All packages waiting to be released to updates

All packages waiting to be built to updates-testing

ID Changed Date Sev Pri Status Comp StatusSummary Summary
151640 2006-07-17 nor nor ON_Q lesstif impact=moderate, LEGACY, 3, needsbuild CAN-2005-0605 libxpm issue
180057 2006-08-29 hig nor NEW kdebase impact=important, LEGACY, 2, 3, still needsbuild CVE-2005-2494 kdebase- kcheckpass privilege escalation, CVE-2006-2449 kdebase- KDM symlink attack vulnerability
189826 2006-06-06 hig nor NEW freeradius impact=important, LEGACY, 1, 2, 3, needsbuild CVE-2005-1454,1455,4744, CVE-2006-1354 FreeRADIUS issues
214391 2006-11-15 hig hig NEW php impact=important, LEGACY, 3, 4, needsbuild PHP multiple vulnerabilities - CVE-2006-3016, CVE-2006-4020, CVE-2006-4482, CVE-2006-4484, CVE-2006-4486, CVE-2006-5465

All packages lacking VERIFY, but will be released anyway unless issues are found

All packages lacking VERIFY

All packages lacking PUBLISH (but excluding NEEDSWORK)

ID Changed Date Sev Pri Status Comp StatusSummary Summary
214393 2006-11-11 nor nor NEW qt LEGACY, 3, 4, publish-fc3, publish-fc4 CVE-2006-4811 qt integer overflow
214395 2006-11-11 nor nor NEW python impact=important, LEGACY, 3, 4, publish-fc3, publish-fc4 CVE-2006-4980 repr unicode buffer overflow
214907 2006-11-15 nor nor NEW texinfo impact=moderate, LEGACY, 3, 4, publish-fc3, publish-fc4 texinfo multiple vulnerabilities - CVE-2005-3011, CVE-2006-4810
215807 2006-11-15 nor nor NEW elinks impact=critical, LEGACY, 3, 4, publish-fc3, publish-fc4 CVE-2006-5925 elinks smb protocol arbitrary file access

All packages which need discussion:

ID Changed Date Sev Pri Status Comp StatusSummary Summary
209167 2006-12-18 urg urg NEW seamonkey LEGACY, rh73, rh90, 1, 2, 3, 4, discuss, NEEDSWORK seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla

All packages which need work (e.g., packages, patch analysis,...)

