From fedora-security-commits at redhat.com Wed Dec 3 21:58:50 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 3 Dec 2008 21:58:50 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.29, 1.30 f11, 1.1, 1.2 Message-ID: <20081203215850.B7ADF7011D@cvs1.fedora.phx.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv29745 Modified Files: f10 f11 Log Message: Note two chm2pdf flaws Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.29 retrieving revision 1.30 diff -u -r1.29 -r1.30 --- f10 26 Nov 2008 09:50:09 -0000 1.29 +++ f10 3 Dec 2008 21:58:20 -0000 1.30 @@ -4,6 +4,8 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-5299 VULNERABLE (chm2pdf) #474459 +CVE-2008-5298 VULNERABLE (chm2pdf) #474459 CVE-2008-5187 fixed (imlib2) #472579 [since FEDORA-2008-10364] CVE-2008-5153 VULNERABLE (moodle) #472120 CVE-2008-5148 fixed (geda-gnetlist) #472116 [since FEDORA-2008-9730] Index: f11 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f11,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- f11 26 Nov 2008 09:50:09 -0000 1.1 +++ f11 3 Dec 2008 21:58:20 -0000 1.2 @@ -4,6 +4,8 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-5299 VULNERABLE (chm2pdf) +CVE-2008-5298 VULNERABLE (chm2pdf) CVE-2008-5153 VULNERABLE (moodle) CVE-2008-5138 VULNERABLE (pam_mount) CVE-2008-5113 VULNERABLE (wordpress) #471992 From fedora-security-commits at redhat.com Thu Dec 4 13:06:16 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 4 Dec 2008 13:06:16 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.30, 1.31 f11, 1.2, 1.3 f8, 1.249, 1.250 f9, 1.240, 1.241 Message-ID: <20081204130616.E131E70124@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7315/audit Modified Files: f10 f11 f8 f9 Log Message: cups + bunch of updates Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.30 retrieving revision 1.31 diff -u -r1.30 -r1.31 --- f10 3 Dec 2008 21:58:20 -0000 1.30 +++ f10 4 Dec 2008 13:05:45 -0000 1.31 @@ -6,12 +6,15 @@ CVE-2008-5299 VULNERABLE (chm2pdf) #474459 CVE-2008-5298 VULNERABLE (chm2pdf) #474459 +CVE-2008-5286 ignore (cups) libpng prevents this CVE-2008-5187 fixed (imlib2) #472579 [since FEDORA-2008-10364] +CVE-2008-5184 version (cups, fixed 1.3.8) +CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.3.9-4.fc10] CVE-2008-5153 VULNERABLE (moodle) #472120 CVE-2008-5148 fixed (geda-gnetlist) #472116 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472112 CVE-2008-5113 VULNERABLE (wordpress) #471992 -CVE-2008-5110 VULNERABLE (syslog-ng) +CVE-2008-5110 VULNERABLE (syslog-ng) [since syslog-ng-2.0.10-1.fc10] CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10] CVE-2008-5076 fixed (htop) [since FEDORA-2008-9944] CVE-2008-5050 version (clamav, fixed 0.94.1) [since clamav-0.94.1-1.fc10] @@ -39,7 +42,7 @@ CVE-2008-4776 version (libgadu, fixed 1.8.2) [since libgadu-1.8.2-1.fc10] CVE-2008-4775 version (phpMyAdmin, fixed 3.0.1.1) [since phpMyAdmin-3.0.1.1-1.fc10] CVE-2008-4769 version (wordpress) -CVE-2008-4690 VULNERABLE (lynx) [since FEDORA-2008-9952] +CVE-2008-4690 fixed (lynx) [since FEDORA-2008-9952] CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] @@ -57,8 +60,9 @@ CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10] CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10] CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] +CVE-2008-4314 fixed (samba, fixed 3.0.33,3.2.5) [since FEDORA-2008-10612] CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] -CVE-2008-4309 VULNERABLE (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10] +CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-10451] CVE-2008-4306 fixed (enscript) [since enscript-1.6.4-11.fc10] CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] Index: f11 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f11,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- f11 3 Dec 2008 21:58:20 -0000 1.2 +++ f11 4 Dec 2008 13:05:45 -0000 1.3 @@ -6,18 +6,22 @@ CVE-2008-5299 VULNERABLE (chm2pdf) CVE-2008-5298 VULNERABLE (chm2pdf) +CVE-2008-5286 ignore (cups) libpng prevents this +CVE-2008-5184 version (cups, fixed 1.3.8) +CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) CVE-2008-5153 VULNERABLE (moodle) CVE-2008-5138 VULNERABLE (pam_mount) CVE-2008-5113 VULNERABLE (wordpress) #471992 -CVE-2008-5110 VULNERABLE (syslog-ng) -CVE-2008-4863 VULNERABLE (blender) [blender-2.48a-4.fc10] -CVE-2008-4690 VULNERABLE (lynx) [since lynx-2.8.6-18.fc10] +CVE-2008-5110 version (syslog-ng, fixed 2.0.10) [since syslog-ng-2.0.10-1.fc11] +CVE-2008-4863 backport (blender) [blender-2.48a-4.fc10] +CVE-2008-4690 backport (lynx) [since lynx-2.8.6-18.fc10] CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) -CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] -CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] -CVE-2008-4309 VULNERABLE (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10] +CVE-2008-4315 