[Fedora-security-commits] fedora-security/audit f10, 1.5, 1.6 f8, 1.223, 1.224 f9, 1.213, 1.214 fc7, 1.379, 1.380
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Fri Jun 13 18:29:42 UTC 2008
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f10, 1.4, 1.5 f8, 1.222, 1.223 f9, 1.212, 1.213 fc7, 1.378, 1.379
- Next message (by thread): [Fedora-security-commits] fedora-security/tools/lib/Libexig Fedora.pm, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14360/audit
Modified Files:
f10 f8 f9 fc7
Log Message:
another week of issues
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- f10 6 Jun 2008 19:59:59 -0000 1.5
+++ f10 13 Jun 2008 18:29:09 -0000 1.6
@@ -4,19 +4,28 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-2575 version (cbrpager) [since cbrpager-0.9.17-2.fc10]
CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10]
CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
CVE-2008-2363 VULNERABLE (pan) #449335
+CVE-2008-2362 VULNERABLE (xorg-x11-server) #450927
+CVE-2008-2361 VULNERABLE (xorg-x11-server) #450927
+CVE-2008-2360 VULNERABLE (xorg-x11-server) #450927
CVE-2008-2359 ignore (system-config-network) F8 specific issue
CVE-2008-2357 fixed (mtr, fixed 0.73)
CVE-2008-2302 version (Django, fixed 0.96.2) #447260 [since Django-0.96.2-1.fc10]
+CVE-2008-2292 backport (net-snmp, fixed 5.4.2.pre1) [since net-snmp-5.4.1-19.fc10]
CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2168 ignore (httpd) browser issue, not apache
+CVE-2008-2152 version (openoffice.org, fixed 2.4.1) [since openoffice.org-3.0.0-0.0.17.1.fc10]
CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
+CVE-2008-2108 VULNERABLE (php, fixed 5.2.6)
+CVE-2008-2107 VULNERABLE (php, fixed 5.2.6)
CVE-2008-2085 VULNERABLE (sipp) #446222
CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804
+CVE-2008-2051 VULNERABLE (php, fixed 5.2.6)
CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10]
CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
@@ -31,6 +40,9 @@
CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10]
CVE-2008-1926 backport (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9]
CVE-2008-1836 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
+CVE-2008-1808 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10]
+CVE-2008-1807 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10]
+CVE-2008-1806 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10]
CVE-2008-1804 version (snort, fixed 2.8.1) [since snort-2.8.1-3.fc10]
CVE-2008-1803 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10]
CVE-2008-1802 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10]
@@ -49,26 +61,30 @@
CVE-2008-1387 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
CVE-2008-1382 version (libpng, fixed 1.2.27) [since libpng-1.2.29-1.fc10]
CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10]
+CVE-2008-1379 VULNERABLE (xorg-x11-server) #450927
+CVE-2008-1377 VULNERABLE (xorg-x11-server) #450927
CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9]
CVE-2008-1109 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
CVE-2008-1108 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
-CVE-2008-1105 VULNERABLE (samba, fixed 3.0.30)
+CVE-2008-1105 version (samba, fixed 3.0.30) [since samba-3.2.0-1.rc2.16.fc10]
CVE-2008-1103 VULNERABLE (blender) not fixed upstream
CVE-2008-1100 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
CVE-2008-1078 backport (am-utils) #437746 [since am-utils-6.1.5-10.fc10]
CVE-2008-1033 version (cups, fixed 1.3.7) [since cups-1.3.7-1.fc9]
+CVE-2008-0960 backport (net-snmp, fixed 5.4.1.1) [since net-snmp-5.4.1-19.fc10]
CVE-2008-0891 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10]
+CVE-2008-0599 VULNERABLE (php, fixed 5.2.6)
CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10]
CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
CVE-2008-0166 ignore (openssl) Debian specific
CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9]
-CVE-2007-6321 VULNERABLE (roundcubemail) #423301
+CVE-2007-6321 version (roundcubemail) #423301 [since roundcubemail-0.2-0.alpha.fc10]
CVE-2007-6318 VULNERABLE (wordpress) #426434
