[Fedora-security-commits] fedora-security/audit f8, 1.193, 1.194 f9, 1.183, 1.184 fc7, 1.349, 1.350
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Mon Apr 14 17:02:32 UTC 2008
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.192, 1.193 f9, 1.182, 1.183 fc7, 1.348, 1.349
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.194, 1.195 f9, 1.184, 1.185 fc7, 1.350, 1.351
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9476/audit
Modified Files:
f8 f9 fc7
Log Message:
add clamav, note rsync bz id, update nethack note
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.193
retrieving revision 1.194
diff -u -r1.193 -r1.194
--- f8 14 Apr 2008 08:48:58 -0000 1.193
+++ f8 14 Apr 2008 17:02:02 -0000 1.194
@@ -4,10 +4,10 @@
# *CVE are items that need verification for Fedora 8
# (mozilla) = (gecko-libs dependent stuff)
-441683 VULNERABLE (rsync, fixed 3.0.2) #441690
293031 fixed (nx) #293031 [since FEDORA-2008-2258]
249840 VULNERABLE (tor)
CVE-2008-1729 ignore (drupal) 6.x only
+CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441690
CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441247
CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987]
CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375
@@ -59,6 +59,7 @@
CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only
CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043]
+CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442363
CVE-2008-1099 VULNERABLE (moin) #438673
CVE-2008-1098 VULNERABLE (moin) #438673
CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package
@@ -332,7 +333,7 @@
CVE-2007-5333 fixed (tomcat5) #428255 [since FEDORA-2008-1467]
CVE-2007-5201 fixed (duplicity, no upstream fix) #362831 [since FEDORA-2008-1521]
CVE-2007-5200 version (hugin) #362861 [since FEDORA-2007-2807] hugin-0.6.1-11.fc8
-CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891
+CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362891
CVE-2007-5197 version (mono, fixed 1.2.5.1) #367541 [since FEDORA-2007-2969]
CVE-2007-5162 version (ruby) [since FEDORA-2007-2812]
CVE-2007-5116 backport (perl) #378141 [since FEDORA-2007-3218]
@@ -429,6 +430,7 @@
CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this.
CVE-2006-2894 version (firefox, fixed 2.0.0.8)
CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511
+CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group
CVE-2006-0987 ignore (bind) example config file only
CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253
CVE-2005-4809 ignore (firefox) Status bar can be modified anyways
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.183
retrieving revision 1.184
diff -u -r1.183 -r1.184
--- f9 14 Apr 2008 08:48:58 -0000 1.183
+++ f9 14 Apr 2008 17:02:02 -0000 1.184
@@ -5,9 +5,9 @@
# (mozilla) = (gecko-libs dependent stuff)
none version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9]
-441683 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9]
249840 VULNERABLE (tor)
CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9]
+CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9]
CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441248
CVE-2008-1658 VULNERABLE (PolicyKit) #439996
CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376
@@ -57,6 +57,7 @@
CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9]
CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9]
+CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364
CVE-2008-1099 VULNERABLE (moin) #438674
CVE-2008-1098 VULNERABLE (moin) #438674
CVE-2008-1078 VULNERABLE (am-utils) #437746
@@ -404,6 +405,7 @@
CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this.
CVE-2006-2894 version (firefox, fixed 2.0.0.8)
CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511
+CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group
CVE-2006-0987 ignore (bind) example config file only
CVE-2006-0496 ignore (firefox) Feature, not a bug moz #324253
CVE-2005-4809 ignore (firefox) Status bar can be modified anyways
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.349
retrieving revision 1.350
diff -u -r1.349 -r1.350
--- fc7 14 Apr 2008 08:48:58 -0000 1.349
+++ fc7 14 Apr 2008 17:02:02 -0000 1.350
@@ -5,10 +5,10 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-441683 VULNERABLE (rsync, fixed 3.0.2) #441689
293031 fixed (nx) #293031 [since FEDORA-2008-2258]
249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
CVE-2008-1729 ignore (drupal) 6.x only
+CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) #441689
CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246
CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461
CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788]
@@ -59,6 +59,7 @@
CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only
CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
+CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442362
CVE-2008-1099 VULNERABLE (moin) #438672
CVE-2008-1098 VULNERABLE (moin) #438672
CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package
@@ -354,7 +355,7 @@
CVE-2007-5208 backport (hplip) #329111 [since FEDORA-2007-2527]
CVE-2007-5201 fixed (duplicity) #362821 [since FEDORA-2008-1584]
CVE-2007-5200 backport (hugin) #362851 [since FEDORA-2007-2989]
-CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881
+CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362881
CVE-2007-5197 backport (mono, fixed 1.2.5.1) #367531 [since FEDORA-2007-3130]
CVE-2007-5191 backport (util-linux) #320141 [since FEDORA-2007-2462]
CVE-2007-5162 version (ruby) #313801 [since FEDORA-2007-2406]
@@ -1527,7 +1528,7 @@
CVE-2006-1494 version (php, fixed 5.1.3)
CVE-2006-1490 version (php, fixed 5.1.4)
CVE-2006-1470 version (openldap, not 2.3.24 at least)
-CVE-2006-1390 ignore (nethack) Gentoo-specific problem bz#187353
+CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group
*CVE-2006-1370 ** (helixplayer)
CVE-2006-1368 version (kernel, fixed 2.6.16)
CVE-2006-1354 version (freeradius, fixed 1.1.2 at least)
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.192, 1.193 f9, 1.182, 1.183 fc7, 1.348, 1.349
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.194, 1.195 f9, 1.184, 1.185 fc7, 1.350, 1.351
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-security-commits
mailing list