[Fedora-security-commits] fedora-security/audit f8, 1.158, 1.159 f9, 1.149, 1.150 fc7, 1.314, 1.315

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Mon Mar 17 08:12:27 UTC 2008 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26532/audit

Modified Files:
	f8 f9 fc7 
Log Message:
clean-ups, check updates



Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.158
retrieving revision 1.159
diff -u -r1.158 -r1.159
--- f8	14 Mar 2008 10:02:04 -0000	1.158
+++ f8	17 Mar 2008 08:11:56 -0000	1.159
@@ -9,10 +9,10 @@
 
 GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635
 GENERIC-MAP-NOMATCH fixed (wyrd) #433720 [since FEDORA-2008-1963] 
-GENERIC-MAP-NOMATCH VULNERABLE (viewvc) #435349 
-GENERIC-MAP-NOMATCH VULNERABLE (roundup) #436547 
+GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159] 
+GENERIC-MAP-NOMATCH fixed (roundup) #436547 [since FEDORA-2008-2370] 
 CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped
-CVE-2008-1284 VULNERABLE (horde) #436628 
+CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2362] 
 CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
 CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected
@@ -23,22 +23,22 @@
 CVE-2008-1145 version (ruby, fixed 1.8.6-p114) [since FEDORA-2008-2443]
 CVE-2008-1133 ignore (drupal) #435816 drupal 6.x only
 CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only
-CVE-2008-1111 VULNERABLE (lighttpd) #435807 
+CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] 
 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043]
-CVE-2008-1072 VULNERABLE (wireshark) #435485 
-CVE-2008-1071 VULNERABLE (wireshark) #435485 
-CVE-2008-1070 VULNERABLE (wireshark) #435485 
+CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435485 
+CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435485 
+CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435485 
 CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911]
-CVE-2008-0983 VULNERABLE (lighttpd) #435807 
+CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262] 
 CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped...
 CVE-2008-0928 fixed (qemu) #433561 [since FEDORA-2008-2001] 
 CVE-2008-0928 fixed (kvm) #433564 [since FEDORA-2008-1973] 
-CVE-2008-0928 VULNERABLE (xen) #434639 
+CVE-2008-0928 fixed (xen) #434639 [since FEDORA-2008-2057] 
 CVE-2008-0882 fixed (cups, fixed 1.3.6) #433803 [since FEDORA-2008-1901] 
 CVE-2008-0782 fixed (moin) #432019 [since FEDORA-2008-1562] 
 CVE-2008-0781 fixed (moin) #432750 [since FEDORA-2008-1905] 
 CVE-2008-0780 fixed (moin) #432750 [since FEDORA-2008-1905] 
-CVE-2008-0807 VULNERABLE (turba) #433319 
+CVE-2008-0807 fixed (turba) #433319 [since FEDORA-2008-2087] 
 CVE-2008-0786 version (cacti, fixed 0.8.7b) #432760 
 CVE-2008-0785 version (cacti, fixed 0.8.7b) #432760 
 CVE-2008-0784 version (cacti, fixed 0.8.7b) #432760 
@@ -57,49 +57,49 @@
 CVE-2008-0594 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] 
 CVE-2008-0593 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] 
 CVE-2008-0593 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] 
-CVE-2008-0593 VULNERABLE (thunderbird, fixed 2.0.0.12) #432048 
+CVE-2008-0593 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] 
 CVE-2008-0592 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] 
 CVE-2008-0592 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] 
-CVE-2008-0592 VULNERABLE (thunderbird, fixed 2.0.0.12) #432048 
+CVE-2008-0592 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] 
 CVE-2008-0591 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] 
 CVE-2008-0591 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] 
-CVE-2008-0591 VULNERABLE (thunderbird, fixed 2.0.0.12) #432048 
-CVE-2008-0564 VULNERABLE (mailman, fixed 2.1.10b1) 
+CVE-2008-0591 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] 
+CVE-2008-0564 backport (mailman, fixed 2.1.10b1) [since FEDORA-2008-1334]
 CVE-2008-0554 version (netpbm, fixed 10.27) 
 CVE-2008-0553 fixed (perl-Tk) #431532 [since FEDORA-2008-1323] 
-CVE-2008-0553 VULNERABLE (tk, fixed 8.5.1) 
+CVE-2008-0553 backport (tk, fixed 8.5.1) [since FEDORA-2008-1122] 
 CVE-2008-0544 fixed (SDL_image) #430694 [since FEDORA-2008-1208] ILBM overflow
 CVE-2008-0486 fixed (xine-lib, fixed 1.1.10.1) #431543 [since FEDORA-2008-1543] 
-CVE-2008-0460 VULNERABLE (mediawiki) #430288 
+CVE-2008-0460 fixed (mediawiki) #430288 [since FEDORA-2008-2288] 
 CVE-2008-0420 version (firefox, fixed 2.0.0.12) [since FEDORA-2008-1535]
 CVE-2008-0420 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1459]
-CVE-2008-0420 VULNERABLE (thunderbird, fixed 2.0.0.12) #432048
+CVE-2008-0420 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] 
 CVE-2008-0419 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] 
 CVE-2008-0419 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] 
-CVE-2008-0419 VULNERABLE (thunderbird, fixed 2.0.0.12) #432048 
+CVE-2008-0419 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] 
 CVE-2008-0418 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] 
