From fedora-security-commits at redhat.com Wed Jan 2 08:12:30 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Jan 2008 03:12:30 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.52, 1.53 f9, 1.46, 1.47 fc7, 1.208, 1.209 Message-ID: <200801020812.m028CUou004896@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4874/audit Modified Files: f8 f9 fc7 Log Message: add qt4 some cleanup Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.52 retrieving revision 1.53 diff -u -r1.52 -r1.53 --- f8 20 Dec 2007 23:19:25 -0000 1.52 +++ f8 2 Jan 2008 08:12:28 -0000 1.53 @@ -37,7 +37,6 @@ CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name -CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216] CVE-2007-6121 VULNERABLE (wireshark, fixed 0.99.7) @@ -61,6 +60,7 @@ CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning CVE-2007-5969 backport (mysql, fixed 5.0.51) #424931 [since FEDORA-2007-4465] +CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4285] CVE-2007-5964 backport (autofs) #409701 [since FEDORA-2007-4532] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.46 retrieving revision 1.47 diff -u -r1.46 -r1.47 --- f9 20 Dec 2007 19:59:16 -0000 1.46 +++ f9 2 Jan 2008 08:12:28 -0000 1.47 @@ -34,7 +34,6 @@ CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name -CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] CVE-2007-6183 VULNERABLE (ruby-gnome2) #405611 CVE-2007-6121 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] @@ -58,10 +57,12 @@ CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning CVE-2007-5969 backport (mysql, fixed 5.0.51) [since mysql-5.0.45-6.fc9] +CVE-2007-5965 version (qt4, fixed 4.3.3) [since qt4-4.3.3-1.fc9] CVE-2007-5964 backport (autofs) #421371 [since autofs-5.0.2-21] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) +CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9] CVE-2007-5936 backport (tetex) #379851 dviljk uses insecure temporary file [since tetex-3.0-48.fc9] CVE-2007-5935 backport (tetex) #379851 dvips -z buffer overflow with long href [since tetex-3.0-48.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.208 retrieving revision 1.209 diff -u -r1.208 -r1.209 --- fc7 20 Dec 2007 19:59:16 -0000 1.208 +++ fc7 2 Jan 2008 08:12:28 -0000 1.209 @@ -61,6 +61,7 @@ CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning CVE-2007-5969 backport (mysql, fixed 5.0.51) #424921 [since FEDORA-2007-4471] +CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4354] CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] From fedora-security-commits at redhat.com Wed Jan 2 09:01:46 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Jan 2008 04:01:46 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.53, 1.54 f9, 1.47, 1.48 fc7, 1.209, 1.210 Message-ID: <200801020901.m0291kd7012947@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6171 Modified Files: f8 f9 fc7 Log Message: libcdio Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.53 retrieving revision 1.54 diff -u -r1.53 -r1.54 --- f8 2 Jan 2008 08:12:28 -0000 1.53 +++ f8 2 Jan 2008 09:01:44 -0000 1.54 @@ -5,8 +5,10 @@ # (mozilla) = (gecko-libs dependent stuff) # Up to date CVE as of CVE email 20071215 -# Up to date F8 as of 20071212 +# Up to date F8 as of 20071221 +GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 +GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 @@ -21,7 +23,7 @@ CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 VULNERABLE (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423291 -CVE-2007-6318 VULNERABLE (wordpress) +CVE-2007-6318 VULNERABLE (wordpress) #426433 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 @@ -54,7 +56,7 @@ CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] -CVE-2007-6013 VULNERABLE (wordpress) +CVE-2007-6013 VULNERABLE (wordpress) #426433 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.47 retrieving revision 1.48 diff -u -r1.47 -r1.48 --- f9 2 Jan 2008 08:12:28 -0000 1.47 +++ f9 2 Jan 2008 09:01:44 -0000 1.48 @@ -7,6 +7,8 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 +GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426213 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426213 @@ -21,7 +23,7 @@ CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 VULNERABLE (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423301 -CVE-2007-6318 VULNERABLE (wordpress) +CVE-2007-6318 VULNERABLE (wordpress) #426434 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9] CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 @@ -52,7 +54,7 @@ CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) -CVE-2007-6013 VULNERABLE (wordpress) +CVE-2007-6013 VULNERABLE (wordpress) #426434 CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.209 retrieving revision 1.210 diff -u -r1.209 -r1.210 --- fc7 2 Jan 2008 08:12:28 -0000 1.209 +++ fc7 2 Jan 2008 09:01:44 -0000 1.210 @@ -6,8 +6,10 @@ # A couple of first F7 updates were marked as FEDORA-2007-0001 # Up to date CVE as of CVE email 200711215 -# Up to date FC7 as of 20071212 +# Up to date FC7 as of 20071221 +GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 +GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 @@ -22,7 +24,7 @@ CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 VULNERABLE (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423281 -CVE-2007-6318 VULNERABLE (wordpress) +CVE-2007-6318 VULNERABLE (wordpress) #426432 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 @@ -56,7 +58,7 @@ CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] -CVE-2007-6013 VULNERABLE (wordpress) +CVE-2007-6013 VULNERABLE (wordpress) #426432 CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning From fedora-security-commits at redhat.com Wed Jan 2 15:20:03 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Jan 2008 10:20:03 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.54, 1.55 f9, 1.48, 1.49 fc7, 1.210, 1.211 Message-ID: <200801021520.m02FK3Ev013623@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13593/audit Modified Files: f8 f9 fc7 Log Message: ton of wireshark cve ids Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.54 retrieving revision 1.55 diff -u -r1.54 -r1.55 --- f8 2 Jan 2008 09:01:44 -0000 1.54 +++ f8 2 Jan 2008 15:20:01 -0000 1.55 @@ -10,6 +10,11 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] +CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 @@ -41,17 +46,17 @@ CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216] -CVE-2007-6121 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6120 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6119 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6118 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6117 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6116 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6115 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6114 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6113 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6112 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6111 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6121 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6120 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6119 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6118 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6117 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6116 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6115 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6114 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6113 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6112 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6061 VULNERABLE (audacity) #393251 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- f9 2 Jan 2008 09:01:44 -0000 1.48 +++ f9 2 Jan 2008 15:20:01 -0000 1.49 @@ -10,6 +10,11 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] +CVE-2007-6451 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6450 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426213 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426213 CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426213 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.210 retrieving revision 1.211 diff -u -r1.210 -r1.211 --- fc7 2 Jan 2008 09:01:44 -0000 1.210 +++ fc7 2 Jan 2008 15:20:01 -0000 1.211 @@ -11,6 +11,11 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] +CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 @@ -42,17 +47,17 @@ CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229] -CVE-2007-6121 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6120 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6119 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6118 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6117 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6116 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6115 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6114 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6113 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6112 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6111 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6121 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6120 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6119 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6118 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6117 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6116 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6115 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6114 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6113 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6112 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] CVE-2007-6061 VULNERABLE (audacity) #393251 From fedora-security-commits at redhat.com Wed Jan 2 18:34:28 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Jan 2008 13:34:28 -0500 Subject: [Fedora-security-commits] fedora-security/audit epel4, 1.5, 1.6 epel5, 1.7, 1.8 f8, 1.55, 1.56 f9, 1.49, 1.50 fc7, 1.211, 1.212 Message-ID: <200801021834.m02IYSOp004843@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4817 Modified Files: epel4 epel5 f8 f9 fc7 Log Message: This is nor a bug Index: epel4 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel4,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- epel4 29 Dec 2007 20:42:43 -0000 1.5 +++ epel4 2 Jan 2008 18:34:26 -0000 1.6 @@ -11,7 +11,7 @@ CVE-2007-6335 version (clamav, fixed 0.92) #426213 CVE-2007-6353 VULNERABLE (exiv2) #425924 CVE-2007-6350 VULNERABLE (scponly) #418201 -CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423301 CVE-2007-6299 VULNERABALE (drupal, fixed 5.4) CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4] Index: epel5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel5,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- epel5 29 Dec 2007 20:42:43 -0000 1.7 +++ epel5 2 Jan 2008 18:34:26 -0000 1.8 @@ -12,7 +12,7 @@ CVE-2007-6335 version (clamav, fixed 0.92) #426213 CVE-2007-6353 VULNERABLE (exiv2) #425924 CVE-2007-6350 VULNERABLE (scponly) #418201 -CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423301 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6299 VULNERABLE (drupal, fixed 5.4) Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.55 retrieving revision 1.56 diff -u -r1.55 -r1.56 --- f8 2 Jan 2008 15:20:01 -0000 1.55 +++ f8 2 Jan 2008 18:34:26 -0000 1.56 @@ -26,7 +26,7 @@ CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667] CVE-2007-6350 VULNERABLE (scponly) rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped -CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423291 CVE-2007-6318 VULNERABLE (wordpress) #426433 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.49 retrieving revision 1.50 diff -u -r1.49 -r1.50 --- f9 2 Jan 2008 15:20:01 -0000 1.49 +++ f9 2 Jan 2008 18:34:26 -0000 1.50 @@ -26,7 +26,7 @@ CVE-2007-6351 backport (libexif) #425641 [since libexif-0.6.15-5.fc9] CVE-2007-6350 backport (scponly) [since scponly-4.6-8.fc9] rsync support disabled CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped -CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423301 CVE-2007-6318 VULNERABLE (wordpress) #426434 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.211 retrieving revision 1.212 diff -u -r1.211 -r1.212 --- fc7 2 Jan 2008 15:20:01 -0000 1.211 +++ fc7 2 Jan 2008 18:34:26 -0000 1.212 @@ -27,7 +27,7 @@ CVE-2007-6351 VULNERABLE (libexif) #425621 CVE-2007-6350 VULNERABLE (scponly) rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped -CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423281 CVE-2007-6318 VULNERABLE (wordpress) #426432 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built From fedora-security-commits at redhat.com Wed Jan 2 18:50:29 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Jan 2008 13:50:29 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.56, 1.57 f9, 1.50, 1.51 fc7, 1.212, 1.213 Message-ID: <200801021850.m02IoTAa005456@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5433 Modified Files: f8 f9 fc7 Log Message: mantis Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- f8 2 Jan 2008 18:34:26 -0000 1.56 +++ f8 2 Jan 2008 18:50:27 -0000 1.57 @@ -9,6 +9,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 +GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427278 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.50 retrieving revision 1.51 diff -u -r1.50 -r1.51 --- f9 2 Jan 2008 18:34:26 -0000 1.50 +++ f9 2 Jan 2008 18:50:27 -0000 1.51 @@ -9,6 +9,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 +GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427280 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.212 retrieving revision 1.213 diff -u -r1.212 -r1.213 --- fc7 2 Jan 2008 18:34:26 -0000 1.212 +++ fc7 2 Jan 2008 18:50:27 -0000 1.213 @@ -10,6 +10,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 +GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427279 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] From fedora-security-commits at redhat.com Wed Jan 2 19:09:57 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Jan 2008 14:09:57 -0500 Subject: [Fedora-security-commits] fedora-security/tools add-issue, NONE, 1.1.2.1 add-cve-bug, 1.1.2.4, 1.1.2.5 add-tracking-bugs, 1.2.2.3, 1.2.2.4 check-updates, 1.1.2.1, 1.1.2.2 get-cve, 1.1.2.1, 1.1.2.2 suidaudit, 1.1.2.1, 1.1.2.2 update-cve-cache, 1.1.2.1, 1.1.2.2 Message-ID: <200801021909.m02J9vlu012660@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12601 Modified Files: Tag: lkundrak-tools-ng add-cve-bug add-tracking-bugs check-updates get-cve suidaudit update-cve-cache Added Files: Tag: lkundrak-tools-ng add-issue Log Message: * Move some more bits into library * Audit and Bugzilla made object oriented * Minor tidyup * Tool for adding flaws into audit files ***** Error reading new file: [Errno 2] No such file or directory: 'add-issue' Index: add-cve-bug =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/add-cve-bug,v retrieving revision 1.1.2.4 retrieving revision 1.1.2.5 diff -u -r1.1.2.4 -r1.1.2.5 --- add-cve-bug 20 Dec 2007 23:13:42 -0000 1.1.2.4 +++ add-cve-bug 2 Jan 2008 19:09:55 -0000 1.1.2.5 @@ -25,11 +25,11 @@ --help This text '; -use XMLRPC::Lite; use Getopt::Long; use Data::Dumper; use Libexig::CVE; +use Libexig::Bugzilla; use Libexig::Util; use warnings; @@ -42,85 +42,11 @@ 'low' => 'low', ); -# RPC -my $bugzilla = 'https://bugzilla.redhat.com/xmlrpc.cgi'; -my $bugzilla_rpc = new XMLRPC::Lite ('proxy' => $bugzilla, 'encoding' => 'UTF-8'); # Command line options my ($cve, $interactive, $dryrun, $debug, $username, $password, $component, $summary, $impact); -# Launch an editor for editing the bugzilla comment -sub edit_string -{ - my $string = shift; - - my ($tmpfh, $tmpname) = tempfile (); - print $tmpfh $string; - close ($tmpfh); - my $editor = ($ENV{'EDITOR'} or 'vi'); - system ($editor, $tmpname); - open ($tmpfh, "<$tmpname"); - $string = join ('', <$tmpfh>); - close ($tmpfh); - - return $string; -} - -# Get list of owners of a package from Bugzilla -sub owners -{ - my $component = shift; - - print "Getting list of owners\n" if $debug; - - # Call bugzilla - my $call = $bugzilla_rpc->call('bugzilla.getCompInfo', $component); - # print Dumper ($call) if $debug; # too verbose - my $result = $call->result - or die $call->faultstring; - print Dumper ($result) if $debug; - - # Eliminate duplicates - my %people; - foreach my $instance (@{$result}) { - # blacklist some EOLed products - if ($instance->{'product'} eq 'Red Hat Linux' - || $instance->{'product'} eq 'Red Hat Linux Beta' - || $instance->{'product'} eq 'Red Hat Public Beta' - || $instance->{'product'} eq 'Red Hat Raw Hide' - || $instance->{'product'} eq 'Fedora Legacy' - || $instance->{'product'} eq 'eCos' - || $instance->{'product'} eq 'eCos runtime kernel' - || $instance->{'product'} =~ /^Red Hat Powertools/ - || $instance->{'product'} =~ /^Stronghold /) { - next; - } - # XXX: Add also 'initialqa'? - $people{$instance->{'initialowner'}} = 1 - if defined $instance->{'initialowner'}; - } - - return keys %people; -} - -# Create a bug (unless dryrun) and return its ID -sub file_bug -{ - return 0 if $dryrun; - - print "Creating a bug\n" if $debug; - - my $call = $bugzilla_rpc->call('bugzilla.createBug', - shift, $username, $password); - - my $result = $call->result - or die $call->faultstring; - - print 'Bugzilla answered to createBug: '.Dumper($result) if $debug; - return $result->[0]; -} - # Get the text to include in the bug desc sub bug_desc { @@ -130,7 +56,7 @@ print "Getting a bug description from CVE\n" if $debug; - ($desc, $refs) = Libexig::CVE::cve ($cve); + ($desc, $refs) = cve ($cve); die 'Cannot fetch CVE description; re-run with --interactive' unless $desc or $interactive; @@ -167,26 +93,34 @@ $dryrun = ($options{'dryrun'} or 0); $debug = ($options{'debug'} or 0); +$interactive = ($options{'interactive'} or 0); $cve = $options{'cve'} or die 'cve argument is mandatory'; $component = $options{'component'} or die 'component argument is mandatory'; $summary = $options{'summary'} or die 'summary argument is mandatory'; $impact = ($options{'impact'} or 'low'); defined $impact{$impact} or die 'specified unrecognized impact value'; + $username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com'); $password = ($options{'password'} or $dryrun or - Libexig::Util::read_noecho ("Bugzilla password for $username: ")); + read_noecho ("Bugzilla password for $username: ")); # TODO: add whiteboard option to fill in and get impact from it -$interactive = ($options{'interactive'} or 0); + +my $bugzilla = new Libexig::Bugzilla ({ + 'username' => $username, + 'password' => $password, + 'dryrun' => $dryrun, + 'debug' => $debug, +}); my $bug_desc = bug_desc ($cve); -$bug_desc = Libexig::Util::edit_string ($bug_desc) if $interactive; +$bug_desc = edit_string ($bug_desc) if $interactive; # Get CC list # TODO: get rid of duplicates my @cc; foreach (split (/,/,$component)) { - push (@cc,owners ($_)); + push (@cc,$bugzilla->owners ($_)); } # File it in Bugzilla @@ -207,6 +141,6 @@ ); print 'About to add this bug: '.Dumper(\%bug) if $debug; -my $bug_id = file_bug (\%bug); +my $bug_id = $bugzilla->file_bug (\%bug); print STDERR "Created bug #$bug_id\n"; Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/add-tracking-bugs,v retrieving revision 1.2.2.3 retrieving revision 1.2.2.4 diff -u -r1.2.2.3 -r1.2.2.4 --- add-tracking-bugs 6 Dec 2007 16:16:18 -0000 1.2.2.3 +++ add-tracking-bugs 2 Jan 2008 19:09:55 -0000 1.2.2.4 @@ -20,35 +20,45 @@ use Data::Dumper; use Libexig::Util; +use Libexig::Bugzilla; use warnings; use strict; my $comment_head = - 'This is an automatically created tracking bug!'. - "\n\n". + 'This is an automatically created tracking bug! '. 'It was created to ensure that one or more security '. - 'vulnerabilities are fixed in all affected releases. You should '. - 'not refer to it anywhere except in the update system as it is a '. - 'private "Fedora Project Contributors" bug. The update system '. - 'should close this bug it once the update is pushed.'. + 'vulnerabilities are fixed in all affected branches.'. + "\n\n". + 'You should *not* refer to this bug publicly, as it is a '. + 'private "Fedora Project Contributors" bug.'. "\n\n". - 'For comments that are specific to a vulnerability please use bugs '. + 'For comments that are specific to the vulnerability please use bugs '. 'filed against "Security Response" product referenced in "Blocks" '. 'field.'. "\n\n"; my $comment_tail = + 'For more information see: '. + 'http://fedoraproject.org/wiki/Security/TrackingBugs'; + +my $comment_update = + # Following the list of parent bugs "\n". 'When creating an update for the version this this bug is reported '. 'against please include the bug IDs of respective bugs filed '. - 'against "Security Response" product as well as of this bug. Please '. + 'against "Security Response" product as well as of this bug and let the '. + 'update system close them. Please '. 'note that the update announcement will (and should) contain only '. 'references to "Security Response" bugs as long as the tracking '. 'bug is restricted to "Fedora Project Contributors".'. - "\n\n". - 'For more information see: '. - 'http://fedoraproject.org/wiki/Security/TrackingBugs'; + "\n\n"; + +my $comment_rawhide = + 'Please close this bug withe RAWHIDE once is it fixed in devel '. + 'branch. Do *not* include the bug id of thid bug in the commit message'. + "\n\n"; + my %impact = ( 'urgent', => 4, @@ -74,85 +84,10 @@ 'devel', => 'rawhide', ); -# RPC -my $bugzilla = 'https://bugzilla.redhat.com/xmlrpc.cgi'; -my $bugzilla_rpc = new XMLRPC::Lite ('proxy' => $bugzilla, 'encoding' => 'UTF-8'); - # Command line options my (@bugs, @versions, $dryrun, $debug, $username, $password, $component); -# Create a bug (unless dryrun) and return its ID -sub file_bug -{ - return 0 if $dryrun; - my $call = $bugzilla_rpc->call('bugzilla.createBug', - shift, $username, $password); - - my $result = $call->result - or die $call->faultstring; - - print STDERR 'Bugzilla answered to createBug: '.Dumper($result) if $debug; - return $result->[0]; -} - -# Get bugs -sub get_bugs -{ - my $bugs = shift or die 'No bugs to fetch!'; - my $columns = shift; - $columns = [] unless ($columns); # The default set - - my $call = $bugzilla_rpc->call('bugzilla.runQuery', { - 'bug_id' => $bugs, - 'bug_status' => [], - 'column_list' => $columns, - }, ($dryrun ? () : ($username, $password))); - - my $result = $call->result - or die $call->faultstring; - - print STDERR 'Bugzilla answered to runQuery: '.Dumper($result) if $debug; - return $result->{'bugs'}; -} - -# Add blockers (unless dryrun) to a bug -sub add_blockers -{ - return 0 if $dryrun; - - my $bug = shift or die 'No blocker!'; - my $parents = shift or die 'No bug to block!'; - - my $call = $bugzilla_rpc->call('bugzilla.updateDepends', $bug, { - 'blocked' => $parents, - 'action' => 'add', - }, $username, $password, 1); - - my $result = $call->result - or die $call->faultstring; - - print STDERR 'Bugzilla answered to updateDepends: '.Dumper($result) if $debug; - return undef; -} - -# Add private comment (unless dryrun) to a bug -sub add_private_comment -{ - return 0 if $dryrun; - - my $bug = shift or die 'No bug!'; - my $comment = shift or die 'No comment!'; - - my $call = $bugzilla_rpc->call('bugzilla.addComment', $bug, $comment, $username, $password, 1); - - my $result = $call->result - or die $call->faultstring; - - print STDERR 'Bugzilla answered to updateComment: '.Dumper($result) if $debug; - return undef; -} - # Parse command line options: my %options; @@ -184,11 +119,18 @@ $debug = ($options{'debug'} or 0); $username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com'); $password = ($options{'password'} or $dryrun or - Libexig::Util::read_noecho ("Bugzilla password for $username: ")); + read_noecho ("Bugzilla password for $username: ")); + +my $bugzilla = new Libexig::Bugzilla ({ + 'username' => $username, + 'password' => $password, + 'dryrun' => $dryrun, + 'debug' => $debug, +}); # Get parent bugs -my $bugs = get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); +my $bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); print Dumper ($bugs) if $debug; # Construct a tracking bug template @@ -222,8 +164,6 @@ $bug_tmpl{'comment'} .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n"; } -$bug_tmpl{'comment'} .= $comment_tail; - if ($#bugs) { $bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities"; } else { @@ -236,19 +176,46 @@ foreach my $version (@versions) { my %bug = %bug_tmpl; - $bug{'short_desc'} .= " [$versions{$version}]"; + $bug{'short_desc'} .= " [Fedora $versions{$version}]"; $bug{'version'} = $versions{$version}; + if ($bug{'version'} eq 'rawhide') { + $bug{'comment'} .= $comment_rawhide; + } else { + $bug{'comment'} .= $comment_update; + } + + $bug{'comment'} .= $comment_tail; + print Dumper (\%bug) if $debug; - my $bug_id = file_bug (\%bug); - add_blockers ($bug_id, \@bugs); + my $bug_id = $bugzilla->file_bug (\%bug); + + if ($bug{'version'} ne 'rawhide') { + my $tr_comment = + 'You can eventually use the following link to '. + 'create the update request: '."\n". + 'https://admin.fedoraproject.org/updates/new/'. + '?request=Stable'. + '&type=security'. + '&release=Fedora%20'.$bug{'version'}. + '&bugs='.$bug_id; + + foreach my $bug (@{$bugs}) { + $tr_comment .= ','.$bug->{'bug_id'}; + } + + # XXX: public + $bugzilla->add_private_comment ($bug_id, $tr_comment); + } + + $bugzilla->add_blockers ($bug_id, \@bugs); $comment .= $bug{'version'}.": bug #$bug_id\n"; } # Add comment to original bugs foreach my $bug (@bugs) { - add_private_comment ($bug, $comment); + $bugzilla->add_private_comment ($bug, $comment); } print STDERR $comment; Index: check-updates =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/check-updates,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- check-updates 20 Dec 2007 23:15:10 -0000 1.1.2.1 +++ check-updates 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -1,9 +1,12 @@ #!/usr/bin/env perl -# Dump what's VULNERABLE, but been subject to an update # $Id$ +# Dump what's VULNERABLE, but been subject to an update # Lubomir Kundrak +die 'Needs rewrite for object-oriented Audit interface'; +=cut + #use warnings; use strict; Index: get-cve =================================================================== RCS file: /cvs/fedora/fedora-security/tools/get-cve,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- get-cve 7 Nov 2007 16:20:40 -0000 1.1.2.1 +++ get-cve 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -1,9 +1,12 @@ #!/usr/bin/env perl -# Get CVE information from NVD # $Id$ +# Get CVE information from NVD # Lubomir Kundrak +die "Possibly useless"; +=cut + use warnings; use strict; Index: suidaudit =================================================================== RCS file: /cvs/fedora/fedora-security/tools/suidaudit,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- suidaudit 20 Dec 2007 23:16:41 -0000 1.1.2.1 +++ suidaudit 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -2,7 +2,6 @@ # $Id$ # Audit RPM files for setuid and setgid files -# List generate list of latest versions of all packages in a brew tag # Lubomir Kundrak use strict; Index: update-cve-cache =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/update-cve-cache,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- update-cve-cache 7 Nov 2007 16:59:33 -0000 1.1.2.1 +++ update-cve-cache 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -1,7 +1,7 @@ #!/usr/bin/env perl -# Generate CVE cache so that tools utilizing Libexig::CVE run smoothly # $Id$ +# Generate CVE cache so that tools utilizing Libexig::CVE run smoothly # Lubomir Kundrak use warnings; From fedora-security-commits at redhat.com Wed Jan 2 19:09:58 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Jan 2008 14:09:58 -0500 Subject: [Fedora-security-commits] fedora-security/tools/Libexig Bugzilla.pm, NONE, 1.1.2.1 Audit.pm, 1.1.2.2, 1.1.2.3 Bodhi.pm, 1.1.2.1, 1.1.2.2 CVE.pm, 1.1.2.1, 1.1.2.2 Util.pm, 1.1.2.2, 1.1.2.3 Message-ID: <200801021909.m02J9wOU012671@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12601/Libexig Modified Files: Tag: lkundrak-tools-ng Audit.pm Bodhi.pm CVE.pm Util.pm Added Files: Tag: lkundrak-tools-ng Bugzilla.pm Log Message: * Move some more bits into library * Audit and Bugzilla made object oriented * Minor tidyup * Tool for adding flaws into audit files ***** Error reading new file: [Errno 2] No such file or directory: 'Bugzilla.pm' Index: Audit.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/Audit.pm,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- Audit.pm 20 Dec 2007 23:15:14 -0000 1.1.2.2 +++ Audit.pm 2 Jan 2008 19:09:55 -0000 1.1.2.3 @@ -1,41 +1,96 @@ -#!/usr/bin/env perl - -# Dump what's VULNERABLE, sample use of Libexig::Audit # $Id$ +# Audit database interface # Lubomir Kundrak package Libexig::Audit; +use Libexig::Util; + +use warnings; +use strict; + +# Get lines from file and parse them +sub new +{ + my $class = shift; + my $self = shift; + + open (AUDIT, $self->{file}) + or die "Could not open $self->{file}"; + + $self->{audit} = []; + push @{$self->{audit}}, parse_line ($_) foreach ; + + close (AUDIT); + + bless $self, $class; + return $self; +} + +# Add an entry, to the proper place alphabetically +sub add +{ + my $self = shift; + my $entry = shift; + my $index; + + for ($index = 0; $index <= $#{$self->{audit}}; $index++) { + $self->{audit}->[$index]->{cve} or next; + $self->{audit}->[$index]->{cve} lt $entry->{cve} and last; + }; + + update_entry ($entry); + use Data::Dumper; + parse_line ($entry->{line}); # Check if it is well formed + insert ($self->{audit}, $index, $entry); +} + +# Save +sub save +{ + my $self = shift; + + open (AUDIT, '>'.$self->{file}) + or die "Could not open $self->{file}"; + + foreach my $entry (@{$self->{audit}}) { + #update_entry ($entry); + print AUDIT $entry->{line}; + } + + close (AUDIT); +} + # Get an entry hash and reconstruct its 'line' field # (useful if something got changed) sub update_entry { my $entry = shift; - $entry->{'line'} = join " ", ( - $entry->{'need_verif'}.$entry->{'cve'}, - $entry->{'status'}, - ($entry->{'version'} - ? "($entry->{'package'}, $entry->{'version'})" - : "($entry->{'package'})"), - ($entry->{'bug'} - ? "#$entry->{'bug'}" + $entry->{cve} or return; + $entry->{line} = join " ", ( + $entry->{need_verif}.$entry->{cve}, + $entry->{status}, + ($entry->{fixed} + ? "($entry->{component}, $entry->{fixed})" + : "($entry->{component})"), + ($entry->{bug} + ? "#$entry->{bug}" : ()), - ($entry->{'since'} - ? "[since $entry->{'since'}]" + ($entry->{since} + ? "[since $entry->{since}]" : ()), - $entry->{'comment'} + $entry->{comment} ); - chomp $entry->{'line'}; - $entry->{'line'} .= "\n"; + chomp $entry->{line}; + $entry->{line} .= "\n"; } # Get line and return a hash sub parse_line { - shift; - + $_ = shift; if (/^#/ or /^\s*$/) { return { 'line' => $_, @@ -53,15 +108,15 @@ (.*) # Comment /x) { return { - 'need_verif' => $1, - 'cve' => $2, - 'status' => $3, - 'package' => $4, - 'version' => $6, - 'bug' => $8, - 'since' => $10, - 'comment' => $11, - 'line' => $_, + need_verif => $1, + cve => $2, + status => $3, + component => $4, + fixed => $6, + bug => $8, + since => $10, + comment => $11, + line => $_, }; next; } else { @@ -69,13 +124,4 @@ } } -sub parse_audit -{ - my @retval; - - push @retval, parse_line $_ foreach @_; - - return @retval; -} - 0.99999; Index: Bodhi.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/Bodhi.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- Bodhi.pm 20 Dec 2007 23:15:14 -0000 1.1.2.1 +++ Bodhi.pm 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -1,5 +1,3 @@ -#!/usr/bin/env perl - # $Id$ # This is how do we interface with the Fedora Update System # Lubomir Kundrak Index: CVE.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/CVE.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- CVE.pm 7 Nov 2007 16:20:39 -0000 1.1.2.1 +++ CVE.pm 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -7,8 +7,11 @@ use warnings; use strict; +use Exporter 'import'; use XML::Parser; +my @EXPORT = qw/cve/; + my $sourcebase = 'http://nvd.nist.gov/download/'; my $cachebase = $ENV{'HOME'}.'/.nvdcache/'; Index: Util.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/Util.pm,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- Util.pm 19 Nov 2007 09:10:38 -0000 1.1.2.2 +++ Util.pm 2 Jan 2008 19:09:55 -0000 1.1.2.3 @@ -1,13 +1,17 @@ -#!/usr/bin/env perl - # $Id$ # Random routines that are shared across the tooling # Lubomir Kundrak package Libexig::Util; +#use warnings; +#use strict; + +use Exporter 'import'; use File::Temp ('tempfile'); + at EXPORT = qw/edit_string read_noecho insert/; + # Launch an editor for editing the bugzilla comment or whatever sub edit_string { @@ -37,4 +41,14 @@ $string; } +# Insert a sub-list into a list +sub insert +{ + my $array = shift; + my $index = shift; + my @what = @_; + + splice (@{$array}, $index, 0, @what); +} + 1; From fedora-security-commits at redhat.com Wed Jan 2 19:54:14 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 2 Jan 2008 14:54:14 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.57, 1.58 f9, 1.51, 1.52 fc7, 1.213, 1.214 Message-ID: <200801021954.m02JsENh013629@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13607 Modified Files: f8 f9 fc7 Log Message: clamav Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- f8 2 Jan 2008 18:50:27 -0000 1.57 +++ f8 2 Jan 2008 19:54:12 -0000 1.58 @@ -10,6 +10,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427278 +CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw +CVE-2007-6595 VULNERABLE (clamav) #427287 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.51 retrieving revision 1.52 diff -u -r1.51 -r1.52 --- f9 2 Jan 2008 18:50:27 -0000 1.51 +++ f9 2 Jan 2008 19:54:12 -0000 1.52 @@ -10,6 +10,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427280 +CVE-2007-6596 VULNERABLE (clamav) #427289 Might be considered a mail client flaw +CVE-2007-6595 VULNERABLE (clamav) #427289 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.213 retrieving revision 1.214 diff -u -r1.213 -r1.214 --- fc7 2 Jan 2008 18:50:27 -0000 1.213 +++ fc7 2 Jan 2008 19:54:12 -0000 1.214 @@ -11,6 +11,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427279 +CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw +CVE-2007-6595 VULNERABLE (clamav) #427288 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] From fedora-security-commits at redhat.com Thu Jan 3 09:00:46 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 3 Jan 2008 04:00:46 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.58, 1.59 f9, 1.52, 1.53 fc7, 1.214, 1.215 Message-ID: <200801030900.m0390kY0020487@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20465/audit Modified Files: f8 f9 fc7 Log Message: asterisk issue Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.58 retrieving revision 1.59 diff -u -r1.58 -r1.59 --- f8 2 Jan 2008 19:54:12 -0000 1.58 +++ f8 3 Jan 2008 09:00:44 -0000 1.59 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20071221 +GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc8] GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427278 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.52 retrieving revision 1.53 diff -u -r1.52 -r1.53 --- f9 2 Jan 2008 19:54:12 -0000 1.52 +++ f9 3 Jan 2008 09:00:44 -0000 1.53 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427280 @@ -18,9 +19,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] -CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426213 -CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426213 -CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426213 +CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] +CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] +CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6437 VULNERABLE (syslog-ng) #426307 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.214 retrieving revision 1.215 diff -u -r1.214 -r1.215 --- fc7 2 Jan 2008 19:54:12 -0000 1.214 +++ fc7 3 Jan 2008 09:00:44 -0000 1.215 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20071221 +GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc7] GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427279 From fedora-security-commits at redhat.com Thu Jan 3 11:04:20 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 3 Jan 2008 06:04:20 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8,1.59,1.60 Message-ID: <200801031104.m03B4KKa011778@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11760 Modified Files: f8 Log Message: new bodhi updates for f8 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.59 retrieving revision 1.60 diff -u -r1.59 -r1.60 --- f8 3 Jan 2008 09:00:44 -0000 1.59 +++ f8 3 Jan 2008 11:04:18 -0000 1.60 @@ -8,8 +8,8 @@ # Up to date F8 as of 20071221 GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc8] -GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 -GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 +GENERIC-MAP-NOMATCH fixed (libcdio) #427199 [since FEDORA-2008-0136] +GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427278 CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427287 @@ -19,9 +19,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] -CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 -CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 -CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 +CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] +CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] +CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6437 VULNERABLE (syslog-ng) #426306 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 @@ -32,7 +32,7 @@ CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423291 -CVE-2007-6318 VULNERABLE (wordpress) #426433 +CVE-2007-6318 fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 @@ -65,7 +65,7 @@ CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] -CVE-2007-6013 VULNERABLE (wordpress) #426433 +CVE-2007-6013 fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] From fedora-security-commits at redhat.com Thu Jan 3 11:08:11 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 3 Jan 2008 06:08:11 -0500 Subject: [Fedora-security-commits] fedora-security/audit fc7,1.215,1.216 Message-ID: <200801031108.m03B8B1D011886@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11861 Modified Files: fc7 Log Message: new bodhi updates for f7 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.215 retrieving revision 1.216 diff -u -r1.215 -r1.216 --- fc7 3 Jan 2008 09:00:44 -0000 1.215 +++ fc7 3 Jan 2008 11:08:09 -0000 1.216 @@ -9,8 +9,8 @@ # Up to date FC7 as of 20071221 GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc7] -GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 -GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 +GENERIC-MAP-NOMATCH fixed (libcdio) #427198 [since FEDORA-2008-0104] +GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427279 CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427288 @@ -20,27 +20,27 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] -CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 -CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 -CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 +CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] +CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] +CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6437 VULNERABLE (syslog-ng) #426305 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 -CVE-2007-6353 VULNERABLE (exiv2) #425922 -CVE-2007-6352 VULNERABLE (libexif) #425621 -CVE-2007-6351 VULNERABLE (libexif) #425621 +CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551] +CVE-2007-6352 fixed (libexif) #425621 [since FEDORA-2007-4608] +CVE-2007-6351 fixed (libexif) #425621 [since FEDORA-2007-4608] CVE-2007-6350 VULNERABLE (scponly) rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423281 -CVE-2007-6318 VULNERABLE (wordpress) #426432 +CVE-2007-6318 fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 GENERIC-MAP-NOMATCH version (libxfcegui4) #412751 [since FEDORA-2007-4385] GENERIC-MAP-NOMATCH version (libxfce4util) #412751 [since FEDORA-2007-4385] GENERIC-MAP-NOMATCH version (xfce-panel) #412751 [since FEDORA-2007-4385] -CVE-2007-6285 VULNERABLE (autofs) #426399 +CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709] CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658] CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160] @@ -67,7 +67,7 @@ CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] -CVE-2007-6013 VULNERABLE (wordpress) #426432 +CVE-2007-6013 fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning @@ -112,7 +112,7 @@ CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652] CVE-2007-5501 version (kernel) [since FEDORA-2007-3751] CVE-2007-5500 version (kernel) [since FEDORA-2007-3751] -CVE-2007-5497 VULNERABLE (e2fsprogs) #414571 +CVE-2007-5497 VULNERABLE (e2fsprogs) #414571 [since FEDORA-2007-4461] CVE-2007-5461 version (tomcat5) #334511 [since FEDORA-2007-3456] CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe CVE-2007-5398 version (samba) [since FEDORA-2007-3402] @@ -300,7 +300,7 @@ CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445] CVE-2007-3546 ignore (nessus-core) Windows only CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904] -CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 +CVE-2007-3544 fixed (wordpress, NOT fixed 2.2.1) #245211 [since FEDORA-2007-0894] Incomplete fix for CVE-2007-3543 CVE-2007-3543 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3511 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-3508 ignore (glibc) not an issue From fedora-security-commits at redhat.com Thu Jan 3 11:22:22 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 3 Jan 2008 06:22:22 -0500 Subject: [Fedora-security-commits] fedora-security/tools add-tracking-bugs, 1.2.2.4, 1.2.2.5 check-updates, 1.1.2.2, 1.1.2.3 Message-ID: <200801031122.m03BMMDO012184@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12153 Modified Files: Tag: lkundrak-tools-ng add-tracking-bugs check-updates Log Message: make check-updates work again Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/add-tracking-bugs,v retrieving revision 1.2.2.4 retrieving revision 1.2.2.5 diff -u -r1.2.2.4 -r1.2.2.5 --- add-tracking-bugs 2 Jan 2008 19:09:55 -0000 1.2.2.4 +++ add-tracking-bugs 3 Jan 2008 11:22:20 -0000 1.2.2.5 @@ -55,7 +55,7 @@ "\n\n"; my $comment_rawhide = - 'Please close this bug withe RAWHIDE once is it fixed in devel '. + 'Please close this bug with RAWHIDE once is it fixed in devel '. 