[Fedora-security-commits] fedora-security/audit f8, 1.215, 1.216 f9, 1.205, 1.206 fc7, 1.371, 1.372
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Tue May 6 16:55:24 UTC 2008
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.214, 1.215 f9, 1.204, 1.205 fc7, 1.370, 1.371
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.216, 1.217 f9, 1.206, 1.207 fc7, 1.372, 1.373
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14762/audit
Modified Files:
f8 f9 fc7
Log Message:
note WebKit, licq
major pre-F9 cleanup
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.215
retrieving revision 1.216
diff -u -r1.215 -r1.216
--- f8 5 May 2008 08:37:37 -0000 1.215
+++ f8 6 May 2008 16:54:54 -0000 1.216
@@ -8,6 +8,9 @@
rhbz249840 VULNERABLE (tor)
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2000 ignore (WebKit) browser DoS
+CVE-2008-1999 VULNERABLE (WebKit)
+CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445238
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc8]
@@ -58,7 +61,7 @@
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849]
CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370]
-CVE-2008-1468 fixed (namazu) #438667 [since FEDORA-2008-2767]
+CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767]
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554]
@@ -259,7 +262,7 @@
CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
-CVE-2007-6672 VULNERABLE (jetty) #428017
+CVE-2007-6672 ingore (jetty) #428017 jetty 6.x only
CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136]
CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped
CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282]
@@ -298,7 +301,7 @@
CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423291 [since FEDORA-2008-2962]
+CVE-2007-6321 VULNERABLE (roundcubemail) #423291
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6313 ignore (mysql) 5.1+ only
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
@@ -312,8 +315,8 @@
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
-CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
-CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
+CVE-2007-6207 ignore (kernel-xen) Xen cross-domain memory read, ia64 only
+CVE-2007-6206 version (kernel, fixed 2.6.22.17) Core dump owner issue
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216]
@@ -486,11 +489,11 @@
CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage
CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since FEDORA-2007-4334]
CVE-2006-7232 version (mysql, fixed 5.0.32)
-CVE-2006-6698 VULNERABLE (GConf2) #219280
+CVE-2006-6698 ignore (GConf2) #219280 minimal impact
CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB
CVE-2006-6107 version (dbus, fixed 1.0.2) #219665
CVE-2006-6077 version (firefox, fixed 1.5.0.10)
-CVE-2006-6058 VULNERABLE (kernel) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24
+CVE-2006-6058 version (kernel, fixed 2.6.23.7) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24
CVE-2006-6057 version (kernel, fixed 2_6_20-1_2924_fc6) GFS2 MOKB.
CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560
CVE-2006-5864 version (evince, fixed 0.6.3) #217672
@@ -514,6 +517,6 @@
CVE-2005-4791 version (liferea, fixed 1.4.8) #393301 [since FEDORA-2007-3701]
CVE-2005-4790 backport (blam, fixed 1.8.4) #395761 [since FEDORA-2007-3798]
CVE-2005-4790 backport (tomboy) #362951 [since FEDORA-2007-3253]
-CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness
+CVE-2005-3675 ignore (kernel) optack, no upstream fix -- TCP protocol weakness
CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.205
retrieving revision 1.206
diff -u -r1.205 -r1.206
--- f9 5 May 2008 08:37:37 -0000 1.205
+++ f9 6 May 2008 16:54:54 -0000 1.206
@@ -7,17 +7,20 @@
rhbz249840 VULNERABLE (tor)
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2000 ignore (WebKit) browser DoS
+CVE-2008-1999 VULNERABLE (WebKit)
+CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445239
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc9]
-CVE-2008-1937 VULNERABLE (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
+CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0
CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941
CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9]
CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3
CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
CVE-2008-1897 version (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9]
-CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9]
+CVE-2008-1878 backport (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9]
CVE-2008-1845 version (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora?
CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
@@ -37,7 +40,7 @@
CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9]
CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3]
CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped
-CVE-2008-1670 VULNERABLE (kdelibs) [since kdelibs-4.0.3-7.fc9]
+CVE-2008-1670 backport (kdelibs) [since kdelibs-4.0.3-7.fc9]
CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9]
CVE-2008-1657 version (openssh, fixed 4.9) #440376 [since openssh-5.0p1-1.fc9]
CVE-2008-1652 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9]
@@ -57,7 +60,7 @@
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9]
CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9]
-CVE-2008-1468 VULNERABLE (namazu) #438668
+CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9]
CVE-2008-1467 fixed (centerim) #438871
CVE-2008-1394 ignore (plone)
CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9]
@@ -65,11 +68,11 @@
CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc9]
CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437
-CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
-CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442852
-CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1380 version (firefox, fixed 2.0.0.14)
+CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9]
+CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
-CVE-2008-1373 VULNERABLE (cups) #440041 [since cups-1.3.6-9.fc9]
+CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9]
CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
CVE-2008-1360 VULNERABLE (nagios) #437852
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
@@ -88,19 +91,19 @@
CVE-2008-1238 version (seamonkey, fixed 1.1.9)
CVE-2008-1237 version (firefox, fixed 2.0.0.13)
CVE-2008-1237 version (seamonkey, fixed 1.1.9)
-CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1237 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1236 version (firefox, fixed 2.0.0.13)
CVE-2008-1236 version (seamonkey, fixed 1.1.9)
-CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1236 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1235 version (firefox, fixed 2.0.0.13)
CVE-2008-1235 version (seamonkey, fixed 1.1.9)
-CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1235 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1234 version (firefox, fixed 2.0.0.13)
CVE-2008-1234 version (seamonkey, fixed 1.1.9)
-CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1234 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1233 version (firefox, fixed 2.0.0.13)
CVE-2008-1233 version (seamonkey, fixed 1.1.9)
-CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected
CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config
@@ -116,7 +119,7 @@
CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9]
CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9]
-CVE-2008-1102 VULNERABLE (blender) #443937 [since blender-2.45-12.fc9]
+CVE-2008-1102 backport (blender) #443937 [since blender-2.45-12.fc9]
CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
CVE-2008-1099 version (moin, fixed 1.5.9) #438674
CVE-2008-1098 version (moin, fixed 1.5.9) #438674
@@ -125,8 +128,8 @@
CVE-2008-1071 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
CVE-2008-1070 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9]
-CVE-2008-1066 VULNERABLE (gallery2) #438060
-CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064
+CVE-2008-1066 fixed (gallery2) #438060 [since gallery2-2.2.4-3.fc9]
+CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438064 [since php-pear-PhpDocumentor-1.4.1-2.fc9]
CVE-2008-1026 version (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc9]
CVE-2008-1025 version (WebKit, fixed r31438) [since WebKit-1.0.0-0.8.svn31787.fc9]
CVE-2008-1011 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9]
@@ -138,10 +141,10 @@
CVE-2008-0928 backport (kvm) #433566 [since kvm-61-2.fc9]
CVE-2008-0928 backport (xen) [since xen-3.2.0-8.fc9]
CVE-2008-0888 backport (unzip) #437927 [since unzip-5.52-9.fc9]
-CVE-2008-0887 VULNERABLE (gnome-screensaver) #440257
+CVE-2008-0887 version (gnome-screensaver, fixed 2.22.1) #440257 [since gnome-screensaver-2.22.1-1.fc9]
CVE-2008-0882 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]
CVE-2008-0807 version (turba, fixed 2.1.7) #433318 [since turba-2.1.7-1.fc9]
-CVE-2008-0806 VULNERABLE (wyrd) #433722
+CVE-2008-0806 fixed (wyrd) #433722 [since wyrd-1.4.3b-1.fc9]
CVE-2008-0786 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9]
CVE-2008-0785 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9]
CVE-2008-0784 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9]
@@ -226,16 +229,16 @@
CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
CVE-2008-0172 backport (boost) #428976 [since boost-1.34.1-7.fc9]
CVE-2008-0171 backport (boost) #428976 [since boost-1.34.1-7.fc9]
-CVE-2008-0128 VULNERABLE (tomcat5) #429905
+CVE-2008-0128 version (tomcat5, fixed 5.5.21) #429905
CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9]
CVE-2008-0122 backport (bind) #429534 [since bind-9.5.0-24.b1.fc9]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
-CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438193
+CVE-2008-0073 version (xine-lib, fixed 1.1.11) #438193 [since xine-lib-1.1.11-1.fc9]
CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9]
CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]
-CVE-2008-0047 VULNERABLE (cups) #440041
+CVE-2008-0047 backport (cups) #440041 [since cups-1.3.6-9.fc9]
CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9]
CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
@@ -254,7 +257,7 @@
CVE-2007-6687 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
CVE-2007-6686 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
CVE-2007-6685 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
-CVE-2007-6672 VULNERABLE (jetty) #428018
+CVE-2007-6672 ignore (jetty) #428018 jetty 6.x only
CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet
CVE-2007-6630 version (netembryo, fixed 0.0.5) #427470 There was not release in stable branches yet [since netembryo-0.0.5-1.fc9]
CVE-2007-6613 version (libcdio) #427200 [since libcdio-0.79-2.fc9]
@@ -286,7 +289,7 @@
CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
CVE-2007-6437 version (syslog-ng, fixed 2.0.6) #426307 [since syslog-ng-2.0.7-1.fc9]
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9]
-CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171
+CVE-2007-6389 version (gnome-screensaver) #426171
CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9]
CVE-2007-6352 backport (libexif) #425641 [since libexif-0.6.15-5.fc9]
CVE-2007-6351 backport (libexif) #425641 [since libexif-0.6.15-5.fc9]
@@ -299,7 +302,7 @@
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9]
CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031
-CVE-2007-6286 VULNERABLE (tomcat5) #432476
+CVE-2007-6286 version (tomcat5, fixed 5.5.26) #432476 [since tomcat5-5.5.26-1jpp.1.fc9]
CVE-2007-6285 backport (autofs) #426401 [since autofs-5.0.2-25]
CVE-2007-6284 version (libxml2, fixed 2.6.31) [since libxml2-2.6.31-1]
CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9]
@@ -307,8 +310,8 @@
CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
-CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
-CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
+CVE-2007-6207 ignore (kernel-xen) Xen cross-domain memory read, ia64 only
+CVE-2007-6206 version (kernel, fixed 2.6.22.17) Core dump owner issue
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
CVE-2007-6183 backport (ruby-gnome2) #405611 [since ruby-gnome2-0.16.0-22.fc9]
@@ -332,7 +335,7 @@
CVE-2007-6018 version (horde, fixed 3.1.6) #428630 [since horde-3.1.6-1.fc9]
CVE-2007-6018 version (imp, fixed 4.1.6) #428634 [since imp-4.1.6-1.fc9]
CVE-2007-6018 VULNERABLE (wordpress) #426434
-CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) #433622
+CVE-2007-6015 version (samba, fixed 3.0.28) #433622 [since samba-3.2.0-1.pre2.5.fc9]
CVE-2007-6013 VULNERABLE (wordpress) #426434
CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
@@ -380,23 +383,23 @@
CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
CVE-2007-5503 version (cairo, fixed 1.4.12) [since cairo-1.5.4-1.fc9]
CVE-2007-5497 backport (e2fsprogs) #414591 [since e2fsprogs-1.40.2-14.fc9]
-CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531
+CVE-2007-5461 version (tomcat5, fixed 5.5.26) #334531 [since tomcat5-5.5.26-1jpp.1.fc9]
CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9]
CVE-2007-5393 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
CVE-2007-5393 backport (cups)
CVE-2007-5393 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
-CVE-2007-5393 VULNERABLE (kdegraphics) #372581
-CVE-2007-5393 VULNERABLE (koffice) #372611
+CVE-2007-5393 fixed (kdegraphics) #372581 kde4 kdegraphics now use poppler
+CVE-2007-5393 backport (koffice) #372611 [since koffice-1.6.3-15.fc9]
CVE-2007-5393 version (tetex) #372671 [since tetex-3.0-48.fc9]
CVE-2007-5392 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
CVE-2007-5392 backport (cups)
CVE-2007-5392 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
-CVE-2007-5392 VULNERABLE (kdegraphics) #372581
-CVE-2007-5392 VULNERABLE (koffice) #372611
+CVE-2007-5392 fixed (kdegraphics) #372581 kde4 kdegraphics now use poppler
+CVE-2007-5392 backport (koffice) #372611 [since koffice-1.6.3-15.fc9]
CVE-2007-5392 version (tetex) #372671 [since tetex-3.0-48.fc9]
CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
-CVE-2007-5333 VULNERABLE (tomcat5) #428257
-CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841
+CVE-2007-5333 version (tomcat5, fixed 5.5.26) #428257 [since tomcat5-5.5.26-1jpp.1.fc9]
+CVE-2007-5201 version (duplicity, fixed 0.4.9?) #362841 [since duplicity-0.4.9-1.fc9]
CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9]
CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901
CVE-2007-5197 version (mono, fixed 1.2.5.1) #367551 [since mono-1.2.5.1-3.fc9]
@@ -409,7 +412,7 @@
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
CVE-2007-4879 version (firefox, fixed 2.0.0.13)
CVE-2007-4879 version (seamonkey, fixed 1.1.9)
-CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291
+CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
CVE-2007-4772 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
CVE-2007-4771 backport (icu) [since icu-3.8.1-3.fc9]
CVE-2007-4770 backport (icu) [since icu-3.8.1-3.fc9]
@@ -424,8 +427,8 @@
CVE-2007-4352 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
CVE-2007-4352 backport (cups)
CVE-2007-4352 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