CVE-2007-6131 VULNERABLE (scanbuttond)
CVE-2007-5962 fixed (vsftpd) [since vsftpd-2.0.6-4.fc10]
CVE-2007-5907 VULNERABLE (xen) #390121
CVE-2007-5906 VULNERABLE (xen) #390121
-CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446383
+CVE-2007-5803 version (nagios, fixed 2.12) #446383 [since nagios-2.12-3.fc10]
CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.223
retrieving revision 1.224
diff -u -r1.223 -r1.224
--- f8 6 Jun 2008 19:59:59 -0000 1.223
+++ f8 13 Jun 2008 18:29:09 -0000 1.224
@@ -6,25 +6,35 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4528]
CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4842]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
CVE-2008-2363 VULNERABLE (pan) #449333
+CVE-2008-2362 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279]
+CVE-2008-2361 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279]
+CVE-2008-2360 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279]
CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633]
CVE-2008-2357 fixed (mtr, fixed 0.73)
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248]
+CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5218]
CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2168 ignore (httpd) browser issue, not apache
+CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) #450650 [since FEDORA-2008-5247]
CVE-2008-2146 version (wordpress, fixed 2.2.3)
CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
CVE-2008-2109 fixed (libid3tag) #445814 [since FEDORA-2008-3976]
+CVE-2008-2108 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864]
+CVE-2008-2107 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864]
CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442]
CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442]
CVE-2008-2085 VULNERABLE (sipp) #446220
CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445805
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]
+CVE-2008-2051 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864]
+CVE-2008-2050 ignore (php, fixed 5.2.6)
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-3.fc8]
CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
@@ -32,7 +42,7 @@
CVE-2008-2000 ignore (WebKit) browser DoS
CVE-2008-1999 VULNERABLE (WebKit)
CVE-2008-1996 fixed (licq, fixed 1.3.6) #445238 [since FEDORA-2008-3969]
-CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 [since FEDORA-2008-3543]
+CVE-2008-1974 fixed (kronolith, fixed 3.1.8) #444404 [since FEDORA-2008-3543]
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3501]
CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
@@ -55,6 +65,9 @@
CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420]
+CVE-2008-1808 VULNERABLE (freetype, fixed 2.3.6) #451212
+CVE-2008-1807 VULNERABLE (freetype, fixed 2.3.6) #451212
+CVE-2008-1806 VULNERABLE (freetype, fixed 2.3.6) #451212
CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5001]
CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917]
CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917]
@@ -106,12 +119,15 @@
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554]
CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420]
+CVE-2008-1384 ignore (php, fixed 5.2.6)
CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4847]
CVE-2008-1382 fixed (libpng10) [since FEDORA-2008-3937]
CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444436 [since FEDORA-2008-3462]
CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264]
CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557]
+CVE-2008-1379 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279]
+CVE-2008-1377 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279]
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131]
CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
@@ -184,6 +200,7 @@
CVE-2008-1011 version (WebKit) [since FEDORA-2008-3229]
CVE-2008-1010 version (WebKit) [since FEDORA-2008-3229]
CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262]
+CVE-2008-0960 fixed (net-snmp, fixed 5.4.1.1) [since FEDORA-2008-5218]
CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped...
