All packages waiting to be released to updates

All packages waiting to be built to updates-testing

ID Changed Date Sev Pri Status Comp StatusSummary Summary
151640 2006-07-17 nor nor ON_Q lesstif impact=moderate, LEGACY, 3, needsbuild CAN-2005-0605 libxpm issue
180057 2006-08-29 hig nor NEW kdebase impact=important, LEGACY, 2, 3, still needsbuild CVE-2005-2494 kdebase- kcheckpass privilege escalation, CVE-2006-2449 kdebase- KDM symlink attack vulnerability
189826 2006-06-06 hig nor NEW freeradius impact=important, LEGACY, 1, 2, 3, needsbuild CVE-2005-1454,1455,4744, CVE-2006-1354 FreeRADIUS issues
214391 2006-11-15 hig hig NEW php impact=important, LEGACY, 3, 4, needsbuild PHP multiple vulnerabilities - CVE-2006-3016, CVE-2006-4020, CVE-2006-4482, CVE-2006-4484, CVE-2006-4486, CVE-2006-5465

All -fc4 packages lacking VERIFY, but will be released anyway unless issues are found

All -fc4 packages lacking VERIFY

All -fc4 packages lacking PUBLISH (but excluding NEEDSWORK)

ID Changed Date Sev Pri Status Comp StatusSummary Summary
214393 2006-11-11 nor nor NEW qt LEGACY, 3, 4, publish-fc3, publish-fc4 CVE-2006-4811 qt integer overflow
214395 2006-11-11 nor nor NEW python impact=important, LEGACY, 3, 4, publish-fc3, publish-fc4 CVE-2006-4980 repr unicode buffer overflow
214907 2006-11-15 nor nor NEW texinfo impact=moderate, LEGACY, 3, 4, publish-fc3, publish-fc4 texinfo multiple vulnerabilities - CVE-2005-3011, CVE-2006-4810
215807 2006-11-15 nor nor NEW elinks impact=critical, LEGACY, 3, 4, publish-fc3, publish-fc4 CVE-2006-5925 elinks smb protocol arbitrary file access

All packages which need discussion:

ID Changed Date Sev Pri Status Comp StatusSummary Summary
209167 2006-12-18 urg urg NEW seamonkey LEGACY, rh73, rh90, 1, 2, 3, 4, discuss, NEEDSWORK seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla

All packages which need work (e.g., packages, patch analysis,...)