 CVE-2008-0418 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] 
-CVE-2008-0418 VULNERABLE (thunderbird, fixed 2.0.0.12) #432048 
+CVE-2008-0418 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] 
 CVE-2008-0417 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] 
 CVE-2008-0417 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] 
 CVE-2008-0415 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] 
 CVE-2008-0415 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] 
-CVE-2008-0415 VULNERABLE (thunderbird, fixed 2.0.0.12) #432048 
+CVE-2008-0415 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] 
 CVE-2008-0414 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] 
 CVE-2008-0414 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] 
 CVE-2008-0413 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] 
 CVE-2008-0413 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] 
-CVE-2008-0413 VULNERABLE (thunderbird, fixed 2.0.0.12) #432048 
+CVE-2008-0413 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] 
 CVE-2008-0412 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535] 
 CVE-2008-0412 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459] 
-CVE-2008-0412 VULNERABLE (thunderbird, fixed 2.0.0.12) #432048 
-CVE-2008-0411 VULNERABLE (ghostscript) #435146 
+CVE-2008-0412 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] 
+CVE-2008-0411 fixed (ghostscript) #435146 [since FEDORA-2008-1998] 
 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] 
 CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] 
 CVE-2008-0364 ignore (bittorrent) Windows only
 CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1625] 
 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1459]
-CVE-2008-0304 VULNERABLE (thunderbird, fixed 2.0.0.12) #432048 
+CVE-2008-0304 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] 
 CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] 
 CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926
 CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485]
@@ -114,13 +114,13 @@
 CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.
 **CVE-2008-0192 version (wordpress, not fixed 2.0.9) 
 CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
-CVE-2008-0172 VULNERABLE (boost) #428975 [since FEDORA-2008-0754] 
-CVE-2008-0171 VULNERABLE (boost) #428975 [since FEDORA-2008-0754] 
+CVE-2008-0172 fixed (boost) #428975 [since FEDORA-2008-0754] 
+CVE-2008-0171 fixed (boost) #428975 [since FEDORA-2008-0754] 
 CVE-2008-0128 VULNERABLE (tomcat5) #429904 
 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] 
 CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] 
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
-CVE-2008-0072 VULNERABLE (evolution) #436081 
+CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292] 
 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] 
 CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] 
 CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
@@ -211,8 +211,8 @@
 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
 CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] 
 CVE-2007-6061 VULNERABLE (audacity) #393251
-CVE-2007-6018 VULNERABLE (horde) #428628 
-CVE-2007-6018 VULNERABLE (imp) #428632 
+CVE-2007-6018 fixed (horde) #428628 [since FEDORA-2008-2040] 
+CVE-2007-6018 fixed (imp) #428632 [since FEDORA-2008-2040] 
 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275]
 CVE-2007-6013 VULNERABLE (wordpress)
 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
@@ -247,7 +247,7 @@
 CVE-2007-5846 version (net-snmp, fixed 5.4.1) 
 CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
 CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
-GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
+GENERIC-MAP-NOMATCH fixed (nx) #293031 [since FEDORA-2008-2258] 
 CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] 
 CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
@@ -307,7 +307,7 @@
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
 CVE-2007-4476 backport (tar) #280961 [since FEDORA-2007-2800] tar-1.17-4.fc8
 CVE-2007-4476 backport (cpio, not fixed 2.9) #363891 [since FEDORA-2007-2827] cpio-2.9-5.fc8
-CVE-2007-4400 VULNERABLE (konversation) #362921 Remove media script?
+CVE-2007-4400 VULNERABLE (konversation) #362921 [since FEDORA-2008-2062] Remove media script?
 CVE-2007-4351 version (cups) #362971 [since FEDORA-2007-2982]
 CVE-2007-4352 backport (xpdf) #372471 [since FEDORA-2007-3014]
 CVE-2007-4352 backport (cups) [since FEDORA-2007-2982]
@@ -320,7 +320,7 @@
 CVE-2007-4045 backport (cups) [since FEDORA-2007-2982]
 CVE-2007-4033 backport (tetex) [since FEDORA-2007-3308]
 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091
-CVE-2007-3999 VULNERABLE (libtirpc) #362111
+CVE-2007-3999 fixed (libtirpc) #362111 [since FEDORA-2008-1017] 
 CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #363061
 CVE-2007-3919 backport (xen, fixed 3.1.0-13) #361991
 CVE-2007-3844 version (firefox, fixed 2.0.0.6)