'branch. Do *not* include the bug id of thid bug in the commit message'. "\n\n"; Index: check-updates =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/check-updates,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- check-updates 2 Jan 2008 19:09:55 -0000 1.1.2.2 +++ check-updates 3 Jan 2008 11:22:20 -0000 1.1.2.3 @@ -4,36 +4,29 @@ # Dump what's VULNERABLE, but been subject to an update # Lubomir Kundrak -die 'Needs rewrite for object-oriented Audit interface'; -=cut - #use warnings; use strict; use Libexig::Audit; use Libexig::Bodhi; -use Data::Dumper; # Parse the audit file -my @audit = Libexig::Audit::parse_audit (<>); +my $audit = new Libexig::Audit ({file => $ARGV[0]}); -foreach my $entry (@audit) { +foreach my $entry (@{$audit->{audit}}) { $entry->{'status'} eq 'VULNERABLE' or next; # See if the VULNERABLE bug was referenced by an update - foreach my $u (Libexig::Bodhi::get_updates ($entry->{'package'})) { - $u->{'_Bugs'}->{$entry->{'bug'}} or next; + foreach my $u (Libexig::Bodhi::get_updates ($entry->{component})) { + $u->{'_Bugs'}->{$entry->{bug}} or next; # Modify the line accordingly - $entry->{'since'} = $u->{'Update ID'}; - $u->{'Status'} eq 'stable' and $entry->{'status'} = 'fixed'; + $entry->{since} = $u->{'Update ID'}; + $u->{'Status'} eq 'stable' and $entry->{status} = 'fixed'; Libexig::Audit::update_entry ($entry); last; }; } -# Spit out the output -foreach my $entry (@audit) { - print $entry->{'line'}; -} +$audit->save; From fedora-security-commits at redhat.com Thu Jan 3 11:22:22 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 3 Jan 2008 06:22:22 -0500 Subject: [Fedora-security-commits] fedora-security/tools/Libexig Audit.pm, 1.1.2.3, 1.1.2.4 CVE.pm, 1.1.2.2, 1.1.2.3 Message-ID: <200801031122.m03BMM8K012193@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12153/Libexig Modified Files: Tag: lkundrak-tools-ng Audit.pm CVE.pm Log Message: make check-updates work again Index: Audit.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/Audit.pm,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- Audit.pm 2 Jan 2008 19:09:55 -0000 1.1.2.3 +++ Audit.pm 3 Jan 2008 11:22:20 -0000 1.1.2.4 @@ -15,6 +15,9 @@ my $class = shift; my $self = shift; + # Read standard input unless specified otherwise + $self->{file} = '-' unless $self->{file}; + open (AUDIT, $self->{file}) or die "Could not open $self->{file}"; Index: CVE.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/CVE.pm,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- CVE.pm 2 Jan 2008 19:09:55 -0000 1.1.2.2 +++ CVE.pm 3 Jan 2008 11:22:20 -0000 1.1.2.3 @@ -4,13 +4,13 @@ package Libexig::CVE; -use warnings; -use strict; +#use warnings; +#use strict; use Exporter 'import'; use XML::Parser; -my @EXPORT = qw/cve/; + at EXPORT = qw/cve/; my $sourcebase = 'http://nvd.nist.gov/download/'; my $cachebase = $ENV{'HOME'}.'/.nvdcache/'; From fedora-security-commits at redhat.com Thu Jan 3 19:32:18 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 3 Jan 2008 14:32:18 -0500 Subject: [Fedora-security-commits] fedora-security/manifest dist-f8-updates, 1.2, 1.3 dist-f9-build, 1.2, 1.3 dist-fc7-updates, 1.8, 1.9 Message-ID: <200801031932.m03JWIr6017695@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/manifest In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17530 Modified Files: dist-f8-updates dist-f9-build dist-fc7-updates Log Message: Updated manifests View full diff with command: /usr/bin/cvs -f diff -kk -u -N -r 1.2 -r 1.3 dist-f8-updates Index: dist-f8-updates =================================================================== RCS file: /cvs/fedora/fedora-security/manifest/dist-f8-updates,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- dist-f8-updates 3 Dec 2007 16:50:14 -0000 1.2 +++ dist-f8-updates 3 Jan 2008 19:32:15 -0000 1.3 @@ -1,6 +1,7 @@ Build Tag Built by ---------------------------------------- -------------------- ---------------- -915resolution-0.5.3-2.fc8 dist-f8 cweyl +8Kingdoms-1.1.0-2.fc8 dist-f8-updates jwrdegoede +915resolution-0.5.3-3.fc8 dist-f8-updates cweyl AGReader-1.2-4.fc8 dist-f8 oddsocks AcetoneISO-6.7-4.fc8 dist-f8-updates spot AllegroOGG-1.0.3-3.fc8 dist-f8 jwrdegoede @@ -16,6 +17,7 @@ ClanLib06-0.6.5-8.fc8 dist-f8 jwrdegoede Coin2-2.5.0-2.fc8 dist-f8 corsepiu ConsoleKit-0.2.3-1.fc8 dist-f8 mclasen +CriticalMass-1.0.2-2.fc8 dist-f8-updates jwrdegoede DMitry-1.3a-2.fc8 dist-f8 sindrepb Democracy-0.9.5.1-11.fc8 dist-f8 jkeating DevIL-1.6.8-0.13.rc2.fc8 dist-f8 oddsocks @@ -49,7 +51,7 @@ MySQL-python-1.2.2-4.fc8 dist-f8 tgl NetworkManager-0.7.0-0.6.6.svn3109.fc8 dist-f8-updates dcbw NetworkManager-openvpn-0.7.0-2.svn3047.fc8 dist-f8 timn -NetworkManager-vpnc-0.7.0-0.4.svn3030.fc8 dist-f8 notting +NetworkManager-vpnc-0.7.0-0.6.3.svn3109.fc8 dist-f8-updates denis ORBit-0.5.17-22.fc8 dist-f8 pghmcfc ORBit2-2.14.10-2.fc8 dist-f8 ausil OpenEXR-1.6.0-5.fc8 dist-f8 rdieter @@ -61,10 +63,10 @@ PolicyKit-0.6-1.fc8 dist-f8 davidz PolicyKit-gnome-0.6-1.fc8 dist-f8 davidz Pound-2.4-0.1.d.fc8 dist-f8 ruben -PyKDE-3.16.0-7.fc8 dist-f8 rdieter +PyKDE-3.16.0-11.fc8 dist-f8-updates rdieter PyOpenGL-3.0.0-0.4.a6.fc8 dist-f8 jwrdegoede PyQt-3.17.3-3.fc8 dist-f8-updates rdieter -PyQt4-4.3.1-1.fc8 dist-f8-updates rdieter +PyQt4-4.3.1-3.fc8 dist-f8-updates rdieter PyRTF-0.45-5.fc8 dist-f8 jamatos PySolFC-1.1-4.fc8 dist-f8-updates firewing PySolFC-cardsets-1.1-3.2 dist-fc7-updates firewing @@ -75,7 +77,9 @@ PythonCAD-0.1.36-2.fc8 dist-f8 kwizart QuantLib-0.8.1-4.fc8 dist-f8 spot R-2.6.1-1.fc8 dist-f8-updates spot +R-Biobase-1.16.1-3.fc8 dist-f8-updates pingou R-BufferedMatrix-1.2.0-1.fc8 dist-f8-updates pingou +R-BufferedMatrixMethods-1.3.0-1.fc8 dist-f8-updates pingou R-DynDoc-1.17.0-1.fc8 dist-f8-updates pingou R-RScaLAPACK-0.5.1-10.fc8.1 dist-f8 spot R-abind-1.1-1.fc8 dist-f8-updates spot @@ -91,16 +95,16 @@ R-wavethresh-2.2-7.fc8 dist-f8 jamatos R-widgetTools-1.15.0-1.fc8 dist-f8-updates pingou Ri-li-2.0.0-2.fc8 dist-f8 jwrdegoede -SDL-1.2.12-2.fc8 dist-f8 twoerner +SDL-1.2.12-5.fc8 dist-f8-updates wtogami SDL_Pango-0.1.2-7 dist-f8 thias SDL_gfx-2.0.16-4.fc8 dist-f8 thias SDL_image-1.2.6-3.fc8 dist-f8 bpepple -SDL_mixer-1.2.8-5.fc8 dist-f8-updates bpepple +SDL_mixer-1.2.8-6.fc8 dist-f8-updates wtogami SDL_net-1.2.7-3.fc8 dist-f8 bpepple SDL_sound-1.0.1-8.fc8 dist-f8-updates jwrdegoede SDL_ttf-2.0.9-3.fc8 dist-f8 bpepple SDLmm-0.1.8-5.fc8 dist-f8 jwrdegoede -SIBsim4-0.15-2.fc8 dist-f8 c4chris +SIBsim4-0.16-1.fc8 dist-f8-updates c4chris SILLY-0.1.0-4.fc8 dist-f8-updates oddsocks SIMVoleon-2.0.1-7.fc8 dist-f8 corsepiu SOAPpy-0.11.6-6.fc7 fe7-merge jkeating @@ -110,13 +114,14 @@ Sprog-0.14-12.fc6 fe7-merge jkeating SteGUI-0.0.1-12.fc8 dist-f8 pingou TeXmacs-1.0.6.12-1.fc8 dist-f8-updates gemi -Terminal-0.2.6-3.fc8 dist-f8 kevin -Thunar-0.8.0-3.fc8 dist-f8 kevin +Terminal-0.2.8-2.fc8 dist-f8-updates kevin +Thunar-0.9.0-2.fc8 dist-f8-updates kevin TnL-070909-2.fc8 dist-f8 jwrdegoede TnL-data-070909-1.fc8 dist-f8 jwrdegoede -TurboGears-1.0.3.2-5.fc8 dist-f8 toshio +TurboGears-1.0.3.2-7.fc8 dist-f8-updates lmacken VLGothic-fonts-20070901-1.fc8 dist-f8 ryo -WindowMaker-0.92.0-14.fc8 dist-f8 awjb +WebKit-1.0.0-0.3.svn28482.fc8 dist-f8-updates pgordon +WindowMaker-0.92.0-15.fc8 dist-f8-updates awjb Xaw3d-1.5E-10.1 dist-fc6 jkeating Zim-0.21-1.fc8 dist-f8-updates cweyl a2ps-4.13b-69.fc8 dist-f8 twaugh @@ -124,7 +129,7 @@ aasaver-0.3.2-1.fc8 dist-f8 oddsocks abcMIDI-20070106-1.fc7 fe7-merge jkeating abcde-2.3.99.6-4.fc8 dist-f8 scop -abcm2ps-5.6.1-2.fc8 dist-f8-updates gemi +abcm2ps-5.7.0-1.fc8 dist-f8-updates gemi abe-1.1-6.fc8 dist-f8 wart abicheck-1.2-15 dist-f8 mschwendt abiword-2.4.6-6.fc8 dist-f8 lkundrak @@ -159,8 +164,10 @@ aldrin-0.11-6.fc8 dist-f8 akahl alex-2.1.0-5.fc8 dist-f8 bos alex4-1.0-4.fc8 dist-f8 jwrdegoede -alexandria-0.6.2-0.2.b2.fc8 dist-f8-updates mtasaka +alexandria-0.6.2-2.fc8 dist-f8-updates mtasaka alfont-2.0.6-3.fc8 dist-f8 jwrdegoede +alienarena-6.10-5.fc8 dist-f8-updates spot +alienarena-data-20071011-2.fc8 dist-f8-updates spot alienblaster-1.1.0-3.fc8 dist-f8 jwrdegoede alleggl-0.4.2-0.2.rc1.fc8 dist-f8 jwrdegoede allegro-4.2.2-6.fc8 dist-f8 jwrdegoede @@ -168,7 +175,7 @@ alliance-5.0-10.20070718snap.fc8 dist-f8 chitlesh alltray-0.69-3.fc8 dist-f8 denis alphabet-soup-1.1-3.fc8 dist-f8 jwrdegoede -alpine-0.9999-2.fc8 dist-f8 joshuadf +alpine-1.00-2.fc8 dist-f8-updates rdieter alsa-lib-1.0.15-1.fc8 dist-f8 stransky alsa-oss-1.0.14-3.fc8 dist-f8 jima alsa-plugins-1.0.14-5.fc8 dist-f8 lennart @@ -178,16 +185,17 @@ altermime-0.3.7-2.fc6 fe7-merge jkeating am-utils-6.1.5-6.fc7 dist-fc7 jkeating amanda-2.5.2p1-8.fc8 dist-f8 rbrich -amarok-1.4.7-7.fc8 dist-f8 abompard +amanith-0.3-5.fc8 dist-f8-updates spot +amarok-1.4.7-13.fc8 dist-f8-updates rdieter amarokFS-0.5-1.fc7 fe7-merge jkeating amavisd-new-2.5.2-2.fc8 dist-f8 steve amoebax-0.2.0-1.fc8 dist-f8-updates jwrdegoede amqp-0.8-2rhm.1.fc7 fe7-merge jkeating -amsn-0.96-11.fc8 dist-f8-updates tjikkun +amsn-0.97-1.fc8 dist-f8-updates tjikkun amtterm-1.0-1.fc8 dist-f8 kraxel -amtu-1.0.5-1.fc7 dist-fc7 jkeating +amtu-1.0.6-1.fc8 dist-f8-updates sgrubb anaconda-11.3.0.50-2 dist-f8 pjones -anacron-2.3-56.fc8 dist-f8 mmaslano +anacron-2.3-57.fc8 dist-f8-updates mmaslano and-1.2.2-4.fc8 dist-f8 s4504kr angrydd-1.0.1-3.fc8 dist-f8 rafalzaq animorph-0.2-2.fc8 dist-f8 kwizart @@ -211,7 +219,7 @@ apr-1.2.11-2 dist-f8 jorton apr-api-docs-1.2.11-1.fc8 dist-f8 bojan apr-util-1.2.10-2.fc8 dist-f8 jkeating -apt-0.5.15lorg3.93-2.fc8 dist-f8 pmatilai +apt-0.5.15lorg3.93-4.fc8 dist-f8-updates pmatilai aqbanking-2.3.2-2.fc8 dist-f8 notting aqsis-1.2.0-6.fc8 dist-f8 kwizart arc-5.21o-4.fc8 dist-f8 jwrdegoede @@ -259,9 +267,9 @@ aspell-ga-4.1-1.fc8 dist-f8 varekova aspell-gd-0.1.1-2.fc7 dist-fc7 jkeating aspell-gl-0.50-5.fc7 dist-fc7 jkeating -aspell-gu-0.02-2.fc8 dist-f8 aalam +aspell-gu-0.03-1.fc8 dist-f8-updates pnemade aspell-he-1.0-2.fc8 dist-f8 danken -aspell-hi-0.01-2.fc8 dist-f8 aalam +aspell-hi-0.02-1.fc8 dist-f8-updates pnemade aspell-hr-0.51-5.fc7 dist-fc7 jkeating aspell-id-1.2-1.fc7 dist-fc7 jkeating aspell-is-0.51.1-3.fc7 dist-fc7 jkeating @@ -280,13 +288,14 @@ aspell-sv-0.51-2.fc7 dist-fc7 jkeating aspell-ta-20040424-2.fc8 dist-f8 aalam aspell-te-0.01-2.fc8 dist-f8 aalam -astromenace-1.2-3.fc8 dist-f8 limb +asterisk-1.4.17-1.fc8 dist-f8-updates jcollie +astromenace-1.2-6.fc8 dist-f8-updates limb astromenace-data-1.2-1.fc8 dist-f8 limb astyle-1.21-6.fc8 dist-f8 jkeating -asunder-0.9-2.fc8 dist-f8-updates szpak +asunder-1.0-1.fc8 dist-f8-updates szpak asylum-0.2.3-2.fc8 dist-f8-updates oddsocks asymptote-1.33-2.fc8 dist-f8 rdieter -at-3.1.10-18.fc8 dist-f8-updates mmaslano +at-3.1.10-19.fc8 dist-f8-updates mmaslano at-spi-1.20.1-1.fc8 dist-f8 mclasen atanks-2.5-1.fc8 dist-f8 icon aterm-1.0.1-1.fc8 dist-f8 awjb @@ -294,7 +303,7 @@ atitvout-0.4-7 dist-f8 awjb atk-1.20.0-1.fc8 dist-f8 mclasen atlas-3.6.0-12.fc8 dist-f8 orion -atlascpp-0.6.0-4.fc8 dist-f8 wart +atlascpp-0.6.1-1.fc8 dist-f8-updates wart atmel-firmware-1.3-2 dist-fc7-updates kwizart atomix-2.14.0-3.1 dist-f8 thl atomorun-1.1-0.5.pre2.fc8 dist-f8 jwrdegoede @@ -317,7 +326,7 @@ autoconf213-2.13-18.fc8 dist-f8 karsten autodir-0.99.9-4.fc8 dist-f8 thias autodownloader-0.2.0-4.fc8 dist-f8-updates jwrdegoede [...2581 lines suppressed...] wqy-unibit-fonts-1.1.0-4.fc8 dist-f8 fangq @@ -4672,7 +4756,7 @@ wvs-data-0.0.20020219-3 fe7-merge jkeating wxGTK-2.8.4-6.fc8 dist-f8 jwrdegoede wxGlade-0.6.1-1.fc8 dist-f8-updates hellwolf -wxMaxima-0.7.2-4.fc8 dist-f8 rdieter +wxMaxima-0.7.4-2.fc8 dist-f8-updates rdieter wxPython-2.8.4.0-2.fc8 dist-f8 jkeating wxdfast-0.6.0-3.fc8 dist-f8 drago01 wxsvg-1.0-0.5.b7_3.fc8 dist-f8 thias @@ -4684,8 +4768,8 @@ xalan-c-1.10.0-2.fc8 dist-f8-updates lkundrak xalan-j2-2.7.0-6jpp.1 dist-fc6 jkeating xaos-3.2.3-1.fc7 fe7-merge jkeating -xapian-bindings-1.0.2-4.fc8 dist-f8 drago01 -xapian-core-1.0.2-6.fc8 dist-f8 drago01 +xapian-bindings-1.0.4-2.fc8 dist-f8-updates drago01 +xapian-core-1.0.4-1.fc8 dist-f8-updates drago01 xar-1.5.1-4.fc8 dist-f8 thias xarchiver-0.4.9-0.3.20070103svn24249.fc8 dist-f8 cwickert xarchon-0.50-5.fc8 dist-f8 jwrdegoede @@ -4699,10 +4783,11 @@ xboard-4.2.7-16.fc6 fe7-merge jkeating xbsql-0.11-9.fc8 dist-f8 spot xca-0.6.4-1.fc8 dist-f8 ensc -xcb-proto-1.0-1.fc8 dist-f8 ajax +xcb-proto-1.1-1.fc8 dist-f8-updates ajax xcdroast-0.98a15-16.fc8 dist-f8 harald xchat-2.8.4-6.fc8 dist-f8 kkofler xchat-gnome-0.18-5.fc8 dist-f8 bpepple +xchat-ruby-1.2-5.fc8 dist-f8-updates konradm xchm-1.13-1.fc8 dist-f8 pertusus xcircuit-3.4.27-1.fc8 dist-f8-updates chitlesh xclip-0.10-1.fc8 dist-f8 spot @@ -4719,37 +4804,38 @@ xemacs-21.5.28-5.fc8 dist-f8 scop xemacs-packages-base-20070427-1.fc8 dist-f8 scop xemacs-packages-extra-20070427-1.fc8 dist-f8 scop -xen-3.1.0-13.fc8 dist-f8 berrange +xen-3.1.2-1.fc8 dist-f8-updates berrange xerces-c-2.7.0-6.fc7 fe7-merge jkeating xerces-j2-2.7.1-7jpp.2 dist-fc6 jkeating xeuphoric-0.18.2-9.fc8 dist-f8 oddsocks -xfce-mcs-manager-4.4.1-3.fc8 dist-f8 kevin -xfce-mcs-plugins-4.4.1-3.fc8 dist-f8 kevin -xfce-utils-4.4.1-3.fc8 dist-f8 kevin -xfce4-appfinder-4.4.1-2.fc8 dist-f8 kevin +xfce-mcs-manager-4.4.2-1.fc8 dist-f8-updates kevin +xfce-mcs-plugins-4.4.2-1.fc8 dist-f8-updates kevin +xfce-utils-4.4.2-1.fc8 dist-f8-updates kevin +xfce4-appfinder-4.4.2-1.fc8 dist-f8-updates kevin xfce4-battery-plugin-0.5.0-2.fc7 fe7-merge jkeating xfce4-clipman-plugin-0.8.0-3.fc8 dist-f8 cwickert -xfce4-cpugraph-plugin-0.3.0-5.fc7 fe7-merge jkeating +xfce4-cpugraph-plugin-0.4.0-2.fc8 dist-f8-updates cwickert xfce4-datetime-plugin-0.5.0-3.fc8 dist-f8 cwickert xfce4-dev-tools-4.4.0-1.fc7 fe7-merge jkeating xfce4-dict-plugin-0.2.1-3.fc8 dist-f8 cwickert xfce4-diskperf-plugin-2.1.0-3.fc7 fe7-merge jkeating xfce4-eyes-plugin-4.4.0-3.fc8 dist-f8 cwickert -xfce4-fsguard-plugin-0.3.0-6.fc8 dist-f8 cwickert +xfce4-fsguard-plugin-0.4.0-2.fc8 dist-f8-updates cwickert xfce4-genmon-plugin-3.1-3.fc8 dist-f8 cwickert -xfce4-icon-theme-4.4.1-3.fc8 dist-f8 kevin +xfce4-icon-theme-4.4.2-1.fc8 dist-f8-updates kevin xfce4-mailwatch-plugin-1.0.1-7.fc8 dist-f8 cwickert xfce4-minicmd-plugin-0.4-7.fc8 dist-f8 cwickert -xfce4-mixer-4.4.1-3.fc8 dist-f8 kevin +xfce4-mixer-4.4.2-1.fc8 dist-f8-updates kevin +xfce4-modemlights-plugin-0.1.3.99-2.fc8 dist-f8-updates cwickert xfce4-mount-plugin-0.5.1-3.fc8 dist-f8 cwickert xfce4-netload-plugin-0.4.0-6.fc8 dist-f8 cwickert -xfce4-notes-plugin-1.4.1-3.fc8 dist-f8 cwickert -xfce4-panel-4.4.1-4.fc8 dist-f8 kevin -xfce4-places-plugin-0.9.992-1.fc8 dist-f8 cwickert +xfce4-notes-plugin-1.6.0-2.fc8 dist-f8-updates cwickert +xfce4-panel-4.4.2-1.fc8 dist-f8-updates kevin +xfce4-places-plugin-1.0.0-2.fc8 dist-f8-updates cwickert xfce4-quicklauncher-plugin-1.9.4-1.fc8 dist-f8 cwickert xfce4-screenshooter-plugin-1.0.0-6.fc8 dist-f8 cwickert -xfce4-sensors-plugin-0.10.0-6.fc8 dist-f8 cwickert -xfce4-session-4.4.1-2.fc8 dist-f8 kevin +xfce4-sensors-plugin-0.10.99.2-3.fc8 dist-f8-updates cwickert +xfce4-session-4.4.2-1.fc8 dist-f8-updates kevin xfce4-smartbookmark-plugin-0.4.2-5.fc8 dist-f8 cwickert xfce4-systemload-plugin-0.4.2-3.fc8 dist-f8 cwickert xfce4-taskmanager-0.4.0-0.2.rc2.fc6 fe7-merge jkeating @@ -4757,23 +4843,24 @@ xfce4-verve-plugin-0.3.5-3.fc8 dist-f8 cwickert xfce4-volstatus-icon-0.1.0-2.fc8 dist-f8 cwickert xfce4-wavelan-plugin-0.5.4-3.fc8 dist-f8 cwickert -xfce4-weather-plugin-0.6.0-1.fc7 fe7-merge jkeating +xfce4-weather-plugin-0.6.2-2.fc8 dist-f8-updates cwickert xfce4-websearch-plugin-0.1.1-0.6.20070428svn2704.fc8 dist-f8 cwickert xfce4-xfapplet-plugin-0.1.0-4.fc8 dist-f8 cwickert xfce4-xkb-plugin-0.4.3-3.fc8 dist-f8 cwickert xfce4-xmms-plugin-0.5.1-1.fc7 fe7-merge jkeating -xfdesktop-4.4.1-3.fc8 dist-f8 kevin +xfdesktop-4.4.2-1.fc8 dist-f8-updates kevin xferstats-2.16-14.1 dist-fc6 jkeating -xfig-3.2.5-5.fc8 dist-f8-updates jwrdegoede +xfig-3.2.5-6.fc8 dist-f8-updates jwrdegoede xforms-1.0.90-10.fc8 dist-f8 rdieter -xfprint-4.4.1-2.fc8 dist-f8 kevin +xfprint-4.4.2-1.fc8 dist-f8-updates kevin xfsdump-2.2.46-1.fc8 dist-f8 sandeen xfsprogs-2.9.4-4.fc8 dist-f8 sandeen -xfwm4-4.4.1-3.fc8 dist-f8 kevin -xfwm4-themes-4.4.1-2.fc8 dist-f8 kevin +xfwm4-4.4.2-1.fc8 dist-f8-updates kevin +xfwm4-themes-4.4.2-1.fc8 dist-f8-updates kevin xgalaxy-2.0.34-7.fc8 dist-f8 jwrdegoede xgrav-1.2.0-5.fc8 dist-f8-updates limb xgrep-0.06-3.fc8 dist-f8 brendt +xguest-1.0.6-2.fc8 dist-f8-updates dwalsh xhtml1-dtds-1.0-7.1.1 dist-fc6 jkeating xine-lib-1.1.8-4.fc8 dist-f8 scop xine-plugin-1.0-5.fc8 dist-f8 mso @@ -4827,7 +4914,7 @@ xorg-x11-drv-apm-1.1.1-7.fc8 dist-f8 ajax xorg-x11-drv-ark-0.6.0-6.fc8 dist-f8 ajax xorg-x11-drv-ast-0.81.0-6.fc8 dist-f8 ajax -xorg-x11-drv-ati-6.7.196-1.fc8 dist-f8-updates airlied +xorg-x11-drv-ati-6.7.196-2.fc8 dist-f8-updates airlied xorg-x11-drv-avivo-0.0.1-6.fc8 dist-f8 krh xorg-x11-drv-calcomp-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-chips-1.1.1-5.fc8 dist-f8 ajax @@ -4861,7 +4948,7 @@ xorg-x11-drv-openchrome-0.2.900-7.fc8 dist-f8-updates xavierb xorg-x11-drv-palmax-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-penmount-1.1.0-3.fc7 dist-fc7 jkeating -xorg-x11-drv-radeonhd-0.0.2-0.7.20071017git.fc8 dist-f8 ndim +xorg-x11-drv-radeonhd-1.1.0-0.2.20071228git.fc8 dist-f8-updates ndim xorg-x11-drv-rendition-4.1.3-5.fc8 dist-f8 ajax xorg-x11-drv-s3-0.5.0-5.fc8 dist-f8 ajax xorg-x11-drv-s3virge-1.9.1-5.fc8 dist-f8 ajax @@ -4890,8 +4977,8 @@ xorg-x11-fonts-7.2-3.fc8 dist-f8 ajax xorg-x11-proto-devel-7.3-3.fc8 dist-f8 ajax xorg-x11-resutils-7.1-4.fc8 dist-f8 ajax -xorg-x11-server-1.3.0.0-33.fc8 dist-f8 airlied -xorg-x11-server-utils-7.3-1.fc8 dist-f8 ajax +xorg-x11-server-1.3.0.0-37.fc8 dist-f8-updates ajax +xorg-x11-server-utils-7.3-2.fc8 dist-f8-updates airlied xorg-x11-twm-1.0.3-1.fc8 dist-f8 airlied xorg-x11-util-macros-1.1.5-1.fc7 dist-fc7 jkeating xorg-x11-utils-7.3-1.fc8 dist-f8 ajax @@ -4906,13 +4993,14 @@ xorg-x11-xtrans-devel-1.0.3-5.fc8 dist-f8 ajax xosd-2.2.14-10.fc8 dist-f8 kevin xournal-0.4.1-3.fc8 dist-f8 rvinyard -xpa-2.1.8-2.fc8 dist-f8-updates sergiopr +xpa-2.1.8-3.fc8 dist-f8-updates sergiopr xpdf-3.02-4.fc8 dist-f8-updates spot xpilot-ng-4.7.2-13.fc8 dist-f8 wart xplanet-1.2.0-2.1.fc8.2 dist-f8 mtasaka xpp2-2.1.10-6jpp.1.fc7 fe7-merge jkeating xpp3-1.1.3.8-1jpp.1.fc7 fe7-merge jkeating xprobe2-0.3-9.fc8 dist-f8 lmacken +xqilla10-1.0.2-2.fc8 dist-f8-updates mzazrive xrestop-0.4-3.fc8 dist-f8 ajax xsane-0.994-4.fc8 dist-f8 nphilipp xsc-1.5-2.fc8 dist-f8 limb @@ -4922,7 +5010,7 @@ xsri-2.1.0-12.fc8 dist-f8 ajax xsupplicant-1.2.8-4.fc8.3 dist-f8 spot xterm-229-2.fc8 dist-f8 mlichvar -xtide-2.9.4-3.fc8 dist-f8-updates mtasaka +xtide-2.9.5-2.fc8 dist-f8-updates mtasaka xu4-1.1-0.2.cvs20070510.fc8 dist-f8 jwrdegoede xvattr-1.3-14 dist-f8 thias xwnc-0.3.3-3.fc7 fe7-merge jkeating @@ -4941,20 +5029,20 @@ ypbind-1.20.4-2.fc8 dist-f8 steved ypserv-2.19-6.fc8 dist-f8 steved ytalk-3.3.0-9.fc8 dist-f8 mmcgrath -yum-3.2.7-2.fc8 dist-f8-updates skvidal +yum-3.2.8-2.fc8 dist-f8-updates skvidal yum-arch-2.2.2-2.fc7 fe7-merge jkeating yum-cron-0.6-1.fc8 dist-f8 habig yum-metadata-parser-1.1.2-1.fc8 dist-f8 skvidal -yum-presto-0.4.2-1.fc8 dist-f8 jdieter -yum-updatesd-0.7-1.fc8 dist-f8 katzj -yum-utils-1.1.8-1.fc8 dist-f8 timlau +yum-presto-0.4.3-1.fc8 dist-f8-updates jdieter +yum-updatesd-0.9-1.fc8 dist-f8-updates katzj +yum-utils-1.1.9-2.fc8 dist-f8-updates james yumex-2.0.3-2.fc8 dist-f8-updates timlau -z88dk-1.6-11.fc8.1 dist-f8 spot -zabbix-1.4.2-3.fc8 dist-f8 sharkcz +z88dk-1.7-2.fc8 dist-f8-updates kkofler +zabbix-1.4.4-1.fc8 dist-f8-updates sharkcz zaptel-1.4.6-1.fc8 dist-f8-updates jcollie zasx-1.30-5.fc8 dist-f8 jwrdegoede zd1211-firmware-1.4-1 dist-f8 kwizart -zenity-2.20.0-2.fc8 dist-f8 mclasen +zenity-2.20.1-2.fc8 dist-f8-updates mclasen zeroinstall-injector-0.30-2.fc8 dist-f8 salimma zhcon-0.2.6-5.fc7 fe7-merge jkeating zidrav-1.2.0-3.fc8 dist-f8 rathann View full diff with command: /usr/bin/cvs -f diff -kk -u -N -r 1.2 -r 1.3 dist-f9-build Index: dist-f9-build =================================================================== RCS file: /cvs/fedora/fedora-security/manifest/dist-f9-build,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- dist-f9-build 3 Dec 2007 16:50:14 -0000 1.2 +++ dist-f9-build 3 Jan 2008 19:32:16 -0000 1.3 @@ -1,5 +1,6 @@ Build Tag Built by ---------------------------------------- -------------------- ---------------- +8Kingdoms-1.1.0-2.fc9 dist-f9 jwrdegoede AGReader-1.2-4.fc8 dist-f8 oddsocks AcetoneISO-6.7-4.fc9 dist-f9 spot AllegroOGG-1.0.3-3.fc8 dist-f8 jwrdegoede @@ -15,12 +16,13 @@ ClanLib06-0.6.5-9.fc9 dist-f9 jwrdegoede Coin2-2.5.0-3.fc9 dist-f9 corsepiu ConsoleKit-0.2.3-2.fc9 dist-f9 mclasen +CriticalMass-1.0.2-2.fc9 dist-f9 jwrdegoede DMitry-1.3a-2.fc8 dist-f8 sindrepb DevIL-1.6.8-0.13.rc2.fc8 dist-f8 oddsocks Django-0.96.1-1.fc9 dist-f9 salimma ElectricFence-2.2.2-23 dist-fc7 jkeating FlightGear-0.9.11-0.4.pre1.fc8 dist-f8 bellet -GConf2-2.20.1-2.fc9 dist-f9 mclasen +GConf2-2.20.1-4.fc9 dist-f9 fitzsim GREYCstoration-2.5.2-6.fc8 dist-f8 deebs GeoIP-1.4.3-1.fc8 dist-f8 mfleming Glide3-20050815-6.fc8 dist-f8 jwrdegoede @@ -34,36 +36,36 @@ Inventor-2.1.5-30.fc9.1 dist-f9 corsepiu Io-language-20071010-1.fc9 dist-f9 jwrdegoede JSDoc-1.10.2-4.fc8 dist-f8 mcepl -KoboDeluxe-0.4.1-1.fc9 dist-f9 jwrdegoede +KoboDeluxe-0.5.1-1.fc9 dist-f9 jwrdegoede LabPlot-1.5.1.6-4.fc8 dist-f8 chitlesh MAKEDEV-3.23-1.2 dist-fc6 jkeating -Macaulay2-0.9.95-8.fc8 dist-f8 rdieter +Macaulay2-0.9.95-9.fc9 dist-f9 rdieter Maelstrom-3.0.6-14 dist-f8 notting MagicPoint-1.11b-4.fc8 dist-f8 jwrdegoede MegaMek-0.30.11-2.fc8 dist-f8 fitzsim -Miro-0.9.9.9-1.fc9 dist-f9 alexlan +Miro-1.0-4.fc9 dist-f9 alexlan MochiKit-1.3.1-1.fc6 fe7-merge jkeating MyPasswordSafe-0.6.7-1.20061216.fc8 dist-f8 ertzing -MySQL-python-1.2.2-4.fc8 dist-f8 tgl -NetworkManager-0.7.0-0.8.svn3109.fc9 dist-f9 katzj +MySQL-python-1.2.2-5.fc9 dist-f9 tgl +NetworkManager-0.7.0-0.8.svn3181.fc9 dist-f9 dcbw NetworkManager-openvpn-0.7.0-3.svn3047.fc9 dist-f9 timn NetworkManager-vpnc-0.7.0-0.6.3.svn3109.fc9 dist-f9 denis ORBit-0.5.17-22.fc9 dist-f9 pghmcfc ORBit2-2.14.10-2.fc8 dist-f8 ausil OpenEXR-1.6.0-5.fc8 dist-f8 rdieter -OpenIPMI-2.0.11-3.fc8 dist-f8 pknirsch +OpenIPMI-2.0.13-1.fc9 dist-f9 pknirsch OpenSceneGraph-2.2.0-3.fc9 dist-f9 corsepiu -PackageKit-0.1.4-1.fc9 dist-f9 rnorwood +PackageKit-0.1.5-1.fc9 dist-f9 rnorwood PerceptualDiff-1.0.1-6.fc8 dist-f8 kwizart Perlbal-1.59-1.fc8 dist-f8 ruben Pixie-2.2.2-4.fc8 dist-f8 kwizart -PolicyKit-0.6-1.fc8 dist-f8 davidz -PolicyKit-gnome-0.6-2.fc9 dist-f9 mclasen -Pound-2.4-0.1.e.fc9 dist-f9 ruben +PolicyKit-0.7-4.fc9 dist-f9 davidz +PolicyKit-gnome-0.7-2.fc9 dist-f9 davidz +Pound-2.4-0.2.e.fc9 dist-f9 jkeating PyKDE-3.16.0-11.fc9 dist-f9 rdieter -PyOpenGL-3.0.0-0.4.a6.fc8 dist-f8 jwrdegoede -PyQt-3.17.3-3.fc9 dist-f9 rdieter -PyQt4-4.3.1-3.fc9 dist-f9 rdieter +PyOpenGL-3.0.0-0.5.b1.fc9 dist-f9 jwrdegoede +PyQt-3.17.4-1.fc9 dist-f9 rdieter +PyQt4-4.3.3-1.fc9 dist-f9 rdieter PyRTF-0.45-5.fc8 dist-f8 jamatos PySolFC-1.1-4.fc9 dist-f9 firewing PySolFC-cardsets-1.1-3.2 dist-fc7-updates firewing @@ -73,8 +75,10 @@ Pyrex-0.9.5.1a-1.fc8 dist-f8 mbarnes PythonCAD-0.1.36-2.fc8 dist-f8 kwizart QuantLib-0.8.1-4.fc9 dist-f9 spot -R-2.6.1-1.fc9 dist-f9 spot +R-2.6.1-2.fc9 dist-f9 spot +R-Biobase-1.16.1-3.fc9 dist-f9 alexlan R-BufferedMatrix-1.2.0-1.fc9 dist-f9 pingou +R-BufferedMatrixMethods-1.3.0-1.fc7 dist-fc7-updates pingou R-DynDoc-1.17.0-1.fc9 dist-f9 pingou R-RScaLAPACK-0.5.1-10.fc8.1 dist-f8 spot R-abind-1.1-1.fc9 dist-f9 spot @@ -108,21 +112,22 @@ Sprog-0.14-12.fc6 fe7-merge jkeating SteGUI-0.0.1-12.fc8 dist-f8 pingou TeXmacs-1.0.6.12-2.fc9 dist-f9 gemi -Terminal-0.2.6-3.fc8 dist-f8 kevin -Thunar-0.9.0-1.fc9 dist-f9 kevin +Terminal-0.2.8-2.fc9 dist-f9 kevin +Thunar-0.9.0-2.fc9 dist-f9 kevin TnL-071111-1.fc9 dist-f9 jwrdegoede TnL-data-071111-1.fc9 dist-f9 jwrdegoede -TurboGears-1.0.3.2-6.fc9 dist-f9 lmacken +TurboGears-1.0.3.2-7.fc9 dist-f9 lmacken VLGothic-fonts-20070901-1.fc8 dist-f8 ryo -WindowMaker-0.92.0-14.fc8 dist-f8 awjb +WebKit-1.0.0-0.3.svn28482.fc9 dist-f9 pgordon +WindowMaker-0.92.0-15.fc9 dist-f9 awjb Xaw3d-1.5E-10.1 dist-fc6 jkeating -Zim-0.21-1.fc9 dist-f9 cweyl +Zim-0.23-1.fc9 dist-f9 cweyl a2ps-4.13b-69.fc8 dist-f8 twaugh aalib-1.4.0-0.13.rc5.fc8 dist-f8 garrick aasaver-0.3.2-1.fc8 dist-f8 oddsocks abcMIDI-20070106-1.fc7 fe7-merge jkeating abcde-2.3.99.6-4.fc8 dist-f8 scop -abcm2ps-5.6.1-2.fc9 dist-f9 gemi +abcm2ps-5.7.0-1.fc9 dist-f9 gemi abe-1.1-6.fc8 dist-f8 wart abicheck-1.2-15 dist-f8 mschwendt abiword-2.4.6-6.fc8 dist-f8 lkundrak @@ -134,13 +139,13 @@ acl-2.2.45-2.fc9 dist-f9 jmoskovc acpi-0.09-2.fc6 fe7-merge jkeating acpid-1.0.6-4.fc9 dist-f9 zprikryl -acpitool-0.4.7-1.fc8 dist-f8 pertusus +acpitool-0.4.7-2.fc9 dist-f9 pertusus adanaxisgpl-1.2.4-1.fc9 dist-f9 southa adaptx-0.9.13-4jpp.3.fc8 dist-f8 spot adime-2.2.1-6.fc8 dist-f8 jwrdegoede adjtimex-1.21-3.fc8 dist-f8 mlichvar adminutil-1.1.4-2.fc8 dist-f8 rmeggins -adns-1.2-6.fc8 dist-f8 rvokal +adns-1.4-2.fc9 dist-f9 atkac adplay-1.6-2.fc8 dist-f8 snirkel adplug-2.1-2.fc8 dist-f8 snirkel advancecomp-1.15-9 dist-f8 thias @@ -153,13 +158,13 @@ aiksaurus-1.2.1-15.fc6 fe7-merge jkeating aircrack-ng-0.9.1-2.fc8 dist-f8 till airsnort-0.2.7e-11.fc7 fe7-merge jkeating -akode-2.0.1-9.fc8 dist-f8 rdieter -alacarte-0.11.3-4.fc8 dist-f8 mclasen +akode-2.0.2-3.fc9 dist-f9 rdieter +alacarte-0.11.3-5.fc9 dist-f9 rstrode alchemist-1.0.37-2.fc8 dist-f8 twaugh aldrin-0.11-6.fc8 dist-f8 akahl alex-2.1.0-5.fc8 dist-f8 bos alex4-1.0-4.fc8 dist-f8 jwrdegoede -alexandria-0.6.2-0.2.b2.fc9 dist-f9 mtasaka +alexandria-0.6.2-2.fc9 dist-f9 mtasaka alfont-2.0.6-3.fc8 dist-f8 jwrdegoede alienarena-6.10-5.fc9 dist-f9 spot alienarena-data-20071011-2.fc9 dist-f9 spot @@ -168,9 +173,9 @@ allegro-4.2.2-6.fc8 dist-f8 jwrdegoede alleyoop-0.9.3-3.fc8 dist-f8 giallu alliance-5.0-10.20070718snap.fc8 dist-f8 chitlesh -alltray-0.69-3.fc8 dist-f8 denis +alltray-0.70-1.fc9 dist-f9 denis alphabet-soup-1.1-3.fc8 dist-f8 jwrdegoede -alpine-0.99999-3.fc9 dist-f9 joshuadf +alpine-1.00-2.fc9 dist-f9 rdieter alsa-lib-1.0.15-1.fc9 dist-f9 stransky alsa-oss-1.0.14-3.fc8 dist-f8 jima alsa-plugins-1.0.14-5.fc8 dist-f8 lennart @@ -178,27 +183,28 @@ alsa-utils-1.0.15-1.fc9 dist-f9 stransky alsamixergui-0.9.0-0.3.rc1.fc8.2 dist-f8 spot altermime-0.3.7-2.fc6 fe7-merge jkeating -am-utils-6.1.5-6.fc7 dist-fc7 jkeating +am-utils-6.1.5-7.fc9 dist-f9 jkeating amanda-2.5.2p1-9.fc9 dist-f9 rbrich -amarok-1.4.7-12.fc9 dist-f9 rdieter +amanith-0.3-5.fc9 dist-f9 spot +amarok-1.4.8-1.fc9 dist-f9 rdieter amarokFS-0.5-1.fc7 fe7-merge jkeating amavisd-new-2.5.2-2.fc8 dist-f8 steve amoebax-0.2.0-1.fc9 dist-f9 jwrdegoede -amqp-1.0-1 dist-f9 nsantos -amsn-0.96-7.fc7 fe7-merge jkeating +amqp-1.0-3.fc9 dist-f9 nsantos +amsn-0.97-2.fc9 dist-f9 tjikkun amtterm-1.0-1.fc8 dist-f8 kraxel -amtu-1.0.5-1.fc7 dist-fc7 jkeating -anaconda-11.4.0.4-2 dist-f9 dcantrel -anacron-2.3-56.fc8 dist-f8 mmaslano +amtu-1.0.6-1.fc9 dist-f9 sgrubb +anaconda-11.4.0.13-1 dist-f9 katzj +anacron-2.3-57.fc9 dist-f9 mmaslano and-1.2.2-4.fc8 dist-f8 s4504kr angrydd-1.0.1-3.fc8 dist-f8 rafalzaq -animorph-0.2-2.fc8 dist-f8 kwizart -anjuta-2.2.0-3.fc8 dist-f8 jkeating -anjuta-gdl-0.7.3-1.fc7 fe7-merge jkeating +animorph-0.3-1.fc9 dist-f9 kwizart +anjuta-2.2.0-4.fc9 dist-f9 alexlan +anjuta-gdl-0.7.3-2.fc9 dist-f9 jkeating ant-1.7.0-1jpp.2.fc8 dist-f8 pcheung ant-contrib-1.0-0.4.b2.fc6 fe7-merge jkeating [...4867 lines suppressed...] xfce4-quicklauncher-plugin-1.9.4-1.fc8 dist-f8 cwickert xfce4-screenshooter-plugin-1.0.0-6.fc8 dist-f8 cwickert -xfce4-sensors-plugin-0.10.99.2-2.fc9 dist-f9 cwickert +xfce4-sensors-plugin-0.10.99.2-3.fc9 dist-f9 cwickert xfce4-session-4.4.2-1.fc9 dist-f9 kevin xfce4-smartbookmark-plugin-0.4.2-5.fc8 dist-f8 cwickert xfce4-systemload-plugin-0.4.2-3.fc8 dist-f8 cwickert xfce4-taskmanager-0.4.0-0.2.rc2.fc6 fe7-merge jkeating -xfce4-timer-plugin-0.5.1-3.fc8 dist-f8 cwickert +xfce4-timer-plugin-0.6-2.fc9 dist-f9 cwickert xfce4-verve-plugin-0.3.5-3.fc8 dist-f8 cwickert xfce4-volstatus-icon-0.1.0-2.fc8 dist-f8 cwickert xfce4-wavelan-plugin-0.5.4-3.fc8 dist-f8 cwickert -xfce4-weather-plugin-0.6.0-1.fc7 fe7-merge jkeating +xfce4-weather-plugin-0.6.2-2.fc9 dist-f9 cwickert xfce4-websearch-plugin-0.1.1-0.6.20070428svn2704.fc8 dist-f8 cwickert xfce4-xfapplet-plugin-0.1.0-4.fc8 dist-f8 cwickert xfce4-xkb-plugin-0.4.3-3.fc8 dist-f8 cwickert xfce4-xmms-plugin-0.5.1-1.fc7 fe7-merge jkeating xfdesktop-4.4.2-1.fc9 dist-f9 kevin xferstats-2.16-14.1 dist-fc6 jkeating -xfig-3.2.5-6.fc9 dist-f9 jwrdegoede +xfig-3.2.5-7.fc9 dist-f9 jwrdegoede xforms-1.0.90-10.fc8 dist-f8 rdieter xfprint-4.4.2-1.fc9 dist-f9 kevin xfsdump-2.2.46-1.fc8 dist-f8 sandeen @@ -4857,6 +4965,7 @@ xgalaxy-2.0.34-7.fc8 dist-f8 jwrdegoede xgrav-1.2.0-5.fc9 dist-f9 limb xgrep-0.06-3.fc8 dist-f8 brendt +xguest-1.0.6-2.fc9 dist-f9 dwalsh xhtml1-dtds-1.0-7.1.1 dist-fc6 jkeating xine-lib-1.1.8-4.fc8 dist-f8 scop xine-plugin-1.0-5.fc8 dist-f8 mso @@ -4876,9 +4985,9 @@ xmlindent-0.2.17-8.fc8 dist-f8 adrian xmlroff-0.5.2-4.fc9 dist-f9 ivazquez xmlrpc-2.0.1-3jpp.2 dist-fc7 jkeating -xmlrpc-c-1.06.18-1.fc8 dist-f8 ensc +xmlrpc-c-1.06.23-1.fc9 dist-f9 ensc xmlrpc3-3.0-1jpp.4.fc8 dist-f8 overholt -xmlsec1-1.2.9-8.1 dist-fc6 jkeating +xmlsec1-1.2.9-9.1 dist-f9 jkeating xmlstarlet-1.0.1-4.fc7 fe7-merge jkeating xmltex-20020625-8 dist-fc6 jkeating xmlto-0.0.19-1.fc9 dist-f9 ovasik @@ -4904,7 +5013,7 @@ xoo-0.7-7.fc8 dist-f8 pwouters xorg-sgml-doctools-1.1.1-1.fc7 dist-fc7 jkeating xorg-x11-apps-7.3-1.fc8 dist-f8 ajax -xorg-x11-docs-1.3-1.fc7 dist-fc7 jkeating +xorg-x11-docs-1.3-2.fc9 dist-f9 ajax xorg-x11-drivers-7.2-10.fc9 dist-f9 ajax xorg-x11-drv-acecad-1.1.0-5.fc8 dist-f8 ajax xorg-x11-drv-aiptek-1.0.1-5.fc8 dist-f8 ajax @@ -4912,7 +5021,7 @@ xorg-x11-drv-apm-1.1.1-7.fc8 dist-f8 ajax xorg-x11-drv-ark-0.6.0-6.fc8 dist-f8 ajax xorg-x11-drv-ast-0.81.0-6.fc8 dist-f8 ajax -xorg-x11-drv-ati-6.7.195-5.fc9 dist-f9 ajax +xorg-x11-drv-ati-6.7.196-5.fc9 dist-f9 ajax xorg-x11-drv-avivo-0.0.1-6.fc8 dist-f8 krh xorg-x11-drv-calcomp-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-chips-1.1.1-5.fc8 dist-f8 ajax @@ -4931,26 +5040,26 @@ xorg-x11-drv-hyperpen-1.1.0-5.fc8 dist-f8 ajax xorg-x11-drv-i128-1.2.1-1.fc8 dist-f8 ajax xorg-x11-drv-i740-1.1.0-5.fc8 dist-f8 ajax -xorg-x11-drv-i810-2.2.0-1.fc9 dist-f9 ajax +xorg-x11-drv-i810-2.2.0-2.fc9 dist-f9 airlied xorg-x11-drv-jamstudio-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-keyboard-1.2.2-3.fc9 dist-f9 ajax xorg-x11-drv-magellan-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-magictouch-1.0.0.5-5.fc8 dist-f8 ajax -xorg-x11-drv-mga-1.4.6.1-6.fc8 dist-f8 ajax +xorg-x11-drv-mga-1.4.7-0.20080102.fc9 dist-f9 ajax xorg-x11-drv-microtouch-1.1.0-2.fc7 dist-fc7 jkeating xorg-x11-drv-mouse-1.2.3-3.fc9 dist-f9 ajax xorg-x11-drv-mutouch-1.1.0-5.fc8 dist-f8 ajax xorg-x11-drv-neomagic-1.1.1-4.fc8 dist-f8 ajax xorg-x11-drv-nsc-2.8.1-4.fc8 dist-f8 ajax xorg-x11-drv-nv-2.1.6-2.fc9 dist-f9 ajax -xorg-x11-drv-openchrome-0.2.900-7.fc9 dist-f9 xavierb +xorg-x11-drv-openchrome-0.2.901-1.fc9 dist-f9 xavierb xorg-x11-drv-palmax-1.1.0-4.fc8 dist-f8 ajax xorg-x11-drv-penmount-1.1.0-3.fc7 dist-fc7 jkeating -xorg-x11-drv-radeonhd-1.0.0-0.1.20071130git.fc9 dist-f9 ndim +xorg-x11-drv-radeonhd-1.1.0-0.3.20080103git.fc9 dist-f9 ndim xorg-x11-drv-rendition-4.1.3-5.fc8 dist-f8 ajax xorg-x11-drv-s3-0.5.0-5.fc8 dist-f8 ajax xorg-x11-drv-s3virge-1.9.1-5.fc8 dist-f8 ajax -xorg-x11-drv-savage-2.1.3-1.fc8 dist-f8 airlied +xorg-x11-drv-savage-2.1.3-99.20071210.fc9 dist-f9 ajax xorg-x11-drv-siliconmotion-1.5.1-3.fc8 dist-f8 ajax xorg-x11-drv-sis-0.9.3-4.fc8 dist-f8 ajax xorg-x11-drv-sisusb-0.8.1-9.fc8 dist-f8 ajax @@ -4966,16 +5075,16 @@ xorg-x11-drv-vesa-1.3.0-11.20071113.fc9 dist-f9 ajax xorg-x11-drv-vga-4.1.0-5.fc8 dist-f8 ajax xorg-x11-drv-via-0.2.2-4.fc8 dist-f8 ajax -xorg-x11-drv-vmmouse-12.4.3-1.fc8 dist-f8 ajax +xorg-x11-drv-vmmouse-12.4.3-3.fc9 dist-f9 katzj xorg-x11-drv-vmware-10.15.2-1.fc8 dist-f8 ajax xorg-x11-drv-void-1.1.1-7.fc9 dist-f9 ajax xorg-x11-drv-voodoo-1.1.1-1.fc8 dist-f8 ajax xorg-x11-filesystem-7.1-2.fc6 dist-fc6 jkeating -xorg-x11-font-utils-7.2-2.fc8 dist-f8 ajax -xorg-x11-fonts-7.2-4.fc9 dist-f9 krh +xorg-x11-font-utils-7.2-3.fc9 dist-f9 ajax +xorg-x11-fonts-7.2-5.fc9 dist-f9 spot xorg-x11-proto-devel-7.3-7.fc9 dist-f9 ajax xorg-x11-resutils-7.1-4.fc8 dist-f8 ajax -xorg-x11-server-1.4.99.1-0.10.fc9 dist-f9 ajax +xorg-x11-server-1.4.99.1-0.13.fc9 dist-f9 ajax xorg-x11-server-utils-7.3-2.fc9 dist-f9 airlied xorg-x11-twm-1.0.3-1.fc8 dist-f8 airlied xorg-x11-util-macros-1.1.5-1.fc7 dist-fc7 jkeating @@ -4991,25 +5100,27 @@ xorg-x11-xtrans-devel-1.0.3-5.fc8 dist-f8 ajax xosd-2.2.14-10.fc8 dist-f8 kevin xournal-0.4.1-3.fc8 dist-f8 rvinyard -xpa-2.1.8-2.fc9 dist-f9 sergiopr -xpdf-3.02-4.fc9 dist-f9 spot +xpa-2.1.8-4.fc9 dist-f9 sergiopr +xpdf-3.02-5.fc9 dist-f9 spot xpilot-ng-4.7.2-13.fc8 dist-f8 wart xplanet-1.2.0-2.1.fc8.2 dist-f8 mtasaka xpp2-2.1.10-6jpp.1.fc7 fe7-merge jkeating xpp3-1.1.3.8-1jpp.1.fc7 fe7-merge jkeating xprobe2-0.3-9.fc8 dist-f8 lmacken +xqilla10-1.0.2-2.fc9 dist-f9 mzazrive xrestop-0.4-3.fc8 dist-f8 ajax xsane-0.995-2.fc9 dist-f9 nphilipp xsc-1.5-2.fc8 dist-f8 limb xscorch-0.2.0-12.fc8 dist-f8 mgarski -xscreensaver-5.04-2.fc9 dist-f9 mtasaka +xscreensaver-5.04-3.fc9 dist-f9 mtasaka xsp-1.2.1-1.fc7 fe7-merge jkeating xsri-2.1.0-13.fc9 dist-f9 ajax -xsupplicant-1.2.8-4.fc9.4 dist-f9 spot +xstar-2.2.0-2.fc9 dist-f9 mmahut +xsupplicant-1.2.8-5.fc9.2 dist-f9 spot xterm-229-2.fc8 dist-f8 mlichvar -xtide-2.9.4-3.fc9 dist-f9 mtasaka +xtide-2.9.5-2.fc9 dist-f9 mtasaka xu4-1.1-0.2.cvs20070510.fc8 dist-f8 jwrdegoede -xulrunner-1.9-0.beta1.3.fc9 dist-f9 stransky +xulrunner-1.9-0.beta2.5.fc9 dist-f9 stransky xvattr-1.3-14 dist-f8 thias xwnc-0.3.3-3.fc7 fe7-merge jkeating xwrits-2.24-2.fc6 fe7-merge jkeating @@ -5021,36 +5132,36 @@ yakuake-2.7.5-4.fc7 fe7-merge jkeating yap-5.1.1-8.fc9 dist-f9 gemi yasm-0.6.2-1.fc8 dist-f8 thias -yaz-3.0.8-1.fc8 dist-f8 icon -yelp-2.20.0-8.fc9 dist-f9 stransky +yaz-3.0.8-2.fc9 dist-f9 jkeating +yelp-2.21.1-3.fc9 dist-f9 katzj yp-tools-2.9-2 dist-f8 steved ypbind-1.20.4-2.fc8 dist-f8 steved ypserv-2.19-6.fc8 dist-f8 steved -ytalk-3.3.0-9.fc8 dist-f8 mmcgrath -yum-3.2.7-2.fc9 dist-f9 skvidal +ytalk-3.3.0-10.fc9 dist-f9 mmcgrath +yum-3.2.8-2.fc9 dist-f9 skvidal yum-arch-2.2.2-2.fc7 fe7-merge jkeating yum-cron-0.6-1.fc8 dist-f8 habig yum-metadata-parser-1.1.2-2.fc9 dist-f9 pnasrat yum-presto-0.4.3-1.fc9 dist-f9 jdieter -yum-updatesd-0.7-1.fc8 dist-f8 katzj -yum-utils-1.1.8-1.fc8 dist-f8 timlau +yum-updatesd-0.9-1.fc9 dist-f9 katzj +yum-utils-1.1.10-1.fc9 dist-f9 timlau yumex-2.0.3-2.fc9 dist-f9 timlau -z88dk-1.6-11.fc8.1 dist-f8 spot -zabbix-1.4.2-4.fc9 dist-f9 sharkcz +z88dk-1.7-2.fc9 dist-f9 kkofler +zabbix-1.4.4-1.fc9 dist-f9 jwilson zaf-0-0.1.20071123svn.fc9 dist-f9 caolanm -zaptel-1.4.6-1.fc9 dist-f9 jcollie +zaptel-1.4.7.1-1.fc9 dist-f9 jcollie zasx-1.30-5.fc8 dist-f8 jwrdegoede zd1211-firmware-1.4-1 dist-f8 kwizart zenity-2.20.1-1.fc9 dist-f9 mclasen zeroinstall-injector-0.30-2.fc8 dist-f8 salimma zhcon-0.2.6-5.fc7 fe7-merge jkeating zidrav-1.2.0-3.fc8 dist-f8 rathann -zile-2.2.19-1.fc6 fe7-merge jkeating +zile-2.2.19-2.fc9 dist-f9 mlichvar zip-2.31-5.fc9 dist-f9 varekova zisofs-tools-1.0.8-2.fc8 dist-f8 harald zlib-1.2.3-16.fc9 dist-f9 varekova -zoneminder-1.22.3-9.fc8 dist-f8 mebourne -zsh-4.3.4-4.fc8 dist-f8 james +zoneminder-1.22.3-10.fc9 dist-f9 mebourne +zsh-4.3.4-5.fc9 dist-f9 james zvbi-0.2.25-2.fc8 dist-f8 oddsocks zynaddsubfx-2.2.1-17.fc8 dist-f8 green zziplib-0.13.49-4.fc8 dist-f8 thias View full diff with command: /usr/bin/cvs -f diff -kk -u -N -r 1.8 -r 1.9 dist-fc7-updates Index: dist-fc7-updates =================================================================== RCS file: /cvs/fedora/fedora-security/manifest/dist-fc7-updates,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- dist-fc7-updates 3 Dec 2007 16:50:14 -0000 1.8 +++ dist-fc7-updates 3 Jan 2008 19:32:16 -0000 1.9 @@ -1,6 +1,7 @@ Build Tag Built by ---------------------------------------- -------------------- ---------------- -915resolution-0.5.3-1.fc7 fe7-merge jkeating +8Kingdoms-1.1.0-2.fc7 dist-fc7-updates jwrdegoede +915resolution-0.5.3-3.fc7 dist-fc7-updates cweyl AGReader-1.2-4.fc7 dist-fc7-updates oddsocks AcetoneISO-6.7-4.fc7 dist-fc7-updates spot AllegroOGG-1.0.3-3.fc6 fe7-merge jkeating @@ -15,6 +16,7 @@ ClanLib06-0.6.5-7.fc6 fe7-merge jkeating Coin2-2.5.0-2.fc7 dist-fc7-updates corsepiu ConsoleKit-0.2.1-2.fc7 dist-fc7 jkeating +CriticalMass-1.0.2-2.fc7 dist-fc7-updates jwrdegoede DMitry-1.3a-2.fc7 dist-fc7-updates sindrepb Democracy-0.9.6-2.fc7 dist-fc7-updates tscherf DevIL-1.6.8-0.13.rc2.fc7 dist-fc7-updates oddsocks @@ -58,10 +60,10 @@ Perlbal-1.59-1.fc7 dist-fc7-updates ruben Pixie-2.2.2-2.fc7 dist-fc7-updates kwizart Pound-2.3-1.fc7 fe7-merge jkeating -PyKDE-3.16.0-6.fc7 fe7-merge jkeating +PyKDE-3.16.0-11.fc7 dist-fc7-updates rdieter PyOpenGL-3.0.0-0.3.a6.fc7 fe7-merge jkeating PyQt-3.17.3-3.fc7 dist-fc7-updates rdieter -PyQt4-4.3.1-1.fc7 dist-fc7-updates rdieter +PyQt4-4.3.1-3.fc7 dist-fc7-updates rdieter PyRTF-0.45-4.fc7 fe7-merge jkeating PySolFC-1.1-4.fc7 dist-fc7-updates firewing PySolFC-cardsets-1.1-3.2 dist-fc7-updates firewing @@ -72,7 +74,9 @@ PythonCAD-0.1.36-2.fc7 dist-fc7-updates kwizart QuantLib-0.8.1-4.fc7 dist-fc7-updates spot R-2.6.1-1.fc7 dist-fc7-updates spot +R-Biobase-1.16.1-3.fc7 dist-fc7-updates pingou R-BufferedMatrix-1.2.0-1.fc7 dist-fc7-updates pingou +R-BufferedMatrixMethods-1.3.0-1.fc7 dist-fc7-updates pingou R-DynDoc-1.17.0-1.fc7 dist-fc7-updates pingou R-RScaLAPACK-0.5.1-9.fc7 fe7-merge jkeating R-abind-1.1-1.fc7 dist-fc7-updates spot @@ -97,7 +101,7 @@ SDL_sound-1.0.1-8.fc7 dist-fc7-updates jwrdegoede SDL_ttf-2.0.8-2.fc6 fe7-merge jkeating SDLmm-0.1.8-4.fc7 fe7-merge jkeating -SIBsim4-0.15-1.fc7 fe7-merge jkeating +SIBsim4-0.16-1.fc7 dist-fc7-updates c4chris SILLY-0.1.0-4.fc7 dist-fc7-updates oddsocks SIMVoleon-2.0.1-6.fc7 fe7-merge jkeating SOAPpy-0.11.6-6.fc7 fe7-merge jkeating @@ -107,12 +111,13 @@ Sprog-0.14-12.fc6 fe7-merge jkeating SteGUI-0.0.1-12.fc7 dist-fc7-updates pingou TeXmacs-1.0.6.12-1.fc7 dist-fc7-updates gemi -Terminal-0.2.6-3.fc7 dist-fc7-updates kevin -Thunar-0.8.0-1.fc7 fe7-merge jkeating +Terminal-0.2.8-2.fc7 dist-fc7-updates kevin +Thunar-0.9.0-2.fc7 dist-fc7-updates kevin TnL-070909-2.fc7 dist-fc7-updates jwrdegoede TnL-data-070909-1.fc7 dist-fc7-updates jwrdegoede -TurboGears-1.0.3.2-4.fc7 dist-fc7-updates lmacken +TurboGears-1.0.3.2-7.fc7 dist-fc7-updates lmacken VLGothic-fonts-20070901-1.fc7 dist-fc7-updates ryo +WebKit-1.0.0-0.3.svn28482.fc7 dist-fc7-updates pgordon WindowMaker-0.92.0-13.fc7 dist-fc7-updates awjb Xaw3d-1.5E-10.1 dist-fc6 jkeating Zim-0.21-1.fc7 dist-fc7-updates cweyl @@ -121,7 +126,7 @@ aasaver-0.3.2-1.fc7 dist-fc7-updates oddsocks abcMIDI-20070106-1.fc7 fe7-merge jkeating abcde-2.3.99.6-2.fc6 fe7-merge jkeating -abcm2ps-5.6.1-2.fc7 dist-fc7-updates gemi +abcm2ps-5.7.0-1.fc7 dist-fc7-updates gemi abe-1.1-5.fc7 dist-fc7-updates wart abicheck-1.2-11.7 dist-fc7-updates mschwendt abiword-2.4.6-5.fc7 fe7-merge jkeating @@ -155,8 +160,10 @@ aldrin-0.11-5.fc7 dist-fc7-updates akahl alex-2.1.0-5.fc7 dist-fc7-updates bos alex4-1.0-3.fc7 fe7-merge jkeating -alexandria-0.6.2-0.2.b2.fc7 dist-fc7-updates mtasaka +alexandria-0.6.2-2.fc7 dist-fc7-updates mtasaka alfont-2.0.6-2.fc7 fe7-merge jkeating +alienarena-6.10-5.fc7 dist-fc7-updates spot +alienarena-data-20071011-2.fc7 dist-fc7-updates spot alienblaster-1.1.0-1.fc7 dist-fc7-updates jwrdegoede alleggl-0.4.0-1.fc7 fe7-merge jkeating allegro-4.2.1-2.fc7 fe7-merge jkeating @@ -164,6 +171,7 @@ alliance-5.0-9.20070718snap.fc7 dist-fc7-updates chitlesh alltray-0.69-2.fc6 fe7-merge jkeating alphabet-soup-1.1-2.fc7 fe7-merge jkeating +alpine-1.00-2.fc7 dist-fc7-updates rdieter alsa-lib-1.0.14-3.fc7 dist-fc7-updates stransky alsa-oss-1.0.12-4.fc7 fe7-merge jkeating alsa-plugins-1.0.14-2.fc7 dist-fc7-updates emoret @@ -173,6 +181,7 @@ altermime-0.3.7-2.fc6 fe7-merge jkeating am-utils-6.1.5-6.fc7 dist-fc7 jkeating amanda-2.5.1p3-3.fc7 dist-fc7-updates rbrich +amanith-0.3-5.fc7 dist-fc7-updates spot amarok-1.4.7-5.fc7 dist-fc7-updates abompard amarokFS-0.5-1.fc7 fe7-merge jkeating amavisd-new-2.5.1-1.fc7 dist-fc7-updates steve @@ -275,10 +284,11 @@ aspell-sv-0.51-2.fc7 dist-fc7 jkeating aspell-ta-20040424-1.fc7 fe7-merge jkeating aspell-te-0.01-1.fc7 fe7-merge jkeating -astromenace-1.2-3.fc7 dist-fc7-updates limb +asterisk-1.4.17-1.fc7 dist-fc7-updates jcollie +astromenace-1.2-6.fc7 dist-fc7-updates limb astromenace-data-1.2-1.fc7 dist-fc7-updates limb astyle-1.21-5.fc7 dist-fc7-updates addutko -asunder-0.9-2.fc7 dist-fc7-updates szpak +asunder-1.0-1.fc7 dist-fc7-updates szpak asylum-0.2.3-2.fc7 dist-fc7-updates oddsocks asymptote-1.32-1.fc7 dist-fc7-updates jpo at-3.1.10-13.fc7 dist-fc7-updates mmaslano @@ -288,7 +298,7 @@ athcool-0.3.11-5.fc6 fe7-merge jkeating atitvout-0.4-6 fe7-merge jkeating atk-1.18.0-1.fc7 dist-fc7 jkeating -atlas-3.6.0-11.fc6 fe7-merge jkeating +atlas-3.6.0-11.fc7.1 dist-fc7-updates orion atlascpp-0.6.0-3.fc6 fe7-merge jkeating atmel-firmware-1.3-2 dist-fc7-updates kwizart atomix-2.14.0-2.fc6 fe7-merge jkeating @@ -312,7 +322,7 @@ autoconf213-2.13-17.fc7 dist-fc7 jkeating autodir-0.99.9-2.fc7 dist-fc7 thias autodownloader-0.2.0-4.fc7 dist-fc7-updates jwrdegoede -autofs-5.0.1-27 dist-fc7-updates iankent +autofs-5.0.1-31 dist-fc7-updates iankent autogen-5.8.9-1.fc7 fe7-merge jkeating automake-1.10-5 dist-fc7 jkeating automake14-1.4p6-15.fc7 dist-fc7 jkeating @@ -354,7 +364,7 @@ bbkeys-0.9.0-6.fc7 fe7-merge jkeating bc-1.06-26 dist-fc7 jkeating bcel-5.1-10jpp.4.fc7 dist-fc7-updates pcheung -bcfg2-0.9.5-2.fc7 dist-fc7-updates jcollie +bcfg2-0.9.5.2-1.fc7 dist-fc7-updates jcollie bchunk-1.2.0-4 fe7-merge jkeating bcm43xx-fwcutter-006-1.fc7 fe7-merge jkeating bdock-0.2.1-1.fc7 dist-fc7-updates jwilson @@ -369,10 +379,11 @@ beryl-manager-0.2.1-1.fc7 dist-fc7-updates jwilson beryl-plugins-0.2.1-1.fc7 dist-fc7-updates jwilson beryl-settings-0.2.1-1.fc7 dist-fc7-updates jwilson +bib2html-1.2.1-3.fc7 dist-fc7-updates terjeros bibletime-1.6.5-1.fc7 dist-fc7-updates deji bidiv-1.5-4.fc6 fe7-merge jkeating bigloo-3.0b-1.fc7 dist-fc7-updates gemi -bind-9.4.2-1.fc7 dist-fc7-updates atkac +bind-9.4.2-2.fc7 dist-fc7-updates atkac binutils-2.17.50.0.12-4 dist-fc7 jkeating bison-2.3-3.fc7 dist-fc7 jkeating bit-0.4.1-1.fc7 fe7-merge jkeating @@ -389,7 +400,7 @@ blender-2.45-2.fc7.1 dist-fc7-updates s4504kr blitz-0.9-3.fc7 dist-fc7-updates sergiopr blktool-4-6.fc6 fe7-merge jkeating -blobAndConquer-0.91-1.fc7 dist-fc7-updates jwrdegoede +blobAndConquer-0.91-5.fc7 dist-fc7-updates jwrdegoede blobby-0.6-0.4.a.fc7 fe7-merge jkeating blobwars-1.06-1.fc7 fe7-merge jkeating blogtk-1.1-8.fc7 fe7-merge jkeating @@ -401,10 +412,10 @@ bluez-utils-3.9-2.fc7 dist-fc7 jkeating boa-0.94.14-0.5.rc21.fc6 fe7-merge jkeating bochs-2.3-7.fc7 dist-fc7-updates jwrdegoede -bodhi-0.4.6-1.fc7 dist-fc7-updates lmacken +bodhi-0.4.8-1.fc7 dist-fc7-updates lmacken bodr-6-1.fc7 dist-fc7-updates ecik bogl-0.1.18-13 fe7-merge jkeating -bogofilter-1.1.5-1.fc7 fe7-merge jkeating +bogofilter-1.1.6-1.fc7 dist-fc7-updates adrian bombardier-0.8.2.2-5.fc7 dist-fc7-updates limb bonnie++-1.03a-6.fc6 fe7-merge jkeating bontmia-0.14-1.fc7 dist-fc7-updates terjeros @@ -415,8 +426,8 @@ booty-0.85-1 dist-fc7 jkeating boswars-2.4.1-2.fc7 dist-fc7-updates jwrdegoede bottlerocket-0.04c-1.fc7 dist-fc7-updates sindrepb -bouml-3.0.2-1.fc7 dist-fc7-updates rishi -bouml-doc-2.30-3.fc7 dist-fc7-updates rishi +bouml-3.3.3-1.fc7 dist-fc7-updates rishi +bouml-doc-3.0-2 dist-fc7-updates rishi bouncycastle-1.34-3.fc7 dist-fc7 jkeating brandy-1.0.19-4.fc6 fe7-merge jkeating brasero-0.6.1-1.fc7 dist-fc7-updates denis @@ -431,7 +442,7 @@ bugzilla-3.0.2-2.fc7 dist-fc7-updates jwb [...1770 lines suppressed...] uuid-1.5.1-3.fc7 fe7-merge jkeating uw-imap-2006k-1.fc7 dist-fc7-updates rdieter v4l2-tool-1.0.2-2.fc7 fe7-merge jkeating -vala-0.1.3-4.fc7 dist-fc7-updates salimma +vala-0.1.5-4.fc7 dist-fc7-updates salimma valgrind-3.2.3-5.fc7 dist-fc7-updates jakub valknut-0.3.8.1-1.fc7 fe7-merge jkeating varconf-0.6.5-1.fc7 fe7-merge jkeating @@ -4426,6 +4488,7 @@ vdr-sudoku-0.1.3-1.fc7 fe7-merge jkeating vdr-text2skin-1.1-18.20051217cvs.fc7 fe7-merge jkeating vdr-ttxtsubs-0.0.5-1.fc7 dist-fc7-updates scop +vdr-tvonscreen-1.0.141-1.fc7 dist-fc7-updates vpv vdr-wapd-0.8-16.fc7 fe7-merge jkeating vdradmin-am-3.5.3-2.fc7 fe7-merge jkeating vegastrike-0.4.3-3.fc7 dist-fc7 jwrdegoede @@ -4493,10 +4556,11 @@ wine-0.9.49-1.fc7 dist-fc7-updates awjb wine-docs-0.9.49-1.fc7 dist-fc7-updates awjb wings-0.98.36-1.fc7 fe7-merge jkeating -winpdb-1.2.2-1.fc7.1 dist-fc7-updates spot +winpdb-1.3.2-1.fc7 dist-fc7-updates spot wireless-tools-28-4.fc7 dist-fc7 caillon -wireshark-0.99.6-1.fc7 dist-fc7-updates rvokal +wireshark-0.99.7-1.fc7 dist-fc7-updates rvokal wise2-2.2.0-2.fc7 fe7-merge jkeating +wkf-1.3.11-1.fc7 dist-fc7-updates mtasaka wlassistant-0.5.7-3.fc7 dist-fc7-updates spot wmCalClock-1.25-8.fc6 fe7-merge jkeating wmacpi-2.2-0.1.a1.fc7 fe7-merge jkeating @@ -4505,7 +4569,7 @@ wmix-3.1-1.fc6 fe7-merge jkeating wmweather+-2.9-4.fc6 fe7-merge jkeating wmx-6pl1-14.fc6 fe7-merge jkeating -wordpress-2.3.1-1.fc7 dist-fc7-updates adrian +wordpress-2.3.2-1.fc7 dist-fc7-updates adrian words-3.0-12.fc7 dist-fc7 jkeating wordtrans-1.1-0.2.pre13.fc7 dist-fc7 jkeating workrave-1.8.4-3.fc7 fe7-merge jkeating @@ -4527,7 +4591,7 @@ wvs-data-0.0.20020219-3 fe7-merge jkeating wxGTK-2.8.4-3.fc7 dist-fc7-updates mattdm wxGlade-0.6.1-1.fc7 dist-fc7-updates hellwolf -wxMaxima-0.7.2-4.fc7.1 dist-fc7-updates rdieter +wxMaxima-0.7.4-2.fc7 dist-fc7-updates rdieter wxPython-2.8.4.0-1.fc7 dist-fc7-updates mattdm wxdfast-0.6.0-3.fc7 dist-fc7-updates drago01 wxsvg-1.0-0.3.b7_3.fc7 dist-fc7-updates thias @@ -4539,8 +4603,8 @@ xalan-c-1.10.0-2.fc7 dist-fc7-updates lkundrak xalan-j2-2.7.0-6jpp.1 dist-fc6 jkeating xaos-3.2.3-1.fc7 fe7-merge jkeating -xapian-bindings-1.0.2-3.fc7 dist-fc7-updates drago01 -xapian-core-1.0.2-2.fc7 dist-fc7-updates drago01 +xapian-bindings-1.0.4-2.fc7 dist-fc7-updates drago01 +xapian-core-1.0.4-1.fc7 dist-fc7-updates drago01 xar-1.5-1.fc7 dist-fc7-updates thias xarchiver-0.4.9-0.2.20070103svn24249.fc7 fe7-merge jkeating xarchon-0.50-3.fc6 fe7-merge jkeating @@ -4557,6 +4621,7 @@ xcdroast-0.98a15-14.fc7 dist-fc7-updates harald xchat-2.8.4-6.fc7 dist-fc7-updates kkofler xchat-gnome-0.18-3.fc7 dist-fc7-updates bpepple +xchat-ruby-1.2-5.fc7 dist-fc7-updates konradm xchm-1.10-2.fc7 fe7-merge jkeating xcircuit-3.4.27-1.fc7 dist-fc7-updates chitlesh xclip-0.10-1.fc7 dist-fc7-updates spot @@ -4573,37 +4638,38 @@ xemacs-21.5.28-3.fc7 dist-fc7-updates scop xemacs-packages-base-20061221-1.fc7 fe7-merge jkeating xemacs-packages-extra-20061221-1.fc7 fe7-merge jkeating -xen-3.1.0-8.fc7 dist-fc7-updates berrange +xen-3.1.2-1.fc7 dist-fc7-updates berrange xerces-c-2.7.0-6.fc7 fe7-merge jkeating xerces-j2-2.7.1-7jpp.2 dist-fc6 jkeating xeuphoric-0.18.2-7.fc7 dist-fc7-updates oddsocks -xfce-mcs-manager-4.4.1-2.fc7 dist-fc7-updates kevin -xfce-mcs-plugins-4.4.1-2.fc7 dist-fc7-updates kevin -xfce-utils-4.4.1-2.fc7 dist-fc7-updates kevin -xfce4-appfinder-4.4.1-1.fc7 fe7-merge jkeating +xfce-mcs-manager-4.4.2-1.fc7 dist-fc7-updates kevin +xfce-mcs-plugins-4.4.2-1.fc7 dist-fc7-updates kevin +xfce-utils-4.4.2-1.fc7 dist-fc7-updates kevin +xfce4-appfinder-4.4.2-1.fc7 dist-fc7-updates kevin xfce4-battery-plugin-0.5.0-2.fc7 fe7-merge jkeating xfce4-clipman-plugin-0.8.0-2.fc7 fe7-merge jkeating -xfce4-cpugraph-plugin-0.3.0-5.fc7 fe7-merge jkeating +xfce4-cpugraph-plugin-0.4.0-2.fc7 dist-fc7-updates cwickert xfce4-datetime-plugin-0.5.0-2.fc7 dist-fc7-updates cwickert xfce4-dev-tools-4.4.0-1.fc7 fe7-merge jkeating xfce4-dict-plugin-0.2.1-2.fc7 fe7-merge jkeating xfce4-diskperf-plugin-2.1.0-3.fc7 fe7-merge jkeating xfce4-eyes-plugin-4.4.0-2.fc7 fe7-merge jkeating -xfce4-fsguard-plugin-0.3.0-5.fc7 fe7-merge jkeating +xfce4-fsguard-plugin-0.4.0-2.fc7 dist-fc7-updates cwickert xfce4-genmon-plugin-3.1-2.fc7 fe7-merge jkeating -xfce4-icon-theme-4.4.1-1.fc7 fe7-merge jkeating +xfce4-icon-theme-4.4.2-1.fc7 dist-fc7-updates kevin xfce4-mailwatch-plugin-1.0.1-6.fc7 fe7-merge jkeating xfce4-minicmd-plugin-0.4-6.fc7.1 dist-fc7-updates cwickert -xfce4-mixer-4.4.1-2.fc7 dist-fc7-updates kevin +xfce4-mixer-4.4.2-1.fc7 dist-fc7-updates kevin +xfce4-modemlights-plugin-0.1.3.99-2.fc7 dist-fc7-updates cwickert xfce4-mount-plugin-0.5.1-2.fc7 fe7-merge jkeating xfce4-netload-plugin-0.4.0-5.fc7 fe7-merge jkeating -xfce4-notes-plugin-1.4.1-2.fc7 fe7-merge jkeating -xfce4-panel-4.4.1-2.fc7.1 dist-fc7-updates kevin -xfce4-places-plugin-0.9.992-1.fc7 dist-fc7-updates cwickert +xfce4-notes-plugin-1.6.0-2.fc7 dist-fc7-updates cwickert +xfce4-panel-4.4.2-1.fc7 dist-fc7-updates kevin +xfce4-places-plugin-1.0.0-2.fc7 dist-fc7-updates cwickert xfce4-quicklauncher-plugin-1.9.4-1.fc7 dist-fc7-updates cwickert xfce4-screenshooter-plugin-1.0.0-5.fc7 fe7-merge jkeating -xfce4-sensors-plugin-0.10.0-5.fc7 dist-fc7-updates cwickert -xfce4-session-4.4.1-1.fc7 fe7-merge jkeating +xfce4-sensors-plugin-0.10.99.2-3.fc7 dist-fc7-updates cwickert +xfce4-session-4.4.2-1.fc7 dist-fc7-updates kevin xfce4-smartbookmark-plugin-0.4.2-4.fc7 dist-fc7-updates cwickert xfce4-systemload-plugin-0.4.2-2.fc7 fe7-merge jkeating xfce4-taskmanager-0.4.0-0.2.rc2.fc6 fe7-merge jkeating @@ -4611,20 +4677,20 @@ xfce4-verve-plugin-0.3.5-2.fc7 dist-fc7 cwickert xfce4-volstatus-icon-0.1.0-1.fc7 dist-fc7-updates cwickert xfce4-wavelan-plugin-0.5.4-2.fc7 fe7-merge jkeating -xfce4-weather-plugin-0.6.0-1.fc7 fe7-merge jkeating +xfce4-weather-plugin-0.6.2-2.fc7 dist-fc7-updates cwickert xfce4-websearch-plugin-0.1.1-0.6.20070428svn2704.fc7 dist-fc7-updates cwickert xfce4-xfapplet-plugin-0.1.0-3.fc7 fe7-merge jkeating xfce4-xkb-plugin-0.4.3-2.fc7 fe7-merge jkeating xfce4-xmms-plugin-0.5.1-1.fc7 fe7-merge jkeating -xfdesktop-4.4.1-1.fc7 fe7-merge jkeating +xfdesktop-4.4.2-1.fc7 dist-fc7-updates kevin xferstats-2.16-14.1 dist-fc6 jkeating xfig-3.2.5-5.fc7 dist-fc7-updates jwrdegoede xforms-1.0.90-8.fc6 fe7-merge jkeating -xfprint-4.4.1-1.fc7 fe7-merge jkeating +xfprint-4.4.2-1.fc7 dist-fc7-updates kevin xfsdump-2.2.45-2.fc7 dist-fc7-updates sandeen xfsprogs-2.9.4-3.fc7 dist-fc7-updates sandeen -xfwm4-4.4.1-1.fc7 fe7-merge jkeating -xfwm4-themes-4.4.1-1.fc7 fe7-merge jkeating +xfwm4-4.4.2-1.fc7 dist-fc7-updates kevin +xfwm4-themes-4.4.2-1.fc7 dist-fc7-updates kevin xgalaxy-2.0.34-5.fc6 fe7-merge jkeating xgrav-1.2.0-4.fc7 dist-fc7-updates limb xgrep-0.06-3.fc7 dist-fc7-updates brendt @@ -4748,7 +4814,7 @@ xorg-x11-xauth-1.0.2-1.fc7 dist-fc7 jkeating xorg-x11-xbitmaps-1.0.1-4.1 dist-fc6 jkeating xorg-x11-xdm-1.1.3-1.fc7 dist-fc7 jkeating -xorg-x11-xfs-1.0.2-3.1 dist-fc6 jkeating +xorg-x11-xfs-1.0.5-1.fc7 dist-fc7-updates ajax xorg-x11-xfwp-1.0.1-4.fc7 dist-fc7 jkeating xorg-x11-xinit-1.0.2-22.fc7 dist-fc7-updates ssp xorg-x11-xkb-utils-1.0.2-3.fc7 dist-fc7 jkeating @@ -4756,13 +4822,14 @@ xorg-x11-xtrans-devel-1.0.3-2.1.fc7 dist-fc7-updates ajax xosd-2.2.14-9.fc7 fe7-merge jkeating xournal-0.3.3-5.fc7 dist-fc7-updates rvinyard -xpa-2.1.8-2.fc7 dist-fc7-updates sergiopr +xpa-2.1.8-3.fc7 dist-fc7-updates sergiopr xpdf-3.02-4.fc7 dist-fc7-updates spot xpilot-ng-4.7.2-12.fc7 fe7-merge jkeating xplanet-1.2.0-2.1.fc6 fe7-merge jkeating xpp2-2.1.10-6jpp.1.fc7 fe7-merge jkeating xpp3-1.1.3.8-1jpp.1.fc7 fe7-merge jkeating xprobe2-0.3-8.fc7 fe7-merge jkeating +xqilla10-1.0.2-2.fc7 dist-fc7-updates mzazrive xrestop-0.4-1.fc7 dist-fc7 jkeating xsane-0.994-3.fc7 dist-fc7 jkeating xsc-1.5-2.fc7 dist-fc7-updates limb @@ -4772,7 +4839,7 @@ xsri-2.1.0-10.fc6 dist-fc6 jkeating xsupplicant-1.2.8-4.fc7.4 dist-fc7-updates spot xterm-227-1.fc7 dist-fc7-updates mlichvar -xtide-2.9.4-3.fc7 dist-fc7-updates mtasaka +xtide-2.9.5-2.fc7 dist-fc7-updates mtasaka xu4-1.1-0.1.20070510.fc7 dist-fc7 jwrdegoede xvattr-1.3-11.fc6 fe7-merge jkeating xwnc-0.3.3-3.fc7 fe7-merge jkeating @@ -4791,15 +4858,15 @@ ypbind-1.19-9.fc7 dist-fc7 jkeating ypserv-2.19-6.fc7 dist-fc7-updates steved ytalk-3.3.0-6.fc6 fe7-merge jkeating -yum-3.2.7-2.fc7 dist-fc7-updates skvidal +yum-3.2.8-2.fc7 dist-fc7-updates skvidal yum-arch-2.2.2-2.fc7 fe7-merge jkeating yum-cron-0.6-1.fc7 dist-fc7-updates habig yum-metadata-parser-1.1.0-2.fc7 dist-fc7 katzj yum-presto-0.3.10-1.fc7 dist-fc7-updates jdieter -yum-utils-1.1.8-1.fc7 dist-fc7-updates timlau +yum-utils-1.1.9-2.fc7 dist-fc7-updates james yumex-2.0.3-2.fc7 dist-fc7-updates timlau -z88dk-1.6-10.fc6 fe7-merge jkeating -zabbix-1.4.2-2.fc7 dist-fc7-updates sharkcz +z88dk-1.7-2.fc7 dist-fc7-updates kkofler +zabbix-1.4.4-1.fc7 dist-fc7-updates sharkcz zaptel-1.4.6-1.fc7 dist-fc7-updates jcollie zasx-1.30-3.fc6 fe7-merge jkeating zd1211-firmware-1.3-4.fc7 fe7-merge jkeating From fedora-security-commits at redhat.com Thu Jan 3 20:59:11 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 3 Jan 2008 15:59:11 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.60, 1.61 f9, 1.53, 1.54 fc7, 1.216, 1.217 Message-ID: <200801032059.m03KxBXG027396@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27371 Modified Files: f8 f9 fc7 Log Message: CVE for mantis XSS Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.60 retrieving revision 1.61 diff -u -r1.60 -r1.61 --- f8 3 Jan 2008 11:04:18 -0000 1.60 +++ f8 3 Jan 2008 20:59:09 -0000 1.61 @@ -10,7 +10,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc8] GENERIC-MAP-NOMATCH fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] -GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427278 +CVE-2007-6611 VULNERABLE (mantis) #427278 CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427287 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.53 retrieving revision 1.54 diff -u -r1.53 -r1.54 --- f9 3 Jan 2008 09:00:44 -0000 1.53 +++ f9 3 Jan 2008 20:59:09 -0000 1.54 @@ -10,7 +10,7 @@ GENERIC-MAP-NOMATCH version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 -GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427280 +CVE-2007-6611 VULNERABLE (mantis) #427280 CVE-2007-6596 VULNERABLE (clamav) #427289 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427289 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.216 retrieving revision 1.217 diff -u -r1.216 -r1.217 --- fc7 3 Jan 2008 11:08:09 -0000 1.216 +++ fc7 3 Jan 2008 20:59:09 -0000 1.217 @@ -11,7 +11,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc7] GENERIC-MAP-NOMATCH fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] -GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427279 +CVE-2007-6611 VULNERABLE (mantis) #427279 CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427288 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] From fedora-security-commits at redhat.com Thu Jan 3 21:54:03 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 3 Jan 2008 16:54:03 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.61, 1.62 f9, 1.54, 1.55 fc7, 1.217, 1.218 Message-ID: <200801032154.m03Ls3cc003669@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3647 Modified Files: f8 f9 fc7 Log Message: CVE name for libcdio flaw Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.61 retrieving revision 1.62 diff -u -r1.61 -r1.62 --- f8 3 Jan 2008 20:59:09 -0000 1.61 +++ f8 3 Jan 2008 21:54:01 -0000 1.62 @@ -8,7 +8,7 @@ # Up to date F8 as of 20071221 GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc8] -GENERIC-MAP-NOMATCH fixed (libcdio) #427199 [since FEDORA-2008-0136] +CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6611 VULNERABLE (mantis) #427278 CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.54 retrieving revision 1.55 diff -u -r1.54 -r1.55 --- f9 3 Jan 2008 20:59:09 -0000 1.54 +++ f9 3 Jan 2008 21:54:01 -0000 1.55 @@ -8,7 +8,7 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] -GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 +CVE-2007-6613 VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 CVE-2007-6611 VULNERABLE (mantis) #427280 CVE-2007-6596 VULNERABLE (clamav) #427289 Might be considered a mail client flaw Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.217 retrieving revision 1.218 diff -u -r1.217 -r1.218 --- fc7 3 Jan 2008 20:59:09 -0000 1.217 +++ fc7 3 Jan 2008 21:54:01 -0000 1.218 @@ -9,7 +9,7 @@ # Up to date FC7 as of 20071221 GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc7] -GENERIC-MAP-NOMATCH fixed (libcdio) #427198 [since FEDORA-2008-0104] +CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-6611 VULNERABLE (mantis) #427279 CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw From fedora-security-commits at redhat.com Fri Jan 4 02:21:56 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 3 Jan 2008 21:21:56 -0500 Subject: [Fedora-security-commits] fedora-security/audit f9,1.55,1.56 Message-ID: <200801040221.m042LuHf012201@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12181 Modified Files: f9 Log Message: the mplayer rtsp requisite junk Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.55 retrieving revision 1.56 diff -u -r1.55 -r1.56 --- f9 3 Jan 2008 21:54:01 -0000 1.55 +++ f9 4 Jan 2008 02:21:54 -0000 1.56 @@ -8,6 +8,8 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] +CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet +CVE-2007-6630 VULNERABLE (netembryo, not fixed 0.0.4) #427470 There was not release in stable branches yet CVE-2007-6613 VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 CVE-2007-6611 VULNERABLE (mantis) #427280 From fedora-security-commits at redhat.com Fri Jan 4 12:00:48 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 4 Jan 2008 07:00:48 -0500 Subject: [Fedora-security-commits] fedora-security/audit fc7,1.218,1.219 Message-ID: <200801041200.m04C0mn2023867@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23842/audit Modified Files: fc7 Log Message: wireshark rejected duplicate cve id Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.218 retrieving revision 1.219 diff -u -r1.218 -r1.219 --- fc7 3 Jan 2008 21:54:01 -0000 1.218 +++ fc7 4 Jan 2008 12:00:46 -0000 1.219 @@ -188,7 +188,7 @@ CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4730 ignore (xorg-x11) #286051 ajax says F7 is not vulnerable CVE-2007-4727 version (lighttpd) #284511 [since FEDORA-2007-2132] -CVE-2007-4721 version (wireshark, fixed 0.99.6) [since FEDORA-2007-0982] +CVE-2007-4721 ignore (wireshark) duplicate of CVE-2007-6113 CVE-2007-4663 ignore (php, fixed 5.2.4) #277991 safe_mode CVE-2007-4662 ignore (php, fixed 5.2.4) #278101 triggerable only by modification to openssl.conf CVE-2007-4661 ignore (php, fixed 5.2.4) 5.2.3, incomplete CVE-2007-2872 fix From fedora-security-commits at redhat.com Sun Jan 6 02:54:10 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sat, 5 Jan 2008 21:54:10 -0500 Subject: [Fedora-security-commits] fedora-security/tools/scripts - New directory Message-ID: <200801060254.m062sALL003883@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3867/scripts Log Message: Directory /cvs/fedora/fedora-security/tools/scripts added to the repository --> Using per-directory sticky tag `lkundrak-tools-ng' From fedora-security-commits at redhat.com Sun Jan 6 02:57:30 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sat, 5 Jan 2008 21:57:30 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib - New directory Message-ID: <200801060257.m062vU3K003971@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3956/lib Log Message: Directory /cvs/fedora/fedora-security/tools/lib added to the repository --> Using per-directory sticky tag `lkundrak-tools-ng' From fedora-security-commits at redhat.com Sun Jan 6 02:58:17 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sat, 5 Jan 2008 21:58:17 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig - New directory Message-ID: <200801060258.m062wHUf004007@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3992/lib/Libexig Log Message: Directory /cvs/fedora/fedora-security/tools/lib/Libexig added to the repository --> Using per-directory sticky tag `lkundrak-tools-ng' From fedora-security-commits at redhat.com Sun Jan 6 03:31:54 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sat, 5 Jan 2008 22:31:54 -0500 Subject: [Fedora-security-commits] fedora-security/tools Build.PL, NONE, 1.1.2.1 MANIFEST, NONE, 1.1.2.1 MANIFEST.SKIP, NONE, 1.1.2.1 fedora-security.spec, NONE, 1.1.2.1 add-cve-bug, 1.1.2.5, NONE add-issue, 1.1.2.1, NONE add-tracking-bugs, 1.2.2.5, NONE check-updates, 1.1.2.3, NONE generate-manifest, 1.4.2.1, NONE get-cve, 1.1.2.2, NONE package-release, 1.4, NONE parse-announce, 1.1.2.1, NONE suidaudit, 1.1.2.2, NONE update-cve-cache, 1.1.2.2, NONE Message-ID: <200801060331.m063Vs0J011302@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11244 Added Files: Tag: lkundrak-tools-ng Build.PL MANIFEST MANIFEST.SKIP fedora-security.spec Removed Files: Tag: lkundrak-tools-ng add-cve-bug add-issue add-tracking-bugs check-updates generate-manifest get-cve package-release parse-announce suidaudit update-cve-cache Log Message: Build using Make::Builder now, build into RPM packages --- NEW FILE Build.PL --- #!/usr/bin/env perl use Module::Build; Module::Build->new ( module_name => 'fedora-security', dist_version => '0.9', dist_abstract => 'Tools for Fedora Security Response Team use', dist_author => 'Lubomir Kundrak ', script_files => 'scripts', requires => { 'Data::Dumper' => 0, 'Exporter' => 0, 'Fcntl' => 0, 'File::Temp' => 0, 'Getopt::Long' => 0, 'JSON' => 0, 'LWP::Simple' => 0, 'RPM2' => 0, 'XML::Parser' => 0, 'XMLRPC::Lite' => 0, }, )->create_build_script; --- NEW FILE MANIFEST --- Build.PL fedora-security.spec lib/Libexig/Audit.pm lib/Libexig/Bodhi.pm lib/Libexig/Bugzilla.pm lib/Libexig/CVE.pm lib/Libexig/Util.pm MANIFEST This list of files META.yml scripts/add-cve-bug scripts/add-issue scripts/add-tracking-bugs scripts/check-updates scripts/generate-manifest scripts/get-cve scripts/package-release scripts/parse-announce scripts/suidaudit scripts/update-cve-cache --- NEW FILE MANIFEST.SKIP --- # Avoid version control files. \bRCS\b \bCVS\b ,v$ \B\.svn\b \B\.cvsignore$ # Avoid Makemaker generated and utility files. \bMakefile$ \bblib \bMakeMaker-\d \bpm_to_blib$ \bblibdirs$ ^MANIFEST\.SKIP$ # Avoid Module::Build generated and utility files. \bBuild$ \bBuild.bat$ \b_build # Avoid Devel::Cover generated files \bcover_db # Avoid temp and backup files. ~$ \.tmp$ \.old$ \.bak$ \#$ \.# \.rej$ # Avoid OS-specific files/dirs # Mac OSX metadata \B\.DS_Store # Mac OSX SMB mount metadata files \B\._ # Avoid archives of this distribution \bfedora-security-[\d\.\_]+ --- NEW FILE fedora-security.spec --- Name: fedora-security Version: 0.9 Release: 1%{?dist} Summary: Tools for Fedora Security Response Team use Group: Development/Libraries License: GPLv2 URL: http://people.redhat.com/~lkundrak/fedora-security/ Source0: http://people.redhat.com/~lkundrak/fedora-security/%{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch BuildRequires: perl(Module::Build) Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) %description Tools for Fedora Security Response Team use %prep %setup -q # Filter unwanted Requires: cat << \EOF > %{name}-req #!/bin/sh %{__perl_requires} $* |\ sed -e '/perl(Email::Simple)/d' |\ sed -e '/perl(LWP::Simple)/d' |\ sed -e '/perl(Mail::Mbox::MessageParser)/d' |\ sed -e '/perl(Net::FTP)/d' EOF %define __perl_requires %{_builddir}/%{name}-%{version}/%{name}-req chmod +x %{__perl_requires} %build %{__perl} Build.PL --installdirs vendor ./Build %install rm -rf $RPM_BUILD_ROOT ./Build install --destdir $RPM_BUILD_ROOT find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} ';' find $RPM_BUILD_ROOT -depth -type d -exec rmdir {} 2>/dev/null ';' chmod -R u+w $RPM_BUILD_ROOT/* %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %{_bindir}/* %{perl_vendorlib}/* %changelog * Sun Jan 06 2008 Lubomir Kundrak 0.9-1 - Initial packaging attempt --- add-cve-bug DELETED --- --- add-issue DELETED --- --- add-tracking-bugs DELETED --- --- check-updates DELETED --- --- generate-manifest DELETED --- --- get-cve DELETED --- --- package-release DELETED --- --- parse-announce DELETED --- --- suidaudit DELETED --- --- update-cve-cache DELETED --- From fedora-security-commits at redhat.com Sun Jan 6 03:31:55 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sat, 5 Jan 2008 22:31:55 -0500 Subject: [Fedora-security-commits] fedora-security/tools/Libexig Audit.pm, 1.1.2.4, NONE Bodhi.pm, 1.1.2.2, NONE Bugzilla.pm, 1.1.2.1, NONE CVE.pm, 1.1.2.3, NONE Util.pm, 1.1.2.3, NONE Message-ID: <200801060331.m063Vt0l011307@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11244/Libexig Removed Files: Tag: lkundrak-tools-ng Audit.pm Bodhi.pm Bugzilla.pm CVE.pm Util.pm Log Message: Build using Make::Builder now, build into RPM packages --- Audit.pm DELETED --- --- Bodhi.pm DELETED --- --- Bugzilla.pm DELETED --- --- CVE.pm DELETED --- --- Util.pm DELETED --- From fedora-security-commits at redhat.com Sun Jan 6 03:31:55 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sat, 5 Jan 2008 22:31:55 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Audit.pm, NONE, 1.1.2.1 Bodhi.pm, NONE, 1.1.2.1 Bugzilla.pm, NONE, 1.1.2.1 CVE.pm, NONE, 1.1.2.1 Util.pm, NONE, 1.1.2.1 Message-ID: <200801060331.m063VtWm011312@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11244/lib/Libexig Added Files: Tag: lkundrak-tools-ng Audit.pm Bodhi.pm Bugzilla.pm CVE.pm Util.pm Log Message: Build using Make::Builder now, build into RPM packages ***** Error reading new file: [Errno 2] No such file or directory: 'Audit.pm' ***** Error reading new file: [Errno 2] No such file or directory: 'Bodhi.pm' ***** Error reading new file: [Errno 2] No such file or directory: 'Bugzilla.pm' ***** Error reading new file: [Errno 2] No such file or directory: 'CVE.pm' ***** Error reading new file: [Errno 2] No such file or directory: 'Util.pm' From fedora-security-commits at redhat.com Sun Jan 6 03:31:56 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sat, 5 Jan 2008 22:31:56 -0500 Subject: [Fedora-security-commits] fedora-security/tools/scripts add-cve-bug, NONE, 1.1.2.1 add-issue, NONE, 1.1.2.1 add-tracking-bugs, NONE, 1.1.2.1 check-updates, NONE, 1.1.2.1 generate-manifest, NONE, 1.1.2.1 get-cve, NONE, 1.1.2.1 package-release, NONE, 1.1.2.1 parse-announce, NONE, 1.1.2.1 suidaudit, NONE, 1.1.2.1 update-cve-cache, NONE, 1.1.2.1 Message-ID: <200801060331.m063VuYI011317@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11244/scripts Added Files: Tag: lkundrak-tools-ng add-cve-bug add-issue add-tracking-bugs check-updates generate-manifest get-cve package-release parse-announce suidaudit update-cve-cache Log Message: Build using Make::Builder now, build into RPM packages ***** Error reading new file: [Errno 2] No such file or directory: 'add-cve-bug' ***** Error reading new file: [Errno 2] No such file or directory: 'add-issue' ***** Error reading new file: [Errno 2] No such file or directory: 'add-tracking-bugs' ***** Error reading new file: [Errno 2] No such file or directory: 'check-updates' ***** Error reading new file: [Errno 2] No such file or directory: 'generate-manifest' ***** Error reading new file: [Errno 2] No such file or directory: 'get-cve' ***** Error reading new file: [Errno 2] No such file or directory: 'package-release' ***** Error reading new file: [Errno 2] No such file or directory: 'parse-announce' ***** Error reading new file: [Errno 2] No such file or directory: 'suidaudit' ***** Error reading new file: [Errno 2] No such file or directory: 'update-cve-cache' From fedora-security-commits at redhat.com Sun Jan 6 12:48:47 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sun, 6 Jan 2008 07:48:47 -0500 Subject: [Fedora-security-commits] fedora-security/tools/scripts add-cve-bug, 1.1.2.1, 1.1.2.2 Message-ID: <200801061248.m06Cmll9017433@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17388/scripts Modified Files: Tag: lkundrak-tools-ng add-cve-bug Log Message: Started Fedora-specific module, moved some bits in there Index: add-cve-bug =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/add-cve-bug,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- add-cve-bug 6 Jan 2008 03:31:54 -0000 1.1.2.1 +++ add-cve-bug 6 Jan 2008 12:48:45 -0000 1.1.2.2 @@ -28,6 +28,7 @@ use Getopt::Long; use Data::Dumper; +use Libexig::Fedora; use Libexig::CVE; use Libexig::Bugzilla; use Libexig::Util; @@ -35,43 +36,11 @@ use warnings; use strict; -my %impact = ( - 'critical' => 'urgent', - 'important' => 'high', - 'moderate' => 'medium', - 'low' => 'low', -); - - # Command line options my ($cve, $interactive, $dryrun, $debug, $username, $password, $component, $summary, $impact); -# Get the text to include in the bug desc -sub bug_desc -{ - my $cve = shift; - my $desc; - my $refs; - - print "Getting a bug description from CVE\n" if $debug; - - ($desc, $refs) = cve ($cve); - - die 'Cannot fetch CVE description; re-run with --interactive' - unless $desc or $interactive; - - return - "Common Vulnerabilities and Exposures assigned an ". - "identifier $cve to the following vulnerability:". - "\n\n". - ($desc ? $desc : '(Please paste the CVE details manually)'). - "\n\n". - "References:\n\n". - ($refs ? join ("\n", @{$refs}) : '(References here, one per line)'); -} - -# Parse command line options; +# Parse command line options my %options; GetOptions(\%options, 'cve=s', @@ -99,13 +68,26 @@ $component = $options{'component'} or die 'component argument is mandatory'; $summary = $options{'summary'} or die 'summary argument is mandatory'; $impact = ($options{'impact'} or 'low'); -defined $impact{$impact} or die 'specified unrecognized impact value'; +defined $Libexig::Fedora::srt_bz_map{$impact} or die 'specified unrecognized impact value'; $username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com'); $password = ($options{'password'} or $dryrun or read_noecho ("Bugzilla password for $username: ")); # TODO: add whiteboard option to fill in and get impact from it +# Get CVE details from NVD or user + +print "Getting a bug description from CVE\n" if $debug; +my ($desc, $refs) = cve ($cve); + +die 'Cannot fetch CVE description; re-run with --interactive' + unless $desc or $interactive; + +my $bug_desc = Libexig::Fedora::cve_bug_desc ($cve, $desc, $refs); +$bug_desc = edit_string ($bug_desc) if $interactive; + +# File it in Bugzilla + my $bugzilla = new Libexig::Bugzilla ({ 'username' => $username, 'password' => $password, @@ -113,33 +95,7 @@ 'debug' => $debug, }); -my $bug_desc = bug_desc ($cve); -$bug_desc = edit_string ($bug_desc) if $interactive; - -# Get CC list -# TODO: get rid of duplicates -my @cc; -foreach (split (/,/,$component)) { - push (@cc,$bugzilla->owners ($_)); -} - -# File it in Bugzilla -my %bug = ( - 'bug_file_loc' => "http://nvd.nist.gov/nvd.cfm?cvename=$cve", - 'rep_platform' => 'All', - 'op_sys' => 'Linux', - 'short_desc' => "$cve $summary", - 'keywords' => 'Security', - 'product' => 'Security Response', - 'comment' => $bug_desc, - 'component' => 'vulnerability', - 'bug_severity' => $impact{$impact}, - 'priority' => $impact{$impact}, - 'version' => 'unspecified', - 'cc' => join (',', @cc), - 'alias' => $cve, -); - +my %bug = Libexig::Fedora::cve_bug ($cve, $component, $summary, $bug_desc, $impact, $bugzilla); print 'About to add this bug: '.Dumper(\%bug) if $debug; my $bug_id = $bugzilla->file_bug (\%bug); From fedora-security-commits at redhat.com Sun Jan 6 12:48:47 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sun, 6 Jan 2008 07:48:47 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Fedora.pm, NONE, 1.1.2.1 Message-ID: <200801061248.m06CmlDB017427@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17388/lib/Libexig Added Files: Tag: lkundrak-tools-ng Fedora.pm Log Message: Started Fedora-specific module, moved some bits in there ***** Error reading new file: [Errno 2] No such file or directory: 'Fedora.pm' From fedora-security-commits at redhat.com Mon Jan 7 11:55:02 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 7 Jan 2008 06:55:02 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.62, 1.63 fc7, 1.219, 1.220 Message-ID: <200801071155.m07Bt2jj017354@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17334 Modified Files: f8 fc7 Log Message: mantis fixed Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.62 retrieving revision 1.63 diff -u -r1.62 -r1.63 --- f8 3 Jan 2008 21:54:01 -0000 1.62 +++ f8 7 Jan 2008 11:55:00 -0000 1.63 @@ -10,7 +10,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc8] CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] -CVE-2007-6611 VULNERABLE (mantis) #427278 +CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427287 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.219 retrieving revision 1.220 diff -u -r1.219 -r1.220 --- fc7 4 Jan 2008 12:00:46 -0000 1.219 +++ fc7 7 Jan 2008 11:55:00 -0000 1.220 @@ -11,7 +11,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc7] CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] -CVE-2007-6611 VULNERABLE (mantis) #427279 +CVE-2007-6611 fixed (mantis) #427279 [since FEDORA-2008-0353] CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427288 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] From fedora-security-commits at redhat.com Mon Jan 7 15:28:29 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 7 Jan 2008 10:28:29 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.63, 1.64 f9, 1.56, 1.57 fc7, 1.220, 1.221 Message-ID: <200801071528.m07FSUGZ018940@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18913/audit Modified Files: f8 f9 fc7 Log Message: postgresql issues Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.63 retrieving revision 1.64 diff -u -r1.63 -r1.64 --- f8 7 Jan 2008 11:55:00 -0000 1.63 +++ f8 7 Jan 2008 15:28:27 -0000 1.64 @@ -11,6 +11,8 @@ CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] +CVE-2007-6601 VULNERABLE (postgresql, 8.2.6) #427773 +CVE-2007-6600 VULNERABLE (postgresql, 8.2.6) #427773 CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427287 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] @@ -63,6 +65,7 @@ CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] +CVE-2007-6067 VULNERABLE (postgresql, 8.2.6) #427773 CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] CVE-2007-6013 fixed (wordpress) #426433 [since FEDORA-2008-0103] @@ -133,6 +136,8 @@ CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281 +CVE-2007-4772 VULNERABLE (postgresql, 8.2.6) #427773 +CVE-2007-4769 VULNERABLE (postgresql, 8.2.6) #427773 CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-4172] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- f9 4 Jan 2008 02:21:54 -0000 1.56 +++ f9 7 Jan 2008 15:28:27 -0000 1.57 @@ -13,6 +13,8 @@ CVE-2007-6613 VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 CVE-2007-6611 VULNERABLE (mantis) #427280 +CVE-2007-6601 VULNERABLE (postgresql, 8.2.6) #427774 +CVE-2007-6600 VULNERABLE (postgresql, 8.2.6) #427774 CVE-2007-6596 VULNERABLE (clamav) #427289 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427289 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] @@ -62,6 +64,7 @@ CVE-2007-6111 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) +CVE-2007-6067 VULNERABLE (postgresql, 8.2.6) #427774 CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) @@ -125,6 +128,8 @@ CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364291 +CVE-2007-4772 VULNERABLE (postgresql, 8.2.6) #427774 +CVE-2007-4769 VULNERABLE (postgresql, 8.2.6) #427774 CVE-2007-4575 version (openoffice.org, fixed 2.3.1) [since openoffice.org-2.3.1-9.1.fc9] CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.220 retrieving revision 1.221 diff -u -r1.220 -r1.221 --- fc7 7 Jan 2008 11:55:00 -0000 1.220 +++ fc7 7 Jan 2008 15:28:27 -0000 1.221 @@ -12,6 +12,8 @@ CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-6611 fixed (mantis) #427279 [since FEDORA-2008-0353] +CVE-2007-6601 VULNERABLE (postgresql, 8.2.6) #427772 +CVE-2007-6600 VULNERABLE (postgresql, 8.2.6) #427772 CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427288 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] @@ -64,6 +66,7 @@ CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] +CVE-2007-6067 VULNERABLE (postgresql, 8.2.6) #427772 CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] @@ -181,6 +184,8 @@ CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189] CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196] +CVE-2007-4772 VULNERABLE (postgresql, 8.2.6) #427772 +CVE-2007-4769 VULNERABLE (postgresql, 8.2.6) #427772 CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411 From fedora-security-commits at redhat.com Mon Jan 7 15:34:12 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 7 Jan 2008 10:34:12 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.64, 1.65 f9, 1.57, 1.58 fc7, 1.221, 1.222 Message-ID: <200801071534.m07FYCdD019333@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19300/audit Modified Files: f8 f9 fc7 Log Message: bunch of older postgresql CVEs Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.64 retrieving revision 1.65 diff -u -r1.64 -r1.65 --- f8 7 Jan 2008 15:28:27 -0000 1.64 +++ f8 7 Jan 2008 15:34:10 -0000 1.65 @@ -169,6 +169,9 @@ CVE-2007-3386 version (tomcat5) [since FEDORA-2007-3474] CVE-2007-3385 version (tomcat5) [since FEDORA-2007-3474] CVE-2007-3382 version (tomcat5) [since FEDORA-2007-3474] +CVE-2007-3280 ignore (postgresql) bogus CVE assignment +CVE-2007-3279 ignore (postgresql) bogus CVE assignment +CVE-2007-3278 version (postgresql, 8.2.5) CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length CVE-2007-2807 backport (eggdrop) [since FEDORA-2007-4305] CVE-2007-2450 version (tomcat5) #363081 [since FEDORA-2007-3474] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- f9 7 Jan 2008 15:28:27 -0000 1.57 +++ f9 7 Jan 2008 15:34:10 -0000 1.58 @@ -153,6 +153,9 @@ CVE-2007-3568 backport (imlib) [since imlib-1.9.15-6.fc9] CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 +CVE-2007-3280 ignore (postgresql) bogus CVE assignment +CVE-2007-3279 ignore (postgresql) bogus CVE assignment +CVE-2007-3278 version (postgresql, 8.2.5) CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244812 CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244812 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.221 retrieving revision 1.222 diff -u -r1.221 -r1.222 --- fc7 7 Jan 2008 15:28:27 -0000 1.221 +++ fc7 7 Jan 2008 15:34:10 -0000 1.222 @@ -342,6 +342,9 @@ CVE-2007-3377 version (perl-Net-DNS, fixed 0.60) #245612 [since FEDORA-2007-0668] CVE-2007-3304 backport (httpd) #244665 [since FEDORA-2007-0704] CVE-2007-3294 ignore (php-extras) win only +CVE-2007-3280 ignore (postgresql) bogus CVE assignment +CVE-2007-3279 ignore (postgresql) bogus CVE assignment +CVE-2007-3278 version (postgresql, 8.2.5) CVE-2007-3257 backport (evolution) #244283 [since FEDORA-2007-0464] CVE-2007-3241 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] From fedora-security-commits at redhat.com Mon Jan 7 16:52:20 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 7 Jan 2008 11:52:20 -0500 Subject: [Fedora-security-commits] fedora-security/tools/scripts add-tracking-bugs, 1.1.2.1, 1.1.2.2 Message-ID: <200801071652.m07GqKdw030011@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29970/scripts Modified Files: Tag: lkundrak-tools-ng add-tracking-bugs Log Message: minor typo and wording fix Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/add-tracking-bugs,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- add-tracking-bugs 6 Jan 2008 03:31:54 -0000 1.1.2.1 +++ add-tracking-bugs 7 Jan 2008 16:52:18 -0000 1.1.2.2 @@ -55,8 +55,11 @@ "\n\n"; my $comment_rawhide = - 'Please close this bug with RAWHIDE once is it fixed in devel '. - 'branch. Do *not* include the bug id of thid bug in the commit message'. + "\n". + 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '. + 'Fixed In field if possible) once is it fixed in devel branch. '. + 'Do *not* include the bug id of this bug in the RPM changelog and the '. + 'commit message.'