[Fedora-security-commits] fedora-security/audit f8, 1.109, 1.110 f9, 1.100, 1.101 fc7, 1.265, 1.266

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Mon Feb 4 11:45:57 UTC 2008 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24341/audit

Modified Files:
	f8 f9 fc7 
Log Message:
fix SDL_image CVE ids
add openldap
note some updates



Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.109
retrieving revision 1.110
diff -u -r1.109 -r1.110
--- f8	1 Feb 2008 16:23:25 -0000	1.109
+++ f8	4 Feb 2008 11:45:26 -0000	1.110
@@ -8,11 +8,11 @@
 # Up to date F8 as of 20080111
 
 GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635
-GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430694 ILBM overflow
 GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043]
-GENERIC-MAP-NOMATCH VULNERABLE (deluge, fixed 0.5.8.3) 
-GENERIC-MAP-NOMATCH VULNERABLE (rb_libtorrent) 
+GENERIC-MAP-NOMATCH fixed (deluge, fixed 0.5.8.3) [since FEDORA-2008-1287]
+GENERIC-MAP-NOMATCH fixed (rb_libtorrent) [since FEDORA-2008-1198]
 GENERIC-MAP-NOMATCH VULNERABLE (gnumeric, fixed 1.8.1) #431228 SA28725
+CVE-2008-0544 fixed (SDL_image) #430694 [since FEDORA-2008-1208] ILBM overflow
 CVE-2008-0460 VULNERABLE (mediawiki) #430288 
 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] 
 CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] 
@@ -41,6 +41,8 @@
 CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] 
 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 
 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] 
+CVE-2007-6698 version (openldap, fixed 2.3.36) 
+CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430241 [since FEDORA-2008-1208]
 CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] 
 CVE-2007-6692 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] 
 CVE-2007-6691 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] 
@@ -278,7 +280,6 @@
 CVE-2006-5170 version (nss_ldap, fixed 183)
 CVE-2006-4573 version (screen, fixed 4.0.3) #212057
 CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this.
-CVE-2006-4484 VULNERABLE (SDL_image, fixed 1.2.7) #430241 
 CVE-2006-2894 version (firefox, fixed 2.0.0.8)
 CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511
 CVE-2006-0987 ignore (bind) example config file only


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.100
retrieving revision 1.101
diff -u -r1.100 -r1.101
--- f9	1 Feb 2008 16:23:25 -0000	1.100
+++ f9	4 Feb 2008 11:45:26 -0000	1.101
@@ -8,11 +8,11 @@
 # Up to date F9 as of 20071029
 
 GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635
-GENERIC-MAP-NOMATCH backport (SDL_image) #430696 ILBM overflow [since SDL_image-1.2.6-5.fc9]
 GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9]
 GENERIC-MAP-NOMATCH version (deluge, fixed 0.5.8.3) [since deluge-0.5.8.3-1.fc9]
 GENERIC-MAP-NOMATCH backport (rb_libtorrent) [since rb_libtorrent-0.12-3.fc9]
 GENERIC-MAP-NOMATCH version (gnumeric, fixed 1.8.1) [since gnumeric-1.8.1-1.fc9] SA28725
+CVE-2008-0544 backport (SDL_image) #430696 ILBM overflow [since SDL_image-1.2.6-5.fc9]
 CVE-2008-0460 VULNERABLE (mediawiki) #430289 
 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9]
 CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9]
@@ -41,6 +41,8 @@
 CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 
 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) 
+CVE-2007-6698 version (openldap, fixed 2.3.36) 
+CVE-2007-6697 backport (SDL_image, fixed 1.2.7) #430238 [since SDL_image-1.2.6-4.fc9]
 CVE-2007-6693 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] 
 CVE-2007-6692 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] 
 CVE-2007-6691 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] 
@@ -259,7 +261,6 @@
 CVE-2006-5170 version (nss_ldap, fixed 183)
 CVE-2006-4573 version (screen, fixed 4.0.3) #212057
 CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this.
-CVE-2006-4484 backport (SDL_image, fixed 1.2.7) #430238 [since SDL_image-1.2.6-4.fc9]
 CVE-2006-2894 version (firefox, fixed 2.0.0.8)
 CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511
 CVE-2006-0987 ignore (bind) example config file only


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.265
retrieving revision 1.266
diff -u -r1.265 -r1.266
--- fc7	1 Feb 2008 16:23:25 -0000	1.265
+++ fc7	4 Feb 2008 11:45:26 -0000	1.266
@@ -9,11 +9,11 @@
 # Up to date FC7 as of 20080111
 
 GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635
-GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430695 ILBM overflow
 GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
-GENERIC-MAP-NOMATCH VULNERABLE (deluge, fixed 0.5.8.3)
-GENERIC-MAP-NOMATCH VULNERABLE (rb_libtorrent) 
+GENERIC-MAP-NOMATCH fixed (deluge, fixed 0.5.8.3) [since FEDORA-2008-1198]
+GENERIC-MAP-NOMATCH fixed (rb_libtorrent) [since FEDORA-2008-1245]
 GENERIC-MAP-NOMATCH VULNERABLE (gnumeric, fixed 1.8.1) #431228 SA28725
+CVE-2008-0544 fixed (SDL_image) #430695 [since FEDORA-2008-1208] ILBM overflow
 CVE-2008-0460 VULNERABLE (mediawiki) #430287 
 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] 
 CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] 
@@ -42,6 +42,8 @@
 CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] 
 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 
 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] 
+CVE-2007-6698 VULNERABLE (openldap, fixed 2.3.36) #431409 
+CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430239 [since FEDORA-2008-1231] 
 CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] 
 CVE-2007-6692 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] 
 CVE-2007-6691 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] 
@@ -998,7 +1000,6 @@
 CVE-2006-4485 version (php, fixed 5.1.5)
 CVE-2006-4484 version (php, fixed 5.1.5)
 CVE-2006-4484 ignore (gd)
-CVE-2006-4484 VULNERABLE (SDL_image, fixed 1.2.7) #430239 
 CVE-2006-4483 ignore (php) not linux
 CVE-2006-4482 version (php, fixed 5.1.5)
 CVE-2006-4481 ignore (php) safe mode isn't safe

More information about the Fedora-security-commits mailing list