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.149
retrieving revision 1.150
diff -u -r1.149 -r1.150
--- f9	14 Mar 2008 10:02:04 -0000	1.149
+++ f9	17 Mar 2008 08:11:56 -0000	1.150
@@ -12,7 +12,7 @@
 GENERIC-MAP-NOMATCH fixed (inkscape) #432807  [since inkscape-0.45.1+0.46pre1-4.fc9]
 GENERIC-MAP-NOMATCH version (roundup) #436549 [since roundup-1.4.4-1.fc9]
 CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped
-CVE-2008-1284 fixed (horde) #436628 
+CVE-2008-1284 version (horde, fixed 3.1.7) #436628 
 CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
 CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected
@@ -26,9 +26,9 @@
 CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9]
 CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9]
-CVE-2008-1072 VULNERABLE (wireshark) #435488 
-CVE-2008-1071 VULNERABLE (wireshark) #435488 
-CVE-2008-1070 VULNERABLE (wireshark) #435488 
+CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435488 
+CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435488 
+CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435488 
 CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9]
 CVE-2008-0983 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
 CVE-2008-0932 backport (sword) #433726 [since sword-1.5.10-3.fc9] why? diatheke.pl is not shipped...
@@ -69,7 +69,7 @@
 CVE-2008-0553 backport (tk, fixed 8.5.1) [since tk-8.5.0-4.fc9]
 CVE-2008-0544 backport (SDL_image) #430696 ILBM overflow [since SDL_image-1.2.6-5.fc9]
 CVE-2008-0486 version (xine-lib, fixed 1.1.10.1) #431544 [since xine-lib-1.1.10.1-1.fc9]
-CVE-2008-0460 VULNERABLE (mediawiki) #430289 
+CVE-2008-0460 version (mediawiki) #430289 [since mediawiki-1.10.4-38.fc9]
 CVE-2008-0420 version (firefox, fixed 2.0.0.12) 
 CVE-2008-0420 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9]
 CVE-2008-0420 version (thuderbird, fixed 2.0.0.12) [since thunderbird-2.0.0.12-1.fc9]
@@ -92,7 +92,7 @@
 CVE-2008-0412 version (firefox, fixed 2.0.0.12) 
 CVE-2008-0412 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9]
 CVE-2008-0412 version (thuderbird, fixed 2.0.0.12) [since thunderbird-2.0.0.12-1.fc9]
-CVE-2008-0411 VULNERABLE (ghostscript) #435147 
+CVE-2008-0411 backport (ghostscript) #435147 [since ghostscript-8.61-10.fc9]
 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9]
 CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9]
 CVE-2008-0364 ignore (bittorrent) Windows only
@@ -119,7 +119,7 @@
 CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9]
 CVE-2008-0122 backport (bind) #429534 [since bind-9.5.0-24.b1.fc9]
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
-CVE-2008-0072 VULNERABLE (evolution) #436082 
+CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9] 
 CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9]
 CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
 CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.314
retrieving revision 1.315
diff -u -r1.314 -r1.315
--- fc7	14 Mar 2008 10:02:04 -0000	1.314
+++ fc7	17 Mar 2008 08:11:56 -0000	1.315
@@ -13,7 +13,7 @@
 GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159] 
 GENERIC-MAP-NOMATCH fixed (roundup) #436548 [since FEDORA-2008-2471] 
 CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped
-CVE-2008-1284 fixed (horde) #436628 [since FEDORA-2008-2362] 
+CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2406] 
 CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
 CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2475] marginally affected
@@ -26,9 +26,9 @@
 CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only
 CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] 
 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
-CVE-2008-1072 VULNERABLE (wireshark) #435487 
-CVE-2008-1071 VULNERABLE (wireshark) #435487 
-CVE-2008-1070 VULNERABLE (wireshark) #435487 
+CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435487 
+CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435487 
+CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435487 
 CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928]
 CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278] 
 CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...
@@ -64,10 +64,10 @@
 CVE-2008-0591 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435] 
 CVE-2008-0591 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669] 
 CVE-2008-0591 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118] 
-CVE-2008-0564 VULNERABLE (mailman, fixed 2.1.10b1) 
+CVE-2008-0564 backport (mailman, fixed 2.1.10b1) [since FEDORA-2008-1356]
 CVE-2008-0554 version (netpbm, fixed 10.27) 
 CVE-2008-0553 fixed (perl-Tk) #431531 [since FEDORA-2008-1384] 
-CVE-2008-0553 VULNERABLE (tk, fixed 8.5.1) 
+CVE-2008-0553 backport (tk, fixed 8.5.1) [since FEDORA-2008-1131]
 CVE-2008-0544 fixed (SDL_image) #430695 [since FEDORA-2008-1208] ILBM overflow
 CVE-2008-0486 fixed (xine-lib, fixed 1.1.10.1) #431542 [since FEDORA-2008-1581] 
 CVE-2008-0460 fixed (mediawiki) #430287 [since FEDORA-2008-2245] 
@@ -267,7 +267,7 @@
 CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738]
 CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652]
 CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652]
-CVE-2007-5503 VULNERABLE (cairo, fixed 1.4.12) [since FEDORA-2007-3818] 
+CVE-2007-5503 version (cairo, fixed 1.4.12) [since FEDORA-2007-3818] 
 CVE-2007-5501 version (kernel) [since FEDORA-2007-3751]
 CVE-2007-5500 version (kernel) [since FEDORA-2007-3751]
 CVE-2007-5497 fixed (e2fsprogs) #414571 [since FEDORA-2007-4461]

More information about the Fedora-security-commits mailing list