. "\n\n"; From fedora-security-commits at redhat.com Mon Jan 7 18:33:35 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 7 Jan 2008 13:33:35 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.65, 1.66 f9, 1.58, 1.59 fc7, 1.222, 1.223 Message-ID: <200801071833.m07IXZML017368@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17312/audit Modified Files: f8 f9 fc7 Log Message: tog-pegasus issue Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.65 retrieving revision 1.66 diff -u -r1.65 -r1.66 --- f8 7 Jan 2008 15:34:10 -0000 1.65 +++ f8 7 Jan 2008 18:33:33 -0000 1.66 @@ -8,6 +8,7 @@ # Up to date F8 as of 20071221 GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc8] +CVE-2008-0003 VULNERABLE (tog-pegasus, 2.7.0) #427829 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.58 retrieving revision 1.59 diff -u -r1.58 -r1.59 --- f9 7 Jan 2008 15:34:10 -0000 1.58 +++ f9 7 Jan 2008 18:33:33 -0000 1.59 @@ -8,6 +8,7 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] +CVE-2008-0003 version (tog-pegasus, 2.7.0) CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet CVE-2007-6630 VULNERABLE (netembryo, not fixed 0.0.4) #427470 There was not release in stable branches yet CVE-2007-6613 VULNERABLE (libcdio) #427200 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.222 retrieving revision 1.223 diff -u -r1.222 -r1.223 --- fc7 7 Jan 2008 15:34:10 -0000 1.222 +++ fc7 7 Jan 2008 18:33:33 -0000 1.223 @@ -9,6 +9,7 @@ # Up to date FC7 as of 20071221 GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc7] +CVE-2008-0003 VULNERABLE (tog-pegasus, 2.7.0) #427828 CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-6611 fixed (mantis) #427279 [since FEDORA-2008-0353] From fedora-security-commits at redhat.com Tue Jan 8 07:17:14 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 8 Jan 2008 02:17:14 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.66, 1.67 f9, 1.59, 1.60 fc7, 1.223, 1.224 Message-ID: <200801080717.m087HEFQ005160@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5127/audit Modified Files: f8 f9 fc7 Log Message: asterisk cve id postgresql fixed in rawhide Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.66 retrieving revision 1.67 diff -u -r1.66 -r1.67 --- f8 7 Jan 2008 18:33:33 -0000 1.66 +++ f8 8 Jan 2008 07:17:12 -0000 1.67 @@ -7,7 +7,7 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20071221 -GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc8] +CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0003 VULNERABLE (tog-pegasus, 2.7.0) #427829 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.59 retrieving revision 1.60 diff -u -r1.59 -r1.60 --- f9 7 Jan 2008 18:33:33 -0000 1.59 +++ f9 8 Jan 2008 07:17:12 -0000 1.60 @@ -7,15 +7,15 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 -GENERIC-MAP-NOMATCH version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] +CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0003 version (tog-pegasus, 2.7.0) CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet CVE-2007-6630 VULNERABLE (netembryo, not fixed 0.0.4) #427470 There was not release in stable branches yet CVE-2007-6613 VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 CVE-2007-6611 VULNERABLE (mantis) #427280 -CVE-2007-6601 VULNERABLE (postgresql, 8.2.6) #427774 -CVE-2007-6600 VULNERABLE (postgresql, 8.2.6) #427774 +CVE-2007-6601 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] +CVE-2007-6600 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6596 VULNERABLE (clamav) #427289 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427289 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] @@ -65,7 +65,7 @@ CVE-2007-6111 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) -CVE-2007-6067 VULNERABLE (postgresql, 8.2.6) #427774 +CVE-2007-6067 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) @@ -129,8 +129,8 @@ CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364291 -CVE-2007-4772 VULNERABLE (postgresql, 8.2.6) #427774 -CVE-2007-4769 VULNERABLE (postgresql, 8.2.6) #427774 +CVE-2007-4772 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] +CVE-2007-4769 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-4575 version (openoffice.org, fixed 2.3.1) [since openoffice.org-2.3.1-9.1.fc9] CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.223 retrieving revision 1.224 diff -u -r1.223 -r1.224 --- fc7 7 Jan 2008 18:33:33 -0000 1.223 +++ fc7 8 Jan 2008 07:17:12 -0000 1.224 @@ -8,7 +8,7 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20071221 -GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc7] +CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0003 VULNERABLE (tog-pegasus, 2.7.0) #427828 CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] From fedora-security-commits at redhat.com Tue Jan 8 08:27:00 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 8 Jan 2008 03:27:00 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.67, 1.68 f9, 1.60, 1.61 fc7, 1.224, 1.225 Message-ID: <200801080827.m088R0bG013849@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13827/audit Modified Files: f8 f9 fc7 Log Message: python-cherrypy Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.67 retrieving revision 1.68 diff -u -r1.67 -r1.68 --- f8 8 Jan 2008 07:17:12 -0000 1.67 +++ f8 8 Jan 2008 08:26:57 -0000 1.68 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20071221 +GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0003 VULNERABLE (tog-pegasus, 2.7.0) #427829 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.60 retrieving revision 1.61 diff -u -r1.60 -r1.61 --- f9 8 Jan 2008 07:17:12 -0000 1.60 +++ f9 8 Jan 2008 08:26:57 -0000 1.61 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0003 version (tog-pegasus, 2.7.0) CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.224 retrieving revision 1.225 diff -u -r1.224 -r1.225 --- fc7 8 Jan 2008 07:17:12 -0000 1.224 +++ fc7 8 Jan 2008 08:26:57 -0000 1.225 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20071221 +GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0003 VULNERABLE (tog-pegasus, 2.7.0) #427828 CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] From fedora-security-commits at redhat.com Tue Jan 8 10:33:21 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 8 Jan 2008 05:33:21 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.68, 1.69 f9, 1.61, 1.62 fc7, 1.225, 1.226 Message-ID: <200801081033.m08AXLoN010050@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10004/audit Modified Files: f8 f9 fc7 Log Message: some updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.68 retrieving revision 1.69 diff -u -r1.68 -r1.69 --- f8 8 Jan 2008 08:26:57 -0000 1.68 +++ f8 8 Jan 2008 10:33:18 -0000 1.69 @@ -36,7 +36,7 @@ CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423291 -CVE-2007-6318 fixed (wordpress) #426433 [since FEDORA-2008-0103] +CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 @@ -70,7 +70,7 @@ CVE-2007-6067 VULNERABLE (postgresql, 8.2.6) #427773 CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] -CVE-2007-6013 fixed (wordpress) #426433 [since FEDORA-2008-0103] +CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] @@ -165,7 +165,7 @@ CVE-2007-3919 backport (xen, fixed 3.1.0-13) #361991 CVE-2007-3844 version (firefox, fixed 2.0.0.6) CVE-2007-3843 version (kernel) #246595 No idea which version fixed this -CVE-2007-3568 VULNERABLE (imlib) +CVE-2007-3568 backport (imlib) [since FEDORA-2007-4594] CVE-2007-3544 fixed (wordpress, NOT fixed 2.2.1) #245211 [since FEDORA-2007-0894] Incomplete fix for CVE-2007-3543 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 CVE-2007-3386 version (tomcat5) [since FEDORA-2007-3474] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.61 retrieving revision 1.62 diff -u -r1.61 -r1.62 --- f9 8 Jan 2008 08:26:57 -0000 1.61 +++ f9 8 Jan 2008 10:33:18 -0000 1.62 @@ -11,10 +11,10 @@ CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0003 version (tog-pegasus, 2.7.0) CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet -CVE-2007-6630 VULNERABLE (netembryo, not fixed 0.0.4) #427470 There was not release in stable branches yet -CVE-2007-6613 VULNERABLE (libcdio) #427200 +CVE-2007-6630 version (netembryo, fixed 0.0.5) #427470 There was not release in stable branches yet [since netembryo-0.0.5-1.fc9] +CVE-2007-6613 version (libcdio) #427200 [since libcdio-0.79-2.fc9] GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 -CVE-2007-6611 VULNERABLE (mantis) #427280 +CVE-2007-6611 version (mantis) #427280 [since mantis-1.1.0-1.fc9] CVE-2007-6601 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6600 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6596 VULNERABLE (clamav) #427289 Might be considered a mail client flaw @@ -42,7 +42,7 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9] CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 -CVE-2007-6285 VULNERABLE (autofs) #426401 +CVE-2007-6285 backport (autofs) #426401 [since autofs-5.0.2-25] CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9] CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9] CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9] @@ -52,7 +52,7 @@ CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] -CVE-2007-6183 VULNERABLE (ruby-gnome2) #405611 +CVE-2007-6183 backport (ruby-gnome2) #405611 [since ruby-gnome2-0.16.0-22.fc9] CVE-2007-6121 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6120 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6119 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] @@ -121,7 +121,7 @@ CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841 CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9] CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901 -CVE-2007-5197 VULNERABLE (mono, fixed 1.2.5.1) #367551 +CVE-2007-5197 version (mono, fixed 1.2.5.1) #367551 [since mono-1.2.5.1-3.fc9] CVE-2007-5116 backport (perl) #378151 [since perl-5.8.8-31.fc9] CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.225 retrieving revision 1.226 diff -u -r1.225 -r1.226 --- fc7 8 Jan 2008 08:26:57 -0000 1.225 +++ fc7 8 Jan 2008 10:33:18 -0000 1.226 @@ -37,7 +37,7 @@ CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423281 -CVE-2007-6318 fixed (wordpress) #426432 [since FEDORA-2008-0126] +CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 @@ -72,7 +72,7 @@ CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] -CVE-2007-6013 fixed (wordpress) #426432 [since FEDORA-2008-0126] +CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning @@ -303,7 +303,7 @@ CVE-2007-3656 version (mozilla) #248518 [since FEDORA-2007-1138] CVE-2007-3642 version (kernel, fixed 2.6.22.1) [since FEDORA-2007-1130] CVE-2007-3628 version (php-pear-Structures-DataGrid-DataSource-MDB2, fixed 0.1.10) -CVE-2007-3568 VULNERABLE (imlib) +CVE-2007-3568 backport (imlib) [since FEDORA-2007-4561] CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445] CVE-2007-3546 ignore (nessus-core) Windows only CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904] From fedora-security-commits at redhat.com Tue Jan 8 13:17:35 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 8 Jan 2008 08:17:35 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.69, 1.70 f9, 1.62, 1.63 fc7, 1.226, 1.227 Message-ID: <200801081317.m08DHZNA004996@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4971/audit Modified Files: f8 f9 fc7 Log Message: note cairo Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.69 retrieving revision 1.70 diff -u -r1.69 -r1.70 --- f8 8 Jan 2008 10:33:18 -0000 1.69 +++ f8 8 Jan 2008 13:17:33 -0000 1.70 @@ -104,6 +104,7 @@ CVE-2007-5624 version (nagios, fixed 2.10) #362801 [since FEDORA-2007-4145] CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-3636] +CVE-2007-5503 version (cairo, 1.4.12) [since FEDORA-2007-3913] CVE-2007-5501 version (kernel) [since FEDORA-2007-3837] CVE-2007-5500 version (kernel) [since FEDORA-2007-3837] CVE-2007-5497 VULNERABLE (e2fsprogs) #414581 [since FEDORA-2007-4447] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.62 retrieving revision 1.63 diff -u -r1.62 -r1.63 --- f9 8 Jan 2008 10:33:18 -0000 1.62 +++ f9 8 Jan 2008 13:17:33 -0000 1.63 @@ -102,6 +102,7 @@ CVE-2007-5624 version (nagios, fixed 2.10) #362811 [since nagios-2.10-3.fc9] CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 +CVE-2007-5503 version (cairo, 1.4.12) [since cairo-1.5.4-1.fc9] CVE-2007-5497 backport (e2fsprogs) #414591 [since e2fsprogs-1.40.2-14.fc9] CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531 CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.226 retrieving revision 1.227 diff -u -r1.226 -r1.227 --- fc7 8 Jan 2008 10:33:18 -0000 1.226 +++ fc7 8 Jan 2008 13:17:33 -0000 1.227 @@ -115,6 +115,7 @@ CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738] CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652] CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652] +CVE-2007-5503 VULNERABLE (cairo, 1.4.12) [since FEDORA-2007-3818] CVE-2007-5501 version (kernel) [since FEDORA-2007-3751] CVE-2007-5500 version (kernel) [since FEDORA-2007-3751] CVE-2007-5497 VULNERABLE (e2fsprogs) #414571 [since FEDORA-2007-4461] From fedora-security-commits at redhat.com Tue Jan 8 13:58:52 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 8 Jan 2008 08:58:52 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.70, 1.71 f9, 1.63, 1.64 fc7, 1.227, 1.228 Message-ID: <200801081358.m08DwqO0006692@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6667/audit Modified Files: f8 f9 fc7 Log Message: recent httpd issue formatting fixes Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.70 retrieving revision 1.71 diff -u -r1.70 -r1.71 --- f8 8 Jan 2008 13:17:33 -0000 1.70 +++ f8 8 Jan 2008 13:58:50 -0000 1.71 @@ -9,12 +9,13 @@ GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] -CVE-2008-0003 VULNERABLE (tog-pegasus, 2.7.0) #427829 +CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 +CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427829 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] -CVE-2007-6601 VULNERABLE (postgresql, 8.2.6) #427773 -CVE-2007-6600 VULNERABLE (postgresql, 8.2.6) #427773 +CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427773 +CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427773 CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427287 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] @@ -23,6 +24,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982 +CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982 +CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] @@ -67,7 +71,7 @@ CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] -CVE-2007-6067 VULNERABLE (postgresql, 8.2.6) #427773 +CVE-2007-6067 VULNERABLE (postgresql, fixed 8.2.6) #427773 CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] CVE-2007-6013 VULNERABLE (wordpress) @@ -104,7 +108,7 @@ CVE-2007-5624 version (nagios, fixed 2.10) #362801 [since FEDORA-2007-4145] CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-3636] -CVE-2007-5503 version (cairo, 1.4.12) [since FEDORA-2007-3913] +CVE-2007-5503 version (cairo, fixed 1.4.12) [since FEDORA-2007-3913] CVE-2007-5501 version (kernel) [since FEDORA-2007-3837] CVE-2007-5500 version (kernel) [since FEDORA-2007-3837] CVE-2007-5497 VULNERABLE (e2fsprogs) #414581 [since FEDORA-2007-4447] @@ -134,13 +138,13 @@ CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 -CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) +CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281 -CVE-2007-4772 VULNERABLE (postgresql, 8.2.6) #427773 -CVE-2007-4769 VULNERABLE (postgresql, 8.2.6) #427773 +CVE-2007-4772 VULNERABLE (postgresql, fixed 8.2.6) #427773 +CVE-2007-4769 VULNERABLE (postgresql, fixed 8.2.6) #427773 CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-4172] @@ -174,7 +178,7 @@ CVE-2007-3382 version (tomcat5) [since FEDORA-2007-3474] CVE-2007-3280 ignore (postgresql) bogus CVE assignment CVE-2007-3279 ignore (postgresql) bogus CVE assignment -CVE-2007-3278 version (postgresql, 8.2.5) +CVE-2007-3278 version (postgresql, fixed 8.2.5) CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length CVE-2007-2807 backport (eggdrop) [since FEDORA-2007-4305] CVE-2007-2450 version (tomcat5) #363081 [since FEDORA-2007-3474] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.63 retrieving revision 1.64 diff -u -r1.63 -r1.64 --- f9 8 Jan 2008 13:17:33 -0000 1.63 +++ f9 8 Jan 2008 13:58:50 -0000 1.64 @@ -9,14 +9,15 @@ GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] -CVE-2008-0003 version (tog-pegasus, 2.7.0) +CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 +CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet CVE-2007-6630 version (netembryo, fixed 0.0.5) #427470 There was not release in stable branches yet [since netembryo-0.0.5-1.fc9] CVE-2007-6613 version (libcdio) #427200 [since libcdio-0.79-2.fc9] GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 CVE-2007-6611 version (mantis) #427280 [since mantis-1.1.0-1.fc9] -CVE-2007-6601 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] -CVE-2007-6600 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] +CVE-2007-6601 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] +CVE-2007-6600 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6596 VULNERABLE (clamav) #427289 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427289 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] @@ -25,6 +26,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984 +CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984 +CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] @@ -66,7 +70,7 @@ CVE-2007-6111 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) -CVE-2007-6067 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] +CVE-2007-6067 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) @@ -102,7 +106,7 @@ CVE-2007-5624 version (nagios, fixed 2.10) #362811 [since nagios-2.10-3.fc9] CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 -CVE-2007-5503 version (cairo, 1.4.12) [since cairo-1.5.4-1.fc9] +CVE-2007-5503 version (cairo, fixed 1.4.12) [since cairo-1.5.4-1.fc9] CVE-2007-5497 backport (e2fsprogs) #414591 [since e2fsprogs-1.40.2-14.fc9] CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531 CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9] @@ -127,12 +131,12 @@ CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 -CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) +CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364291 -CVE-2007-4772 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] -CVE-2007-4769 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] +CVE-2007-4772 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] +CVE-2007-4769 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-4575 version (openoffice.org, fixed 2.3.1) [since openoffice.org-2.3.1-9.1.fc9] CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 @@ -158,7 +162,7 @@ CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 CVE-2007-3280 ignore (postgresql) bogus CVE assignment CVE-2007-3279 ignore (postgresql) bogus CVE assignment -CVE-2007-3278 version (postgresql, 8.2.5) +CVE-2007-3278 version (postgresql, fixed 8.2.5) CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244812 CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244812 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.227 retrieving revision 1.228 diff -u -r1.227 -r1.228 --- fc7 8 Jan 2008 13:17:33 -0000 1.227 +++ fc7 8 Jan 2008 13:58:50 -0000 1.228 @@ -10,12 +10,13 @@ GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] -CVE-2008-0003 VULNERABLE (tog-pegasus, 2.7.0) #427828 +CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 +CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427828 CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-6611 fixed (mantis) #427279 [since FEDORA-2008-0353] -CVE-2007-6601 VULNERABLE (postgresql, 8.2.6) #427772 -CVE-2007-6600 VULNERABLE (postgresql, 8.2.6) #427772 +CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427772 +CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427772 CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427288 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] @@ -24,6 +25,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983 +CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983 +CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] @@ -68,7 +72,7 @@ CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] -CVE-2007-6067 VULNERABLE (postgresql, 8.2.6) #427772 +CVE-2007-6067 VULNERABLE (postgresql, fixed 8.2.6) #427772 CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] @@ -115,7 +119,7 @@ CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738] CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652] CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652] -CVE-2007-5503 VULNERABLE (cairo, 1.4.12) [since FEDORA-2007-3818] +CVE-2007-5503 VULNERABLE (cairo, fixed 1.4.12) [since FEDORA-2007-3818] CVE-2007-5501 version (kernel) [since FEDORA-2007-3751] CVE-2007-5500 version (kernel) [since FEDORA-2007-3751] CVE-2007-5497 VULNERABLE (e2fsprogs) #414571 [since FEDORA-2007-4461] @@ -168,7 +172,7 @@ CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224] CVE-2007-5007 version (balsa) #297601 [since FEDORA-2007-2302] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) +CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-4999 version (pidgin, fixed 2.2.2) [since FEDORA-2007-2714] CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368] CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530] @@ -187,8 +191,8 @@ CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189] CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196] -CVE-2007-4772 VULNERABLE (postgresql, 8.2.6) #427772 -CVE-2007-4769 VULNERABLE (postgresql, 8.2.6) #427772 +CVE-2007-4772 VULNERABLE (postgresql, fixed 8.2.6) #427772 +CVE-2007-4769 VULNERABLE (postgresql, fixed 8.2.6) #427772 CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411 @@ -347,7 +351,7 @@ CVE-2007-3294 ignore (php-extras) win only CVE-2007-3280 ignore (postgresql) bogus CVE assignment CVE-2007-3279 ignore (postgresql) bogus CVE assignment -CVE-2007-3278 version (postgresql, 8.2.5) +CVE-2007-3278 version (postgresql, fixed 8.2.5) CVE-2007-3257 backport (evolution) #244283 [since FEDORA-2007-0464] CVE-2007-3241 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] @@ -379,7 +383,7 @@ CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009] CVE-2007-2958 backport (sylpheed) #254123 [since FEDORA-2007-1841] CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581] -CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725] +CVE-2007-2949 version (gimp, fixed 2.2.16) [since FEDORA-2007-0725] CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247] CVE-2007-2925 version (bind, fixed 9.4.1) [since FEDORA-2007-1247] CVE-2007-2894 backport (bochs) #241799 [since FEDORA-2007-1778] From fedora-security-commits at redhat.com Tue Jan 8 16:15:53 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 8 Jan 2008 11:15:53 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Bugzilla.pm, 1.1.2.1, 1.1.2.2 Message-ID: <200801081615.m08GFrsE001578@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1535/Libexig Modified Files: Tag: lkundrak-tools-ng Bugzilla.pm Log Message: add add_comment method turn add_private_comment to simple wrapper around add_comment Index: Bugzilla.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Bugzilla.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- Bugzilla.pm 6 Jan 2008 03:31:53 -0000 1.1.2.1 +++ Bugzilla.pm 8 Jan 2008 16:15:51 -0000 1.1.2.2 @@ -147,17 +147,24 @@ return undef; } -# Add private comment (unless dryrun) to a bug -sub add_private_comment +# Add comment to a bug (unless in dryrun mode) +# Arguments: bug id, comment, make comment private (0/1) +sub add_comment { my $self = shift; - return 0 if $self->{dryrun}; - my $bug = shift or die 'No bug!'; my $comment = shift or die 'No comment!'; + my $private; $private = shift or $private= 0; + + if ($self->{dryrun}) { + print STDERR 'Would add following comment to bug: #'.$bug."\n"; + print STDERR "$comment\n"; + return 0; + } - my $call = $self->{rpc}->call('bugzilla.addComment', $bug, $comment, @{$self->{creds}}, 1); + my $call = $self->{rpc}->call('bugzilla.addComment', $bug, $comment, + @{$self->{creds}}, $private); my $result = $call->result or die $call->faultstring; @@ -167,4 +174,14 @@ return undef; } +# Add private comment to a bug +sub add_private_comment +{ + my $self = shift; + my $bug = shift; + my $comment = shift; + + $self->add_comment($bug, $comment, 1); +} + 1; From fedora-security-commits at redhat.com Tue Jan 8 18:07:35 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 8 Jan 2008 13:07:35 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.71, 1.72 f9, 1.64, 1.65 Message-ID: <200801081807.m08I7ZnV021489@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21469 Modified Files: f8 f9 Log Message: jetty Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.71 retrieving revision 1.72 diff -u -r1.71 -r1.72 --- f8 8 Jan 2008 13:58:50 -0000 1.71 +++ f8 8 Jan 2008 18:07:33 -0000 1.72 @@ -11,6 +11,7 @@ CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427829 +CVE-2007-6672 VULNERABLE (jetty) #428017 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.64 retrieving revision 1.65 diff -u -r1.64 -r1.65 --- f9 8 Jan 2008 13:58:50 -0000 1.64 +++ f9 8 Jan 2008 18:07:33 -0000 1.65 @@ -11,6 +11,7 @@ CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) +CVE-2007-6672 VULNERABLE (jetty) #428018 CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet CVE-2007-6630 version (netembryo, fixed 0.0.5) #427470 There was not release in stable branches yet [since netembryo-0.0.5-1.fc9] CVE-2007-6613 version (libcdio) #427200 [since libcdio-0.79-2.fc9] From fedora-security-commits at redhat.com Tue Jan 8 18:48:14 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 8 Jan 2008 13:48:14 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.72, 1.73 f9, 1.65, 1.66 fc7, 1.228, 1.229 Message-ID: <200801081848.m08ImE4q022664@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22642 Modified Files: f8 f9 fc7 Log Message: dovecot Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.72 retrieving revision 1.73 diff -u -r1.72 -r1.73 --- f8 8 Jan 2008 18:07:33 -0000 1.72 +++ f8 8 Jan 2008 18:48:12 -0000 1.73 @@ -17,6 +17,7 @@ CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427773 CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427773 +CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427287 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.65 retrieving revision 1.66 diff -u -r1.65 -r1.66 --- f9 8 Jan 2008 18:07:33 -0000 1.65 +++ f9 8 Jan 2008 18:48:12 -0000 1.66 @@ -19,6 +19,7 @@ CVE-2007-6611 version (mantis) #427280 [since mantis-1.1.0-1.fc9] CVE-2007-6601 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6600 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] +CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password CVE-2007-6596 VULNERABLE (clamav) #427289 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427289 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.228 retrieving revision 1.229 diff -u -r1.228 -r1.229 --- fc7 8 Jan 2008 13:58:50 -0000 1.228 +++ fc7 8 Jan 2008 18:48:12 -0000 1.229 @@ -17,6 +17,7 @@ CVE-2007-6611 fixed (mantis) #427279 [since FEDORA-2008-0353] CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427772 CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427772 +CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427288 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] From fedora-security-commits at redhat.com Wed Jan 9 13:00:03 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 9 Jan 2008 08:00:03 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.73, 1.74 f9, 1.66, 1.67 fc7, 1.229, 1.230 Message-ID: <200801091300.m09D03M8010553@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10523/audit Modified Files: f8 f9 fc7 Log Message: note some cups CVEs Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.73 retrieving revision 1.74 diff -u -r1.73 -r1.74 --- f8 8 Jan 2008 18:48:12 -0000 1.73 +++ f8 9 Jan 2008 13:00:00 -0000 1.74 @@ -97,6 +97,8 @@ CVE-2007-5925 backport (mysql, fixed 5.0.54) #424931 [since FEDORA-2007-4465] CVE-2007-5907 VULNERABLE (xen) #390111 CVE-2007-5906 VULNERABLE (xen) #390111 +CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131 +CVE-2007-5848 version (cups, fixed 1.2.0) CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.66 retrieving revision 1.67 diff -u -r1.66 -r1.67 --- f9 8 Jan 2008 18:48:12 -0000 1.66 +++ f9 9 Jan 2008 13:00:00 -0000 1.67 @@ -96,6 +96,8 @@ CVE-2007-5925 backport (mysql, fixed 5.0.54) [since mysql-5.0.45-6.fc9] CVE-2007-5907 VULNERABLE (xen) #390121 CVE-2007-5906 VULNERABLE (xen) #390121 +CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9] +CVE-2007-5848 version (cups, fixed 1.2.0) CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.229 retrieving revision 1.230 diff -u -r1.229 -r1.230 --- fc7 8 Jan 2008 18:48:12 -0000 1.229 +++ fc7 9 Jan 2008 13:00:00 -0000 1.230 @@ -97,6 +97,8 @@ CVE-2007-5925 backport (mysql, fixed 5.0.54) #424921 [since FEDORA-2007-4471] CVE-2007-5907 VULNERABLE (xen) #390101 CVE-2007-5906 VULNERABLE (xen) #390101 +CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131 +CVE-2007-5848 version (cups, fixed 1.2.0) CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019] CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056] CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] From fedora-security-commits at redhat.com Wed Jan 9 14:37:45 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 9 Jan 2008 09:37:45 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Bugzilla.pm, 1.1.2.2, 1.1.2.3 Message-ID: <200801091437.m09EbjSX027430@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27408/tools/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Bugzilla.pm Log Message: make add_comment more generic wrapper for addComment add close_bug* Index: Bugzilla.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Bugzilla.pm,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- Bugzilla.pm 8 Jan 2008 16:15:51 -0000 1.1.2.2 +++ Bugzilla.pm 9 Jan 2008 14:37:43 -0000 1.1.2.3 @@ -147,15 +147,18 @@ return undef; } -# Add comment to a bug (unless in dryrun mode) -# Arguments: bug id, comment, make comment private (0/1) +# Add comment - wrapper around bugzilla addComment XMLRPC method +# +# Mandatory arguments: +# bugid, comment +# Optional arguments: +# isprivate, timestamp, worktime, bz_gid, private_in_it, nomail sub add_comment { my $self = shift; my $bug = shift or die 'No bug!'; my $comment = shift or die 'No comment!'; - my $private; $private = shift or $private= 0; if ($self->{dryrun}) { print STDERR 'Would add following comment to bug: #'.$bug."\n"; @@ -164,7 +167,7 @@ } my $call = $self->{rpc}->call('bugzilla.addComment', $bug, $comment, - @{$self->{creds}}, $private); + @{$self->{creds}}, @_); my $result = $call->result or die $call->faultstring; @@ -175,13 +178,66 @@ } # Add private comment to a bug +# +# Arguments: +# bugid, comment sub add_private_comment { my $self = shift; + my $bug = shift; my $comment = shift; $self->add_comment($bug, $comment, 1); } +# Close bug - wrapper around bugzilla closeBug XMLRPC method +# +# Mandatory arguments: +# bugid, resolution +# Optional arguments: +# dupeid, fixedin, comment, isprivate, private_in_it, nomail +sub close_bug +{ + my $self = shift; + + my $bug = shift or die 'No bug!'; + my $resolution = shift or die 'No resolution!'; + + if ($self->{dryrun}) { + print STDERR 'Would close bug #'.$bug.' as: '.$resolution."\n"; + return 0; + } + + my $call = $self->{rpc}->call('bugzilla.closeBug', $bug, $resolution, + @{$self->{creds}}, @_); + + my $result = $call->result + or die $call->faultstring; + + print STDERR 'Bugzilla answered to closeBug: '.Dumper($result) + if $self->{debug}; + return undef; +} + +# Close bug with comment +# +# Mandatory arguments: +# bugid, resulution, comment +# Optional arguments: +# newfixedin, dupeid +sub close_bug_with_comment +{ + my $self = shift; + + my $bug = shift; + my $resolution = shift; + my $comment = shift or die 'No comment!'; + + my $fixedin = shift; + my $dupeid = shift; + + $self->close_bug($bug, $resolution, $dupeid, $fixedin, $comment); +} + 1; From fedora-security-commits at redhat.com Wed Jan 9 16:25:17 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 9 Jan 2008 11:25:17 -0500 Subject: [Fedora-security-commits] fedora-security/audit f9, 1.67, 1.68 fc7, 1.230, 1.231 Message-ID: <200801091625.m09GPHkj012540@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12515/audit Modified Files: f9 fc7 Log Message: syslog-ng fixed in rawhide minor pcre cleanup Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.67 retrieving revision 1.68 diff -u -r1.67 -r1.68 --- f9 9 Jan 2008 13:00:00 -0000 1.67 +++ f9 9 Jan 2008 16:25:15 -0000 1.68 @@ -34,7 +34,7 @@ CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] -CVE-2007-6437 VULNERABLE (syslog-ng) #426307 +CVE-2007-6437 version (syslog-ng, fixed 2.0.6) #426307 [since syslog-ng-2.0.7-1.fc9] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171 CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.230 retrieving revision 1.231 diff -u -r1.230 -r1.231 --- fc7 9 Jan 2008 13:00:00 -0000 1.230 +++ fc7 9 Jan 2008 16:25:15 -0000 1.231 @@ -684,7 +684,8 @@ CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected -CVE-2006-7224 VULNERABLE (pcre, fixed 6.7) #378411 +CVE-2006-7228 version (pcre, fixed 6.7) +CVE-2006-7227 version (pcre, fixed 6.7) CVE-2006-7221 ignore (gftp) single zero byte overflow in fsplib CVE-2006-7205 ignore (php) See NVD CVE-2006-7204 ignore (php) See NVD From fedora-security-commits at redhat.com Wed Jan 9 21:42:42 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 9 Jan 2008 16:42:42 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Fedora.pm, 1.1.2.1, 1.1.2.2 Message-ID: <200801092143.m09Lh9kT024139@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23949/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Fedora.pm Log Message: Finally commiting the splitoff of the tracking bug routines to the library 12:17 kto necommituje, bude pocas dlhych zimnych vecerov riesit konflikty... And hopefuly merging in tomas' change... :} Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- Fedora.pm 6 Jan 2008 12:48:45 -0000 1.1.2.1 +++ Fedora.pm 9 Jan 2008 21:42:37 -0000 1.1.2.2 @@ -14,6 +14,10 @@ 'low' => 'low', ); +### +### Parent bugs from CVE +### + # Get the text to include in the CVE bug descripiton sub cve_bug_desc { @@ -64,3 +68,183 @@ 'alias' => $cve, ); } + +### +### Tracking bugs +### + +my $comment_head = + 'This is an automatically created tracking bug! '. + 'It was created to ensure that one or more security '. + 'vulnerabilities are fixed in all affected branches.'