version (firefox, fixed 1.0.7) CVE-2005-2700 version (httpd, not 2.2) CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch CVE-2005-2672 version (lm_sensors, fixed 2.9.2) CVE-2005-2666 version (openssh, fixed 4.0p1) CVE-2005-2642 version (mutt) openbsd only CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180) CVE-2005-2617 version (kernel, fixed 2.6.12.5) CVE-2005-2602 ignore (thunderbird) probably CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085 CVE-2005-2558 version (mysql, fixed 4.1.13) CVE-2005-2558 ignore (mysql) not an issue CVE-2005-2555 version (kernel, fixed 2.6.12.6) CVE-2005-2553 version (kernel, not 2.6) CVE-2005-2550 version (evolution, fixed after 2.3.6.1) CVE-2005-2549 version (evolution, fixed after 2.3.6.1) CVE-2005-2548 version (kernel, fixed 2.6.9) only affected 2.6.8 CVE-2005-2547 version (bluez-pin, fixed 2.19) not before 2.16 CVE-2005-2541 ignore (tar) is documented behaviour CVE-2005-2500 version (kernel, fixed 2.6.13) CVE-2005-2498 version (php, fixed xml_rpc:1.4.0) CVE-2005-2496 version (ntp, fixed 4.2.0b) CVE-2005-2495 version (xorg-x11-server, fixed 0.99.3 at least) CVE-2005-2494 version (kdebase, fixed after 3.4.2) CVE-2005-2492 version (kernel, fixed 2.6.13.1) CVE-2005-2491 version (pcre, fixed 6.2) CVE-2005-2491 ignore (python) fc6 python does not contain pcre CVE-2005-2491 ignore (php) php uses system pcre CVE-2005-2491 ignore (httpd) httpd uses system pcre CVE-2005-2490 version (kernel, fixed 2.6.13.1) CVE-2005-2475 backport (unzip) unzip-5.52-toctou.patch CVE-2005-2471 version (netpbm, fixed 10.31) CVE-2005-2459 ignore (kernel, fixed 2.6.12.5) dropped as code path not possible CVE-2005-2458 version (kernel, fixed 2.6.12.5) CVE-2005-2457 version (kernel, fixed 2.6.12.5) CVE-2005-2456 version (kernel, fixed 2.6.12.5) CVE-2005-2452 version (libtiff, fixed 3.7.0) CVE-2005-2448 version (kdenetwork, fixed 3.4.2) CVE-2005-2410 version (NetworkManager, fixed 5.0) CVE-2005-2395 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=281851 CVE-2005-2370 version (kdenetwork, fixed 3.4.2) CVE-2005-2370 version (gaim, fixed 1.5.0) CVE-2005-2369 version (kdenetwork, fixed 3.4.2) CVE-2005-2368 version (vim, fixed 6.3.086 at least) CVE-2005-2367 version (wireshark, fixed 0.10.12) CVE-2005-2366 version (wireshark, fixed 0.10.12) CVE-2005-2365 version (wireshark, fixed 0.10.12) CVE-2005-2364 version (wireshark, fixed 0.10.12) CVE-2005-2363 version (wireshark, fixed 0.10.12) CVE-2005-2362 version (wireshark, fixed 0.10.12) CVE-2005-2361 version (wireshark, fixed 0.10.12) CVE-2005-2360 version (wireshark, fixed 0.10.12) CVE-2005-2353 ignore (thunderbird) debug mode only CVE-2005-2337 version (ruby, fixed 1.8.3) CVE-2005-2335 version (fetchmail, fixed 6.2.5.2) CVE-2005-2270 version (thunderbird, fixed 1.0.5) CVE-2005-2270 version (firefox, fixed 1.0.5) CVE-2005-2269 version (thunderbird, fixed 1.0.5) CVE-2005-2269 version (firefox, fixed 1.0.5) CVE-2005-2268 version (firefox, fixed 1.0.5) CVE-2005-2267 version (firefox, fixed 1.0.5) CVE-2005-2266 version (thunderbird, fixed 1.0.5) CVE-2005-2266 version (firefox, fixed 1.0.5) CVE-2005-2265 version (thunderbird, fixed 1.0.5) CVE-2005-2265 version (firefox, fixed 1.0.5) CVE-2005-2264 version (firefox, fixed 1.0.5) CVE-2005-2263 version (firefox, fixed 1.0.5) CVE-2005-2262 version (firefox, fixed 1.0.5) CVE-2005-2261 version (thunderbird, fixed 1.0.5) CVE-2005-2261 version (firefox, fixed 1.0.5) CVE-2005-2260 version (firefox, fixed 1.0.5) CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) CVE-2005-2114 version (firefox, fixed 1.0.5) CVE-2005-2104 version (sysreport, fixed 1.4.1-5) CVE-2005-2103 version (gaim, fixed 1.5.0) CVE-2005-2102 version (gaim, fixed 1.5.0) CVE-2005-2101 version (kdeedu, fixed after 3.4.2) CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4 CVE-2005-2099 version (kernel, fixed 2.6.12.5) CVE-2005-2098 version (kernel, fixed 2.6.12.5) CVE-2005-2097 version (cups) CVE-2005-2096 version (rpm, fixed 4.4.2) CVE-2005-2096 backport (zlib, fixed 1.2.2.4) CVE-2005-2095 version (squirrelmail, fixed 1.4.5) CVE-2005-2088 version (httpd, not 2.2) CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180) CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch CVE-2005-2023 version (gnupg, only 1.9.14) CVE-2005-1993 version (sudo, fixed 1.6.8p9) CVE-2005-1992 version (ruby, fixed 1.8.3 at least) CVE-2005-1937 version (firefox, fixed 1.0.5) CVE-2005-1934 version (gaim, fixed 1.3.1) CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) CVE-2005-1920 version (kdelibs, fixed 3.4.1) CVE-2005-1918 version (tar) CVE-2005-1913 version (kernel, fixed 2.6.12.2) CVE-2005-1852 version (kdenetwork, fixed 3.4.2) CVE-2005-1849 version (zlib, fixed 1.2.3) CVE-2005-1831 ignore (sudo) unsubstantiated report CVE-2005-1769 version (squirrelmail, fixed 1.4.5) CVE-2005-1768 version (kernel, fixed 2.6.6) CVE-2005-1767 version (kernel, fixed 2.6.7) CVE-2005-1765 version (kernel, fixed 2.6.12) CVE-2005-1764 version (kernel, fixed 2.6.12) CVE-2005-1763 version (kernel, fixed 2.6.12) CVE-2005-1762 version (kernel, fixed 2.6.12) CVE-2005-1761 version (kernel, fixed 2.6.12.2) CVE-2005-1760 version (sysreport, fixed 1.4.1-3) CVE-2005-1759 ignore (php) dead code path CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used CVE-2005-1751 version (nmap, fixed 3.93 at least) CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least) CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3) CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least) CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch CVE-2005-1689 version (krb5, fixed 1.4.2) CVE-2005-1686 ignore (gedit) not a vulnerability CVE-2005-1636 version (mysql, fixed 4.1.12) CVE-2005-1589 version (kernel, fixed 2.6.11.10) CVE-2005-1571 version (php, fixed shtool 2.0.2) CVE-2005-1544 version (libtiff, fixed 3.7.1 at least) CVE-2005-1532 version (thunderbird) CVE-2005-1532 version (firefox, fixed 1.0.4) CVE-2005-1531 version (firefox, fixed 1.0.4) CVE-2005-1519 version (squid, fixed 2.5.STABLE10) CVE-2005-1470 version (wireshark, fixed 0.10.11) CVE-2005-1469 version (wireshark, fixed 0.10.11) CVE-2005-1468 version (wireshark, fixed 0.10.11) CVE-2005-1467 version (wireshark, fixed 0.10.11) CVE-2005-1466 version (wireshark, fixed 0.10.11) CVE-2005-1465 version (wireshark, fixed 0.10.11) CVE-2005-1464 version (wireshark, fixed 0.10.11) CVE-2005-1463 version (wireshark, fixed 0.10.11) CVE-2005-1462 version (wireshark, fixed 0.10.11) CVE-2005-1461 version (wireshark, fixed 0.10.11) CVE-2005-1460 version (wireshark, fixed 0.10.11) CVE-2005-1459 version (wireshark, fixed 0.10.11) CVE-2005-1458 version (wireshark, fixed 0.10.11) CVE-2005-1457 version (wireshark, fixed 0.10.11) CVE-2005-1456 version (wireshark, fixed 0.10.11) CVE-2005-1455 version (freeradius, fixed 1.0.3) CVE-2005-1454 version (freeradius, fixed 1.0.3) CVE-2005-1431 version (gnutls, fixed 1.0.25) CVE-2005-1410 version (postgresql, fixed 8.0.2) CVE-2005-1409 version (postgresql, fixed 8.0.1) CVE-2005-1369 version (kernel, fixed 2.6.12) CVE-2005-1368 version (kernel, fixed 2.6.12) CVE-2005-1345 