From fedora-security-commits at redhat.com Tue Apr 1 07:23:10 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 1 Apr 2008 07:23:10 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.181, 1.182 f9, 1.171, 1.172 fc7, 1.337, 1.338 Message-ID: <200804010723.m317NALM020593@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20565/audit Modified Files: f8 f9 fc7 Log Message: add CVE ids for comix and phpMyAdmin add mod_suphp add bzip2 tracking bugs (it's also lib, crash in daemon app may matter) Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.181 retrieving revision 1.182 diff -u -r1.181 -r1.182 --- f8 30 Mar 2008 23:13:52 -0000 1.181 +++ f8 1 Apr 2008 07:22:39 -0000 1.182 @@ -4,11 +4,12 @@ # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) -402841 VULNERABLE (phpmyadmin, fixed 2.11.5.1) #402841 +439687 VULNERABLE (mod_suphp, fixed 0.6.3) 293031 fixed (nx) #293031 [since FEDORA-2008-2258] -430635 VULNERABLE (comix) multiple issues tracked via #430635 438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 249840 VULNERABLE (tor) +CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 +CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) CVE-2008-1515 VULNERABLE (otrs) #439724 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847 CVE-2008-0806 fixed (wyrd) #433720 [since FEDORA-2008-1963] @@ -21,7 +22,7 @@ CVE-2008-1467 VULNERABLE (centerim) #438871 CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] -CVE-2008-1372 ignore (bzip2) Just a crash +CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 CVE-2008-1360 VULNERABLE (nagios) #437850 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization CVE-2008-1333 ignore (asterisk) not affected Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.171 retrieving revision 1.172 diff -u -r1.171 -r1.172 --- f9 31 Mar 2008 12:32:21 -0000 1.171 +++ f9 1 Apr 2008 07:22:39 -0000 1.172 @@ -4,10 +4,11 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) +439687 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9] 438382 VULNERABLE (libsilc) #438382 -430635 VULNERABLE (comix) multiple issues tracked via #430635 -402841 VULNERABLE (phpmyadmin, fixed 2.11.5.1) #402841 249840 VULNERABLE (tor) +CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 +CVE-2008-1567 version (phpmyadmin, fixed 2.11.5.1) [since phpMyAdmin-2.11.5.1-1.fc9] CVE-2008-1515 VULNERABLE (otrs) #439725 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 CVE-2008-0806 VULNERABLE (wyrd) #433722 @@ -19,7 +20,7 @@ CVE-2008-1467 fixed (centerim) #438871 CVE-2008-1394 ignore (plone) CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] -CVE-2008-1372 ignore (bzip2) Just a crash +CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9] CVE-2008-1360 VULNERABLE (nagios) #437852 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization CVE-2008-1333 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.337 retrieving revision 1.338 diff -u -r1.337 -r1.338 --- fc7 30 Mar 2008 23:13:52 -0000 1.337 +++ fc7 1 Apr 2008 07:22:39 -0000 1.338 @@ -5,11 +5,12 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -402841 VULNERABLE (phpmyadmin, fixed 2.11.5.1) #402841 +439687 VULNERABLE (mod_suphp, fixed 0.6.3) 293031 fixed (nx) #293031 [since FEDORA-2008-2258] -430635 VULNERABLE (comix) multiple issues tracked via #430635 438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 +CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) CVE-2008-1515 VULNERABLE (otrs) #439723 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846 CVE-2008-0806 fixed (wyrd) #433721 [since FEDORA-2008-1986] @@ -22,7 +23,7 @@ CVE-2008-1467 VULNERABLE (centerim) #438871 CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] -CVE-2008-1372 ignore (bzip2) Just a crash +CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 CVE-2008-1360 VULNERABLE (nagios) #437851 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization CVE-2008-1333 ignore (asterisk) not affected From fedora-security-commits at redhat.com Tue Apr 1 12:31:01 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 1 Apr 2008 12:31:01 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.182, 1.183 f9, 1.172, 1.173 fc7, 1.338, 1.339 Message-ID: <200804011231.m31CV1UJ027311@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27281/audit Modified Files: f8 f9 fc7 Log Message: add PolicyKit, wireshark fix previous wireshark bz ids Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.182 retrieving revision 1.183 diff -u -r1.182 -r1.183 --- f8 1 Apr 2008 07:22:39 -0000 1.182 +++ f8 1 Apr 2008 12:30:31 -0000 1.183 @@ -4,12 +4,16 @@ # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) +439982 VULNERABLE (PolicyKit) #439995 439687 VULNERABLE (mod_suphp, fixed 0.6.3) 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 249840 VULNERABLE (tor) CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) +CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435487 +CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435487 +CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435487 CVE-2008-1515 VULNERABLE (otrs) #439724 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847 CVE-2008-0806 fixed (wyrd) #433720 [since FEDORA-2008-1963] @@ -49,9 +53,9 @@ CVE-2008-1099 VULNERABLE (moin) #438673 CVE-2008-1098 VULNERABLE (moin) #438673 CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package -CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435485 -CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435485 -CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435485 +CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435487 +CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435487 +CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435487 CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911] CVE-2008-1066 VULNERABLE (gallery2) #438058 [since FEDORA-2008-2587] CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.172 retrieving revision 1.173 diff -u -r1.172 -r1.173 --- f9 1 Apr 2008 07:22:39 -0000 1.172 +++ f9 1 Apr 2008 12:30:31 -0000 1.173 @@ -4,11 +4,15 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) +439982 VULNERABLE (PolicyKit) #439996 439687 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9] 438382 VULNERABLE (libsilc) #438382 249840 VULNERABLE (tor) CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 CVE-2008-1567 version (phpmyadmin, fixed 2.11.5.1) [since phpMyAdmin-2.11.5.1-1.fc9] +CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435488 +CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435488 +CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435488 CVE-2008-1515 VULNERABLE (otrs) #439725 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 CVE-2008-0806 VULNERABLE (wyrd) #433722 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.338 retrieving revision 1.339 diff -u -r1.338 -r1.339 --- fc7 1 Apr 2008 07:22:39 -0000 1.338 +++ fc7 1 Apr 2008 12:30:31 -0000 1.339 @@ -11,6 +11,9 @@ 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) +CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435485 +CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435485 +CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435485 CVE-2008-1515 VULNERABLE (otrs) #439723 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846 CVE-2008-0806 fixed (wyrd) #433721 [since FEDORA-2008-1986] @@ -50,9 +53,9 @@ CVE-2008-1099 VULNERABLE (moin) #438672 CVE-2008-1098 VULNERABLE (moin) #438672 CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package -CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435487 -CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435487 -CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435487 +CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435485 +CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435485 +CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435485 CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928] CVE-2008-1066 VULNERABLE (gallery2) #438059 [since FEDORA-2008-2650] CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656] From fedora-security-commits at redhat.com Tue Apr 1 12:42:32 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 1 Apr 2008 12:42:32 GMT Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Audit.pm, 1.3, 1.4 Message-ID: <200804011242.m31CgWR1027747@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27695/tools/lib/Libexig Modified Files: Audit.pm Log Message: quick fix to make add-issue at least partially usable with new file format Index: Audit.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Audit.pm,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- Audit.pm 14 Jan 2008 16:33:12 -0000 1.3 +++ Audit.pm 1 Apr 2008 12:42:01 -0000 1.4 @@ -100,7 +100,7 @@ }; } elsif (/^ (\*?)* # Needs verification - (\S+-\S+-\S+)\s* # CVE + (\S+)\s* # CVE (\*\*|version|VULNERABLE|ignore|backport|fixed)\s* # Status \( ([^\s,]+)\s* # Component From fedora-security-commits at redhat.com Tue Apr 1 14:52:01 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 1 Apr 2008 14:52:01 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.183, 1.184 f9, 1.173, 1.174 fc7, 1.339, 1.340 Message-ID: <200804011452.m31Eq1dW012824@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12780/audit Modified Files: f8 f9 fc7 Log Message: note cups cve ids Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.183 retrieving revision 1.184 diff -u -r1.183 -r1.184 --- f8 1 Apr 2008 12:30:31 -0000 1.183 +++ f8 1 Apr 2008 14:51:31 -0000 1.184 @@ -26,6 +26,8 @@ CVE-2008-1467 VULNERABLE (centerim) #438871 CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] +CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL +CVE-2008-1373 VULNERABLE (cups) #440040 CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 CVE-2008-1360 VULNERABLE (nagios) #437850 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization @@ -157,6 +159,8 @@ CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292] CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] +CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901] +CVE-2008-0047 VULNERABLE (cups) #440040 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.173 retrieving revision 1.174 diff -u -r1.173 -r1.174 --- f9 1 Apr 2008 12:30:31 -0000 1.173 +++ f9 1 Apr 2008 14:51:31 -0000 1.174 @@ -24,6 +24,8 @@ CVE-2008-1467 fixed (centerim) #438871 CVE-2008-1394 ignore (plone) CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] +CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL +CVE-2008-1373 VULNERABLE (cups) #440041 CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9] CVE-2008-1360 VULNERABLE (nagios) #437852 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization @@ -151,6 +153,8 @@ CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9] CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] +CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9] +CVE-2008-0047 VULNERABLE (cups) #440041 CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9] CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.339 retrieving revision 1.340 diff -u -r1.339 -r1.340 --- fc7 1 Apr 2008 12:30:31 -0000 1.339 +++ fc7 1 Apr 2008 14:51:31 -0000 1.340 @@ -26,6 +26,8 @@ CVE-2008-1467 VULNERABLE (centerim) #438871 CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] +CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL +CVE-2008-1373 VULNERABLE (cups) #440042 CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 CVE-2008-1360 VULNERABLE (nagios) #437851 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization @@ -156,6 +158,8 @@ CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290] CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] +CVE-2008-0053 VULNERABLE (cups) #440042 +CVE-2008-0047 VULNERABLE (cups) #440042 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] From fedora-security-commits at redhat.com Wed Apr 2 13:54:01 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Apr 2008 13:54:01 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.184, 1.185 f9, 1.174, 1.175 fc7, 1.340, 1.341 Message-ID: <200804021354.m32Ds1w9019889@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19850/audit Modified Files: f8 f9 fc7 Log Message: add squid Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.184 retrieving revision 1.185 diff -u -r1.184 -r1.185 --- f8 1 Apr 2008 14:51:31 -0000 1.184 +++ f8 2 Apr 2008 13:53:31 -0000 1.185 @@ -9,6 +9,7 @@ 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 249840 VULNERABLE (tor) +CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435487 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.174 retrieving revision 1.175 diff -u -r1.174 -r1.175 --- f9 1 Apr 2008 14:51:31 -0000 1.174 +++ f9 2 Apr 2008 13:53:31 -0000 1.175 @@ -8,6 +8,7 @@ 439687 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9] 438382 VULNERABLE (libsilc) #438382 249840 VULNERABLE (tor) +CVE-2008-1612 ignore (squid, fixed 2.6.STABLE19) 3.0 was not affected CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 CVE-2008-1567 version (phpmyadmin, fixed 2.11.5.1) [since phpMyAdmin-2.11.5.1-1.fc9] CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435488 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.340 retrieving revision 1.341 diff -u -r1.340 -r1.341 --- fc7 1 Apr 2008 14:51:31 -0000 1.340 +++ fc7 2 Apr 2008 13:53:31 -0000 1.341 @@ -9,6 +9,7 @@ 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1612 backport (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2729] CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435485 From fedora-security-commits at redhat.com Wed Apr 2 14:36:17 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Apr 2008 14:36:17 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.185, 1.186 f9, 1.175, 1.176 fc7, 1.341, 1.342 Message-ID: <200804021436.m32EaHbY027363@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27339/audit Modified Files: f8 f9 fc7 Log Message: add pdns-recursor Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.185 retrieving revision 1.186 diff -u -r1.185 -r1.186 --- f8 2 Apr 2008 13:53:31 -0000 1.185 +++ f8 2 Apr 2008 14:35:47 -0000 1.186 @@ -4,6 +4,7 @@ # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) +440247 VULNERABLE (pdns-recursor, fixed 3.1.5) #440249 439982 VULNERABLE (PolicyKit) #439995 439687 VULNERABLE (mod_suphp, fixed 0.6.3) 293031 fixed (nx) #293031 [since FEDORA-2008-2258] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.175 retrieving revision 1.176 diff -u -r1.175 -r1.176 --- f9 2 Apr 2008 13:53:31 -0000 1.175 +++ f9 2 Apr 2008 14:35:47 -0000 1.176 @@ -4,6 +4,7 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) +440247 VULNERABLE (pdns-recursor, fixed 3.1.5) #440250 439982 VULNERABLE (PolicyKit) #439996 439687 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9] 438382 VULNERABLE (libsilc) #438382 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.341 retrieving revision 1.342 diff -u -r1.341 -r1.342 --- fc7 2 Apr 2008 13:53:31 -0000 1.341 +++ fc7 2 Apr 2008 14:35:47 -0000 1.342 @@ -5,6 +5,7 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 +440247 VULNERABLE (pdns-recursor, fixed 3.1.5) #440248 439687 VULNERABLE (mod_suphp, fixed 0.6.3) 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] From fedora-security-commits at redhat.com Wed Apr 2 15:49:02 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Apr 2008 15:49:02 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.186, 1.187 f9, 1.176, 1.177 fc7, 1.342, 1.343 Message-ID: <200804021549.m32Fn2qq006552@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6472/audit Modified Files: f8 f9 fc7 Log Message: add gnome-screensaver node mod_suphp cve id Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.186 retrieving revision 1.187 diff -u -r1.186 -r1.187 --- f8 2 Apr 2008 14:35:47 -0000 1.186 +++ f8 2 Apr 2008 15:48:32 -0000 1.187 @@ -6,10 +6,10 @@ 440247 VULNERABLE (pdns-recursor, fixed 3.1.5) #440249 439982 VULNERABLE (PolicyKit) #439995 -439687 VULNERABLE (mod_suphp, fixed 0.6.3) 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 249840 VULNERABLE (tor) +CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868] CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) @@ -71,6 +71,7 @@ CVE-2008-0928 fixed (kvm) #433564 [since FEDORA-2008-1973] CVE-2008-0928 fixed (xen) #434639 [since FEDORA-2008-2057] CVE-2008-0888 ignore (unzip) caught by glibc malloc checks +CVE-2008-0887 VULNERABLE (gnome-screensaver) #440256 CVE-2008-0882 