. + "\n\n". + 'You should *not* refer to this bug publicly, as it is a '. + 'private "Fedora Project Contributors" bug.'. + "\n\n". + 'For comments that are specific to the vulnerability please use bugs '. + 'filed against "Security Response" product referenced in "Blocks" '. + 'field.'. + "\n\n"; + +my $comment_tail = + 'For more information see: '. + 'http://fedoraproject.org/wiki/Security/TrackingBugs'; + +my $comment_update = + # Following the list of parent bugs + "\n". + 'When creating an update for the version this this bug is reported '. + 'against please include the bug IDs of respective bugs filed '. + 'against "Security Response" product as well as of this bug and let the '. + 'update system close them. Please '. + 'note that the update announcement will (and should) contain only '. + 'references to "Security Response" bugs as long as the tracking '. + 'bug is restricted to "Fedora Project Contributors".'. + "\n\n"; + +my $comment_rawhide = + "\n". + 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '. + 'Fixed In field if possible) once is it fixed in devel branch. '. + 'Do *not* include the bug id of this bug in the RPM changelog and the '. + 'commit message.'. + "\n\n"; + +my %priorities = ( + 'urgent', => 4, + 'high', => 3, + 'medium', => 2, + 'low' => 1, +); + +# Valid versions +my %versions = ( + '6', => '6', + 'f6', => '6', + 'fc6', => '6', + '7', => '7', + 'f7', => '7', + 'fc7', => '7', + '8', => '8', + 'f8', => '8', + 'fc8', => '8', + '9', => 'rawhide', + 'f9', => 'rawhide', + 'fc9', => 'rawhide', + 'devel', => 'rawhide', +); + +sub tracking_bugs +{ + my $bugs = shift; + my $component = shift; + my @versions = @_; + + my @retval; + + # Construct a tracking bug template + + my %bug_tmpl = ( + 'bug_file_loc' => 'http://fedoraproject.org/wiki/Security/TrackingBugs', + 'rep_platform' => 'All', + 'op_sys' => 'Linux', + 'short_desc' => '', + 'keywords' => 'Security', + 'product' => 'Fedora', + 'component' => $component, + 'bug_severity' => 'low', + 'priority' => 'low', + 'bit-58' => '1', # Fedora Project Contributors + ); + + my $comment_parents = ''; + + foreach my $bug (@{$bugs}) { + + # Take the highest of priorities + $bug_tmpl{'bug_severity'} = $bug->{'bug_severity'} + if ($priorities{$bug->{'bug_severity'}} > $priorities{$bug_tmpl{'bug_severity'}}); + $bug_tmpl{'priority'} = $bug->{'priority'} + if ($priorities{$bug->{'priority'}} > $priorities{$bug_tmpl{'priority'}}); + + # This will be overwriten if we block just one parent bug + $bug_tmpl{'short_desc'} .= $bug->{'alias'}.' '; + + # Add the parent bug to the comment + $comment_parents .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n"; + } + + if (@{$bugs} > 1) { + $bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities"; + } else { + $bug_tmpl{'short_desc'} = $bugs->[0]->{'short_short_desc'}; + } + + # Create a bug hash for each version + + foreach my $version (@versions) { + my %bug = %bug_tmpl; + $bug{'short_desc'} .= " [Fedora $versions{$version}]"; + $bug{'version'} = $versions{$version}; + + $bug{'comment'} = + $comment_head. + $comment_parents. + ($bug{'version'} eq 'rawhide' ? $comment_rawhide : $comment_update). + $comment_tail; + + push @retval, \%bug; + } + + return \@retval; +} + +sub file_tracking_bugs +{ + my $parent_bugs = shift; + my $tracking_bugs = shift; + my $bugzilla = shift; + + foreach my $bug (@{$tracking_bugs}) { + my $bug_id = $bugzilla->file_bug (\%bug); + + if ($bug{'version'} ne 'rawhide') { + my $tr_comment = + 'You can eventually use the following link to '. + 'create the update request: '."\n". + 'https://admin.fedoraproject.org/updates/new/'. + '?request=Stable'. + '&type=security'. + '&release=Fedora%20'.$bug{'version'}. + '&bugs='.$bug_id; + + foreach my $bug (@{$bugs}) { + $tr_comment .= ','.$bug->{'bug_id'}; + } + + # XXX: public + $bugzilla->add_private_comment ($bug_id, $tr_comment); + } + + $bugzilla->add_blockers ($bug_id, \@bugs); + $comment .= $bug{'version'}.": bug #$bug_id\n"; +=cut +} + +=cut + +# File for each version + +my $comment = "Created Fedora tracking bugs for $component:\n\n"; + +=cut +=cut + +# Add comment to original bugs + +foreach my $bug (@bugs) { + $bugzilla->add_private_comment ($bug, $comment); +} + +print STDERR $comment; +=cut From fedora-security-commits at redhat.com Wed Jan 9 21:42:42 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 9 Jan 2008 16:42:42 -0500 Subject: [Fedora-security-commits] fedora-security/tools/scripts add-tracking-bugs, 1.1.2.2, 1.1.2.3 Message-ID: <200801092143.m09LhA4X024142@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23949/scripts Modified Files: Tag: lkundrak-tools-ng add-tracking-bugs Log Message: Finally commiting the splitoff of the tracking bug routines to the library 12:17 kto necommituje, bude pocas dlhych zimnych vecerov riesit konflikty... And hopefuly merging in tomas' change... :} Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/add-tracking-bugs,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- add-tracking-bugs 7 Jan 2008 16:52:18 -0000 1.1.2.2 +++ add-tracking-bugs 9 Jan 2008 21:42:38 -0000 1.1.2.3 @@ -21,72 +21,11 @@ use Libexig::Util; use Libexig::Bugzilla; +use Libexig::Fedora; use warnings; use strict; -my $comment_head = - 'This is an automatically created tracking bug! '. - 'It was created to ensure that one or more security '. - 'vulnerabilities are fixed in all affected branches.'. - "\n\n". - 'You should *not* refer to this bug publicly, as it is a '. - 'private "Fedora Project Contributors" bug.'. - "\n\n". - 'For comments that are specific to the vulnerability please use bugs '. - 'filed against "Security Response" product referenced in "Blocks" '. - 'field.'. - "\n\n"; - -my $comment_tail = - 'For more information see: '. - 'http://fedoraproject.org/wiki/Security/TrackingBugs'; - -my $comment_update = - # Following the list of parent bugs - "\n". - 'When creating an update for the version this this bug is reported '. - 'against please include the bug IDs of respective bugs filed '. - 'against "Security Response" product as well as of this bug and let the '. - 'update system close them. Please '. - 'note that the update announcement will (and should) contain only '. - 'references to "Security Response" bugs as long as the tracking '. - 'bug is restricted to "Fedora Project Contributors".'. - "\n\n"; - -my $comment_rawhide = - "\n". - 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '. - 'Fixed In field if possible) once is it fixed in devel branch. '. - 'Do *not* include the bug id of this bug in the RPM changelog and the '. - 'commit message.'. - "\n\n"; - - -my %impact = ( - 'urgent', => 4, - 'high', => 3, - 'medium', => 2, - 'low' => 1, -); - -# Valid versions -my %versions = ( - '6', => '6', - 'f6', => '6', - 'fc6', => '6', - '7', => '7', - 'f7', => '7', - 'fc7', => '7', - '8', => '8', - 'f8', => '8', - 'fc8', => '8', - '9', => 'rawhide', - 'f9', => 'rawhide', - 'fc9', => 'rawhide', - 'devel', => 'rawhide', -); - # Command line options my (@bugs, @versions, $dryrun, $debug, $username, $password, $component); @@ -115,14 +54,17 @@ $options{'versions'} or die 'versions argument is mandatory'; @versions = split (/,/, $options{'versions'}); -$versions{$_} or die "Invalid version: $_" foreach (@versions); +#XXX +##$versions{$_} or die "Invalid version: $_" foreach (@versions); $component = $options{'component'} or die 'component argument is mandatory'; $dryrun = ($options{'dryrun'} or 0); $debug = ($options{'debug'} or 0); $username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com'); -$password = ($options{'password'} or $dryrun or - read_noecho ("Bugzilla password for $username: ")); +$password = ($options{'password'} or read_noecho ("Bugzilla password for $username: ")) + unless $dryrun; + +$dryrun = 1; my $bugzilla = new Libexig::Bugzilla ({ 'username' => $username, @@ -133,92 +75,10 @@ # Get parent bugs -my $bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); -print Dumper ($bugs) if $debug; - -# Construct a tracking bug template - -my %bug_tmpl = ( - 'bug_file_loc' => 'http://fedoraproject.org/wiki/Security/TrackingBugs', - 'rep_platform' => 'All', - 'op_sys' => 'Linux', - 'short_desc' => '', - 'keywords' => 'Security', - 'product' => 'Fedora', - 'comment' => $comment_head, - 'component' => $component, - 'bug_severity' => 'low', - 'priority' => 'low', - 'bit-58' => '1', # Fedora Project Contributors -); - -foreach my $bug (@{$bugs}) { - - # Take the highest of priorities - $bug_tmpl{'bug_severity'} = $bug->{'bug_severity'} - if ($impact{$bug->{'bug_severity'}} > $impact{$bug_tmpl{'bug_severity'}}); - $bug_tmpl{'priority'} = $bug->{'priority'} - if ($impact{$bug->{'priority'}} > $impact{$bug_tmpl{'priority'}}); - - # This will be overwriten if we block just one parent bug - $bug_tmpl{'short_desc'} .= $bug->{'alias'}.' '; - - # Add the parent bug to the comment - $bug_tmpl{'comment'} .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n"; -} - -if ($#bugs) { - $bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities"; -} else { - $bug_tmpl{'short_desc'} = $bugs->[0]->{'short_short_desc'}; -} - -# File for each version - -my $comment = "Created Fedora tracking bugs for $component:\n\n"; - -foreach my $version (@versions) { - my %bug = %bug_tmpl; - $bug{'short_desc'} .= " [Fedora $versions{$version}]"; - $bug{'version'} = $versions{$version}; - - if ($bug{'version'} eq 'rawhide') { - $bug{'comment'} .= $comment_rawhide; - } else { - $bug{'comment'} .= $comment_update; - } - - $bug{'comment'} .= $comment_tail; - - print Dumper (\%bug) if $debug; - my $bug_id = $bugzilla->file_bug (\%bug); - - if ($bug{'version'} ne 'rawhide') { - my $tr_comment = - 'You can eventually use the following link to '. - 'create the update request: '."\n". - 'https://admin.fedoraproject.org/updates/new/'. - '?request=Stable'. - '&type=security'. - '&release=Fedora%20'.$bug{'version'}. - '&bugs='.$bug_id; - - foreach my $bug (@{$bugs}) { - $tr_comment .= ','.$bug->{'bug_id'}; - } - - # XXX: public - $bugzilla->add_private_comment ($bug_id, $tr_comment); - } +my $parent_bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); +print Dumper ($parent_bugs) if $debug; - $bugzilla->add_blockers ($bug_id, \@bugs); - $comment .= $bug{'version'}.": bug #$bug_id\n"; -} - -# Add comment to original bugs - -foreach my $bug (@bugs) { - $bugzilla->add_private_comment ($bug, $comment); -} +my $tracking_bugs = Libexig::Fedora::tracking_bugs ($parent_bugs, $component, @versions); -print STDERR $comment; +use Data::Dumper; +print Dumper ($tracking_bugs); From fedora-security-commits at redhat.com Thu Jan 10 13:45:36 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 10 Jan 2008 08:45:36 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.74, 1.75 fc7, 1.231, 1.232 Message-ID: <200801101345.m0ADjahG025823@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25800/audit Modified Files: f8 fc7 Log Message: xfce cve ids Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.74 retrieving revision 1.75 diff -u -r1.74 -r1.75 --- f8 9 Jan 2008 13:00:00 -0000 1.74 +++ f8 10 Jan 2008 13:45:34 -0000 1.75 @@ -20,6 +20,8 @@ CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427287 +CVE-2007-6532 version (libxfcegui4) #412761 [since FEDORA-2007-4368] +CVE-2007-6531 version (xfce-panel) #412761 [since FEDORA-2007-4368] CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] @@ -46,9 +48,6 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 -GENERIC-MAP-NOMATCH version (libxfcegui4) #412761 [since FEDORA-2007-4368] -GENERIC-MAP-NOMATCH version (libxfce4util) #412761 [since FEDORA-2007-4368] -GENERIC-MAP-NOMATCH version (xfce-panel) #412761 [since FEDORA-2007-4368] CVE-2007-6285 VULNERABLE (autofs) #426400 CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655] CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.231 retrieving revision 1.232 diff -u -r1.231 -r1.232 --- fc7 9 Jan 2008 16:25:15 -0000 1.231 +++ fc7 10 Jan 2008 13:45:34 -0000 1.232 @@ -20,6 +20,8 @@ CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427288 +CVE-2007-6532 version (libxfcegui4) #412751 [since FEDORA-2007-4385] +CVE-2007-6531 version (xfce-panel) #412751 [since FEDORA-2007-4385] CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] @@ -46,9 +48,6 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 -GENERIC-MAP-NOMATCH version (libxfcegui4) #412751 [since FEDORA-2007-4385] -GENERIC-MAP-NOMATCH version (libxfce4util) #412751 [since FEDORA-2007-4385] -GENERIC-MAP-NOMATCH version (xfce-panel) #412751 [since FEDORA-2007-4385] CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709] CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658] CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161] From fedora-security-commits at redhat.com Thu Jan 10 13:54:18 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 10 Jan 2008 08:54:18 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.75, 1.76 f9, 1.68, 1.69 fc7, 1.232, 1.233 Message-ID: <200801101354.m0ADsIok026053@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26031 Modified Files: f8 f9 fc7 Log Message: wordpress Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.75 retrieving revision 1.76 diff -u -r1.75 -r1.76 --- f8 10 Jan 2008 13:45:34 -0000 1.75 +++ f8 10 Jan 2008 13:54:16 -0000 1.76 @@ -8,6 +8,12 @@ # Up to date F8 as of 20071221 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299] +**CVE-2008-0196 version (wordpress, not fixed 2.0.11) +CVE-2008-0195 ignore (wordpress) File path is not a sensitive information +**CVE-2008-0194 version (wordpress, not fixed 2.0.4) +**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) +**CVE-2008-0192 version (wordpress, not fixed 2.0.9) +CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427829 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.68 retrieving revision 1.69 diff -u -r1.68 -r1.69 --- f9 9 Jan 2008 16:25:15 -0000 1.68 +++ f9 10 Jan 2008 13:54:16 -0000 1.69 @@ -8,6 +8,12 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] +**CVE-2008-0196 version (wordpress, not fixed 2.0.11) +CVE-2008-0195 ignore (wordpress) File path is not a sensitive information +**CVE-2008-0194 version (wordpress, not fixed 2.0.4) +**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) +**CVE-2008-0192 version (wordpress, not fixed 2.0.9) +CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.232 retrieving revision 1.233 diff -u -r1.232 -r1.233 --- fc7 10 Jan 2008 13:45:34 -0000 1.232 +++ fc7 10 Jan 2008 13:54:16 -0000 1.233 @@ -9,6 +9,12 @@ # Up to date FC7 as of 20071221 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333] +**CVE-2008-0196 version (wordpress, not fixed 2.0.11) +CVE-2008-0195 ignore (wordpress) File path is not a sensitive information +**CVE-2008-0194 version (wordpress, not fixed 2.0.4) +**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) +**CVE-2008-0192 version (wordpress, not fixed 2.0.9) +CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427828 From fedora-security-commits at redhat.com Thu Jan 10 14:53:10 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 10 Jan 2008 09:53:10 -0500 Subject: [Fedora-security-commits] fedora-security/tools fedora-security.spec, 1.1.2.1, 1.1.2.2 Message-ID: <200801101453.m0AErAnG002935@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2894 Modified Files: Tag: lkundrak-tools-ng fedora-security.spec Log Message: Use LWP::Simple instead of wget in CVE.pm Index: fedora-security.spec =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/fedora-security.spec,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- fedora-security.spec 6 Jan 2008 03:31:52 -0000 1.1.2.1 +++ fedora-security.spec 10 Jan 2008 14:53:08 -0000 1.1.2.2 @@ -1,6 +1,6 @@ Name: fedora-security Version: 0.9 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tools for Fedora Security Response Team use Group: Development/Libraries @@ -25,7 +25,6 @@ #!/bin/sh %{__perl_requires} $* |\ sed -e '/perl(Email::Simple)/d' |\ - sed -e '/perl(LWP::Simple)/d' |\ sed -e '/perl(Mail::Mbox::MessageParser)/d' |\ sed -e '/perl(Net::FTP)/d' EOF From fedora-security-commits at redhat.com Thu Jan 10 14:53:11 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 10 Jan 2008 09:53:11 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig CVE.pm, 1.1.2.1, 1.1.2.2 Message-ID: <200801101453.m0AErBUb002941@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2894/lib/Libexig Modified Files: Tag: lkundrak-tools-ng CVE.pm Log Message: Use LWP::Simple instead of wget in CVE.pm Index: CVE.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/CVE.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- CVE.pm 6 Jan 2008 03:31:53 -0000 1.1.2.1 +++ CVE.pm 10 Jan 2008 14:53:09 -0000 1.1.2.2 @@ -9,6 +9,7 @@ use Exporter 'import'; use XML::Parser; +use LWP::Simple; @EXPORT = qw/cve/; @@ -82,10 +83,10 @@ { my ($file, $age) = @_; - # XXX: escaping + mkdir $cachebase; system ("mkdir -p '$cachebase'"); - system ("wget -qcO '$cachebase$file' '$sourcebase$file'") - and die ('Failed to update cache'); + mirror ($sourcebase.$file, $cachebase.$file) + or die ('Failed to update cache'); return $cachebase.$file; } From fedora-security-commits at redhat.com Thu Jan 10 14:53:11 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 10 Jan 2008 09:53:11 -0500 Subject: [Fedora-security-commits] fedora-security/tools/scripts get-cve, 1.1.2.1, 1.1.2.2 Message-ID: <200801101453.m0AErBTb002948@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2894/scripts Modified Files: Tag: lkundrak-tools-ng get-cve Log Message: Use LWP::Simple instead of wget in CVE.pm Index: get-cve =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/get-cve,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- get-cve 6 Jan 2008 03:31:54 -0000 1.1.2.1 +++ get-cve 10 Jan 2008 14:53:09 -0000 1.1.2.2 @@ -4,13 +4,12 @@ # Get CVE information from NVD # Lubomir Kundrak -die "Possibly useless"; -=cut use warnings; use strict; use Libexig::CVE; +use Data::Dumper; @ARGV or die 'Usage: get-cve [...]'; From fedora-security-commits at redhat.com Thu Jan 10 14:56:14 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 10 Jan 2008 09:56:14 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Bodhi.pm, 1.1.2.1, 1.1.2.2 Message-ID: <200801101456.m0AEuEZW003075@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3052/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Bodhi.pm Log Message: getting number of updates per package should no longer be needed with current bodhi version, 0 seems to work well Index: Bodhi.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Bodhi.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- Bodhi.pm 6 Jan 2008 03:31:53 -0000 1.1.2.1 +++ Bodhi.pm 10 Jan 2008 14:56:12 -0000 1.1.2.2 @@ -79,15 +79,9 @@ my @retval; - # Get number of updates - - # XXX escape - my $json = `wget --post-data 'package=$pkg&tg_paginate_limit=1' -qO - 'https://admin.fedoraproject.org/updates/list?tg_format=json'`; - my $obj = jsonToObj ($json); - - # Get updates themselves - - $json = `wget --post-data 'package=$pkg&tg_paginate_limit=$obj->{num_items}' -qO - 'https://admin.fedoraproject.org/updates/list?tg_format=json'`; + # Get updates + $json = `wget --post-data 'package=$pkg&tg_paginate_limit=0' -qO - \\ + 'https://admin.fedoraproject.org/updates/list?tg_format=json'`; $obj = jsonToObj ($json); foreach my $update (@{$obj->{'updates'}}) { From fedora-security-commits at redhat.com Thu Jan 10 15:31:43 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 10 Jan 2008 10:31:43 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Bodhi.pm, 1.1.2.2, 1.1.2.3 Message-ID: <200801101531.m0AFVh37010725@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10681/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Bodhi.pm Log Message: improve bodhi output parsing a bit - fix for comment containing ': ' - extract also update url Index: Bodhi.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Bodhi.pm,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- Bodhi.pm 10 Jan 2008 14:56:12 -0000 1.1.2.2 +++ Bodhi.pm 10 Jan 2008 15:31:41 -0000 1.1.2.3 @@ -28,6 +28,20 @@ $line =~ /\s+(.*)/ and $retval{'_NVR'} .= $1; } while ($line ne '=' x 80); + # Additional comment lines do not have leading : + # This causes havoc on comments including : character + } elsif ($line =~ /^\s*(Comments): (.*)/) { + $name = $1; # always 'Comments' + $retval{$name} = $2; + + # expect comments until blank line + $line = shift @lines; + while (defined($line) && $line !~ /^$/) { + $line =~ s/^\s*//; + $retval{$name} .= "\n$line"; + $line = shift @lines; + } + # Blah: blah } elsif ($line =~ /\s*([^:]*): (.*)/) { $name = $1 if ($1); @@ -37,10 +51,9 @@ $retval{$name} = $2; } - # Possibly continuation of previous key (comment?) - } else { - $line =~ /\s*(.*)/; - $retval{$name} .= "\n$1"; + # Update URL + } elsif ($line =~ /^ (http.*)/) { + $retval{'_Update URL'} = "$1"; } } From fedora-security-commits at redhat.com Thu Jan 10 18:01:26 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 10 Jan 2008 13:01:26 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Fedora.pm, 1.1.2.2, 1.1.2.3 Message-ID: <200801101801.m0AI1Q83004244@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29915/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Fedora.pm Log Message: I gorribly broke a-t-b, fixing now a bit, needs tidyup Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- Fedora.pm 9 Jan 2008 21:42:37 -0000 1.1.2.2 +++ Fedora.pm 10 Jan 2008 18:01:24 -0000 1.1.2.3 @@ -204,47 +204,39 @@ my $parent_bugs = shift; my $tracking_bugs = shift; my $bugzilla = shift; + my $component = shift; + + my $comment = "Created Fedora tracking bugs for $component:\n\n"; foreach my $bug (@{$tracking_bugs}) { - my $bug_id = $bugzilla->file_bug (\%bug); + use Data::Dumper; + my $bug_id = $bugzilla->file_bug ($bug); - if ($bug{'version'} ne 'rawhide') { + ### XXX: Move this somewhere else? + if ($bug->{'version'} ne 'rawhide') { my $tr_comment = 'You can eventually use the following link to '. 'create the update request: '."\n". 'https://admin.fedoraproject.org/updates/new/'. '?request=Stable'. '&type=security'. - '&release=Fedora%20'.$bug{'version'}. + '&release=Fedora%20'.$bug->{'version'}. '&bugs='.$bug_id; - foreach my $bug (@{$bugs}) { + foreach my $bug (@{$parent_bugs}) { $tr_comment .= ','.$bug->{'bug_id'}; } - # XXX: public - $bugzilla->add_private_comment ($bug_id, $tr_comment); + $bugzilla->add_comment ($bug_id, $tr_comment); } - $bugzilla->add_blockers ($bug_id, \@bugs); - $comment .= $bug{'version'}.": bug #$bug_id\n"; -=cut -} - -=cut - -# File for each version + $bugzilla->add_blockers ($bug_id, $parent_bugs); + $comment .= $bug->{'version'}.": bug #$bug_id\n"; + } + + foreach my $bug (@{$parent_bugs}) { + $bugzilla->add_private_comment ($bug, $comment); + } -my $comment = "Created Fedora tracking bugs for $component:\n\n"; - -=cut -=cut - -# Add comment to original bugs - -foreach my $bug (@bugs) { - $bugzilla->add_private_comment ($bug, $comment); + return $comment; } - -print STDERR $comment; -=cut From fedora-security-commits at redhat.com Thu Jan 10 18:01:27 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 10 Jan 2008 13:01:27 -0500 Subject: [Fedora-security-commits] fedora-security/tools/scripts add-tracking-bugs, 1.1.2.3, 1.1.2.4 Message-ID: <200801101801.m0AI1RuK004250@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29915/scripts Modified Files: Tag: lkundrak-tools-ng add-tracking-bugs Log Message: I gorribly broke a-t-b, fixing now a bit, needs tidyup Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/add-tracking-bugs,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- add-tracking-bugs 9 Jan 2008 21:42:38 -0000 1.1.2.3 +++ add-tracking-bugs 10 Jan 2008 18:01:25 -0000 1.1.2.4 @@ -4,7 +4,7 @@ # File a bugs for specified versions and add dependencies # Lubomir Kundrak -my $usage = 'add-cve-bug [options...] +my $usage = 'add-tracking-bugs [options...] --bugs=[,...] Parent bugs --versions=[,...] Affected Fedora versions --component= Affected package, to find owner to CC (mandatory) @@ -73,12 +73,8 @@ 'debug' => $debug, }); -# Get parent bugs +# All the work (not the one that makes Jack a dull boy) my $parent_bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); -print Dumper ($parent_bugs) if $debug; - my $tracking_bugs = Libexig::Fedora::tracking_bugs ($parent_bugs, $component, @versions); - -use Data::Dumper; -print Dumper ($tracking_bugs); +print STDERR Libexig::Fedora::file_tracking_bugs ($parent_bugs, $tracking_bugs, $bugzilla, $component); From fedora-security-commits at redhat.com Fri Jan 11 12:28:38 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 11 Jan 2008 07:28:38 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.76, 1.77 f9, 1.69, 1.70 fc7, 1.233, 1.234 Message-ID: <200801111228.m0BCScm5023442@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23420/audit Modified Files: f8 f9 fc7 Log Message: libxml2 issues - updates to F7 and F8 pending Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.76 retrieving revision 1.77 diff -u -r1.76 -r1.77 --- f8 10 Jan 2008 13:54:16 -0000 1.76 +++ f8 11 Jan 2008 12:28:36 -0000 1.77 @@ -55,6 +55,7 @@ CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 CVE-2007-6285 VULNERABLE (autofs) #426400 +CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31) CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655] CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.69 retrieving revision 1.70 diff -u -r1.69 -r1.70 --- f9 10 Jan 2008 13:54:16 -0000 1.69 +++ f9 11 Jan 2008 12:28:36 -0000 1.70 @@ -55,6 +55,7 @@ CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9] CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 CVE-2007-6285 backport (autofs) #426401 [since autofs-5.0.2-25] +CVE-2007-6284 version (libxml2, fixed 2.6.31) [since libxml2-2.6.31-1] CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9] CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9] CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.233 retrieving revision 1.234 diff -u -r1.233 -r1.234 --- fc7 10 Jan 2008 13:54:16 -0000 1.233 +++ fc7 11 Jan 2008 12:28:36 -0000 1.234 @@ -55,6 +55,7 @@ CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709] +CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31) CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658] CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160] From fedora-security-commits at redhat.com Fri Jan 11 12:54:16 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 11 Jan 2008 07:54:16 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.77, 1.78 f9, 1.70, 1.71 fc7, 1.234, 1.235 Message-ID: <200801111254.m0BCsG4N023972@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23940/audit Modified Files: f8 f9 fc7 Log Message: drupal update, pending for F7, F8 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.77 retrieving revision 1.78 diff -u -r1.77 -r1.78 --- f8 11 Jan 2008 12:28:36 -0000 1.77 +++ f8 11 Jan 2008 12:54:14 -0000 1.78 @@ -8,6 +8,9 @@ # Up to date F8 as of 20071221 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299] +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.70 retrieving revision 1.71 diff -u -r1.70 -r1.71 --- f9 11 Jan 2008 12:28:36 -0000 1.70 +++ f9 11 Jan 2008 12:54:14 -0000 1.71 @@ -8,6 +8,9 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.234 retrieving revision 1.235 diff -u -r1.234 -r1.235 --- fc7 11 Jan 2008 12:28:36 -0000 1.234 +++ fc7 11 Jan 2008 12:54:14 -0000 1.235 @@ -9,6 +9,9 @@ # Up to date FC7 as of 20071221 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333] +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) From fedora-security-commits at redhat.com Sun Jan 13 22:45:33 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sun, 13 Jan 2008 17:45:33 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.78, 1.79 fc7, 1.235, 1.236 Message-ID: <200801132245.m0DMjXpG008077@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8057 Modified Files: f8 fc7 Log Message: Some new updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.78 retrieving revision 1.79 diff -u -r1.78 -r1.79 --- f8 11 Jan 2008 12:54:14 -0000 1.78 +++ f8 13 Jan 2008 22:45:30 -0000 1.79 @@ -19,13 +19,13 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 -CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427829 +CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] CVE-2007-6672 VULNERABLE (jetty) #428017 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] -CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427773 -CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427773 +CVE-2007-6601 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] +CVE-2007-6600 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427287 @@ -43,7 +43,7 @@ CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] -CVE-2007-6437 VULNERABLE (syslog-ng) #426306 +CVE-2007-6437 VULNERABLE (syslog-ng) #426306 [since FEDORA-2008-0523] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 CVE-2007-6353 VULNERABLE (exiv2) #425923 @@ -82,7 +82,7 @@ CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] -CVE-2007-6067 VULNERABLE (postgresql, fixed 8.2.6) #427773 +CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] CVE-2007-6013 VULNERABLE (wordpress) @@ -156,8 +156,8 @@ CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281 -CVE-2007-4772 VULNERABLE (postgresql, fixed 8.2.6) #427773 -CVE-2007-4769 VULNERABLE (postgresql, fixed 8.2.6) #427773 +CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] +CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-4172] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.235 retrieving revision 1.236 diff -u -r1.235 -r1.236 --- fc7 11 Jan 2008 12:54:14 -0000 1.235 +++ fc7 13 Jan 2008 22:45:30 -0000 1.236 @@ -20,12 +20,12 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 -CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427828 +CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-6611 fixed (mantis) #427279 [since FEDORA-2008-0353] -CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427772 -CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427772 +CVE-2007-6601 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] +CVE-2007-6600 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427288 @@ -43,7 +43,7 @@ CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] -CVE-2007-6437 VULNERABLE (syslog-ng) #426305 +CVE-2007-6437 VULNERABLE (syslog-ng) #426305 [since FEDORA-2008-0559] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551] @@ -82,7 +82,7 @@ CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] -CVE-2007-6067 VULNERABLE (postgresql, fixed 8.2.6) #427772 +CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] @@ -203,8 +203,8 @@ CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189] CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196] -CVE-2007-4772 VULNERABLE (postgresql, fixed 8.2.6) #427772 -CVE-2007-4769 VULNERABLE (postgresql, fixed 8.2.6) #427772 +CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] +CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411 From fedora-security-commits at redhat.com Mon Jan 14 09:47:10 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 04:47:10 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.79, 1.80 f9, 1.71, 1.72 fc7, 1.236, 1.237 Message-ID: <200801140947.m0E9lAVd021420@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21392 Modified Files: f8 f9 fc7 Log Message: IMP & Horde Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.79 retrieving revision 1.80 diff -u -r1.79 -r1.80 --- f8 13 Jan 2008 22:45:30 -0000 1.79 +++ f8 14 Jan 2008 09:47:08 -0000 1.80 @@ -11,6 +11,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 +CVE-2007-6018 VULNERABLE (horde) #428628 +CVE-2007-6018 VULNERABLE (imp) #428632 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.71 retrieving revision 1.72 diff -u -r1.71 -r1.72 --- f9 11 Jan 2008 12:54:14 -0000 1.71 +++ f9 14 Jan 2008 09:47:08 -0000 1.72 @@ -11,6 +11,8 @@ GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 +CVE-2007-6018 VULNERABLE (horde) #428630 +CVE-2007-6018 VULNERABLE (imp) #428634 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.236 retrieving revision 1.237 diff -u -r1.236 -r1.237 --- fc7 13 Jan 2008 22:45:30 -0000 1.236 +++ fc7 14 Jan 2008 09:47:08 -0000 1.237 @@ -12,6 +12,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 +CVE-2007-6018 VULNERABLE (horde) #428629 +CVE-2007-6018 VULNERABLE (imp) #428633 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) From fedora-security-commits at redhat.com Mon Jan 14 10:05:09 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 05:05:09 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.80, 1.81 f9, 1.72, 1.73 fc7, 1.237, 1.238 Message-ID: <200801141005.m0EA59Gk028402@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28366/audit Modified Files: f8 f9 fc7 Log Message: bunch of updates some new issues move some misplaced entries Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.80 retrieving revision 1.81 diff -u -r1.80 -r1.81 --- f8 14 Jan 2008 09:47:08 -0000 1.80 +++ f8 14 Jan 2008 10:05:07 -0000 1.81 @@ -5,14 +5,14 @@ # (mozilla) = (gecko-libs dependent stuff) # Up to date CVE as of CVE email 20071215 -# Up to date F8 as of 20071221 +# Up to date F8 as of 20080111 -GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299] -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 -CVE-2007-6018 VULNERABLE (horde) #428628 -CVE-2007-6018 VULNERABLE (imp) #428632 +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485] +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485] +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485] +CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0299] +**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) +CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) @@ -39,8 +39,10 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982 +CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] @@ -59,8 +61,8 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 -CVE-2007-6285 VULNERABLE (autofs) #426400 -CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31) +CVE-2007-6285 backport (autofs) #426400 [since FEDORA-2007-4707] +CVE-2007-6284 version (libxml2, fixed 2.6.31) [since FEDORA-2008-0462] CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655] CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176] @@ -86,6 +88,8 @@ CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-6061 VULNERABLE (audacity) #393251 +CVE-2007-6018 VULNERABLE (horde) #428628 +CVE-2007-6018 VULNERABLE (imp) #428632 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.72 retrieving revision 1.73 diff -u -r1.72 -r1.73 --- f9 14 Jan 2008 09:47:08 -0000 1.72 +++ f9 14 Jan 2008 10:05:07 -0000 1.73 @@ -7,12 +7,12 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 -GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 -CVE-2007-6018 VULNERABLE (horde) #428630 -CVE-2007-6018 VULNERABLE (imp) #428634 +CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] +**CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] +CVE-2008-0225 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) @@ -39,8 +39,10 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984 +CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] @@ -87,6 +89,8 @@ CVE-2007-6067 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] +CVE-2007-6018 VULNERABLE (horde) #428630 +CVE-2007-6018 VULNERABLE (imp) #428634 CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) CVE-2007-6013 VULNERABLE (wordpress) #426434 CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.237 retrieving revision 1.238 diff -u -r1.237 -r1.238 --- fc7 14 Jan 2008 09:47:08 -0000 1.237 +++ fc7 14 Jan 2008 10:05:07 -0000 1.238 @@ -6,14 +6,14 @@ # A couple of first F7 updates were marked as FEDORA-2007-0001 # Up to date CVE as of CVE email 200711215 -# Up to date FC7 as of 20071221 +# Up to date FC7 as of 20080111 -GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333] -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 -CVE-2007-6018 VULNERABLE (horde) #428629 -CVE-2007-6018 VULNERABLE (imp) #428633 +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469] +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469] +CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333] +**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) +CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) @@ -39,8 +39,10 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983 +CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] @@ -60,7 +62,7 @@ CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709] -CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31) +CVE-2007-6284 version (libxml2, fixed 2.6.31) [since FEDORA-2008-0477] CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658] CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160] @@ -87,6 +89,8 @@ CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] +CVE-2007-6018 VULNERABLE (horde) #428629 +CVE-2007-6018 VULNERABLE (imp) #428633 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] From fedora-security-commits at redhat.com Mon Jan 14 12:49:28 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 07:49:28 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.81, 1.82 f9, 1.73, 1.74 Message-ID: <200801141249.m0ECnSU8013895@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13872/audit Modified Files: f8 f9 Log Message: just note one old net-snmp issue Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.81 retrieving revision 1.82 diff -u -r1.81 -r1.82 --- f8 14 Jan 2008 10:05:07 -0000 1.81 +++ f8 14 Jan 2008 12:49:26 -0000 1.82 @@ -114,6 +114,7 @@ CVE-2007-5906 VULNERABLE (xen) #390111 CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131 CVE-2007-5848 version (cups, fixed 1.2.0) +CVE-2007-5846 version (net-snmp, fixed 5.4.1) CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.73 retrieving revision 1.74 diff -u -r1.73 -r1.74 --- f9 14 Jan 2008 10:05:07 -0000 1.73 +++ f9 14 Jan 2008 12:49:26 -0000 1.74 @@ -114,6 +114,7 @@ CVE-2007-5906 VULNERABLE (xen) #390121 CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9] CVE-2007-5848 version (cups, fixed 1.2.0) +CVE-2007-5846 version (net-snmp, fixed 5.4.1) CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] From fedora-security-commits at redhat.com Mon Jan 14 13:52:07 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 08:52:07 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Fedora.pm, 1.1.2.3, 1.1.2.4 Message-ID: <200801141352.m0EDq79W023202@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23159/tools/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Fedora.pm Log Message: an attempt to unscrew add-tracking-bugs Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- Fedora.pm 10 Jan 2008 18:01:24 -0000 1.1.2.3 +++ Fedora.pm 14 Jan 2008 13:52:05 -0000 1.1.2.4 @@ -199,6 +199,14 @@ return \@retval; } +# file_tracking_bugs +# +# Arguments: +# - ref to list of parent bug ids +# - ref to list of bugs to file (each element must be hash as expected by BZ) +# this list is prepared by tracking_bugs +# - Bugzilla object reference +# - component sub file_tracking_bugs { my $parent_bugs = shift; @@ -212,6 +220,11 @@ use Data::Dumper; my $bug_id = $bugzilla->file_bug ($bug); + if (!defined($bug_id)) { + print STDERR "Error: Bug creation failed! (dryrun mode?)