version (squid, fixed 2.5.STABLE10) CVE-2005-1344 ignore (httpd) not a vulnerability CVE-2005-1281 version (wireshark, fixed 0.10.11) CVE-2005-1280 version (tcpdump, fixed 3.9.2) CVE-2005-1279 version (tcpdump, fixed 3.9.2) CVE-2005-1278 version (tcpdump, fixed 3.9.2) CVE-2005-1277 ignore (dupe) CVE-2005-1275 version (ImageMagick, fixed 6.2.2) CVE-2005-1269 version (gaim, fixed 1.3.1) CVE-2005-1268 version (httpd, not 2.2) CVE-2005-1267 version (tcpdump, fixed 3.9.4 at least) CVE-2005-1266 version (spamassassin, fixed 3.0.4) CVE-2005-1265 version (kernel) CVE-2005-1264 version (kernel) CVE-2005-1263 version (kernel) CVE-2005-1262 version (gaim, fixed 1.3.0) CVE-2005-1261 version (gaim, fixed 1.3.0) CVE-2005-1260 version (bzip2, fixed 1.0.3) CVE-2005-1229 backport (cpio) cpio-2.6-dirTraversal.patch CVE-2005-1228 backport (gzip) changelog CVE-2005-1194 backport (nasm) changelog CVE-2005-1184 ignore (kernel) expected to not be an issue CVE-2005-1175 version (krb5, fixed 1.4.2) CVE-2005-1174 version (krb5, fixed 1.4.2) CVE-2005-1160 version (thunderbird) CVE-2005-1160 version (firefox) CVE-2005-1159 version (thunderbird) CVE-2005-1159 version (firefox) CVE-2005-1158 version (firefox, fixed 1.0.3) CVE-2005-1157 version (firefox) CVE-2005-1156 version (firefox) CVE-2005-1155 version (firefox) CVE-2005-1154 version (firefox) CVE-2005-1153 version (firefox) CVE-2005-1111 backport (cpio) cpio-2.6-chmodRaceC.patch CVE-2005-1065 version (tetex) not upstream version CVE-2005-1061 version (logwatch, fixed 4.3.2 at least) CVE-2005-1046 version (kdelibs, fixed after 3.4.0) CVE-2005-1043 version (php, fixed 4.3.11) CVE-2005-1042 version (php, fixed 4.3.11) CVE-2005-1041 version (kernel, fixed 2.6.12) CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue CVE-2005-1038 backport (vixie-cron) CVE-2005-0990 version (sharutils, fixed 4.6 at least) CVE-2005-0989 version (thunderbird) CVE-2005-0989 version (firefox, fixed 1.0.3) CVE-2005-0988 backport (gzip) changelog CVE-2005-0977 version (kernel, fixed 2.6.11) CVE-2005-0967 version (gaim, fixed 1.2.1) CVE-2005-0966 version (gaim, fixed 1.2.1) CVE-2005-0965 version (gaim, fixed 1.2.1) CVE-2005-0953 backport (bzip2) bzip2-1.0.2-chmod.patch CVE-2005-0941 version (openoffice.org, fixed 1.9 m95) CVE-2005-0937 version (kernel, fixed 2.6.11) CVE-2005-0916 version (kernel, fixed 2.6.12) CVE-2005-0891 version (gtk2, fixed 2.2.4) CVE-2005-0867 version (kernel, fixed 2.6.11) CVE-2005-0866 version (cdrecord) DEBUG isn't enabled anyway CVE-2005-0839 version (kernel, fixed 2.6.11) CVE-2005-0815 version (kernel, fixed 2.6.11.6) CVE-2005-0808 version (tomcat, fixed 5.x) CVE-2005-0806 version (evolution, fixed 2.0.4) CVE-2005-0799 version (mysql) not linux CVE-2005-0767 version (kernel, fixed 2.6.11) CVE-2005-0766 version (wireshark, fixed after 0.10.9) CVE-2005-0765 version (wireshark, fixed after 0.10.9) CVE-2005-0763 version (mc, fixed 4.6.0) CVE-2005-0762 version (ImageMagick, fixed 6.0) CVE-2005-0761 version (ImageMagick, fixed 6.1.8) CVE-2005-0760 version (ImageMagick, fixed 6.0) CVE-2005-0759 version (ImageMagick, fixed 6.0) CVE-2005-0758 version (gzip, fixed 1.3.5) CVE-2005-0758 backport (bzip2) CVE-2005-0757 version (kernel, not 2.6) CVE-2005-0756 version (kernel, fixed 2.6.12) CVE-2005-0754 version (kdewebdev, fixed after 3.4.0) CVE-2005-0753 version (cvs, fixed 1.11.20) CVE-2005-0752 version (firefox, fixed 1.0.3) CVE-2005-0750 version (kernel, fixed 2.6.11.6) CVE-2005-0749 version (kernel, fixed 2.6.11.6) CVE-2005-0739 version (wireshark, fixed after 0.10.9) CVE-2005-0736 version (kernel, fixed 2.6.11) CVE-2005-0718 version (squid, fixed 2.5.STABLE8) CVE-2005-0711 version (mysql, fixed 4.1.11) CVE-2005-0710 version (mysql, fixed 4.1.11) CVE-2005-0709 version (mysql, fixed 4.1.11) CVE-2005-0705 version (wireshark, fixed after 0.10.9) CVE-2005-0704 version (wireshark, fixed after 0.10.9) CVE-2005-0698 version (wireshark, fixed after 0.10.9) CVE-2005-0664 version (libexif, fixed 0.6.12) CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless CVE-2005-0627 version (qt, fixed 3.3.4) CVE-2005-0626 version (squid, fixed 2.5.STABLE10) CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour CVE-2005-0596 version (php, fixed 5.0) CVE-2005-0593 version (firefox) CVE-2005-0592 version (firefox) CVE-2005-0591 version (firefox, fixed 1.0.1) CVE-2005-0590 version (thunderbird) CVE-2005-0590 version (openswan, fixed 2.1.4) CVE-2005-0590 version (firefox) CVE-2005-0589 version (firefox, fixed 1.0.1) CVE-2005-0588 version (firefox) CVE-2005-0587 version (firefox) CVE-2005-0586 version (firefox) CVE-2005-0585 version (firefox) CVE-2005-0584 version (firefox) CVE-2005-0578 version (firefox) CVE-2005-0565 version (kernel, not 2.6) CVE-2005-0532 version (kernel, fixed 2.6.11) CVE-2005-0531 version (kernel, fixed 2.6.11) CVE-2005-0530 version (kernel, fixed 2.6.11) CVE-2005-0529 version (kernel, fixed 2.6.11) CVE-2005-0527 version (firefox, fixed 1.0.1) CVE-2005-0525 version (php, fixed 5.0.4) CVE-2005-0524 version (php, fixed 5.0.4) CVE-2005-0509 version (mono, not after 1.0.5) CVE-2005-0504 version (kernel, not 2.6) doesn't build in 2.6 CVE-2005-0490 version (curl, fixed 7.13.1) CVE-2005-0489 version (kernel, not 2.6) CVE-2005-0488 backport (telnet) CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch CVE-2005-0473 version (gaim, fixed 1.1.3) CVE-2005-0472 version (gaim, fixed 1.1.3) CVE-2005-0470 version (wpa_supplicant, fixed 0.2.7) CVE-2005-0469 version (krb5, fixed 1.4.1) CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch CVE-2005-0468 version (krb5, fixed 1.4.1) CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch CVE-2005-0449 version (kernel, fixed 2.6.11) CVE-2005-0448 version (perl, fixed 5.8.6) CVE-2005-0446 version (squid, fixed 2.5.STABLE9) CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020 CVE-2005-0403 version (kernel) not upstream CVE-2005-0402 version (firefox, fixed 1.0.2) CVE-2005-0401 version (firefox, fixed 1.0.2) CVE-2005-0400 version (kernel, fixed 2.6.11.6) CVE-2005-0399 version (thunderbird) CVE-2005-0399 version (firefox) CVE-2005-0398 version (ipsec-tools, fixed 0.5) CVE-2005-0397 version (ImageMagick, fixed 6.0.2.5) CVE-2005-0396 version (kdelibs, fixed 3.4.0) CVE-2005-0384 version (kernel, fixed 2.6.11.4) CVE-2005-0372 version (gftp, fixed 2.0.18 at least) CVE-2005-0365 version (kdelibs, not 3.4) CVE-2005-0337 version (postfix, fixed 2.1.4) CVE-2005-0255 version (thunderbird, fixed 1.0.2) CVE-2005-0255 version (firefox, fixed 1.0.1) CVE-2005-0247 version (postgresql, fixed after 8.0) CVE-2005-0246 version (postgresql, fixed 8.0.1) CVE-2005-0245 version (postgresql, fixed 8.0.1) CVE-2005-0244 version (postgresql, fixed 8.0.1) CVE-2005-0241 version (squid, fixed 2.5.STABLE8) CVE-2005-0238 version (epiphany, fixed since mozilla 1.7.6) CVE-2005-0237 version (kdelibs, fixed 3.4.0) CVE-2005-0233 version (firefox, fixed 1.0.1) CVE-2005-0232 version (firefox, fixed 1.0.1) CVE-2005-0231 version (firefox, fixed 1.0.1) CVE-2005-0230 version (thunderbird, fixed 1.0.2) CVE-2005-0230 version (firefox, fixed 1.0.1) CVE-2005-0227 version (postgresql, fixed 8.0.1) CVE-2005-0211 version (squid, fixed 2.5.STABLE8) CVE-2005-0210 version (kernel, fixed 2.6.11) CVE-2005-0209 version (kernel, fixed 2.6.11) CVE-2005-0208 version (gaim, fixed 1.1.4) CVE-2005-0207 version (kernel, fixed 2.6.11) CVE-2005-0205 version (kdenetwork, not 3.3+) CVE-2005-0204 version (kernel) didn't affect upstream CVE-2005-0202 version (mailman, fixed 2.1.6) CVE-2005-0201 version (dbus, fixed 0.36.1) CVE-2005-0194 version (squid, fixed 2.5.STABLE8) CVE-2005-0180 version (kernel, fixed 2.6.11) CVE-2005-0179 version (kernel, fixed 2.6.11) CVE-2005-0178 version (kernel, fixed 2.6.11) CVE-2005-0177 version (kernel, fixed 2.6.11) CVE-2005-0176 version (kernel, fixed 2.6.10) only affected 2.6.9 CVE-2005-0175 version (squid, fixed 2.5.STABLE8) CVE-2005-0174 version (squid, fixed 2.5.STABLE8) CVE-2005-0173 version (squid, fixed 2.5.STABLE8) CVE-2005-0162 version (openswan, fixed 2.3.0) CVE-2005-0156 version (perl, fixed 5.8.8) CVE-2005-0155 version (perl, fixed 5.8.8) CVE-2005-0152 version (squirrelmail, not 1.4) CVE-2005-0150 version (firefox, fixed 1.0) CVE-2005-0149 version (firefox) CVE-2005-0147 version (firefox) CVE-2005-0146 version (firefox) CVE-2005-0145 version (firefox, fixed 1.0) CVE-2005-0144 version (firefox) CVE-2005-0143 version (firefox) CVE-2005-0142 version (thunderbird) CVE-2005-0142 version (firefox) CVE-2005-0141 version (firefox) CVE-2005-0137 version (kernel, not 2.6) CVE-2005-0136 version (kernel, fixed 2.6.11) CVE-2005-0135 version (kernel, fixed 2.6.11) CVE-2005-0124 version (kernel, fixed 2.6.11) CVE-2005-0109 version (openssl, not 0.9.8a) CVE-2005-0109 backport (openssl097a) CVE-2005-0104 version (squirrelmail, fixed 1.4.4) CVE-2005-0103 version (squirrelmail, fixed 1.4.4) CVE-2005-0102 version (evolution-data-server, fixed 1.2.2 at least) CVE-2005-0100 version (emacs, fixed 21.4 at least) CVE-2005-0097 version (squid, fixed 2.5.STABLE8) CVE-2005-0096 version (squid, fixed 2.5.STABLE8) CVE-2005-0095 version (squid, fixed 2.5.STABLE8) CVE-2005-0094 version (squid, fixed 2.5.STABLE8) CVE-2005-0092 version (kernel, not affected) CVE-2005-0091 version (kernel, not affected) CVE-2005-0090 version (kernel, not affected) CVE-2005-0089 version (python, fixed 2.4.1 at least) CVE-2005-0088 version (mod_python, fixed after 2.7.8) CVE-2005-0087 version (alsa-lib, fixed 1.0.9) CVE-2005-0086 version (less) didn't affect upstream CVE-2005-0085 version (htdig, fixed 3.1.6-r7) CVE-2005-0084 version (wireshark, fixed 0.10.9) CVE-2005-0080 version (mailman) not upstream CVE-2005-0078 version (kde, fixed 3.0.5) CVE-2005-0077 version (perl-DBI, fixed 1.48 at least) CVE-2005-0075 version (squirrelmail, fixed 1.4.4) CVE-2005-0069 version (vim, fixed 7.0 at least) CVE-2005-0064 version (tetex, fixed 3.0) CVE-2005-0064 version (kdegraphics, not 3.4) CVE-2005-0064 version (cups, fixed 1.2.2) CVE-2005-0039 ignore (kernel) not a vulnerability: don't do this says the rfc CVE-2005-0034 version (bind, fixed after 9.3.0) CVE-2005-0033 version (bind, not 9) CVE-2005-0023 ignore (libvte) not a security risk CVE-2005-0014 version (ncpfs, fixed 2.2.6) CVE-2005-0013 version (ncpfs, fixed 2.2.6) CVE-2005-0011 version (kdeedu, not 3.4) CVE-2005-0010 version (wireshark, fixed 0.10.9) CVE-2005-0009 version (wireshark, fixed 0.10.9) CVE-2005-0008 version (wireshark, fixed 0.10.9) CVE-2005-0007 version (wireshark, fixed 0.10.9) CVE-2005-0006 version (wireshark, fixed 0.10.9) CVE-2005-0005 version (ImageMagick, fixed after 6.1.7) CVE-2005-0004 version (mysql, fixed 4.1.10) CVE-2005-0003 version (kernel, fixed 2.6.10) CVE-2005-0001 version (kernel, fixed 2.6.10) CVE-2004-2660 version (kernel, fixed 2.6.10) CVE-2004-2657 ignore (firefox) windows only CVE-2004-2654 version (squid, fixed 2.6STABLE6) CVE-2004-2607 version (kernel, fixed 2.6.5) CVE-2004-2589 version (gaim, fixed 0.82) CVE-2004-2546 version (samba, fixed 3.0.6) CVE-2004-2541 ignore (cscope) blocked by FORTIFY_SOURCE CVE-2004-2536 version (kernel, fixed 2.6.7) CVE-2004-2531 version (gnutls, fixed 1.0.17) CVE-2004-2480 ignore (squid) , not reproducable CVE-2004-2479 version (squid, fixed 2.5.STABLE8) CVE-2004-2396 version (passwd, fixed 0.69) CVE-2004-2395 version (passwd, fixed 0.69) CVE-2004-2394 version (passwd, fixed 0.69) CVE-2004-2392 version (libuser, fixed 0.51.10) CVE-2004-2343 ignore (httpd) not a security issue CVE-2004-2302 version (kernel, fixed 2.6.10) CVE-2004-2259 version (vsftpd, fixed 1.2.2) CVE-2004-2228 version (firefox, fixed 1.0) CVE-2004-2227 version (firefox, fixed 1.0) CVE-2004-2225 version (firefox, fixed 0.10.1) CVE-2004-2154 version (cups, fixed 1.2.21rc1) CVE-2004-2149 version (mysql, fixed 4.1.5) CVE-2004-2136 ignore (dm-crypt) design CVE-2004-2135 ignore (kernel) design CVE-2004-2093 ignore (rsync) not security issue CVE-2004-2069 version (openssh, not 4) CVE-2004-2014 version (wget, fixed 1.10.1) CVE-2004-2013 version (kernel, not 2.6) CVE-2004-2004 version (configuration) SUSE only CVE-2004-1880 version (openldap, fixed 2.2.21) CVE-2004-1834 version (httpd, not 2.2) CVE-2004-1773 version (sharutils, not 4.6) CVE-2004-1772 version (sharutils, not 4.6) CVE-2004-1761 version (wireshark, fixed 0.10.3) CVE-2004-1689 version (sudo, fixed 1.6.8p1) CVE-2004-1653 ignore (openssh) CVE-2004-1639 version (firefox) CVE-2004-1617 ignore (lynx) not able to verify flaw CVE-2004-1488 version (wget, fixed 1.10.1) CVE-2004-1471 version (cvs, fixed 1.12.9) CVE-2004-1453 version (glibc, fixed 2.3.5) CVE-2004-1452 version (tomcat, fixed 5.0.27-r3) CVE-2004-1451 version (thunderbird) CVE-2004-1451 version (firefox) CVE-2004-1450 version (thunderbird) CVE-2004-1450 version (firefox) CVE-2004-1449 version (thunderbird) CVE-2004-1449 version (firefox) CVE-2004-1392 version (php, fixed 5.0.4) CVE-2004-1382 version (glibc, not 2.3.5) CVE-2004-1381 version (firefox) CVE-2004-1380 version (firefox) CVE-2004-1377 backport (a2ps) a2ps-4.13-security.patch CVE-2004-1337 version (kernel, fixed 2.6.11) CVE-2004-1336 version (tetex, fixed 3.0 at least) CVE-2004-1335 version (kernel, fixed 2.6.10) CVE-2004-1334 version (kernel, fixed 2.6.10) CVE-2004-1333 version (kernel, fixed 2.6.10) CVE-2004-1316 version (thunderbird, fixed 0.9) CVE-2004-1308 version (libtiff, fixed 3.7.1 at least) CVE-2004-1307 version (libtiff, was already fixed with 0886) CVE-2004-1304 version (file, fixed 4.12) CVE-2004-1296 backport (groff) from srpm CVE-2004-1287 backport (nasm) changelog CVE-2004-1270 version (cups, fixed 1.1.23) CVE-2004-1269 version (cups, fixed 1.1.23) CVE-2004-1268 version (cups, fixed 1.1.23) CVE-2004-1267 version (cups, fixed 1.1.23) CVE-2004-1237 version (kernel, not 2.6) not upstream CVE-2004-1235 version (kernel, fixed 2.6.11) CVE-2004-1234 version (kernel, not 2.6) CVE-2004-1224 version (mtr, fixed after 0.65) CVE-2004-1200 ignore (firefox, mozilla) not a security issue CVE-2004-1191 version (kernel, fixed 2.6.9) CVE-2004-1190 version (kernel, fixed 2.6.10) CVE-2004-1189 version (krb5, fixed 1.4) CVE-2004-1186 backport (enscript) enscript-1.6.1-CAN-2004-1186.patch CVE-2004-1185 backport (enscript) enscript-1.6.1-CAN-2004-1185.patch