[Fedora-security-commits] fedora-security/audit f10, 1.11, 1.12 f8, 1.229, 1.230 f9, 1.219, 1.220

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Fri Jul 25 15:29:55 UTC 2008 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32363/audit

Modified Files:
	f10 f8 f9 
Log Message:
commit changes after some long time...



Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- f10	14 Jul 2008 06:44:55 -0000	1.11
+++ f10	25 Jul 2008 15:29:25 -0000	1.12
@@ -4,6 +4,24 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
 
+CVE-2008-3294 ignore (vim) build-time tmp file usage
+CVE-2008-3264 ignore (asterisk) AST-2008-011 - 1.6.x not affected
+CVE-2008-3263 ignore (asterisk) AST-2008-010 - 1.6.x not affected
+CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
+CVE-2008-3252 backport (newsx) [since newsx-1.6-9.fc10] 
+CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
+CVE-2008-3231 VULNERABLE (xine-lib) 
+CVE-2008-3223 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10] 
+CVE-2008-3222 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10] 
+CVE-2008-3221 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10] 
+CVE-2008-3220 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10] 
+CVE-2008-3219 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10] 
+CVE-2008-3218 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10] 
+CVE-2008-3217 version (pdns-recursor, fixed 3.1.6) [since pdns-recursor-3.1.6-1.fc10] 
+CVE-2008-3215 version (clamav, fixed 0.93.3) [since clamav-0.93.3-1.fc10] 
+CVE-2008-3198 VULNERABLE (firefox, fixed 3.0.1) 
+CVE-2008-3197 version (phpMyAdmin, fixed 2.11.7.1) [since phpMyAdmin-2.11.7.1-1.fc10] 
+CVE-2008-3196 backport (byacc) [since byacc-1.9.20070509-4.fc10] 
 CVE-2008-3145 version (wireshark, fixed 1.0.2) [since wireshark-1.0.2-1.fc10] 
 CVE-2008-3141 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] 
 CVE-2008-3140 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] 
@@ -17,34 +35,45 @@
 CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10]
 CVE-2008-2950 VULNERABLE (poppler) #454290 
 CVE-2008-2942 VULNERABLE (mercurial) 
+CVE-2008-2933 VULNERABLE (firefox, fixed 3.0.1) 
 CVE-2008-2841 ignore (xchat) windows-only, IE bug
 CVE-2008-2827 backport (perl) #452642 [since perl-5.10.0-28.fc10]
 CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2811 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2811 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] 
 CVE-2008-2810 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2810 VULNERABLE (seamonkey, fixed 1.1.10) 
 CVE-2008-2809 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2809 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2809 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] 
 CVE-2008-2808 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2808 VULNERABLE (seamonkey, fixed 1.1.10) 
 CVE-2008-2807 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2807 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2807 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] 
 CVE-2008-2806 ignore (firefox, fixed 3.0) Mac OS X specific
 CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
 CVE-2008-2805 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2805 VULNERABLE (seamonkey, fixed 1.1.10) 
 CVE-2008-2803 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2803 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2803 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] 
 CVE-2008-2802 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2802 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2802 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] 
 CVE-2008-2801 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2801 VULNERABLE (seamonkey, fixed 1.1.10) 
 CVE-2008-2800 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2800 VULNERABLE (seamonkey, fixed 1.1.10) 
 CVE-2008-2799 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2799 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2799 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] 
 CVE-2008-2798 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
 CVE-2008-2798 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2798 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] 
+CVE-2008-2785 VULNERABLE (seamonkey, fixed 1.1.11) 
+CVE-2008-2785 VULNERABLE (firefox, fixed 3.0.1) 
+CVE-2008-2785 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] 
 CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
 CVE-2008-2726 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
@@ -121,9 +150,10 @@
 CVE-2008-1672 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10]
 CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10]
 CVE-2008-1502 version (moodle, fixed 1.9) 
-CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 
+CVE-2008-1488 version (php-pecl-apc) #438848 [since php-pecl-apc-3.0.19-1.fc10]
 CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) 
-CVE-2008-1447 VULNERABLE (bind) #454477 
+CVE-2008-1447 version (bind) #454477 [since bind-9.5.1-0.1.b1.fc10)]
+CVE-2008-1447 version (dnssec-tools) [since dnssec-tools-1.4.1-2.fc10] 
 CVE-2008-1423 backport (libvorbis) #446344  [since libvorbis-1.2.0-4.fc10]
 CVE-2008-1420 backport (libvorbis) #446344  [since libvorbis-1.2.0-4.fc10]
 CVE-2008-1419 backport (libvorbis) #446344  [since libvorbis-1.2.0-4.fc10]
@@ -154,9 +184,9 @@
 CVE-2007-5907 VULNERABLE (xen) #390121
 CVE-2007-5906 VULNERABLE (xen) #390121
 CVE-2007-5803 version (nagios, fixed 2.12) #446383 [since nagios-2.12-3.fc10]
-CVE-2007-5615 backport (jetty) [since jetty-5.1.14-1jpp.1.fc10] 
-CVE-2007-5614 backport (jetty) [since jetty-5.1.14-1jpp.1.fc10] 
-CVE-2007-5613 backport (jetty) [since jetty-5.1.14-1jpp.1.fc10] 
+CVE-2007-5615 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] 
+CVE-2007-5614 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] 
+CVE-2007-5613 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] 
 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
 CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.


Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.229
retrieving revision 1.230
diff -u -r1.229 -r1.230
--- f8	14 Jul 2008 06:44:55 -0000	1.229
+++ f8	25 Jul 2008 15:29:25 -0000	1.230
@@ -6,12 +6,29 @@
 
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
-CVE-2008-3145 VULNERABLE (wireshark, fixed 1.0.1) 
-CVE-2008-3141 VULNERABLE (wireshark, fixed 1.0.2) 
-CVE-2008-3140 VULNERABLE (wireshark, fixed 1.0.1) 
-CVE-2008-3139 VULNERABLE (wireshark, fixed 1.0.1) 
-CVE-2008-3138 VULNERABLE (wireshark, fixed 1.0.1) 
-CVE-2008-3137 VULNERABLE (wireshark, fixed 1.0.1) 
+CVE-2008-3294 ignore (vim) build-time tmp file usage
+CVE-2008-3264 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-011
+CVE-2008-3263 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-010
+CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
+CVE-2008-3252 fixed (newsx) [since FEDORA-2008-6319] 
+CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
+CVE-2008-3231 VULNERABLE (xine-lib) 
+CVE-2008-3223 ignore (drupal) 6.x only
+CVE-2008-3222 fixed (drupal, fixed 5.8) [since FEDORA-2008-6411] 
+CVE-2008-3221 ignore (drupal) 6.x only
+CVE-2008-3220 fixed (drupal, fixed 5.8) [since FEDORA-2008-6411] 
+CVE-2008-3219 fixed (drupal, fixed 5.8) [since FEDORA-2008-6411] 
+CVE-2008-3218 ignore (drupal) 6.x only
+CVE-2008-3217 VULNERABLE (pdns-recursor, fixed 3.1.6) 
+CVE-2008-3215 fixed (clamav, fixed 0.93.3) [since FEDORA-2008-6422] 
+CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6450] 
+CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6429] 
+CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] 
+CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6645] 
+CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] 
+CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] 
+CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] 
+CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] 
 CVE-2008-3067 VULNERABLE (sudo, fixed 1.6.9p12) 
 CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5640] PMASA-2008-4
 CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] 
@@ -19,34 +36,45 @@
 CVE-2008-2952 fixed (openldap) #453726 [since FEDORA-2008-6029] 
 CVE-2008-2950 VULNERABLE (poppler) #454288 
 CVE-2008-2942 VULNERABLE (mercurial) 
+CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] 
 CVE-2008-2841 ignore (xchat) windows-only, IE bug
 CVE-2008-2827 ignore (perl) perl 5.10 only
 CVE-2008-2811 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2811 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
+CVE-2008-2811 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2810 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2810 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
 CVE-2008-2809 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2809 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
+CVE-2008-2809 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2808 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2808 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
 CVE-2008-2807 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2807 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
+CVE-2008-2807 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2806 ignore (firefox, fixed 2.0.0.15) Mac OS X specific
 CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
 CVE-2008-2805 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2805 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
 CVE-2008-2803 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2803 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
+CVE-2008-2803 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2802 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2802 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
+CVE-2008-2802 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2801 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2801 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
 CVE-2008-2800 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2800 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
 CVE-2008-2799 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2799 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
+CVE-2008-2799 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2798 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2798 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
+CVE-2008-2798 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
+CVE-2008-2785 fixed (seamonkey, fixed 1.1.11) [since FEDORA-2008-6517] 
+CVE-2008-2785 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] 
+CVE-2008-2785 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2783 VULNERABLE (kronolith) 
 CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
@@ -58,7 +86,7 @@
 CVE-2008-2721 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5479] 
 CVE-2008-2720 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5479] 
 CVE-2008-2719 ignore (nasm, fixed 2.03.01) not affected
-CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1) 
+CVE-2008-2713 fixed (clamav, fixed 0.93.1) [since FEDORA-2008-6422] 
 CVE-2008-2711 VULNERABLE (fetchmail, fixed 6.3.9) crash only in verbose mode
 CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
 CVE-2008-2664 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 [since FEDORA-2008-5649] 
@@ -74,7 +102,7 @@
 CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140] 
 CVE-2008-2371 fixed (pcre) #453555 [since FEDORA-2008-6111] 
 CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025] 
-CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #454423 
+CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #454423 [since FEDORA-2008-6314] 
 CVE-2008-2363 VULNERABLE (pan) #449333 
 CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-2361 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
@@ -178,7 +206,7 @@
 CVE-2008-1532 version (Perlbal, fixed 1.70) #439056 [since FEDORA-2008-2778] 
 CVE-2008-1531 fixed (lighttpd) #439068 [since FEDORA-2008-3376] 
 CVE-2008-1502 fixed (moodle, fixed 1.8.5) #454247 [since FEDORA-2008-6226] 
-CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847 
+CVE-2008-1488 fixed (php-pecl-apc) #438847 [since FEDORA-2008-6344] 
 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
 CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849] 
 CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) 
@@ -186,6 +214,7 @@
 CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767] 
 CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] 
 CVE-2008-1447 fixed (bind) #454475 [since FEDORA-2008-6281] 
+CVE-2008-1447 fixed (dnssec-tools) [since FEDORA-2008-6691] 
 CVE-2008-1423 fixed (libvorbis) #446342 [since FEDORA-2008-3934] 
 CVE-2008-1420 fixed (libvorbis) #446342 [since FEDORA-2008-3934] 
 CVE-2008-1419 fixed (libvorbis) #446342 [since FEDORA-2008-3934] 