\n"; + #return undef; + } + ### XXX: Move this somewhere else? if ($bug->{'version'} ne 'rawhide') { my $tr_comment = @@ -224,7 +237,7 @@ '&bugs='.$bug_id; foreach my $bug (@{$parent_bugs}) { - $tr_comment .= ','.$bug->{'bug_id'}; + $tr_comment .= ','.$bug; } $bugzilla->add_comment ($bug_id, $tr_comment); From fedora-security-commits at redhat.com Mon Jan 14 13:52:07 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 08:52:07 -0500 Subject: [Fedora-security-commits] fedora-security/tools/scripts add-tracking-bugs, 1.1.2.4, 1.1.2.5 Message-ID: <200801141352.m0EDq7KC023208@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23159/tools/scripts Modified Files: Tag: lkundrak-tools-ng add-tracking-bugs Log Message: an attempt to unscrew add-tracking-bugs Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/add-tracking-bugs,v retrieving revision 1.1.2.4 retrieving revision 1.1.2.5 diff -u -r1.1.2.4 -r1.1.2.5 --- add-tracking-bugs 10 Jan 2008 18:01:25 -0000 1.1.2.4 +++ add-tracking-bugs 14 Jan 2008 13:52:05 -0000 1.1.2.5 @@ -64,7 +64,6 @@ $password = ($options{'password'} or read_noecho ("Bugzilla password for $username: ")) unless $dryrun; -$dryrun = 1; my $bugzilla = new Libexig::Bugzilla ({ 'username' => $username, @@ -74,7 +73,9 @@ }); # All the work (not the one that makes Jack a dull boy) - -my $parent_bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); +my $parent_bugs = $bugzilla->get_bugs (\@bugs, + ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); my $tracking_bugs = Libexig::Fedora::tracking_bugs ($parent_bugs, $component, @versions); -print STDERR Libexig::Fedora::file_tracking_bugs ($parent_bugs, $tracking_bugs, $bugzilla, $component); + +print STDERR Libexig::Fedora::file_tracking_bugs (\@bugs, $tracking_bugs, $bugzilla, $component); + From fedora-security-commits at redhat.com Mon Jan 14 16:04:49 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 11:04:49 -0500 Subject: [Fedora-security-commits] fedora-security/tools/scripts add-cve-bug, 1.1, 1.2 add-issue, 1.1, 1.2 add-tracking-bugs, 1.1, 1.2 check-updates, 1.1, 1.2 generate-manifest, 1.1, 1.2 get-cve, 1.1, 1.2 package-release, 1.1, 1.2 parse-announce, 1.1, 1.2 suidaudit, 1.1, 1.2 update-cve-cache, 1.1, 1.2 Message-ID: <200801141604.m0EG4nHK017494@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17363/scripts Added Files: add-cve-bug add-issue add-tracking-bugs check-updates generate-manifest get-cve package-release parse-announce suidaudit update-cve-cache Log Message: Merging (hopefully) stable from my branch Index: add-cve-bug =================================================================== RCS file: add-cve-bug diff -N add-cve-bug --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ add-cve-bug 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,102 @@ +#!/usr/bin/env perl + +# $Id$ +# Create a bugzilla from a CVE entry +# Lubomir Kundrak + +# Typical use: +#$ ./add-cve-bug \ +# --cve=CVE-2007-4251 \ +# --component=openoffice.org \ +# --summary="OpenOffice crashes upon opening certain files" \ +# --impact=low +# (Was used to create #251717) + +my $usage = 'add-cve-bug [options...] + --cve= CVE ID (mandatory) + --username= Bugzilla login (defaults to $LOGNAME at redhat.com) + --password= Bugzilla passwords (asks for it, if not supplied) + --component=...] Affected package, to find owner to CC (mandatory) + --summary= Text to follow CVE ID in bugzilla (mandatory) + --impact= Impact: critical, important, moderate, low + --interactive Launch editor to edit the description + --dryrun Do not write anything, usable with --debug + --debug Dump interesting info + --help This text +'; + +use Getopt::Long; +use Data::Dumper; + +use Libexig::Fedora; +use Libexig::CVE; +use Libexig::Bugzilla; +use Libexig::Util; + +use warnings; +use strict; + +# Command line options +my ($cve, $interactive, $dryrun, $debug, + $username, $password, $component, $summary, $impact); + +# Parse command line options +my %options; +GetOptions(\%options, + 'cve=s', + 'username=s', + 'password=s', + 'component=s', + 'summary=s', + 'impact=s', + 'interactive', + 'dryrun', + 'debug', + 'help', +) or die 'Incorrect arguments. Try --help.'; + +if ($options{'help'}) { + print $usage; + exit; +} + +$dryrun = ($options{'dryrun'} or 0); +$debug = ($options{'debug'} or 0); +$interactive = ($options{'interactive'} or 0); + +$cve = $options{'cve'} or die 'cve argument is mandatory'; +$component = $options{'component'} or die 'component argument is mandatory'; +$summary = $options{'summary'} or die 'summary argument is mandatory'; +$impact = ($options{'impact'} or 'low'); +defined $Libexig::Fedora::srt_bz_map{$impact} or die 'specified unrecognized impact value'; + +$username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com'); +$password = ($options{'password'} or $dryrun or + read_noecho ("Bugzilla password for $username: ")); + # TODO: add whiteboard option to fill in and get impact from it + +# Get CVE details from NVD or user + +print "Getting a bug description from CVE\n" if $debug; +my ($desc, $refs) = cve ($cve); + +die 'Cannot fetch CVE description; re-run with --interactive' + unless $desc or $interactive; + +my $bug_desc = Libexig::Fedora::cve_bug_desc ($cve, $desc, $refs); +$bug_desc = edit_string ($bug_desc) if $interactive; + +# File it in Bugzilla + +my $bugzilla = new Libexig::Bugzilla ({ + 'username' => $username, + 'password' => $password, + 'dryrun' => $dryrun, + 'debug' => $debug, +}); + +my %bug = Libexig::Fedora::cve_bug ($cve, $component, $summary, $bug_desc, $impact, $bugzilla); +print 'About to add this bug: '.Dumper(\%bug) if $debug; +my $bug_id = $bugzilla->file_bug (\%bug); + +print STDERR "Created bug #$bug_id\n"; Index: add-issue =================================================================== RCS file: add-issue diff -N add-issue --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ add-issue 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,90 @@ +#!/usr/bin/env perl + +# $Id$ +# File a bugs for specified versions and add dependencies +# Lubomir Kundrak + +# XXX: debug, dryrun +my $usage = 'add-cve-bug [options...] + --versions=[,...] Affected Fedora versions + --bugs=[,...]] Tracking bugs for respective versions + --need_verif Needs verification (**) + --cve= CVE name + --status= Either "fixed" or "ignore" or implied "VULNERABLE" + --component= Affected package, to find owner to CC (mandatory) + --fixed= "fixed ..." or "not fixed ..." + --since= Fedora update or NVR this was fixed in + --comment= Free-form comment string +'; + +use Getopt::Long; +use Libexig::Audit; + +use warnings; +use strict; + +my %versions = ( + '7' => '../audit/fc7', + '8' => '../audit/f8', + '9' => '../audit/f9', +); + +# Command line options +my (@versions, @bugs, $need_verif, $cve, $status, $component, + $fixed, $since, $comment); + +# Parse command line options + +my %options; +GetOptions(\%options, + 'versions=s', + 'bugs=s', + 'need_verif', + 'cve=s', + 'status=s', + 'component=s', + 'fixed=s', + 'since=s', + 'comment=s', + 'help', +) or die 'Incorrect arguments. Try --help.'; + +if ($options{help}) { + print $usage; + exit; +} + + at versions = $options{versions} + ? split (/,/, $options{versions}) # versions were specified + : keys %versions; # all known versions + + at bugs = $options{bugs} + ? split (/,/, $options{bugs}) + : (); + +$need_verif = ($options{need_verif} ? '**' : ''); +$cve = ($options{cve} or 'GENERIC-MAP-NOMATCH'); +$status = ($options{status} or 'VULNERABLE'); +$component = ($options{component}) or die 'component argument is mandatory'; +$fixed = ($options{fixed} or ''); +$since = ($options{since} or ''); +$comment = ($options{comment} or ''); + +# Add a line for each version + +foreach my $version (@versions) { + my $entry = { + need_verif => $need_verif, + cve => $cve, + status => $status, + component => $component, + fixed => $fixed, + bug => shift @bugs, + since => $since, + comment => $comment, + }; + + my $audit = new Libexig::Audit ({file => $versions{$version}}); + $audit->add ($entry); + $audit->save; +} Index: add-tracking-bugs =================================================================== RCS file: add-tracking-bugs diff -N add-tracking-bugs --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ add-tracking-bugs 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,81 @@ +#!/usr/bin/env perl + +# $Id$ +# File a bugs for specified versions and add dependencies +# Lubomir Kundrak + +my $usage = 'add-tracking-bugs [options...] + --bugs=[,...] Parent bugs + --versions=[,...] Affected Fedora versions + --component= Affected package, to find owner to CC (mandatory) + --username= Bugzilla login (defaults to $LOGNAME at redhat.com) + --password= Bugzilla passwords (asks for it, if not supplied) + --dryrun Do not write anything, usable with --debug + --debug Dump more or less interesting info + --help This text +'; + +use XMLRPC::Lite; +use Getopt::Long; +use Data::Dumper; + +use Libexig::Util; +use Libexig::Bugzilla; +use Libexig::Fedora; + +use warnings; +use strict; + +# Command line options +my (@bugs, @versions, $dryrun, $debug, + $username, $password, $component); + +# Parse command line options: + +my %options; +GetOptions(\%options, + 'bugs=s', + 'component=s', + 'versions=s', + 'username=s', + 'password=s', + 'dryrun', + 'debug', + 'help', +) or die 'Incorrect arguments. Try --help.'; + +if ($options{'help'}) { + print $usage; + exit; +} + +$options{'bugs'} or die 'bugs argument is mandatory'; + at bugs = split (/,/, $options{'bugs'}); + +$options{'versions'} or die 'versions argument is mandatory'; + at versions = split (/,/, $options{'versions'}); +#XXX +##$versions{$_} or die "Invalid version: $_" foreach (@versions); + +$component = $options{'component'} or die 'component argument is mandatory'; +$dryrun = ($options{'dryrun'} or 0); +$debug = ($options{'debug'} or 0); +$username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com'); +$password = ($options{'password'} or read_noecho ("Bugzilla password for $username: ")) + unless $dryrun; + + +my $bugzilla = new Libexig::Bugzilla ({ + 'username' => $username, + 'password' => $password, + 'dryrun' => $dryrun, + 'debug' => $debug, +}); + +# All the work (not the one that makes Jack a dull boy) +my $parent_bugs = $bugzilla->get_bugs (\@bugs, + ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); +my $tracking_bugs = Libexig::Fedora::tracking_bugs ($parent_bugs, $component, @versions); + +print STDERR Libexig::Fedora::file_tracking_bugs (\@bugs, $tracking_bugs, $bugzilla, $component); + Index: check-updates =================================================================== RCS file: check-updates diff -N check-updates --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ check-updates 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,32 @@ +#!/usr/bin/env perl + +# $Id$ +# Dump what's VULNERABLE, but been subject to an update +# Lubomir Kundrak + +#use warnings; +use strict; + +use Libexig::Audit; +use Libexig::Bodhi; + +# Parse the audit file +my $audit = new Libexig::Audit ({file => $ARGV[0]}); + +foreach my $entry (@{$audit->{audit}}) { + $entry->{'status'} eq 'VULNERABLE' or next; + + # See if the VULNERABLE bug was referenced by an update + foreach my $u (Libexig::Bodhi::get_updates ($entry->{component})) { + $u->{'_Bugs'}->{$entry->{bug}} or next; + + # Modify the line accordingly + $entry->{since} = $u->{'Update ID'}; + $u->{'Status'} eq 'stable' and $entry->{status} = 'fixed'; + Libexig::Audit::update_entry ($entry); + + last; + }; +} + +$audit->save; Index: generate-manifest =================================================================== RCS file: generate-manifest diff -N generate-manifest --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ generate-manifest 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,28 @@ +#!/bin/sh + +# $Id$ +# List generate list of latest versions of all packages in a brew tag +# Lubomir Kundrak + +if [ -z "$KOJI" ] +then + KOJI="koji" +fi + +if [ -z "$@" ] +then + export TAGS=" + dist-fc7-updates + dist-f8-updates + dist-f9-build + " +else + export TAGS="$@" +fi + +for TAG in $TAGS +do + echo -n "Generating manifest for $TAG..." + "$KOJI" list-tagged --inherit --latest "$TAG" >"$TAG" + echo " done" +done Index: get-cve =================================================================== RCS file: get-cve diff -N get-cve --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ get-cve 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,18 @@ +#!/usr/bin/env perl + +# $Id$ +# Get CVE information from NVD +# Lubomir Kundrak + + +use warnings; +use strict; + +use Libexig::CVE; +use Data::Dumper; + + at ARGV or die 'Usage: get-cve [...]'; + +foreach my $cve (@ARGV) { + print Dumper ($cve, Libexig::CVE::cve ($cve)); +} Index: package-release =================================================================== RCS file: package-release diff -N package-release --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ package-release 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,96 @@ +#!/usr/bin/perl -w + +# $Id$ + +# Script for querying which release we ship a package in, and what the +# version of said package is. +# +# This script was originally writeen by Jason L Tibbitts III + +# TODO: Use getopt (add options at that time) +# TODO: Allow for fuzzy matching (partial searching) + +use LWP::Simple; +use Net::FTP; +use strict; + +# Global variables +my ($owner_file, $mirror_host, $mirror_path, @releases); + + +$owner_file='http://cvs.fedora.redhat.com/viewcvs/*checkout*/owners/owners.list?root=extras'; +$mirror_host='download.fedora.redhat.com'; +$mirror_path='/pub/fedora/linux/releases/%s/Everything/source/SRPMS'; + at releases=qw( 7 ); + +sub get_owner_content { + my $match = pop; + + my ($distro, $package, $desc, $owner, $qa, $cc); + + my %owner; + + my $owner_content = get($owner_file) + or die "Couldn't get $owner_file"; + + foreach (split(/\n/, $owner_content)) { + next if /^#/; + chomp; + + ($distro, $package, $desc, $owner, $qa, $cc) = split(/\|/, $_); + + next if ( $package !~ m/$match/i); + + $owner{$package} = {}; + $owner{$package}->{'product'} = $distro; + $owner{$package}->{'package'} = $package; + $owner{$package}->{'description'} = $desc; + $owner{$package}->{'owner'} = $owner; + $owner{$package}->{'qacontact'} = $qa; + $owner{$package}->{'cclist'} = $cc; + } + + return %owner; + +} + +my $package = $ARGV[0]; + +my %owner = get_owner_content($package); + +if (!keys(%owner) or $package eq '') { + print "Could not find package \"$package\" in $owner_file\n"; + exit 1; +} + +foreach (keys(%owner)) { +print "Found package $_ in owners.list:\n"; +} + +my $ftp = Net::FTP->new($mirror_host, Debug => 0) + or die "Cannot connect to $mirror_host: $@"; +$ftp->login("anonymous",'-anonymous@') + or die "Cannot login ", $ftp->message; + + +foreach my $release (@releases) { + my ($f, $dir, $files, $rev, $ver, $name); + + $dir = sprintf($mirror_path, $release); + $release eq "development" && ($release = "dev"); + $files = $ftp->ls($dir) + or die "Cannot list directory ", $ftp->message; + + foreach my $f (@$files) { + chomp($f); + $f =~ s/$dir\///; + next unless $f =~ /^(.*$package.*)-([^\-]*)-([^\-]*)\.src\.rpm$/i; + $name = $1; + $ver = $2; + $rev = $3; + + print " $release\t$name\t$ver\t$rev\t$f\n"; + } +} + +$ftp->quit; Index: parse-announce =================================================================== RCS file: parse-announce diff -N parse-announce --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ parse-announce 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,99 @@ +#!/usr/bin/perl -w + +# $Id$ + +use strict; +use Mail::Mbox::MessageParser; +use Email::Simple; + +die "\nUsage: parse-announce mbox-file audit-file\n\n" if not defined($ARGV[1]); + +my $mbox_filename = $ARGV[0]; +my $audit_filename = $ARGV[1]; +my (@file, %cve_id, $audit_version); + +$ARGV[1] =~ /(\d+)$/; +$audit_version = $1; + +# Suck in the audit file +open(FH, $ARGV[1]); +while () { + my ($temp_cve, $temp_text, $temp_line, $temp_package); + chomp; + $temp_line = $_; + push @file, $temp_line; + + if ($temp_line =~ /^(CVE-\d{4}-\d{4}) (.*)/) { + $temp_cve = $1; + $temp_text = $2; + if ($temp_text =~ /\(([\w\-\_\.]+)[\,\)]/) { + $temp_package = $1; + } elsif ($temp_text =~ /\*\* (\w+)/) { + $temp_package = $1; + } else { + die "Couldn't determine the package name from the audit file"; + } + + $cve_id{$temp_cve} = {} if not $cve_id{$temp_cve}; + $cve_id{$temp_cve}->{$temp_package} = [$#file, $temp_line]; + } +} + +close(FH); + +my $folder_reader = new Mail::Mbox::MessageParser({ + 'file_name' => $mbox_filename, + 'enable_cache' => 0, +}); + +die $folder_reader unless ref $folder_reader; + +while (!$folder_reader->end_of_file()) { + my (@cves, $errata_id, $temp_cve); + my ($product, $package); + + + my $email = $folder_reader->read_next_email(); + my $mail = Email::Simple->new($$email); + my $subject = $mail->header('Subject'); + my $body = $mail->body; + + if ($body =~ m/Product\s*:\s+Fedora Core (\d+)/) { + $product = $1; + } else { + # Add support for fedora extras here + warn "Product name couldn't be found"; + next; + } + + if ($body =~ m/Name\s*:\s+(\w+)/) { + $package = $1; + } else { + warn "Package Name couldn't be found"; + next; + } + + if ($body =~ m/(FEDORA-\d{4}-\d+)/) { + $errata_id = $1; + } else { + warn "Errata ID couldn't be found"; + next; + } + + while ($body =~ m/(CVE-\d{4}-\d{4})/g) { + if ($cve_id{$1}) { + if ($cve_id{$1}->{$package} and $product eq $audit_version) { + $cve_id{$1}->{$package}->[1] .= "[since $errata_id]"; + my $file_line = $cve_id{$1}->{$package}->[0]; + next if $file[$file_line] =~ /\[since FEDORA/; + $file[$file_line] = $file[$file_line] . " [since $errata_id]" + } + } else { + print "$1 **FIXME** ($package) [since $errata_id]\n"; + } + } +} + +foreach (@file) { + print $_, "\n"; +} Index: suidaudit =================================================================== RCS file: suidaudit diff -N suidaudit --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ suidaudit 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,47 @@ +#!/usr/bin/env perl + +# $Id$ +# Audit RPM files for setuid and setgid files +# Lubomir Kundrak + +use strict; +use warnings; + +use RPM2; +use Fcntl ':mode'; + +foreach my $rpm (@ARGV) { + + my $hdr = RPM2->open_package ($rpm) + or die $!; + + my $pkgname = $hdr->tag('Name'); + + my $name; my @names = $hdr->tag('BASENAMES'); + my $mode; my @modes = $hdr->tag('FILEMODES'); + my $class; my @classes = $hdr->tag('FILECLASS'); + my $dirindex; my @dirindexes = $hdr->tag('DIRINDEXES'); + my $username; my @usernames = $hdr->tag('FILEUSERNAME'); + my $groupname; my @groupnames = $hdr->tag('FILEGROUPNAME'); + + my @classdict = $hdr->tag('CLASSDICT'); + my @dirnames = $hdr->tag('DIRNAMES'); + + while ( + $mode = shift @modes, + $username = shift @usernames, + $groupname = shift @groupnames, + $class = shift @classes, + $dirindex = shift @dirindexes, + $name = shift @names + ) { + if ($mode & S_IFREG and $mode & (S_ISUID | S_ISGID)) { + printf "%-25s %06o %8s:%-8s %-30s %-.50s...\n", + $pkgname, $mode, + (($mode & S_ISUID) ? $username : '-'), + (($mode & S_ISGID) ? $groupname : '-'), + $dirnames[$dirindex].$name, + $classdict[$class]; + } + } +} Index: update-cve-cache =================================================================== RCS file: update-cve-cache diff -N update-cve-cache --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ update-cve-cache 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,14 @@ +#!/usr/bin/env perl + +# $Id$ +# Generate CVE cache so that tools utilizing Libexig::CVE run smoothly +# Lubomir Kundrak + +use warnings; +use strict; + +use Libexig::CVE; + +#Libexig::CVE::nvdcache ('nvdcve-modified.xml'); +#Libexig::CVE::nvdcache ('nvdcve-recent.xml'); +Libexig::CVE::nvdcache ('nvdcve-'.$_.'.xml') foreach (2002..`date +%Y`); From fedora-security-commits at redhat.com Mon Jan 14 16:04:49 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 11:04:49 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Audit.pm, 1.1, 1.2 Bodhi.pm, 1.1, 1.2 CVE.pm, 1.1, 1.2 Fedora.pm, 1.1, 1.2 Util.pm, 1.1, 1.2 Message-ID: <200801141604.m0EG4n3l017485@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17363/lib/Libexig Added Files: Audit.pm Bodhi.pm CVE.pm Fedora.pm Util.pm Log Message: Merging (hopefully) stable from my branch Index: Audit.pm =================================================================== RCS file: Audit.pm diff -N Audit.pm --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ Audit.pm 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,130 @@ +# $Id$ +# Audit database interface +# Lubomir Kundrak + +package Libexig::Audit; + +use Libexig::Util; + +use warnings; +use strict; + +# Get lines from file and parse them +sub new +{ + my $class = shift; + my $self = shift; + + # Read standard input unless specified otherwise + $self->{file} = '-' unless $self->{file}; + + open (AUDIT, $self->{file}) + or die "Could not open $self->{file}"; + + $self->{audit} = []; + push @{$self->{audit}}, parse_line ($_) foreach ; + + close (AUDIT); + + bless $self, $class; + return $self; +} + +# Add an entry, to the proper place alphabetically +sub add +{ + my $self = shift; + my $entry = shift; + my $index; + + for ($index = 0; $index <= $#{$self->{audit}}; $index++) { + $self->{audit}->[$index]->{cve} or next; + $self->{audit}->[$index]->{cve} lt $entry->{cve} and last; + }; + + update_entry ($entry); + use Data::Dumper; + parse_line ($entry->{line}); # Check if it is well formed + insert ($self->{audit}, $index, $entry); +} + +# Save +sub save +{ + my $self = shift; + + open (AUDIT, '>'.$self->{file}) + or die "Could not open $self->{file}"; + + foreach my $entry (@{$self->{audit}}) { + #update_entry ($entry); + print AUDIT $entry->{line}; + } + + close (AUDIT); +} + +# Get an entry hash and reconstruct its 'line' field +# (useful if something got changed) +sub update_entry +{ + my $entry = shift; + + $entry->{cve} or return; + $entry->{line} = join " ", ( + $entry->{need_verif}.$entry->{cve}, + $entry->{status}, + ($entry->{fixed} + ? "($entry->{component}, $entry->{fixed})" + : "($entry->{component})"), + ($entry->{bug} + ? "#$entry->{bug}" + : ()), + ($entry->{since} + ? "[since $entry->{since}]" + : ()), + $entry->{comment} + ); + + chomp $entry->{line}; + $entry->{line} .= "\n"; +} + +# Get line and return a hash +sub parse_line +{ + $_ = shift; + if (/^#/ or /^\s*$/) { + return { + 'line' => $_, + }; + } elsif (/^ + (\*?)* # Needs verification + (\S+-\S+-\S+)\s* # CVE + (\*\*|version|VULNERABLE|ignore|backport|fixed)\s* # Status + \( + ([^\s,]+)\s* # Component + (,\s*(.*))?\s* # When fixed upstream + \)\s* + (\#(\d+))?\s* # Bugzilla IS + (\[since\s+(\S+)\])?\s* # When fixed in Fedora + (.*) # Comment + /x) { + return { + need_verif => $1, + cve => $2, + status => $3, + component => $4, + fixed => $6, + bug => $8, + since => $10, + comment => $11, + line => $_, + }; + next; + } else { + die "Prase error: $_"; + } +} + +0.99999; Index: Bodhi.pm =================================================================== RCS file: Bodhi.pm diff -N Bodhi.pm --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ Bodhi.pm 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,107 @@ +# $Id$ +# This is how do we interface with the Fedora Update System +# Lubomir Kundrak + +package Libexig::Bodhi; + +use JSON; + +# Convert the text blob from bodhi to a hash, +# dissect some multipart values +sub update_to_hashref +{ + my @lines = split /\n/, shift; + my %retval; + my $line; + my $name; + + # Rougly process all the fields and header + + while ($line = shift @lines) { + + # Header + if ($line eq "=" x 80) { + $retval{'_NVR'} = ''; + + do { + $line = shift @lines; + $line =~ /\s+(.*)/ and $retval{'_NVR'} .= $1; + } while ($line ne '=' x 80); + + # Additional comment lines do not have leading : + # This causes havoc on comments including : character + } elsif ($line =~ /^\s*(Comments): (.*)/) { + $name = $1; # always 'Comments' + $retval{$name} = $2; + + # expect comments until blank line + $line = shift @lines; + while (defined($line) && $line !~ /^$/) { + $line =~ s/^\s*//; + $retval{$name} .= "\n$line"; + $line = shift @lines; + } + + # Blah: blah + } elsif ($line =~ /\s*([^:]*): (.*)/) { + $name = $1 if ($1); + if (defined $retval{$name}) { + $retval{$name} .= "\n$2"; + } else { + $retval{$name} = $2; + } + + # Update URL + } elsif ($line =~ /^ (http.*)/) { + $retval{'_Update URL'} = "$1"; + } + } + + # Grok bug strings + + if ($retval{'Bugs'}) { + my %bugs; + my $bug; + + foreach (split /\n/, $retval{'Bugs'}) { + if (/(\d+) - (.*)/) { + $bug = $1; + $bugs{$bug} = $2; + } else { + #$bugs{$bug} .= " $2"; + } + } + + $retval{'_Bugs'} = \%bugs; + } + + # Grok raw NVR list + + my @nvrs = split /,\s*/, $retval{'_NVR'}; + $retval{'_NVRs'} = \@nvrs; + + # Parsing comments, not yet implemented, of no use for us + + return \%retval; +} + +# Get array of all updates for a package +sub get_updates +{ + my $pkg = shift or die 'No package name supplied'; + my @retval; + + + # Get updates + $json = `wget --post-data 'package=$pkg&tg_paginate_limit=0' -qO - \\ + 'https://admin.fedoraproject.org/updates/list?tg_format=json'`; + $obj = jsonToObj ($json); + + foreach my $update (@{$obj->{'updates'}}) { + push @retval, update_to_hashref ($update); + } + + return @retval; +} + +1; Index: CVE.pm =================================================================== RCS file: CVE.pm diff -N CVE.pm --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ CVE.pm 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,123 @@ +# $Id$ +# Get CVE information from NVD and maintain NVD XML file cache +# Lubomir Kundrak + +package Libexig::CVE; + +#use warnings; +#use strict; + +use Exporter 'import'; +use XML::Parser; +use LWP::Simple; + + at EXPORT = qw/cve/; + +my $sourcebase = 'http://nvd.nist.gov/download/'; +my $cachebase = $ENV{'HOME'}.'/.nvdcache/'; + +my $parser = new XML::Parser ( + 'Style' => 'Tree', +); + +sub get_element +{ + my $tree = shift; + + my $tag = shift @{$tree}; + my $content = shift @{$tree}; + my $arguments = shift @{$content}; + + if ($tag and $content and $arguments) { + return [$tag, $content, $arguments]; + } else { + return undef; + } +} + +# Gets element and returns description from 'cve' source +sub get_desc +{ + my $e = shift; + + while (my $e = get_element ($e->[1])) { + # + $e->[2]->{'source'} eq 'cve' or next; + return $e->[1]->[1]; + } +} + +# Gets element and returns array of all url=s of s +sub get_refs +{ + my $e = shift; + my @refs; + + while (my $e = get_element ($e->[1])) { + # + push @refs, $e->[2]->{'url'}; + } + + return @refs; +} + +# Get and return its description and references +sub do_entry +{ + my $e = shift; + my $desc; + my @refs; + + $e->[2]->{'type'} eq 'CVE' or die 'Non-CVE entry'; + + while (my $e = get_element ($e->[1])) { + $desc = get_desc ($e) if $e->[0] eq 'desc'; + @refs = get_refs ($e) if $e->[0] eq 'refs'; + + $desc and @refs and return ($desc, [@refs]); + } +} + +# Update file in cache if older than age and return its path +sub nvdcache +{ + my ($file, $age) = @_; + + mkdir $cachebase; + system ("mkdir -p '$cachebase'"); + mirror ($sourcebase.$file, $cachebase.$file) + or die ('Failed to update cache'); + return $cachebase.$file; +} + +# lala +sub cve +{ + my $cve = shift; + + $cve =~ /^CVE-(\d+)-\d+$/ or die "'$cve' does not look like a CVE id"; + my $year = ($1 > 2002 ? $1 : 2002); + + foreach ( + # File name => cache update threshold (minutes, XXX: not implemented) + # order is important + [ 'nvdcve-modified.xml' => 0 ], + [ 'nvdcve-recent.xml' => 0 ], + [ 'nvdcve-'.$year.'.xml' => 1440 ], + ) { + my $file = nvdcache (@{$_}); + my $tree = $parser->parsefile ($file); + my $e = get_element ($tree); + + while (my $e = get_element ($e->[1])) { + # matching + if ($e->[0] eq 'entry' and $e->[2]->{'name'} eq $cve) { + return do_entry ($e); + } + } + } + + return undef; +} + +1; Index: Fedora.pm =================================================================== RCS file: Fedora.pm diff -N Fedora.pm --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ Fedora.pm 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,255 @@ +# $Id$ +# Fedora specific routines and constants +# Lubomir Kundrak + +package Libexig::Fedora; + +use warnings; +use strict; + +%Libexig::Fedora::srt_bz_map = ( + 'critical' => 'urgent', + 'important' => 'high', + 'moderate' => 'medium', + 'low' => 'low', +); + +### +### Parent bugs from CVE +### + +# Get the text to include in the CVE bug descripiton +sub cve_bug_desc +{ + my $cve = shift; + my $desc = shift; + my $refs = shift; + + return + "Common Vulnerabilities and Exposures assigned an ". + "identifier $cve to the following vulnerability:". + "\n\n". + ($desc ? $desc : '(Please paste the CVE details manually)'). + "\n\n". + "References:\n\n". + ($refs ? join ("\n", @{$refs}) : '(References here, one per line)'); +} + +# Construct the parent bug +sub cve_bug +{ + my $cve = shift; + my $component = shift; + my $summary = shift; + my $desc = shift; + my $impact = shift; + my $bugzilla = shift; + + # Get CC list + # TODO: get rid of duplicates + my @cc; + foreach (split (/,/,$component)) { + push (@cc,$bugzilla->owners ($_)); + } + + return ( + 'bug_file_loc' => "http://nvd.nist.gov/nvd.cfm?cvename=$cve", + 'rep_platform' => 'All', + 'op_sys' => 'Linux', + 'short_desc' => "$cve $summary", + 'keywords' => 'Security', + 'product' => 'Security Response', + 'comment' => $desc, + 'component' => 'vulnerability', + 'bug_severity' => $Libexig::Fedora::srt_bz_map{$impact}, + 'priority' => $Libexig::Fedora::srt_bz_map{$impact}, + 'version' => 'unspecified', + 'cc' => join (',', @cc), + 'alias' => $cve, + ); +} + +### +### Tracking bugs +### + +my $comment_head = + 'This is an automatically created tracking bug! '. + 'It was created to ensure that one or more security '. + 'vulnerabilities are fixed in all affected branches.'. + "\n\n". + 'You should *not* refer to this bug publicly, as it is a '. + 'private "Fedora Project Contributors" bug.'. + "\n\n". + 'For comments that are specific to the vulnerability please use bugs '. + 'filed against "Security Response" product referenced in "Blocks" '. + 'field.'. + "\n\n"; + +my $comment_tail = + 'For more information see: '. + 'http://fedoraproject.org/wiki/Security/TrackingBugs'; + +my $comment_update = + # Following the list of parent bugs + "\n". + 'When creating an update for the version this this bug is reported '. + 'against please include the bug IDs of respective bugs filed '. + 'against "Security Response" product as well as of this bug and let the '. + 'update system close them. Please '. + 'note that the update announcement will (and should) contain only '. + 'references to "Security Response" bugs as long as the tracking '. + 'bug is restricted to "Fedora Project Contributors".'. + "\n\n"; + +my $comment_rawhide = + "\n". + 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '. + 'Fixed In field if possible) once is it fixed in devel branch. '. + 'Do *not* include the bug id of this bug in the RPM changelog and the '. + 'commit message.'. + "\n\n"; + +my %priorities = ( + 'urgent', => 4, + 'high', => 3, + 'medium', => 2, + 'low' => 1, +); + +# Valid versions +my %versions = ( + '6', => '6', + 'f6', => '6', + 'fc6', => '6', + '7', => '7', + 'f7', => '7', + 'fc7', => '7', + '8', => '8', + 'f8', => '8', + 'fc8', => '8', + '9', => 'rawhide', + 'f9', => 'rawhide', + 'fc9', => 'rawhide', + 'devel', => 'rawhide', +); + +sub tracking_bugs +{ + my $bugs = shift; + my $component = shift; + my @versions = @_; + + my @retval; + + # Construct a tracking bug template + + my %bug_tmpl = ( + 'bug_file_loc' => 'http://fedoraproject.org/wiki/Security/TrackingBugs', + 'rep_platform' => 'All', + 'op_sys' => 'Linux', + 'short_desc' => '', + 'keywords' => 'Security', + 'product' => 'Fedora', + 'component' => $component, + 'bug_severity' => 'low', + 'priority' => 'low', + 'bit-58' => '1', # Fedora Project Contributors + ); + + my $comment_parents = ''; + + foreach my $bug (@{$bugs}) { + + # Take the highest of priorities + $bug_tmpl{'bug_severity'} = $bug->{'bug_severity'} + if ($priorities{$bug->{'bug_severity'}} > $priorities{$bug_tmpl{'bug_severity'}}); + $bug_tmpl{'priority'} = $bug->{'priority'} + if ($priorities{$bug->{'priority'}} > $priorities{$bug_tmpl{'priority'}}); + + # This will be overwriten if we block just one parent bug + $bug_tmpl{'short_desc'} .= $bug->{'alias'}.' '; + + # Add the parent bug to the comment + $comment_parents .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n"; + } + + if (@{$bugs} > 1) { + $bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities"; + } else { + $bug_tmpl{'short_desc'} = $bugs->[0]->{'short_short_desc'}; + } + + # Create a bug hash for each version + + foreach my $version (@versions) { + my %bug = %bug_tmpl; + $bug{'short_desc'} .= " [Fedora $versions{$version}]"; + $bug{'version'} = $versions{$version}; + + $bug{'comment'} = + $comment_head. + $comment_parents. + ($bug{'version'} eq 'rawhide' ? $comment_rawhide : $comment_update). + $comment_tail; + + push @retval, \%bug; + } + + return \@retval; +} + +# file_tracking_bugs +# +# Arguments: +# - ref to list of parent bug ids +# - ref to list of bugs to file (each element must be hash as expected by BZ) +# this list is prepared by tracking_bugs +# - Bugzilla object reference +# - component +sub file_tracking_bugs +{ + my $parent_bugs = shift; + my $tracking_bugs = shift; + my $bugzilla = shift; + my $component = shift; + + my $comment = "Created Fedora tracking bugs for $component:\n\n"; + + foreach my $bug (@{$tracking_bugs}) { + use Data::Dumper; + my $bug_id = $bugzilla->file_bug ($bug); + + if (!defined($bug_id)) { + print STDERR "Error: Bug creation failed! (dryrun mode?)\n"; + #return undef; + } + + ### XXX: Move this somewhere else? + if ($bug->{'version'} ne 'rawhide') { + my $tr_comment = + 'You can eventually use the following link to '. + 'create the update request: '."\n". + 'https://admin.fedoraproject.org/updates/new/'. + '?request=Stable'. + '&type=security'. + '&release=Fedora%20'.$bug->{'version'}. + '&bugs='.$bug_id; + + foreach my $bug (@{$parent_bugs}) { + $tr_comment .= ','.$bug; + } + + $bugzilla->add_comment ($bug_id, $tr_comment); + } + + $bugzilla->add_blockers ($bug_id, $parent_bugs); + $comment .= $bug->{'version'}.": bug #$bug_id\n"; + } + + foreach my $bug (@{$parent_bugs}) { + $bugzilla->add_private_comment ($bug, $comment); + } + + return $comment; +} Index: Util.pm =================================================================== RCS file: Util.pm diff -N Util.pm --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ Util.pm 14 Jan 2008 16:04:47 -0000 1.2 @@ -0,0 +1,54 @@ +# $Id$ +# Random routines that are shared across the tooling +# Lubomir Kundrak + +package Libexig::Util; + +#use warnings; +#use strict; + +use Exporter 'import'; +use File::Temp ('tempfile'); + + at EXPORT = qw/edit_string read_noecho insert/; + +# Launch an editor for editing the bugzilla comment or whatever +sub edit_string +{ + my $string = shift; + + my ($tmpfh, $tmpname) = tempfile (); + print $tmpfh $string; + close ($tmpfh); + my $editor = ($ENV{'EDITOR'} or 'vi'); + system ($editor, $tmpname); + open ($tmpfh, "<$tmpname"); + $string = join ('', <$tmpfh>); + close ($tmpfh); + + return $string; +} + +# Get password not echoing characters +sub read_noecho +{ + print STDERR @_; + system ('stty -echo'); + my $string = ; + system ('stty echo'); + chomp ($string); + print STDERR "\n"; + $string; +} + +# Insert a sub-list into a list +sub insert +{ + my $array = shift; + my $index = shift; + my @what = @_; + + splice (@{$array}, $index, 0, @what); +} + +1; From fedora-security-commits at redhat.com Mon Jan 14 16:04:48 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 11:04:48 -0500 Subject: [Fedora-security-commits] fedora-security/tools Build.PL, 1.1, 1.2 MANIFEST, 1.1, 1.2 MANIFEST.SKIP, 1.1, 1.2 fedora-security.spec, 1.1, 1.2 generate-manifest, 1.4, NONE get-cve, 1.1, NONE package-release, 1.4, NONE parse-announce, 1.1, NONE suidaudit, 1.1, NONE Message-ID: <200801141604.m0EG4mEo017477@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17363 Added Files: Build.PL MANIFEST MANIFEST.SKIP fedora-security.spec Removed Files: generate-manifest get-cve package-release parse-announce suidaudit Log Message: Merging (hopefully) stable from my branch Index: Build.PL =================================================================== RCS file: Build.PL diff -N Build.PL --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ Build.PL 14 Jan 2008 16:04:46 -0000 1.2 @@ -0,0 +1,25 @@ +#!/usr/bin/env perl + +use Module::Build; + +Module::Build->new ( + module_name => 'fedora-security', + dist_version => '0.9', + dist_abstract => 'Tools for Fedora Security Response Team use', + dist_author => 'Lubomir Kundrak ', + script_files => 'scripts', + requires => { + 'Data::Dumper' => 0, + 'Exporter' => 0, + 'Fcntl' => 0, + 'File::Temp' => 0, + 'Getopt::Long' => 0, + 'JSON' => 0, + 'LWP::Simple' => 0, + 'RPM2' => 0, + 'XML::Parser' => 0, + 'XMLRPC::Lite' => 0, + }, +)->create_build_script; + + Index: MANIFEST =================================================================== RCS file: MANIFEST diff -N MANIFEST --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ MANIFEST 14 Jan 2008 16:04:46 -0000 1.2 @@ -0,0 +1,19 @@ +Build.PL +fedora-security.spec +lib/Libexig/Audit.pm +lib/Libexig/Bodhi.pm +lib/Libexig/Bugzilla.pm +lib/Libexig/CVE.pm +lib/Libexig/Util.pm +MANIFEST This list of files +META.yml +scripts/add-cve-bug +scripts/add-issue +scripts/add-tracking-bugs +scripts/check-updates +scripts/generate-manifest +scripts/get-cve +scripts/package-release +scripts/parse-announce +scripts/suidaudit +scripts/update-cve-cache Index: MANIFEST.SKIP =================================================================== RCS file: MANIFEST.SKIP diff -N MANIFEST.SKIP --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ MANIFEST.SKIP 14 Jan 2008 16:04:46 -0000 1.2 @@ -0,0 +1,39 @@ +# Avoid version control files. +\bRCS\b +\bCVS\b +,v$ +\B\.svn\b +\B\.cvsignore$ + +# Avoid Makemaker generated and utility files. +\bMakefile$ +\bblib +\bMakeMaker-\d +\bpm_to_blib$ +\bblibdirs$ +^MANIFEST\.SKIP$ + +# Avoid Module::Build generated and utility files. +\bBuild$ +\bBuild.bat$ +\b_build + +# Avoid Devel::Cover generated files +\bcover_db + +# Avoid temp and backup files. +~$ +\.tmp$ +\.old$ +\.bak$ +\#$ +\.