[Fedora-security-commits] fedora-security/audit f8, 1.191, 1.192 f9, 1.181, 1.182 fc7, 1.347, 1.348
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Thu Apr 10 06:35:19 UTC 2008
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.190, 1.191 f9, 1.180, 1.181 fc7, 1.346, 1.347
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.192, 1.193 f9, 1.182, 1.183 fc7, 1.348, 1.349
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21978/audit
Modified Files:
f8 f9 fc7
Log Message:
add rsync
check-updates
(bah, i forgot to commit yesterday)
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.191
retrieving revision 1.192
diff -u -r1.191 -r1.192
--- f8 7 Apr 2008 12:16:06 -0000 1.191
+++ f8 10 Apr 2008 06:34:49 -0000 1.192
@@ -4,36 +4,37 @@
# *CVE are items that need verification for Fedora 8
# (mozilla) = (gecko-libs dependent stuff)
+441683 VULNERABLE (rsync, fixed 3.0.2) #441690
293031 fixed (nx) #293031 [since FEDORA-2008-2258]
249840 VULNERABLE (tor)
CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441247
-CVE-2008-1658 VULNERABLE (PolicyKit) #439995
+CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987]
CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375
CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778]
-CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440249
+CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440249 [since FEDORA-2008-3036]
CVE-2008-1628 VULNERABLE (audit) [since audit-1.6.8-4.fc8]
CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868]
CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740]
CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635
CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1)
-CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435487
-CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435487
-CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435487
+CVE-2008-1563 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040]
+CVE-2008-1562 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040]
+CVE-2008-1561 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040]
CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641]
CVE-2008-1532 version (Perlbal, fixed 1.70) #439056 [since FEDORA-2008-2778]
CVE-2008-1531 VULNERABLE (lighttpd) #439068
CVE-2008-1515 VULNERABLE (otrs) #439724
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
-CVE-2008-1482 VULNERABLE (xine-lib) #438670 [since FEDORA-2008-2849]
+CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849]
CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370]
CVE-2008-1468 fixed (namazu) #438667 [since FEDORA-2008-2767]
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554]
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
-CVE-2008-1373 VULNERABLE (cups) #440040 [since FEDORA-2008-2131]
-CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855
+CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131]
+CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
CVE-2008-1360 VULNERABLE (nagios) #437850
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 ignore (asterisk) not affected
@@ -60,9 +61,9 @@
CVE-2008-1099 VULNERABLE (moin) #438673
CVE-2008-1098 VULNERABLE (moin) #438673
CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package
-CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435487
-CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435487
-CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435487
+CVE-2008-1072 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040]
+CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040]
+CVE-2008-1070 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040]
CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911]
CVE-2008-1066 VULNERABLE (gallery2) #438058 [since FEDORA-2008-2587]
CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062
@@ -74,7 +75,7 @@
CVE-2008-0928 fixed (kvm) #433564 [since FEDORA-2008-1973]
CVE-2008-0928 fixed (xen) #434639 [since FEDORA-2008-2057]
CVE-2008-0888 ignore (unzip) caught by glibc malloc checks
-CVE-2008-0887 VULNERABLE (gnome-screensaver) #440256
+CVE-2008-0887 fixed (gnome-screensaver) #440256 [since FEDORA-2008-3017]
CVE-2008-0882 fixed (cups, fixed 1.3.6) #433803 [since FEDORA-2008-1901]
CVE-2008-0782 fixed (moin) #432019 [since FEDORA-2008-1562]
CVE-2008-0781 fixed (moin) #432750 [since FEDORA-2008-1905]
@@ -167,7 +168,7 @@
CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901]
-CVE-2008-0047 VULNERABLE (cups) #440040 [since FEDORA-2008-2131]
+CVE-2008-0047 fixed (cups) #440040 [since FEDORA-2008-2131]
CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994]
CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794]
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
@@ -224,7 +225,7 @@
CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423291
+CVE-2007-6321 VULNERABLE (roundcubemail) #423291 [since FEDORA-2008-2962]
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6313 ignore (mysql) 5.1+ only
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
@@ -354,7 +355,7 @@
CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
CVE-2007-4476 backport (tar) #280961 [since FEDORA-2007-2800] tar-1.17-4.fc8
CVE-2007-4476 backport (cpio, not fixed 2.9) #363891 [since FEDORA-2007-2827] cpio-2.9-5.fc8
-CVE-2007-4400 VULNERABLE (konversation) #362921 [since FEDORA-2008-2062] Remove media script?
+CVE-2007-4400 fixed (konversation) #362921 [since FEDORA-2008-2062] Remove media script?
CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982]
CVE-2007-4352 backport (xpdf) #372471 [since FEDORA-2007-3014]
CVE-2007-4352 backport (cups) [since FEDORA-2007-2982]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.181
retrieving revision 1.182
diff -u -r1.181 -r1.182
--- f9 7 Apr 2008 12:16:06 -0000 1.181
+++ f9 10 Apr 2008 06:34:49 -0000 1.182
@@ -4,6 +4,7 @@
# *CVE are items that need verification for Fedora 9
# (mozilla) = (gecko-libs dependent stuff)
+441683 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9]
249840 VULNERABLE (tor)
CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441248
CVE-2008-1658 VULNERABLE (PolicyKit) #439996
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.347
retrieving revision 1.348
diff -u -r1.347 -r1.348
--- fc7 7 Apr 2008 12:16:06 -0000 1.347
+++ fc7 10 Apr 2008 06:34:49 -0000 1.348
@@ -5,35 +5,36 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
+441683 VULNERABLE (rsync, fixed 3.0.2) #441689
293031 fixed (nx) #293031 [since FEDORA-2008-2258]
249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246
CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461
CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788]
-CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440248
+CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440248 [since FEDORA-2008-3010]
CVE-2008-1628 ignore (audit) affected function not used by anything
CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2815]
CVE-2008-1612 backport (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2729]
CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635
CVE-2008-1567 VULNERABLE (phpmyadmin, fixed 2.11.5.1)
-CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435485
-CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435485
-CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435485
+CVE-2008-1563 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941]
+CVE-2008-1562 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941]
+CVE-2008-1561 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941]
CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641]
CVE-2008-1532 version (Perlbal, fixed 1.70) #439055 [since FEDORA-2008-2788]
CVE-2008-1531 VULNERABLE (lighttpd) #439067
CVE-2008-1515 VULNERABLE (otrs) #439723
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
-CVE-2008-1482 VULNERABLE (xine-lib) #438669
+CVE-2008-1482 fixed (xine-lib) #438669 [since FEDORA-2008-2945]
CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471]
CVE-2008-1468 fixed (namazu) #438666 [since FEDORA-2008-2678]
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620]
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
-CVE-2008-1373 VULNERABLE (cups) #440042
-CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855
+CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897]
+CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
CVE-2008-1360 VULNERABLE (nagios) #437851
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 ignore (asterisk) not affected
@@ -60,9 +61,9 @@
CVE-2008-1099 VULNERABLE (moin) #438672
CVE-2008-1098 VULNERABLE (moin) #438672
CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package
-CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435485
-CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435485
-CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435485
+CVE-2008-1072 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941]
+CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941]
+CVE-2008-1070 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941]
CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928]
CVE-2008-1066 VULNERABLE (gallery2) #438059 [since FEDORA-2008-2650]
CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656]
@@ -74,7 +75,7 @@
CVE-2008-0928 fixed (kvm) #433565 [since FEDORA-2008-1993]
CVE-2008-0928 fixed (xen) #434638 [since FEDORA-2008-2083]
CVE-2008-0888 ignore (unzip) caught by glibc malloc checks
-CVE-2008-0887 VULNERABLE (gnome-screensaver) #440255
+CVE-2008-0887 fixed (gnome-screensaver) #440255 [since FEDORA-2008-2967]
CVE-2008-0806 fixed (wyrd) #433721 [since FEDORA-2008-1986]
CVE-2008-0882 fixed (cups, fixed 1.3.6) #433802 [since FEDORA-2008-1976]
CVE-2008-0782 fixed (moin) #432020 [since FEDORA-2008-1486]
@@ -161,12 +162,12 @@
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
-CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438191
+CVE-2008-0073 fixed (xine-lib, fixed 1.1.11) #438191 [since FEDORA-2008-2945]
CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290]
CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
-CVE-2008-0053 VULNERABLE (cups) #440042
-CVE-2008-0047 VULNERABLE (cups) #440042
+CVE-2008-0053 fixed (cups) #440042 [since FEDORA-2008-2897]
+CVE-2008-0047 fixed (cups) #440042 [since FEDORA-2008-2897]
CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994]
CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891]
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
@@ -222,7 +223,7 @@
CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423281
+CVE-2007-6321 VULNERABLE (roundcubemail) #423281 [since FEDORA-2008-3019]
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6313 ignore (mysql) 5.1+ only
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
@@ -432,7 +433,7 @@
CVE-2007-4465 version (httpd) [since FEDORA-2007-2214]
CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
CVE-2007-4460 backport (id3lib) #253553 [since FEDORA-2007-1774]
-CVE-2007-4400 VULNERABLE (konversation) #362911 [since FEDORA-2008-2122]
+CVE-2007-4400 fixed (konversation) #362911 [since FEDORA-2008-2122]
CVE-2007-4357 ignore (firefox) status bar can be overwrittten
CVE-2007-4352 backport (xpdf) #372461 [since FEDORA-2007-3031]
CVE-2007-4352 backport (cups) [since FEDORA-2007-3100]
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.190, 1.191 f9, 1.180, 1.181 fc7, 1.346, 1.347
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.192, 1.193 f9, 1.182, 1.183 fc7, 1.348, 1.349
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-security-commits
mailing list