ID Changed Date Sev Pri Status Comp StatusSummary Summary
152776 2006-04-20 nor nor ASSI imlib 1, LEGACY, NEEDSWORK, QA, rh73, rh90, publish-rhl9 CAN-2004-0817,1025,1026 imlib heap overflow in BMP decoder
152816 2006-04-20 nor nor ASSI kdegraphics 1, LEGACY, rh73, rh90, NEEDSWORK CAN-2004-0803,0803,0886 kdefax libtiff remote code execution
152828 2006-04-20 nor nor ASSI libxml 1, LEGACY, NEEDSWORK, rh73, rh90 libxml security vulnerabilities - CAN-2004-0989, CAN-2004-0110
152843 2006-08-21 nor nor NEW netatalk 1, LEGACY, NEEDSWORK, rh73, rh90 CAN-2004-0974 Netatalk "etc2ps.sh" Script Insecure Temporary File Creation
152849 2006-10-23 nor nor NEW ghostscript 1, LEGACY, NEEDSWORK, rh73, rh90 CAN-2004-0967 Ghostscript Insecure Temporary File Creation
152872 2006-04-20 nor nor NEW namazu 1, LEGACY, rh73, rh90,needswork CAN-2004-1318 Namazu 2.0.13 and earlier Cross-site scripting vulnerability
152880 2006-04-20 nor nor NEW koffice LEGACY, NEEDSWORK, rh90, 1, 2, 3 KOffice multiple vulnerabilities (CAN-2005-2971, CAN-2005-3191, CVE-2005-3192, CAN-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627)
152888 2007-02-05 nor nor ASSI less LEGACY, rh90, NEEDSWORK CAN-2005-0086, less segfault
152899 2006-04-20 nor nor NEW xemacs 1, LEGACY, NEEDSWORK, rh73, rh90 CAN-2005-0100 xemacs string format issue
152903 2006-04-20 nor nor NEW evolution 1, LEGACY, NEEDSWORK, rh73, rh90 CAN-2005-0102 evolution integer overflow
152905 2006-04-20 nor low NEW nasm 1, LEGACY, NEEDSWORK, rh73, rh90 CAN-2004-1287 nasm buffer overflow
152920 2006-04-20 nor nor NEW sylpheed 1, LEGACY, rh73, rh90, publish-rhl73, needswork CAN-2005-0667,CAN-2005-0926 sylpheed buffer overflows
164487 2006-04-20 nor nor NEW kdenetwork LEGACY, rh73, rh90, 1, NEEDSWORK CAN-2005-0205 kdenetwork- kppp local domain name hijacking
167801 2006-03-12 nor nor NEW cups LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK CAN-2005-2097, 3191-3193, 3624-3628 CUPS Denial of Service
168142 2006-04-20 nor nor NEW groff LEGACY, rh90, 1, 2, NEEDSWORK CAN-2004-1296 groff temporary file vulnerabilities in pic2graph and eqn2graph
169235 2006-04-20 nor nor NEW python2 LEGACY, 1, 2, rh73, rh90, NEEDSWORK CAN-2005-0089 CAN-2005-2491 python multiple security issues
172669 Fri 22:42 low nor NEW cpio impact=low, LEGACY, 3, 4, NEEDSWORK CVE-2005-4268 cpio large filesize buffer overflow
173273 2005-12-18 nor nor NEW gtk2 LEGACY, NEEDSWORK gtk2 multiple vulnerabilities, CVE-2005-2975, CVE-2005-3186
175405 2006-08-13 nor nor NEW openmotif impact=moderate, LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK CVE-2005-3964 Open Motif libUil Buffer Overflows
176926 2006-10-13 nor nor NEW ImageMagick impact=moderate, LEGACY, rh73, rh90, 3, 4, NEEDSWORK CVE-2006-0082 ImageMagick format string vulnerability. Also CVE-2005-4601, CVE-2006-2440, CVE-2006-3743, CVE-2006-3744, CVE-2006-4144.
180060 2006-04-24 low low NEW kdeedu impact=low, LEGACY, NEEDSWORK, rh73, rh90, 1, 2 CAN-2005-2101 kdeedu- langen2kvtml tempfile vulnerability
188333 2006-05-26 nor nor NEW gdm source=vendorsec, severity=low, 3, NEEDSWORK CVE-2006-1057 gdm race condition/exploit
190694 2006-05-04 nor nor NEW cyrus-sasl impact=moderate, LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK CVE-2006-1721 cyrus-sasl digest-md5 DoS
190942 2006-05-27 nor nor NEW dia impact=moderate, LEGACY, rh73, rh9, 1, 2, 3, NEEDSWORK CVE-2006-1550 Dia multiple buffer overflows and string format vulnerabilities (CVE-2005-2966, CVE-2006-2480, CVE-2006-2453)
191571 2006-11-14 nor nor NEW wireshark impact=moderate, LEGACY, rhl73, rhl9, 3, 4, NEEDSWORK CVE-2006-1932 Multiple ethereal issues (CVE-2006-1933, CVE-2006-1934, CVE-2006-1935, CVE-2006-1936, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940, VE-2006-4805, CVE-2006-5468, CVE-2006-5469, CVE-2006-5740, CVE-2006-4574)
193843 2006-06-28 nor nor NEW mailman LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability
200034 2006-10-27 urg nor NEW kernel LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK Various kernel security issues - July thru October 2006
200963 2006-10-07 nor hig ASSI glibc LEGACY, 4, NEEDSWORK nscd 2.3.6-4 segfaults
208727 2006-11-15 hig hig NEW openssh impact=important, LEGACY, rh73, rh90, 3, 4, NEEDSWORK CVE-2006-4924 openssh DoS (also CVE-2006-5051) (also for RHL7.3: CVE-2006-0225, CVE-2003-0386)
209167 2006-12-18 urg urg NEW seamonkey LEGACY, rh73, rh90, 1, 2, 3, 4, discuss, NEEDSWORK seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla
209891 2006-11-15 nor nor NEW mailman LEGACY, 3, 4, NEEDSWORK CVE-2006-4624 mailman 2.1.9 needed (CVE-2006-3636 CVE-2006-2941)
211676 2006-11-18 nor nor NEW mailman LEGACY, 3, 4, NEEDSWORK CVE-2006-4624 mailman 2.1.9 needed (CVE-2006-3636 CVE-2006-2941)
215282 2006-11-17 nor nor ASSI firefox impact=critical, LEGACY, 3, 4, NEEDSWORK CVE-2006-5463: Multiple firefox issues (CVE-2006-5747, CVE-2006-5748, CVE-2006-5464, CVE-2006-5462)
215745 2006-11-16 nor nor NEW nss_db impact=moderate, LEGACY, 3, 4, NEEDSWORK nss_ldap authentication bypass - CVE-2006-5170
216054 2006-11-16 nor nor NEW kdelibs LEGACY, 3, 4, NEEDSWORK CVE-2006-4811 qt integer overflow in kdelibs

