From fedora-security-commits at redhat.com Mon Nov 17 20:38:21 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 17 Nov 2008 20:38:21 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.21, 1.22 f8, 1.240, 1.241 f9, 1.231, 1.232 Message-ID: <20081117203821.CD78670131@cvs1.fedora.phx.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9783 Modified Files: f10 f8 f9 Log Message: Note a htop CVE id Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- f10 22 Oct 2008 17:14:54 -0000 1.21 +++ f10 17 Nov 2008 20:37:51 -0000 1.22 @@ -4,6 +4,7 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-5076 VULNERABLE (htop) CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.240 retrieving revision 1.241 diff -u -r1.240 -r1.241 --- f8 22 Oct 2008 17:14:54 -0000 1.240 +++ f8 17 Nov 2008 20:37:51 -0000 1.241 @@ -6,6 +6,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5076 VULNERABLE (htop) CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.231 retrieving revision 1.232 diff -u -r1.231 -r1.232 --- f9 22 Oct 2008 17:14:54 -0000 1.231 +++ f9 17 Nov 2008 20:37:51 -0000 1.232 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5076 VULNERABLE (htop) CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] From fedora-security-commits at redhat.com Tue Nov 18 01:29:32 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 18 Nov 2008 01:29:32 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f8, 1.241, 1.242 f9, 1.232, 1.233 Message-ID: <20081118012932.DAA4B700E0@cvs1.fedora.phx.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3842 Modified Files: f8 f9 Log Message: Add syslog-ng Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.241 retrieving revision 1.242 diff -u -r1.241 -r1.242 --- f8 17 Nov 2008 20:37:51 -0000 1.241 +++ f8 18 Nov 2008 01:29:00 -0000 1.242 @@ -6,6 +6,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5110 VULNERABLE (syslog-ng) #471985 CVE-2008-5076 VULNERABLE (htop) CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.232 retrieving revision 1.233 diff -u -r1.232 -r1.233 --- f9 17 Nov 2008 20:37:51 -0000 1.232 +++ f9 18 Nov 2008 01:29:00 -0000 1.233 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5110 VULNERABLE (syslog-ng) #471986 CVE-2008-5076 VULNERABLE (htop) CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) From fedora-security-commits at redhat.com Tue Nov 18 01:55:03 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 18 Nov 2008 01:55:03 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.22, 1.23 f8, 1.242, 1.243 f9, 1.233, 1.234 Message-ID: <20081118015503.1988F700E0@cvs1.fedora.phx.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5386 Modified Files: f10 f8 f9 Log Message: Note another wordpress flaw Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- f10 17 Nov 2008 20:37:51 -0000 1.22 +++ f10 18 Nov 2008 01:54:32 -0000 1.23 @@ -4,6 +4,7 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-5113 VULNERABLE (wordpress) #471992 CVE-2008-5076 VULNERABLE (htop) CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.242 retrieving revision 1.243 diff -u -r1.242 -r1.243 --- f8 18 Nov 2008 01:29:00 -0000 1.242 +++ f8 18 Nov 2008 01:54:32 -0000 1.243 @@ -6,6 +6,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5113 VULNERABLE (wordpress) #471990 CVE-2008-5110 VULNERABLE (syslog-ng) #471985 CVE-2008-5076 VULNERABLE (htop) CVE-2008-4641 VULNERABLE (jhead) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.233 retrieving revision 1.234 diff -u -r1.233 -r1.234 --- f9 18 Nov 2008 01:29:00 -0000 1.233 +++ f9 18 Nov 2008 01:54:32 -0000 1.234 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5113 VULNERABLE (wordpress) #471991 CVE-2008-5110 VULNERABLE (syslog-ng) #471986 CVE-2008-5076 VULNERABLE (htop) CVE-2008-4641 VULNERABLE (jhead) From fedora-security-commits at redhat.com Tue Nov 18 08:24:37 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 18 Nov 2008 08:24:37 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.23, 1.24 f8, 1.243, 1.244 f9, 1.234, 1.235 Message-ID: <20081118082437.A1C67700E0@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7074/audit Modified Files: f10 f8 f9 Log Message: having to resolve conflicts is good reason to commit my long backlog of local changes Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- f10 18 Nov 2008 01:54:32 -0000 1.23 +++ f10 18 Nov 2008 08:24:07 -0000 1.24 @@ -5,19 +5,52 @@ # (mozilla) = (gecko-libs dependent stuff) CVE-2008-5113 VULNERABLE (wordpress) #471992 +CVE-2008-5110 VULNERABLE (syslog-ng) +CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10] CVE-2008-5076 VULNERABLE (htop) +CVE-2008-5050 version (clamav, fixed 0.94.1) [since clamav-0.94.1-1.fc10] +CVE-2008-5030 fixed (libcdaudio) +CVE-2008-5008 version (libsamplerate, fixed 0.14) [since libsamplerate-0.1.4-1.fc10] +CVE-2008-5007 fixed (lazarus) [since lazarus-0.9.26-1.fc10] +CVE-2008-5006 version (uw-imap, fixed 2007d) [since uw-imap-2007d-1.fc10] +CVE-2008-5005 version (uw-imap, fixed 2007d) [since uw-imap-2007d-1.fc10] +CVE-2008-4989 VULNERABLE (gnutls, fixed 2.6.1) [since gnutls-2.4.2-3.fc10] +CVE-2008-4987 fixed (xastir) [since xastir-1.9.2-9.fc10] +CVE-2008-4985 ignore (vdr) Debian-specific +CVE-2008-4982 fixed (rkhunter) [since rkhunter-1.3.2-5.fc10] +CVE-2008-4977 ignore (postfix) Debian-specific +CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped +CVE-2008-4937 ignore (openoffice.org) not affected +CVE-2008-4936 fixed (mgetty) patched for ages +CVE-2008-4863 VULNERABLE (blender) [blender-2.48a-4.fc10] +CVE-2008-4799 version (netpbm, fixed 10.35.48) [since netpbm-10.35.48-1.fc10] +CVE-2008-4796 version (wordpress, fixed 2.6.3) [since wordpress-2.6.3-1.fc10] +CVE-2008-4793 ignore (drupal) 5.x only +CVE-2008-4792 version (drupal, fixed 6.5) [since drupal-6.5-1.fc10] +CVE-2008-4791 version (drupal, fixed 6.5) [since drupal-6.5-1.fc10] +CVE-2008-4790 