fixed (cups, fixed 1.3.6) #433803 [since FEDORA-2008-1901] CVE-2008-0782 fixed (moin) #432019 [since FEDORA-2008-1562] CVE-2008-0781 fixed (moin) #432750 [since FEDORA-2008-1905] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.176 retrieving revision 1.177 diff -u -r1.176 -r1.177 --- f9 2 Apr 2008 14:35:47 -0000 1.176 +++ f9 2 Apr 2008 15:48:32 -0000 1.177 @@ -6,9 +6,9 @@ 440247 VULNERABLE (pdns-recursor, fixed 3.1.5) #440250 439982 VULNERABLE (PolicyKit) #439996 -439687 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9] 438382 VULNERABLE (libsilc) #438382 249840 VULNERABLE (tor) +CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9] CVE-2008-1612 ignore (squid, fixed 2.6.STABLE19) 3.0 was not affected CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 CVE-2008-1567 version (phpmyadmin, fixed 2.11.5.1) [since phpMyAdmin-2.11.5.1-1.fc9] @@ -67,6 +67,7 @@ CVE-2008-0928 backport (kvm) #433566 [since kvm-61-2.fc9] CVE-2008-0928 backport (xen) [since xen-3.2.0-8.fc9] CVE-2008-0888 backport (unzip) #437927 [since unzip-5.52-9.fc9] +CVE-2008-0887 VULNERABLE (gnome-screensaver) #440257 CVE-2008-0882 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9] CVE-2008-0807 version (turba, fixed 2.1.7) #433318 [since turba-2.1.7-1.fc9] CVE-2008-0786 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.342 retrieving revision 1.343 diff -u -r1.342 -r1.343 --- fc7 2 Apr 2008 14:35:47 -0000 1.342 +++ fc7 2 Apr 2008 15:48:32 -0000 1.343 @@ -6,10 +6,10 @@ # A couple of first F7 updates were marked as FEDORA-2007-0001 440247 VULNERABLE (pdns-recursor, fixed 3.1.5) #440248 -439687 VULNERABLE (mod_suphp, fixed 0.6.3) 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2815] CVE-2008-1612 backport (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2729] CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) @@ -71,6 +71,7 @@ CVE-2008-0928 fixed (kvm) #433565 [since FEDORA-2008-1993] CVE-2008-0928 fixed (xen) #434638 [since FEDORA-2008-2083] CVE-2008-0888 ignore (unzip) caught by glibc malloc checks +CVE-2008-0887 VULNERABLE (gnome-screensaver) #440255 CVE-2008-0882 fixed (cups, fixed 1.3.6) #433802 [since FEDORA-2008-1976] CVE-2008-0782 fixed (moin) #432020 [since FEDORA-2008-1486] CVE-2008-0781 fixed (moin) #432749 [since FEDORA-2008-1880] From fedora-security-commits at redhat.com Wed Apr 2 17:11:58 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Apr 2008 17:11:58 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.187, 1.188 f9, 1.177, 1.178 fc7, 1.343, 1.344 Message-ID: <200804021711.m32HBwm6026382@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26325/audit Modified Files: f8 f9 fc7 Log Message: note pdns-recursor cve id Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.187 retrieving revision 1.188 diff -u -r1.187 -r1.188 --- f8 2 Apr 2008 15:48:32 -0000 1.187 +++ f8 2 Apr 2008 17:11:28 -0000 1.188 @@ -4,11 +4,11 @@ # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) -440247 VULNERABLE (pdns-recursor, fixed 3.1.5) #440249 439982 VULNERABLE (PolicyKit) #439995 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 249840 VULNERABLE (tor) +CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440249 CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868] CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.177 retrieving revision 1.178 diff -u -r1.177 -r1.178 --- f9 2 Apr 2008 15:48:32 -0000 1.177 +++ f9 2 Apr 2008 17:11:28 -0000 1.178 @@ -4,10 +4,10 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) -440247 VULNERABLE (pdns-recursor, fixed 3.1.5) #440250 439982 VULNERABLE (PolicyKit) #439996 438382 VULNERABLE (libsilc) #438382 249840 VULNERABLE (tor) +CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440250 CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9] CVE-2008-1612 ignore (squid, fixed 2.6.STABLE19) 3.0 was not affected CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.343 retrieving revision 1.344 diff -u -r1.343 -r1.344 --- fc7 2 Apr 2008 15:48:32 -0000 1.343 +++ fc7 2 Apr 2008 17:11:28 -0000 1.344 @@ -5,10 +5,10 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -440247 VULNERABLE (pdns-recursor, fixed 3.1.5) #440248 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440248 CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2815] CVE-2008-1612 backport (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2729] CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 From fedora-security-commits at redhat.com Thu Apr 3 09:09:24 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 3 Apr 2008 09:09:24 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.188, 1.189 f9, 1.178, 1.179 fc7, 1.344, 1.345 Message-ID: <200804030909.m3399OH5026858@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26817/audit Modified Files: f8 f9 fc7 Log Message: add openssh, audit note some CVE ids note rawhide updates check-updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.188 retrieving revision 1.189 diff -u -r1.188 -r1.189 --- f8 2 Apr 2008 17:11:28 -0000 1.188 +++ f8 3 Apr 2008 09:08:54 -0000 1.189 @@ -4,11 +4,12 @@ # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) -439982 VULNERABLE (PolicyKit) #439995 293031 fixed (nx) #293031 [since FEDORA-2008-2258] -438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 249840 VULNERABLE (tor) +CVE-2008-1658 VULNERABLE (PolicyKit) #439995 +CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440249 +CVE-2008-1628 VULNERABLE (audit) [since audit-1.6.8-4.fc8] CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868] CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 @@ -16,21 +17,22 @@ CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435487 CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435487 CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435487 +CVE-2008-1552 fixed (libsilc) #438382 [since FEDORA-2008-2641] CVE-2008-1515 VULNERABLE (otrs) #439724 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847 CVE-2008-0806 fixed (wyrd) #433720 [since FEDORA-2008-1963] CVE-2008-1532 fixed (Perlbal) #439056 [since FEDORA-2008-2778] CVE-2008-1531 VULNERABLE (lighttpd) #439068 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch -CVE-2008-1482 VULNERABLE (xine-lib) #438670 +CVE-2008-1482 VULNERABLE (xine-lib) #438670 [since FEDORA-2008-2849] CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370] CVE-2008-1468 fixed (namazu) #438667 [since FEDORA-2008-2767] -CVE-2008-1467 VULNERABLE (centerim) #438871 +CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL -CVE-2008-1373 VULNERABLE (cups) #440040 -CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 +CVE-2008-1373 VULNERABLE (cups) #440040 [since FEDORA-2008-2131] +CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 CVE-2008-1360 VULNERABLE (nagios) #437850 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization CVE-2008-1333 ignore (asterisk) not affected @@ -163,7 +165,7 @@ CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901] -CVE-2008-0047 VULNERABLE (cups) #440040 +CVE-2008-0047 VULNERABLE (cups) #440040 [since FEDORA-2008-2131] CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] @@ -213,14 +215,14 @@ CVE-2007-6335 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6437 fixed (syslog-ng) #426306 [since FEDORA-2008-0523] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] -CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 +CVE-2007-6389 fixed (gnome-screensaver) #426170 [since FEDORA-2008-2872] CVE-2007-6353 VULNERABLE (exiv2) #425923 CVE-2007-6352 fixed (libexif) #425631 [since FEDORA-2007-4667] CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667] CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision -CVE-2007-6321 VULNERABLE (roundcubemail) #423291 +CVE-2007-6321 VULNERABLE (roundcubemail) #423291 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6313 ignore (mysql) 5.1+ only CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.178 retrieving revision 1.179 diff -u -r1.178 -r1.179 --- f9 2 Apr 2008 17:11:28 -0000 1.178 +++ f9 3 Apr 2008 09:08:54 -0000 1.179 @@ -4,23 +4,25 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) -439982 VULNERABLE (PolicyKit) #439996 438382 VULNERABLE (libsilc) #438382 249840 VULNERABLE (tor) +CVE-2008-1658 VULNERABLE (PolicyKit) #439996 +CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376 CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440250 +CVE-2008-1628 version (audit) [since audit-1.7-2.fc9] CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9] CVE-2008-1612 ignore (squid, fixed 2.6.STABLE19) 3.0 was not affected -CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 +CVE-2008-1568 fixed (comix) [since comix-3.6.4-6.fc9] CVE-2008-1567 version (phpmyadmin, fixed 2.11.5.1) [since phpMyAdmin-2.11.5.1-1.fc9] -CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435488 -CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435488 -CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435488 +CVE-2008-1563 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9] +CVE-2008-1562 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9] +CVE-2008-1561 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1515 VULNERABLE (otrs) #439725 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 CVE-2008-0806 VULNERABLE (wyrd) #433722 CVE-2008-1531 VULNERABLE (lighttpd) #439069 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch -CVE-2008-1482 VULNERABLE (xine-lib) #438671 +CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9] CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9] CVE-2008-1468 VULNERABLE (namazu) #438668 CVE-2008-1467 fixed (centerim) #438871 @@ -53,9 +55,9 @@ CVE-2008-1099 VULNERABLE (moin) #438674 CVE-2008-1098 VULNERABLE (moin) #438674 CVE-2008-1078 VULNERABLE (am-utils) #437746 -CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435488 -CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435488 -CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435488 +CVE-2008-1072 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9] +CVE-2008-1071 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9] +CVE-2008-1070 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9] CVE-2008-1066 VULNERABLE (gallery2) #438060 CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.344 retrieving revision 1.345 diff -u -r1.344 -r1.345 --- fc7 2 Apr 2008 17:11:28 -0000 1.344 +++ fc7 3 Apr 2008 09:08:54 -0000 1.345 @@ -6,9 +6,10 @@ # A couple of first F7 updates were marked as FEDORA-2007-0001 293031 fixed (nx) #293031 [since FEDORA-2008-2258] -438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461 CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440248 +CVE-2008-1628 ignore (audit) affected function not used by anything CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2815] CVE-2008-1612 backport (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2729] CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 @@ -16,6 +17,7 @@ CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435485 CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435485 CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435485 +CVE-2008-1552 fixed (libsilc) #438382 [since FEDORA-2008-2641] CVE-2008-1515 VULNERABLE (otrs) #439723 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846 CVE-2008-0806 fixed (wyrd) #433721 [since FEDORA-2008-1986] @@ -25,12 +27,12 @@ CVE-2008-1482 VULNERABLE (xine-lib) #438669 CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471] CVE-2008-1468 fixed (namazu) #438666 [since FEDORA-2008-2678] -CVE-2008-1467 VULNERABLE (centerim) #438871 +CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 VULNERABLE (cups) #440042 -CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 +CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 CVE-2008-1360 VULNERABLE (nagios) #437851 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization CVE-2008-1333 ignore (asterisk) not affected @@ -211,14 +213,14 @@ CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6437 fixed (syslog-ng) #426305 [since FEDORA-2008-0559] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593] -CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 +CVE-2007-6389 fixed (gnome-screensaver) #426169 [since FEDORA-2008-2818] CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551] CVE-2007-6352 fixed (libexif) #425621 [since FEDORA-2007-4608] CVE-2007-6351 fixed (libexif) #425621 [since FEDORA-2007-4608] CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision -CVE-2007-6321 VULNERABLE (roundcubemail) #423281 +CVE-2007-6321 VULNERABLE (roundcubemail) #423281 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6313 ignore (mysql) 5.1+ only CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built From fedora-security-commits at redhat.com Thu Apr 3 09:42:31 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 3 Apr 2008 09:42:31 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.189, 1.190 f9, 1.179, 1.180 fc7, 1.345, 1.346 Message-ID: <200804030942.m339gVTb027490@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27447/audit Modified Files: f8 f9 fc7 Log Message: add another Perlbal issue fixed in 1.70 move mis-placed entries Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.189 retrieving revision 1.190 diff -u -r1.189 -r1.190 --- f8 3 Apr 2008 09:08:54 -0000 1.189 +++ f8 3 Apr 2008 09:42:01 -0000 1.190 @@ -8,6 +8,7 @@ 249840 VULNERABLE (tor) CVE-2008-1658 VULNERABLE (PolicyKit) #439995 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 +CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778] CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440249 CVE-2008-1628 VULNERABLE (audit) [since audit-1.6.8-4.fc8] CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868] @@ -17,12 +18,11 @@ CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435487 CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435487 CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435487 -CVE-2008-1552 fixed (libsilc) #438382 [since FEDORA-2008-2641] +CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641] +CVE-2008-1532 version (Perlbal, fixed 1.70) #439056 [since FEDORA-2008-2778] +CVE-2008-1531 VULNERABLE (lighttpd) #439068 CVE-2008-1515 VULNERABLE (otrs) #439724 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847 -CVE-2008-0806 fixed (wyrd) #433720 [since FEDORA-2008-1963] -CVE-2008-1532 fixed (Perlbal) #439056 [since FEDORA-2008-2778] -CVE-2008-1531 VULNERABLE (lighttpd) #439068 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 VULNERABLE (xine-lib) #438670 [since FEDORA-2008-2849] CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370] @@ -79,6 +79,7 @@ CVE-2008-0781 fixed (moin) #432750 [since FEDORA-2008-1905] CVE-2008-0780 fixed (moin) #432750 [since FEDORA-2008-1905] CVE-2008-0807 fixed (turba) #433319 [since FEDORA-2008-2087] +CVE-2008-0806 fixed (wyrd) #433720 [since FEDORA-2008-1963] CVE-2008-0786 version (cacti, fixed 0.8.7b) #432760 CVE-2008-0785 version (cacti, fixed 0.8.7b) #432760 CVE-2008-0784 version (cacti, fixed 0.8.7b) #432760 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.179 retrieving revision 1.180 diff -u -r1.179 -r1.180 --- f9 3 Apr 2008 09:08:54 -0000 1.179 +++ f9 3 Apr 2008 09:42:01 -0000 1.180 @@ -4,10 +4,10 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) -438382 VULNERABLE (libsilc) #438382 249840 VULNERABLE (tor) CVE-2008-1658 VULNERABLE (PolicyKit) #439996 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376 +CVE-2008-1652 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9] CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440250 CVE-2008-1628 version (audit) [since audit-1.7-2.fc9] CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9] @@ -17,10 +17,11 @@ CVE-2008-1563 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1562 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1561 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9] +CVE-2008-1552 version (libsilc, fixed 1.1.7) #438382 [since libsilc-1.1.7-1.fc9] +CVE-2008-1532 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9] +CVE-2008-1531 VULNERABLE (lighttpd) #439069 CVE-2008-1515 VULNERABLE (otrs) #439725 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 -CVE-2008-0806 VULNERABLE (wyrd) #433722 -CVE-2008-1531 VULNERABLE (lighttpd) #439069 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9] CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9] @@ -72,6 +73,7 @@ CVE-2008-0887 VULNERABLE (gnome-screensaver) #440257 