CVE-2004-1184 version (enscript, fixed 1.6.4 at least) CVE-2004-1183 version (libtiff, fixed 3.7.2) CVE-2004-1180 version (rwho, fixed 0.17) CVE-2004-1177 version (mailman, fixed 2.1.6) CVE-2004-1176 version (mc, fixed 4.6.0) CVE-2004-1175 version (mc, fixed 4.6.0) CVE-2004-1174 version (mc, fixed 4.6.0) CVE-2004-1171 version (kdelibs, not 3.4) CVE-2004-1170 backport (a2ps) a2ps-shell.patch CVE-2004-1165 version (kdelibs, not 3.4) CVE-2004-1158 version (kdelibs, not 3.4) CVE-2004-1156 version (firefox) CVE-2004-1154 version (samba, fixed 3.0.10) CVE-2004-1151 version (kernel, fixed 2.6.10) CVE-2004-1145 version (kde, not 3.4) CVE-2004-1144 version (kernel, not 2.6) CVE-2004-1143 version (mailman, fixed 2.1.5) CVE-2004-1142 version (wireshark, fixed 0.10.8) CVE-2004-1141 version (wireshark, fixed 0.10.8) CVE-2004-1140 version (wireshark, fixed 0.10.8) CVE-2004-1139 version (wireshark, fixed 0.10.8) CVE-2004-1138 version (vim, fixed 6.3) CVE-2004-1137 version (kernel, fixed 2.6.10) CVE-2004-1125 version (tetex, at least 3.0) CVE-2004-1125 version (kdegraphics, not 3.4) CVE-2004-1096 version (perl-Archive-Zip, fixed 1.14) CVE-2004-1093 version (mc, fixed 4.6.0) CVE-2004-1092 version (mc, fixed 4.6.0) CVE-2004-1091 version (mc, fixed 4.6.0) CVE-2004-1090 version (mc, fixed 4.6.0) CVE-2004-1079 version (ncpfs, fixed 2.2.6 at least) CVE-2004-1074 version (kernel, fixed 2.6.10) CVE-2004-1073 version (kernel, fixed 2.6.10) CVE-2004-1072 version (kernel, fixed 2.6.10) CVE-2004-1071 version (kernel, fixed 2.6.10) CVE-2004-1070 version (kernel, fixed 2.6.10) CVE-2004-1069 version (kernel, fixed 2.6.10) CVE-2004-1068 version (kernel, fixed 2.6.10) CVE-2004-1065 version (php, fixed after 5.0.2) CVE-2004-1064 version (php, fixed after 5.0.2) CVE-2004-1063 version (php, fixed after 5.0.2) CVE-2004-1060 version (kernel) all verifies sequence number CVE-2004-1058 version (kernel, fixed 2.6.9) CVE-2004-1057 version (kernel, fixed 2.6.10) CVE-2004-1056 version (kernel, fixed 2.6.10) CVE-2004-1051 version (sudo, fixed 1.6.8p2) CVE-2004-1036 version (squirrelmail, fixed 1.4.4) CVE-2004-1020 version (php, fixed after 5.0.2) CVE-2004-1019 version (php, fixed after 5.0.2) CVE-2004-1018 version (php, fixed after 5.0.2) CVE-2004-1017 version (kernel, fixed 2.6.10) CVE-2004-1016 version (kernel, fixed 2.6.10) CVE-2004-1014 version (nfs-utils, fixed 1.0.7) CVE-2004-1009 version (mc, fixed 4.6.0) CVE-2004-1006 version (dhcp, not 3) CVE-2004-1005 version (mc, fixed 4.6.0) CVE-2004-1004 version (mc, fixed 4.6.0) CVE-2004-1002 ignore (ppp) not a security issue CVE-2004-0997 version (kernel, not 2.6) CVE-2004-0996 backport (cscope) not fixed in 15.5 CVE-2004-0990 version (gd, fixed 2.0.33 at least) CVE-2004-0989 version (libxml2, fixed 2.6.15) CVE-2004-0986 version (iptables, fixed 1.2.12) CVE-2004-0983 version (ruby, fixed 1.8.2) CVE-2004-0981 version (ImageMagick, fixed 6.1.0) CVE-2004-0977 version (postgresql, fixed after 7.4.6) CVE-2004-0976 backport (perl) perl-5.8.7-CAN-2004-0976.patch CVE-2004-0975 version (openssl, not 0.9.8) CVE-2004-0975 backport (openssl097a, fixed 0.9.7f) CVE-2004-0974 version (netatalk, fixed 2.0.1) CVE-2004-0972 version (lvm2, fixed 2.2.01.8 at least) CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch CVE-2004-0970 version (gzip) CVE-2004-0969 version (groff, fixed 1.18.1.1) CVE-2004-0968 version (glibc, fixed 2.3.5 at least) CVE-2004-0967 version (ghostscript, fixed 8.15.1) CVE-2004-0966 version (gettext, fixed 0.14.3 at least) CVE-2004-0961 version (freeradius, fixed 1.0.1) CVE-2004-0960 version (freeradius, fixed 1.0.1) CVE-2004-0959 version (php, fixed 4.3.9) CVE-2004-0958 version (php, fixed 4.3.9) CVE-2004-0957 version (mysql, fixed 4.0.21) CVE-2004-0956 version (mysql, fixed 4.0.20) CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6) CVE-2004-0942 version (httpd, not 2.2) CVE-2004-0941 backport (gd) CVE-2004-0940 version (httpd, not 2.2) CVE-2004-0938 version (freeradius, fixed 1.0.1) CVE-2004-0930 version (samba, fixed 3.0.8) CVE-2004-0929 version (libtiff, fixed 3.7.0) CVE-2004-0923 version (cups, fixed 1.2.22) CVE-2004-0918 version (squid, fixed 2.4.STABLE7) CVE-2004-0914 version (xorg-x11, fixed after 6.8.1) CVE-2004-0909 version (thunderbird) CVE-2004-0909 version (firefox) CVE-2004-0907 version (thunderbird) CVE-2004-0907 version (firefox) CVE-2004-0906 version (thunderbird) CVE-2004-0906 version (firefox) CVE-2004-0891 version (gaim, fixed 1.0.2) CVE-2004-0888 version (tetex, fixed 3.0) CVE-2004-0888 version (kdegraphics, not 3.4) CVE-2004-0888 version (cups) CVE-2004-0887 version (kernel, fixed 2.6.10) CVE-2004-0886 version (libtiff, fixed 3.7.1 at least) CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109) CVE-2004-0885 version (httpd, not 2.2) CVE-2004-0884 version (cyrus-sasl, fixed 2.1.20) CVE-2004-0883 version (kernel, fixed 2.6.11) CVE-2004-0883 version (kernel, fixed 2.6.11) CVE-2004-0882 version (samba, fixed 3.0.8) CVE-2004-0870 ignore (kde) upstream won't fix CVE-2004-0867 version (firefox, fixed after 0.9.2) CVE-2004-0837 version (mysql, fixed 4.0.21) CVE-2004-0836 version (mysql, fixed 4.0.21) CVE-2004-0835 version (mysql, fixed 4.1.2) CVE-2004-0832 version (squid, fixed 2.5.STABLE7) CVE-2004-0829 version (samba, fixed 2.2.11) CVE-2004-0827 version (ImageMagick, fixed 6.0.6.2) CVE-2004-0826 version (nss, fixed 3.9.2) CVE-2004-0823 version (openldap, fixed after 2.1.19) CVE-2004-0816 version (kernel, fixed 2.6.8) CVE-2004-0815 version (samba, fixed 3.0.2a) CVE-2004-0814 version (kernel, fixed 2.6.9) CVE-2004-0813 version (kernel, fixed 2.6.8) CVE-2004-0812 version (kernel, not 2.6) CVE-2004-0811 version (httpd, not 2.2) CVE-2004-0809 version (httpd, not 2.2) CVE-2004-0808 version (samba, fixed 3.0.7) CVE-2004-0807 version (samba, fixed 3.0.7) CVE-2004-0806 version (cdrtools, fixed 2.0.1) CVE-2004-0804 version (libtiff, fixed after 3.6.1) CVE-2004-0804 version (kdegraphics) CVE-2004-0803 version (libtiff, fixed after 3.6.1) CVE-2004-0803 version (kdegraphics) CVE-2004-0801 version (foomatic, fixed 3.0.2) CVE-2004-0797 version (zlib, fixed 1.2.2.2 at least) CVE-2004-0797 version (zlib) CVE-2004-0796 version (spamassassin, fixed 2.64) CVE-2004-0792 version (rsync, fixed 2.6.3) CVE-2004-0791 version (kernel, fixed 2.6.9) CVE-2004-0790 version (kernel, not 2.6) CVE-2004-0788 version (gtk2, fixed 2.6.7 at least) CVE-2004-0786 version (apr-util, not httpd-2.2) CVE-2004-0785 version (gaim, fixed 0.82) CVE-2004-0784 version (gaim, fixed 0.82) CVE-2004-0783 version (gtk2, fixed 2.6.7 at least) CVE-2004-0782 version (gtk2, fixed 2.6.7 at least) CVE-2004-0779 version (thunderbird) CVE-2004-0779 version (firefox) CVE-2004-0778 version (cvs, fixed 1.11.17) CVE-2004-0772 version (krb5, fixed after 1.2.8) CVE-2004-0768 version (libpng, fixed 1.2.6) CVE-2004-0755 version (ruby, fixed 1.8.1) CVE-2004-0754 version (gaim, fixed 0.82) CVE-2004-0753 version (gtk2, fixed after 2.2.4) CVE-2004-0752 version (openoffice.org, fixed after 1.1.2) CVE-2004-0751 version (httpd, not 2.2) CVE-2004-0750 version (system-config-nfs, fixed 1.0.13) CVE-2004-0749 