ignore (drupal) 5.x only +CVE-2008-4789 version (drupal, fixed 6.5) [since drupal-6.5-1.fc10] +CVE-2008-4776 version (libgadu, fixed 1.8.2) [since libgadu-1.8.2-1.fc10] +CVE-2008-4775 version (phpMyAdmin, fixed 3.0.1.1) [since phpMyAdmin-3.0.1.1-1.fc10] +CVE-2008-4769 version (wordpress) +CVE-2008-4690 VULNERABLE (lynx) [since lynx-2.8.6-18.fc10] CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] +CVE-2008-4619 backport (libtirpc) [since libtirpc-0.1.9-6.fc10] +CVE-2008-4578 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] +CVE-2008-4577 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10] CVE-2008-4360 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] -CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #465754 +CVE-2008-4359 version (lighttpd, fixed 1.4.20) #465754 [since lighttpd-1.4.20-1.fc10] CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10] CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10] +CVE-2008-4309 VULNERABLE (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10] +CVE-2008-4306 fixed (enscript) [since enscript-1.6.4-11.fc10] CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] CVE-2008-4242 VULNERABLE (proftpd) #464130 @@ -71,27 +104,31 @@ CVE-2008-3928 ignore (honeyd) affected script not shipped CVE-2008-3927 VULNERABLE (tiger) CVE-2008-3920 version (bitlbee, fixed 1.2.2) [since bitlbee-1.2.2-1.fc10] -CVE-2008-3916 VULNERABLE (ed, fixed 1.0) +CVE-2008-3916 version (ed, fixed 1.0) [since ed-1.1-1.fc10] +CVE-2008-3914 version (clamav, fixed 0.94) [since clamav-0.94-1.fc10] +CVE-2008-3913 version (clamav, fixed 0.94) [since clamav-0.94-1.fc10] +CVE-2008-3912 version (clamav, fixed 0.94) [since clamav-0.94-1.fc10] CVE-2008-3906 version (mono) #461755 [since mono-2.0-6.fc10] CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3889 version (postfix, fixed 2.4.9, 2.5.5) #459101 [since postfix-2.5.5-1.fc10] +CVE-2008-3863 fixed (enscript) [since enscript-1.6.4-11.fc10] CVE-2008-3837 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] CVE-2008-3837 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] CVE-2008-3836 ignore (firefox) ff2 only CVE-2008-3836 ignore (seamonkey) ff only CVE-2008-3835 ignore (firefox) ff2 only CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] -CVE-2008-3834 VULNERABLE (dbus) +CVE-2008-3834 version (dbus, fixed 1.2.4) [since dbus-1.2.4-1.fc10] CVE-2008-3830 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10] CVE-2008-3829 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10] CVE-2008-3828 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10] CVE-2008-3826 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10] -CVE-2008-3825 VULNERABLE (pam_krb5, 2.3.2) +CVE-2008-3825 version (pam_krb5, 2.3.2) [since pam_krb5-2.3.2-1.fc10] CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] CVE-2008-3790 backport (ruby) [since ruby-1.8.6.287-2.fc10] -CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) +CVE-2008-3789 version (samba, fixed 3.2.3) [since samba-3.2.4-0.22.fc10] CVE-2008-3747 version (wordpress, fixed 2.6.1) [since wordpress-2.6.1-1.fc10] CVE-2008-3746 version (neon, fixed 0.28.3) [since neon-0.28.3-2] CVE-2008-3745 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10] @@ -104,11 +141,11 @@ CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected CVE-2008-3663 version (squirrelmail, fixed 1.4.16) #464186 [since squirrelmail-1.4.16-1.fc10] CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462873 -CVE-2008-3661 VULNERABLE (drupal) #464165 ignored by upstream +CVE-2008-3661 fixed (drupal) #464165 ignored by upstream [since drupal-6.5-1.fc10] CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] -CVE-2008-3652 VULNERABLE (ipsec-tools) #465474 +CVE-2008-3652 backport (ipsec-tools) #465474 [since ipsec-tools-0.7.1-5.fc10] CVE-2008-3651 version (ipsec-tools, fixed 0.7.1) [since ipsec-tools-0.7.1-1.fc10] CVE-2008-3641 version (cups, fixed 1.3.9) #466420 [since cups-1.3.9-1.fc10] CVE-2008-3640 version (cups, fixed 1.3.9) #466420 [since cups-1.3.9-1.fc10] @@ -131,7 +168,7 @@ CVE-2008-3325 version (moodle) 1.8.x+ not affected CVE-2008-3294 ignore (vim) build-time tmp file usage CVE-2008-3283 version (fedora-ds-base, fixed 1.1.2) [since fedora-ds-base-1.1.2-1.fc10] -CVE-2008-3282 VULNERABLE (openoffice.org) +CVE-2008-3282 version (openoffice.org) CVE-2008-3281 version (libxml2) #459714 [since libxml2-2.7.0-1.fc10] CVE-2008-3274 backport (ipa) [since ipa-1.1.0-3.fc10] CVE-2008-3264 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-011 @@ -158,7 +195,7 @@ CVE-2008-3139 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] CVE-2008-3138 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] CVE-2008-3137 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] -CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464137 +CVE-2008-3102 version (mantis, fixed 1.1.3) #464137 [since mantis-1.1.4-1.fc10] CVE-2008-3067 version (sudo, fixed 1.6.9p12) CVE-2008-2960 version (phpMyAdmin, fixed 2.11.7) [since phpMyAdmin-2.11.7-1.fc10] PMASA-2008-4 CVE-2008-2954 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10] @@ -170,10 +207,10 @@ CVE-2008-2941 ignore (hplip) #458991 not run as service CVE-2008-2940 ignore (hplip) #458991 not run as service CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10] -CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127 +CVE-2008-2938 version (tomcat5, fixed 5.5.27) #460127 [since tomcat5-5.5.27-4.7.fc10] CVE-2008-2937 version (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.5-1.fc10] CVE-2008-2936 backport (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.1-4.fc10] -CVE-2008-2935 VULNERABLE (libxslt) +CVE-2008-2935 version (libxslt, fixed 1.1.24) [since libxslt-1.1.24-2.fc10] CVE-2008-2933 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10] CVE-2008-2932 