CVE-2008-0882 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9] CVE-2008-0807 version (turba, fixed 2.1.7) #433318 [since turba-2.1.7-1.fc9] +CVE-2008-0806 VULNERABLE (wyrd) #433722 CVE-2008-0786 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9] CVE-2008-0785 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9] CVE-2008-0784 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.345 retrieving revision 1.346 diff -u -r1.345 -r1.346 --- fc7 3 Apr 2008 09:08:54 -0000 1.345 +++ fc7 3 Apr 2008 09:42:01 -0000 1.346 @@ -8,6 +8,7 @@ 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461 +CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440248 CVE-2008-1628 ignore (audit) affected function not used by anything CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2815] @@ -17,12 +18,11 @@ CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435485 CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435485 CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435485 -CVE-2008-1552 fixed (libsilc) #438382 [since FEDORA-2008-2641] +CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641] +CVE-2008-1532 version (Perlbal, fixed 1.70) #439055 [since FEDORA-2008-2788] +CVE-2008-1531 VULNERABLE (lighttpd) #439067 CVE-2008-1515 VULNERABLE (otrs) #439723 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846 -CVE-2008-0806 fixed (wyrd) #433721 [since FEDORA-2008-1986] -CVE-2008-1532 fixed (Perlbal) #439055 [since FEDORA-2008-2788] -CVE-2008-1531 VULNERABLE (lighttpd) #439067 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 VULNERABLE (xine-lib) #438669 CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471] @@ -74,6 +74,7 @@ CVE-2008-0928 fixed (xen) #434638 [since FEDORA-2008-2083] CVE-2008-0888 ignore (unzip) caught by glibc malloc checks CVE-2008-0887 VULNERABLE (gnome-screensaver) #440255 +CVE-2008-0806 fixed (wyrd) #433721 [since FEDORA-2008-1986] CVE-2008-0882 fixed (cups, fixed 1.3.6) #433802 [since FEDORA-2008-1976] CVE-2008-0782 fixed (moin) #432020 [since FEDORA-2008-1486] CVE-2008-0781 fixed (moin) #432749 [since FEDORA-2008-1880] From fedora-security-commits at redhat.com Mon Apr 7 12:16:36 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 7 Apr 2008 12:16:36 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.190, 1.191 f9, 1.180, 1.181 fc7, 1.346, 1.347 Message-ID: <200804071216.m37CGa54015457@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15435/audit Modified Files: f8 f9 fc7 Log Message: add libfishsound Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.190 retrieving revision 1.191 diff -u -r1.190 -r1.191 --- f8 3 Apr 2008 09:42:01 -0000 1.190 +++ f8 7 Apr 2008 12:16:06 -0000 1.191 @@ -6,6 +6,7 @@ 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 VULNERABLE (tor) +CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441247 CVE-2008-1658 VULNERABLE (PolicyKit) #439995 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.180 retrieving revision 1.181 diff -u -r1.180 -r1.181 --- f9 3 Apr 2008 09:42:01 -0000 1.180 +++ f9 7 Apr 2008 12:16:06 -0000 1.181 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) 249840 VULNERABLE (tor) +CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441248 CVE-2008-1658 VULNERABLE (PolicyKit) #439996 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376 CVE-2008-1652 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.346 retrieving revision 1.347 diff -u -r1.346 -r1.347 --- fc7 3 Apr 2008 09:42:01 -0000 1.346 +++ fc7 7 Apr 2008 12:16:06 -0000 1.347 @@ -7,6 +7,7 @@ 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440248 From fedora-security-commits at redhat.com Thu Apr 10 06:35:19 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 10 Apr 2008 06:35:19 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.191, 1.192 f9, 1.181, 1.182 fc7, 1.347, 1.348 Message-ID: <200804100635.m3A6ZJ2A022012@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21978/audit Modified Files: f8 f9 fc7 Log Message: add rsync check-updates (bah, i forgot to commit yesterday) Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.191 retrieving revision 1.192 diff -u -r1.191 -r1.192 --- f8 7 Apr 2008 12:16:06 -0000 1.191 +++ f8 10 Apr 2008 06:34:49 -0000 1.192 @@ -4,36 +4,37 @@ # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) +441683 VULNERABLE (rsync, fixed 3.0.2) #441690 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 VULNERABLE (tor) CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441247 -CVE-2008-1658 VULNERABLE (PolicyKit) #439995 +CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987] CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778] -CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440249 +CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440249 [since FEDORA-2008-3036] CVE-2008-1628 VULNERABLE (audit) [since audit-1.6.8-4.fc8] CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868] CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) -CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435487 -CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435487 -CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435487 +CVE-2008-1563 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] +CVE-2008-1562 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] +CVE-2008-1561 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641] CVE-2008-1532 version (Perlbal, fixed 1.70) #439056 [since FEDORA-2008-2778] CVE-2008-1531 VULNERABLE (lighttpd) #439068 CVE-2008-1515 VULNERABLE (otrs) #439724 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch -CVE-2008-1482 VULNERABLE (xine-lib) #438670 [since FEDORA-2008-2849] +CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849] CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370] CVE-2008-1468 fixed (namazu) #438667 [since FEDORA-2008-2767] CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL -CVE-2008-1373 VULNERABLE (cups) #440040 [since FEDORA-2008-2131] -CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 +CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] +CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] CVE-2008-1360 VULNERABLE (nagios) #437850 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization CVE-2008-1333 ignore (asterisk) not affected @@ -60,9 +61,9 @@ CVE-2008-1099 VULNERABLE (moin) #438673 CVE-2008-1098 VULNERABLE (moin) #438673 CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package -CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435487 -CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435487 -CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435487 +CVE-2008-1072 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040] +CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040] +CVE-2008-1070 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040] CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911] CVE-2008-1066 VULNERABLE (gallery2) #438058 [since FEDORA-2008-2587] CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062 @@ -74,7 +75,7 @@ CVE-2008-0928 fixed (kvm) #433564 [since FEDORA-2008-1973] CVE-2008-0928 fixed (xen) #434639 [since FEDORA-2008-2057] CVE-2008-0888 ignore (unzip) caught by glibc malloc checks -CVE-2008-0887 VULNERABLE (gnome-screensaver) #440256 +CVE-2008-0887 fixed (gnome-screensaver) #440256 [since FEDORA-2008-3017] CVE-2008-0882 fixed (cups, fixed 1.3.6) #433803 [since FEDORA-2008-1901] CVE-2008-0782 fixed (moin) #432019 [since FEDORA-2008-1562] CVE-2008-0781 fixed (moin) #432750 [since FEDORA-2008-1905] @@ -167,7 +168,7 @@ CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901] -CVE-2008-0047 VULNERABLE (cups) #440040 [since FEDORA-2008-2131] +CVE-2008-0047 fixed (cups) #440040 [since FEDORA-2008-2131] CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] @@ -224,7 +225,7 @@ CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision -CVE-2007-6321 VULNERABLE (roundcubemail) #423291 +CVE-2007-6321 VULNERABLE (roundcubemail) #423291 [since FEDORA-2008-2962] CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6313 ignore (mysql) 5.1+ only CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built @@ -354,7 +355,7 @@ CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-4476 backport (tar) #280961 [since FEDORA-2007-2800] tar-1.17-4.fc8 CVE-2007-4476 backport (cpio, not fixed 2.9) #363891 [since FEDORA-2007-2827] cpio-2.9-5.fc8 -CVE-2007-4400 VULNERABLE (konversation) #362921 [since FEDORA-2008-2062] Remove media script? +CVE-2007-4400 fixed (konversation) #362921 [since FEDORA-2008-2062] Remove media script? CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982] CVE-2007-4352 backport (xpdf) #372471 [since FEDORA-2007-3014] CVE-2007-4352 backport (cups) [since FEDORA-2007-2982] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.181 retrieving revision 1.182 diff -u -r1.181 -r1.182 --- f9 7 Apr 2008 12:16:06 -0000 1.181 +++ f9 10 Apr 2008 06:34:49 -0000 1.182 @@ -4,6 +4,7 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) +441683 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] 249840 VULNERABLE (tor) CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441248 CVE-2008-1658 VULNERABLE (PolicyKit) #439996 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.347 retrieving revision 1.348 diff -u -r1.347 -r1.348 --- fc7 7 Apr 2008 12:16:06 -0000 1.347 +++ fc7 10 Apr 2008 06:34:49 -0000 1.348 @@ -5,35 +5,36 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 +441683 VULNERABLE (rsync, fixed 3.0.2) #441689 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] -CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440248 +CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440248 [since FEDORA-2008-3010] CVE-2008-1628 ignore (audit) affected function not used by anything CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2815] CVE-2008-1612 backport (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2729] CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) -CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435485 -CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435485 -CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435485 +CVE-2008-1563 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941] +CVE-2008-1562 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941] +CVE-2008-1561 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941] CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641] CVE-2008-1532 version (Perlbal, fixed 1.70) #439055 [since FEDORA-2008-2788] CVE-2008-1531 VULNERABLE (lighttpd) #439067 CVE-2008-1515 VULNERABLE (otrs) #439723 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch -CVE-2008-1482 VULNERABLE (xine-lib) #438669 +CVE-2008-1482 fixed (xine-lib) #438669 [since FEDORA-2008-2945] CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471] CVE-2008-1468 fixed (namazu) #438666 [since FEDORA-2008-2678] CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL -CVE-2008-1373 VULNERABLE (cups) #440042 -CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 +CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897] +CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] CVE-2008-1360 VULNERABLE (nagios) #437851 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization CVE-2008-1333 ignore (asterisk) not affected @@ -60,9 +61,9 @@ CVE-2008-1099 VULNERABLE (moin) #438672 CVE-2008-1098 VULNERABLE (moin) #438672 CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package -CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435485 -CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435485 -CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435485 +CVE-2008-1072 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941] +CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941] +CVE-2008-1070 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941] CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928] CVE-2008-1066 VULNERABLE (gallery2) #438059 [since FEDORA-2008-2650] CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656] @@ -74,7 +75,7 @@ CVE-2008-0928 fixed (kvm) #433565 [since FEDORA-2008-1993] CVE-2008-0928 fixed (xen) #434638 [since FEDORA-2008-2083] CVE-2008-0888 ignore (unzip) caught by glibc malloc checks -CVE-2008-0887 VULNERABLE (gnome-screensaver) #440255 +CVE-2008-0887 fixed (gnome-screensaver) #440255 [since FEDORA-2008-2967] CVE-2008-0806 fixed (wyrd) #433721 [since FEDORA-2008-1986] CVE-2008-0882 fixed (cups, fixed 1.3.6) #433802 [since FEDORA-2008-1976] CVE-2008-0782 fixed (moin) #432020 [since FEDORA-2008-1486] @@ -161,12 +162,12 @@ CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] -CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438191 +CVE-2008-0073 fixed (xine-lib, fixed 1.1.11) #438191 [since FEDORA-2008-2945] CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290] CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] -CVE-2008-0053 VULNERABLE (cups) #440042 -CVE-2008-0047 VULNERABLE (cups) #440042 +CVE-2008-0053 fixed (cups) #440042 [since FEDORA-2008-2897] +CVE-2008-0047 fixed (cups) #440042 [since FEDORA-2008-2897] CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] @@ -222,7 +223,7 @@ CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision -CVE-2007-6321 VULNERABLE (roundcubemail) #423281 +CVE-2007-6321 VULNERABLE (roundcubemail) #423281 [since FEDORA-2008-3019] CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6313 ignore (mysql) 5.1+ only CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built @@ -432,7 +433,7 @@ CVE-2007-4465 version (httpd) [since FEDORA-2007-2214] CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774] -CVE-2007-4400 VULNERABLE (konversation) #362911 [since FEDORA-2008-2122] +CVE-2007-4400 fixed (konversation) #362911 [since FEDORA-2008-2122] CVE-2007-4357 ignore (firefox) status bar can be overwrittten CVE-2007-4352 backport (xpdf) #372461 [since FEDORA-2007-3031] CVE-2007-4352 backport (cups) [since FEDORA-2007-3100] From fedora-security-commits at redhat.com Mon Apr 14 08:49:28 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Apr 2008 08:49:28 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.192, 1.193 f9, 1.182, 1.183 fc7, 1.348, 1.349 Message-ID: <200804140849.m3E8nSgW022389@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22244/audit Modified Files: f8 f9 fc7 Log Message: add drupal, swfdec Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.192 retrieving revision 1.193 diff -u -r1.192 -r1.193 --- f8 10 Apr 2008 06:34:49 -0000 1.192 +++ f8 14 Apr 2008 08:48:58 -0000 1.193 @@ -7,6 +7,7 @@ 441683 VULNERABLE (rsync, fixed 3.0.2) #441690 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 VULNERABLE (tor) +CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441247 CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987] CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.182 retrieving revision 1.183 diff -u -r1.182 -r1.183 --- f9 10 Apr 2008 06:34:49 -0000 1.182 +++ f9 14 Apr 2008 08:48:58 -0000 1.183 @@ -4,8 +4,10 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) +none version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9] 441683 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] 249840 VULNERABLE (tor) +CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9] CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441248 CVE-2008-1658 VULNERABLE (PolicyKit) #439996 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.348 retrieving revision 1.349 diff -u -r1.348 -r1.349 --- fc7 10 Apr 2008 06:34:49 -0000 1.348 +++ fc7 14 Apr 2008 08:48:58 -0000 1.349 @@ -8,6 +8,7 @@ 441683 VULNERABLE (rsync, fixed 3.0.2) #441689 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] From fedora-security-commits at redhat.com Mon Apr 14 17:02:32 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Apr 2008 17:02:32 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.193, 1.194 f9, 1.183, 1.184 fc7, 1.349, 1.350 Message-ID: <200804141702.m3EH2WLu009583@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9476/audit Modified Files: f8 f9 fc7 Log Message: add clamav, note rsync bz id, update nethack note Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.193 retrieving revision 1.194 diff -u -r1.193 -r1.194 --- f8 14 Apr 2008 08:48:58 -0000 1.193 +++ f8 14 Apr 2008 17:02:02 -0000 1.194 @@ -4,10 +4,10 @@ # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) -441683 VULNERABLE (rsync, fixed 3.0.2) #441690 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 