[Fedora-security-commits] fedora-security/audit f8, 1.210, 1.211 f9, 1.200, 1.201 fc7, 1.366, 1.367

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Mon Apr 28 09:05:24 UTC 2008 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5100/audit

Modified Files:
	f8 f9 fc7 
Log Message:
add kdelibs, kronolith, xine-lib, wordpress, some of them are non-issues for us



Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.210
retrieving revision 1.211
diff -u -r1.210 -r1.211
--- f8	25 Apr 2008 15:23:13 -0000	1.210
+++ f8	28 Apr 2008 09:04:54 -0000	1.211
@@ -6,7 +6,10 @@
 
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 VULNERABLE (tor) 
+CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 
+CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
 CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
+CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0
 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443940 
 CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-2.fc8] 
 CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc8] PMASA-2008-3
@@ -29,6 +32,9 @@
 CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
 CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441247 [since FEDORA-2008-3059] 
 CVE-2008-1686 fixed (speex) #442572 [since FEDORA-2008-3103] 
+CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
+CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
+CVE-2008-1670 VULNERABLE (kdelibs4) #444399 kdelibs 4.x only
 CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987] 
 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375
 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778] 


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.200
retrieving revision 1.201
diff -u -r1.200 -r1.201
--- f9	25 Apr 2008 15:23:13 -0000	1.200
+++ f9	28 Apr 2008 09:04:54 -0000	1.201
@@ -5,7 +5,10 @@
 # (mozilla) = (gecko-libs dependent stuff)
 
 rhbz249840 VULNERABLE (tor) 
+CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405 
+CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
 CVE-2008-1937 VULNERABLE (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] 
+CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0
 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941 
 CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] 
 CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3
@@ -30,6 +33,8 @@
 CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
 CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9]
 CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3]
+CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped
+CVE-2008-1670 VULNERABLE (kdelibs) [since kdelibs-4.0.3-7.fc9] 
 CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9]
 CVE-2008-1657 version (openssh, fixed 4.9) #440376 [since openssh-5.0p1-1.fc9]
 CVE-2008-1652 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9]


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.366
retrieving revision 1.367
diff -u -r1.366 -r1.367
--- fc7	25 Apr 2008 15:23:13 -0000	1.366
+++ fc7	28 Apr 2008 09:04:54 -0000	1.367
@@ -7,7 +7,10 @@
 
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] 
+CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 
+CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
 CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
+CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0
 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 
 CVE-2008-1926 VULNERABLE (util-linux) 
 CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3
@@ -30,6 +33,9 @@
 CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
 CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117] 
 CVE-2008-1686 fixed (speex) #442571 [since FEDORA-2008-3191] 
+CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
+CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
+CVE-2008-1670 VULNERABLE (kdelibs4) #444398 kdelibs 4.x only
 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461
 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] 
 CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440248 [since FEDORA-2008-3010]

More information about the Fedora-security-commits mailing list