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.219
retrieving revision 1.220
diff -u -r1.219 -r1.220
--- f9	14 Jul 2008 06:44:55 -0000	1.219
+++ f9	25 Jul 2008 15:29:25 -0000	1.220
@@ -5,12 +5,30 @@
 # (mozilla) = (gecko-libs dependent stuff)
 
 rhbz249840 version (tor, fixed 0.1.2.15)
-CVE-2008-3145 VULNERABLE (wireshark, fixed 1.0.1) [since wireshark-1.0.2-1.fc9] 
-CVE-2008-3141 VULNERABLE (wireshark, fixed 1.0.2) [since wireshark-1.0.2-1.fc9] 
-CVE-2008-3140 VULNERABLE (wireshark, fixed 1.0.1) [since wireshark-1.0.2-1.fc9] 
-CVE-2008-3139 VULNERABLE (wireshark, fixed 1.0.1) [since wireshark-1.0.2-1.fc9] 
-CVE-2008-3138 VULNERABLE (wireshark, fixed 1.0.1) [since wireshark-1.0.2-1.fc9] 
-CVE-2008-3137 VULNERABLE (wireshark, fixed 1.0.1) [since wireshark-1.0.2-1.fc9] 
+CVE-2008-3294 ignore (vim) build-time tmp file usage
+CVE-2008-3264 ignore (asterisk) AST-2008-011 - 1.6.x not affected
+CVE-2008-3263 ignore (asterisk) AST-2008-010 - 1.6.x not affected
+CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
+CVE-2008-3252 fixed (newsx) [since FEDORA-2008-6321] 
+CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
+CVE-2008-3231 VULNERABLE (xine-lib) 
+CVE-2008-3223 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415] 
+CVE-2008-3222 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415] 
+CVE-2008-3221 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415] 
+CVE-2008-3220 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415] 
+CVE-2008-3219 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415] 
+CVE-2008-3218 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415] 
+CVE-2008-3217 VULNERABLE (pdns-recursor, fixed 3.1.6) 
+CVE-2008-3215 fixed (clamav, fixed 0.93.3) [since FEDORA-2008-6338] 
+CVE-2008-3198 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] 
+CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6502] 
+CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6414] 
+CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] 
+CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6440] 
+CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] 
+CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] 
+CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] 
+CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] 
 CVE-2008-3067 version (sudo, fixed 1.6.9p12) 
 CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5676] PMASA-2008-4
 CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018] 
@@ -18,34 +36,45 @@
 CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062] 
 CVE-2008-2950 VULNERABLE (poppler) #454289 
 CVE-2008-2942 VULNERABLE (mercurial) 
+CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] 
 CVE-2008-2841 ignore (xchat) windows-only, IE bug
 CVE-2008-2827 fixed (perl) #452641 [since FEDORA-2008-5739] 
 CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2811 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
+CVE-2008-2811 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2810 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2810 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
 CVE-2008-2809 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2809 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
+CVE-2008-2809 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2808 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2808 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
 CVE-2008-2807 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2807 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
+CVE-2008-2807 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2806 ignore (firefox, fixed 3.0) Mac OS X specific
 CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
 CVE-2008-2805 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2805 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
 CVE-2008-2803 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2803 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
+CVE-2008-2803 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2802 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2802 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
+CVE-2008-2802 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2801 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2801 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
 CVE-2008-2800 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2800 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
 CVE-2008-2799 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2799 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
+CVE-2008-2799 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2798 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2798 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
+CVE-2008-2798 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
+CVE-2008-2785 fixed (seamonkey, fixed 1.1.11) [since FEDORA-2008-6519] 
+CVE-2008-2785 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] 
+CVE-2008-2785 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
 CVE-2008-2726 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 [since FEDORA-2008-5664] 
@@ -72,7 +101,7 @@
 CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452821 [since FEDORA-2008-6133] 
 CVE-2008-2371 fixed (pcre) #453556 [since FEDORA-2008-6110] 
 CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048] 
-CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #447311 
+CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393] 
 CVE-2008-2363 VULNERABLE (pan) #449334 
 CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-2361 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
@@ -157,7 +186,7 @@
 CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
 CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9]
 CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3]
-CVE-2008-1678 VULNERABLE (httpd) #447311 only affects systems with openssl >= 0.9.8e
+CVE-2008-1678 VULNERABLE (httpd) #447311 [since FEDORA-2008-6393] only affects systems with openssl >= 0.9.8e
 CVE-2008-1677 version (fedora-ds-base, fixed 1.1.1) #445810 [since FEDORA-2008-4884]
 CVE-2008-1672 fixed (openssl, fixed 0.9.8h) #448690 [since FEDORA-2008-4723] 
 CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped
@@ -178,7 +207,7 @@
 CVE-2008-1532 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9]
 CVE-2008-1531 fixed (lighttpd) #439069 [since FEDORA-2008-4119] 
 CVE-2008-1502 version (moodle, fixed 1.9) 
-CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 
+CVE-2008-1488 fixed (php-pecl-apc) #455166 [since FEDORA-2008-6401] 
 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
 CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9]
 CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) 
@@ -186,6 +215,7 @@
 CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9]
 CVE-2008-1467 fixed (centerim) #438871
 CVE-2008-1447 fixed (bind) #454476 [since FEDORA-2008-6256] 
+CVE-2008-1447 fixed (dnssec-tools) [since FEDORA-2008-6703] 
 CVE-2008-1423 fixed (libvorbis) #446343 [since FEDORA-2008-3910] 
 CVE-2008-1420 fixed (libvorbis) #446343 [since FEDORA-2008-3910] 
 CVE-2008-1419 fixed (libvorbis) #446343 [since FEDORA-2008-3910] 
@@ -523,9 +553,9 @@
 CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
 CVE-2007-5624 version (nagios, fixed 2.10) #362811 [since nagios-2.10-3.fc9]
 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731
-CVE-2007-5615 VULNERABLE (jetty) [since jetty-5.1.14-1jpp.1.fc9] 
-CVE-2007-5614 VULNERABLE (jetty) [since jetty-5.1.14-1jpp.1.fc9] 
-CVE-2007-5613 VULNERABLE (jetty) [since jetty-5.1.14-1jpp.1.fc9] 
+CVE-2007-5615 fixed (jetty) [since FEDORA-2008-6141] 
+CVE-2007-5614 fixed (jetty) [since FEDORA-2008-6141] 
+CVE-2007-5613 fixed (jetty) [since FEDORA-2008-6141] 
 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
 CVE-2007-5503 version (cairo, fixed 1.4.12) [since cairo-1.5.4-1.fc9] 
 CVE-2007-5497 backport (e2fsprogs) #414591 [since e2fsprogs-1.40.2-14.fc9]

More information about the Fedora-security-commits mailing list