ID Changed Date Sev Pri Status Comp StatusSummary Summary
152776 2006-04-20 nor nor ASSI imlib 1, LEGACY, NEEDSWORK, QA, rh73, rh90, publish-rhl9 CAN-2004-0817,1025,1026 imlib heap overflow in BMP decoder
152816 2006-04-20 nor nor ASSI kdegraphics 1, LEGACY, rh73, rh90, NEEDSWORK CAN-2004-0803,0803,0886 kdefax libtiff remote code execution
152828 2006-04-20 nor nor ASSI libxml 1, LEGACY, NEEDSWORK, rh73, rh90 libxml security vulnerabilities - CAN-2004-0989, CAN-2004-0110
152843 2006-08-21 nor nor NEW netatalk 1, LEGACY, NEEDSWORK, rh73, rh90 CAN-2004-0974 Netatalk "etc2ps.sh" Script Insecure Temporary File Creation
152849 2006-10-23 nor nor NEW ghostscript 1, LEGACY, NEEDSWORK, rh73, rh90 CAN-2004-0967 Ghostscript Insecure Temporary File Creation
152872 2006-04-20 nor nor NEW namazu 1, LEGACY, rh73, rh90,needswork CAN-2004-1318 Namazu 2.0.13 and earlier Cross-site scripting vulnerability
152880 2006-04-20 nor nor NEW koffice LEGACY, NEEDSWORK, rh90, 1, 2, 3 KOffice multiple vulnerabilities (CAN-2005-2971, CAN-2005-3191, CVE-2005-3192, CAN-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627)
152888 2007-02-05 nor nor ASSI less LEGACY, rh90, NEEDSWORK CAN-2005-0086, less segfault
152899 2006-04-20 nor nor NEW xemacs 1, LEGACY, NEEDSWORK, rh73, rh90 CAN-2005-0100 xemacs string format issue
152903 2006-04-20 nor nor NEW evolution 1, LEGACY, NEEDSWORK, rh73, rh90 CAN-2005-0102 evolution integer overflow
152905 2006-04-20 nor low NEW nasm 1, LEGACY, NEEDSWORK, rh73, rh90 CAN-2004-1287 nasm buffer overflow
152920 2006-04-20 nor nor NEW sylpheed 1, LEGACY, rh73, rh90, publish-rhl73, needswork CAN-2005-0667,CAN-2005-0926 sylpheed buffer overflows
164487 2006-04-20 nor nor NEW kdenetwork LEGACY, rh73, rh90, 1, NEEDSWORK CAN-2005-0205 kdenetwork- kppp local domain name hijacking
167801 2006-03-12 nor nor NEW cups LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK CAN-2005-2097, 3191-3193, 3624-3628 CUPS Denial of Service
168142 2006-04-20 nor nor NEW groff LEGACY, rh90, 1, 2, NEEDSWORK CAN-2004-1296 groff temporary file vulnerabilities in pic2graph and eqn2graph
169235 2006-04-20 nor nor NEW python2 LEGACY, 1, 2, rh73, rh90, NEEDSWORK CAN-2005-0089 CAN-2005-2491 python multiple security issues
172669 Fri 22:42 low nor NEW cpio impact=low, LEGACY, 3, 4, NEEDSWORK CVE-2005-4268 cpio large filesize buffer overflow
173273 2005-12-18 nor nor NEW gtk2 LEGACY, NEEDSWORK gtk2 multiple vulnerabilities, CVE-2005-2975, CVE-2005-3186
175405 2006-08-13 nor nor NEW openmotif impact=moderate, LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK CVE-2005-3964 Open Motif libUil Buffer Overflows
176926 2006-10-13 nor nor NEW ImageMagick impact=moderate, LEGACY, rh73, rh90, 3, 4, NEEDSWORK CVE-2006-0082 ImageMagick format string vulnerability. Also CVE-2005-4601, CVE-2006-2440, CVE-2006-3743, CVE-2006-3744, CVE-2006-4144.
180060 2006-04-24 low low NEW kdeedu impact=low, LEGACY, NEEDSWORK, rh73, rh90, 1, 2 CAN-2005-2101 kdeedu- langen2kvtml tempfile vulnerability
188333 2006-05-26 nor nor NEW gdm source=vendorsec, severity=low, 3, NEEDSWORK CVE-2006-1057 gdm race condition/exploit
190694 2006-05-04 nor nor NEW cyrus-sasl impact=moderate, LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK CVE-2006-1721 cyrus-sasl digest-md5 DoS
190942 2006-05-27 nor nor NEW dia impact=moderate, LEGACY, rh73, rh9, 1, 2, 3, NEEDSWORK CVE-2006-1550 Dia multiple buffer overflows and string format vulnerabilities (CVE-2005-2966, CVE-2006-2480, CVE-2006-2453)
191571 2006-11-14 nor nor NEW wireshark impact=moderate, LEGACY, rhl73, rhl9, 3, 4, NEEDSWORK CVE-2006-1932 Multiple ethereal issues (CVE-2006-1933, CVE-2006-1934, CVE-2006-1935, CVE-2006-1936, CVE-2006-1937, CVE-2006-1938, CVE-2006-1939, CVE-2006-1940, VE-2006-4805, CVE-2006-5468, CVE-2006-5469, CVE-2006-5740, CVE-2006-4574)
193843 2006-06-28 nor nor NEW mailman LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability
200034 2006-10-27 urg nor NEW kernel LEGACY, rh73, rh90, 1, 2, 3, NEEDSWORK Various kernel security issues - July thru October 2006
200963 2006-10-07 nor hig ASSI glibc LEGACY, 4, NEEDSWORK nscd 2.3.6-4 segfaults
208727 2006-11-15 hig hig NEW openssh impact=important, LEGACY, rh73, rh90, 3, 4, NEEDSWORK CVE-2006-4924 openssh DoS (also CVE-2006-5051) (also for RHL7.3: CVE-2006-0225, CVE-2003-0386)
209167 2006-12-18 urg urg NEW seamonkey LEGACY, rh73, rh90, 1, 2, 3, 4, discuss, NEEDSWORK seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla
209891 2006-11-15 nor nor NEW mailman LEGACY, 3, 4, NEEDSWORK CVE-2006-4624 mailman 2.1.9 needed (CVE-2006-3636 CVE-2006-2941)
211676 2006-11-18 nor nor NEW mailman LEGACY, 3, 4, NEEDSWORK CVE-2006-4624 mailman 2.1.9 needed (CVE-2006-3636 CVE-2006-2941)
215282 2006-11-17 nor nor ASSI firefox impact=critical, LEGACY, 3, 4, NEEDSWORK CVE-2006-5463: Multiple firefox issues (CVE-2006-5747, CVE-2006-5748, CVE-2006-5464, CVE-2006-5462)
215745 2006-11-16 nor nor NEW nss_db impact=moderate, LEGACY, 3, 4, NEEDSWORK nss_ldap authentication bypass - CVE-2006-5170
216054 2006-11-16 nor nor NEW kdelibs LEGACY, 3, 4, NEEDSWORK CVE-2006-4811 qt integer overflow in kdelibs