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] +CVE-2008-4314 version (samba, fixed 3.0.33,3.2.5) [since samba-3.2.5-0.23.fc11] +CVE-2008-4313 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] +CVE-2008-4309 version (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10] CVE-2008-4242 VULNERABLE (proftpd) #464130 CVE-2008-4190 VULNERABLE (openswan) CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.249 retrieving revision 1.250 diff -u -r1.249 -r1.250 --- f8 26 Nov 2008 09:50:09 -0000 1.249 +++ f8 4 Dec 2008 13:05:45 -0000 1.250 @@ -6,12 +6,15 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5286 ignore (cups) libpng prevents this CVE-2008-5187 fixed (imlib2) #472577 [since FEDORA-2008-10296] +CVE-2008-5184 version (cups, fixed 1.3.8) +CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.3.9-2.fc8] CVE-2008-5153 VULNERABLE (moodle) #472118 CVE-2008-5148 fixed (geda-gnetlist) #472114 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472110 CVE-2008-5113 VULNERABLE (wordpress) #471990 -CVE-2008-5110 VULNERABLE (syslog-ng) #471985 +CVE-2008-5110 VULNERABLE (syslog-ng) #471985 CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9639] CVE-2008-5076 fixed (htop) [since FEDORA-2008-9791] CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9651] @@ -39,7 +42,7 @@ CVE-2008-4776 fixed (libgadu, fixed 1.8.2) [since FEDORA-2008-9253] CVE-2008-4775 fixed (phpMyAdmin, fixed 3.0.1.1) [since FEDORA-2008-9336] CVE-2008-4769 version (wordpress) -CVE-2008-4690 VULNERABLE (lynx) #468549 [since FEDORA-2008-9597] +CVE-2008-4690 fixed (lynx) #468549 [since FEDORA-2008-9597] CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941] @@ -57,6 +60,7 @@ CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286] CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8270] CVE-2008-4315 ignore (tog-pegasus) +CVE-2008-4314 fixed (samba, fixed 3.0.33,3.2.5) [since FEDORA-2008-10638] CVE-2008-4313 ignore (tog-pegasus) CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9362] CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9351] @@ -318,7 +322,7 @@ CVE-2008-2051 fixed (php, fixed 5.2.6) [since FEDORA-2008-3864] CVE-2008-2050 ignore (php, fixed 5.2.6) CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 -CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-3.fc8] +CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-5.fc8] CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes CVE-2008-2000 ignore (WebKit) browser DoS @@ -331,7 +335,7 @@ CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] -CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8] +CVE-2008-1944 fixed (xen, fixed 3.2) [since FEDORA-2008-6940] CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.240 retrieving revision 1.241 diff -u -r1.240 -r1.241 --- f9 26 Nov 2008 09:50:09 -0000 1.240 +++ f9 4 Dec 2008 13:05:46 -0000 1.241 @@ -5,12 +5,15 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5286 ignore (cups) libpng prevents this CVE-2008-5187 fixed (imlib2) #472578 [since FEDORA-2008-10287] +CVE-2008-5184 version (cups, fixed 1.3.8) +CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.3.9-2.fc9] CVE-2008-5153 VULNERABLE (moodle) #472119 CVE-2008-5148 fixed (geda-gnetlist) #472115 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472111 CVE-2008-5113 VULNERABLE (wordpress) #471991 -CVE-2008-5110 VULNERABLE (syslog-ng) #471986 +CVE-2008-5110 VULNERABLE (syslog-ng) #471986 CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633] CVE-2008-5076 fixed (htop) [since FEDORA-2008-9728] CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9644] @@ -38,7 +41,7 @@ CVE-2008-4776 fixed (libgadu, fixed 1.8.2) [since FEDORA-2008-9293] CVE-2008-4775 fixed (phpMyAdmin, fixed 3.0.1.1) [since FEDORA-2008-9316] CVE-2008-4769 version (wordpress) -CVE-2008-4690 VULNERABLE (lynx) #468550 [since FEDORA-2008-9550] +CVE-2008-4690 fixed (lynx) #468550 [since FEDORA-2008-9550] CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] @@ -56,6 +59,7 @@ CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252] CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] +CVE-2008-4314 fixed (samba, fixed 3.0.33,3.2.5) [since FEDORA-2008-10518] CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9367] CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372] From fedora-security-commits at redhat.com Fri Dec 19 16:14:25 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 19 Dec 2008 16:14:25 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.31, 1.32 f11, 1.3, 1.4 f8, 1.250, 1.251 f9, 1.241, 1.242 Message-ID: <20081219161425.53F5970131@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15662/audit Modified Files: f10 f11 f8 f9 Log Message: large pile of updates Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- f10 4 Dec 2008 13:05:45 -0000 1.31 +++ f10 19 Dec 2008 16:13:54 -0000 1.32 @@ -4,18 +4,56 