version (subversion, fixed 1.0.8) CVE-2004-0748 version (httpd, not 2.2) CVE-2004-0747 version (httpd, not 2.2) CVE-2004-0746 version (kde, fixed 3.3) CVE-2004-0721 version (kdelibs, fixed 3.3) CVE-2004-0700 version (httpd, not 2.2) CVE-2004-0693 version (qt, fixed 3.3.3) CVE-2004-0692 version (qt, fixed 3.3.3) CVE-2004-0691 version (qt, fixed 3.3.3) CVE-2004-0690 version (kdelibs, fixed after 3.2.3) CVE-2004-0689 version (kdelibs, fixed 3.3.0) CVE-2004-0686 version (samba, fixed 3.0.6) CVE-2004-0685 version (kernel, not 2.6) CVE-2004-0658 ignore (kernel) not a security issue CVE-2004-0648 version (thunderbird) CVE-2004-0648 version (firefox) CVE-2004-0644 version (krb5, fixed after 1.3.4) CVE-2004-0643 version (krb5, fixed after 1.3.1) CVE-2004-0642 version (krb5, fixed after 1.3.4) CVE-2004-0639 version (squirrelmail, fixed after 1.2.10) CVE-2004-0635 version (wireshark, fixed 0.10.5) CVE-2004-0634 version (wireshark, fixed 0.10.5) CVE-2004-0633 version (wireshark, fixed 0.10.5) CVE-2004-0628 version (mysql, fixed 4.1.3) CVE-2004-0627 version (mysql, fixed 4.1.3) CVE-2004-0626 version (kernel, fixed 2.6.8) CVE-2004-0619 version (kernel) no driver CVE-2004-0607 version (racoon) CVE-2004-0603 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch CVE-2004-0600 version (samba, fixed 3.0.6) CVE-2004-0599 version (libpng, fixed 1.2.6) CVE-2004-0598 version (libpng, fixed 1.2.6) CVE-2004-0597 version (libpng, fixed 1.2.6) CVE-2004-0595 version (php, fixed 4.3.8) CVE-2004-0594 version (php, fixed 4.3.8) CVE-2004-0592 version (kernel) not upstream flaw CVE-2004-0587 version (kernel) not upstream flaw CVE-2004-0558 version (cups, fixed 1.1.21) CVE-2004-0557 version (sox, fixed after 12.17.4) CVE-2004-0554 version (kernel, fixed 2.6.7) CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue CVE-2004-0547 version (postgresql, fixed 7.2.1) CVE-2004-0541 version (squid) CVE-2004-0535 version (kernel, fixed 2.6.6) CVE-2004-0527 version (konqueror, not 3+) CVE-2004-0523 version (krb5, fixed 1.3.4) CVE-2004-0521 version (squirrelmail, fixed 1.4.3a) CVE-2004-0520 version (squirrelmail, fixed 1.4.3a) CVE-2004-0519 version (squirrelmail, fixed 1.4.3a) CVE-2004-0507 version (wireshark, fixed 0.10.4) CVE-2004-0506 version (wireshark, fixed 0.10.4) CVE-2004-0505 version (wireshark, fixed 0.10.4) CVE-2004-0504 version (wireshark, fixed 0.10.4) CVE-2004-0500 version (gaim, fixed 0.82) CVE-2004-0497 version (kernel, fixed 2.6.8) CVE-2004-0496 version (kernel, fixed 2.6.8) CVE-2004-0495 version (kernel, fixed 2.6.8) CVE-2004-0494 version (mc, fixed 4.6.1) CVE-2004-0493 version (httpd, not 2.2) CVE-2004-0492 version (httpd, not 2.2) CVE-2004-0491 version (kernel, not upstream) CVE-2004-0488 version (httpd, not 2.2) CVE-2004-0461 version (dhcp, fixed after 3.0.1rc13) CVE-2004-0460 version (dhcp, fixed after 3.0.1rc13) CVE-2004-0457 version (mysql, fixed after 4.0.20) CVE-2004-0452 version (perl, fixed 5.8.8) CVE-2004-0447 version (kernel, fixed 2.6.5) CVE-2004-0427 version (kernel, fixed 2.6.6) CVE-2004-0426 version (rsync, fixed 2.6.1) CVE-2004-0424 version (kernel, fixed 2.6.4) CVE-2004-0421 version (libpng, fixed 1.0.16) CVE-2004-0419 version (xorg-x11, fixed 6.8.2 at least) CVE-2004-0418 version (cvs, fixed 1.11.17) CVE-2004-0417 version (cvs, fixed 1.11.17) CVE-2004-0416 version (cvs, fixed 1.11.17) CVE-2004-0415 version (kernel, fixed 2.6.8) CVE-2004-0414 version (cvs, fixed 1.11.17) CVE-2004-0413 version (subversion, fixed 1.0.5) CVE-2004-0412 version (mailman, fixed 2.1.5) CVE-2004-0411 version (kdelibs, fixed 3.3) CVE-2004-0409 version (xchat, fixed 2.0.9) CVE-2004-0405 version (cvs, fixed 1.11) CVE-2004-0403 version (racoon, fixed ipsec-tools-0.6.5 at least) CVE-2004-0398 version (neon, fixed 0.24.6) CVE-2004-0397 version (subversion, fixed 1.0.1) CVE-2004-0396 version (cvs, fixed 1.12.8) CVE-2004-0394 version (kernel, not 2.6) also not a vulnerability CVE-2004-0392 version (racoon, fixed 20040407b) CVE-2004-0388 version (mysql, fixed 4.1.11 at least) CVE-2004-0381 version (mysql, fixed 4.1.11 at least) CVE-2004-0367 version (wireshark, fixed 0.10.3) CVE-2004-0365 version (wireshark, fixed 0.10.3) CVE-2004-0263 version (php, fixed 4.3.5) CVE-2004-0256 version (libtool, fixed 1.5.2) CVE-2004-0233 version (libutempter, fixed 0.5.5) CVE-2004-0232 version (mc, fixed 4.6.0) CVE-2004-0231 version (mc, fixed 4.6.0) CVE-2004-0229 version (kernel, fixed 2.6.6) CVE-2004-0228 version (kernel, fixed 2.6.6) CVE-2004-0226 version (mc, fixed 4.6.0) CVE-2004-0189 version (squid, fixed 2.5.STABLE5) CVE-2004-0186 version (samba, not 3.0.2a) CVE-2004-0184 version (tcpdump, fixed 3.8.2) CVE-2004-0183 version (tcpdump, fixed 3.8.2) CVE-2004-0182 version (mailman) only affected Red Hat packages CVE-2004-0181 version (kernel, fixed 2.6.5) CVE-2004-0180 version (cvs, fixed 1.11.15) CVE-2004-0179 version (openoffice.org) CVE-2004-0179 version (neon, fixed 0.24.5) CVE-2004-0178 version (kernel, not 2.6) CVE-2004-0177 version (kernel, fixed 2.6.6) CVE-2004-0176 version (wireshark, fixed 0.10.3) CVE-2004-0175 version (openssh, fixed 3.4p1) CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch CVE-2004-0174 version (httpd, not 2.2) CVE-2004-0173 version (httpd, not 2.2) CVE-2004-0164 version (racoon) CVE-2004-0155 version (racoon) CVE-2004-0154 version (nfs-utils, fixed 1.0.6) CVE-2004-0150 version (python, fixed 2.2.2) CVE-2004-0138 version (kernel, fixed 2.6.0) CVE-2004-0133 version (kernel, fixed 2.6.4) CVE-2004-0113 version (httpd, not 2.2) CVE-2004-0112 version (openssl, not 0.9.8) CVE-2004-0112 backport (openssl097a, fixed 0.9.7d) CVE-2004-0110 version (libxml2, fixed 2.6.6) CVE-2004-0109 version (kernel, fixed 2.6.6) CVE-2004-0108 version (sysstat) CVE-2004-0107 version (sysstat, fixed after 4.0.7) CVE-2004-0106 version (XFree86) CVE-2004-0098 version (php) CVE-2004-0097 version (pwlib, fixed 1.6.0) CVE-2004-0096 version (mod_python, fixed after 2.7.9) CVE-2004-0094 version (XFree86, fixed 4.3.0) CVE-2004-0093 version (XFree86, fixed 4.3.0) CVE-2004-0084 version (XFree86) CVE-2004-0083 version (XFree86) CVE-2004-0082 version (samba, fixed 3.0.2) CVE-2004-0081 version (openssl097a, not 0.9.7) CVE-2004-0081 version (openssl, not 0.9.8) CVE-2004-0080 version (util-linux, fixed after 2.11f) CVE-2004-0079 version (openssl, not 0.9.8) CVE-2004-0079 backport (openssl097a, fixed 0.9.7c) CVE-2004-0078 version (mutt, fixed 1.4.2) CVE-2004-0077 version (kernel, fixed 2.6.3) CVE-2004-0075 version (kernel, not 2.6) CVE-2004-0057 version (tcpdump, fixed 3.8.2) CVE-2004-0055 version (tcpdump, fixed 3.8.2) CVE-2004-0042 ignore (vsftpd) disputed CVE-2004-0010 version (kernel, not 2.6) CVE-2004-0008 version (gaim, fixed 0.75) CVE-2004-0007 version (gaim, fixed 0.75) CVE-2004-0006 version (gaim, fixed 0.76) CVE-2004-0005 version (gaim, fixed 0.76) CVE-2004-0003 version (kernel, not 2.6) CVE-2004-0001 version (kernel, not 2.6) CVE-2003-1307 ignore (mod_php) not a vulnerability CVE-2003-1303 version (php, fixed 4.3.3) CVE-2003-1302 version (php, fixed 4.3.1) CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 CVE-2003-1232 