CVE-2008-0928 fixed (qemu) #433561 [since FEDORA-2008-2001]
@@ -210,6 +227,7 @@
CVE-2008-0658 fixed (openldap) #432012 [since FEDORA-2008-1616]
CVE-2008-0646 fixed (deluge, fixed 0.5.8.3) [since FEDORA-2008-1287]
CVE-2008-0646 fixed (rb_libtorrent) [since FEDORA-2008-1198]
+CVE-2008-0599 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864]
CVE-2008-0597 version (cups) only old CUPS versions affected
CVE-2008-0596 version (cups) only old CUPS versions affected
CVE-2008-0595 backport (dbus, fixed 1.1.20) [since FEDORA-2008-2070]
@@ -417,11 +435,14 @@
CVE-2007-5906 VULNERABLE (xen) #390111
CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5901 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
+CVE-2007-5900 ignore (php, fixed 5.2.5)
+CVE-2007-5899 VULNERABLE (php, fixed 5.2.5) [since FEDORA-2008-3864]
+CVE-2007-5898 VULNERABLE (php, fixed 5.2.5) [since FEDORA-2008-3864]
CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
CVE-2007-5848 version (cups, fixed 1.2.0)
CVE-2007-5846 version (net-snmp, fixed 5.4.1)
-CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446381
+CVE-2007-5803 VULNERABLE (nagios, fixed 2.12) #446381
CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760]
@@ -474,10 +495,17 @@
CVE-2007-5000 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
CVE-2007-4999 version (pidgin, fixed 2.2.2)
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
+CVE-2007-4887 ignore (php, fixed 5.2.5)
CVE-2007-4879 version (firefox, fixed 2.0.0.13)
CVE-2007-4879 version (seamonkey, fixed 1.1.9)
+CVE-2007-4850 ignore (php, fixed 5.2.6)
CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway
+CVE-2007-4840 ignore (php, fixed 5.2.5)
CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281
+CVE-2007-4825 ignore (php, fixed 5.2.5)
+CVE-2007-4784 ignore (php, fixed 5.2.5)
+CVE-2007-4783 ignore (php, fixed 5.2.5)
+CVE-2007-4782 VULNERABLE (php, fixed 5.2.5) [since FEDORA-2008-3864]
CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478]
CVE-2007-4771 fixed (icu) #430233 [since FEDORA-2008-1036]
CVE-2007-4770 fixed (icu) #430233 [since FEDORA-2008-1036]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.213
retrieving revision 1.214
diff -u -r1.213 -r1.214
--- f9 6 Jun 2008 19:59:59 -0000 1.213
+++ f9 13 Jun 2008 18:29:10 -0000 1.214
@@ -5,25 +5,35 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4501]
CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
CVE-2008-2363 VULNERABLE (pan) #449334
+CVE-2008-2362 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254]
+CVE-2008-2361 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254]
+CVE-2008-2360 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254]
CVE-2008-2359 ignore (system-config-network) F8 specific issue
CVE-2008-2357 fixed (mtr, fixed 0.73)
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267]
+CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5215]
CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2168 ignore (httpd) browser issue, not apache
+CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) [since FEDORA-2008-5143]
CVE-2008-2146 version (wordpress, fixed 2.2.3)
CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
CVE-2008-2109 fixed (libid3tag) #445815 [since FEDORA-2008-3757]
+CVE-2008-2108 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606]
+CVE-2008-2107 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606]
CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668]
CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668]
CVE-2008-2085 VULNERABLE (sipp) #446221
CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9]
+CVE-2008-2051 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606]
+CVE-2008-2050 ignore (php, fixed 5.2.6)
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc9]
CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
@@ -56,6 +66,9 @@
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9]
CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9]
+CVE-2008-1808 VULNERABLE (freetype, fixed 2.3.6) #451213
+CVE-2008-1807 VULNERABLE (freetype, fixed 2.3.6) #451213
+CVE-2008-1806 VULNERABLE (freetype, fixed 2.3.6) #451213
CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5045]
CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886]
CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886]
@@ -107,12 +120,15 @@
CVE-2008-1394 ignore (plone)
CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9]
CVE-2008-1387 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900]
+CVE-2008-1384 ignore (php, fixed 5.2.6)
CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4910]
CVE-2008-1382 fixed (libpng10) [since FEDORA-2008-3683]
CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444437 [since FEDORA-2008-3601]
CVE-2008-1380 version (firefox, fixed 2.0.0.14)
CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9]
CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
+CVE-2008-1379 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254]
+CVE-2008-1377 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254]
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9]
CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
@@ -183,6 +199,7 @@
CVE-2008-1011 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9]
CVE-2008-1010 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9]
CVE-2008-0983 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
+CVE-2008-0960 fixed (net-snmp, fixed 5.4.1.1) [since FEDORA-2008-5215]
CVE-2008-0947 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0932 backport (sword) #433726 [since sword-1.5.10-3.fc9] why? diatheke.pl is not shipped...