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc10] +CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10956] +CVE-2008-5657 version (quassel, fixed 0.3.0.3) [since quassel-0.3.0.3-1.fc10] +CVE-2008-5647 VULNERABLE (trac, fixed 0.11.2) +CVE-2008-5646 VULNERABLE (trac, fixed 0.11.2) +CVE-2008-5622 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11257] PMASA-2008-10, same as CVE-2008-5621? +CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11257] PMASA-2008-10 +CVE-2008-5620 VULNERABLE (roundcubemail, fixed 0.2-rc) [since roundcubemail-0.2-5.beta.fc10] +CVE-2008-5619 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11247] +CVE-2008-5618 VULNERABLE (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.21.9-1.fc10] +CVE-2008-5617 VULNERABLE (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.21.9-1.fc10] +CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [phpPgAdmin-4.2.2-1.fc10] +CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected +CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] +CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] +CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] +CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] +CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] +CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] +CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] +CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] +CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9903] +CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991] +CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991] CVE-2008-5299 VULNERABLE (chm2pdf) #474459 CVE-2008-5298 VULNERABLE (chm2pdf) #474459 CVE-2008-5286 ignore (cups) libpng prevents this CVE-2008-5187 fixed (imlib2) #472579 [since FEDORA-2008-10364] CVE-2008-5184 version (cups, fixed 1.3.8) -CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.3.9-4.fc10] +CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10895] CVE-2008-5153 VULNERABLE (moodle) #472120 CVE-2008-5148 fixed (geda-gnetlist) #472116 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472112 CVE-2008-5113 VULNERABLE (wordpress) #471992 -CVE-2008-5110 VULNERABLE (syslog-ng) [since syslog-ng-2.0.10-1.fc10] +CVE-2008-5110 fixed (syslog-ng) [since FEDORA-2008-10879] CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10] +CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc10] +CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) [since avahi-0.6.22-12.fc10] +CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10950] CVE-2008-5076 fixed (htop) [since FEDORA-2008-9944] CVE-2008-5050 version (clamav, fixed 0.94.1) [since clamav-0.94.1-1.fc10] CVE-2008-5030 fixed (libcdaudio) @@ -62,6 +100,7 @@ CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] CVE-2008-4314 fixed (samba, fixed 3.0.33,3.2.5) [since FEDORA-2008-10612] CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] +CVE-2008-4311 fixed (dbus, fixed 1.2.6) [since FEDORA-2008-10733] CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-10451] CVE-2008-4306 fixed (enscript) [since enscript-1.6.4-11.fc10] CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] @@ -71,8 +110,8 @@ CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-10038] CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10] CVE-2008-4190 VULNERABLE (openswan) -CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462873 -CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462873 +CVE-2008-4130 fixed (gallery2, fixed 2.2.6) #462873 [since FEDORA-2008-11218] +CVE-2008-4129 fixed (gallery2, fixed 2.2.6) #462873 [since FEDORA-2008-11218] CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw @@ -155,7 +194,7 @@ CVE-2008-3714 backport (awstats) #459743 [since awstats-6.8-2.fc10] CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected CVE-2008-3663 version (squirrelmail, fixed 1.4.16) #464186 [since squirrelmail-1.4.16-1.fc10] -CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462873 +CVE-2008-3662 fixed (gallery2, fixed 2.2.6) #462873 [since FEDORA-2008-11218] CVE-2008-3661 fixed (drupal) #464165 ignored by upstream [since drupal-6.5-1.fc10] CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] Index: f11 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f11,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- f11 4 Dec 2008 13:05:45 -0000 1.3 +++ f11 19 Dec 2008 16:13:54 -0000 1.4 @@ -4,15 +4,53 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc10] +CVE-2008-5660 version (vinagre, fixed 0.5.2,2.24.2) [since vinagre-2.25.3-1.fc11] +CVE-2008-5657 version (quassel, fixed 0.3.0.3) [since quassel-0.3.0.3-1.fc11] +CVE-2008-5647 version (trac, fixed 0.11.2) [since trac-0.11.2.1-2.fc11] +CVE-2008-5646 version (trac, fixed 0.11.2) [since trac-0.11.2.1-2.fc11] +CVE-2008-5622 version (phpMyAdmin, fixed 3.1.1) [since phpMyAdmin-3.1.1-1.fc11] PMASA-2008-10, same as CVE-2008-5621? +CVE-2008-5621 