[Fedora-security-commits] fedora-security/audit f8, 1.35, 1.36 f9, 1.30, 1.31 fc7, 1.192, 1.193

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Mon Dec 10 14:31:36 UTC 2007 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22232/audit

Modified Files:
	f8 f9 fc7 
Log Message:
fedora update



Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- f8	5 Dec 2007 20:37:28 -0000	1.35
+++ f8	10 Dec 2007 14:31:34 -0000	1.36
@@ -7,19 +7,20 @@
 # Up to date CVE as of CVE email 20071030
 # Up to date F8 as of 20071029
 
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
 GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412761
 GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412761
 GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412761
 CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412391
-CVE-2007-6210 VULNERABLE (zabbix) #407181 [since zabbix-1.4.2-4.fc8]
+CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176]
 CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
 CVE-2007-6208 ignore (claws) We don't ship the script
 CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
 CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
 CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
-CVE-2007-6201 VULNERABLE (wesnoth, fixed 1.2.8)
-CVE-2007-6183 VULNERABLE (ruby-gnome2) #405601
+CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
+CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216]
 CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958]
 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
 CVE-2007-6061 VULNERABLE (audacity) #393251
@@ -43,26 +44,28 @@
 CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
-CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8)
+CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
 CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788]
 CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
 CVE-2007-5707 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
 CVE-2007-5690 version (zaptel) [since FEDORA-2007-2860] not really an issue
-CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362801
+CVE-2007-5624 version (nagios, fixed 2.10) #362801 [since FEDORA-2007-4145]
 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8
 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-3636]
+CVE-2007-5501 version (kernel) [since FEDORA-2007-3837]
+CVE-2007-5500 version (kernel) [since FEDORA-2007-3837]
 CVE-2007-5461 version (tomcat5) #363001 [since FEDORA-2007-3474]
 CVE-2007-5398 version (samba) [since FEDORA-2007-3403]
 CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235]
 CVE-2007-5393 backport (xpdf) #372471 [since FEDORA-2007-3014]
 CVE-2007-5393 backport (cups) [since FEDORA-2007-2982]
-CVE-2007-5393 VULNERABLE (poppler) #372511
+CVE-2007-5393 version (poppler, fixed 0.6.2) #372511 [since FEDORA-2007-4031]
 CVE-2007-5393 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
 CVE-2007-5393 backport (koffice) #372601 [since FEDORA-2007-3093]
 CVE-2007-5393 backport (tetex) #372661 [since FEDORA-2007-3308]
 CVE-2007-5392 backport (xpdf) #372471 [since FEDORA-2007-3014]
 CVE-2007-5392 backport (cups) [since FEDORA-2007-2982]
-CVE-2007-5392 VULNERABLE (poppler) #372511
+CVE-2007-5392 version (poppler, fixed 0.6.2) #372511 [since FEDORA-2007-4031]
 CVE-2007-5392 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
 CVE-2007-5392 backport (koffice) #372601 [since FEDORA-2007-3093]
 CVE-2007-5392 backport (tetex) #372661 [since FEDORA-2007-3308]
@@ -83,6 +86,7 @@
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281
 CVE-2007-4752 version (openssh, fixed 4.7) #280461
 CVE-2007-4619 version (flac, fixed 1.2) #332581
+CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-4172]
 CVE-2007-4572 version (samba) [since FEDORA-2007-3403]
 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5)
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
@@ -92,7 +96,7 @@
 CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982]
 CVE-2007-4352 backport (xpdf) #372471 [since FEDORA-2007-3014]
 CVE-2007-4352 backport (cups) [since FEDORA-2007-2982]
-CVE-2007-4352 VULNERABLE (poppler) #372511
+CVE-2007-4352 version (poppler, fixed 0.6.2) #372511 [since FEDORA-2007-4031]
 CVE-2007-4352 backport (kdegraphics) #372571 [since FEDORA-2007-3001]
 CVE-2007-4352 backport (koffice) #372601 [since FEDORA-2007-3093]
 CVE-2007-4352 backport (tetex) #372661 [since FEDORA-2007-3308]