VULNERABLE (tor) CVE-2008-1729 ignore (drupal) 6.x only +CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441690 CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441247 CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987] CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 @@ -59,6 +59,7 @@ CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043] +CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442363 CVE-2008-1099 VULNERABLE (moin) #438673 CVE-2008-1098 VULNERABLE (moin) #438673 CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package @@ -332,7 +333,7 @@ CVE-2007-5333 fixed (tomcat5) #428255 [since FEDORA-2008-1467] CVE-2007-5201 fixed (duplicity, no upstream fix) #362831 [since FEDORA-2008-1521] CVE-2007-5200 version (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8 -CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891 +CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891 CVE-2007-5197 version (mono, fixed 1.2.5.1) #367541 [since FEDORA-2007-2969] CVE-2007-5162 version (ruby) [since FEDORA-2007-2812] CVE-2007-5116 backport (perl) #378141 [since FEDORA-2007-3218] @@ -429,6 +430,7 @@ CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this. CVE-2006-2894 version (firefox, fixed 2.0.0.8) CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511 +CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.183 retrieving revision 1.184 diff -u -r1.183 -r1.184 --- f9 14 Apr 2008 08:48:58 -0000 1.183 +++ f9 14 Apr 2008 17:02:02 -0000 1.184 @@ -5,9 +5,9 @@ # (mozilla) = (gecko-libs dependent stuff) none version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9] -441683 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] 249840 VULNERABLE (tor) CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9] +CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441248 CVE-2008-1658 VULNERABLE (PolicyKit) #439996 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376 @@ -57,6 +57,7 @@ CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9] CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] +CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 CVE-2008-1099 VULNERABLE (moin) #438674 CVE-2008-1098 VULNERABLE (moin) #438674 CVE-2008-1078 VULNERABLE (am-utils) #437746 @@ -404,6 +405,7 @@ CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this. CVE-2006-2894 version (firefox, fixed 2.0.0.8) CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511 +CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group CVE-2006-0987 ignore (bind) example config file only CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253 CVE-2005-4809 ignore (firefox) Status bar can be modified anyways Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.349 retrieving revision 1.350 diff -u -r1.349 -r1.350 --- fc7 14 Apr 2008 08:48:58 -0000 1.349 +++ fc7 14 Apr 2008 17:02:02 -0000 1.350 @@ -5,10 +5,10 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -441683 VULNERABLE (rsync, fixed 3.0.2) #441689 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] CVE-2008-1729 ignore (drupal) 6.x only +CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441689 CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] @@ -59,6 +59,7 @@ CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047] +CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442362 CVE-2008-1099 VULNERABLE (moin) #438672 CVE-2008-1098 VULNERABLE (moin) #438672 CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package @@ -354,7 +355,7 @@ CVE-2007-5208 backport (hplip) #329111 [since FEDORA-2007-2527] CVE-2007-5201 fixed (duplicity) #362821 [since FEDORA-2008-1584] CVE-2007-5200 backport (hugin) #362851 [since FEDORA-2007-2989] -CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881 +CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881 CVE-2007-5197 backport (mono, fixed 1.2.5.1) #367531 [since FEDORA-2007-3130] CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462] CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406] @@ -1527,7 +1528,7 @@ CVE-2006-1494 version (php, fixed 5.1.3) CVE-2006-1490 version (php, fixed 5.1.4) CVE-2006-1470 version (openldap, not 2.3.24 at least) -CVE-2006-1390 ignore (nethack) Gentoo-specific problem bz#187353 +CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group *CVE-2006-1370 ** (helixplayer) CVE-2006-1368 version (kernel, fixed 2.6.16) CVE-2006-1354 version (freeradius, fixed 1.1.2 at least) From fedora-security-commits at redhat.com Tue Apr 15 07:47:26 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 15 Apr 2008 07:47:26 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.194, 1.195 f9, 1.184, 1.185 fc7, 1.350, 1.351 Message-ID: <200804150747.m3F7lQqx027096@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27072/audit Modified Files: f8 f9 fc7 Log Message: note libpng, m4 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.194 retrieving revision 1.195 diff -u -r1.194 -r1.195 --- f8 14 Apr 2008 17:02:02 -0000 1.194 +++ f8 15 Apr 2008 07:46:56 -0000 1.195 @@ -8,6 +8,8 @@ 249840 VULNERABLE (tor) CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441690 +CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue +CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441247 CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987] CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 @@ -24,7 +26,6 @@ CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641] CVE-2008-1532 version (Perlbal, fixed 1.70) #439056 [since FEDORA-2008-2778] CVE-2008-1531 VULNERABLE (lighttpd) #439068 -CVE-2008-1515 VULNERABLE (otrs) #439724 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849] @@ -33,6 +34,8 @@ CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] +CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used +CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.184 retrieving revision 1.185 diff -u -r1.184 -r1.185 --- f9 14 Apr 2008 17:02:02 -0000 1.184 +++ f9 15 Apr 2008 07:46:56 -0000 1.185 @@ -8,6 +8,8 @@ 249840 VULNERABLE (tor) CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9] CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] +CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue +CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441248 CVE-2008-1658 VULNERABLE (PolicyKit) #439996 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376 @@ -24,7 +26,6 @@ CVE-2008-1552 version (libsilc, fixed 1.1.7) #438382 [since libsilc-1.1.7-1.fc9] CVE-2008-1532 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9] CVE-2008-1531 VULNERABLE (lighttpd) #439069 -CVE-2008-1515 VULNERABLE (otrs) #439725 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9] @@ -33,6 +34,8 @@ CVE-2008-1467 fixed (centerim) #438871 CVE-2008-1394 ignore (plone) CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] +CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used +CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 VULNERABLE (cups) #440041 CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.350 retrieving revision 1.351 diff -u -r1.350 -r1.351 --- fc7 14 Apr 2008 17:02:02 -0000 1.350 +++ fc7 15 Apr 2008 07:46:56 -0000 1.351 @@ -9,6 +9,8 @@ 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441689 +CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue +CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] @@ -33,6 +35,8 @@ CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] +CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used +CVE-2008-1382 ignore (libpng10) minimal impact, affected api rarely used CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897] CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] From fedora-security-commits at redhat.com Tue Apr 15 17:19:22 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 15 Apr 2008 17:19:22 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.195, 1.196 f9, 1.185, 1.186 fc7, 1.351, 1.352 Message-ID: <200804151719.m3FHJMFf015438@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15412/audit Modified Files: f8 f9 fc7 Log Message: add speex Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.195 retrieving revision 1.196 diff -u -r1.195 -r1.196 --- f8 15 Apr 2008 07:46:56 -0000 1.195 +++ f8 15 Apr 2008 17:18:52 -0000 1.196 @@ -11,6 +11,7 @@ CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441247 +CVE-2008-1686 VULNERABLE (speex) #442572 CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987] CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.185 retrieving revision 1.186 diff -u -r1.185 -r1.186 --- f9 15 Apr 2008 07:46:56 -0000 1.185 +++ f9 15 Apr 2008 17:18:52 -0000 1.186 @@ -11,6 +11,7 @@ CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441248 +CVE-2008-1686 VULNERABLE (speex) [since speex-1.2-0.7.beta3] CVE-2008-1658 VULNERABLE (PolicyKit) #439996 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376 CVE-2008-1652 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.351 retrieving revision 1.352 diff -u -r1.351 -r1.352 --- fc7 15 Apr 2008 07:46:56 -0000 1.351 +++ fc7 15 Apr 2008 17:18:52 -0000 1.352 @@ -12,6 +12,7 @@ CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 +CVE-2008-1686 VULNERABLE (speex) #442571 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440248 [since FEDORA-2008-3010] From fedora-security-commits at redhat.com Wed Apr 16 07:35:52 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 16 Apr 2008 07:35:52 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.196, 1.197 f9, 1.186, 1.187 fc7, 1.352, 1.353 Message-ID: <200804160735.m3G7Zqc0027947@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27920/audit Modified Files: f8 f9 fc7 Log Message: update comix Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.196 retrieving revision 1.197 diff -u -r1.196 -r1.197 --- f8 15 Apr 2008 17:18:52 -0000 1.196 +++ f8 16 Apr 2008 07:35:22 -0000 1.197 @@ -6,6 +6,7 @@ 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 VULNERABLE (tor) +CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441690 CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue @@ -19,7 +20,7 @@ CVE-2008-1628 VULNERABLE (audit) [since audit-1.6.8-4.fc8] CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868] CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] -CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 +CVE-2008-1568 fixed (comix) improper shell escaping, bz#430635 [since FEDORA-2008-2981] CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) CVE-2008-1563 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] CVE-2008-1562 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.186 retrieving revision 1.187 diff -u -r1.186 -r1.187 --- f9 15 Apr 2008 17:18:52 -0000 1.186 +++ f9 16 Apr 2008 07:35:22 -0000 1.187 @@ -6,6 +6,7 @@ none version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9] 249840 VULNERABLE (tor) +CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9] CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9] CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.352 retrieving revision 1.353 diff -u -r1.352 -r1.353 --- fc7 15 Apr 2008 17:18:52 -0000 1.352 +++ fc7 16 Apr 2008 07:35:22 -0000 1.353 @@ -7,6 +7,7 @@ 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441689 CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue @@ -19,7 +20,7 @@ CVE-2008-1628 ignore (audit) affected function not used by anything CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2815] CVE-2008-1612 backport (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2729] -CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635 +CVE-2008-1568 fixed (comix) improper shell escaping, bz#430635 [since FEDORA-2008-2993] CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) CVE-2008-1563 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941] CVE-2008-1562 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941] From fedora-security-commits at redhat.com Wed Apr 16 10:16:53 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 16 Apr 2008 10:16:53 GMT Subject: [Fedora-security-commits] fedora-security/audit f9,1.187,1.188 Message-ID: <200804161016.m3GAGrkZ019430@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19359/audit Modified Files: f9 Log Message: note mt-daapd Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.187 retrieving revision 1.188 diff -u -r1.187 -r1.188 --- f9 16 Apr 2008 07:35:22 -0000 1.187 +++ f9 16 Apr 2008 10:16:23 -0000 1.188 @@ -7,6 +7,7 @@ none version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9] 249840 VULNERABLE (tor) CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9] +CVE-2008-1771 ignore (mt-daapd) current Fedora version does not seem affected CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9] CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue From fedora-security-commits at redhat.com Wed Apr 16 16:06:07 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 16 Apr 2008 16:06:07 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.197, 1.198 f9, 1.188, 1.189 fc7, 1.353, 1.354 Message-ID: <200804161606.m3GG67fY006118@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6057/audit Modified Files: f8 f9 fc7 Log Message: note clamav, swfdec cve id Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.197 retrieving revision 1.198 diff -u -r1.197 -r1.198 --- f8 16 Apr 2008 07:35:22 -0000 1.197 +++ f8 16 Apr 2008 16:05:37 -0000 1.198 @@ -6,6 +6,10 @@ 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 VULNERABLE (tor) +CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped +CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442363 +CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped +CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442363 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441690 @@ -36,6 +40,7 @@ CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] +CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442363 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL @@ -148,6 +153,7 @@ CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1625] +CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442363 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1459] CVE-2008-0304 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.188 retrieving revision 1.189 diff -u -r1.188 -r1.189 --- f9 16 Apr 2008 10:16:23 -0000 1.188 +++ f9 16 Apr 2008 16:05:37 -0000 1.189 @@ -4,8 +4,12 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) -none version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9] 249840 VULNERABLE (tor) +CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped +CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 +CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped +CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9] +CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9] CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9] CVE-2008-1771 ignore (mt-daapd) current Fedora version does not seem affected CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9] @@ -37,6 +41,7 @@ CVE-2008-1467 fixed (centerim) #438871 CVE-2008-1394 ignore (plone) CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] +CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL @@ -145,6 +150,7 @@ CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0318 fixed (clamav, fixed 0.92.1) +CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442364 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9] CVE-2008-0304 version (thuderbird, fixed 2.0.0.12) [since thunderbird-2.0.0.12-1.fc9] CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.353 retrieving revision 1.354 diff -u -r1.353 -r1.354 --- fc7 16 Apr 2008 07:35:22 -0000 1.353 +++ fc7 16 Apr 2008 16:05:37 -0000 1.354 @@ -7,6 +7,10 @@ 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped +CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442362 +CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped +CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442362 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441689 @@ -37,6 +41,7 @@ CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] +CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442362 CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 ignore (libpng10) minimal impact, affected api rarely used CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL @@ -148,6 +153,7 @@ CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1608] +CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442362 