version (phpMyAdmin, fixed 3.1.1) [since phpMyAdmin-3.1.1-1.fc11] PMASA-2008-10 +CVE-2008-5620 backport (roundcubemail, fixed 0.2-rc) [sice roundcubemail-0.2-5.beta.fc11] +CVE-2008-5619 backport (roundcubemail, fixed 0.2-rc) [since roundcubemail-0.2-4.beta.fc11] +CVE-2008-5618 version (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.21.9-1.fc11] +CVE-2008-5617 version (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.21.9-1.fc11] +CVE-2008-5587 version (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc11] +CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected +CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5512 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] +CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5511 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] +CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5510 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] +CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5508 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] +CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5507 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] +CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5506 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] +CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5503 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] +CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5500 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] +CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5432 version (moodle, fixed 1.8.7,1.9.3) [since moodle-1.9.3-3.fc11] +CVE-2008-5398 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11] +CVE-2008-5397 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11] CVE-2008-5299 VULNERABLE (chm2pdf) CVE-2008-5298 VULNERABLE (chm2pdf) CVE-2008-5286 ignore (cups) libpng prevents this CVE-2008-5184 version (cups, fixed 1.3.8) -CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) +CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.4-0.b1.5.fc11] CVE-2008-5153 VULNERABLE (moodle) CVE-2008-5138 VULNERABLE (pam_mount) CVE-2008-5113 VULNERABLE (wordpress) #471992 CVE-2008-5110 version (syslog-ng, fixed 2.0.10) [since syslog-ng-2.0.10-1.fc11] +CVE-2008-5086 backport (libvirt) [since libvirt-0.5.1-2.fc11] +CVE-2008-5081 version (avahi, fixed 0.6.24) [since avahi-0.6.24-1.fc11] +CVE-2008-5080 backport (awstats) [since awstats-6.8-3.fc11] CVE-2008-4863 backport (blender) [blender-2.48a-4.fc10] CVE-2008-4690 backport (lynx) [since lynx-2.8.6-18.fc10] CVE-2008-4641 VULNERABLE (jhead) @@ -21,6 +59,7 @@ CVE-2008-4315 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] CVE-2008-4314 version (samba, fixed 3.0.33,3.2.5) [since samba-3.2.5-0.23.fc11] CVE-2008-4313 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] +CVE-2008-4311 version (dbus, fixed 1.2.6) [since dbus-1.2.6-1.fc11] CVE-2008-4309 version (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10] CVE-2008-4242 VULNERABLE (proftpd) #464130 CVE-2008-4190 VULNERABLE (openswan) Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.250 retrieving revision 1.251 diff -u -r1.250 -r1.251 --- f8 4 Dec 2008 13:05:45 -0000 1.250 +++ f8 19 Dec 2008 16:13:54 -0000 1.251 @@ -6,16 +6,52 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc8] +CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10941] +CVE-2008-5647 VULNERABLE (trac, 0.11.2) +CVE-2008-5646 VULNERABLE (trac, 0.11.2) +CVE-2008-5622 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11221] PMASA-2008-10, same as CVE-2008-5621? +CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11221] PMASA-2008-10 +CVE-2008-5620 VULNERABLE (roundcubemail, 0.2-rc) [since roundcubemail-0.2-5.beta.fc8] +CVE-2008-5619 fixed (roundcubemail, 0.2-rc) [since FEDORA-2008-11220] +CVE-2008-5618 ignore (rsyslog, 3.20.2) not affected +CVE-2008-5617 ignore (rsyslog, 3.20.1) not affected +CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc8] +CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected +CVE-2008-5513 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] +CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] +CVE-2008-5512 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] +CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] +CVE-2008-5511 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] +CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] +CVE-2008-5510 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] +CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] +CVE-2008-5508 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] +CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] +CVE-2008-5507 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] +CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] +CVE-2008-5506 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] +CVE-2008-5504 