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10] CVE-2008-2930 version (fedora-ds-base, fixed 1.1.2) [since fedora-ds-base-1.1.2-1.fc10] @@ -244,7 +281,7 @@ CVE-2008-2371 backport (pcre) #453557 [since pcre-7.3-4.fc10] CVE-2008-2371 version (glib2) #453561 [since glib2-2.17.3-1.fc10] CVE-2008-2370 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10] -CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460127 +CVE-2008-2370 version (tomcat5, fixed 5.5.27) #460127 [since tomcat5-5.5.27-4.7.fc10] CVE-2008-2364 version (httpd, fixed 2.2.9) #447312 [since httpd-2.2.9-2] CVE-2008-2363 VULNERABLE (pan) #449335 CVE-2008-2362 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10] @@ -259,6 +296,8 @@ CVE-2008-2292 backport (net-snmp, fixed 5.4.2.pre1) [since net-snmp-5.4.1-19.fc10] CVE-2008-2276 version (mantis) [since mantis-1.1.2-1.fc10] CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp +CVE-2008-2238 version (openoffice.org, fixed 2.4.2/3.0) +CVE-2008-2237 version (openoffice.org, fixed 2.4.2/3.0) CVE-2008-2235 version (opensc, fixed 0.11.5) [since opensc-0.11.6-1.fc10] CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2152 version (openoffice.org, fixed 2.4.1) [since openoffice.org-3.0.0-0.0.17.1.fc10] @@ -266,7 +305,7 @@ CVE-2008-2108 version (php, fixed 5.2.6) [since php-5.2.6-2.fc9] CVE-2008-2107 version (php, fixed 5.2.6) [since php-5.2.6-2.fc9] CVE-2008-2085 backport (sipp) #446222 [since sipp-3.1-2.fc10] -CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804 +CVE-2008-2079 version (mysql, fixed 5.0.60) [since mysql-5.0.67-1.fc10] CVE-2008-2051 version (php, fixed 5.2.6) [since php-5.2.6-2.fc9] CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10] CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes @@ -276,7 +315,7 @@ CVE-2008-1949 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10] CVE-2008-1948 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10] CVE-2008-1947 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10] -CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460127 +CVE-2008-1947 version (tomcat5, fixed 5.5.27) #460127 [since tomcat5-5.5.27-4.7.fc10] CVE-2008-1944 version (xen, fixed 3.2) CVE-2008-1943 backport (xen) [since xen-3.2.0-11.fc10] CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10] @@ -292,6 +331,7 @@ CVE-2008-1801 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] CVE-2008-1771 version (mt-daapd) [since mt-daapd-0.2.4.2-2.fc10] CVE-2008-1767 version (libxslt, fixed 1.1.24) [since libxslt-1.1.24-1.fc10] +CVE-2008-1692 version (eterm, fixed 0.9.5) [since eterm-0.9.5-1.fc10] CVE-2008-1678 version (httpd) #447312 only affects systems with openssl >= 0.9.8e [since httpd-2.2.9-2] CVE-2008-1677 version (fedora-ds-base, fixed 1.1.1) #445810 [since fedora-ds-base-1.1.1-1.fc10] CVE-2008-1672 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10] @@ -304,6 +344,7 @@ CVE-2008-1423 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10] CVE-2008-1420 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10] CVE-2008-1419 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10] +CVE-2008-1389 version (clamav, fixed 0.94) [since clamav-0.94-1.fc10] CVE-2008-1387 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9] CVE-2008-1382 version (libpng, fixed 1.2.27) [since libpng-1.2.29-1.fc10] CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10] @@ -312,7 +353,7 @@ CVE-2008-1376 ignore (nfs-utils) using tcp wrappers CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9] CVE-2008-1232 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10] -CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460127 +CVE-2008-1232 version (tomcat5, fixed 5.5.27) #460127 [since tomcat5-5.5.27-4.7.fc10] CVE-2008-1109 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10] CVE-2008-1108 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10] CVE-2008-1105 version (samba, fixed 3.0.30) [since samba-3.2.0-1.rc2.16.fc10] @@ -344,7 +385,7 @@ CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-1320 VULNERABLE (qemu) -CVE-2007-1320 VULNERABLE (kvm) +CVE-2007-1320 version (kvm, fixed 70) CVE-2007-0062 version (dhcp, fixed 4.0.0) CVE-2006-6698 fixed (GConf2) CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.243 retrieving revision 1.244 diff -u -r1.243 -r1.244 --- f8 18 Nov 2008 01:54:32 -0000 1.243 +++ f8 18 Nov 2008 08:24:07 -0000 1.244 @@ -8,10 +8,40 @@ rhbz249840 version (tor, fixed 0.1.2.15) CVE-2008-5113 VULNERABLE (wordpress) #471990 CVE-2008-5110 VULNERABLE (syslog-ng) #471985 +CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9639] CVE-2008-5076 VULNERABLE (htop) +CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9651] +CVE-2008-5030 fixed (libcdaudio) +CVE-2008-5008 VULNERABLE (libsamplerate, fixed 0.14) +CVE-2008-5007 VULNERABLE (lazarus) +CVE-2008-5006 fixed (uw-imap, fixed 2007d) [since FEDORA-2008-9383] +CVE-2008-5005 fixed (uw-imap, fixed 2007d) [since FEDORA-2008-9383] +CVE-2008-4989 fixed (gnutls, fixed 2.6.1) [since FEDORA-2008-9600] +CVE-2008-4987 fixed (xastir) [since FEDORA-2008-7269] +CVE-2008-4985 ignore (vdr) Debian-specific +CVE-2008-4982 fixed (rkhunter) [since FEDORA-2008-8364] +CVE-2008-4977 ignore (postfix) Debian-specific +CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped +CVE-2008-4937 ignore (openoffice.org) not affected +CVE-2008-4936 fixed (mgetty) patched for ages +CVE-2008-4863 fixed (blender) [since FEDORA-2008-9411] +CVE-2008-4799 fixed (netpbm, fixed 10.35.48) [since FEDORA-2008-6982] +CVE-2008-4796 fixed (wordpress, fixed 2.6.3) [since FEDORA-2008-9304] +CVE-2008-4793 fixed (drupal, fixed 5.11) [since FEDORA-2008-8905] +CVE-2008-4792 fixed (drupal, fixed 5.11) [since FEDORA-2008-8905] +CVE-2008-4791 fixed (drupal, fixed 5.11) [since FEDORA-2008-8905] +CVE-2008-4790 fixed (drupal, fixed 5.11) [since FEDORA-2008-8905] +CVE-2008-4789 ignore (drupal) 