# +\.rej$ + +# Avoid OS-specific files/dirs +# Mac OSX metadata +\B\.DS_Store +# Mac OSX SMB mount metadata files +\B\._ +# Avoid archives of this distribution +\bfedora-security-[\d\.\_]+ Index: fedora-security.spec =================================================================== RCS file: fedora-security.spec diff -N fedora-security.spec --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ fedora-security.spec 14 Jan 2008 16:04:46 -0000 1.2 @@ -0,0 +1,61 @@ +Name: fedora-security +Version: 0.9 +Release: 2%{?dist} +Summary: Tools for Fedora Security Response Team use + +Group: Development/Libraries +License: GPLv2 +URL: http://people.redhat.com/~lkundrak/fedora-security/ +Source0: http://people.redhat.com/~lkundrak/fedora-security/%{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildArch: noarch +BuildRequires: perl(Module::Build) +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description +Tools for Fedora Security Response Team use + + +%prep +%setup -q + +# Filter unwanted Requires: +cat << \EOF > %{name}-req +#!/bin/sh +%{__perl_requires} $* |\ + sed -e '/perl(Email::Simple)/d' |\ + sed -e '/perl(Mail::Mbox::MessageParser)/d' |\ + sed -e '/perl(Net::FTP)/d' +EOF + +%define __perl_requires %{_builddir}/%{name}-%{version}/%{name}-req +chmod +x %{__perl_requires} + + +%build +%{__perl} Build.PL --installdirs vendor +./Build + + +%install +rm -rf $RPM_BUILD_ROOT +./Build install --destdir $RPM_BUILD_ROOT +find $RPM_BUILD_ROOT -type f -name .packlist -exec rm -f {} ';' +find $RPM_BUILD_ROOT -depth -type d -exec rmdir {} 2>/dev/null ';' +chmod -R u+w $RPM_BUILD_ROOT/* + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%files +%defattr(-,root,root,-) +%{_bindir}/* +%{perl_vendorlib}/* + + +%changelog +* Sun Jan 06 2008 Lubomir Kundrak 0.9-1 +- Initial packaging attempt --- generate-manifest DELETED --- --- get-cve DELETED --- --- package-release DELETED --- --- parse-announce DELETED --- --- suidaudit DELETED --- From fedora-security-commits at redhat.com Mon Jan 14 16:13:36 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 11:13:36 -0500 Subject: [Fedora-security-commits] fedora-security/tools add-tracking-bugs, 1.4, NONE Message-ID: <200801141613.m0EGDaDO017834@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17809 Removed Files: add-tracking-bugs Log Message: Go a way, you should not exist! --- add-tracking-bugs DELETED --- From fedora-security-commits at redhat.com Mon Jan 14 16:14:50 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 11:14:50 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Bugzilla.pm, 1.1, 1.2 Message-ID: <200801141614.m0EGEoJ5017927@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17909 Added Files: Bugzilla.pm Log Message: And you? Where did you go? Index: Bugzilla.pm =================================================================== RCS file: Bugzilla.pm diff -N Bugzilla.pm --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ Bugzilla.pm 14 Jan 2008 16:14:48 -0000 1.2 @@ -0,0 +1,243 @@ +# $Id$ +# Bugzilla interface +# Lubomir Kundrak + +package Libexig::Bugzilla; + +use XMLRPC::Lite; + +use warnings; +use strict; + +# Instantialize a Bugzilla connection +sub new +{ + my $class = shift; + my $self = shift; + + # Login credentials + if ($self->{username} and $self->{password}) { + $self->{creds} = [$self->{username}, $self->{password}]; + } else { + die 'Need username and password if not dryrun' + unless $self->{dryrun}; + $self->{creds} = []; + } + + # XMLRPC endpoint + $self->{url} = 'https://bugzilla.redhat.com/xmlrpc.cgi' + unless $self->{url}; + + $self->{rpc} = new XMLRPC::Lite ( + proxy => $self->{url}, + encoding => 'UTF-8', + ) + or die 'Could not create a RPC instnace'; + + if ($self->{debug}) { + use Data::Dumper; + } + + bless $self, $class; + return $self; +} + +# Get list of owners of a package from Bugzilla +sub owners +{ + my $self = shift; + my $component = shift; + + print STDERR "Getting list of owners\n" + if $self->{debug}; + + # Call bugzilla + my $call = $self->{rpc}->call('bugzilla.getCompInfo', $component); + my $result = $call->result + or die $call->faultstring; + print STDERR Dumper ($result) + if $self->{debug}; + + # Eliminate duplicates + my %people; + foreach my $instance (@{$result}) { + # blacklist some EOLed products + if ($instance->{'product'} eq 'Red Hat Linux' + || $instance->{'product'} eq 'Red Hat Linux Beta' + || $instance->{'product'} eq 'Red Hat Public Beta' + || $instance->{'product'} eq 'Red Hat Raw Hide' + || $instance->{'product'} eq 'Fedora Legacy' + || $instance->{'product'} eq 'eCos' + || $instance->{'product'} eq 'eCos runtime kernel' + || $instance->{'product'} =~ /^Red Hat Powertools/ + || $instance->{'product'} =~ /^Stronghold /) { + next; + } + # XXX: Add also 'initialqa'? + $people{$instance->{initialowner}} = 1 + if defined $instance->{initialowner}; + } + + return keys %people; +} + +# Create a bug (unless dryrun) and return its ID +sub file_bug +{ + my $self = shift; + return 0 if $self->{dryrun}; + + print STDERR "Creating a bug\n" + if $self->{debug}; + + my $call = $self->{rpc}->call('bugzilla.createBug', + shift, @{$self->{creds}}); + + my $result = $call->result + or die $call->faultstring; + + print STDERR 'Bugzilla answered to createBug: '.Dumper($result) + if $self->{debug}; + + return $result->[0]; +} + +# Get bugs +sub get_bugs +{ + my $self = shift; + my $bugs = shift or die 'No bugs to fetch!'; + my $columns = shift; + $columns = [] unless ($columns); # The default set + + my $call = $self->{rpc}->call('bugzilla.runQuery', { + 'bug_id' => $bugs, + 'bug_status' => [], + 'column_list' => $columns, + }, @{$self->{creds}}); + + my $result = $call->result + or die $call->faultstring; + + print STDERR 'Bugzilla answered to runQuery: '.Dumper($result) + if $self->{debug}; + + return $result->{bugs}; +} + +# Add blockers (unless dryrun) to a bug +sub add_blockers +{ + my $self = shift; + return 0 if $self->{dryrun}; + + my $bug = shift or die 'No blocker!'; + my $parents = shift or die 'No bug to block!'; + + my $call = $self->{rpc}->call('bugzilla.updateDepends', $bug, { + 'blocked' => $parents, + 'action' => 'add', + }, @{$self->{creds}}, 1); + + my $result = $call->result + or die $call->faultstring; + + print STDERR 'Bugzilla answered to updateDepends: '.Dumper($result) + if $self->{debug}; + return undef; +} + +# Add comment - wrapper around bugzilla addComment XMLRPC method +# +# Mandatory arguments: +# bugid, comment +# Optional arguments: +# isprivate, timestamp, worktime, bz_gid, private_in_it, nomail +sub add_comment +{ + my $self = shift; + + my $bug = shift or die 'No bug!'; + my $comment = shift or die 'No comment!'; + + if ($self->{dryrun}) { + print STDERR 'Would add following comment to bug: #'.$bug."\n"; + print STDERR "$comment\n"; + return 0; + } + + my $call = $self->{rpc}->call('bugzilla.addComment', $bug, $comment, + @{$self->{creds}}, @_); + + my $result = $call->result + or die $call->faultstring; + + print STDERR 'Bugzilla answered to addComment: '.Dumper($result) + if $self->{debug}; + return undef; +} + +# Add private comment to a bug +# +# Arguments: +# bugid, comment +sub add_private_comment +{ + my $self = shift; + + my $bug = shift; + my $comment = shift; + + $self->add_comment($bug, $comment, 1); +} + +# Close bug - wrapper around bugzilla closeBug XMLRPC method +# +# Mandatory arguments: +# bugid, resolution +# Optional arguments: +# dupeid, fixedin, comment, isprivate, private_in_it, nomail +sub close_bug +{ + my $self = shift; + + my $bug = shift or die 'No bug!'; + my $resolution = shift or die 'No resolution!'; + + if ($self->{dryrun}) { + print STDERR 'Would close bug #'.$bug.' as: '.$resolution."\n"; + return 0; + } + + my $call = $self->{rpc}->call('bugzilla.closeBug', $bug, $resolution, + @{$self->{creds}}, @_); + + my $result = $call->result + or die $call->faultstring; + + print STDERR 'Bugzilla answered to closeBug: '.Dumper($result) + if $self->{debug}; + return undef; +} + +# Close bug with comment +# +# Mandatory arguments: +# bugid, resulution, comment +# Optional arguments: +# newfixedin, dupeid +sub close_bug_with_comment +{ + my $self = shift; + + my $bug = shift; + my $resolution = shift; + my $comment = shift or die 'No comment!'; + + my $fixedin = shift; + my $dupeid = shift; + + $self->close_bug($bug, $resolution, $dupeid, $fixedin, $comment); +} + +1; From fedora-security-commits at redhat.com Mon Jan 14 16:29:10 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 11:29:10 -0500 Subject: [Fedora-security-commits] fedora-security/tools META.yml, NONE, 1.1.2.1 MANIFEST, 1.1.2.1, 1.1.2.2 Message-ID: <200801141629.m0EGTAAt018429@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18411 Modified Files: Tag: lkundrak-tools-ng MANIFEST Added Files: Tag: lkundrak-tools-ng META.yml Log Message: Fix package build --- NEW FILE META.yml --- --- name: fedora-security version: 0.9 author: - 'Lubomir Kundrak ' abstract: Tools for Fedora Security Response Team use license: unknown requires: Data::Dumper: 0 Exporter: 0 Fcntl: 0 File::Temp: 0 Getopt::Long: 0 JSON: 0 LWP::Simple: 0 RPM2: 0 XML::Parser: 0 XMLRPC::Lite: 0 generated_by: Module::Build version 0.2808 meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.2.html version: 1.2 provides: Libexig::Audit: file: lib/Libexig/Audit.pm Libexig::Bodhi: file: lib/Libexig/Bodhi.pm Libexig::Bugzilla: file: lib/Libexig/Bugzilla.pm Libexig::CVE: file: lib/Libexig/CVE.pm Libexig::Fedora: file: lib/Libexig/Fedora.pm Libexig::Util: file: lib/Libexig/Util.pm Index: MANIFEST =================================================================== RCS file: /cvs/fedora/fedora-security/tools/MANIFEST,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- MANIFEST 6 Jan 2008 03:31:52 -0000 1.1.2.1 +++ MANIFEST 14 Jan 2008 16:29:08 -0000 1.1.2.2 @@ -4,6 +4,7 @@ lib/Libexig/Bodhi.pm lib/Libexig/Bugzilla.pm lib/Libexig/CVE.pm +lib/Libexig/Fedora.pm lib/Libexig/Util.pm MANIFEST This list of files META.yml From fedora-security-commits at redhat.com Mon Jan 14 16:33:13 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 11:33:13 -0500 Subject: [Fedora-security-commits] fedora-security/tools META.yml, 1.1, 1.2 MANIFEST, 1.2, 1.3 Message-ID: <200801141633.m0EGXDcj018766@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18701 Modified Files: MANIFEST Added Files: META.yml Log Message: Merge from lkundrak-tools-ng Index: META.yml =================================================================== RCS file: META.yml diff -N META.yml --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ META.yml 14 Jan 2008 16:33:11 -0000 1.2 @@ -0,0 +1,35 @@ +--- +name: fedora-security +version: 0.9 +author: + - 'Lubomir Kundrak ' +abstract: Tools for Fedora Security Response Team use +license: unknown +requires: + Data::Dumper: 0 + Exporter: 0 + Fcntl: 0 + File::Temp: 0 + Getopt::Long: 0 + JSON: 0 + LWP::Simple: 0 + RPM2: 0 + XML::Parser: 0 + XMLRPC::Lite: 0 +generated_by: Module::Build version 0.2808 +meta-spec: + url: http://module-build.sourceforge.net/META-spec-v1.2.html + version: 1.2 +provides: + Libexig::Audit: + file: lib/Libexig/Audit.pm + Libexig::Bodhi: + file: lib/Libexig/Bodhi.pm + Libexig::Bugzilla: + file: lib/Libexig/Bugzilla.pm + Libexig::CVE: + file: lib/Libexig/CVE.pm + Libexig::Fedora: + file: lib/Libexig/Fedora.pm + Libexig::Util: + file: lib/Libexig/Util.pm Index: MANIFEST =================================================================== RCS file: /cvs/fedora/fedora-security/tools/MANIFEST,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- MANIFEST 14 Jan 2008 16:04:46 -0000 1.2 +++ MANIFEST 14 Jan 2008 16:33:11 -0000 1.3 @@ -4,6 +4,7 @@ lib/Libexig/Bodhi.pm lib/Libexig/Bugzilla.pm lib/Libexig/CVE.pm +lib/Libexig/Fedora.pm lib/Libexig/Util.pm MANIFEST This list of files META.yml From fedora-security-commits at redhat.com Mon Jan 14 16:33:14 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 11:33:14 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Audit.pm, 1.2, 1.3 Bodhi.pm, 1.2, 1.3 Bugzilla.pm, 1.2, 1.3 CVE.pm, 1.2, 1.3 Fedora.pm, 1.2, 1.3 Util.pm, 1.2, 1.3 Message-ID: <200801141633.m0EGXE6W018778@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18701/lib/Libexig Modified Files: Audit.pm Bodhi.pm Bugzilla.pm CVE.pm Fedora.pm Util.pm Log Message: Merge from lkundrak-tools-ng From fedora-security-commits at redhat.com Mon Jan 14 16:33:14 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 11:33:14 -0500 Subject: [Fedora-security-commits] fedora-security/tools/scripts add-cve-bug, 1.2, 1.3 add-issue, 1.2, 1.3 add-tracking-bugs, 1.2, 1.3 check-updates, 1.2, 1.3 generate-manifest, 1.2, 1.3 get-cve, 1.2, 1.3 package-release, 1.2, 1.3 parse-announce, 1.2, 1.3 suidaudit, 1.2, 1.3 update-cve-cache, 1.2, 1.3 Message-ID: <200801141633.m0EGXExx018795@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18701/scripts Modified Files: add-cve-bug add-issue add-tracking-bugs check-updates generate-manifest get-cve package-release parse-announce suidaudit update-cve-cache Log Message: Merge from lkundrak-tools-ng From fedora-security-commits at redhat.com Mon Jan 14 21:02:05 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 16:02:05 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.82, 1.83 f9, 1.74, 1.75 fc7, 1.238, 1.239 Message-ID: <200801142102.m0EL25eg029455@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29433 Modified Files: f8 f9 fc7 Log Message: paramiko Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.82 retrieving revision 1.83 diff -u -r1.82 -r1.83 --- f8 14 Jan 2008 12:49:26 -0000 1.82 +++ f8 14 Jan 2008 21:02:02 -0000 1.83 @@ -10,6 +10,7 @@ GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485] GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485] GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485] +GENERIC-MAP-NOMATCH VULNERABLE (python-paramiko) #428728 CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0299] **CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.74 retrieving revision 1.75 diff -u -r1.74 -r1.75 --- f9 14 Jan 2008 12:49:26 -0000 1.74 +++ f9 14 Jan 2008 21:02:02 -0000 1.75 @@ -10,6 +10,7 @@ GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 +GENERIC-MAP-NOMATCH VULNERABLE (python-paramiko) #428730 CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] **CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] CVE-2008-0225 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.238 retrieving revision 1.239 diff -u -r1.238 -r1.239 --- fc7 14 Jan 2008 10:05:07 -0000 1.238 +++ fc7 14 Jan 2008 21:02:02 -0000 1.239 @@ -11,6 +11,7 @@ GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469] GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469] +GENERIC-MAP-NOMATCH VULNERABLE (python-paramiko) #428729 CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333] **CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) From fedora-security-commits at redhat.com Mon Jan 14 21:06:48 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 16:06:48 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.83, 1.84 f9, 1.75, 1.76 fc7, 1.239, 1.240 Message-ID: <200801142106.m0EL6mKs029767@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29745 Modified Files: f8 f9 fc7 Log Message: moodle Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.83 retrieving revision 1.84 diff -u -r1.83 -r1.84 --- f8 14 Jan 2008 21:02:02 -0000 1.83 +++ f8 14 Jan 2008 21:06:46 -0000 1.84 @@ -20,6 +20,7 @@ **CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information +CVE-2008-0123 VULNERABLE (moodle) #428731 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.75 retrieving revision 1.76 diff -u -r1.75 -r1.76 --- f9 14 Jan 2008 21:02:02 -0000 1.75 +++ f9 14 Jan 2008 21:06:46 -0000 1.76 @@ -20,6 +20,7 @@ **CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information +CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.239 retrieving revision 1.240 diff -u -r1.239 -r1.240 --- fc7 14 Jan 2008 21:02:02 -0000 1.239 +++ fc7 14 Jan 2008 21:06:46 -0000 1.240 @@ -21,6 +21,7 @@ **CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information +CVE-2008-0123 VULNERABLE (moodle) #428731 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] From fedora-security-commits at redhat.com Mon Jan 14 22:07:37 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 14 Jan 2008 17:07:37 -0500 Subject: [Fedora-security-commits] fedora-security/audit f9,1.76,1.77 Message-ID: <200801142207.m0EM7bbv007509@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7479 Modified Files: f9 Log Message: This was so fast. Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.76 retrieving revision 1.77 diff -u -r1.76 -r1.77 --- f9 14 Jan 2008 21:06:46 -0000 1.76 +++ f9 14 Jan 2008 22:07:35 -0000 1.77 @@ -10,7 +10,7 @@ GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 -GENERIC-MAP-NOMATCH VULNERABLE (python-paramiko) #428730 +GENERIC-MAP-NOMATCH fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] **CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] CVE-2008-0225 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] From fedora-security-commits at redhat.com Tue Jan 15 15:02:04 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 15 Jan 2008 10:02:04 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.84, 1.85 f9, 1.77, 1.78 fc7, 1.240, 1.241 Message-ID: <200801151502.m0FF24Ku022143@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22119/audit Modified Files: f8 f9 fc7 Log Message: mongrel issue does not affect us note one older issue Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.84 retrieving revision 1.85 diff -u -r1.84 -r1.85 --- f8 14 Jan 2008 21:06:46 -0000 1.84 +++ f8 15 Jan 2008 15:02:02 -0000 1.85 @@ -27,6 +27,7 @@ CVE-2007-6672 VULNERABLE (jetty) #428017 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] +CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] CVE-2007-6601 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-6600 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.77 retrieving revision 1.78 diff -u -r1.77 -r1.78 --- f9 14 Jan 2008 22:07:35 -0000 1.77 +++ f9 15 Jan 2008 15:02:02 -0000 1.78 @@ -29,6 +29,7 @@ CVE-2007-6630 version (netembryo, fixed 0.0.5) #427470 There was not release in stable branches yet [since netembryo-0.0.5-1.fc9] CVE-2007-6613 version (libcdio) #427200 [since libcdio-0.79-2.fc9] GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 +CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped CVE-2007-6611 version (mantis) #427280 [since mantis-1.1.0-1.fc9] CVE-2007-6601 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6600 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.240 retrieving revision 1.241 diff -u -r1.240 -r1.241 --- fc7 14 Jan 2008 21:06:46 -0000 1.240 +++ fc7 15 Jan 2008 15:02:02 -0000 1.241 @@ -27,6 +27,7 @@ CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] +CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped CVE-2007-6611 fixed (mantis) #427279 [since FEDORA-2008-0353] CVE-2007-6601 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-6600 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] @@ -469,6 +470,7 @@ CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped. CVE-2007-2241 backport (bind) [since FEDORA-2007-0300] +CVE-2007-2241 version (bind, fixed 9.4.1) CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction CVE-2007-2172 version (kernel, fixed 2.6.21-rc6) CVE-2007-2165 version (proftpd) #237533 [since FEDORA-2007-2613] From fedora-security-commits at redhat.com Tue Jan 15 16:16:38 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 15 Jan 2008 11:16:38 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.85, 1.86 f9, 1.78, 1.79 fc7, 1.241, 1.242 Message-ID: <200801151616.m0FGGcWH031330@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31306/audit Modified Files: f8 f9 fc7 Log Message: update wordpress notes based on http://bugs.gentoo.org/show_bug.cgi?id=205967 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.85 retrieving revision 1.86 diff -u -r1.85 -r1.86 --- f8 15 Jan 2008 15:02:02 -0000 1.85 +++ f8 15 Jan 2008 16:16:36 -0000 1.86 @@ -17,7 +17,7 @@ **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) -**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) +CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3. **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0123 VULNERABLE (moodle) #428731 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.78 retrieving revision 1.79 diff -u -r1.78 -r1.79 --- f9 15 Jan 2008 15:02:02 -0000 1.78 +++ f9 15 Jan 2008 16:16:36 -0000 1.79 @@ -17,7 +17,7 @@ **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) -**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) +CVE-2008-0193 version (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2 **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.241 retrieving revision 1.242 diff -u -r1.241 -r1.242 --- fc7 15 Jan 2008 15:02:02 -0000 1.241 +++ fc7 15 Jan 2008 16:16:36 -0000 1.242 @@ -18,7 +18,7 @@ **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) -**CVE-2008-0193 VULNERABLE (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) +CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2 **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0123 VULNERABLE (moodle) #428731 From fedora-security-commits at redhat.com Wed Jan 16 08:10:09 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 16 Jan 2008 03:10:09 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.86, 1.87 f9, 1.79, 1.80 fc7, 1.242, 1.243 Message-ID: <200801160810.m0G8A9kL003281@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3252/audit Modified Files: f8 f9 fc7 Log Message: drupal cve ids assigned Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.86 retrieving revision 1.87 diff -u -r1.86 -r1.87 --- f8 15 Jan 2008 16:16:36 -0000 1.86 +++ f8 16 Jan 2008 08:10:07 -0000 1.87 @@ -7,9 +7,9 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 -GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485] -GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485] -GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485] +CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485] +CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485] +CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485] GENERIC-MAP-NOMATCH VULNERABLE (python-paramiko) #428728 CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0299] **CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.79 retrieving revision 1.80 diff -u -r1.79 -r1.80 --- f9 15 Jan 2008 16:16:36 -0000 1.79 +++ f9 16 Jan 2008 08:10:07 -0000 1.80 @@ -7,9 +7,9 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 -GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 -GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 -GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 +CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 +CVE-2008-0273 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 +CVE-2008-0272 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 GENERIC-MAP-NOMATCH fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] **CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.242 retrieving revision 1.243 diff -u -r1.242 -r1.243 --- fc7 15 Jan 2008 16:16:36 -0000 1.242 +++ fc7 16 Jan 2008 08:10:07 -0000 1.243 @@ -8,9 +8,9 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 -GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] -GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469] -GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469] +CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] +CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469] +CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469] GENERIC-MAP-NOMATCH VULNERABLE (python-paramiko) #428729 CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333] **CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) From fedora-security-commits at redhat.com Wed Jan 16 08:13:03 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 16 Jan 2008 03:13:03 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.87, 1.88 f9, 1.80, 1.81 fc7, 1.243, 1.244 Message-ID: <200801160813.m0G8D3Mo003337@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3315 Modified Files: f8 f9 fc7 Log Message: check-updates, ngircd issue Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.87 retrieving revision 1.88 diff -u -r1.87 -r1.88 --- f8 16 Jan 2008 08:10:07 -0000 1.87 +++ f8 16 Jan 2008 08:13:01 -0000 1.88 @@ -7,10 +7,11 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 +CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485] CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485] CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485] -GENERIC-MAP-NOMATCH VULNERABLE (python-paramiko) #428728 +GENERIC-MAP-NOMATCH fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0299] **CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) @@ -20,7 +21,7 @@ CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3. **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information -CVE-2008-0123 VULNERABLE (moodle) #428731 +CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.80 retrieving revision 1.81 diff -u -r1.80 -r1.81 --- f9 16 Jan 2008 08:10:07 -0000 1.80 +++ f9 16 Jan 2008 08:13:01 -0000 1.81 @@ -11,6 +11,7 @@ CVE-2008-0273 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 CVE-2008-0272 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 GENERIC-MAP-NOMATCH fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] +CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] **CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] CVE-2008-0225 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.243 retrieving revision 1.244 diff -u -r1.243 -r1.244 --- fc7 16 Jan 2008 08:10:07 -0000 1.243 +++ fc7 16 Jan 2008 08:13:01 -0000 1.244 @@ -12,6 +12,7 @@ CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469] CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469] GENERIC-MAP-NOMATCH VULNERABLE (python-paramiko) #428729 +CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333] **CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) From fedora-security-commits at redhat.com Wed Jan 16 15:40:27 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 16 Jan 2008 10:40:27 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.88, 1.89 f9, 1.81, 1.82 fc7, 1.244, 1.245 Message-ID: <200801161540.m0GFeRNi026588@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26562 Modified Files: f8 f9 fc7 Log Message: boost regex flaws old coolkey issue Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.88 retrieving revision 1.89 diff -u -r1.88 -r1.89 --- f8 16 Jan 2008 08:13:01 -0000 1.88 +++ f8 16 Jan 2008 15:40:25 -0000 1.89 @@ -21,6 +21,8 @@ CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3. **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information +CVE-2008-0172 VULNERABLE (boost) #428975 +CVE-2008-0171 VULNERABLE (boost) #428975 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 @@ -186,6 +188,7 @@ CVE-2007-4352 backport (koffice) #372601 [since FEDORA-2007-3093] CVE-2007-4352 backport (tetex) #372661 [since FEDORA-2007-3308] CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982] +CVE-2007-4129 backport (coolkey) [since coolkey-1.1.0-5.fc8] CVE-2007-4045 backport (cups) [since FEDORA-2007-2982] CVE-2007-4033 backport (tetex) [since FEDORA-2007-3308] CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.81 retrieving revision 1.82 diff -u -r1.81 -r1.82 --- f9 16 Jan 2008 08:13:01 -0000 1.81 +++ f9 16 Jan 2008 15:40:25 -0000 1.82 @@ -21,6 +21,8 @@ CVE-2008-0193 version (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2 **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information +CVE-2008-0172 VULNERABLE (boost) #428976 +CVE-2008-0171 VULNERABLE (boost) #428976 CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.244 retrieving revision 1.245 diff -u -r1.244 -r1.245 --- fc7 16 Jan 2008 08:13:01 -0000 1.244 +++ fc7 16 Jan 2008 15:40:25 -0000 1.245 @@ -22,6 +22,8 @@ CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2 **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information +CVE-2008-0172 VULNERABLE (boost) #428974 +CVE-2008-0171 VULNERABLE (boost) #428974 CVE-2008-0123 VULNERABLE (moodle) #428731 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 @@ -286,6 +288,7 @@ CVE-2007-4137 backport (qt) #292941 [since FEDORA-2007-2216] CVE-2007-4134 version (star, fixed 1.5a84) #254128 [since FEDORA-2007-1852] CVE-2007-4131 backport (tar) #253684 [since FEDORA-2007-1890] +CVE-2007-4129 VULNERABLE (coolkey) #280091 CVE-2007-4066 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4065 backport (libvorbis) #245991 [since FEDORA-2007-1765] CVE-2007-4045 backport (cups) [since FEDORA-2007-3100] From fedora-security-commits at redhat.com Wed Jan 16 17:27:04 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 16 Jan 2008 12:27:04 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Bugzilla.pm, 1.3, 1.4 Message-ID: <200801161727.m0GHR45F010240@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10222/tools/lib/Libexig Modified Files: Bugzilla.pm Log Message: add possiblity to call arbitrary XMLRPC method Index: Bugzilla.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Bugzilla.pm,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- Bugzilla.pm 14 Jan 2008 16:33:12 -0000 1.3 +++ Bugzilla.pm 16 Jan 2008 17:27:01 -0000 1.4 @@ -240,4 +240,30 @@ $self->close_bug($bug, $resolution, $dupeid, $fixedin, $comment); } +# Call arbitrary Bugzilla XMLRPC method +# +# Arguments: method, method-specific arguments +sub rpccall +{ + my $self = shift; + my $method = shift or die 'No XMLRPC method specified!'; + + print "Calling bugzilla.$method with arguments:\n", Dumper(\@_) + if $self->{'debug'}; + + my $call = $self->{rpc}->call('bugzilla.'.$method, @_); + my $result = $call->result; + + if (!defined($result)) { + print STDERR "XMLRPC call to bugzilla.$method failed:\n"; + print STDERR $call->faultstring; + return undef; + } + + print "Bugzilla answer to bugzilla.$method:\n", Dumper($result), "\n" + if $self->{'debug'}; + + return $result; +} + 1; From fedora-security-commits at redhat.com Thu Jan 17 10:00:12 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 17 Jan 2008 05:00:12 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.89, 1.90 fc7, 1.245, 1.246 Message-ID: <200801171000.m0HA0Crw014187@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14165 Modified Files: f8 fc7 Log Message: moodle, paramiko, syslog-ng and e2fsprogs fixed Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.89 retrieving revision 1.90 diff -u -r1.89 -r1.90 --- f8 16 Jan 2008 15:40:25 -0000 1.89 +++ f8 17 Jan 2008 10:00:09 -0000 1.90 @@ -53,7 +53,7 @@ CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] -CVE-2007-6437 VULNERABLE (syslog-ng) #426306 [since FEDORA-2008-0523] +CVE-2007-6437 fixed (syslog-ng) #426306 [since FEDORA-2008-0523] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 CVE-2007-6353 VULNERABLE (exiv2) #425923 @@ -137,7 +137,7 @@ CVE-2007-5503 version (cairo, fixed 1.4.12) [since FEDORA-2007-3913] CVE-2007-5501 version (kernel) [since FEDORA-2007-3837] CVE-2007-5500 version (kernel) [since FEDORA-2007-3837] -CVE-2007-5497 VULNERABLE (e2fsprogs) #414581 [since FEDORA-2007-4447] +CVE-2007-5497 fixed (e2fsprogs) #414581 [since FEDORA-2007-4447] CVE-2007-5461 version (tomcat5) #363001 [since FEDORA-2007-3474] CVE-2007-5398 version (samba) [since FEDORA-2007-3403] CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.245 retrieving revision 1.246 diff -u -r1.245 -r1.246 --- fc7 16 Jan 2008 15:40:25 -0000 1.245 +++ fc7 17 Jan 2008 10:00:09 -0000 1.246 @@ -11,7 +11,7 @@ CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469] CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469] -GENERIC-MAP-NOMATCH VULNERABLE (python-paramiko) #428729 +GENERIC-MAP-NOMATCH fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333] **CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) @@ -24,7 +24,7 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0172 VULNERABLE (boost) #428974 CVE-2008-0171 VULNERABLE (boost) #428974 -CVE-2008-0123 VULNERABLE (moodle) #428731 +CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] @@ -53,7 +53,7 @@ CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] -CVE-2007-6437 VULNERABLE (syslog-ng) #426305 [since FEDORA-2008-0559] +CVE-2007-6437 fixed (syslog-ng) #426305 [since FEDORA-2008-0559] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551] @@ -146,7 +146,7 @@ CVE-2007-5503 VULNERABLE (cairo, fixed 1.4.12) [since FEDORA-2007-3818] CVE-2007-5501 version (kernel) [since FEDORA-2007-3751] CVE-2007-5500 version (kernel) [since FEDORA-2007-3751] -CVE-2007-5497 VULNERABLE (e2fsprogs) #414571 [since FEDORA-2007-4461] +CVE-2007-5497 fixed (e2fsprogs) #414571 [since FEDORA-2007-4461] CVE-2007-5461 version (tomcat5) #334511 [since FEDORA-2007-3456] CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe CVE-2007-5398 version (samba) [since FEDORA-2007-3402] From fedora-security-commits at redhat.com Thu Jan 17 15:20:08 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 17 Jan 2008 10:20:08 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.90, 1.91 f9, 1.82, 1.83 fc7, 1.246, 1.247 Message-ID: <200801171520.m0HFK8VK028581@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28552/audit Modified Files: f8 f9 fc7 Log Message: Xorg issues Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.90 retrieving revision 1.91 diff -u -r1.90 -r1.91 --- f8 17 Jan 2008 10:00:09 -0000 1.90 +++ f8 17 Jan 2008 15:20:06 -0000 1.91 @@ -25,6 +25,7 @@ CVE-2008-0171 VULNERABLE (boost) #428975 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] +CVE-2008-0006 VULNERABLE (libXfont) #429132 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] CVE-2007-6672 VULNERABLE (jetty) #428017 @@ -45,6 +46,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 +CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 +CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982 @@ -107,6 +111,7 @@ CVE-2007-5964 backport (autofs) #409701 [since FEDORA-2007-4532] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] +CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows @@ -124,6 +129,7 @@ CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 +CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.82 retrieving revision 1.83 diff -u -r1.82 -r1.83 --- f9 16 Jan 2008 15:40:25 -0000 1.82 +++ f9 17 Jan 2008 15:20:06 -0000 1.83 @@ -25,6 +25,7 @@ CVE-2008-0171 VULNERABLE (boost) #428976 CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] +CVE-2008-0006 VULNERABLE (libXfont) #429133 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) CVE-2007-6672 VULNERABLE (jetty) #428018 @@ -45,6 +46,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 +CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 +CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984 @@ -107,6 +111,7 @@ CVE-2007-5964 backport (autofs) #421371 [since autofs-5.0.2-21] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) +CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9] @@ -124,6 +129,7 @@ CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] +CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.246 retrieving revision 1.247 diff -u -r1.246 -r1.247 --- fc7 17 Jan 2008 10:00:09 -0000 1.246 +++ fc7 17 Jan 2008 15:20:06 -0000 1.247 @@ -26,6 +26,7 @@ CVE-2008-0171 VULNERABLE (boost) #428974 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] +CVE-2008-0006 VULNERABLE (libXfont) #429131 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] @@ -45,6 +46,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 +CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 +CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983 @@ -107,6 +111,7 @@ CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] +CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows @@ -123,6 +128,7 @@ CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019] CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056] CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] +CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] From fedora-security-commits at redhat.com Fri Jan 18 10:02:38 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 18 Jan 2008 05:02:38 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.91, 1.92 f9, 1.83, 1.84 fc7, 1.247, 1.248 Message-ID: <200801181002.m0IA2cwV025800@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25772/audit Modified Files: f8 f9 fc7 Log Message: paramiko cve id rawhide updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.91 retrieving revision 1.92 diff -u -r1.91 -r1.92 --- f8 17 Jan 2008 15:20:06 -0000 1.91 +++ f8 18 Jan 2008 10:02:36 -0000 1.92 @@ -7,11 +7,11 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 +CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485] CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485] CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485] -GENERIC-MAP-NOMATCH fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0299] **CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.83 retrieving revision 1.84 diff -u -r1.83 -r1.84 --- f9 17 Jan 2008 15:20:06 -0000 1.83 +++ f9 18 Jan 2008 10:02:36 -0000 1.84 @@ -7,10 +7,10 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 CVE-2008-0273 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 CVE-2008-0272 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 -GENERIC-MAP-NOMATCH fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] **CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] @@ -21,11 +21,11 @@ CVE-2008-0193 version (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2 **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information -CVE-2008-0172 VULNERABLE (boost) #428976 -CVE-2008-0171 VULNERABLE (boost) #428976 +CVE-2008-0172 backport (boost) #428976 [since boost-1.34.1-7.fc9] +CVE-2008-0171 backport (boost) #428976 [since boost-1.34.1-7.fc9] CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] -CVE-2008-0006 VULNERABLE (libXfont) #429133 +CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) CVE-2007-6672 VULNERABLE (jetty) #428018 @@ -46,9 +46,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] -CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 -CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 -CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 +CVE-2007-6429 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] +CVE-2007-6428 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] +CVE-2007-6427 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984 @@ -111,7 +111,7 @@ CVE-2007-5964 backport (autofs) #421371 [since autofs-5.0.2-21] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) -CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 +CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] code removed upstream CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9] @@ -129,7 +129,7 @@ CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] -CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 +CVE-2007-5760 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.247 retrieving revision 1.248 diff -u -r1.247 -r1.248 --- fc7 17 Jan 2008 15:20:06 -0000 1.247 +++ fc7 18 Jan 2008 10:02:36 -0000 1.248 @@ -8,10 +8,10 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 +CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469] CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469] -GENERIC-MAP-NOMATCH fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333] **CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) From fedora-security-commits at redhat.com Fri Jan 18 16:00:16 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 18 Jan 2008 11:00:16 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Bugzilla.pm, 1.4, 1.5 Message-ID: <200801181600.m0IG0GcT012279@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12257/tools/lib/Libexig Modified Files: Bugzilla.pm Log Message: CC also co-maintainers (BZ initial CC list) Index: Bugzilla.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Bugzilla.pm,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- Bugzilla.pm 16 Jan 2008 17:27:01 -0000 1.4 +++ Bugzilla.pm 18 Jan 2008 16:00:14 -0000 1.5 @@ -76,6 +76,11 @@ # XXX: Add also 'initialqa'? $people{$instance->{initialowner}} = 1 if defined $instance->{initialowner}; + + # Add initial CC list if any + foreach my $cc (@{ $instance->{'initialcclist'} }) { + $people{$cc} = 1; + } } return keys %people; From fedora-security-commits at redhat.com Fri Jan 18 17:26:15 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 18 Jan 2008 12:26:15 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.92, 1.93 f9, 1.84, 1.85 fc7, 1.248, 1.249 Message-ID: <200801181726.m0IHQF3o028550@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28528 Modified Files: f8 f9 fc7 Log Message: gallery2 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.92 retrieving revision 1.93 diff -u -r1.92 -r1.93 --- f8 18 Jan 2008 10:02:36 -0000 1.92 +++ f8 18 Jan 2008 17:26:13 -0000 1.93 @@ -28,6 +28,15 @@ CVE-2008-0006 VULNERABLE (libXfont) #429132 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] +CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6692 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6691 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6690 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6689 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6688 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] CVE-2007-6672 VULNERABLE (jetty) #428017 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.84 retrieving revision 1.85 diff -u -r1.84 -r1.85 --- f9 18 Jan 2008 10:02:36 -0000 1.84 +++ f9 18 Jan 2008 17:26:13 -0000 1.85 @@ -28,6 +28,15 @@ CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) +CVE-2007-6693 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6692 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6691 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6690 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6689 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6688 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6687 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6686 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6685 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] CVE-2007-6672 VULNERABLE (jetty) #428018 CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet CVE-2007-6630 version (netembryo, fixed 0.0.5) #427470 There was not release in stable branches yet [since netembryo-0.0.5-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.248 retrieving revision 1.249 diff -u -r1.248 -r1.249 --- fc7 18 Jan 2008 10:02:36 -0000 1.248 +++ fc7 18 Jan 2008 17:26:13 -0000 1.249 @@ -29,6 +29,15 @@ CVE-2008-0006 VULNERABLE (libXfont) #429131 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] +CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6692 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6691 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6690 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6689 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6688 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped From fedora-security-commits at redhat.com Fri Jan 18 23:04:53 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 18 Jan 2008 18:04:53 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.93, 1.94 f9, 1.85, 1.86 fc7, 1.249, 1.250 Message-ID: <200801182304.m0IN4ru1017437@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17400 Modified Files: f8 f9 fc7 Log Message: bittorrent Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.93 retrieving revision 1.94 diff -u -r1.93 -r1.94 --- f8 18 Jan 2008 17:26:13 -0000 1.93 +++ f8 18 Jan 2008 23:04:51 -0000 1.94 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 +CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.85 retrieving revision 1.86 diff -u -r1.85 -r1.86 --- f9 18 Jan 2008 17:26:13 -0000 1.85 +++ f9 18 Jan 2008 23:04:51 -0000 1.86 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 CVE-2008-0273 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.249 retrieving revision 1.250 diff -u -r1.249 -r1.250 --- fc7 18 Jan 2008 17:26:13 -0000 1.249 +++ fc7 18 Jan 2008 23:04:51 -0000 1.250 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 +CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469] From fedora-security-commits at redhat.com Mon Jan 21 16:26:30 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 21 Jan 2008 11:26:30 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.94, 1.95 f9, 1.86, 1.87 fc7, 1.250, 1.251 Message-ID: <200801211626.m0LGQUUr030180@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30158 Modified Files: f8 f9 fc7 Log Message: bind && mantis Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.94 retrieving revision 1.95 diff -u -r1.94 -r1.95 --- f8 18 Jan 2008 23:04:51 -0000 1.94 +++ f8 21 Jan 2008 16:26:28 -0000 1.95 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 +GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552 CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 @@ -25,6 +26,7 @@ CVE-2008-0172 VULNERABLE (boost) #428975 CVE-2008-0171 VULNERABLE (boost) #428975 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] +CVE-2008-0122 VULNERABLE (bind) #429149 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0006 VULNERABLE (libXfont) #429132 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.86 retrieving revision 1.87 diff -u -r1.86 -r1.87 --- f9 18 Jan 2008 23:04:51 -0000 1.86 +++ f9 21 Jan 2008 16:26:28 -0000 1.87 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 @@ -25,6 +26,7 @@ CVE-2008-0172 backport (boost) #428976 [since boost-1.34.1-7.fc9] CVE-2008-0171 backport (boost) #428976 [since boost-1.34.1-7.fc9] CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] +CVE-2008-0122 VULNERABLE (bind) #429534 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.250 retrieving revision 1.251 diff -u -r1.250 -r1.251 --- fc7 18 Jan 2008 23:04:51 -0000 1.250 +++ fc7 21 Jan 2008 16:26:28 -0000 1.251 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 +GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552 CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] @@ -26,6 +27,7 @@ CVE-2008-0172 VULNERABLE (boost) #428974 CVE-2008-0171 VULNERABLE (boost) #428974 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] +CVE-2008-0122 VULNERABLE (bind) #429149 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0006 VULNERABLE (libXfont) #429131 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 From fedora-security-commits at redhat.com Tue Jan 22 19:21:49 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 22 Jan 2008 14:21:49 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.95, 1.96 f9, 1.87, 1.88 fc7, 1.251, 1.252 Message-ID: <200801221921.m0MJLn5H009118@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9059/audit Modified Files: f8 f9 fc7 Log Message: scponly issues Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.95 retrieving revision 1.96 diff -u -r1.95 -r1.96 --- f8 21 Jan 2008 16:26:28 -0000 1.95 +++ f8 22 Jan 2008 19:21:47 -0000 1.96 @@ -65,6 +65,7 @@ CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6420 ignore (httpd) wontfix by upstream +CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429732 CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] @@ -75,7 +76,7 @@ CVE-2007-6353 VULNERABLE (exiv2) #425923 CVE-2007-6352 fixed (libexif) #425631 [since FEDORA-2007-4667] CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667] -CVE-2007-6350 VULNERABLE (scponly) rsync vector only +CVE-2007-6350 VULNERABLE (scponly) #429731 rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423291 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.87 retrieving revision 1.88 diff -u -r1.87 -r1.88 --- f9 21 Jan 2008 16:26:28 -0000 1.87 +++ f9 22 Jan 2008 19:21:47 -0000 1.88 @@ -65,6 +65,7 @@ CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6420 ignore (httpd) wontfix by upstream +CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.251 retrieving revision 1.252 diff -u -r1.251 -r1.252 --- fc7 21 Jan 2008 16:26:28 -0000 1.251 +++ fc7 22 Jan 2008 19:21:47 -0000 1.252 @@ -65,6 +65,7 @@ CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6420 ignore (httpd) wontfix by upstream +CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429731 CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] @@ -75,7 +76,7 @@ CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551] CVE-2007-6352 fixed (libexif) #425621 [since FEDORA-2007-4608] CVE-2007-6351 fixed (libexif) #425621 [since FEDORA-2007-4608] -CVE-2007-6350 VULNERABLE (scponly) rsync vector only +CVE-2007-6350 VULNERABLE (scponly) #429731 rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423281 From fedora-security-commits at redhat.com Wed Jan 23 18:42:11 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 23 Jan 2008 13:42:11 -0500 Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Bugzilla.pm, 1.1.2.3, 1.1.2.4 Message-ID: <200801231842.m0NIgdUG025245@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25032/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Bugzilla.pm Log Message: Understand aliases, so that add-tracking-bugs --cve=* can be used Index: Bugzilla.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Bugzilla.pm,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- Bugzilla.pm 9 Jan 2008 14:37:43 -0000 1.1.2.3 +++ Bugzilla.pm 23 Jan 2008 18:42:04 -0000 1.1.2.4 @@ -102,11 +102,41 @@ return $result->[0]; } +# Take a bug id or alias and return id +sub resolve_alias +{ + my $self = shift; + my $bug = shift; + + my $call = $self->{rpc}->call('bugzilla.getBugSimple', $bug, @{$self->{creds}}); + + my $result = $call->result + or return $bug; + + return $result->{bug_id}; +} + +# Take a reference to list of scalars and replace +# bug aliases with ids in place +sub resolve_aliases +{ + my $self = shift; + my $bugs = shift; + my $i = 0; + + foreach my $bug (@{$bugs}) { + $bugs->[$i++] = $self->resolve_alias ($bug); + } + + return $bugs; +} + # Get bugs sub get_bugs { my $self = shift; - my $bugs = shift or die 'No bugs to fetch!'; + my $bugs = $self->resolve_aliases (shift) + or die 'No bugs to fetch!'; my $columns = shift; $columns = [] unless ($columns); # The default set @@ -156,8 +186,7 @@ sub add_comment { my $self = shift; - - my $bug = shift or die 'No bug!'; + my $bug = shift; my $comment = shift or die 'No comment!'; if ($self->{dryrun}) { From fedora-security-commits at redhat.com Wed Jan 23 18:59:46 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 23 Jan 2008 13:59:46 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.96, 1.97 f9, 1.88, 1.89 fc7, 1.252, 1.253 Message-ID: <200801231859.m0NIxksw026528@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26507 Modified Files: f8 f9 fc7 Log Message: A bunch of updates went out, tracking pulseaudio and tomcat Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.96 retrieving revision 1.97 diff -u -r1.96 -r1.97 --- f8 22 Jan 2008 19:21:47 -0000 1.96 +++ f8 23 Jan 2008 18:59:44 -0000 1.97 @@ -7,7 +7,9 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 -GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552 +GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429903 +GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 +CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 @@ -23,12 +25,12 @@ CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3. **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information -CVE-2008-0172 VULNERABLE (boost) #428975 -CVE-2008-0171 VULNERABLE (boost) #428975 +CVE-2008-0172 VULNERABLE (boost) #428975 [since FEDORA-2008-0754] +CVE-2008-0171 VULNERABLE (boost) #428975 [since FEDORA-2008-0754] CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] -CVE-2008-0122 VULNERABLE (bind) #429149 +CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] -CVE-2008-0006 VULNERABLE (libXfont) #429132 +CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] @@ -58,18 +60,18 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] -CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 -CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 -CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 +CVE-2007-6429 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] +CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] +CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429732 CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982 -CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] -CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] -CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] +CVE-2007-6337 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] +CVE-2007-6336 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] +CVE-2007-6335 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6437 fixed (syslog-ng) #426306 [since FEDORA-2008-0523] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 @@ -124,7 +126,7 @@ CVE-2007-5964 backport (autofs) #409701 [since FEDORA-2007-4532] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] -CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 +CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows @@ -142,7 +144,7 @@ CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 +CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.88 retrieving revision 1.89 diff -u -r1.88 -r1.89 --- f9 22 Jan 2008 19:21:47 -0000 1.88 +++ f9 23 Jan 2008 18:59:44 -0000 1.89 @@ -7,7 +7,9 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 -GENERIC-MAP-NOMATCH fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] +GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429905 +GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 +CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.252 retrieving revision 1.253 diff -u -r1.252 -r1.253 --- fc7 22 Jan 2008 19:21:47 -0000 1.252 +++ fc7 23 Jan 2008 18:59:44 -0000 1.253 @@ -8,7 +8,9 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 -GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552 +GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429904 +GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 +CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] @@ -24,12 +26,12 @@ CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2 **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information -CVE-2008-0172 VULNERABLE (boost) #428974 -CVE-2008-0171 VULNERABLE (boost) #428974 +CVE-2008-0172 fixed (boost) #428974 [since FEDORA-2008-0880] +CVE-2008-0171 fixed (boost) #428974 [since FEDORA-2008-0880] CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] -CVE-2008-0122 VULNERABLE (bind) #429149 +CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] -CVE-2008-0006 VULNERABLE (libXfont) #429131 +CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] @@ -58,18 +60,18 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] -CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 -CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 -CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 +CVE-2007-6429 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] +CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] +CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429731 CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983 -CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] -CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] -CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] +CVE-2007-6337 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] +CVE-2007-6336 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] +CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6437 fixed (syslog-ng) #426305 [since FEDORA-2008-0559] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 @@ -124,7 +126,7 @@ CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] -CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 +CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows @@ -141,7 +143,7 @@ CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019] CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056] CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] -CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 +CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] From fedora-security-commits at redhat.com Thu Jan 24 07:36:01 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 24 Jan 2008 02:36:01 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.97, 1.98 f9, 1.89, 1.90 fc7, 1.253, 1.254 Message-ID: <200801240736.m0O7a17O006097@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6075/audit Modified Files: f8 f9 fc7 Log Message: note pulseaudio cve id Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.97 retrieving revision 1.98 diff -u -r1.97 -r1.98 --- f8 23 Jan 2008 18:59:44 -0000 1.97 +++ f8 24 Jan 2008 07:35:31 -0000 1.98 @@ -8,7 +8,6 @@ # Up to date F8 as of 20080111 GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429903 -GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] @@ -30,6 +29,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] +CVE-2008-0008 VULNERABLE (pulseaudio) #425481 CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.89 retrieving revision 1.90 diff -u -r1.89 -r1.90 --- f9 23 Jan 2008 18:59:44 -0000 1.89 +++ f9 24 Jan 2008 07:35:31 -0000 1.90 @@ -8,7 +8,6 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429905 -GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] @@ -30,6 +29,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0122 VULNERABLE (bind) #429534 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] +CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9] CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.253 retrieving revision 1.254 diff -u -r1.253 -r1.254 --- fc7 23 Jan 2008 18:59:44 -0000 1.253 +++ fc7 24 Jan 2008 07:35:31 -0000 1.254 @@ -9,7 +9,6 @@ # Up to date FC7 as of 20080111 GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429904 -GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] @@ -31,6 +30,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] +CVE-2008-0008 VULNERABLE (pulseaudio) #425481 CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] From fedora-security-commits at redhat.com Thu Jan 24 07:46:11 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 24 Jan 2008 02:46:11 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.98, 1.99 f9, 1.90, 1.91 fc7, 1.254, 1.255 Message-ID: <200801240746.m0O7kB0R006510@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6433/audit Modified Files: f8 f9 fc7 Log Message: note tomcat cve id, fix bug ids Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.98 retrieving revision 1.99 diff -u -r1.98 -r1.99 --- f8 24 Jan 2008 07:35:31 -0000 1.98 +++ f8 24 Jan 2008 07:45:41 -0000 1.99 @@ -7,7 +7,6 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 -GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429903 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] @@ -26,6 +25,7 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0172 VULNERABLE (boost) #428975 [since FEDORA-2008-0754] CVE-2008-0171 VULNERABLE (boost) #428975 [since FEDORA-2008-0754] +CVE-2008-0128 VULNERABLE (tomcat5) #429904 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.90 retrieving revision 1.91 diff -u -r1.90 -r1.91 --- f9 24 Jan 2008 07:35:31 -0000 1.90 +++ f9 24 Jan 2008 07:45:41 -0000 1.91 @@ -7,7 +7,6 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 -GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429905 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] @@ -26,6 +25,7 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0172 backport (boost) #428976 [since boost-1.34.1-7.fc9] CVE-2008-0171 backport (boost) #428976 [since boost-1.34.1-7.fc9] +CVE-2008-0128 VULNERABLE (tomcat5) #429905 CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0122 VULNERABLE (bind) #429534 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.254 retrieving revision 1.255 diff -u -r1.254 -r1.255 --- fc7 24 Jan 2008 07:35:31 -0000 1.254 +++ fc7 24 Jan 2008 07:45:41 -0000 1.255 @@ -8,7 +8,6 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 -GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429904 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] @@ -27,6 +26,7 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0172 fixed (boost) #428974 [since FEDORA-2008-0880] CVE-2008-0171 fixed (boost) #428974 [since FEDORA-2008-0880] +CVE-2008-0128 VULNERABLE (tomcat5) #429903 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] From fedora-security-commits at redhat.com Fri Jan 25 13:39:25 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 25 Jan 2008 08:39:25 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.99, 1.100 f9, 1.91, 1.92 fc7, 1.255, 1.256 Message-ID: <200801251339.m0PDdPdb028563@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28536/audit Modified Files: f8 f9 fc7 Log Message: add icu Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.99 retrieving revision 1.100 diff -u -r1.99 -r1.100 --- f8 24 Jan 2008 07:45:41 -0000 1.99 +++ f8 25 Jan 2008 13:38:55 -0000 1.100 @@ -191,6 +191,8 @@ CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281 CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] +CVE-2007-4771 VULNERABLE (icu) #430233 +CVE-2007-4770 VULNERABLE (icu) #430233 CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.91 retrieving revision 1.92 diff -u -r1.91 -r1.92 --- f9 24 Jan 2008 07:45:41 -0000 1.91 +++ f9 25 Jan 2008 13:38:55 -0000 1.92 @@ -184,6 +184,8 @@ CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364291 CVE-2007-4772 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] +CVE-2007-4771 backport (icu) [since icu-3.8.1-3.fc9] +CVE-2007-4770 backport (icu) [since icu-3.8.1-3.fc9] CVE-2007-4769 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-4575 version (openoffice.org, fixed 2.3.1) [since openoffice.org-2.3.1-9.1.fc9] CVE-2007-4752 version (openssh, fixed 4.7) #280461 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.255 retrieving revision 1.256 diff -u -r1.255 -r1.256 --- fc7 24 Jan 2008 07:45:41 -0000 1.255 +++ fc7 25 Jan 2008 13:38:55 -0000 1.256 @@ -237,6 +237,8 @@ CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189] CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196] CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] +CVE-2007-4771 VULNERABLE (icu) #430232 +CVE-2007-4770 VULNERABLE (icu) #430232 CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411 From fedora-security-commits at redhat.com Fri Jan 25 13:44:15 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 25 Jan 2008 08:44:15 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.100, 1.101 fc7, 1.256, 1.257 Message-ID: <200801251344.m0PDiFpG028710@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28682 Modified Files: f8 fc7 Log Message: pulseaudio fixed Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.100 retrieving revision 1.101 diff -u -r1.100 -r1.101 --- f8 25 Jan 2008 13:38:55 -0000 1.100 +++ f8 25 Jan 2008 13:43:45 -0000 1.101 @@ -29,7 +29,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] -CVE-2008-0008 VULNERABLE (pulseaudio) #425481 +CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.256 retrieving revision 1.257 diff -u -r1.256 -r1.257 --- fc7 25 Jan 2008 13:38:55 -0000 1.256 +++ fc7 25 Jan 2008 13:43:45 -0000 1.257 @@ -30,7 +30,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] -CVE-2008-0008 VULNERABLE (pulseaudio) #425481 +CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] From fedora-security-commits at redhat.com Fri Jan 25 14:28:14 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 25 Jan 2008 09:28:14 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.101, 1.102 f9, 1.92, 1.93 fc7, 1.257, 1.258 Message-ID: <200801251428.m0PESER3004429@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4376 Modified Files: f8 f9 fc7 Log Message: xdg-utils Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.101 retrieving revision 1.102 diff -u -r1.101 -r1.102 --- f8 25 Jan 2008 13:43:45 -0000 1.101 +++ f8 25 Jan 2008 14:27:44 -0000 1.102 @@ -8,6 +8,7 @@ # Up to date F8 as of 20080111 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] +CVE-2008-0386 VULNERABLE (xdg-utils) #429513 CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.92 retrieving revision 1.93 diff -u -r1.92 -r1.93 --- f9 25 Jan 2008 13:38:55 -0000 1.92 +++ f9 25 Jan 2008 14:27:44 -0000 1.93 @@ -8,6 +8,7 @@ # Up to date F9 as of 20071029 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] +CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.257 retrieving revision 1.258 diff -u -r1.257 -r1.258 --- fc7 25 Jan 2008 13:43:45 -0000 1.257 +++ fc7 25 Jan 2008 14:27:44 -0000 1.258 @@ -9,6 +9,7 @@ # Up to date FC7 as of 20080111 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] +CVE-2008-0386 VULNERABLE (xdg-utils) #429513 CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] From fedora-security-commits at redhat.com Sat Jan 26 17:29:33 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sat, 26 Jan 2008 12:29:33 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.102, 1.103 f9, 1.93, 1.94 fc7, 1.258, 1.259 Message-ID: <200801261729.m0QHTXf8027928@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27862/audit Modified Files: f8 f9 fc7 Log Message: add mediawiki Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.102 retrieving revision 1.103 diff -u -r1.102 -r1.103 --- f8 25 Jan 2008 14:27:44 -0000 1.102 +++ f8 26 Jan 2008 17:29:03 -0000 1.103 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 +CVE-2008-0460 VULNERABLE (mediawiki) #430288 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 VULNERABLE (xdg-utils) #429513 CVE-2008-0364 ignore (bittorrent) Windows only Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.93 retrieving revision 1.94 diff -u -r1.93 -r1.94 --- f9 25 Jan 2008 14:27:44 -0000 1.93 +++ f9 26 Jan 2008 17:29:03 -0000 1.94 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +CVE-2008-0460 VULNERABLE (mediawiki) #430289 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9] CVE-2008-0364 ignore (bittorrent) Windows only Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.258 retrieving revision 1.259 diff -u -r1.258 -r1.259 --- fc7 25 Jan 2008 14:27:44 -0000 1.258 +++ fc7 26 Jan 2008 17:29:03 -0000 1.259 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 +CVE-2008-0460 VULNERABLE (mediawiki) #430287 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 VULNERABLE (xdg-utils) #429513 CVE-2008-0364 ignore (bittorrent) Windows only From fedora-security-commits at redhat.com Sun Jan 27 11:26:43 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Sun, 27 Jan 2008 06:26:43 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.103, 1.104 f9, 1.94, 1.95 fc7, 1.259, 1.260 Message-ID: <200801271126.m0RBQhbD026154@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26124/audit Modified Files: f8 f9 fc7 Log Message: xine-lib cleanup fedora updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.103 retrieving revision 1.104 diff -u -r1.103 -r1.104 --- f8 26 Jan 2008 17:29:03 -0000 1.103 +++ f8 27 Jan 2008 11:26:13 -0000 1.104 @@ -9,7 +9,7 @@ CVE-2008-0460 VULNERABLE (mediawiki) #430288 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] -CVE-2008-0386 VULNERABLE (xdg-utils) #429513 +CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 @@ -17,8 +17,8 @@ CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485] CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485] CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0299] -**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) -CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) +CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since FEDORA-2008-0718] +CVE-2008-0225 version (xine-lib, fixed 1.1.9.1) [since FEDORA-2008-0718] **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) @@ -193,8 +193,8 @@ CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281 CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] -CVE-2007-4771 VULNERABLE (icu) #430233 -CVE-2007-4770 VULNERABLE (icu) #430233 +CVE-2007-4771 fixed (icu) #430233 [since FEDORA-2008-1036] +CVE-2007-4770 fixed (icu) #430233 [since FEDORA-2008-1036] CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.94 retrieving revision 1.95 diff -u -r1.94 -r1.95 --- f9 26 Jan 2008 17:29:03 -0000 1.94 +++ f9 27 Jan 2008 11:26:13 -0000 1.95 @@ -17,7 +17,7 @@ CVE-2008-0272 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] -**CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] +CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] CVE-2008-0225 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.259 retrieving revision 1.260 diff -u -r1.259 -r1.260 --- fc7 26 Jan 2008 17:29:03 -0000 1.259 +++ fc7 27 Jan 2008 11:26:13 -0000 1.260 @@ -10,7 +10,7 @@ CVE-2008-0460 VULNERABLE (mediawiki) #430287 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] -CVE-2008-0386 VULNERABLE (xdg-utils) #429513 +CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] @@ -18,7 +18,7 @@ CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333] -**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) +CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information @@ -239,8 +239,8 @@ CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189] CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196] CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] -CVE-2007-4771 VULNERABLE (icu) #430232 -CVE-2007-4770 VULNERABLE (icu) #430232 +CVE-2007-4771 fixed (icu) #430232 [since FEDORA-2008-1076] +CVE-2007-4770 fixed (icu) #430232 [since FEDORA-2008-1076] CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411 From fedora-security-commits at redhat.com Tue Jan 29 09:08:47 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 29 Jan 2008 04:08:47 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.104, 1.105 f9, 1.95, 1.96 fc7, 1.260, 1.261 Message-ID: <200801290908.m0T98ljE031160@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31137/audit Modified Files: f8 f9 fc7 Log Message: add comix Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.104 retrieving revision 1.105 diff -u -r1.104 -r1.105 --- f8 27 Jan 2008 11:26:13 -0000 1.104 +++ f8 29 Jan 2008 09:08:17 -0000 1.105 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 +GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 CVE-2008-0460 VULNERABLE (mediawiki) #430288 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.95 retrieving revision 1.96 diff -u -r1.95 -r1.96 --- f9 27 Jan 2008 11:26:13 -0000 1.95 +++ f9 29 Jan 2008 09:08:17 -0000 1.96 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 CVE-2008-0460 VULNERABLE (mediawiki) #430289 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.260 retrieving revision 1.261 diff -u -r1.260 -r1.261 --- fc7 27 Jan 2008 11:26:13 -0000 1.260 +++ fc7 29 Jan 2008 09:08:17 -0000 1.261 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 +GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 CVE-2008-0460 VULNERABLE (mediawiki) #430287 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] From fedora-security-commits at redhat.com Tue Jan 29 14:46:52 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 29 Jan 2008 09:46:52 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.105, 1.106 f9, 1.96, 1.97 fc7, 1.261, 1.262 Message-ID: <200801291446.m0TEkqxM013950@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13890/audit Modified Files: f8 f9 fc7 Log Message: SDL_image issues Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.105 retrieving revision 1.106 diff -u -r1.105 -r1.106 --- f8 29 Jan 2008 09:08:17 -0000 1.105 +++ f8 29 Jan 2008 14:46:22 -0000 1.106 @@ -8,6 +8,7 @@ # Up to date F8 as of 20080111 GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 +GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430694 ILBM overflow CVE-2008-0460 VULNERABLE (mediawiki) #430288 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] @@ -273,6 +274,7 @@ CVE-2006-5170 version (nss_ldap, fixed 183) CVE-2006-4573 version (screen, fixed 4.0.3) #212057 CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this. +CVE-2006-4484 VULNERABLE (SDL_image, fixed 1.2.7) #430241 CVE-2006-2894 version (firefox, fixed 2.0.0.8) CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511 CVE-2006-0987 ignore (bind) example config file only Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.96 retrieving revision 1.97 diff -u -r1.96 -r1.97 --- f9 29 Jan 2008 09:08:17 -0000 1.96 +++ f9 29 Jan 2008 14:46:22 -0000 1.97 @@ -8,6 +8,7 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 +GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430696 ILBM overflow CVE-2008-0460 VULNERABLE (mediawiki) #430289 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9] @@ -254,6 +255,7 @@ CVE-2006-5170 version (nss_ldap, fixed 183) CVE-2006-4573 version (screen, fixed 4.0.3) #212057 CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this. +CVE-2006-4484 backport (SDL_image, fixed 1.2.7) #430238 [since SDL_image-1.2.6-4.fc9] CVE-2006-2894 version (firefox, fixed 2.0.0.8) CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511 CVE-2006-0987 ignore (bind) example config file only Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.261 retrieving revision 1.262 diff -u -r1.261 -r1.262 --- fc7 29 Jan 2008 09:08:17 -0000 1.261 +++ fc7 29 Jan 2008 14:46:22 -0000 1.262 @@ -9,6 +9,7 @@ # Up to date FC7 as of 20080111 GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 +GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430695 ILBM overflow CVE-2008-0460 VULNERABLE (mediawiki) #430287 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] @@ -993,6 +994,7 @@ CVE-2006-4485 version (php, fixed 5.1.5) CVE-2006-4484 version (php, fixed 5.1.5) CVE-2006-4484 ignore (gd) +CVE-2006-4484 VULNERABLE (SDL_image, fixed 1.2.7) #430239 CVE-2006-4483 ignore (php) not linux CVE-2006-4482 version (php, fixed 5.1.5) CVE-2006-4481 ignore (php) safe mode isn't safe From fedora-security-commits at redhat.com Wed Jan 30 11:33:49 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 30 Jan 2008 06:33:49 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.106, 1.107 f9, 1.97, 1.98 fc7, 1.262, 1.263 Message-ID: <200801301133.m0UBXnEI016711@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16544/audit Modified Files: f8 f9 fc7 Log Message: add / update xine-lib Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.106 retrieving revision 1.107 diff -u -r1.106 -r1.107 --- f8 29 Jan 2008 14:46:22 -0000 1.106 +++ f8 30 Jan 2008 11:33:18 -0000 1.107 @@ -9,6 +9,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430694 ILBM overflow +GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043] CVE-2008-0460 VULNERABLE (mediawiki) #430288 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.97 retrieving revision 1.98 diff -u -r1.97 -r1.98 --- f9 29 Jan 2008 14:46:22 -0000 1.97 +++ f9 30 Jan 2008 11:33:18 -0000 1.98 @@ -9,6 +9,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430696 ILBM overflow +GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] CVE-2008-0460 VULNERABLE (mediawiki) #430289 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.262 retrieving revision 1.263 diff -u -r1.262 -r1.263 --- fc7 29 Jan 2008 14:46:22 -0000 1.262 +++ fc7 30 Jan 2008 11:33:18 -0000 1.263 @@ -10,6 +10,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430695 ILBM overflow +GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047] CVE-2008-0460 VULNERABLE (mediawiki) #430287 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] @@ -20,8 +21,8 @@ CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333] -CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) -CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) +CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since FEDORA-2008-1047] +CVE-2008-0225 version (xine-lib, fixed 1.1.9.1) [since FEDORA-2008-1047] **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) From fedora-security-commits at redhat.com Wed Jan 30 11:53:10 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 30 Jan 2008 06:53:10 -0500 Subject: [Fedora-security-commits] fedora-security/audit f8, 1.107, 1.108 f9, 1.98, 1.99 fc7, 1.263, 1.264 Message-ID: <200801301153.m0UBrAgF021719@cvs-int.fedora.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21542/audit Modified Files: f8 f9 fc7 Log Message: add deluge, rb_libtorrent Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.107 retrieving revision 1.108 diff -u -r1.107 -r1.108 --- f8 30 Jan 2008 11:33:18 -0000 1.107 +++ f8 30 Jan 2008 11:52:40 -0000 1.108 @@ -10,6 +10,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430694 ILBM overflow GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043] +GENERIC-MAP-NOMATCH VULNERABLE (deluge, fixed 0.5.8.3) +GENERIC-MAP-NOMATCH VULNERABLE (rb_libtorrent) CVE-2008-0460 VULNERABLE (mediawiki) #430288 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.98 retrieving revision 1.99 diff -u -r1.98 -r1.99 --- f9 30 Jan 2008 11:33:18 -0000 1.98 +++ f9 30 Jan 2008 11:52:40 -0000 1.99 @@ -8,8 +8,10 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 -GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430696 ILBM overflow +GENERIC-MAP-NOMATCH backport (SDL_image) #430696 ILBM overflow [since SDL_image-1.2.6-5.fc9] GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] +GENERIC-MAP-NOMATCH version (deluge, fixed 0.5.8.3) [since deluge-0.5.8.3-1.fc9] +GENERIC-MAP-NOMATCH backport (rb_libtorrent) [since rb_libtorrent-0.12-3.fc9] CVE-2008-0460 VULNERABLE (mediawiki) #430289 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.263 retrieving revision 1.264 diff -u -r1.263 -r1.264 --- fc7 30 Jan 2008 11:33:18 -0000 1.263 +++ fc7 30 Jan 2008 11:52:40 -0000 1.264 @@ -11,6 +11,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430695 ILBM overflow GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047] +GENERIC-MAP-NOMATCH VULNERABLE (deluge, fixed 0.5.8.3) +GENERIC-MAP-NOMATCH VULNERABLE (rb_libtorrent) CVE-2008-0460 VULNERABLE (mediawiki) #430287 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015]