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] +CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] +CVE-2008-5503 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] +CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] +CVE-2008-5500 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] +CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9502] +CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10954] +CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10954] CVE-2008-5286 ignore (cups) libpng prevents this CVE-2008-5187 fixed (imlib2) #472577 [since FEDORA-2008-10296] CVE-2008-5184 version (cups, fixed 1.3.8) -CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.3.9-2.fc8] +CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10911] CVE-2008-5153 VULNERABLE (moodle) #472118 CVE-2008-5148 fixed (geda-gnetlist) #472114 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472110 CVE-2008-5113 VULNERABLE (wordpress) #471990 -CVE-2008-5110 VULNERABLE (syslog-ng) #471985 +CVE-2008-5110 fixed (syslog-ng) #471985 [since FEDORA-2008-10920] CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9639] +CVE-2008-5086 VULNERABLE (libvirt) +CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) +CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10938] CVE-2008-5076 fixed (htop) [since FEDORA-2008-9791] CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9651] CVE-2008-5030 fixed (libcdaudio) @@ -62,6 +98,7 @@ CVE-2008-4315 ignore (tog-pegasus) CVE-2008-4314 fixed (samba, fixed 3.0.33,3.2.5) [since FEDORA-2008-10638] CVE-2008-4313 ignore (tog-pegasus) +CVE-2008-4311 VULNERABLE (dbus, fixed 1.2.6) CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9362] CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9351] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 @@ -71,8 +108,8 @@ CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9729] CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423] CVE-2008-4190 VULNERABLE (openswan) -CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871 -CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462871 +CVE-2008-4130 fixed (gallery2, fixed 2.2.6) #462871 [since FEDORA-2008-11230] +CVE-2008-4129 fixed (gallery2, fixed 2.2.6) #462871 [since FEDORA-2008-11230] CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw @@ -150,7 +187,7 @@ CVE-2008-3714 fixed (awstats) #459741 [since FEDORA-2008-7684] CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719] CVE-2008-3663 fixed (squirrelmail, fixed 1.4.16) #464184 [since FEDORA-2008-9071] -CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871 +CVE-2008-3662 fixed (gallery2, fixed 2.2.6) #462871 [since FEDORA-2008-11230] CVE-2008-3661 fixed (drupal) #464163 [since FEDORA-2008-8905] ignored by upstream CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.241 retrieving revision 1.242 diff -u -r1.241 -r1.242 --- f9 4 Dec 2008 13:05:46 -0000 1.241 +++ f9 19 Dec 2008 16:13:54 -0000 1.242 @@ -5,16 +5,54 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc9] +CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10932] +CVE-2008-5657 fixed (quassel, fixed 0.3.0.3) [since FEDORA-2008-9658] +CVE-2008-5647 VULNERABLE (trac, fixed 0.11.2) +CVE-2008-5646 VULNERABLE (trac, fixed 0.11.2) +CVE-2008-5622 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11208] PMASA-2008-10, same as CVE-2008-5621? +CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11208] PMASA-2008-10 +CVE-2008-5620 VULNERABLE (roundcubemail, fixed 0.2-rc) +CVE-2008-5619 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11234] +CVE-2008-5618 VULNERABLE (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.20.2-2.fc9] +CVE-2008-5617 VULNERABLE (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.20.2-2.fc9] +CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc9] +CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected +CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] +CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] +CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] +CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] +CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] +CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] +CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] +CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] +CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9508] +CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989] +CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989] CVE-2008-5286 ignore (cups) libpng prevents this CVE-2008-5187 fixed (imlib2) #472578 [since FEDORA-2008-10287] CVE-2008-5184 version (cups, fixed 1.3.8) -CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.3.9-2.fc9] +CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10917] CVE-2008-5153 VULNERABLE (moodle) #472119 CVE-2008-5148 fixed (geda-gnetlist) #472115 