6.x only +CVE-2008-4776 fixed (libgadu, fixed 1.8.2) [since FEDORA-2008-9253] +CVE-2008-4775 fixed (phpMyAdmin, fixed 3.0.1.1) [since FEDORA-2008-9336] +CVE-2008-4769 version (wordpress) +CVE-2008-4690 VULNERABLE (lynx) #468549 [since FEDORA-2008-9597] CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941] +CVE-2008-4619 VULNERABLE (libtirpc) +CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix +CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9232] CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941] CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957 CVE-2008-4434 ignore (bittorrent) 6.x only @@ -21,6 +51,8 @@ CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286] CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8270] +CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9362] +CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9351] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632 CVE-2008-4242 VULNERABLE (proftpd) #464128 @@ -74,10 +106,14 @@ CVE-2008-3928 ignore (honeyd) affected script not shipped CVE-2008-3927 VULNERABLE (tiger) CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7761] -CVE-2008-3916 VULNERABLE (ed, fixed 1.0) +CVE-2008-3916 fixed (ed, fixed 1.0) [since FEDORA-2008-9236] +CVE-2008-3914 fixed (clamav, fixed 0.94) [since FEDORA-2008-9651] +CVE-2008-3913 fixed (clamav, fixed 0.94) [since FEDORA-2008-9651] +CVE-2008-3912 fixed (clamav, fixed 0.94) [since FEDORA-2008-9651] CVE-2008-3906 VULNERABLE (mono) #461753 CVE-2008-3905 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] CVE-2008-3889 fixed (postfix, fixed 2.4.9, 2.5.5) #459099 [since FEDORA-2008-8595] +CVE-2008-3863 fixed (enscript) [since FEDORA-2008-9351] CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] @@ -100,17 +136,17 @@ CVE-2008-3740 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467] CVE-2008-3714 fixed (awstats) #459741 [since FEDORA-2008-7684] CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719] -CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464184 +CVE-2008-3663 fixed (squirrelmail, fixed 1.4.16) #464184 [since FEDORA-2008-9071] CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871 CVE-2008-3661 fixed (drupal) #464163 [since FEDORA-2008-8905] ignored by upstream CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] -CVE-2008-3652 VULNERABLE (ipsec-tools) #465472 [since FEDORA-2008-9016] -CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472 [since FEDORA-2008-9016] -CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466418 -CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466418 -CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466418 +CVE-2008-3652 fixed (ipsec-tools) #465472 [since FEDORA-2008-9016] +CVE-2008-3651 fixed (ipsec-tools, fixed 0.7.1) #465472 [since FEDORA-2008-9016] +CVE-2008-3641 fixed (cups, fixed 1.3.9) #466418 [since FEDORA-2008-8801] +CVE-2008-3640 fixed (cups, fixed 1.3.9) #466418 [since FEDORA-2008-8801] +CVE-2008-3639 fixed (cups, fixed 1.3.9) #466418 [since FEDORA-2008-8801] CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source CVE-2008-3533 fixed (yelp, fixed 2.24) #459502 [since FEDORA-2008-7293] CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7666] @@ -254,6 +290,8 @@ CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5218] CVE-2008-2276 fixed (mantis) [since FEDORA-2008-6657] CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp +CVE-2008-2238 fixed (openoffice.org, fixed 2.4.2) [since FEDORA-2008-9333] +CVE-2008-2237 fixed (openoffice.org, fixed 2.4.2) [since FEDORA-2008-9333] CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5) CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) #450650 [since FEDORA-2008-5247] @@ -320,6 +358,7 @@ CVE-2008-1693 version (poppler, fixed 0.6.2) CVE-2008-1693 ignore (kdegraphics) not affected CVE-2008-1693 ignore (koffice) not affected +CVE-2008-1692 fixed (eterm, fixed 0.9.5) [since FEDORA-2008-7549] CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441247 [since FEDORA-2008-3059] @@ -360,6 +399,7 @@ CVE-2008-1419 fixed (libvorbis) #446342 [since FEDORA-2008-3934] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] +CVE-2008-1389 ignore (clamav, fixed 0.94) does not affect 0.92.1 CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] CVE-2008-1384 ignore (php, fixed 5.2.6) CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4847] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.234 retrieving revision 1.235 diff -u -r1.234 -r1.235 --- f9 18 Nov 2008 01:54:32 -0000 1.234 +++ f9 18 Nov 2008 08:24:07 -0000 1.235 @@ -7,10 +7,40 @@ rhbz249840 version (tor, fixed 0.1.2.15) CVE-2008-5113 VULNERABLE (wordpress) #471991 CVE-2008-5110 VULNERABLE (syslog-ng) #471986 +CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633] CVE-2008-5076 VULNERABLE (htop) +CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9644] +CVE-2008-5030 fixed (libcdaudio) +CVE-2008-5008 VULNERABLE (libsamplerate, fixed 0.14) +CVE-2008-5007 VULNERABLE (lazarus) +CVE-2008-5006 fixed (uw-imap, fixed 2007d) [since FEDORA-2008-9396] +CVE-2008-5005 fixed (uw-imap, fixed 2007d) [since FEDORA-2008-9396] +CVE-2008-4989 fixed (gnutls, fixed 2.6.1) [since FEDORA-2008-9530] +CVE-2008-4987 fixed (xastir) [since FEDORA-2008-7541] +CVE-2008-4985 ignore (vdr) Debian-specific +CVE-2008-4982 fixed (rkhunter) [since FEDORA-2008-8314] +CVE-2008-4977 ignore (postfix) Debian-specific +CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped +CVE-2008-4937 fixed (openoffice.org) [since FEDORA-2008-7680] +CVE-2008-4936 fixed (mgetty) patched for ages +CVE-2008-4863 fixed (blender) [since FEDORA-2008-9411] +CVE-2008-4799 fixed (netpbm, fixed 10.35.48) [since FEDORA-2008-6999] +CVE-2008-4796 fixed (wordpress, fixed 2.6.3) [since FEDORA-2008-9257] +CVE-2008-4793 ignore (drupal) 5.x only +CVE-2008-4792 fixed (drupal, fixed 6.5) [since FEDORA-2008-8852] +CVE-2008-4791 fixed (drupal, fixed 6.5) [since FEDORA-2008-8852] +CVE-2008-4790 ignore (drupal) 5.x only +CVE-2008-4789 fixed (drupal, fixed 6.5) [since FEDORA-2008-8852] +CVE-2008-4776 fixed (libgadu, fixed 1.8.2) [since FEDORA-2008-9293] +CVE-2008-4775 fixed (phpMyAdmin, fixed 3.0.1.1) [since FEDORA-2008-9316] +CVE-2008-4769 version (wordpress) +CVE-2008-4690 VULNERABLE (lynx) #468550 [since FEDORA-2008-9550] CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] +CVE-2008-4619 fixed (libtirpc) [since FEDORA-2008-9204] +CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix +CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9202] CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958 CVE-2008-4434 ignore (bittorrent) 6.x only @@ -20,6 +50,8 @@ CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252] +CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9367] +CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] CVE-2008-4242 VULNERABLE (proftpd) #464129 @@ -73,10 +105,14 @@ CVE-2008-3928 ignore (honeyd) affected script not shipped CVE-2008-3927 VULNERABLE (tiger) CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7830] -CVE-2008-3916 VULNERABLE (ed, fixed 1.0) +CVE-2008-3916 fixed (ed, fixed 1.0) [since FEDORA-2008-9263] +CVE-2008-3914 fixed (clamav, fixed 0.94) [since FEDORA-2008-9644] +CVE-2008-3913 fixed (clamav, fixed 0.94) [since FEDORA-2008-9644] +CVE-2008-3912 fixed (clamav, fixed 0.94) [since FEDORA-2008-9644] CVE-2008-3906 VULNERABLE (mono) #461754 CVE-2008-3905 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] CVE-2008-3889 fixed (postfix, fixed 2.4.9, 2.5.5) #459100 [since FEDORA-2008-8593] +CVE-2008-3863 fixed (enscript) [since FEDORA-2008-9372] CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] CVE-2008-3836 ignore (firefox) ff2 only @@ -104,17 +140,17 @@ CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663] CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739] -CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559] +CVE-2008-3663 fixed (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559] CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872 CVE-2008-3661 fixed (drupal) #464164 [since FEDORA-2008-8852] ignored by upstream CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] -CVE-2008-3652 VULNERABLE (ipsec-tools) #465473 [since FEDORA-2008-9007] -CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473 [since FEDORA-2008-9007] -CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466419 -CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466419 -CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466419 +CVE-2008-3652 fixed (ipsec-tools) #465473 [since FEDORA-2008-9007] +CVE-2008-3651 fixed (ipsec-tools, fixed 0.7.1) #465473 [since FEDORA-2008-9007] +CVE-2008-3641 fixed (cups, fixed 1.3.9) #466419 [since FEDORA-2008-8844] +CVE-2008-3640 fixed (cups, fixed 1.3.9) #466419 [since FEDORA-2008-8844] +CVE-2008-3639 fixed (cups, fixed 1.3.9) #466419 [since FEDORA-2008-8844] CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7594] @@ -261,6 +297,8 @@ CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5215] CVE-2008-2276 fixed (mantis) [since FEDORA-2008-6647] CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp +CVE-2008-2238 fixed (openoffice.org, fixed 2.4.2) [since FEDORA-2008-9313] +CVE-2008-2237 fixed (openoffice.org, fixed 2.4.2) [since FEDORA-2008-9313] CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5) CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) [since FEDORA-2008-5143] @@ -330,6 +368,7 @@ CVE-2008-1693 version (poppler, fixed 0.6.2) CVE-2008-1693 ignore (kdegraphics) not affected CVE-2008-1693 ignore (koffice) not affected +CVE-2008-1692 fixed (eterm, fixed 0.9.5) [since FEDORA-2008-7500] CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9] @@ -369,6 +408,7 @@ CVE-2008-1419 fixed (libvorbis) #446343 [since FEDORA-2008-3910] CVE-2008-1394 ignore (plone) CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] +CVE-2008-1389 fixed (clamav, fixed 0.94) [since FEDORA-2008-9644] CVE-2008-1387 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] CVE-2008-1384 ignore (php, fixed 5.2.6) CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4910] From fedora-security-commits at redhat.com Tue Nov 18 20:12:57 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 18 Nov 2008 20:12:57 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.24, 1.25 f8, 1.244, 1.245 f9, 1.235, 1.236 Message-ID: <20081118201257.EE4A2700E0@cvs1.fedora.phx.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10814 Modified Files: f10 f8 f9 Log Message: Add pam_mount Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- f10 18 Nov 2008 08:24:07 -0000 1.24 +++ f10 18 Nov 2008 20:12:27 -0000 1.25 @@ -4,6 +4,7 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-5138 VULNERABLE (pam_mount) #472112 CVE-2008-5113 VULNERABLE (wordpress) #471992 CVE-2008-5110 VULNERABLE (syslog-ng) CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10] Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.244 retrieving revision 1.245 diff -u -r1.244 -r1.245 --- f8 18 Nov 2008 08:24:07 -0000 1.244 +++ f8 18 Nov 2008 20:12:27 -0000 1.245 @@ -6,6 +6,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5138 VULNERABLE (pam_mount) #472110 CVE-2008-5113 VULNERABLE (wordpress) #471990 CVE-2008-5110 VULNERABLE (syslog-ng) #471985 CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9639] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.235 retrieving revision 1.236 diff -u -r1.235 -r1.236 --- f9 18 Nov 2008 08:24:07 -0000 1.235 +++ f9 18 Nov 2008 20:12:27 -0000 1.236 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5138 VULNERABLE (pam_mount) #472111 CVE-2008-5113 VULNERABLE (wordpress) #471991 CVE-2008-5110 VULNERABLE (syslog-ng) #471986 CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633] From fedora-security-commits at redhat.com Tue Nov 18 20:19:57 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 18 Nov 2008 20:19:57 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.25, 1.26 f8, 1.245, 1.246 f9, 1.236, 1.237 Message-ID: <20081118201957.20DB9700E0@cvs1.fedora.phx.