All packages which have been deferred until more important issues come up

ID Changed Date Sev Pri Status Comp StatusSummary Summary
121734 2006-08-13 nor nor NEED nss_ldap DEFER openssl kills pam_ldap with SIGSEGV in err_cmp when authenticating against ldaps://
144441 2005-11-16 hig nor NEW mkinitrd LEGACY, 2, DEFER mkinitrd randomly fails to make initrd properly -- missing sync?
152830 2006-04-20 nor low NEW Package request LEGACY, DEFER Links Malformed Table Denial of Service
152833 2006-04-20 nor low NEW w3m LEGACY, DEFER w3m browser also crashes on some malformed HTML
162208 2005-12-15 nor nor NEW kernel DEFER [PATCH] bonding: don't drop non-VLAN traffic
170086 2005-11-16 nor nor NEW glibc-kernheaders DEFER 'recent' flag doesn't work with iptables -- ipt_recent.h missing
180470 2006-03-01 hig nor ASSI httpd LEGACY, 1, DEFER SSL Re-negotiation in conjunction with POST method not supported
189323 2006-05-06 hig nor VERI squid LEGACY, rh73, rh90, 1, 2, 3, DEFER squid-2.4.STABLE7-0.73.3.legacy restarting frequently.

Other bug reports

ID Changed Date Sev Pri Status Comp StatusSummary Summary
138268 2006-06-29 nor nor NEW wvdial wvdialconf creates /etc/wvdial.conf with 1204 perms
153183 2006-04-20 nor nor NEW lrzsz ZRPOS file position not validated; segfaults possible
154126 2006-08-13 nor nor NEED postgresql-odbc Insecure world-readable log file creation in /tmp when debug=1
155751 2006-10-20 nor nor NEW cpio impact=moderate,public=20050413,source=bugtraq,reported=20050413 CAN-2005-1111 Race condition in cpio
157116 2006-04-20 nor nor NEW logwatch CAN-2005-1061 logwatch log processing regular expression DoS
157698 2007-02-05 nor nor ASSI libtiff CAN-2005-1544 LibTIFF TIFFOpen Buffer Overflow Vulnerability
158683 2007-01-11 low nor ASSI gdb impact=low,public=20050525,reported=20050504,source=vendorsec CAN-2005-1704 Integer overflow in gdb
158686 2007-01-11 low nor ASSI gdb impact=low,public=20050525,reported=20050520,source=vendorsec CAN-2005-1705 gdb arbitrary command execution
159018 2005-10-31 nor nor NEW gedit gedit Filename Format String Issue
159020 2007-01-14 nor nor NEW gdb GDB Multiple Vulnerabilities
160234 2005-10-31 nor nor NEW binutils GNU Binutils Binary File Descriptor Library Integer Overflow
162792 2005-10-31 nor nor NEW openldap CAN-2005-2069 OpenLDAP TLS Plaintext Password Vulnerability
162794 2005-10-31 nor nor NEW nss_ldap CAN-2005-2069 PADL Software PAM_LDAP TLS Plaintext Password
163096 2006-04-20 nor nor NEW cpio cpio - CAN-2005-1111 race and CAN-2005-1229 directory traversal issues
163829 2005-10-31 nor nor NEW net-snmp CAN-2005-2177 Net-SNMP Unspecified Remote Stream-Based Protocol DoS
163833 2005-10-31 nor nor NEW krb5 CAN-2005-1689, -117[45] MIT Kerberos Multiple Vulnerabilities
163835 2005-10-31 nor nor NEW dhcpcd CAN-2005-1848 dhcpcd Remote Denial of Service
164488 2006-04-20 nor nor NEW vim CAN-2005-2368 modelines in vim can own you
166164 2006-10-20 low nor ASSI nss_ldap impact=low,embargoed=yes,source=redhat,reported=20050816 CAN-2005-2641 pam_ldap policy vulnerability
167854 2007-01-19 nor nor NEED evolution several "camel" warnings when starting evolution
168804 2005-10-31 nor nor NEW elm CAN-2005-2665 Elm Expires Header Remote Buffer Overflow
170179 2005-10-31 nor nor NEW slocate slocate long paths denial of service - CAN-2005-2499
170413 2005-11-29 nor nor NEW abiword CAN-2005-2964 AbiWord RTF File Processing Buffer Overflow
174474 2005-12-20 nor nor NEW netpbm CAN-2005-2978 NetPBM PNMToPNG Buffer Overflow
174476 2005-12-09 nor nor NEW curl CAN-2005-3185 WGet/Curl NTLM Username Buffer Overflow