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472111 CVE-2008-5113 VULNERABLE (wordpress) #471991 -CVE-2008-5110 VULNERABLE (syslog-ng) #471986 +CVE-2008-5110 fixed (syslog-ng) #471986 [since FEDORA-2008-10752] CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633] +CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc9] +CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) +CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10962] CVE-2008-5076 fixed (htop) [since FEDORA-2008-9728] CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9644] CVE-2008-5030 fixed (libcdaudio) @@ -61,6 +99,7 @@ CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] CVE-2008-4314 fixed (samba, fixed 3.0.33,3.2.5) [since FEDORA-2008-10518] CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] +CVE-2008-4311 fixed (dbus, fixed 1.2.6) [since FEDORA-2008-10907] CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9367] CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 @@ -70,8 +109,8 @@ CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9773] CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379] CVE-2008-4190 VULNERABLE (openswan) -CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872 -CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462872 +CVE-2008-4130 fixed (gallery2, fixed 2.2.6) #462872 [since FEDORA-2008-11258] +CVE-2008-4129 fixed (gallery2, fixed 2.2.6) #462872 [since FEDORA-2008-11258] CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw @@ -154,7 +193,7 @@ CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663] CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739] CVE-2008-3663 fixed (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559] -CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872 +CVE-2008-3662 fixed (gallery2, fixed 2.2.6) #462872 [since FEDORA-2008-11258] CVE-2008-3661 fixed (drupal) #464164 [since FEDORA-2008-8852] ignored by upstream CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] From fedora-security-commits at redhat.com Fri Dec 19 19:22:52 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 19 Dec 2008 19:22:52 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.32, 1.33 f8, 1.251, 1.252 f9, 1.242, 1.243 Message-ID: <20081219192252.CC6637012F@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30906/audit Modified Files: f10 f8 f9 Log Message: few more Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.32 retrieving revision 1.33 diff -u -r1.32 -r1.33 --- f10 19 Dec 2008 16:13:54 -0000 1.32 +++ f10 19 Dec 2008 19:22:21 -0000 1.33 @@ -4,6 +4,8 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-5695 version (wordpress, fixed 2.3.3) +CVE-2008-5695 version (wordpress-mu, fixed 1.3.3) CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc10] CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10956] CVE-2008-5657 version (quassel, fixed 0.3.0.3) [since quassel-0.3.0.3-1.fc10] @@ -54,6 +56,7 @@ CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc10] CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) [since avahi-0.6.22-12.fc10] CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10950] +CVE-2008-5078 ignore (enscript) 1.6.1 only CVE-2008-5076 fixed (htop) [since FEDORA-2008-9944] CVE-2008-5050 version (clamav, fixed 0.94.1) [since clamav-0.94.1-1.fc10] CVE-2008-5030 fixed (libcdaudio) Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.251 retrieving revision 1.252 diff -u -r1.251 -r1.252 --- f8 19 Dec 2008 16:13:54 -0000 1.251 +++ f8 19 Dec 2008 19:22:22 -0000 1.252 @@ -6,6 +6,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5695 version (wordpress, fixed 2.3.3) CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc8] CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10941] CVE-2008-5647 VULNERABLE (trac, 0.11.2) @@ -52,6 +53,7 @@ CVE-2008-5086 VULNERABLE (libvirt) CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10938] +CVE-2008-5078 ignore (enscript) 1.6.1 only CVE-2008-5076 fixed (htop) [since FEDORA-2008-9791] CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9651] CVE-2008-5030 fixed (libcdaudio) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.242 retrieving revision 1.243 diff -u -r1.242 -r1.243 --- f9 19 Dec 2008 16:13:54 -0000 1.242 +++ f9 19 Dec 2008 19:22:22 -0000 1.243 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5695 version (wordpress, fixed 2.3.3) CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc9] CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10932] CVE-2008-5657 fixed (quassel, fixed 0.3.0.3) [since FEDORA-2008-9658] @@ -53,6 +54,7 @@ CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc9] CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10962] +CVE-2008-5078 ignore (enscript) 1.6.1 only CVE-2008-5076 fixed (htop) [since FEDORA-2008-9728] CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9644] CVE-2008-5030 fixed (libcdaudio)