version (emacs, fixed 21.3) CVE-2003-1201 version (openldap, not 2.2) CVE-2003-1161 version (kernel, not released version) CVE-2003-1138 backport (httpd, Red Hat only) contains /+ now CVE-2003-1029 version (tcpdump, fixed after 3.8.1) CVE-2003-1023 version (mc, 4.6.1) CVE-2003-1013 version (wireshark, fixed 0.10.0) CVE-2003-1012 version (wireshark, fixed 0.10.0) CVE-2003-0993 version (httpd, not 2.2) CVE-2003-0992 version (mailman, fixed 2.1.4) CVE-2003-0992 version (mailman, fixed 2.1.3) CVE-2003-0991 version (mailman, fixed 2.0.14) CVE-2003-0990 version (squirrelmail, fixed after 1.4.0) CVE-2003-0989 version (tcpdump, fixed 3.8.1) CVE-2003-0989 version (tcpdump, fixed 3.8.1) CVE-2003-0988 version (kdepim, fixed 3.1.5) CVE-2003-0988 version (kde, fixed 3.1.5) CVE-2003-0987 version (httpd, not 2.2) CVE-2003-0986 version (kernel, fixed 2.6.2) CVE-2003-0985 version (kernel, not 2.6) CVE-2003-0984 version (kernel, fixed 2.4.23) CVE-2003-0977 version (cvs, fixed 1.11.10) CVE-2003-0973 version (mod_python, fixed 3.0.4) CVE-2003-0972 version (screen, fixed after 4.0.1) CVE-2003-0971 version (gnupg, fixed after 1.0.2) CVE-2003-0968 version (freeradius, fixed after 0.9.3) CVE-2003-0967 version (freeradius, fixed after 0.9.2) CVE-2003-0965 version (mailman, fixed 2.1.4) CVE-2003-0963 version (lftp, fixed after 2.6.9) CVE-2003-0962 version (rsync, fixed 2.5.7) CVE-2003-0961 version (kernel, fixed 2.4.23) CVE-2003-0959 version (kernel, fixed 2.4.21) CVE-2003-0956 version (kernel, fixed 2.4.22) CVE-2003-0935 version (net-snmp, fixed 5.0.9) CVE-2003-0927 version (wireshark, fixed 0.9.16) CVE-2003-0926 version (wireshark, fixed 0.9.16) CVE-2003-0925 version (wireshark, fixed 0.9.16) CVE-2003-0924 version (netpbm, fixed 9.26) CVE-2003-0914 version (bind, not 9) CVE-2003-0901 version (postgresql, not 8) CVE-2003-0900 version (perl, only 5.8.1) CVE-2003-0865 version (tomcat, fixed after 4.0.3) CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html CVE-2003-0861 version (php, fixed 4.3.3) CVE-2003-0860 version (php, fixed 4.3.3) CVE-2003-0859 version (glibc, checked fc5 source) CVE-2003-0858 version (quagga, fixed 0.95) CVE-2003-0856 version (iproute) CVE-2003-0854 version (coreutils, fixed 5.1.3) CVE-2003-0853 version (coreutils, fixed 5.1.3) CVE-2003-0851 version (openssl097a, not 0.9.7) CVE-2003-0851 version (openssl, not 0.9.8) CVE-2003-0795 version (quagga, fixed 0.96.4) CVE-2003-0794 version (gdm, fixed 2.4.1.7) CVE-2003-0793 version (gdm, fixed 2.4.1.7) CVE-2003-0792 version (fetchmail, 6.2.4 only) CVE-2003-0789 version (httpd, not 2.2) CVE-2003-0788 version (cups, fixed 1.1.19) CVE-2003-0787 version (openssh, fixed 3.7.1p2) CVE-2003-0786 version (openssh, fixed 3.7.1p2) CVE-2003-0780 version (mysql, not 4.1) CVE-2003-0778 version (sane-backends, fixed 1.0.10) CVE-2003-0777 version (sane-backends, fixed 1.0.10) CVE-2003-0776 version (sane-backends, fixed 1.0.10) CVE-2003-0775 version (sane-backends, fixed 1.0.10) CVE-2003-0774 version (sane-backends, fixed 1.0.10) CVE-2003-0773 version (sane-backends, fixed 1.0.10) CVE-2003-0740 version (stunnel, fixed 3.26) CVE-2003-0730 version (XFree86, fixed after 4.3.0) CVE-2003-0700 version (kernel, not 2.6) CVE-2003-0699 version (kernel, not 2.6) CVE-2003-0695 version (openssh, fixed 3.7.1) CVE-2003-0694 version (sendmail, fixed 8.12.10) CVE-2003-0693 version (openssh, fixed 3.7) CVE-2003-0692 version (kde, fixed after 3.1.3) CVE-2003-0690 version (kde, fixed after 3.1.3) CVE-2003-0689 version (glibc, fixed 2.3.2 at least) CVE-2003-0688 version (sendmail, fixed 8.12.9) CVE-2003-0686 version (pam_smb, fixed 1.1.7) CVE-2003-0682 version (openssh, fixed 4.0p1 at least) CVE-2003-0681 version (sendmail, fixed 8.12.10) CVE-2003-0655 version (cdrtools, fixed 2.01a18) CVE-2003-0644 version (kdbg, not after 1.2.8) CVE-2003-0643 version (kernel, not 2.6) CVE-2003-0619 version (kernel, not 2.6) CVE-2003-0618 version (suidperl, fixed 5.8.6 at least) CVE-2003-0592 version (kde, fixed 3.1.3) CVE-2003-0555 ignore (ImageMagick) wasn't reproducable CVE-2003-0552 version (kernel, not 2.6) CVE-2003-0551 version (kernel, not 2.6) CVE-2003-0550 version (kernel, not 2.6) CVE-2003-0549 version (gdm, fixed 2.4.1.6) CVE-2003-0548 version (gdm, fixed 2.4.1.6) CVE-2003-0547 version (gdm, fixed 2.4.1.6) CVE-2003-0545 version (openssl, not 0.9.8) CVE-2003-0545 backport (openssl097a, fixed 0.9.7c) CVE-2003-0544 version (openssl, not 0.9.8) CVE-2003-0544 backport (openssl097a, fixed 0.9.7c) CVE-2003-0543 version (openssl, not 0.9.8) CVE-2003-0543 backport (openssl097a, fixed 0.9.7c) CVE-2003-0542 version (httpd, not 2.2) CVE-2003-0541 version (gtkhtml3) CVE-2003-0541 version (gtkhtml2) CVE-2003-0540 version (postfix, not 2.0 onwards) CVE-2003-0517 version (mgetty, fixed 1.1.29) CVE-2003-0516 version (mgetty, fixed 1.1.29) CVE-2003-0501 version (kernel, fixed 2.6.1) CVE-2003-0476 version (kernel, fixed 2.6.1) CVE-2003-0468 version (postfix, fixed 1.1.12) CVE-2003-0467 version (kernel, not 2.6) CVE-2003-0465 version (kernel, not 2.6) CVE-2003-0464 version (kernel, not 2.6) CVE-2003-0462 version (kernel, fixed 2.6.1) CVE-2003-0461 version (kernel, fixed 2.6.1) CVE-2003-0459 version (kdelibs, not 3.2) CVE-2003-0455 version (ImageMagick) CVE-2003-0442 version (php, fixed 4.3.2) CVE-2003-0432 version (wireshark, fixed after 0.9.12) CVE-2003-0431 version (wireshark, fixed after 0.9.12) CVE-2003-0430 version (wireshark, fixed after 0.9.12) CVE-2003-0429 version (wireshark, fixed after 0.9.12) CVE-2003-0428 version (wireshark, fixed after 0.9.12) CVE-2003-0427 backport (mikmod) from changelog CVE-2003-0418 version (kernel, not 2.6) CVE-2003-0388 version (pam, fixed 0.78) CVE-2003-0386 version (openssh, fixed after 3.6.1) CVE-2003-0370 version (kde, fixed 3.0) CVE-2003-0367 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch CVE-2003-0364 version (kernel, not 2.6) CVE-2003-0357 version (wireshark, fixed after 0.9.11) CVE-2003-0356 version (wireshark, fixed after 0.9.11) CVE-2003-0354 version (ghostscript, fixed 7.07) CVE-2003-0328 version (epic, fixed epic4-2.2 at least) CVE-2003-0300 ignore (sylpheed) only a crasher CVE-2003-0299 ignore (mutt) only a crasher CVE-2003-0296 version (evolution, fixed 1.4.5 at least) CVE-2003-0289 version (cdrtools, fixed 2.01a14) CVE-2003-0282 version (unzip, fixed 5.51) CVE-2003-0255 version (gnupg, fixed 1.2.2) CVE-2003-0253 version (httpd, not 2.2) CVE-2003-0252 version (nfs-utils, fixed 1.0.4) CVE-2003-0251 version (ypserv, fixed 2.7) CVE-2003-0249 ignore (php) see CVE CVE-2003-0248 version (kernel, not 2.6) CVE-2003-0247 version (kernel, not 2.6) CVE-2003-0246 version (kernel, not 2.6) CVE-2003-0245 version (httpd, not 2.2) CVE-2003-0245 version (httpd, not 2.2) CVE-2003-0244 version (kernel, not 2.6) CVE-2003-0211 version (xinetd, fixed 2.3.11) CVE-2003-0204 version (kde, fixed after 3.1.1) CVE-2003-0201 version (samba, fixed 2.2.8a) CVE-2003-0196 version (samba, fixed 2.2.8a) CVE-2003-0195 version (cups, fixed 1.1.19) CVE-2003-0194 version (tcpdump, not upstream) CVE-2003-0192 version (httpd, not 2.2) CVE-2003-0190 version (openssh, fixed 