-CVE-2007-4352 VULNERABLE (kdegraphics) #372581
-CVE-2007-4352 VULNERABLE (koffice) #372611
+CVE-2007-4352 fixed (kdegraphics) #372581 kde4 kdegraphics now use poppler
+CVE-2007-4352 backport (koffice) #372611 [since koffice-1.6.3-15.fc9]
CVE-2007-4352 version (tetex) #372671 [since tetex-3.0-48.fc9]
CVE-2007-4351 version (cups) #361681
CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101
@@ -441,8 +444,8 @@
CVE-2007-3279 ignore (postgresql) bogus CVE assignment
CVE-2007-3278 version (postgresql, fixed 8.2.5)
CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
-CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244812
-CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244812
+CVE-2007-2450 version (tomcat5, fixed 5.5.25) #244812 [since tomcat5-5.5.25-1jpp.1.fc9]
+CVE-2007-2449 version (tomcat5, fixed 5.5.25) #244812 [since tomcat5-5.5.25-1jpp.1.fc9]
CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
CVE-2007-2165 version (proftpd, fixed 1.3.1rc3) #237533
CVE-2007-1841 version (ipsec-tools, fixed 0.6.7) #238052
@@ -460,11 +463,11 @@
CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage
CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since phpMyAdmin-2.11.3-1.fc9]
CVE-2006-7232 version (mysql, fixed 5.0.32)
-CVE-2006-6698 VULNERABLE (GConf2) #219280
-CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB
+CVE-2006-6698 ignore (GConf2) #219280 minimal impact, let upstream deal with it if they care
+CVE-2006-6128 version (kernel, fixed 2.6.19) #250625 ReiserFS MOKB
CVE-2006-6107 version (dbus, fixed 1.0.2) #219665
CVE-2006-6077 version (firefox, fixed 1.5.0.10)
-CVE-2006-6058 VULNERABLE (kernel) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24
+CVE-2006-6058 version (kernel, fixed 2.6.23.7) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24
CVE-2006-6057 version (kernel, fixed 2_6_20-1_2924_fc6) GFS2 MOKB.
CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560
CVE-2006-5864 version (evince, fixed 0.6.3) #217672
@@ -488,6 +491,6 @@
CVE-2005-4791 version (liferea, fixed 1.4.8) #393311 [since liferea-1.4.8-1.fc9]
CVE-2005-4790 backport (blam, fixed 1.8.4) #395771 [since blam-1.8.3-11.fc9]
CVE-2005-4790 backport (tomboy) #362961 [since tomboy-0.8.1-2.fc9]
-CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness
+CVE-2005-3675 ignore (kernel) optack, no upstream fix -- TCP protocol weakness
CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.371
retrieving revision 1.372
diff -u -r1.371 -r1.372
--- fc7 5 May 2008 08:37:37 -0000 1.371
+++ fc7 6 May 2008 16:54:54 -0000 1.372
@@ -9,6 +9,9 @@
rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2000 ignore (WebKit) browser DoS
+CVE-2008-1999 VULNERABLE (WebKit)
+CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445237
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc7]
@@ -59,7 +62,7 @@
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 fixed (xine-lib) #438669 [since FEDORA-2008-2945]
CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471]
-CVE-2008-1468 fixed (namazu) #438666 [since FEDORA-2008-2678]
+CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438666 [since FEDORA-2008-2678]
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620]
@@ -297,7 +300,7 @@
CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423281 [since FEDORA-2008-3019]
+CVE-2007-6321 VULNERABLE (roundcubemail) #423281
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6313 ignore (mysql) 5.1+ only
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
@@ -311,8 +314,8 @@
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
-CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
-CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
+CVE-2007-6207 ignore (kernel-xen) Xen cross-domain memory read, ia64 only
+CVE-2007-6206 version (kernel, fixed 2.6.22.17) Core dump owner issue
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229]
@@ -994,7 +997,7 @@
*CVE-2006-6736 ** (java-ibm)
*CVE-2006-6731 ** (java-ibm)
*CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043]
-*CVE-2006-6698 VULNERABLE (GConf2) #219280
+*CVE-2006-6698 ignore (GConf2) #219280 minimal impact
CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible
@@ -1054,7 +1057,7 @@
CVE-2006-6085 version (kile, fixed 1.9.3) #217238
CVE-2006-6077 version (firefox, fixed 1.5.0.10)
CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
-CVE-2006-6058 VULNERABLE (kernel, fixed 2.6.24) 250623
+CVE-2006-6058 version (kernel, fixed 2.6.23.7) 250623
CVE-2006-6057 version (kernel, fixed **)
CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
@@ -1820,7 +1823,7 @@
CVE-2005-3753 version (kernel, fixed 2.6.14)
CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
CVE-2005-3732 version (ipsec-tools, fixed 0.6.3)
-*CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix
+CVE-2005-3675 ignore (kernel) optack, no upstream fix, wontfix upstream
CVE-2005-3671 version (openswan, fixed 2.4.4)
*CVE-2005-3662 version (netpbm)
CVE-2005-3656 version (mod_auth_pgsql, fixed 2.0.3)
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.214, 1.215 f9, 1.204, 1.205 fc7, 1.370, 1.371
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.216, 1.217 f9, 1.206, 1.207 fc7, 1.372, 1.373
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-security-commits
mailing list