[Fedora-security-commits] fedora-security/audit f11, NONE, 1.1 f10, 1.28, 1.29 f8, 1.248, 1.249 f9, 1.239, 1.240

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Wed Nov 26 09:50:39 UTC 2008 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7474/audit

Modified Files:
	f10 f8 f9 
Added Files:
	f11 
Log Message:
bunch of updates
add f11 file



***** Error reading new file: [Errno 2] No such file or directory: 'f11'

Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- f10	21 Nov 2008 20:59:01 -0000	1.28
+++ f10	26 Nov 2008 09:50:09 -0000	1.29
@@ -4,21 +4,21 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
 
-CVE-2008-5187 VULNERABLE (imlib2) #472579
+CVE-2008-5187 fixed (imlib2) #472579 [since FEDORA-2008-10364] 
 CVE-2008-5153 VULNERABLE (moodle) #472120
-CVE-2008-5148 VULNERABLE (geda-gnetlist) #472116
+CVE-2008-5148 fixed (geda-gnetlist) #472116 [since FEDORA-2008-9730] 
 CVE-2008-5138 VULNERABLE (pam_mount) #472112
 CVE-2008-5113 VULNERABLE (wordpress) #471992
 CVE-2008-5110 VULNERABLE (syslog-ng)
 CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10] 
-CVE-2008-5076 VULNERABLE (htop)
+CVE-2008-5076 fixed (htop) [since FEDORA-2008-9944] 
 CVE-2008-5050 version (clamav, fixed 0.94.1) [since clamav-0.94.1-1.fc10] 
 CVE-2008-5030 fixed (libcdaudio) 
 CVE-2008-5008 version (libsamplerate, fixed 0.14) [since libsamplerate-0.1.4-1.fc10] 
 CVE-2008-5007 fixed (lazarus) [since lazarus-0.9.26-1.fc10] 
 CVE-2008-5006 version (uw-imap, fixed 2007d) [since uw-imap-2007d-1.fc10] 
 CVE-2008-5005 version (uw-imap, fixed 2007d) [since uw-imap-2007d-1.fc10] 
-CVE-2008-4989 VULNERABLE (gnutls, fixed 2.6.1) [since gnutls-2.4.2-3.fc10] 
+CVE-2008-4989 fixed (gnutls, fixed 2.6.1) [since FEDORA-2008-10162] 
 CVE-2008-4987 fixed (xastir) [since xastir-1.9.2-9.fc10] 
 CVE-2008-4985 ignore (vdr) Debian-specific
 CVE-2008-4982 fixed (rkhunter) [since rkhunter-1.3.2-5.fc10] 
@@ -37,7 +37,7 @@
 CVE-2008-4776 version (libgadu, fixed 1.8.2) [since libgadu-1.8.2-1.fc10] 
 CVE-2008-4775 version (phpMyAdmin, fixed 3.0.1.1) [since phpMyAdmin-3.0.1.1-1.fc10] 
 CVE-2008-4769 version (wordpress) 
-CVE-2008-4690 VULNERABLE (lynx) [since lynx-2.8.6-18.fc10]
+CVE-2008-4690 VULNERABLE (lynx) [since FEDORA-2008-9952] 
 CVE-2008-4641 VULNERABLE (jhead) 
 CVE-2008-4640 VULNERABLE (jhead) 
 CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] 
@@ -45,6 +45,7 @@
 CVE-2008-4578 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] 
 CVE-2008-4577 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] 
 CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] 
+CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10392] dialupadmin subpackage dropped
 CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959 
 CVE-2008-4434 ignore (bittorrent) 6.x only
 CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] 
@@ -53,11 +54,15 @@
 CVE-2008-4359 version (lighttpd, fixed 1.4.20) #465754 [since lighttpd-1.4.20-1.fc10]
 CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10] 
 CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10] 
+CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] 
+CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] 
 CVE-2008-4309 VULNERABLE (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10] 
 CVE-2008-4306 fixed (enscript) [since enscript-1.6.4-11.fc10] 
 CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] 
 CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] 
 CVE-2008-4242 VULNERABLE (proftpd) #464130 
+CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-10038] 
+CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-10038] 
 CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10] 
 CVE-2008-4190 VULNERABLE (openswan) 
 CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462873 
@@ -311,7 +316,7 @@
 CVE-2008-2085 backport (sipp) #446222 [since sipp-3.1-2.fc10]
 CVE-2008-2079 version (mysql, fixed 5.0.60) [since mysql-5.0.67-1.fc10]
 CVE-2008-2051 version (php, fixed 5.2.6) [since php-5.2.6-2.fc9]
-CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10]
+CVE-2008-2004 backport (xen) disables format autodetection by default [since xen-3.2.0-14.fc10]
 CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
 CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
 CVE-2008-1999 VULNERABLE (WebKit) 
@@ -342,7 +347,7 @@
 CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10]
 CVE-2008-1502 version (moodle, fixed 1.9) 
 CVE-2008-1488 version (php-pecl-apc) #438848 [since php-pecl-apc-3.0.19-1.fc10]
-CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) 
+CVE-2008-1475 version (roundup, fixed 1.4.5) [since roundup-1.4.6-1.fc10]
 CVE-2008-1447 version (bind) #454477 [since bind-9.5.1-0.1.b1.fc10)]
 CVE-2008-1447 version (dnssec-tools) [since dnssec-tools-1.4.1-2.fc10] 
 CVE-2008-1423 backport (libvorbis) #446344  [since libvorbis-1.2.0-4.fc10]
@@ -379,8 +384,8 @@
 CVE-2007-6318 VULNERABLE (wordpress) #426434
 CVE-2007-6131 VULNERABLE (scanbuttond) 
 CVE-2007-5962 fixed (vsftpd) [since vsftpd-2.0.6-4.fc10] 
-CVE-2007-5907 VULNERABLE (xen) #390121
-CVE-2007-5906 VULNERABLE (xen) #390121
+CVE-2007-5907 version (xen) #390121
+CVE-2007-5906 version (xen) #390121
 CVE-2007-5803 version (nagios, fixed 2.12) #446383 [since nagios-2.12-3.fc10]
 CVE-2007-5615 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] 
 CVE-2007-5614 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] 


Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.248
retrieving revision 1.249
diff -u -r1.248 -r1.249
--- f8	21 Nov 2008 20:59:01 -0000	1.248
+++ f8	26 Nov 2008 09:50:09 -0000	1.249
@@ -6,14 +6,14 @@
 
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
-CVE-2008-5187 VULNERABLE (imlib2) #472577
+CVE-2008-5187 fixed (imlib2) #472577 [since FEDORA-2008-10296] 
 CVE-2008-5153 VULNERABLE (moodle) #472118
-CVE-2008-5148 VULNERABLE (geda-gnetlist) #472114
+CVE-2008-5148 fixed (geda-gnetlist) #472114 [since FEDORA-2008-9730] 
 CVE-2008-5138 VULNERABLE (pam_mount) #472110
 CVE-2008-5113 VULNERABLE (wordpress) #471990
 CVE-2008-5110 VULNERABLE (syslog-ng) #471985
 CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9639] 
-CVE-2008-5076 VULNERABLE (htop)
+CVE-2008-5076 fixed (htop) [since FEDORA-2008-9791] 
 CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9651] 
 CVE-2008-5030 fixed (libcdaudio) 
 CVE-2008-5008 VULNERABLE (libsamplerate, fixed 0.14) 
@@ -47,6 +47,7 @@
 CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix
 CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9232] 
 CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941] 
+CVE-2008-4474 ignore (freeradius) dialupadmin not shipped
 CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957
 CVE-2008-4434 ignore (bittorrent) 6.x only
 CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582] 
@@ -55,11 +56,15 @@
 CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638 
 CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286] 
 CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8270] 
+CVE-2008-4315 ignore (tog-pegasus) 
+CVE-2008-4313 ignore (tog-pegasus) 
 CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9362] 
 CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9351] 
 CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 
 CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632 
 CVE-2008-4242 VULNERABLE (proftpd) #464128 
+CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9729] 
+CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9729] 
 CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423] 
 CVE-2008-4190 VULNERABLE (openswan) 
 CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871 
@@ -392,7 +397,7 @@
 CVE-2008-1488 fixed (php-pecl-apc) #438847 [since FEDORA-2008-6344] 
 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
 CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849] 
-CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) 
+CVE-2008-1475 fixed (roundup, fixed 1.4.5) [since FEDORA-2008-9712] 
 CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370] 
 CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767] 
 CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] 