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11401 Modified Files: f10 f8 f9 Log Message: Note a geda-gnetlist flaw Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- f10 18 Nov 2008 20:12:27 -0000 1.25 +++ f10 18 Nov 2008 20:19:26 -0000 1.26 @@ -4,6 +4,7 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-5148 VULNERABLE (geda-gnetlist) #472116 CVE-2008-5138 VULNERABLE (pam_mount) #472112 CVE-2008-5113 VULNERABLE (wordpress) #471992 CVE-2008-5110 VULNERABLE (syslog-ng) Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.245 retrieving revision 1.246 diff -u -r1.245 -r1.246 --- f8 18 Nov 2008 20:12:27 -0000 1.245 +++ f8 18 Nov 2008 20:19:26 -0000 1.246 @@ -6,6 +6,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5148 VULNERABLE (geda-gnetlist) #472114 CVE-2008-5138 VULNERABLE (pam_mount) #472110 CVE-2008-5113 VULNERABLE (wordpress) #471990 CVE-2008-5110 VULNERABLE (syslog-ng) #471985 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.236 retrieving revision 1.237 diff -u -r1.236 -r1.237 --- f9 18 Nov 2008 20:12:27 -0000 1.236 +++ f9 18 Nov 2008 20:19:26 -0000 1.237 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5148 VULNERABLE (geda-gnetlist) #472115 CVE-2008-5138 VULNERABLE (pam_mount) #472111 CVE-2008-5113 VULNERABLE (wordpress) #471991 CVE-2008-5110 VULNERABLE (syslog-ng) #471986 From fedora-security-commits at redhat.com Tue Nov 18 20:32:55 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 18 Nov 2008 20:32:55 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.26, 1.27 f8, 1.246, 1.247 f9, 1.237, 1.238 Message-ID: <20081118203255.46E66700E0@cvs1.fedora.phx.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12584 Modified Files: f10 f8 f9 Log Message: Add a moodle issue Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- f10 18 Nov 2008 20:19:26 -0000 1.26 +++ f10 18 Nov 2008 20:32:24 -0000 1.27 @@ -4,6 +4,7 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-5153 VULNERABLE (moodle) #472120 CVE-2008-5148 VULNERABLE (geda-gnetlist) #472116 CVE-2008-5138 VULNERABLE (pam_mount) #472112 CVE-2008-5113 VULNERABLE (wordpress) #471992 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.246 retrieving revision 1.247 diff -u -r1.246 -r1.247 --- f8 18 Nov 2008 20:19:26 -0000 1.246 +++ f8 18 Nov 2008 20:32:24 -0000 1.247 @@ -6,6 +6,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5153 VULNERABLE (moodle) #472118 CVE-2008-5148 VULNERABLE (geda-gnetlist) #472114 CVE-2008-5138 VULNERABLE (pam_mount) #472110 CVE-2008-5113 VULNERABLE (wordpress) #471990 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.237 retrieving revision 1.238 diff -u -r1.237 -r1.238 --- f9 18 Nov 2008 20:19:26 -0000 1.237 +++ f9 18 Nov 2008 20:32:24 -0000 1.238 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5153 VULNERABLE (moodle) #472119 CVE-2008-5148 VULNERABLE (geda-gnetlist) #472115 CVE-2008-5138 VULNERABLE (pam_mount) #472111 CVE-2008-5113 VULNERABLE (wordpress) #471991 From fedora-security-commits at redhat.com Fri Nov 21 20:59:32 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 21 Nov 2008 20:59:32 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.27, 1.28 f8, 1.247, 1.248 f9, 1.238, 1.239 Message-ID: <20081121205932.A0542700FA@cvs1.fedora.phx.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv14909 Modified Files: f10 f8 f9 Log Message: Add some things Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- f10 18 Nov 2008 20:32:24 -0000 1.27 +++ f10 21 Nov 2008 20:59:01 -0000 1.28 @@ -4,6 +4,7 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-5187 VULNERABLE (imlib2) #472579 CVE-2008-5153 VULNERABLE (moodle) #472120 CVE-2008-5148 VULNERABLE (geda-gnetlist) #472116 CVE-2008-5138 VULNERABLE (pam_mount) #472112 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.247 retrieving revision 1.248 diff -u -r1.247 -r1.248 --- f8 18 Nov 2008 20:32:24 -0000 1.247 +++ f8 21 Nov 2008 20:59:01 -0000 1.248 @@ -6,6 +6,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5187 VULNERABLE (imlib2) #472577 CVE-2008-5153 VULNERABLE (moodle) #472118 CVE-2008-5148 VULNERABLE (geda-gnetlist) #472114 CVE-2008-5138 VULNERABLE (pam_mount) #472110 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.238 retrieving revision 1.239 diff -u -r1.238 -r1.239 --- f9 18 Nov 2008 20:32:24 -0000 1.238 +++ f9 21 Nov 2008 20:59:01 -0000 1.239 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-5187 VULNERABLE (imlib2) #472578 CVE-2008-5153 VULNERABLE (moodle) #472119 CVE-2008-5148 VULNERABLE (geda-gnetlist) #472115 CVE-2008-5138 VULNERABLE (pam_mount) #472111 From fedora-security-commits at redhat.com Wed Nov 26 09:50:39 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 26 Nov 2008 09:50:39 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f11, NONE, 1.1 f10, 1.28, 1.29 f8, 1.248, 1.249 f9, 1.239, 1.240 Message-ID: <20081126095039.F41267010C@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7474/audit Modified Files: f10 f8 f9 Added Files: f11 Log Message: bunch of updates add f11 file ***** Error reading new file: [Errno 2] No such file or directory: 'f11' Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- f10 21 Nov 2008 20:59:01 -0000 1.28 +++ f10 26 Nov 2008 09:50:09 -0000 1.29 @@ -4,21 +4,21 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) -CVE-2008-5187 VULNERABLE (imlib2) #472579 +CVE-2008-5187 fixed (imlib2) #472579 [since FEDORA-2008-10364] CVE-2008-5153 VULNERABLE (moodle) #472120 -CVE-2008-5148 VULNERABLE (geda-gnetlist) #472116 +CVE-2008-5148 fixed (geda-gnetlist) #472116 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472112 CVE-2008-5113 VULNERABLE (wordpress) #471992 CVE-2008-5110 VULNERABLE (syslog-ng) CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10] -CVE-2008-5076 VULNERABLE (htop) +CVE-2008-5076 fixed (htop) [since FEDORA-2008-9944] CVE-2008-5050 version (clamav, fixed 0.94.1) [since clamav-0.94.1-1.fc10] CVE-2008-5030 fixed (libcdaudio) CVE-2008-5008 version (libsamplerate, fixed 0.14) [since libsamplerate-0.1.4-1.fc10] CVE-2008-5007 fixed (lazarus) [since lazarus-0.9.26-1.fc10] CVE-2008-5006 version (uw-imap, fixed 2007d) [since uw-imap-2007d-1.fc10] CVE-2008-5005 version (uw-imap, fixed 2007d) [since uw-imap-2007d-1.fc10] -CVE-2008-4989 VULNERABLE (gnutls, fixed 2.6.1) [since gnutls-2.4.2-3.fc10] +CVE-2008-4989 fixed (gnutls, fixed 2.6.1) [since FEDORA-2008-10162] CVE-2008-4987 fixed (xastir) [since xastir-1.9.2-9.fc10] CVE-2008-4985 ignore (vdr) Debian-specific CVE-2008-4982 fixed (rkhunter) [since rkhunter-1.3.2-5.fc10] @@ -37,7 +37,7 @@ CVE-2008-4776 version (libgadu, fixed 1.8.2) [since libgadu-1.8.2-1.fc10] CVE-2008-4775 version (phpMyAdmin, fixed 3.0.1.1) [since phpMyAdmin-3.0.1.1-1.fc10] CVE-2008-4769 version (wordpress) -CVE-2008-4690 VULNERABLE (lynx) [since lynx-2.8.6-18.fc10] +CVE-2008-4690 VULNERABLE (lynx) [since FEDORA-2008-9952] CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] @@ -45,6 +45,7 @@ CVE-2008-4578 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] CVE-2008-4577 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] +CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10392] dialupadmin subpackage dropped CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] @@ -53,11 +54,15 @@ CVE-2008-4359 version (lighttpd, fixed 1.4.20) #465754 [since lighttpd-1.4.20-1.fc10] CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10] CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10] +CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] +CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] CVE-2008-4309 VULNERABLE (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10] CVE-2008-4306 fixed (enscript) [since enscript-1.6.4-11.fc10] CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] CVE-2008-4242 VULNERABLE (proftpd) #464130 +CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-10038] +CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-10038] CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10] CVE-2008-4190 VULNERABLE (openswan) CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462873 @@ -311,7 +316,7 @@ CVE-2008-2085 backport (sipp) #446222 [since sipp-3.1-2.fc10] CVE-2008-2079 version (mysql, fixed 5.0.60) [since mysql-5.0.67-1.fc10] CVE-2008-2051 version (php, fixed 5.2.6) [since php-5.2.6-2.fc9] -CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10] +CVE-2008-2004 backport (xen) disables format autodetection by default [since xen-3.2.0-14.fc10] CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes CVE-2008-1999 VULNERABLE (WebKit) @@ -342,7 +347,7 @@ CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10] CVE-2008-1502 version (moodle, fixed 1.9) CVE-2008-1488 version (php-pecl-apc) #438848 [since php-pecl-apc-3.0.19-1.fc10] -CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) +CVE-2008-1475 version (roundup, fixed 1.4.5) [since roundup-1.4.6-1.fc10] CVE-2008-1447 version (bind) #454477 [since bind-9.5.1-0.1.b1.fc10)] CVE-2008-1447 version (dnssec-tools) [since dnssec-tools-1.4.1-2.fc10] CVE-2008-1423 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10] @@ -379,8 +384,8 @@ CVE-2007-6318 VULNERABLE (wordpress) #426434 CVE-2007-6131 VULNERABLE (scanbuttond) CVE-2007-5962 fixed (vsftpd) [since vsftpd-2.0.6-4.fc10] -CVE-2007-5907 VULNERABLE (xen) #390121 -CVE-2007-5906 VULNERABLE (xen) #390121 +CVE-2007-5907 version (xen) #390121 +CVE-2007-5906 version (xen) #390121 CVE-2007-5803 version (nagios, fixed 2.12) #446383 [since nagios-2.12-3.fc10] CVE-2007-5615 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] CVE-2007-5614 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.248 retrieving revision 1.249 diff -u -r1.248 -r1.249 --- f8 21 Nov 2008 20:59:01 -0000 1.248 +++ f8 26 Nov 2008 09:50:09 -0000 1.249 @@ -6,14 +6,14 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) -CVE-2008-5187 VULNERABLE (imlib2) #472577 +CVE-2008-5187 fixed (imlib2) #472577 [since FEDORA-2008-10296] CVE-2008-5153 VULNERABLE (moodle) #472118 -CVE-2008-5148 VULNERABLE (geda-gnetlist) #472114 +CVE-2008-5148 fixed (geda-gnetlist) #472114 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472110 CVE-2008-5113 VULNERABLE (wordpress) #471990 CVE-2008-5110 VULNERABLE (syslog-ng) #471985 CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9639] -CVE-2008-5076 VULNERABLE (htop) +CVE-2008-5076 fixed (htop) [since FEDORA-2008-9791] CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9651] CVE-2008-5030 fixed (libcdaudio) CVE-2008-5008 VULNERABLE (libsamplerate, fixed 0.14) @@ -47,6 +47,7 @@ CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9232] CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941] +CVE-2008-4474 ignore (freeradius) dialupadmin not shipped CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582] @@ -55,11 +56,15 @@ CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286] CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8270] +CVE-2008-4315 ignore (tog-pegasus) +CVE-2008-4313 ignore (tog-pegasus) CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9362] CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9351] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632 CVE-2008-4242 VULNERABLE (proftpd) #464128 +CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9729] +CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9729] CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423] CVE-2008-4190 