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1669] CVE-2008-0304 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118] CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] From fedora-security-commits at redhat.com Thu Apr 17 09:20:51 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 17 Apr 2008 09:20:51 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.198, 1.199 f9, 1.189, 1.190 fc7, 1.354, 1.355 Message-ID: <200804170920.m3H9Kpbb012639@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12611/audit Modified Files: f8 f9 fc7 Log Message: add OOo and recent mozilla CVEs Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.198 retrieving revision 1.199 diff -u -r1.198 -r1.199 --- f8 16 Apr 2008 16:05:37 -0000 1.198 +++ f8 17 Apr 2008 09:20:21 -0000 1.199 @@ -43,6 +43,9 @@ CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442363 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used +CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) +CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442851 +CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] @@ -58,9 +61,32 @@ CVE-2008-1289 fixed (asterisk, fixed 1.4.18.1) #438133 [since FEDORA-2008-2554] CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2362] CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects. +CVE-2008-1241 version (firefox, fixed 2.0.0.13) +CVE-2008-1241 version (seamonkey, fixed 1.1.9) +CVE-2008-1240 version (firefox, fixed 2.0.0.13) +CVE-2008-1240 version (seamonkey, fixed 1.1.9) +CVE-2008-1238 version (firefox, fixed 2.0.0.13) +CVE-2008-1238 version (seamonkey, fixed 1.1.9) +CVE-2008-1237 version (firefox, fixed 2.0.0.13) +CVE-2008-1237 version (seamonkey, fixed 1.1.9) +CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 +CVE-2008-1236 version (firefox, fixed 2.0.0.13) +CVE-2008-1236 version (seamonkey, fixed 1.1.9) +CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 +CVE-2008-1235 version (firefox, fixed 2.0.0.13) +CVE-2008-1235 version (seamonkey, fixed 1.1.9) +CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 +CVE-2008-1234 version (firefox, fixed 2.0.0.13) +CVE-2008-1234 version (seamonkey, fixed 1.1.9) +CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 +CVE-2008-1233 version (firefox, fixed 2.0.0.13) +CVE-2008-1233 version (seamonkey, fixed 1.1.9) +CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 **CVE-2008-1227 fixed (libsilc) We updated this as non-security CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2464] not in default config +CVE-2008-1195 version (firefox, fixed 2.0.0.13) +CVE-2008-1195 version (seamonkey, fixed 1.1.9) CVE-2008-1184 version (dnssec-tools, fixed 1.3.2) [since FEDORA-2008-1771] CVE-2008-1161 version (xine-lib, fixed 1.1.10.1) [since FEDORA-2008-1543] CVE-2008-1149 version (phpMyAdmin, fixed 2.11.5) [since FEDORA-2008-2189] @@ -137,6 +163,9 @@ CVE-2008-0418 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] CVE-2008-0417 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] CVE-2008-0417 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] +CVE-2008-0416 version (firefox, fixed 2.0.0.12) +CVE-2008-0416 version (thunderbird, fixed 2.0.0.12) +CVE-2008-0416 version (seamonkey, fixed 1.1.8) CVE-2008-0415 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] CVE-2008-0415 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] CVE-2008-0415 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] @@ -152,6 +181,7 @@ CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] CVE-2008-0364 ignore (bittorrent) Windows only +CVE-2008-0320 VULNERABLE (openoffice.org, fixed 2.4) #442846 CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1625] CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442363 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1459] @@ -312,6 +342,9 @@ CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] +CVE-2007-5747 VULNERABLE (openoffice.org, fixed 2.4) #442846 +CVE-2007-5746 VULNERABLE (openoffice.org, fixed 2.4) #442846 +CVE-2007-5745 VULNERABLE (openoffice.org, fixed 2.4) #442846 CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788] CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] @@ -354,6 +387,8 @@ CVE-2007-5000 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) +CVE-2007-4879 version (firefox, fixed 2.0.0.13) +CVE-2007-4879 version (seamonkey, fixed 1.1.9) CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281 CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.189 retrieving revision 1.190 diff -u -r1.189 -r1.190 --- f9 16 Apr 2008 16:05:37 -0000 1.189 +++ f9 17 Apr 2008 09:20:21 -0000 1.190 @@ -44,6 +44,9 @@ CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used +CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) +CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442852 +CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 VULNERABLE (cups) #440041 CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9] @@ -56,14 +59,37 @@ CVE-2008-1289 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] CVE-2008-1284 version (horde, fixed 3.1.7) #436628 CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects. +CVE-2008-1241 version (firefox, fixed 2.0.0.13) +CVE-2008-1241 version (seamonkey, fixed 1.1.9) +CVE-2008-1240 version (firefox, fixed 2.0.0.13) +CVE-2008-1240 version (seamonkey, fixed 1.1.9) +CVE-2008-1238 version (firefox, fixed 2.0.0.13) +CVE-2008-1238 version (seamonkey, fixed 1.1.9) +CVE-2008-1237 version (firefox, fixed 2.0.0.13) +CVE-2008-1237 version (seamonkey, fixed 1.1.9) +CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 +CVE-2008-1236 version (firefox, fixed 2.0.0.13) +CVE-2008-1236 version (seamonkey, fixed 1.1.9) +CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 +CVE-2008-1235 version (firefox, fixed 2.0.0.13) +CVE-2008-1235 version (seamonkey, fixed 1.1.9) +CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 +CVE-2008-1234 version (firefox, fixed 2.0.0.13) +CVE-2008-1234 version (seamonkey, fixed 1.1.9) +CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 +CVE-2008-1233 version (firefox, fixed 2.0.0.13) +CVE-2008-1233 version (seamonkey, fixed 1.1.9) +CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 **CVE-2008-1227 fixed (libsilc) We updated this as non-security CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config -CVE-2008-1142 ignore (rxvt) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296 +CVE-2008-1195 version (firefox, fixed 2.0.0.13) +CVE-2008-1195 version (seamonkey, fixed 1.1.9) CVE-2008-1184 version (dnssec-tools, fixed 1.3.2) [since dnssec-tools-1.3.2-1.fc9] CVE-2008-1161 version (xine-lib, fixed 1.1.10.1) [since xine-lib-1.1.10.1-1.fc9] CVE-2008-1149 version (phpMyAdmin, fixed 2.11.5) [since phpMyAdmin-2.11.5-1.fc9] CVE-2008-1145 version (ruby, fixed 1.8.6-p114) [since ruby-1.8.6.114-1.fc9] +CVE-2008-1142 ignore (rxvt) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296 CVE-2008-1133 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9] CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9] CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] @@ -134,6 +160,9 @@ CVE-2008-0418 version (thuderbird, fixed 2.0.0.12) [since thunderbird-2.0.0.12-1.fc9] CVE-2008-0417 version (firefox, fixed 2.0.0.12) CVE-2008-0417 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9] +CVE-2008-0416 version (firefox, fixed 2.0.0.12) +CVE-2008-0416 version (thunderbird, fixed 2.0.0.12) +CVE-2008-0416 version (seamonkey, fixed 1.1.8) CVE-2008-0415 version (firefox, fixed 2.0.0.12) CVE-2008-0415 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9] CVE-2008-0415 version (thuderbird, fixed 2.0.0.12) [since thunderbird-2.0.0.12-1.fc9] @@ -149,6 +178,7 @@ CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9] CVE-2008-0364 ignore (bittorrent) Windows only +CVE-2008-0320 version (openoffice.org, fixed 2.4) CVE-2008-0318 fixed (clamav, fixed 0.92.1) CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442364 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9] @@ -309,6 +339,9 @@ CVE-2007-5760 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] +CVE-2007-5747 version (openoffice.org, fixed 2.4) +CVE-2007-5746 version (openoffice.org, fixed 2.4) +CVE-2007-5745 version (openoffice.org, fixed 2.4) CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9] CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9] @@ -345,6 +378,8 @@ CVE-2007-5000 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) +CVE-2007-4879 version (firefox, fixed 2.0.0.13) +CVE-2007-4879 version (seamonkey, fixed 1.1.9) CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 CVE-2007-4772 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-4771 backport (icu) [since icu-3.8.1-3.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.354 retrieving revision 1.355 diff -u -r1.354 -r1.355 --- fc7 16 Apr 2008 16:05:37 -0000 1.354 +++ fc7 17 Apr 2008 09:20:21 -0000 1.355 @@ -44,6 +44,9 @@ CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442362 CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 ignore (libpng10) minimal impact, affected api rarely used +CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) +CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442850 +CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897] CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] @@ -59,9 +62,32 @@ CVE-2008-1289 fixed (asterisk, fixed 1.4.18.1) #438132 [since FEDORA-2008-2620] CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2406] CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects. +CVE-2008-1241 version (firefox, fixed 2.0.0.13) +CVE-2008-1241 version (seamonkey, fixed 1.1.9) +CVE-2008-1240 version (firefox, fixed 2.0.0.13) +CVE-2008-1240 version (seamonkey, fixed 1.1.9) +CVE-2008-1238 version (firefox, fixed 2.0.0.13) +CVE-2008-1238 version (seamonkey, fixed 1.1.9) +CVE-2008-1237 version (firefox, fixed 2.0.0.13) +CVE-2008-1237 version (seamonkey, fixed 1.1.9) +CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 +CVE-2008-1236 version (firefox, fixed 2.0.0.13) +CVE-2008-1236 version (seamonkey, fixed 1.1.9) +CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 +CVE-2008-1235 version (firefox, fixed 2.0.0.13) +CVE-2008-1235 version (seamonkey, fixed 1.1.9) +CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 +CVE-2008-1234 version (firefox, fixed 2.0.0.13) +CVE-2008-1234 version (seamonkey, fixed 1.1.9) +CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 +CVE-2008-1233 version (firefox, fixed 2.0.0.13) +CVE-2008-1233 version (seamonkey, fixed 1.1.9) +CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 **CVE-2008-1227 fixed (libsilc) We updated this as non-security CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2475] marginally affected CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2475] not in default config +CVE-2008-1195 version (firefox, fixed 2.0.0.13) +CVE-2008-1195 version (seamonkey, fixed 1.1.9) CVE-2008-1184 version (dnssec-tools, fixed 1.3.2) [since FEDORA-2008-1758] CVE-2008-1161 version (xine-lib, fixed 1.1.10.1) [since FEDORA-2008-1581] CVE-2008-1149 version (phpMyAdmin, fixed 2.11.5) [since FEDORA-2008-2229] @@ -137,6 +163,9 @@ CVE-2008-0418 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118] CVE-2008-0417 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435] CVE-2008-0417 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669] +CVE-2008-0416 version (firefox, fixed 2.0.0.12) +CVE-2008-0416 version (thunderbird, fixed 2.0.0.12) +CVE-2008-0416 version (seamonkey, fixed 1.1.8) CVE-2008-0415 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435] CVE-2008-0415 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669] CVE-2008-0415 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118] @@ -152,6 +181,7 @@ CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] CVE-2008-0364 ignore (bittorrent) Windows only +CVE-2008-0320 VULNERABLE (openoffice.org, fixed 2.4) #442845 CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1608] CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442362 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1669] @@ -311,6 +341,9 @@ CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] +CVE-2007-5747 VULNERABLE (openoffice.org, fixed 2.4) #442845 +CVE-2007-5746 VULNERABLE (openoffice.org, fixed 2.4) #442845 +CVE-2007-5745 VULNERABLE (openoffice.org, fixed 2.4) #442845 CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago @@ -394,6 +427,8 @@ CVE-2007-4897 version (opal, fixed 2.2.9) CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143] +CVE-2007-4879 version (firefox, fixed 2.0.0.13) +CVE-2007-4879 version (seamonkey, fixed 1.1.9) CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137 CVE-2007-4841 ignore (mozilla) Windows only CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3431] windows only anyway From fedora-security-commits at redhat.com Thu Apr 17 12:02:44 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 17 Apr 2008 12:02:44 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.199, 1.200 f9, 1.190, 1.191 fc7, 1.355, 1.356 Message-ID: <200804171202.m3HC2itx003417@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3387/audit Modified Files: f8 f9 fc7 Log Message: add xine-lib Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.199 retrieving revision 1.200 diff -u -r1.199 -r1.200 --- f8 17 Apr 2008 09:20:21 -0000 1.199 +++ f8 17 Apr 2008 12:02:14 -0000 1.200 @@ -4,6 +4,7 @@ # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) +442882 VULNERABLE (xine-lib) nsf demuxer overflow 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 VULNERABLE (tor) CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.190 retrieving revision 1.191 diff -u -r1.190 -r1.191 --- f9 17 Apr 2008 09:20:21 -0000 1.190 +++ f9 17 Apr 2008 12:02:14 -0000 1.191 @@ -4,6 +4,7 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) +442882 VULNERABLE (xine-lib) nsf demuxer overflow 249840 VULNERABLE (tor) CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.355 retrieving revision 1.356 diff -u -r1.355 -r1.356 --- fc7 17 Apr 2008 09:20:21 -0000 1.355 +++ fc7 17 Apr 2008 12:02:14 -0000 1.356 @@ -5,6 +5,7 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 +442882 VULNERABLE (xine-lib) nsf demuxer overflow 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped From fedora-security-commits at redhat.com Fri Apr 18 08:19:08 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 18 Apr 2008 08:19:08 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.200, 1.201 fc7, 1.356, 1.357 Message-ID: <200804180819.m3I8J8DK002848@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2821/audit Modified Files: f8 fc7 Log Message: check updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.200 retrieving revision 1.201 diff -u -r1.200 -r1.201 --- f8 17 Apr 2008 12:02:14 -0000 1.200 +++ f8 18 Apr 2008 08:18:37 -0000 1.201 @@ -13,11 +13,11 @@ CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442363 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] CVE-2008-1729 ignore (drupal) 6.x only -CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441690 +CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441690 [since FEDORA-2008-3047] CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue -CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441247 -CVE-2008-1686 VULNERABLE (speex) #442572 +CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441247 [since FEDORA-2008-3059] +CVE-2008-1686 fixed (speex) #442572 [since FEDORA-2008-3103] CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987] CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778] @@ -104,7 +104,7 @@ CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040] CVE-2008-1070 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040] CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911] -CVE-2008-1066 VULNERABLE (gallery2) #438058 [since FEDORA-2008-2587] +CVE-2008-1066 fixed (gallery2) #438058 [since FEDORA-2008-2587] CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062 CVE-2008-1010 ignore (WebKit) Nothing uses WebKit CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262] @@ -378,7 +378,7 @@ CVE-2007-5333 fixed (tomcat5) #428255 [since FEDORA-2008-1467] CVE-2007-5201 fixed (duplicity, no upstream fix) #362831 [since FEDORA-2008-1521] CVE-2007-5200 version (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8 -CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891 +CVE-2007-5198 fixed (nagios-plugins, fixed 1.4.10) #362891 [since FEDORA-2008-3061] CVE-2007-5197 version (mono, fixed 1.2.5.1) #367541 [since FEDORA-2007-2969] CVE-2007-5162 version (ruby) [since FEDORA-2007-2812] CVE-2007-5116 backport (perl) #378141 [since FEDORA-2007-3218] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.356 retrieving revision 1.357 diff -u -r1.356 -r1.357 --- fc7 17 Apr 2008 12:02:14 -0000 1.356 +++ fc7 18 Apr 2008 08:18:37 -0000 1.357 @@ -14,11 +14,11 @@ CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442362 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] CVE-2008-1729 ignore (drupal) 6.x only -CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441689 +CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060] CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue -CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 -CVE-2008-1686 VULNERABLE (speex) #442571 +CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117] +CVE-2008-1686 fixed (speex) #442571 [since FEDORA-2008-3191] CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440248 [since FEDORA-2008-3010] @@ -105,7 +105,7 @@ CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941] CVE-2008-1070 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941] CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928] -CVE-2008-1066 VULNERABLE (gallery2) #438059 [since FEDORA-2008-2650] +CVE-2008-1066 fixed (gallery2) #438059 [since FEDORA-2008-2650] CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656] CVE-2008-1010 ignore (WebKit) Nothing uses WebKit CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278] @@ -401,7 +401,7 @@ CVE-2007-5208 backport (hplip) #329111 [since FEDORA-2007-2527] CVE-2007-5201 fixed (duplicity) #362821 [since FEDORA-2008-1584] CVE-2007-5200 backport (hugin) #362851 [since FEDORA-2007-2989] -CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881 +CVE-2007-5198 fixed (nagios-plugins, fixed 1.4.10) #362881 [since FEDORA-2008-3146] CVE-2007-5197 backport (mono, fixed 1.2.5.1) #367531 [since FEDORA-2007-3130] CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462] CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406] From fedora-security-commits at redhat.com Fri Apr 18 15:33:16 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 18 Apr 2008 15:33:16 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.201, 1.202 f9, 1.191, 1.192 fc7, 1.357, 1.358 Message-ID: <200804181533.m3IFXGT1020832@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20565/audit Modified Files: f8 f9 fc7 Log Message: note xpdf, dbmail, xine-lib CVE id note some f9 updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.201 retrieving revision 1.202 diff -u -r1.201 -r1.202 --- f8 18 Apr 2008 08:18:37 -0000 1.201 +++ f8 18 Apr 2008 15:32:46 -0000 1.202 @@ -4,9 +4,9 @@ # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) -442882 VULNERABLE (xine-lib) nsf demuxer overflow -293031 fixed (nx) #293031 [since FEDORA-2008-2258] -249840 VULNERABLE (tor) +rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] +rhbz249840 VULNERABLE (tor) +CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443055 nsf demuxer overflow CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442363 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped @@ -14,6 +14,10 @@ CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441690 [since FEDORA-2008-3047] +CVE-2008-1693 version (xpdf, fixed 3.02) +CVE-2008-1693 version (poppler, fixed 0.6.2) +CVE-2008-1693 ignore (kdegraphics) not affected +CVE-2008-1693 ignore (koffice) not affected CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441247 [since FEDORA-2008-3059] @@ -218,6 +222,7 @@ CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] CVE-2008-0002 fixed (tomcat5) #432474 [since FEDORA-2008-1467] +CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443021 CVE-2007-6703 VULNERABLE (vdccm) #436025 CVE-2007-6698 version (openldap, fixed 2.3.36) CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430241 [since FEDORA-2008-1208] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.191 retrieving revision 1.192 diff -u -r1.191 -r1.192 --- f9 17 Apr 2008 12:02:14 -0000 1.191 +++ f9 18 Apr 2008 15:32:46 -0000 1.192 @@ -4,25 +4,29 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) -442882 VULNERABLE (xine-lib) nsf demuxer overflow -249840 VULNERABLE (tor) +rhbz249840 VULNERABLE (tor) +CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9] CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9] CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9] -CVE-2008-1771 ignore (mt-daapd) current Fedora version does not seem affected +CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9] CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9] -CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] +CVE-2008-1720 version (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] +CVE-2008-1693 version (xpdf, fixed 3.02) +CVE-2008-1693 version (poppler, fixed 0.6.2) +CVE-2008-1693 ignore (kdegraphics) not affected +CVE-2008-1693 ignore (koffice) not affected CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue -CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441248 -CVE-2008-1686 VULNERABLE (speex) [since speex-1.2-0.7.beta3] -CVE-2008-1658 VULNERABLE (PolicyKit) #439996 -CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376 +CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9] +CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3] +CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9] +CVE-2008-1657 version (openssh, fixed 4.9) #440376 [since openssh-5.0p1-1.fc9] CVE-2008-1652 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9] -CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440250 +CVE-2008-1637 version (pdns-recursor, fixed 3.1.5) #440250 [since pdns-recursor-3.1.5-1.fc9] CVE-2008-1628 version (audit) [since audit-1.7-2.fc9] CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9] CVE-2008-1612 ignore (squid, fixed 2.6.STABLE19) 3.0 was not affected @@ -215,6 +219,7 @@ CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) CVE-2008-0002 VULNERABLE (tomcat5) #432476 +CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443022 CVE-2007-6703 VULNERABLE (vdccm) #436027 CVE-2007-6698 version (openldap, fixed 2.3.36) CVE-2007-6697 backport (SDL_image, fixed 1.2.7) #430238 [since SDL_image-1.2.6-4.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.357 retrieving revision 1.358 diff -u -r1.357 -r1.358 --- fc7 18 Apr 2008 08:18:37 -0000 1.357 +++ fc7 18 Apr 2008 15:32:46 -0000 1.358 @@ -5,9 +5,9 @@ # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) # A couple of first F7 updates were marked as FEDORA-2007-0001 -442882 VULNERABLE (xine-lib) nsf demuxer overflow -293031 fixed (nx) #293031 [since FEDORA-2008-2258] -249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] +rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443054 nsf demuxer overflow CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442362 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped @@ -15,6 +15,10 @@ CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060] +CVE-2008-1693 version (xpdf, fixed 3.02) +CVE-2008-1693 ignore (kdegraphics) not affected +CVE-2008-1693 ignore (koffice) not affected +CVE-2008-1693 VULNERABLE (poppler, fixed 0.6.2) #443026 CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117] @@ -218,6 +222,7 @@ CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] CVE-2008-0002 fixed (tomcat5) #432475 [since FEDORA-2008-1603] +CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443020 CVE-2007-6703 fixed (vdccm) #436026 [since FEDORA-2008-0680] CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307] CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430239 [since FEDORA-2008-1231] From fedora-security-commits at redhat.com Wed Apr 23 10:06:41 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 23 Apr 2008 10:06:41 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.202, 1.203 f9, 1.192, 1.193 fc7, 1.358, 1.359 Message-ID: <200804231006.m3NA6fPl008974@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8939/audit Modified Files: f8 f9 fc7 Log Message: note WebKit, asterisk Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.202 retrieving revision 1.203 diff -u -r1.202 -r1.203 --- f8 18 Apr 2008 15:32:46 -0000 1.202 +++ f8 23 Apr 2008 10:06:11 -0000 1.203 @@ -6,6 +6,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 VULNERABLE (tor) +CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443055 nsf demuxer overflow CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442363 @@ -110,7 +111,10 @@ CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911] CVE-2008-1066 fixed (gallery2) #438058 [since FEDORA-2008-2587] CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062 -CVE-2008-1010 ignore (WebKit) Nothing uses WebKit +CVE-2008-1026 version (WebKit, fixed r31388) [since FEDORA-2008-3229] +**CVE-2008-1025 VULNERABLE (WebKit) may be fixed in SVN and hence in our packages +CVE-2008-1011 version (WebKit) [since FEDORA-2008-3229] +CVE-2008-1010 version (WebKit) [since FEDORA-2008-3229] CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262] CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped... Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.192 retrieving revision 1.193 diff -u -r1.192 -r1.193 --- f9 18 Apr 2008 15:32:46 -0000 1.192 +++ f9 23 Apr 2008 10:06:11 -0000 1.193 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 VULNERABLE (tor) +CVE-2008-1897 VULNERABLE (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9] CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 @@ -109,7 +110,10 @@ CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9] CVE-2008-1066 VULNERABLE (gallery2) #438060 CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064 -CVE-2008-1010 ignore (WebKit) #438537 Nothing uses WebKit +CVE-2008-1026 version (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc9] +**CVE-2008-1025 VULNERABLE (WebKit) may be fixed in SVN and hence in our packages +CVE-2008-1011 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9] +CVE-2008-1010 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9] CVE-2008-0983 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] CVE-2008-0947 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0932 backport (sword) #433726 [since sword-1.5.10-3.fc9] why? diatheke.pl is not shipped... Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.358 retrieving revision 1.359 diff -u -r1.358 -r1.359 --- fc7 18 Apr 2008 15:32:46 -0000 1.358 +++ fc7 23 Apr 2008 10:06:11 -0000 1.359 @@ -7,6 +7,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443054 nsf demuxer overflow CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442362 @@ -111,7 +112,10 @@ CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928] CVE-2008-1066 fixed (gallery2) #438059 [since FEDORA-2008-2650] CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656] -CVE-2008-1010 ignore (WebKit) Nothing uses WebKit +CVE-2008-1026 VULNERABLE (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc7] +**CVE-2008-1025 VULNERABLE (WebKit) may be fixed in SVN and hence in our packages +CVE-2008-1011 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] +CVE-2008-1010 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped... From fedora-security-commits at redhat.com Thu Apr 24 08:48:44 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 24 Apr 2008 08:48:44 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.203, 1.204 f9, 1.193, 1.194 fc7, 1.359, 1.360 Message-ID: <200804240848.m3O8miRW001003@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv933/audit Modified Files: f8 f9 fc7 Log Message: add blender, phpMyAdmin, util-linux-(ng), perl-Imager fix-up asterisk Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.203 retrieving revision 1.204 diff -u -r1.203 -r1.204 --- f8 23 Apr 2008 10:06:11 -0000 1.203 +++ f8 24 Apr 2008 08:48:13 -0000 1.204 @@ -6,7 +6,11 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 VULNERABLE (tor) -CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) +CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443940 +CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-2.fc8] +CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc8] PMASA-2008-3 +CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 +CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc8] CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443055 nsf demuxer overflow CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442363 @@ -101,6 +105,7 @@ CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043] +CVE-2008-1102 VULNERABLE (blender) #443936 CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442363 CVE-2008-1099 VULNERABLE (moin) #438673 CVE-2008-1098 VULNERABLE (moin) #438673 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.193 retrieving revision 1.194 diff -u -r1.193 -r1.194 --- f9 23 Apr 2008 10:06:11 -0000 1.193 +++ f9 24 Apr 2008 08:48:13 -0000 1.194 @@ -5,7 +5,11 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 VULNERABLE (tor) -CVE-2008-1897 VULNERABLE (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9] +CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941 +CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] +CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3 +CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 +CVE-2008-1897 version (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9] CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 @@ -100,6 +104,7 @@ CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9] CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] +CVE-2008-1102 VULNERABLE (blender) #443937 CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 CVE-2008-1099 VULNERABLE (moin) #438674 CVE-2008-1098 VULNERABLE (moin) #438674 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.359 retrieving revision 1.360 diff -u -r1.359 -r1.360 --- fc7 23 Apr 2008 10:06:11 -0000 1.359 +++ fc7 24 Apr 2008 08:48:13 -0000 1.360 @@ -7,7 +7,11 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] -CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) +CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 +CVE-2008-1926 VULNERABLE (util-linux) +CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3 +CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 +CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc7] CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443054 nsf demuxer overflow CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442362 @@ -102,6 +106,7 @@ CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047] +CVE-2008-1102 VULNERABLE (blender) #443935 CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442362 CVE-2008-1099 VULNERABLE (moin) #438672 CVE-2008-1098 VULNERABLE (moin) #438672 From fedora-security-commits at redhat.com Thu Apr 24 15:12:34 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 24 Apr 2008 15:12:34 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.204, 1.205 f9, 1.194, 1.195 fc7, 1.360, 1.361 Message-ID: <200804241512.m3OFCYoR026460@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26421/audit Modified Files: f8 f9 fc7 Log Message: note mksh, fix up moin Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.204 retrieving revision 1.205 diff -u -r1.204 -r1.205 --- f8 24 Apr 2008 08:48:13 -0000 1.204 +++ f8 24 Apr 2008 15:12:04 -0000 1.205 @@ -12,6 +12,7 @@ CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc8] CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443055 nsf demuxer overflow +CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3174] CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442363 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.194 retrieving revision 1.195 diff -u -r1.194 -r1.195 --- f9 24 Apr 2008 08:48:13 -0000 1.194 +++ f9 24 Apr 2008 15:12:04 -0000 1.195 @@ -11,6 +11,7 @@ CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 CVE-2008-1897 version (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9] CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow +CVE-2008-1845 VULNERABLE (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora? CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped @@ -106,8 +107,8 @@ CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] CVE-2008-1102 VULNERABLE (blender) #443937 CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 -CVE-2008-1099 VULNERABLE (moin) #438674 -CVE-2008-1098 VULNERABLE (moin) #438674 +CVE-2008-1099 version (moin, fixed 1.5.9) #438674 +CVE-2008-1098 version (moin, fixed 1.5.9) #438674 CVE-2008-1078 VULNERABLE (am-utils) #437746 CVE-2008-1072 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1071 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.360 retrieving revision 1.361 diff -u -r1.360 -r1.361 --- fc7 24 Apr 2008 08:48:13 -0000 1.360 +++ fc7 24 Apr 2008 15:12:04 -0000 1.361 @@ -13,6 +13,7 @@ CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc7] CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443054 nsf demuxer overflow +CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3070] CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442362 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped From fedora-security-commits at redhat.com Thu Apr 24 18:18:48 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 24 Apr 2008 18:18:48 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.205, 1.206 f9, 1.195, 1.196 fc7, 1.361, 1.362 Message-ID: <200804241818.m3OIIm3M022572@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22448/audit Modified Files: f8 f9 fc7 Log Message: update on clamav, note mksh in F9 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.205 retrieving revision 1.206 diff -u -r1.205 -r1.206 --- f8 24 Apr 2008 15:12:04 -0000 1.205 +++ f8 24 Apr 2008 18:18:18 -0000 1.206 @@ -14,7 +14,7 @@ CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443055 nsf demuxer overflow CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3174] CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped -CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442363 +CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442363 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.195 retrieving revision 1.196 diff -u -r1.195 -r1.196 --- f9 24 Apr 2008 15:12:04 -0000 1.195 +++ f9 24 Apr 2008 18:18:18 -0000 1.196 @@ -11,7 +11,7 @@ CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 CVE-2008-1897 version (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9] CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow -CVE-2008-1845 VULNERABLE (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora? +CVE-2008-1845 version (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora? CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.361 retrieving revision 1.362 diff -u -r1.361 -r1.362 --- fc7 24 Apr 2008 15:12:04 -0000 1.361 +++ fc7 24 Apr 2008 18:18:18 -0000 1.362 @@ -15,7 +15,7 @@ CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443054 nsf demuxer overflow CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3070] CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped -CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442362 +CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442362 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] From fedora-security-commits at redhat.com Fri Apr 25 08:01:37 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 25 Apr 2008 08:01:37 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.206, 1.207 f9, 1.196, 1.197 fc7, 1.362, 1.363 Message-ID: <200804250801.m3P81bWj012311@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6184/audit Modified Files: f8 f9 fc7 Log Message: note one moin CVE id Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.206 retrieving revision 1.207 diff -u -r1.206 -r1.207 --- f8 24 Apr 2008 18:18:18 -0000 1.206 +++ f8 25 Apr 2008 08:01:07 -0000 1.207 @@ -6,6 +6,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 VULNERABLE (tor) +CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443940 CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-2.fc8] CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc8] PMASA-2008-3 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.196 retrieving revision 1.197 diff -u -r1.196 -r1.197 --- f9 24 Apr 2008 18:18:18 -0000 1.196 +++ f9 25 Apr 2008 08:01:07 -0000 1.197 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 VULNERABLE (tor) +CVE-2008-1937 VULNERABLE (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941 CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.362 retrieving revision 1.363 diff -u -r1.362 -r1.363 --- fc7 24 Apr 2008 18:18:18 -0000 1.362 +++ fc7 25 Apr 2008 08:01:07 -0000 1.363 @@ -7,6 +7,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 CVE-2008-1926 VULNERABLE (util-linux) CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3 From fedora-security-commits at redhat.com Fri Apr 25 09:08:27 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 25 Apr 2008 09:08:27 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.207, 1.208 f9, 1.197, 1.198 fc7, 1.363, 1.364 Message-ID: <200804250908.m3P98Rmt019803@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19774/audit Modified Files: f8 f9 fc7 Log Message: clamav cleanup Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.207 retrieving revision 1.208 diff -u -r1.207 -r1.208 --- f8 25 Apr 2008 08:01:07 -0000 1.207 +++ f8 25 Apr 2008 09:07:57 -0000 1.208 @@ -253,8 +253,8 @@ CVE-2007-6601 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-6600 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password -CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw -CVE-2007-6595 VULNERABLE (clamav) #427287 +CVE-2007-6596 ignore (clamav) Might be considered a mail client flaw, not security for upstream +CVE-2007-6595 version (clamav, fixed 0.92.1) #427288 issue (2) not security for upstream CVE-2007-6532 version (libxfcegui4) #412761 [since FEDORA-2007-4368] CVE-2007-6531 version (xfce-panel) #412761 [since FEDORA-2007-4368] CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] @@ -319,6 +319,7 @@ CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-6061 VULNERABLE (audacity) #393251 +CVE-2007-6029 ignore (clamav) insufficient information about the issue CVE-2007-6018 fixed (horde) #428628 [since FEDORA-2008-2040] CVE-2007-6018 fixed (imp) #428632 [since FEDORA-2008-2040] CVE-2007-6018 fixed (wordpress) #426433 [since FEDORA-2008-0103] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.197 retrieving revision 1.198 diff -u -r1.197 -r1.198 --- f9 25 Apr 2008 08:01:07 -0000 1.197 +++ f9 25 Apr 2008 09:07:57 -0000 1.198 @@ -252,8 +252,8 @@ CVE-2007-6601 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6600 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password -CVE-2007-6596 VULNERABLE (clamav) #427289 Might be considered a mail client flaw -CVE-2007-6595 VULNERABLE (clamav) #427289 +CVE-2007-6596 ignore (clamav) Might be considered a mail client flaw, not security for upstream +CVE-2007-6595 version (clamav, fixed 0.92.1) #427289 issue (2) not security for upstream CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] @@ -317,6 +317,7 @@ CVE-2007-6067 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] +CVE-2007-6029 ignore (clamav) insufficient information about the issue CVE-2007-6018 version (horde, fixed 3.1.6) #428630 [since horde-3.1.6-1.fc9] CVE-2007-6018 version (imp, fixed 4.1.6) #428634 [since imp-4.1.6-1.fc9] CVE-2007-6018 VULNERABLE (wordpress) #426434 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.363 retrieving revision 1.364 diff -u -r1.363 -r1.364 --- fc7 25 Apr 2008 08:01:07 -0000 1.363 +++ fc7 25 Apr 2008 09:07:57 -0000 1.364 @@ -252,8 +252,8 @@ CVE-2007-6601 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-6600 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password -CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw -CVE-2007-6595 VULNERABLE (clamav) #427288 +CVE-2007-6596 ignore (clamav) Might be considered a mail client flaw, not security for upstream +CVE-2007-6595 version (clamav, fixed 0.92.1) #427287 issue (2) not security for upstream CVE-2007-6532 version (libxfcegui4) #412751 [since FEDORA-2007-4385] CVE-2007-6531 version (xfce-panel) #412751 [since FEDORA-2007-4385] CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] @@ -319,6 +319,7 @@ CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] +CVE-2007-6029 ignore (clamav) insufficient information about the issue CVE-2007-6018 fixed (horde) #428629 [since FEDORA-2008-2087] CVE-2007-6018 fixed (imp) #428633 [since FEDORA-2008-2087] CVE-2007-6018 fixed (wordpress) #426432 [since FEDORA-2008-0126] From fedora-security-commits at redhat.com Fri Apr 25 13:00:31 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 25 Apr 2008 13:00:31 GMT Subject: [Fedora-security-commits] fedora-security/tools/scripts check-updates, 1.3, 1.4 Message-ID: <200804251300.m3PD0VeG016817@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16755/tools/scripts Modified Files: check-updates Log Message: Add support for using 'since' in check-updates. So far, only tracking bugs were supported. That is pain, if we learn about some issue from submitted update request (cough ... asterisk ... cough). At that time, updated packages are already built and filing tracking bugs just for tracking purposes will just annoy developer. You can now add '[since nvr]' to tracking file istead of tracking bug id. Index: check-updates =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/check-updates,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- check-updates 14 Jan 2008 16:33:12 -0000 1.3 +++ check-updates 25 Apr 2008 13:00:00 -0000 1.4 @@ -10,23 +10,87 @@ use Libexig::Audit; use Libexig::Bodhi; +my $debug= 1; + # Parse the audit file my $audit = new Libexig::Audit ({file => $ARGV[0]}); foreach my $entry (@{$audit->{audit}}) { $entry->{'status'} eq 'VULNERABLE' or next; - # See if the VULNERABLE bug was referenced by an update + # Check if we have some info to compare against + if (!defined($entry->{'bug'}) && !defined($entry->{'since'})) { + next; + } + + if ($debug) { + print "Checking... $entry->{'cve'} $entry->{'component'}"; + if (defined($entry->{'bug'})) { + print " #$entry->{'bug'}"; + } + if (defined($entry->{'since'})) { + print " [since $entry->{'since'}]"; + } + print "\n"; + } + + # Figure out if since is update id or nvr + my ($update_nvr, $update_id); + if (defined($entry->{'since'})) { + if ($entry->{'since'} =~ /^FEDORA-/) { + $update_id= $entry->{'since'}; + } else { + $update_nvr= $entry->{'since'}; + } + } + + # Go through the updates foreach my $u (Libexig::Bodhi::get_updates ($entry->{component})) { - $u->{'_Bugs'}->{$entry->{bug}} or next; + if ( + # See if the VULNERABLE bug was referenced by an update + (defined($entry->{'bug'}) && + defined($u->{'_Bugs'}->{$entry->{bug}}) ) || + + # See if since Update ID was found + (defined($update_id) && + defined($u->{'Update ID'}) && + $u->{'Update ID'} eq $update_id ) || + + # See if since NVR was found + # TODO: check also higher NVRs to deal with obsoleted update + # requests? + (defined($update_nvr) && + scalar(grep($_ eq $update_nvr, @{ $u->{'_NVRs'} })) > 0) + ) { + ; # update was found, do nothing + } else { + next; # try next update + } + + if ($debug) { + print " -> Found: ", grep($_ eq $update_nvr, @{ $u->{'_NVRs'} }); + } + # Modify the line accordingly - $entry->{since} = $u->{'Update ID'}; - $u->{'Status'} eq 'stable' and $entry->{status} = 'fixed'; + if (defined($u->{'Update ID'})) { + $entry->{'since'}= $u->{'Update ID'}; + if ($debug) { + print " ($u->{'Update ID'})"; + } + } + if ($u->{'Status'} eq 'stable') { + $entry->{status}= 'fixed'; + } Libexig::Audit::update_entry ($entry); + if ($debug) { + print " - status: $u->{'Status'}\n"; + } + last; }; } $audit->save; + From fedora-security-commits at redhat.com Fri Apr 25 13:12:55 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 25 Apr 2008 13:12:55 GMT Subject: [Fedora-security-commits] fedora-security/tools/scripts check-updates, 1.4, 1.5 Message-ID: <200804251312.m3PDCtWm023611@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23562/tools/scripts Modified Files: check-updates Log Message: fix debug message btw, debug output is enabled by default Index: check-updates =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/check-updates,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- check-updates 25 Apr 2008 13:00:00 -0000 1.4 +++ check-updates 25 Apr 2008 13:12:25 -0000 1.5 @@ -69,7 +69,7 @@ } if ($debug) { - print " -> Found: ", grep($_ eq $update_nvr, @{ $u->{'_NVRs'} }); + print " -> Found: ", grep(/^$entry->{component}-/, @{ $u->{'_NVRs'} }); } # Modify the line accordingly From fedora-security-commits at redhat.com Fri Apr 25 13:24:59 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 25 Apr 2008 13:24:59 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.208, 1.209 f9, 1.198, 1.199 fc7, 1.364, 1.365 Message-ID: <200804251324.m3PDOx9E024175@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24140/audit Modified Files: f8 f9 fc7 Log Message: check-updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.208 retrieving revision 1.209 diff -u -r1.208 -r1.209 --- f8 25 Apr 2008 09:07:57 -0000 1.208 +++ f8 25 Apr 2008 13:24:29 -0000 1.209 @@ -11,7 +11,7 @@ CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-2.fc8] CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc8] PMASA-2008-3 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 -CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc8] +CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc8] CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443055 nsf demuxer overflow CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3174] CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped @@ -33,11 +33,11 @@ CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778] CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440249 [since FEDORA-2008-3036] -CVE-2008-1628 VULNERABLE (audit) [since audit-1.6.8-4.fc8] +CVE-2008-1628 fixed (audit) [since FEDORA-2008-3012] CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868] CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] CVE-2008-1568 fixed (comix) improper shell escaping, bz#430635 [since FEDORA-2008-2981] -CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) +CVE-2008-1567 fixed (phpMyAdmin, fixed 2.11.5.1) [since FEDORA-2008-2825] CVE-2008-1563 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] CVE-2008-1562 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] CVE-2008-1561 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] @@ -56,7 +56,7 @@ CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) -CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442851 +CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] @@ -197,7 +197,7 @@ CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] CVE-2008-0364 ignore (bittorrent) Windows only -CVE-2008-0320 VULNERABLE (openoffice.org, fixed 2.4) #442846 +CVE-2008-0320 fixed (openoffice.org, fixed 2.4) #442846 [since FEDORA-2008-3251] CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1625] CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442363 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1459] @@ -279,7 +279,7 @@ CVE-2007-6437 fixed (syslog-ng) #426306 [since FEDORA-2008-0523] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] CVE-2007-6389 fixed (gnome-screensaver) #426170 [since FEDORA-2008-2872] -CVE-2007-6353 VULNERABLE (exiv2) #425923 +CVE-2007-6353 fixed (exiv2) #425923 [since FEDORA-2007-4551] CVE-2007-6352 fixed (libexif) #425631 [since FEDORA-2007-4667] CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667] CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only @@ -360,9 +360,9 @@ CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] -CVE-2007-5747 VULNERABLE (openoffice.org, fixed 2.4) #442846 -CVE-2007-5746 VULNERABLE (openoffice.org, fixed 2.4) #442846 -CVE-2007-5745 VULNERABLE (openoffice.org, fixed 2.4) #442846 +CVE-2007-5747 fixed (openoffice.org, fixed 2.4) #442846 [since FEDORA-2008-3251] +CVE-2007-5746 fixed (openoffice.org, fixed 2.4) #442846 [since FEDORA-2008-3251] +CVE-2007-5745 fixed (openoffice.org, fixed 2.4) #442846 [since FEDORA-2008-3251] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788] CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.198 retrieving revision 1.199 diff -u -r1.198 -r1.199 --- f9 25 Apr 2008 09:07:57 -0000 1.198 +++ f9 25 Apr 2008 13:24:29 -0000 1.199 @@ -38,7 +38,7 @@ CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9] CVE-2008-1612 ignore (squid, fixed 2.6.STABLE19) 3.0 was not affected CVE-2008-1568 fixed (comix) [since comix-3.6.4-6.fc9] -CVE-2008-1567 version (phpmyadmin, fixed 2.11.5.1) [since phpMyAdmin-2.11.5.1-1.fc9] +CVE-2008-1567 version (phpMyAdmin, fixed 2.11.5.1) [since phpMyAdmin-2.11.5.1-1.fc9] CVE-2008-1563 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1562 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1561 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.364 retrieving revision 1.365 diff -u -r1.364 -r1.365 --- fc7 25 Apr 2008 09:07:57 -0000 1.364 +++ fc7 25 Apr 2008 13:24:29 -0000 1.365 @@ -12,7 +12,7 @@ CVE-2008-1926 VULNERABLE (util-linux) CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 -CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc7] +CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc7] CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443054 nsf demuxer overflow CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3070] CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped @@ -37,7 +37,7 @@ CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2815] CVE-2008-1612 backport (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2729] CVE-2008-1568 fixed (comix) improper shell escaping, bz#430635 [since FEDORA-2008-2993] -CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1) +CVE-2008-1567 fixed (phpMyAdmin, fixed 2.11.5.1) [since FEDORA-2008-2874] CVE-2008-1563 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941] CVE-2008-1562 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941] CVE-2008-1561 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941] @@ -57,7 +57,7 @@ CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 ignore (libpng10) minimal impact, affected api rarely used CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) -CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442850 +CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442850 [since FEDORA-2008-3231] CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897] @@ -119,10 +119,10 @@ CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928] CVE-2008-1066 fixed (gallery2) #438059 [since FEDORA-2008-2650] CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656] -CVE-2008-1026 VULNERABLE (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc7] +CVE-2008-1026 VULNERABLE (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc7] **CVE-2008-1025 VULNERABLE (WebKit) may be fixed in SVN and hence in our packages -CVE-2008-1011 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] -CVE-2008-1010 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] +CVE-2008-1011 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] +CVE-2008-1010 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped... From fedora-security-commits at redhat.com Fri Apr 25 15:23:44 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 25 Apr 2008 15:23:44 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.209, 1.210 f9, 1.199, 1.200 fc7, 1.365, 1.366 Message-ID: <200804251523.m3PFNi4D010611@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10508/audit Modified Files: f8 f9 fc7 Log Message: misc cleanups Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.209 retrieving revision 1.210 diff -u -r1.209 -r1.210 --- f8 25 Apr 2008 13:24:29 -0000 1.209 +++ f8 25 Apr 2008 15:23:13 -0000 1.210 @@ -103,6 +103,7 @@ CVE-2008-1161 version (xine-lib, fixed 1.1.10.1) [since FEDORA-2008-1543] CVE-2008-1149 version (phpMyAdmin, fixed 2.11.5) [since FEDORA-2008-2189] CVE-2008-1145 version (ruby, fixed 1.8.6-p114) [since FEDORA-2008-2443] +CVE-2008-1136 version (vdccm, fixed 0.10.1) [since FEDORA-2008-0680] CVE-2008-1133 ignore (drupal) #435816 drupal 6.x only CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] @@ -234,7 +235,7 @@ CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] CVE-2008-0002 fixed (tomcat5) #432474 [since FEDORA-2008-1467] CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443021 -CVE-2007-6703 VULNERABLE (vdccm) #436025 +CVE-2007-6703 fixed (vdccm, fixed 0.10.1) #436026 [since FEDORA-2008-0680] CVE-2007-6698 version (openldap, fixed 2.3.36) CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430241 [since FEDORA-2008-1208] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.199 retrieving revision 1.200 diff -u -r1.199 -r1.200 --- f9 25 Apr 2008 13:24:29 -0000 1.199 +++ f9 25 Apr 2008 15:23:13 -0000 1.200 @@ -11,10 +11,10 @@ CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 CVE-2008-1897 version (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9] -CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow +CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9] CVE-2008-1845 version (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora? CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped -CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 +CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9] CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9] @@ -53,14 +53,14 @@ CVE-2008-1467 fixed (centerim) #438871 CVE-2008-1394 ignore (plone) CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] -CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 +CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442852 CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL -CVE-2008-1373 VULNERABLE (cups) #440041 +CVE-2008-1373 VULNERABLE (cups) #440041 [since cups-1.3.6-9.fc9] CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9] CVE-2008-1360 VULNERABLE (nagios) #437852 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization @@ -102,12 +102,13 @@ CVE-2008-1149 version (phpMyAdmin, fixed 2.11.5) [since phpMyAdmin-2.11.5-1.fc9] CVE-2008-1145 version (ruby, fixed 1.8.6-p114) [since ruby-1.8.6.114-1.fc9] CVE-2008-1142 ignore (rxvt) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296 +CVE-2008-1136 version (vdccm, fixed 0.10.1) [since vdccm-0.10.1-1.fc9] CVE-2008-1133 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9] CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9] CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] -CVE-2008-1102 VULNERABLE (blender) #443937 -CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 +CVE-2008-1102 VULNERABLE (blender) #443937 [since blender-2.45-12.fc9] +CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] CVE-2008-1099 version (moin, fixed 1.5.9) #438674 CVE-2008-1098 version (moin, fixed 1.5.9) #438674 CVE-2008-1078 VULNERABLE (am-utils) #437746 @@ -196,7 +197,7 @@ CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0320 version (openoffice.org, fixed 2.4) CVE-2008-0318 fixed (clamav, fixed 0.92.1) -CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442364 +CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9] CVE-2008-0304 version (thuderbird, fixed 2.0.0.12) [since thunderbird-2.0.0.12-1.fc9] CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] @@ -230,8 +231,8 @@ CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) CVE-2008-0002 VULNERABLE (tomcat5) #432476 -CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443022 -CVE-2007-6703 VULNERABLE (vdccm) #436027 +CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443022 [since dbmail-2.2.9-1.fc9] +CVE-2007-6703 version (vdccm, fixed 0.10.1) #436027 CVE-2007-6698 version (openldap, fixed 2.3.36) CVE-2007-6697 backport (SDL_image, fixed 1.2.7) #430238 [since SDL_image-1.2.6-4.fc9] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.365 retrieving revision 1.366 diff -u -r1.365 -r1.366 --- fc7 25 Apr 2008 13:24:29 -0000 1.365 +++ fc7 25 Apr 2008 15:23:13 -0000 1.366 @@ -104,6 +104,7 @@ CVE-2008-1161 version (xine-lib, fixed 1.1.10.1) [since FEDORA-2008-1581] CVE-2008-1149 version (phpMyAdmin, fixed 2.11.5) [since FEDORA-2008-2229] CVE-2008-1145 version (ruby, fixed 1.8.6-p114) [since FEDORA-2008-2458] +CVE-2008-1136 VULNERABLE (vdccm, fixed 0.10.1) #436025 CVE-2008-1133 ignore (drupal) #435815 drupal 6.x only CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] @@ -234,7 +235,7 @@ CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] CVE-2008-0002 fixed (tomcat5) #432475 [since FEDORA-2008-1603] CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443020 -CVE-2007-6703 fixed (vdccm) #436026 [since FEDORA-2008-0680] +CVE-2007-6703 VULNERABLE (vdccm, fixed 0.10.1) #436025 CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307] CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430239 [since FEDORA-2008-1231] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] From fedora-security-commits at redhat.com Mon Apr 28 09:05:24 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 28 Apr 2008 09:05:24 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.210, 1.211 f9, 1.200, 1.201 fc7, 1.366, 1.367 Message-ID: <200804280905.m3S95OlL005142@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5100/audit Modified Files: f8 f9 fc7 Log Message: add kdelibs, kronolith, xine-lib, wordpress, some of them are non-issues for us Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.210 retrieving revision 1.211 diff -u -r1.210 -r1.211 --- f8 25 Apr 2008 15:23:13 -0000 1.210 +++ f8 28 Apr 2008 09:04:54 -0000 1.211 @@ -6,7 +6,10 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 VULNERABLE (tor) +CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 +CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only +CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443940 CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-2.fc8] CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc8] PMASA-2008-3 @@ -29,6 +32,9 @@ CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441247 [since FEDORA-2008-3059] CVE-2008-1686 fixed (speex) #442572 [since FEDORA-2008-3103] +CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid +CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only +CVE-2008-1670 VULNERABLE (kdelibs4) #444399 kdelibs 4.x only CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987] CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.200 retrieving revision 1.201 diff -u -r1.200 -r1.201 --- f9 25 Apr 2008 15:23:13 -0000 1.200 +++ f9 28 Apr 2008 09:04:54 -0000 1.201 @@ -5,7 +5,10 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 VULNERABLE (tor) +CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405 +CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1937 VULNERABLE (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] +CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941 CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3 @@ -30,6 +33,8 @@ CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9] CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3] +CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped +CVE-2008-1670 VULNERABLE (kdelibs) [since kdelibs-4.0.3-7.fc9] CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9] CVE-2008-1657 version (openssh, fixed 4.9) #440376 [since openssh-5.0p1-1.fc9] CVE-2008-1652 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.366 retrieving revision 1.367 diff -u -r1.366 -r1.367 --- fc7 25 Apr 2008 15:23:13 -0000 1.366 +++ fc7 28 Apr 2008 09:04:54 -0000 1.367 @@ -7,7 +7,10 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 +CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only +CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 CVE-2008-1926 VULNERABLE (util-linux) CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3 @@ -30,6 +33,9 @@ CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117] CVE-2008-1686 fixed (speex) #442571 [since FEDORA-2008-3191] +CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid +CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only +CVE-2008-1670 VULNERABLE (kdelibs4) #444398 kdelibs 4.x only CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440248 [since FEDORA-2008-3010] From fedora-security-commits at redhat.com Mon Apr 28 12:48:28 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 28 Apr 2008 12:48:28 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.211, 1.212 f9, 1.201, 1.202 fc7, 1.367, 1.368 Message-ID: <200804281248.m3SCmSYN011719@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11655/audit Modified Files: f8 f9 fc7 Log Message: add zoneminder Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.211 retrieving revision 1.212 diff -u -r1.211 -r1.212 --- f8 28 Apr 2008 09:04:54 -0000 1.211 +++ f8 28 Apr 2008 12:47:58 -0000 1.212 @@ -61,6 +61,7 @@ CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442363 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used +CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444436 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.201 retrieving revision 1.202 diff -u -r1.201 -r1.202 --- f9 28 Apr 2008 09:04:54 -0000 1.201 +++ f9 28 Apr 2008 12:47:58 -0000 1.202 @@ -61,6 +61,7 @@ CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used +CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442852 CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.367 retrieving revision 1.368 diff -u -r1.367 -r1.368 --- fc7 28 Apr 2008 09:04:54 -0000 1.367 +++ fc7 28 Apr 2008 12:47:58 -0000 1.368 @@ -62,6 +62,7 @@ CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442362 CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 ignore (libpng10) minimal impact, affected api rarely used +CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444435 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442850 [since FEDORA-2008-3231] CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 From fedora-security-commits at redhat.com Tue Apr 29 08:27:24 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 29 Apr 2008 08:27:24 GMT Subject: [Fedora-security-commits] fedora-security/audit f8, 1.212, 1.213 f9, 1.202, 1.203 fc7, 1.368, 1.369 Message-ID: <200804290827.m3T8ROu5021657@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21629/audit Modified Files: f8 f9 fc7 Log Message: update WebKit, note perl Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.212 retrieving revision 1.213 diff -u -r1.212 -r1.213 --- f8 28 Apr 2008 12:47:58 -0000 1.212 +++ f8 29 Apr 2008 08:26:54 -0000 1.213 @@ -11,6 +11,7 @@ CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443940 +CVE-2008-1927 VULNERABLE (perl) [since perl-5.8.8-39.fc8] CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-2.fc8] CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc8] PMASA-2008-3 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 @@ -127,7 +128,7 @@ CVE-2008-1066 fixed (gallery2) #438058 [since FEDORA-2008-2587] CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062 CVE-2008-1026 version (WebKit, fixed r31388) [since FEDORA-2008-3229] -**CVE-2008-1025 VULNERABLE (WebKit) may be fixed in SVN and hence in our packages +CVE-2008-1025 version (WebKit, fixed r31438) [since FEDORA-2008-3229] CVE-2008-1011 version (WebKit) [since FEDORA-2008-3229] CVE-2008-1010 version (WebKit) [since FEDORA-2008-3229] CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.202 retrieving revision 1.203 diff -u -r1.202 -r1.203 --- f9 28 Apr 2008 12:47:58 -0000 1.202 +++ f9 29 Apr 2008 08:26:54 -0000 1.203 @@ -125,7 +125,7 @@ CVE-2008-1066 VULNERABLE (gallery2) #438060 CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064 CVE-2008-1026 version (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc9] -**CVE-2008-1025 VULNERABLE (WebKit) may be fixed in SVN and hence in our packages +CVE-2008-1025 version (WebKit, fixed r31438) [since WebKit-1.0.0-0.8.svn31787.fc9] CVE-2008-1011 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9] CVE-2008-1010 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9] CVE-2008-0983 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.368 retrieving revision 1.369 diff -u -r1.368 -r1.369 --- fc7 28 Apr 2008 12:47:58 -0000 1.368 +++ fc7 29 Apr 2008 08:26:54 -0000 1.369 @@ -12,6 +12,7 @@ CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 +CVE-2008-1927 VULNERABLE (perl) [since perl-5.8.8-29.fc7] CVE-2008-1926 VULNERABLE (util-linux) CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 @@ -128,7 +129,7 @@ CVE-2008-1066 fixed (gallery2) #438059 [since FEDORA-2008-2650] CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656] CVE-2008-1026 VULNERABLE (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc7] -**CVE-2008-1025 VULNERABLE (WebKit) may be fixed in SVN and hence in our packages +CVE-2008-1025 VULNERABLE (WebKit, fixed r31438) [since WebKit-1.0.0-0.8.svn31787.fc7] CVE-2008-1011 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] CVE-2008-1010 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278]