[Fedora-security-commits] fedora-security/audit f8, 1.174, 1.175 fc7, 1.330, 1.331

Wed Mar 26 17:38:45 UTC 2008

Author: lkundrak

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24173

Modified Files:
	f8 fc7 
Log Message:
check-updates


Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.174
retrieving revision 1.175
diff -u -r1.174 -r1.175

--- f8	26 Mar 2008 07:31:28 -0000	1.174
+++ f8	26 Mar 2008 17:38:15 -0000	1.175
@@ -6,25 +6,25 @@
 
 GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635
 GENERIC-MAP-NOMATCH fixed (wyrd) #433720 [since FEDORA-2008-1963] 
-GENERIC-MAP-NOMATCH VULNERABLE (libsilc) #438382 
+GENERIC-MAP-NOMATCH fixed (libsilc) #438382 [since FEDORA-2008-2641] 
 GENERIC-MAP-NOMATCH VULNERABLE (php-pecl-apc) #438847 
 CVE-2008-1482 VULNERABLE (xine-lib) #438670 
 CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370] 
-CVE-2008-1468 VULNERABLE (namazu) #438667
+CVE-2008-1468 fixed (namazu) #438667 [since FEDORA-2008-2767] 
 CVE-2008-1467 VULNERABLE (centerim) #438871
 CVE-2008-1394 ignore (plone) 
-CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438133 
+CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] 
 CVE-2008-1372 ignore (bzip2) Just a crash
 CVE-2008-1360 VULNERABLE (nagios) #437850 
 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
 CVE-2008-1333 ignore (asterisk) not affected
-CVE-2008-1332 VULNERABLE (asterisk, fixed 1.4.18.1) #438133 
+CVE-2008-1332 fixed (asterisk, fixed 1.4.18.1) #438133 [since FEDORA-2008-2554] 
 CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped
 CVE-2008-1304 ignore (wordpress) bogus CVE id description?
 CVE-2008-1292 fixed (viewvc) #435349 [since FEDORA-2008-2159] 
 CVE-2008-1291 fixed (viewvc) #435349 [since FEDORA-2008-2159] 
 CVE-2008-1290 fixed (viewvc) #435349 [since FEDORA-2008-2159] 
-CVE-2008-1289 VULNERABLE (asterisk, fixed 1.4.18.1) #438133 
+CVE-2008-1289 fixed (asterisk, fixed 1.4.18.1) #438133 [since FEDORA-2008-2554] 
 CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2362] 
 CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
@@ -45,11 +45,11 @@
 CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435485 
 CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435485 
 CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911]
-CVE-2008-1066 VULNERABLE (gallery2) #438058 
+CVE-2008-1066 VULNERABLE (gallery2) #438058 [since FEDORA-2008-2587] 
 CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062 
 CVE-2008-1010 ignore (WebKit) Nothing uses WebKit
 CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262] 
-CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438023 
+CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
 CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped...
 CVE-2008-0928 fixed (qemu) #433561 [since FEDORA-2008-2001] 
 CVE-2008-0928 fixed (kvm) #433564 [since FEDORA-2008-1973] 
@@ -141,10 +141,10 @@
 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] 
 CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] 
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
-CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438192 
+CVE-2008-0073 fixed (xine-lib, fixed 1.1.11) #438192 [since FEDORA-2008-2569] 
 CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292] 
-CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438023 
-CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438023 
+CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
+CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] 
 CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] 
 CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
@@ -244,7 +244,7 @@
 CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
 CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
 CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) #438023 
+CVE-2007-5971 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
 CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
 CVE-2007-5969 backport (mysql, fixed 5.0.51) #424931 [since FEDORA-2007-4465]
 CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4285]
@@ -265,7 +265,7 @@
 CVE-2007-5907 VULNERABLE (xen) #390111
 CVE-2007-5906 VULNERABLE (xen) #390111
 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) #438023 
+CVE-2007-5901 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
 CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
 CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
 CVE-2007-5848 version (cups, fixed 1.2.0) 


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.330
retrieving revision 1.331
diff -u -r1.330 -r1.331
--- fc7	26 Mar 2008 07:31:28 -0000	1.330
+++ fc7	26 Mar 2008 17:38:15 -0000	1.331
@@ -7,25 +7,25 @@
 
 GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635
 GENERIC-MAP-NOMATCH fixed (wyrd) #433721 [since FEDORA-2008-1986] 
-GENERIC-MAP-NOMATCH VULNERABLE (libsilc) #438382 
+GENERIC-MAP-NOMATCH fixed (libsilc) #438382 [since FEDORA-2008-2641] 
 GENERIC-MAP-NOMATCH VULNERABLE (php-pecl-apc) #438846 
 CVE-2008-1482 VULNERABLE (xine-lib) #438669 
 CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471] 
-CVE-2008-1468 VULNERABLE (namazu) #438666
+CVE-2008-1468 fixed (namazu) #438666 [since FEDORA-2008-2678] 
 CVE-2008-1467 VULNERABLE (centerim) #438871
 CVE-2008-1394 ignore (plone) 
-CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438132 
+CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] 
 CVE-2008-1372 ignore (bzip2) Just a crash
 CVE-2008-1360 VULNERABLE (nagios) #437851 
 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
 CVE-2008-1333 ignore (asterisk) not affected
-CVE-2008-1332 VULNERABLE (asterisk, fixed 1.4.18.1) #438132 
+CVE-2008-1332 fixed (asterisk, fixed 1.4.18.1) #438132 [since FEDORA-2008-2620] 
 CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped
 CVE-2008-1304 ignore (wordpress) bogus CVE id description?
 CVE-2008-1292 fixed (viewvc) #435349 [since FEDORA-2008-2159] 
 CVE-2008-1291 fixed (viewvc) #435349 [since FEDORA-2008-2159] 
 CVE-2008-1290 fixed (viewvc) #435349 [since FEDORA-2008-2159] 
-CVE-2008-1289 VULNERABLE (asterisk, fixed 1.4.18.1) #438132 
+CVE-2008-1289 fixed (asterisk, fixed 1.4.18.1) #438132 [since FEDORA-2008-2620] 
 CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2406] 
 CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
@@ -46,11 +46,11 @@
 CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435487 
 CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435487 
 CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928]
-CVE-2008-1066 VULNERABLE (gallery2) #438059 
-CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438063 
+CVE-2008-1066 VULNERABLE (gallery2) #438059 [since FEDORA-2008-2650] 
+CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656] 
 CVE-2008-1010 ignore (WebKit) Nothing uses WebKit
 CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278] 
-CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438022 
+CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] 
 CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...
 CVE-2008-0928 fixed (qemu) #433562 [since FEDORA-2008-1995] 
 CVE-2008-0928 fixed (kvm) #433565 [since FEDORA-2008-1993] 
@@ -143,8 +143,8 @@
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
 CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438191 
 CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290] 
-CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438022 
-CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438022 
+CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] 
+CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] 
 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] 
 CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] 
 CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] 
@@ -243,7 +243,7 @@
 CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
 CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
 CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) #438022 
+CVE-2007-5971 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] 
 CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
 CVE-2007-5969 backport (mysql, fixed 5.0.51) #424921 [since FEDORA-2007-4471]
 CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4354]
@@ -264,7 +264,7 @@
 CVE-2007-5907 VULNERABLE (xen) #390101
 CVE-2007-5906 VULNERABLE (xen) #390101
 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) #438022 
+CVE-2007-5901 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] 
 CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
 CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
 CVE-2007-5848 version (cups, fixed 1.2.0) 