All packages which have been deferred until more important issues come up

ID Changed Date Sev Pri Status Comp StatusSummary Summary
121734 2006-08-13 nor nor NEED nss_ldap DEFER openssl kills pam_ldap with SIGSEGV in err_cmp when authenticating against ldaps://
144441 2005-11-16 hig nor NEW mkinitrd LEGACY, 2, DEFER mkinitrd randomly fails to make initrd properly -- missing sync?
152830 2006-04-20 nor low NEW Package request LEGACY, DEFER Links Malformed Table Denial of Service
152833 2006-04-20 nor low NEW w3m LEGACY, DEFER w3m browser also crashes on some malformed HTML
162208 2005-12-15 nor nor NEW kernel DEFER [PATCH] bonding: don't drop non-VLAN traffic
170086 2005-11-16 nor nor NEW glibc-kernheaders DEFER 'recent' flag doesn't work with iptables -- ipt_recent.h missing
180470 2006-03-01 hig nor ASSI httpd LEGACY, 1, DEFER SSL Re-negotiation in conjunction with POST method not supported
189323 2006-05-06 hig nor VERI squid LEGACY, rh73, rh90, 1, 2, 3, DEFER squid-2.4.STABLE7-0.73.3.legacy restarting frequently.

Other bug reports

ID Changed Date Sev Pri Status Comp StatusSummary Summary
138268 2006-06-29 nor nor NEW wvdial wvdialconf creates /etc/wvdial.conf with 1204 perms
153183 2006-04-20 nor nor NEW lrzsz ZRPOS file position not validated; segfaults possible
154126 2006-08-13 nor nor NEED postgresql-odbc Insecure world-readable log file creation in /tmp when debug=1
155751 2006-10-20 nor nor NEW cpio impact=moderate,public=20050413,source=bugtraq,reported=20050413 CAN-2005-1111 Race condition in cpio
157116 2006-04-20 nor nor NEW logwatch CAN-2005-1061 logwatch log processing regular expression DoS
157698 2007-02-05 nor nor ASSI libtiff CAN-2005-1544 LibTIFF TIFFOpen Buffer Overflow Vulnerability
158683 2007-01-11 low nor ASSI gdb impact=low,public=20050525,reported=20050504,source=vendorsec CAN-2005-1704 Integer overflow in gdb
158686 2007-01-11 low nor ASSI gdb impact=low,public=20050525,reported=20050520,source=vendorsec CAN-2005-1705 gdb arbitrary command execution
159018 2005-10-31 nor nor NEW gedit gedit Filename Format String Issue
159020 2007-01-14 nor nor NEW gdb GDB Multiple Vulnerabilities
160234 2005-10-31 nor nor NEW binutils GNU Binutils Binary File Descriptor Library Integer Overflow
162792 2005-10-31 nor nor NEW openldap CAN-2005-2069 OpenLDAP TLS Plaintext Password Vulnerability
162794 2005-10-31 nor nor NEW nss_ldap CAN-2005-2069 PADL Software PAM_LDAP TLS Plaintext Password
163096 2006-04-20 nor nor NEW cpio cpio - CAN-2005-1111 race and CAN-2005-1229 directory traversal issues
163829 2005-10-31 nor nor NEW net-snmp CAN-2005-2177 Net-SNMP Unspecified Remote Stream-Based Protocol DoS
163833 2005-10-31 nor nor NEW krb5 CAN-2005-1689, -117[45] MIT Kerberos Multiple Vulnerabilities
163835 2005-10-31 nor nor NEW dhcpcd CAN-2005-1848 dhcpcd Remote Denial of Service
164488 2006-04-20 nor nor NEW vim CAN-2005-2368 modelines in vim can own you
166164 2006-10-20 low nor ASSI nss_ldap impact=low,embargoed=yes,source=redhat,reported=20050816 CAN-2005-2641 pam_ldap policy vulnerability
167854 2007-01-19 nor nor NEED evolution several "camel" warnings when starting evolution
168804 2005-10-31 nor nor NEW elm CAN-2005-2665 Elm Expires Header Remote Buffer Overflow
170179 2005-10-31 nor nor NEW slocate slocate long paths denial of service - CAN-2005-2499
170413 2005-11-29 nor nor NEW abiword CAN-2005-2964 AbiWord RTF File Processing Buffer Overflow
174474 2005-12-20 nor nor NEW netpbm CAN-2005-2978 NetPBM PNMToPNG Buffer Overflow
174476 2005-12-09 nor nor NEW curl CAN-2005-3185 WGet/Curl NTLM Username Buffer Overflow
