[Fedora-security-commits] fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Fri Jun 20 19:34:59 UTC 2008
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29644/audit
Modified Files:
f10 f8 f9
Log Message:
ruby bugs
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- f10 20 Jun 2008 08:50:45 -0000 1.7
+++ f10 20 Jun 2008 19:34:29 -0000 1.8
@@ -4,6 +4,10 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
+CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
+CVE-2008-2726 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295
+CVE-2008-2725 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295
CVE-2008-2724 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10]
CVE-2008-2723 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10]
CVE-2008-2722 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10]
@@ -11,6 +15,9 @@
CVE-2008-2720 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10]
CVE-2008-2713 version (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc10]
CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17)
+CVE-2008-2664 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295
+CVE-2008-2663 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295
+CVE-2008-2662 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295
CVE-2008-2575 version (cbrpager) [since cbrpager-0.9.17-2.fc10]
CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10]
CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2]
@@ -46,6 +53,7 @@
CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc10]
CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10]
CVE-2008-1926 backport (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9]
+CVE-2008-1891 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295
CVE-2008-1836 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
CVE-2008-1808 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10]
CVE-2008-1807 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10]
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.225
retrieving revision 1.226
diff -u -r1.225 -r1.226
--- f8 20 Jun 2008 08:50:45 -0000 1.225
+++ f8 20 Jun 2008 19:34:29 -0000 1.226
@@ -7,6 +7,10 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
CVE-2008-2783 VULNERABLE (kronolith)
+CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
+CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
+CVE-2008-2726 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293
+CVE-2008-2725 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293
CVE-2008-2724 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8]
CVE-2008-2723 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8]
CVE-2008-2722 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8]
@@ -14,6 +18,9 @@
CVE-2008-2720 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8]
CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1)
CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17)
+CVE-2008-2664 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293
+CVE-2008-2663 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293
+CVE-2008-2662 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293
CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4528]
CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4842]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579]
@@ -67,6 +74,7 @@
CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since FEDORA-2008-3461] PMASA-2008-3
CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3390]
+CVE-2008-1891 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293
CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443055 [since FEDORA-2008-3353] nsf demuxer overflow
CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3174]
CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.215
retrieving revision 1.216
diff -u -r1.215 -r1.216
--- f9 20 Jun 2008 08:50:45 -0000 1.215
+++ f9 20 Jun 2008 19:34:29 -0000 1.216
@@ -5,6 +5,10 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
+CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
+CVE-2008-2726 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294
+CVE-2008-2725 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294
CVE-2008-2724 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9]
CVE-2008-2723 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9]
CVE-2008-2722 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9]
@@ -12,6 +16,9 @@
CVE-2008-2720 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9]
CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc9]
CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17)
+CVE-2008-2664 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294
+CVE-2008-2663 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294
+CVE-2008-2662 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294
CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4501]
CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531]
@@ -66,6 +73,7 @@
CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3
CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
CVE-2008-1897 version (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9]
+CVE-2008-1891 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294
CVE-2008-1878 backport (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9]
CVE-2008-1845 version (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora?
CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
More information about the Fedora-security-commits
mailing list