CVE-2008-0928 backport (qemu) #433563 [since qemu-0.9.1-3.fc9]
@@ -207,6 +224,7 @@
CVE-2008-0658 backport (openldap) #432014 [since openldap-2.4.7-7.fc9]
CVE-2008-0646 version (deluge, fixed 0.5.8.3) [since deluge-0.5.8.3-1.fc9]
CVE-2008-0646 backport (rb_libtorrent) [since rb_libtorrent-0.12-3.fc9]
+CVE-2008-0599 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606]
CVE-2008-0597 version (cups) only old CUPS versions affected
CVE-2008-0596 version (cups) only old CUPS versions affected
CVE-2008-0595 version (dbus, fixed 1.1.20) [since dbus-1.1.20-1.fc9]
@@ -224,7 +242,7 @@
CVE-2008-0554 version (netpbm, fixed 10.27)
CVE-2008-0553 backport (perl-Tk) #431529 [since perl-Tk-804.028-3.fc9]
CVE-2008-0553 backport (tk, fixed 8.5.1) [since tk-8.5.0-4.fc9]
-CVE-2008-0553 VULNERABLE (tkimg) #444872
+CVE-2008-0553 fixed (tkimg) #444872 [since FEDORA-2008-3621]
CVE-2008-0544 backport (SDL_image) #430696 ILBM overflow [since SDL_image-1.2.6-5.fc9]
CVE-2008-0486 version (xine-lib, fixed 1.1.10.1) #431544 [since xine-lib-1.1.10.1-1.fc9]
CVE-2008-0460 version (mediawiki) #430289 [since mediawiki-1.10.4-38.fc9]
@@ -413,11 +431,12 @@
CVE-2007-5906 VULNERABLE (xen) #390121
CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5901 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
+CVE-2007-5900 ignore (php, fixed 5.2.5)
CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9]
CVE-2007-5848 version (cups, fixed 1.2.0)
CVE-2007-5846 version (net-snmp, fixed 5.4.1)
-CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446382
+CVE-2007-5803 VULNERABLE (nagios, fixed 2.12) #446382
CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]
CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1]
CVE-2007-5760 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9]
@@ -464,9 +483,15 @@
CVE-2007-5000 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
CVE-2007-4999 version (pidgin, fixed 2.2.2)
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
+CVE-2007-4887 ignore (php, fixed 5.2.5)
CVE-2007-4879 version (firefox, fixed 2.0.0.13)
CVE-2007-4879 version (seamonkey, fixed 1.1.9)
+CVE-2007-4850 ignore (php, fixed 5.2.6)
+CVE-2007-4840 ignore (php, fixed 5.2.5)
CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
+CVE-2007-4825 ignore (php, fixed 5.2.5)
+CVE-2007-4784 ignore (php, fixed 5.2.5)
+CVE-2007-4783 ignore (php, fixed 5.2.5)
CVE-2007-4772 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
CVE-2007-4771 backport (icu) [since icu-3.8.1-3.fc9]
CVE-2007-4770 backport (icu) [since icu-3.8.1-3.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.379
retrieving revision 1.380
diff -u -r1.379 -r1.380
--- fc7 6 Jun 2008 19:59:59 -0000 1.379
+++ fc7 13 Jun 2008 18:29:10 -0000 1.380
@@ -7,25 +7,35 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
+CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4440]
CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4950]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4606]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
CVE-2008-2363 VULNERABLE (pan)
+CVE-2008-2362 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285]
+CVE-2008-2361 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285]
+CVE-2008-2360 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285]
CVE-2008-2359 ignore (system-config-network) F8 specific issue
CVE-2008-2357 fixed (mtr, fixed 0.73)
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447257 [since FEDORA-2008-4191]
+CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5224]
CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2168 ignore (httpd) browser issue, not apache
+CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) #450649 [since FEDORA-2008-5239]
CVE-2008-2146 version (wordpress, fixed 2.2.3)
CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
CVE-2008-2109 fixed (libid3tag) #445813 [since FEDORA-2008-3874]
+CVE-2008-2108 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734]
+CVE-2008-2107 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734]
CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488]
CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488]
CVE-2008-2085 VULNERABLE (sipp) #446219
CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319]
+CVE-2008-2051 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734]
+CVE-2008-2050 ignore (php, fixed 5.2.6)
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-3.fc7]
CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
@@ -33,7 +43,7 @@
CVE-2008-2000 ignore (WebKit) browser DoS
CVE-2008-1999 VULNERABLE (WebKit)