3.6.1p1) CVE-2003-0189 version (httpd, not 2.2) CVE-2003-0188 version (lv, fixed 4.51 at least) CVE-2003-0187 version (kernel, not 2.6) CVE-2003-0167 version (mutt, fixed 1.4.1) CVE-2003-0166 version (php, fixed 4.3.2) CVE-2003-0165 version (eog, fixed 2.2.2) CVE-2003-0161 version (sendmail, fixed 8.12.9) CVE-2003-0160 version (squirrelmail, fixed 1.2.11) CVE-2003-0159 version (wireshark, fixed after 0.9.9) CVE-2003-0150 version (mysql, fixed 3.23.56) CVE-2003-0147 version (openssl, not 0.9.8) CVE-2003-0147 backport (openssl097a, fixed 0.9.7b) CVE-2003-0146 version (netpbm, fixed 10.18) CVE-2003-0145 version (tcpdump, fixed 3.7.2) CVE-2003-0140 version (mutt, fixed 1.4.1) CVE-2003-0139 version (krb5, fixed 1.3) CVE-2003-0138 version (krb5, fixed 1.3) CVE-2003-0135 version (vsftpd, not upstream) CVE-2003-0133 version (evolution, fixed 1.2.4) CVE-2003-0132 version (httpd, not 2.2) CVE-2003-0131 version (openssl, not 0.9.8) CVE-2003-0131 backport (openssl097a, fixed 0.9.7b) CVE-2003-0130 version (evolution, fixed 1.2.3) CVE-2003-0129 version (evolution, fixed 1.2.3) CVE-2003-0128 version (evolution, fixed 1.2.3) CVE-2003-0127 version (kernel, not 2.6) CVE-2003-0124 version (man, fixed 1.5l) CVE-2003-0108 version (tcpdump, fixed after 3.7.1) CVE-2003-0107 version (zlib, fixed 1.2.0.2 at least) CVE-2003-0102 version (file, fixed 3.41) CVE-2003-0097 version (php, fixed 4.3.1) CVE-2003-0093 version (tcpdump, fixed 3.7.2) CVE-2003-0086 version (samba, fixed 2.2.8) CVE-2003-0085 version (samba, fixed 2.2.8) CVE-2003-0083 version (httpd, not 2.2) CVE-2003-0082 version (krb5, fixed after 1.2.7) CVE-2003-0081 version (wireshark, fixed after 0.9.9) CVE-2003-0078 version (openssl097a, fixed 0.9.7a) CVE-2003-0078 version (openssl, not 0.9.8) CVE-2003-0073 version (mysql, fixed 3.23.55) CVE-2003-0072 version (krb5, fixed after 1.2.7) CVE-2003-0071 version (xorg-x11, fixed in 6.8.2 at least) CVE-2003-0070 version (vte, fixed 0.11.1 at least) CVE-2003-0063 version (xorg-x11, fixed in 4.2.99 at least) CVE-2003-0060 version (krb5, fixed 1.2.5) CVE-2003-0059 version (krb5, fixed 1.2.5) CVE-2003-0058 version (krb5, fixed 1.2.5) CVE-2003-0044 version (tomcat, fixed after 3.3.1a) CVE-2003-0043 version (tomcat, fixed 3.3.1a) CVE-2003-0041 version (krb5, fixed after 1.2.7) CVE-2003-0038 version (mailman, fixed 2.0.13 at least) CVE-2003-0028 version (krb5, fixed after 1.2.7) CVE-2003-0028 version (glibc, fixed after 2.3.1) CVE-2003-0026 version (dhcp, fixed 3.0.1) CVE-2003-0020 version (httpd, not 2.2) CVE-2003-0019 version (kernel-utils, not upstream) CVE-2003-0018 version (kernel, not 2.6) CVE-2003-0017 version (httpd, not 2.2) CVE-2003-0016 version (httpd, not 2.2) CVE-2003-0015 version (cvs, fixed 1.11.5) CVE-2003-0001 version (kernel, not 2.6) CVE-2002-2215 version (php, fixed 4.3.0) CVE-2002-2214 version (php, fixed 4.2.2) CVE-2002-2211 ignore (bind) see http://www.kb.cert.org/vuls/id/457875 CVE-2002-2210 ignore (openoffice) binary install only (not rpm install) CVE-2002-2204 ignore (rpm) by design CVE-2002-2196 version (samba, fixed 2.2.5) CVE-2002-2185 version (kernel, fixed 2.6.15) CVE-2002-2103 version (httpd, not 2.0) CVE-2002-2060 version (links, fixed after 2.0pre4) CVE-2002-2043 ignore (cyrus-sasl) patch against cyrus-sasl CVE-2002-2012 ignore (httpd) not upstream version CVE-2002-2010 version (htdig, fixed 3.1.6) CVE-2002-2009 version (tomcat, fixed 4.0.3) CVE-2002-2007 version (tomcat, not 5) CVE-2002-2006 version (tomcat, not 5) CVE-2002-1976 ignore (ifconfig) "use ip" CVE-2002-1963 version (kernel, not 2.6) CVE-2002-1914 version (dump, fixed 0.4b29) CVE-2002-1850 version (mod_cgi, fixed 2.0.41) CVE-2002-1827 version (sendmail, fixed after 8.12.3) CVE-2002-1814 ignore (libbonobo) not shipped setuid CVE-2002-1793 version (mod_ssl) not upstream, only hp CVE-2002-1783 version (php, fixed after 4.2.3) CVE-2002-1765 version (evolution, fixed 1.0.5) CVE-2002-1658 ignore (httpd) not a vulnerability CVE-2002-1657 ignore (postgresql) upstream disagree CVE-2002-1650 version (squirrelmail, fixed 1.2.3) CVE-2002-1649 version (squirrelmail, fixed 1.2.3) CVE-2002-1648 version (squirrelmail, fixed 1.2.3) CVE-2002-1642 version (postgresql, fixed 7.2.3) CVE-2002-1602 ignore (screen) not setuid CVE-2002-1593 version (httpd, not 2.2) CVE-2002-1592 version (httpd, not 2.2) CVE-2002-1574 version (kernel, not 2.6) CVE-2002-1573 version (kernel, not 2.6) CVE-2002-1572 version (kernel, not 2.6) CVE-2002-1571 version (kernel, not 2.6) CVE-2002-1570 version (net-snmp, fixed in 5.0.8 at least) CVE-2002-1568 version (openssl097a, fixed 0.9.6f) CVE-2002-1568 version (openssl, fixed 0.9.6f) CVE-2002-1567 version (tomcat, fixed 4.1.3) CVE-2002-1565 version (wget, not 1.9+) CVE-2002-1563 version (stunnel, fixed 4.04) CVE-2002-1511 version (vnc, fixed 3.3.3) CVE-2002-1510 version (XFree86, fixed 4.2.0) CVE-2002-1509 version (shadow-utils) CVE-2002-1508 version (openldap, not 2.3.24+) CVE-2002-1472 version (XFree86, fixed 4.2.1) CVE-2002-1471 version (evolution, fixed 1.1.1 at least) CVE-2002-1405 version (lynx, fixed 2.8.5dev9) CVE-2002-1402 version (postgresql, fixed 7.2.2) CVE-2002-1401 version (postgresql, fixed 7.2.4) CVE-2002-1400 version (postgresql, fixed 7.2.2) CVE-2002-1399 version (postgresql, fixed 7.2.3) CVE-2002-1398 version (postgresql, fixed 7.2.2) CVE-2002-1397 version (postgresql, fixed 7.2.3) CVE-2002-1396 version (php, fixed 4.3.0) CVE-2002-1394 version (tomcat, fixed 4.0.6) CVE-2002-1393 version (kde, fixed 3.0.5a) CVE-2002-1392 version (mgetty, fixed 1.1.29) CVE-2002-1391 version (mgetty, fixed 1.1.29) CVE-2002-1384 version (cups, fixed 1.1.18) CVE-2002-1383 version (cups, fixed 1.1.18) CVE-2002-1380 version (kernel, not 2.6) CVE-2002-1379 version (openldap, not 2.3.24+) CVE-2002-1378 version (openldap, not 2.3.24+) CVE-2002-1377 version (vim, fixed patch 6.1.265) CVE-2002-1376 version (mysql, fixed 4.0.6) CVE-2002-1375 version (mysql, fixed 4.0.6) CVE-2002-1374 version (mysql, fixed 4.0.6) CVE-2002-1373 version (mysql, fixed 3.23.54) CVE-2002-1372 version (cups, fixed 1.1.18) CVE-2002-1371 version (cups, fixed 1.1.18) CVE-2002-1369 version (cups, fixed 1.1.18) CVE-2002-1368 version (cups, fixed 1.1.18) CVE-2002-1367 version (cups, fixed 1.1.18) CVE-2002-1366 version (cups, fixed 1.1.18) CVE-2002-1365 version (fetchmail, fixed 6.2.0) CVE-2002-1363 version (libpng, fixed 1.2.6) CVE-2002-1356 version (wireshark, fixed after 0.9.7) CVE-2002-1355 version (wireshark, fixed after 0.9.7) CVE-2002-1350 version (tcpdump, fixed 3.7) CVE-2002-1348 version (w3m, fixed 0.3.2.2) CVE-2002-1347 version (cyrus-sasl, fixed 2.1.10) CVE-2002-1344 version (wget, fixed 1.8.2) CVE-2002-1341 version (squirrelmail, fixed after 1.2.10) CVE-2002-1337 version (sendmail, fixed 8.12.8) CVE-2002-1335 version (w3m, fixed 0.3.2.1) CVE-2002-1323 version (perl, fixed 5.8.0.1 at least) CVE-2002-1319 version (kernel, fixed 2.5.48) CVE-2002-1318 version (samba, fixed 2.2.7) CVE-2002-1306 version (kde, fixed 3.0.4) CVE-2002-1285 ignore (lprng) actually lpdfilter issue CVE-2002-1282 version (kde, fixed 3.0.5) CVE-2002-1281 version (kde, fixed 