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.239
retrieving revision 1.240
diff -u -r1.239 -r1.240
--- f9	21 Nov 2008 20:59:01 -0000	1.239
+++ f9	26 Nov 2008 09:50:09 -0000	1.240
@@ -5,14 +5,14 @@
 # (mozilla) = (gecko-libs dependent stuff)
 
 rhbz249840 version (tor, fixed 0.1.2.15)
-CVE-2008-5187 VULNERABLE (imlib2) #472578
+CVE-2008-5187 fixed (imlib2) #472578 [since FEDORA-2008-10287] 
 CVE-2008-5153 VULNERABLE (moodle) #472119
-CVE-2008-5148 VULNERABLE (geda-gnetlist) #472115
+CVE-2008-5148 fixed (geda-gnetlist) #472115 [since FEDORA-2008-9730] 
 CVE-2008-5138 VULNERABLE (pam_mount) #472111
 CVE-2008-5113 VULNERABLE (wordpress) #471991
 CVE-2008-5110 VULNERABLE (syslog-ng) #471986
 CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633] 
-CVE-2008-5076 VULNERABLE (htop)
+CVE-2008-5076 fixed (htop) [since FEDORA-2008-9728] 
 CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9644] 
 CVE-2008-5030 fixed (libcdaudio) 
 CVE-2008-5008 VULNERABLE (libsamplerate, fixed 0.14) 
@@ -46,6 +46,7 @@
 CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix
 CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9202] 
 CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] 
+CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10309] dialupadmin subpackage dropped
 CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958
 CVE-2008-4434 ignore (bittorrent) 6.x only
 CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] 
@@ -54,11 +55,15 @@
 CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639 
 CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] 
 CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252] 
+CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] 
+CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] 
 CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9367] 
 CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372] 
 CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 
 CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] 
 CVE-2008-4242 VULNERABLE (proftpd) #464129 
+CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9773] 
+CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9773] 
 CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379] 
 CVE-2008-4190 VULNERABLE (openswan) 
 CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872 
@@ -320,7 +325,7 @@
 CVE-2008-2051 fixed (php, fixed 5.2.6) [since FEDORA-2008-3606] 
 CVE-2008-2050 ignore (php, fixed 5.2.6) 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
-CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc9]
+CVE-2008-2004 fixed (xen) [since FEDORA-2008-5053] disables format autodetection by default
 CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
 CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
 CVE-2008-2000 ignore (WebKit) browser DoS
@@ -335,7 +340,7 @@
 CVE-2008-1947 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] 
 CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] 
 CVE-2008-1944 version (xen, fixed 3.2) 
-CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
+CVE-2008-1943 fixed (xen) [since FEDORA-2008-5053] 
 CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] 
 CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0
 CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443941 [since FEDORA-2008-4003] 
@@ -401,7 +406,7 @@
 CVE-2008-1488 fixed (php-pecl-apc) #455166 [since FEDORA-2008-6401] 
 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
 CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9]
-CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) 
+CVE-2008-1475 fixed (roundup, fixed 1.4.5) [since FEDORA-2008-9734] 
 CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9]
 CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9]
 CVE-2008-1467 fixed (centerim) #438871
@@ -727,8 +732,8 @@
 CVE-2007-5934 version (php-pear-MDB2-Driver-mysql) #379141 [since php-pear-MDB2-Driver-mysql-1.4.1-3.fc9]
 CVE-2007-5934 version (php-pear-MDB2-Driver-mysqli) #379171 [since php-pear-MDB2-Driver-mysqli-1.4.1-3.fc9]
 CVE-2007-5925 backport (mysql, fixed 5.0.54) [since mysql-5.0.45-6.fc9]
-CVE-2007-5907 VULNERABLE (xen) #390121
-CVE-2007-5906 VULNERABLE (xen) #390121
+CVE-2007-5907 version (xen) #390121
+CVE-2007-5906 version (xen) #390121
 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
 CVE-2007-5901 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] 
 CVE-2007-5900 ignore (php, fixed 5.2.5)

More information about the Fedora-security-commits mailing list