VULNERABLE (openswan) CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871 @@ -392,7 +397,7 @@ CVE-2008-1488 fixed (php-pecl-apc) #438847 [since FEDORA-2008-6344] CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849] -CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) +CVE-2008-1475 fixed (roundup, fixed 1.4.5) [since FEDORA-2008-9712] CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370] CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767] CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.239 retrieving revision 1.240 diff -u -r1.239 -r1.240 --- f9 21 Nov 2008 20:59:01 -0000 1.239 +++ f9 26 Nov 2008 09:50:09 -0000 1.240 @@ -5,14 +5,14 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) -CVE-2008-5187 VULNERABLE (imlib2) #472578 +CVE-2008-5187 fixed (imlib2) #472578 [since FEDORA-2008-10287] CVE-2008-5153 VULNERABLE (moodle) #472119 -CVE-2008-5148 VULNERABLE (geda-gnetlist) #472115 +CVE-2008-5148 fixed (geda-gnetlist) #472115 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472111 CVE-2008-5113 VULNERABLE (wordpress) #471991 CVE-2008-5110 VULNERABLE (syslog-ng) #471986 CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633] -CVE-2008-5076 VULNERABLE (htop) +CVE-2008-5076 fixed (htop) [since FEDORA-2008-9728] CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9644] CVE-2008-5030 fixed (libcdaudio) CVE-2008-5008 VULNERABLE (libsamplerate, fixed 0.14) @@ -46,6 +46,7 @@ CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9202] CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] +CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10309] dialupadmin subpackage dropped CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] @@ -54,11 +55,15 @@ CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252] +CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] +CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9367] CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] CVE-2008-4242 VULNERABLE (proftpd) #464129 +CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9773] +CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9773] CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379] CVE-2008-4190 VULNERABLE (openswan) CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872 @@ -320,7 +325,7 @@ CVE-2008-2051 fixed (php, fixed 5.2.6) [since FEDORA-2008-3606] CVE-2008-2050 ignore (php, fixed 5.2.6) CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 -CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc9] +CVE-2008-2004 fixed (xen) [since FEDORA-2008-5053] disables format autodetection by default CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes CVE-2008-2000 ignore (WebKit) browser DoS @@ -335,7 +340,7 @@ CVE-2008-1947 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] CVE-2008-1944 version (xen, fixed 3.2) -CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9] +CVE-2008-1943 fixed (xen) [since FEDORA-2008-5053] CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0 CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443941 [since FEDORA-2008-4003] @@ -401,7 +406,7 @@ CVE-2008-1488 fixed (php-pecl-apc) #455166 [since FEDORA-2008-6401] CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9] -CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) +CVE-2008-1475 fixed (roundup, fixed 1.4.5) [since FEDORA-2008-9734] CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9] CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9] CVE-2008-1467 fixed (centerim) #438871 @@ -727,8 +732,8 @@ CVE-2007-5934 version (php-pear-MDB2-Driver-mysql) #379141 [since php-pear-MDB2-Driver-mysql-1.4.1-3.fc9] CVE-2007-5934 version (php-pear-MDB2-Driver-mysqli) #379171 [since php-pear-MDB2-Driver-mysqli-1.4.1-3.fc9] CVE-2007-5925 backport (mysql, fixed 5.0.54) [since mysql-5.0.45-6.fc9] -CVE-2007-5907 VULNERABLE (xen) #390121 -CVE-2007-5906 VULNERABLE (xen) #390121 +CVE-2007-5907 version (xen) #390121 +CVE-2007-5906 version (xen) #390121 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable CVE-2007-5901 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2007-5900 ignore (php, fixed 5.2.5) From fedora-security-commits at redhat.com Wed Nov 26 10:01:01 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 26 Nov 2008 10:01:01 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/tools/scripts add-issue, 1.9, 1.10 Message-ID: <20081126100101.C9B317010C@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8935/tools/scripts Modified Files: add-issue Log Message: add support for f11 Index: add-issue =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/add-issue,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- add-issue 19 Jun 2008 13:24:30 -0000 1.9 +++ add-issue 26 Nov 2008 10:00:31 -0000 1.10 @@ -27,6 +27,7 @@ '8' => 'audit/f8', '9' => 'audit/f9', '10' => 'audit/f10', + '11' => 'audit/f11', ); # Command line options From fedora-security-commits at redhat.com Wed Nov 26 10:01:01 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 26 Nov 2008 10:01:01 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Fedora.pm, 1.7, 1.8 Message-ID: <20081126100101.9727B7010C@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8935/tools/lib/Libexig Modified Files: Fedora.pm Log Message: add support for f11 Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Fedora.pm,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- Fedora.pm 25 Aug 2008 06:39:29 -0000 1.7 +++ Fedora.pm 26 Nov 2008 10:00:31 -0000 1.8 @@ -127,13 +127,16 @@ '9', => '9', 'f9', => '9', 'fc9', => '9', - '10', => 'rawhide', - 'f10', => 'rawhide', - 'fc10', => 'rawhide', + '10', => '10', + 'f10', => '10', + 'fc10', => '10', + '11', => 'rawhide', + 'f11', => 'rawhide', + 'fc11', => 'rawhide', 'devel', => 'rawhide', ); -my $rawhide_version= '10'; +my $rawhide_version= '11'; sub tracking_bugs {