CVE-2008-1996 fixed (licq, fixed 1.3.6) #445237 [since FEDORA-2008-3909]
-CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 [since FEDORA-2008-3460]
+CVE-2008-1974 fixed (kronolith, fixed 3.1.8) #444403 [since FEDORA-2008-3460]
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3508]
CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447509 [since FEDORA-2008-4274]
@@ -56,6 +66,9 @@
CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358]
+CVE-2008-1808 VULNERABLE (freetype, fixed 2.3.6)
+CVE-2008-1807 VULNERABLE (freetype, fixed 2.3.6)
+CVE-2008-1806 VULNERABLE (freetype, fixed 2.3.6)
CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5045]
CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985]
CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985]
@@ -107,12 +120,15 @@
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620]
CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
+CVE-2008-1384 ignore (php, fixed 5.2.6)
CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4947]
-CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc7]
+CVE-2008-1382 fixed (libpng10) [since FEDORA-2008-3979]
CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444435 [since FEDORA-2008-3516]
CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442850 [since FEDORA-2008-3231]
CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519]
+CVE-2008-1379 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285]
+CVE-2008-1377 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285]
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897]
CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
@@ -185,6 +201,7 @@
CVE-2008-1011 fixed (WebKit) [since FEDORA-2008-3415]
CVE-2008-1010 fixed (WebKit) [since FEDORA-2008-3415]
CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
+CVE-2008-0960 fixed (net-snmp, fixed 5.4.1.1) [since FEDORA-2008-5224]
CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...
CVE-2008-0928 fixed (qemu) #433562 [since FEDORA-2008-1995]
@@ -210,6 +227,7 @@
CVE-2008-0658 fixed (openldap) #432013 [since FEDORA-2008-1568]
CVE-2008-0646 fixed (deluge, fixed 0.5.8.3) [since FEDORA-2008-1198]
CVE-2008-0646 fixed (rb_libtorrent) [since FEDORA-2008-1245]
+CVE-2008-0599 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734]
CVE-2008-0597 version (cups) only old CUPS versions affected
CVE-2008-0596 version (cups) only old CUPS versions affected
CVE-2008-0595 backport (dbus, fixed 1.1.20) [since FEDORA-2008-2043]
@@ -416,11 +434,14 @@
CVE-2007-5906 VULNERABLE (xen) #390101
CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5901 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
+CVE-2007-5900 ignore (php, fixed 5.2.5)
+CVE-2007-5899 fixed (php, fixed 5.2.5) [since FEDORA-2008-1734]
+CVE-2007-5898 fixed (php, fixed 5.2.5) [since FEDORA-2008-1734]
CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
CVE-2007-5848 version (cups, fixed 1.2.0)
CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
-CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #437851
+CVE-2007-5803 VULNERABLE (nagios, fixed 2.12) #437851
CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
@@ -514,15 +535,21 @@
CVE-2007-4897 version (opal, fixed 2.2.9)
CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
+CVE-2007-4887 ignore (php, fixed 5.2.5)
CVE-2007-4879 version (firefox, fixed 2.0.0.13)
CVE-2007-4879 version (seamonkey, fixed 1.1.9)
CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137
+CVE-2007-4850 ignore (php, fixed 5.2.6)
CVE-2007-4841 ignore (mozilla) Windows only
CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3431] windows only anyway
-CVE-2007-4840 ignore (php)
+CVE-2007-4840 ignore (php, fixed 5.2.5)
CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321
CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189]
CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196]
+CVE-2007-4825 ignore (php, fixed 5.2.5)
+CVE-2007-4784 ignore (php, fixed 5.2.5)
+CVE-2007-4783 ignore (php, fixed 5.2.5)
+CVE-2007-4782 fixed (php, fixed 5.2.5) [since FEDORA-2008-1734]
CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
CVE-2007-4771 fixed (icu) #430232 [since FEDORA-2008-1076]
CVE-2007-4770 fixed (icu) #430232 [since FEDORA-2008-1076]
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f10, 1.4, 1.5 f8, 1.222, 1.223 f9, 1.212, 1.213 fc7, 1.378, 1.379
- Next message (by thread): [Fedora-security-commits] fedora-security/tools/lib/Libexig Fedora.pm, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-security-commits
mailing list