174477 2005-11-29 nor nor NEW wget CAN-2005-3185 WGet/Curl NTLM Username Buffer Overflow
179804 2006-11-16 nor nor NEW kdelibs LEGACY, rh73, rh90, 1, 2, 3 Multiple KDE package tracker for multiple vulnerabilities
181670 2006-04-20 nor nor NEW postgresql SA18890 PostgreSQL Privilege Escalation and Denial of Service
185360 2006-04-20 nor nor NEW metamail LEGACY, rh73 CVE-2006-0709 metamail buffer overflow
187253 2006-04-29 nor nor NEW php segmentation faults with multiple include virtual php requests
188213 2006-06-14 low low NEW mysql impact=important, LEGACY, rhl73, rhl90, 1, 2, 3 CVE-2006-0903 Mysql multiple vulnerabilities (
188761 2006-09-07 nor nor ASSI glibc Legacy, 4 New glibc (2.3.6-3) breaks nis+
189211 2006-04-18 nor nor NEW xscreensaver CVE-2004-2655 XScreenSaver Local Password Disclosure
194440 2006-10-07 urg urg NEW mozilla impact=critical, LEGACY, rh73, rh90, 1, 2, 3 CVE-2006-2779 Multiple Mozilla, Firefox issues (CVE-2006-2781, CVE-2006-2788)
195736 2007-02-01 nor nor NEW emacs LEGACY, 9 RMAIL in emacs mail broken by patches
200073 2006-08-11 nor nor NEW squirrelmail Squirrelmail 1.4.7 fixes several issues
200530 2006-08-07 urg nor NEW firefox CVE-2006-3801, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3811, CVE-2006-3812: major (public) security flaws fixed in firefox 1.5.0.5
200588 2006-07-28 nor nor NEW samba CVE-2006-3403 Samba Internal Data Structures Denial of Service
200592 2006-07-28 nor nor NEW libwmf LibWMF WMF File Handling Integer Overflow
200593 2006-07-28 nor nor NEW firefox Mozilla Firefox OuterHTML Redirection Handling Information Disclosure
200595 2006-07-28 nor nor NEW openoffice OpenOffice multiple vulnerabilities
200596 2006-07-28 nor nor NEW gimp CVE-2006-3404 Gimp XCF_load_vector Function Buffer Overflow
200882 2006-08-01 hig nor NEW php Segmentation fault processing large XML file
201283 2006-08-09 nor nor NEW gnupg GnuPG 1.4.5 fixes a flaw in the handling of certain packets
201792 2006-10-19 nor nor NEW apache CVE-2006-3747 Apache Mod_Rewrite Off-By-One Buffer Overflow
201936 2006-08-27 nor nor NEW libpng libpng Graphics Library Chunk Error Processing Buffer Overflow
201938 2006-08-09 nor nor NEW mutt CVE-2006-3242 Mutt BROWSE_GET_NAMESPACE IMAP Namespace Processing Buffer Overflow
204257 2006-08-27 nor nor NEW gnome-vfs2 Fedora Legacy FC4: gnome-vfs2 samba fixes
206595 2006-09-15 nor nor NEW glibc X crashes on 2.4.33.x
206728 2006-09-15 urg nor NEW firefox CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787
206766 2006-09-16 hig nor NEW kernel mm_struct leak and illegal arguments for rebalance_inactive()
208764 2006-10-06 urg urg NEW distribution PowerPC packages missing.
210304 2006-10-11 low nor NEW cscope reported=20060818,source=vendorsec,public=20060820,impact=low CVE-2006-4262 cscope buffer overflows
210305 2006-10-11 low nor NEW cscope reported=20060818,source=vendorsec,public=20060820,impact=low CVE-2006-4262 cscope buffer overflows
211653 2006-10-20 hig nor NEW freeradius source=secalert,reported=20060321,public=20060320,impact=important CVE-2006-1354 FreeRADIUS authentication bypass
211654 2006-10-20 hig nor NEW freeradius source=secalert,reported=20060321,public=20060320,impact=important CVE-2006-1354 FreeRADIUS authentication bypass
214909 2006-11-09 nor nor NEW ruby Ruby CGI multipart parsing DoS - CVE-2006-5467
215265 2006-11-12 nor nor NEW gv LEGACY, rh73, rh90, 3 CVE-2006-5864: gv (ghostview) <= 3.6.2 stack-based buffer overflow
216341 2006-11-19 hig nor NEW glibc busy loop in malloc can hang the machine