174477 2005-11-29 nor nor NEW wget CAN-2005-3185 WGet/Curl NTLM Username Buffer Overflow
179804 2006-11-16 nor nor NEW kdelibs LEGACY, rh73, rh90, 1, 2, 3 Multiple KDE package tracker for multiple vulnerabilities
181670 2006-04-20 nor nor NEW postgresql SA18890 PostgreSQL Privilege Escalation and Denial of Service
185360 2006-04-20 nor nor NEW metamail LEGACY, rh73 CVE-2006-0709 metamail buffer overflow
187253 2006-04-29 nor nor NEW php segmentation faults with multiple include virtual php requests
188213 2006-06-14 low low NEW mysql impact=important, LEGACY, rhl73, rhl90, 1, 2, 3 CVE-2006-0903 Mysql multiple vulnerabilities (
188761 2006-09-07 nor nor ASSI glibc Legacy, 4 New glibc (2.3.6-3) breaks nis+
189211 2006-04-18 nor nor NEW xscreensaver CVE-2004-2655 XScreenSaver Local Password Disclosure
194440 2006-10-07 urg urg NEW mozilla impact=critical, LEGACY, rh73, rh90, 1, 2, 3 CVE-2006-2779 Multiple Mozilla, Firefox issues (CVE-2006-2781, CVE-2006-2788)
195736 2007-02-01 nor nor NEW emacs LEGACY, 9 RMAIL in emacs mail broken by patches
200073 2006-08-11 nor nor NEW squirrelmail Squirrelmail 1.4.7 fixes several issues
200530 2006-08-07 urg nor NEW firefox CVE-2006-3801, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3811, CVE-2006-3812: major (public) security flaws fixed in firefox 1.5.0.5
200588 2006-07-28 nor nor NEW samba CVE-2006-3403 Samba Internal Data Structures Denial of Service
200592 2006-07-28 nor nor NEW libwmf LibWMF WMF File Handling Integer Overflow
200593 2006-07-28 nor nor NEW firefox Mozilla Firefox OuterHTML Redirection Handling Information Disclosure
200595 2006-07-28 nor nor NEW openoffice OpenOffice multiple vulnerabilities
200596 2006-07-28 nor nor NEW gimp CVE-2006-3404 Gimp XCF_load_vector Function Buffer Overflow
200882 2006-08-01 hig nor NEW php Segmentation fault processing large XML file
201283 2006-08-09 nor nor NEW gnupg GnuPG 1.4.5 fixes a flaw in the handling of certain packets
201792 2006-10-19 nor nor NEW apache CVE-2006-3747 Apache Mod_Rewrite Off-By-One Buffer Overflow
201936 2006-08-27 nor nor NEW libpng libpng Graphics Library Chunk Error Processing Buffer Overflow
201938 2006-08-09 nor nor NEW mutt CVE-2006-3242 Mutt BROWSE_GET_NAMESPACE IMAP Namespace Processing Buffer Overflow
204257 2006-08-27 nor nor NEW gnome-vfs2 Fedora Legacy FC4: gnome-vfs2 samba fixes
206595 2006-09-15 nor nor NEW glibc X crashes on 2.4.33.x
206728 2006-09-15 urg nor NEW firefox CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787
206766 2006-09-16 hig nor NEW kernel mm_struct leak and illegal arguments for rebalance_inactive()
208764 2006-10-06 urg urg NEW distribution PowerPC packages missing.
210304 2006-10-11 low nor NEW cscope reported=20060818,source=vendorsec,public=20060820,impact=low CVE-2006-4262 cscope buffer overflows
210305 2006-10-11 low nor NEW cscope reported=20060818,source=vendorsec,public=20060820,impact=low CVE-2006-4262 cscope buffer overflows
211653 2006-10-20 hig nor NEW freeradius source=secalert,reported=20060321,public=20060320,impact=important CVE-2006-1354 FreeRADIUS authentication bypass
211654 2006-10-20 hig nor NEW freeradius source=secalert,reported=20060321,public=20060320,impact=important CVE-2006-1354 FreeRADIUS authentication bypass
214909 2006-11-09 nor nor NEW ruby Ruby CGI multipart parsing DoS - CVE-2006-5467
215265 2006-11-12 nor nor NEW gv LEGACY, rh73, rh90, 3 CVE-2006-5864: gv (ghostview) <= 3.6.2 stack-based buffer overflow
216341 2006-11-19 hig nor NEW glibc busy loop in malloc can hang the machine