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- f9	5 Dec 2007 17:01:31 -0000	1.30
+++ f9	10 Dec 2007 14:31:34 -0000	1.31
@@ -43,20 +43,20 @@
 CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9]
 CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
 CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
-CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362811
+CVE-2007-5624 version (nagios, fixed 2.10) #362811 [since nagios-2.10-3.fc9]
 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731
 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531
 CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9]
 CVE-2007-5393 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
 CVE-2007-5393 backport (cups)
-CVE-2007-5393 VULNERABLE (poppler) #372521
+CVE-2007-5393 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
 CVE-2007-5393 VULNERABLE (kdegraphics) #372581
 CVE-2007-5393 VULNERABLE (koffice) #372611
 CVE-2007-5393 version (tetex) #372671 [since tetex-3.0-48.fc9]
 CVE-2007-5392 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
 CVE-2007-5392 backport (cups)
-CVE-2007-5392 VULNERABLE (poppler) #372521
+CVE-2007-5392 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
 CVE-2007-5392 VULNERABLE (kdegraphics) #372581
 CVE-2007-5392 VULNERABLE (koffice) #372611
 CVE-2007-5392 version (tetex) #372671 [since tetex-3.0-48.fc9]
@@ -72,6 +72,7 @@
 CVE-2007-4999 version (pidgin, fixed 2.2.2)
 CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364291
+CVE-2007-4575 version (openoffice.org, fixed 2.3.1) [since openoffice.org-2.3.1-9.1.fc9]
 CVE-2007-4752 version (openssh, fixed 4.7) #280461
 CVE-2007-4619 version (flac, fixed 1.2) #332581
 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5)
@@ -80,7 +81,7 @@
 CVE-2007-4400 VULNERABLE (konversation) #362931 Remove media script?
 CVE-2007-4352 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
 CVE-2007-4352 backport (cups)
-CVE-2007-4352 VULNERABLE (poppler) #372521
+CVE-2007-4352 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
 CVE-2007-4352 VULNERABLE (kdegraphics) #372581
 CVE-2007-4352 VULNERABLE (koffice) #372611
 CVE-2007-4352 version (tetex) #372671 [since tetex-3.0-48.fc9]


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.192
retrieving revision 1.193
diff -u -r1.192 -r1.193
--- fc7	5 Dec 2007 20:37:28 -0000	1.192
+++ fc7	10 Dec 2007 14:31:34 -0000	1.193
@@ -8,19 +8,20 @@
 # Up to date CVE as of CVE email 20071030
 # Up to date FC7 as of 20071029
 
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
 GENERIC-MAP-NOMATCH VULNERABLE (libxfcegui4) #412751
 GENERIC-MAP-NOMATCH VULNERABLE (libxfce4util) #412751
 GENERIC-MAP-NOMATCH VULNERABLE (xfce-panel) #412751
 CVE-2007-6239 VULNERABLE (squid, fixed 2.6.17) #412381
-CVE-2007-6210 VULNERABLE (zabbix) #407181 [since zabbix-1.4.2-3.fc7]
+CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]
 CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
 CVE-2007-6208 ignore (claws) We don't ship the script
 CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
 CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
 CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
-CVE-2007-6201 VULNERABLE (wesnoth, fixed 1.2.8)
-CVE-2007-6183 VULNERABLE (ruby-gnome2) #405591
+CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
+CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229]
 CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
 CVE-2007-6061 VULNERABLE (audacity) #393251
@@ -44,7 +45,7 @@
 CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
 CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
-CVE-2007-5742 VULNERABLE (wesnoth, fixed 1.2.8)
+CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
 CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
 CVE-2007-5715 backport (denyhosts) fixed long ago
 CVE-2007-5712 version (Django, fixed 0.96.1) #362761 [since FEDORA-2007-3157]
@@ -52,7 +53,7 @@
 CVE-2007-5707 backport (openldap, fixed 2.3.39) #360081 [since FEDORA-2007-3124]
 CVE-2007-5690 version (zaptel) [since FEDORA-2007-3094] not really an issue
 CVE-2007-5626 ignore (bacula) known, documented limitation
-CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362791
+CVE-2007-5624 version (nagios, fixed 2.10) #362791 [since FEDORA-2007-4123]
 CVE-2007-5623 backport (nagios-plugins) #348731 [since FEDORA-2007-2713]
 CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
 CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
@@ -62,6 +63,8 @@
 CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738]
 CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652]
 CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652]
+CVE-2007-5501 version (kernel) [since FEDORA-2007-3751]
+CVE-2007-5500 version (kernel) [since FEDORA-2007-3751]
 CVE-2007-5461 version (tomcat5) #334511 [since FEDORA-2007-3456]
 CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe
 CVE-2007-5398 version (samba) [since FEDORA-2007-3402]
@@ -148,6 +151,7 @@
 CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
 CVE-2007-4631 version (qgit) #268381 [since FEDORA-2007-2108]
 CVE-2007-4619 version (flac, fixed 1.2) #332571 [since FEDORA-2007-2596]
+CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-4120]
 CVE-2007-4573 version (kernel) [since FEDORA-2007-2298]
 CVE-2007-4572 version (samba) [since FEDORA-2007-3402]
 CVE-2007-4571 version (kernel) [since FEDORA-2007-2349]

More information about the Fedora-security-commits mailing list