3.0.5) CVE-2002-1276 version (squirrelmail, fixed 1.4.2) CVE-2002-1247 version (kdenetwork, fixed 3.0.5) CVE-2002-1235 version (krb5, fixed after 1.2.6) CVE-2002-1233 ignore (httpd) Debian regression CVE-2002-1232 version (ypserv, fixed 2.5) CVE-2002-1227 version (pam, only 0.76) CVE-2002-1224 version (kde, fixed 3.0.4) CVE-2002-1223 version (kdegraphics, fixed 3.0.4) CVE-2002-1221 version (bind, not 9) CVE-2002-1220 version (bind, not 9) CVE-2002-1219 version (bind, not 9) CVE-2002-1217 version (tar, fixed 1.13.25) CVE-2002-1175 version (fetchmail, fixed 6.2.0) CVE-2002-1174 version (fetchmail, fixed 6.2.0) CVE-2002-1170 version (net-snmp, fixed 5.0.6) CVE-2002-1165 version (sendmail, fixed 8.12.10 at least) CVE-2002-1160 version (pam) was our config CVE-2002-1157 version (httpd, not 2.0) CVE-2002-1156 version (httpd, fixed 2.0.43) CVE-2002-1152 version (kdenetwork, fixed 3.0.3) CVE-2002-1151 version (kdenetwork, fixed 3.0.3a) CVE-2002-1148 version (tomcat, fixed 4.0.5) CVE-2002-1146 version (glibc, fixed 2.2.6) CVE-2002-1146 version (bind, not 8.3+) CVE-2002-1131 version (squirrelmail, fixed 1.2.8) CVE-2002-1119 version (python, fixed 2.2.2) CVE-2002-0989 version (gaim, fixed 0.59.1) CVE-2002-0986 version (php, fixed 4.2.3) CVE-2002-0985 version (php, fixed 4.2.3) CVE-2002-0972 version (postgresql, fixed 7.2.2) CVE-2002-0970 version (kdenetwork, fixed 3.0.3) CVE-2002-0935 version (tomcat, fixed 4.1.3) CVE-2002-0906 version (sendmail, fxied 8.12.5) CVE-2002-0871 version (xinetd, fixed 2.3.7) CVE-2002-0855 version (mailman, fixed 2.0.12) CVE-2002-0843 version (httpd, not 2.2) CVE-2002-0840 version (httpd, not 2.2) CVE-2002-0839 version (httpd, not 2.2) CVE-2002-0838 version (kdegraphics, fixed 3.0.4) CVE-2002-0838 version (ggv, fixed 20030119, 2.8.0 at least) CVE-2002-0837 version (wordtrans, fixed 1.1pre13 at least) CVE-2002-0836 version (tetex, fixed 2.0.2 at least) CVE-2002-0834 version (wireshark) CVE-2002-0825 version (nss_ldap, fixed nss_ldap-198) CVE-2002-0822 version (wireshark) CVE-2002-0821 version (wireshark) CVE-2002-0819 version (arts, fixed cvs 20020707) CVE-2002-0802 version (postgresql, fixed 7.2) CVE-2002-0761 version (bzip2, fixed 1.0.2) CVE-2002-0760 version (bzip2, fixed 1.0.2) CVE-2002-0759 version (bzip2, fixed 1.0.2) CVE-2002-0728 version (libpng, fixed 1.2.4) CVE-2002-0717 version (php, fixed 4.2.2) CVE-2002-0715 version (squid, fixed 2.4.STABLE6) CVE-2002-0714 version (squid, fixed 2.4.STABLE6) CVE-2002-0713 version (squid, fixed 2.4.STABLE6) CVE-2002-0704 version (kernel, fixed 2.6.11) CVE-2002-0702 version (dhcpd, fixed 3.0.1) CVE-2002-0684 version (glibc, fixed afted 2.2.5) CVE-2002-0682 version (tomcat, fixed 4.1.3) CVE-2002-0662 version (scrollkeeper, fixed after 0.3.11) CVE-2002-0660 version (libpng, fixed 1.0.14) CVE-2002-0659 version (openssl097a, not 0.9.7) CVE-2002-0659 version (openssl, not 0.9.8) CVE-2002-0657 version (openssl097a, not 0.9.7) CVE-2002-0657 version (openssl, not 0.9.8) CVE-2002-0656 version (openssl097a, not 0.9.7) CVE-2002-0656 version (openssl, not 0.9.8) CVE-2002-0655 version (openssl097a, not 0.9.7) CVE-2002-0655 version (openssl, not 0.9.8) CVE-2002-0653 version (mod_ssl, not httpd 2.2) CVE-2002-0651 version (bind, not 9) CVE-2002-0640 version (openssh, fixed after 3.3) CVE-2002-0639 version (openssh, fixed after 3.3) CVE-2002-0638 version (util-linux, fixed 2.13 at least) CVE-2002-0575 version (openssh, fixed 3.2.1) CVE-2002-0570 ignore (kernel) not a vulnerability CVE-2002-0517 version (XFree86) didn't affect Linux CVE-2002-0516 version (squirrelmail, fixed 1.2.6) CVE-2002-0510 ignore (kernel) see cve CVE-2002-0506 version (newt, not 0.5.22 at least) CVE-2002-0499 version (kernel, not 2.6) CVE-2002-0497 backport (mtr) mtr-0.69-CVE-2002-0497.patch CVE-2002-0493 version (tomcat, fixed 4.1.12) CVE-2002-0435 version (fileutils, fixed 4.1.7) CVE-2002-0429 version (kernel, not 2.6) CVE-2002-0404 version (wireshark, fixed ethereal 0.9.3) CVE-2002-0403 version (wireshark, fixed ethereal 0.9.3) CVE-2002-0402 version (wireshark, fixed ethereal 0.9.3) CVE-2002-0401 version (wireshark, fixed ethereal 0.9.3) CVE-2002-0400 version (bind, fixed 9.2.1) CVE-2002-0399 version (tar, fixed 1.13.26) CVE-2002-0392 version (httpd, not 2.2) CVE-2002-0391 version (krb5, fixed after 1.2.5) CVE-2002-0391 version (glibc, fixed after 2.2.5) CVE-2002-0389 ignore (mailman) upstream say not a vulnerability CVE-2002-0388 version (mailman, fixed 2.0.11) CVE-2002-0384 version (gaim, fixed 0.58) CVE-2002-0382 version (xchat, fixed 1.9.1) CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) CVE-2002-0379 version (imap, vuln code removed imap-2002) CVE-2002-0377 version (gaim, fixed 0.58) CVE-2002-0374 version (pam_ldap, fixed 144) CVE-2002-0363 version (ghostscript, fixed 6.53) CVE-2002-0353 version (wireshark, fixed ethereal 0.9.3) CVE-2002-0342 version (kde, not 2.2+) CVE-2002-0318 version (freeradius, fixed 0.7) CVE-2002-0253 ignore (php) not a vulnerability CVE-2002-0240 ignore (php) windows only CVE-2002-0232 version (mrtg, not 2.11.1 at least) CVE-2002-0229 version (php) CVE-2002-0185 version (mod_python, fixed 2.7.7) CVE-2002-0184 version (sudo, fixed 1.6.6) CVE-2002-0180 version (webalizer, fixed 2.01-10) CVE-2002-0169 ignore (docbook) was RHL only CVE-2002-0165 version (logwatch, fixed 2.6) CVE-2002-0164 version (XFree86, fixed 4.2.1) CVE-2002-0163 version (squid, fixed 20020312) CVE-2002-0162 version (logwatch, fixed 2.5) CVE-2002-0157 version (nautilus) CVE-2002-0146 version (fetchmail, fixed 5.9.10) CVE-2002-0130 ignore (efax) not setuid root CVE-2002-0129 ignore (efax) not setuid root CVE-2002-0121 version (php, fixed after 4.1.1) CVE-2002-0092 version (cve, fixed 1.10.8) CVE-2002-0083 version (openssh, fixed 3.1) CVE-2002-0082 version (mod_ssl, not httpd 2.2) CVE-2002-0081 version (php, not 4.2+) CVE-2002-0080 version (rsync, fixed 2.5.3) CVE-2002-0069 version (squid, fixed 2.4STABLE4) CVE-2002-0068 version (squid, fixed 2.4STABLE4) CVE-2002-0067 version (squid, fixed 2.4STABLE4) CVE-2002-0063 version (cups, fixed 1.1.14) CVE-2002-0062 version (ncurses, only 5.0) CVE-2002-0060 version (kernel, fixed 2.5.5) CVE-2002-0059 version (zlib, fixed 1.1.4) CVE-2002-0059 ** (zlib) cvs, dump, gcc, libgcj, kernel, rsync, vnc CVE-2002-0048 version (rsync, fixed 2.5.2) CVE-2002-0046 version (kernel, fixed 2.4.0) CVE-2002-0045 version (openldap, fixed 2.0.20) CVE-2002-0044 version (enscript, fixed 1.6.4 at least) CVE-2002-0043 version (sudo, fixed 1.6.4) CVE-2002-0036 version (krb5, fixed 1.2.5) CVE-2002-0029 version (bind, not 9) CVE-2002-0013 version (net-snmp, fixed 4.2.3) CVE-2002-0012 version (net-snmp, fixed 4.2.3) CVE-2002-0006 version (xchat, fixed 1.8.7) cve is wrong CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-lexer.patch CVE-2002-0003 version (groff, fixed 1.17.2) CVE-2002-0002 version (stunnel, fixed 3.22) CVE-2002-0001 version (mutt, fixed 1.3.25) CVE-2001-1494 version (util-linux, fixed 2.11n) CVE-2001-0955 version (XFree86, fixed 4.2.0) CVE-2001-0474 version (mesa, fixed 3.3-14) CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch