From fedora-security-commits at redhat.com Fri Mar 6 19:45:34 2009 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 6 Mar 2009 19:45:34 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.35, 1.36 f11, 1.6, 1.7 f9, 1.245, 1.246 Message-ID: <20090306194534.BCA4B70116@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18046/audit Modified Files: f10 f11 f9 Log Message: another set of updates Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.35 retrieving revision 1.36 diff -u -r1.35 -r1.36 --- f10 16 Feb 2009 08:04:49 -0000 1.35 +++ f10 6 Mar 2009 19:45:04 -0000 1.36 @@ -4,7 +4,17 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2009-0819 ignore (mysql) 5.1+ only +CVE-2009-0749 fixed (optipng, fixed 0.6.2.1) [since FEDORA-2009-2100] +CVE-2009-0737 fixed (mediawiki, fixed 1.13.4) [since FEDORA-2009-2231] +CVE-2009-0671 ignore (uw-imap) rejected, fake report +CVE-2009-0601 ignore (wireshark, fixed 1.0.6) not security +CVE-2009-0600 fixed (wireshark, fixed 1.0.6) [since FEDORA-2009-1798] +CVE-2009-0599 fixed (wireshark, fixed 1.0.6) [since FEDORA-2009-1798] +CVE-2009-0578 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc10] +CVE-2009-0577 ignore (cups) not affected CVE-2009-0547 VULNERABLE (evolution) +CVE-2009-0544 fixed (python-crypto) [since FEDORA-2009-1687] CVE-2009-0543 ignore (proftpd) not affected CVE-2009-0542 VULNERABLE (proftpd) #485130 CVE-2009-0502 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699] @@ -18,14 +28,18 @@ CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484756 CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484756 CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484756 -CVE-2009-0415 VULNERABLE (trickle) [since trickle-1.07-7.fc10] +CVE-2009-0415 fixed (trickle) [since FEDORA-2009-1694] CVE-2009-0414 fixed (tor, fixed 0.2.0.33) [since FEDORA-2009-0917] CVE-2009-0413 fixed (roundcubemail) [since FEDORA-2009-1204] CVE-2009-0398 ignore (gstreamer-plugins) only affected old 0.6.x versions -CVE-2009-0397 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10] -CVE-2009-0387 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10] -CVE-2009-0386 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10] +CVE-2009-0397 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1213] +CVE-2009-0387 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1213] +CVE-2009-0386 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1213] +CVE-2009-0368 VULNERABLE (opensc, fixed 0.11.7) [since opensc-0.11.7-1.fc10] +CVE-2009-0365 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc10] CVE-2009-0362 fixed (fail2ban) [since FEDORA-2009-1737] +CVE-2009-0361 ignore (pam_krb5) not affected +CVE-2009-0360 ignore (pam_krb5) not affected CVE-2009-0358 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398] CVE-2009-0357 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398] CVE-2009-0356 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398] @@ -38,18 +52,26 @@ CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2) CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550] CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550] +CVE-2009-0129 fixed (perl-Crypt-OpenSSL-DSA) [since FEDORA-2009-2090] CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc10] not security according to upstream CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific CVE-2009-0041 fixed (asterisk, fixed 1.6.0.5) [since FEDORA-2009-0984] AST-2009-001 +CVE-2009-0040 fixed (libpng, fixed 1.2.35,1.0.43) [since FEDORA-2009-2112] +CVE-2009-0040 VULNERABLE (libpng10, fixed 1.2.35,1.0.43) [since libpng10-1.0.43-1.fc10] +CVE-2009-0040 fixed (mingw32-libpng, fixed 1.2.35,1.0.43) [since FEDORA-2009-2131] +CVE-2009-0037 VULNERABLE (curl, fixed 7.19.4) #48870 CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped CVE-2009-0034 fixed (sudo) [since FEDORA-2009-1074] CVE-2009-0032 ignore (cups) Mandriva-specific CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0451] CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0160] CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0544] +CVE-2008-6393 fixed (psi, 0.12.1) [since FEDORA-2009-2285] +CVE-2008-6229 fixed (drupal-cck, fixed 6.x.2.0) [since FEDORA-2008-10143] CVE-2008-6125 version (moodle) -CVE-2008-6123 VULNERABLE (net-snmp) +CVE-2008-6123 fixed (net-snmp) [since FEDORA-2009-1769] CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484756 +CVE-2008-6059 VULNERABLE (WebKit) [since WebKit-1.1.0-0.14.svn40351.fc10] CVE-2008-6020 fixed (drupal-views, fixed 6.x-2.2) [since FEDORA-2008-11578] CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11678] @@ -158,15 +180,15 @@ CVE-2008-4770 fixed (vnc, fixed 4.1.3) [since FEDORA-2009-0991] CVE-2008-4769 version (wordpress) CVE-2008-4690 fixed (lynx) [since FEDORA-2008-9952] -CVE-2008-4641 VULNERABLE (jhead) -CVE-2008-4640 VULNERABLE (jhead) +CVE-2008-4641 fixed (jhead) [since FEDORA-2009-1824] +CVE-2008-4640 fixed (jhead) [since FEDORA-2009-1824] CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] CVE-2008-4619 backport (libtirpc) [since libtirpc-0.1.9-6.fc10] CVE-2008-4578 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] CVE-2008-4577 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10392] dialupadmin subpackage dropped -CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484756 +CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484756 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10] Index: f11 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f11,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- f11 16 Feb 2009 08:04:49 -0000 1.6 +++ f11 6 Mar 2009 19:45:04 -0000 1.7 @@ -4,7 +4,17 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2009-0819 version (mysql) [since mysql-5.1.32-1.fc11] +CVE-2009-0749 version (optipng, fixed 0.6.2.1) [since optipng-0.6.2.1-1.fc11] +CVE-2009-0737 version (mediawiki, fixed 1.13.4) [since mediawiki-1.14.0-45.fc11] +CVE-2009-0671 ignore (uw-imap) rejected, fake report +CVE-2009-0601 ignore (wireshark, fixed 1.0.6) not security +CVE-2009-0600 version (wireshark, fixed 1.0.6) +CVE-2009-0599 version (wireshark, fixed 1.0.6) +CVE-2009-0578 version (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc11] +CVE-2009-0577 ignore (cups) not affected CVE-2009-0547 VULNERABLE (evolution) +CVE-2009-0544 version (python-crypto) [since python-crypto-2.0.1-16.1] CVE-2009-0543 ignore (proftpd) not affected CVE-2009-0542 VULNERABLE (proftpd) #485131 CVE-2009-0502 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11] @@ -12,36 +22,48 @@ CVE-2009-0500 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11] CVE-2009-0499 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11] CVE-2009-0490 VULNERABLE (audacity, fixed 1.3.6) #484954 -CVE-2009-0486 VULNERABLE (bugzilla, fixed 3.0.8) #484758 -CVE-2009-0485 VULNERABLE (bugzilla, fixed 3.0.7) #484758 -CVE-2009-0484 VULNERABLE (bugzilla, fixed 3.0.7) #484758 -CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484758 -CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484758 -CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484758 +CVE-2009-0486 version (bugzilla, fixed 3.0.8) #484758 [since bugzilla-3.0.8-1.fc11] +CVE-2009-0485 version (bugzilla, fixed 3.0.7) #484758 [since bugzilla-3.0.8-1.fc11] +CVE-2009-0484 version (bugzilla, fixed 3.0.7) #484758 [since bugzilla-3.0.8-1.fc11] +CVE-2009-0483 version (bugzilla, fixed 3.0.7) #484758 [since bugzilla-3.0.8-1.fc11] +CVE-2009-0482 version (bugzilla, fixed 3.2.1) [since bugzilla-3.2.2-2.fc11] +CVE-2009-0481 version (bugzilla, fixed 3.0.7) #484758 [since bugzilla-3.0.8-1.fc11] CVE-2009-0415 backport (trickle) [since trickle-1.07-6.fc11] CVE-2009-0414 version (tor, fixed 0.2.0.33) [since tor-0.2.0.33-1.fc11] CVE-2009-0413 backport (roundcubemail) [since roundcubemail-0.2-7.stable.fc11] CVE-2009-0397 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11] CVE-2009-0387 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11] CVE-2009-0386 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11] +CVE-2009-0368 VULNERABLE (opensc, fixed 0.11.7) [since opensc-0.11.7-1.fc11] +CVE-2009-0365 version (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc11] CVE-2009-0362 backport (fail2ban) [since fail2ban-0.8.3-18.fc11] +CVE-2009-0361 ignore (pam_krb5) not affected +CVE-2009-0360 ignore (pam_krb5) not affected CVE-2009-0312 VULNERABLE (moin, fixed 1.7.4,1.8.2) CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025 CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2) CVE-2009-0136 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11] CVE-2009-0135 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11] +CVE-2009-0129 VULNERABLE (perl-Crypt-OpenSSL-DSA) CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc11] not security according to upstream CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) AST-2009-001 +CVE-2009-0040 version (libpng, fixed 1.2.35,1.0.43) [since libpng-1.2.35-1.fc11] +CVE-2009-0040 version (libpng10, fixed 1.2.35,1.0.43) [since libpng10-1.0.43-1.fc11] +CVE-2009-0040 version (mingw32-libpng, fixed 1.2.35,1.0.43) [since mingw32-libpng-1.2.35-1.fc11] +CVE-2009-0037 version (curl, fixed 7.19.4) [since curl-7.19.4-1.fc11] CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped CVE-2009-0034 VULNERABLE (sudo) CVE-2009-0032 ignore (cups) Mandriva-specific CVE-2009-0025 version (bind, fixed 9.5.1-P1,9.6.0-P1) [since bind-9.6.0-2.P1.fc11] CVE-2009-0022 VULNERABLE (samba, fixed 3.2.7) CVE-2009-0021 version (ntp, fixed 4.2.4p6) [since ntp-4.2.4p6-1.fc11] +CVE-2008-6393 VULNERABLE (psi, 0.12.1) [since psi-0.12.1-1.fc11] +CVE-2008-6229 version (drupal-cck, fixed 6.x.2.0) [since drupal-cck-6.x.2.0-4.fc11] CVE-2008-6125 version (moodle) -CVE-2008-6123 VULNERABLE (net-snmp) -CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484758 +CVE-2008-6123 backport (net-snmp) [since net-snmp-5.4.2.1-8.fc11] +CVE-2008-6098 version (bugzilla, fixed 3.0.6) #484758 [since bugzilla-3.0.8-1.fc11] +CVE-2008-6059 VULNERABLE (WebKit) [since WebKit-1.1.0-0.14.svn40351.fc11] CVE-2008-6020 version (drupal-views, fixed 6.x-2.2) [since drupal-views-6.x.2.2-1.fc11] CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) CVE-2008-5916 version (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since git-1.6.0.6-1.fc11] @@ -119,9 +141,9 @@ CVE-2008-4863 backport (blender) [blender-2.48a-4.fc10] CVE-2008-4770 VULNERABLE (vnc, fixed 4.1.3) CVE-2008-4690 backport (lynx) [since lynx-2.8.6-18.fc10] -CVE-2008-4641 VULNERABLE (jhead) -CVE-2008-4640 VULNERABLE (jhead) -CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484758 +CVE-2008-4641 version (jhead) [since jhead-2.86-1.fc11] +CVE-2008-4640 version (jhead) [since jhead-2.86-1.fc11] +CVE-2008-4437 version (bugzilla, fixed 3.0.5) #484758 [since bugzilla-3.0.8-1.fc11] CVE-2008-4405 VULNERABLE (xen) CVE-2008-4315 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] CVE-2008-4314 version (samba, fixed 3.0.33,3.2.5) [since samba-3.2.5-0.23.fc11] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.245 retrieving revision 1.246 diff -u -r1.245 -r1.246 --- f9 16 Feb 2009 08:04:49 -0000 1.245 +++ f9 6 Mar 2009 19:45:04 -0000 1.246 @@ -5,7 +5,17 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2009-0819 ignore (mysql) 5.1+ only +CVE-2009-0749 fixed (optipng, fixed 0.6.2.1) [since FEDORA-2009-2098] +CVE-2009-0737 fixed (mediawiki, fixed 1.13.4) [since FEDORA-2009-2237] +CVE-2009-0671 ignore (uw-imap) rejected, fake report +CVE-2009-0601 ignore (wireshark, fixed 1.0.6) not security +CVE-2009-0600 VULNERABLE (wireshark, fixed 1.0.6) [since wireshark-1.0.6-1.fc9] +CVE-2009-0599 VULNERABLE (wireshark, fixed 1.0.6) [since wireshark-1.0.6-1.fc9] +CVE-2009-0578 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc9] +CVE-2009-0577 ignore (cups) not affected CVE-2009-0547 VULNERABLE (evolution) +CVE-2009-0544 fixed (python-crypto) [since FEDORA-2009-1680] CVE-2009-0543 ignore (proftpd) not affected CVE-2009-0542 VULNERABLE (proftpd) #485129 CVE-2009-0502 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641] @@ -19,14 +29,18 @@ CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484757 CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484757 CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484757 -CVE-2009-0415 VULNERABLE (trickle) [since trickle-1.07-7.fc9] +CVE-2009-0415 fixed (trickle) [since FEDORA-2009-1675] CVE-2009-0414 fixed (tor, fixed 0.2.0.33) [since FEDORA-2009-0897] CVE-2009-0413 fixed (roundcubemail) [since FEDORA-2009-1256] CVE-2009-0398 ignore (gstreamer-plugins) only affected old 0.6.x versions -CVE-2009-0397 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9] -CVE-2009-0387 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9] -CVE-2009-0386 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9] +CVE-2009-0397 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1343] +CVE-2009-0387 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1343] +CVE-2009-0386 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1343] +CVE-2009-0368 VULNERABLE (opensc, fixed 0.11.7) [since opensc-0.11.7-1.fc9] +CVE-2009-0365 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc9] CVE-2009-0362 fixed (fail2ban) [since FEDORA-2009-1736] +CVE-2009-0361 ignore (pam_krb5) not affected +CVE-2009-0360 ignore (pam_krb5) not affected CVE-2009-0358 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399] CVE-2009-0357 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399] CVE-2009-0356 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399] @@ -39,18 +53,25 @@ CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2) CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715] CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715] +CVE-2009-0129 fixed (perl-Crypt-OpenSSL-DSA) [since FEDORA-2009-1914] CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc9] not security according to upstream CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific CVE-2009-0041 fixed (asterisk, fixed 1.6.0.5) [since FEDORA-2009-0973] AST-2009-001 +CVE-2009-0040 fixed (libpng, fixed 1.2.35,1.0.43) [since FEDORA-2009-2128] +CVE-2009-0040 VULNERABLE (libpng10, fixed 1.2.35,1.0.43) [since libpng10-1.0.43-1.fc9] +CVE-2009-0037 fixed (curl, fixed 7.19.4) #488169 [since FEDORA-2009-2265] CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped CVE-2009-0034 VULNERABLE (sudo) CVE-2009-0032 ignore (cups) Mandriva-specific CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0350] CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0268] CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0547] +CVE-2008-6393 fixed (psi, 0.12.1) [since FEDORA-2009-2295] +CVE-2008-6229 fixed (drupal-cck, fixed 6.x.2.0) [since FEDORA-2008-9479] CVE-2008-6125 version (moodle) -CVE-2008-6123 VULNERABLE (net-snmp) +CVE-2008-6123 ignore (net-snmp) not affected CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484757 +CVE-2008-6059 VULNERABLE (WebKit) [since WebKit-1.1.0-0.14.svn40351.fc9] CVE-2008-6020 fixed (drupal-views, fixed 6.x-2.2) [since FEDORA-2008-11519] CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11650] @@ -156,15 +177,15 @@ CVE-2008-4770 fixed (vnc, fixed 4.1.3) [since FEDORA-2009-1001] CVE-2008-4769 version (wordpress) CVE-2008-4690 fixed (lynx) #468550 [since FEDORA-2008-9550] -CVE-2008-4641 VULNERABLE (jhead) -CVE-2008-4640 VULNERABLE (jhead) +CVE-2008-4641 fixed (jhead) [since FEDORA-2009-1776] +CVE-2008-4640 fixed (jhead) [since FEDORA-2009-1776] CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] CVE-2008-4619 fixed (libtirpc) [since FEDORA-2008-9204] CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9202] CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10309] dialupadmin subpackage dropped -CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484757 +CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484757 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639] @@ -221,7 +242,7 @@ CVE-2008-4059 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] CVE-2008-4058 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] CVE-2008-4058 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] -CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6) +CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6) [since opensc-0.11.7-1.fc9] CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976] CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830] CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected @@ -431,7 +452,7 @@ CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp CVE-2008-2238 fixed (openoffice.org, fixed 2.4.2) [since FEDORA-2008-9313] CVE-2008-2237 fixed (openoffice.org, fixed 2.4.2) [since FEDORA-2008-9313] -CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5) +CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5) [since opensc-0.11.7-1.fc9] CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) [since FEDORA-2008-5143] CVE-2008-2146 version (wordpress, fixed 2.2.3)