From fedora-security-commits at redhat.com Mon Oct 6 16:51:47 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 6 Oct 2008 16:51:47 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f8, 1.234, 1.235 f9, 1.224, 1.225 Message-ID: <20081006165147.EA810700DE@cvs1.fedora.phx.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19604 Modified Files: f8 f9 Log Message: Add CVE-2008-3834 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.234 retrieving revision 1.235 diff -u -r1.234 -r1.235 --- f8 30 Sep 2008 12:51:46 -0000 1.234 +++ f8 6 Oct 2008 16:51:17 -0000 1.235 @@ -69,6 +69,7 @@ CVE-2008-3836 ignore (seamonkey) ff only CVE-2008-3835 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-3834 VULNERABLE (dbus) #465835 CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3790 VULNERABLE (ruby) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.224 retrieving revision 1.225 diff -u -r1.224 -r1.225 --- f9 30 Sep 2008 12:51:46 -0000 1.224 +++ f9 6 Oct 2008 16:51:17 -0000 1.225 @@ -68,6 +68,7 @@ CVE-2008-3836 ignore (seamonkey) ff only CVE-2008-3835 ignore (firefox) ff2 only CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-3834 VULNERABLE (dbus) #465836 CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] From fedora-security-commits at redhat.com Tue Oct 7 12:56:27 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 7 Oct 2008 12:56:27 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f8, 1.235, 1.236 f9, 1.225, 1.226 Message-ID: <20081007125627.A8175700DE@cvs1.fedora.phx.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22135 Modified Files: f8 f9 Log Message: Note a bugzilla flaw Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.235 retrieving revision 1.236 diff -u -r1.235 -r1.236 --- f8 6 Oct 2008 16:51:17 -0000 1.235 +++ f8 7 Oct 2008 12:55:57 -0000 1.236 @@ -6,6 +6,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957 CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632 CVE-2008-4242 VULNERABLE (proftpd) #464128 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.225 retrieving revision 1.226 diff -u -r1.225 -r1.226 --- f9 6 Oct 2008 16:51:17 -0000 1.225 +++ f9 7 Oct 2008 12:55:57 -0000 1.226 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958 CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] CVE-2008-4242 VULNERABLE (proftpd) #464129 From fedora-security-commits at redhat.com Tue Oct 7 15:10:30 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 7 Oct 2008 15:10:30 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.16, 1.17 f8, 1.236, 1.237 f9, 1.226, 1.227 Message-ID: <20081007151030.073BB700DE@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13765/audit Modified Files: f10 f8 f9 Log Message: merge josh's commits to my pending pile of changes Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- f10 30 Sep 2008 12:51:46 -0000 1.16 +++ f10 7 Oct 2008 15:09:59 -0000 1.17 @@ -4,6 +4,14 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959 +CVE-2008-4434 ignore (bittorrent) 6.x only +CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] +CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10] +CVE-2008-4360 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] +CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #465754 +CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10] +CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10] CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] CVE-2008-4242 VULNERABLE (proftpd) #464130 @@ -60,13 +68,15 @@ CVE-2008-3916 VULNERABLE (ed, fixed 1.0) CVE-2008-3906 version (mono) #461755 [since mono-2.0-6.fc10] CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] -CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101 +CVE-2008-3889 version (postfix, fixed 2.4.9, 2.5.5) #459101 [since postfix-2.5.5-1.fc10] CVE-2008-3837 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] CVE-2008-3837 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] CVE-2008-3836 ignore (firefox) ff2 only CVE-2008-3836 ignore (seamonkey) ff only CVE-2008-3835 ignore (firefox) ff2 only CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-3834 VULNERABLE (dbus) +CVE-2008-3825 VULNERABLE (pam_krb5, 2.3.2) CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] @@ -88,6 +98,8 @@ CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] +CVE-2008-3652 VULNERABLE (ipsec-tools) #465474 +CVE-2008-3651 version (ipsec-tools, fixed 0.7.1) [since ipsec-tools-0.7.1-1.fc10] CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10] CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc CVE-2008-3529 version (libxml2, fixed 2.7.0) [since libxml2-2.7.1-1.fc10] @@ -146,8 +158,8 @@ CVE-2008-2940 ignore (hplip) #458991 not run as service CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10] CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127 -CVE-2008-2937 VULNERABLE (postfix) #459101 -CVE-2008-2936 backport (postfix) #459101 [since postfix-2.5.1-4.fc10] +CVE-2008-2937 version (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.5-1.fc10] +CVE-2008-2936 backport (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.1-4.fc10] CVE-2008-2935 VULNERABLE (libxslt) CVE-2008-2933 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10] CVE-2008-2932 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10] @@ -301,6 +313,7 @@ CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10] CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9] CVE-2008-0166 ignore (openssl) Debian specific +CVE-2008-0071 ignore (bittorrent) 6.x only CVE-2008-0016 ignore (firefox) ff2 only CVE-2008-0016 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9] Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.236 retrieving revision 1.237 diff -u -r1.236 -r1.237 --- f8 7 Oct 2008 12:55:57 -0000 1.236 +++ f8 7 Oct 2008 15:09:59 -0000 1.237 @@ -7,10 +7,17 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957 +CVE-2008-4434 ignore (bittorrent) 6.x only +CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582] +CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8678] +CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464638 +CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638 +CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286] +CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8270] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632 CVE-2008-4242 VULNERABLE (proftpd) #464128 -CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8423] +CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423] CVE-2008-4190 VULNERABLE (openswan) CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871 CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462871 @@ -63,7 +70,7 @@ CVE-2008-3916 VULNERABLE (ed, fixed 1.0) CVE-2008-3906 VULNERABLE (mono) #461753 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] -CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 +CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 [since FEDORA-2008-8595] CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] @@ -71,6 +78,7 @@ CVE-2008-3835 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] CVE-2008-3834 VULNERABLE (dbus) #465835 +CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8605] CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3790 VULNERABLE (ruby) @@ -91,6 +99,8 @@ CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] +CVE-2008-3652 VULNERABLE (ipsec-tools) #465472 +CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472 CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source CVE-2008-3533 fixed (yelp, fixed 2.24) #459502 [since FEDORA-2008-7293] CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7666] @@ -146,8 +156,8 @@ CVE-2008-2941 ignore (hplip) #458989 not run as service CVE-2008-2940 ignore (hplip) #458989 not run as service CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] -CVE-2008-2937 VULNERABLE (postfix) #459099 -CVE-2008-2936 VULNERABLE (postfix) #459099 +CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595] +CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595] CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029] CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642] @@ -530,6 +540,7 @@ CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0073 fixed (xine-lib, fixed 1.1.11) #438192 [since FEDORA-2008-2569] CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292] +CVE-2008-0071 ignore (bittorrent) 6.x only CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.226 retrieving revision 1.227 diff -u -r1.226 -r1.227 --- f9 7 Oct 2008 12:55:57 -0000 1.226 +++ f9 7 Oct 2008 15:09:59 -0000 1.227 @@ -6,10 +6,17 @@ rhbz249840 version (tor, fixed 0.1.2.15) CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958 +CVE-2008-4434 ignore (bittorrent) 6.x only +CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] +CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639] +CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464639 +CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639 +CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] +CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] CVE-2008-4242 VULNERABLE (proftpd) #464129 -CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8379] +CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379] CVE-2008-4190 VULNERABLE (openswan) CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872 CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462872 @@ -62,7 +69,7 @@ CVE-2008-3916 VULNERABLE (ed, fixed 1.0) CVE-2008-3906 VULNERABLE (mono) #461754 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] -CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 +CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 [since FEDORA-2008-8593] CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] CVE-2008-3836 ignore (firefox) ff2 only @@ -70,6 +77,7 @@ CVE-2008-3835 ignore (firefox) ff2 only CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] CVE-2008-3834 VULNERABLE (dbus) #465836 +CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618] CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] @@ -85,12 +93,14 @@ CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663] CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739] -CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 +CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559] CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872 CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] +CVE-2008-3652 VULNERABLE (ipsec-tools) #465473 +CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473 CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7594] @@ -149,8 +159,8 @@ CVE-2008-2940 ignore (hplip) #458990 not run as service CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] -CVE-2008-2937 VULNERABLE (postfix) #459100 -CVE-2008-2936 VULNERABLE (postfix) #459100 +CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593] +CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593] CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062] CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339] @@ -532,6 +542,7 @@ CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0073 version (xine-lib, fixed 1.1.11) #438193 [since xine-lib-1.1.11-1.fc9] CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9] +CVE-2008-0071 ignore (bittorrent) 6.x only CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9] From fedora-security-commits at redhat.com Wed Oct 8 06:54:57 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 8 Oct 2008 06:54:57 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.17, 1.18 f9, 1.227, 1.228 Message-ID: <20081008065457.19CEC700E1@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7289/audit Modified Files: f10 f9 Log Message: note condor Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- f10 7 Oct 2008 15:09:59 -0000 1.17 +++ f10 8 Oct 2008 06:54:26 -0000 1.18 @@ -76,6 +76,10 @@ CVE-2008-3835 ignore (firefox) ff2 only CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] CVE-2008-3834 VULNERABLE (dbus) +CVE-2008-3830 VULNERABLE (condor, fixed 7.0.5) #466076 +CVE-2008-3829 VULNERABLE (condor, fixed 7.0.5) #466076 +CVE-2008-3828 VULNERABLE (condor, fixed 7.0.5) #466076 +CVE-2008-3826 VULNERABLE (condor, fixed 7.0.5) #466076 CVE-2008-3825 VULNERABLE (pam_krb5, 2.3.2) CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.227 retrieving revision 1.228 diff -u -r1.227 -r1.228 --- f9 7 Oct 2008 15:09:59 -0000 1.227 +++ f9 8 Oct 2008 06:54:26 -0000 1.228 @@ -76,7 +76,11 @@ CVE-2008-3836 ignore (seamonkey) ff only CVE-2008-3835 ignore (firefox) ff2 only CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] -CVE-2008-3834 VULNERABLE (dbus) #465836 +CVE-2008-3834 VULNERABLE (dbus) #465836 +CVE-2008-3830 VULNERABLE (condor, fixed 7.0.5) #466075 +CVE-2008-3829 VULNERABLE (condor, fixed 7.0.5) #466075 +CVE-2008-3828 VULNERABLE (condor, fixed 7.0.5) #466075 +CVE-2008-3826 VULNERABLE (condor, fixed 7.0.5) #466075 CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618] CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 From fedora-security-commits at redhat.com Fri Oct 10 13:03:35 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 10 Oct 2008 13:03:35 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.18, 1.19 f8, 1.237, 1.238 f9, 1.228, 1.229 Message-ID: <20081010130335.B129870122@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv820/audit Modified Files: f10 f8 f9 Log Message: add cups updates Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- f10 8 Oct 2008 06:54:26 -0000 1.18 +++ f10 10 Oct 2008 13:03:05 -0000 1.19 @@ -76,15 +76,15 @@ CVE-2008-3835 ignore (firefox) ff2 only CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] CVE-2008-3834 VULNERABLE (dbus) -CVE-2008-3830 VULNERABLE (condor, fixed 7.0.5) #466076 -CVE-2008-3829 VULNERABLE (condor, fixed 7.0.5) #466076 -CVE-2008-3828 VULNERABLE (condor, fixed 7.0.5) #466076 -CVE-2008-3826 VULNERABLE (condor, fixed 7.0.5) #466076 +CVE-2008-3830 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10] +CVE-2008-3829 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10] +CVE-2008-3828 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10] +CVE-2008-3826 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10] CVE-2008-3825 VULNERABLE (pam_krb5, 2.3.2) CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] -CVE-2008-3790 VULNERABLE (ruby) +CVE-2008-3790 backport (ruby) [since ruby-1.8.6.287-2.fc10] CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) CVE-2008-3747 version (wordpress, fixed 2.6.1) [since wordpress-2.6.1-1.fc10] CVE-2008-3746 version (neon, fixed 0.28.3) [since neon-0.28.3-2] @@ -104,6 +104,9 @@ CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3652 VULNERABLE (ipsec-tools) #465474 CVE-2008-3651 version (ipsec-tools, fixed 0.7.1) [since ipsec-tools-0.7.1-1.fc10] +CVE-2008-3641 version (cups, fixed 1.3.9) #466420 [since cups-1.3.9-1.fc10] +CVE-2008-3640 version (cups, fixed 1.3.9) #466420 [since cups-1.3.9-1.fc10] +CVE-2008-3639 version (cups, fixed 1.3.9) #466420 [since cups-1.3.9-1.fc10] CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10] CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc CVE-2008-3529 version (libxml2, fixed 2.7.0) [since libxml2-2.7.1-1.fc10] Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.237 retrieving revision 1.238 diff -u -r1.237 -r1.238 --- f8 7 Oct 2008 15:09:59 -0000 1.237 +++ f8 10 Oct 2008 13:03:05 -0000 1.238 @@ -69,8 +69,8 @@ CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7761] CVE-2008-3916 VULNERABLE (ed, fixed 1.0) CVE-2008-3906 VULNERABLE (mono) #461753 -CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] -CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 [since FEDORA-2008-8595] +CVE-2008-3905 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] +CVE-2008-3889 fixed (postfix, fixed 2.4.9, 2.5.5) #459099 [since FEDORA-2008-8595] CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] @@ -81,7 +81,7 @@ CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8605] CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 -CVE-2008-3790 VULNERABLE (ruby) +CVE-2008-3790 fixed (ruby) [since FEDORA-2008-8736] CVE-2008-3789 ignore (samba, fixed 3.2.3) 3.2.x only CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7463] CVE-2008-3746 ignore (neon, fixed 0.28.3) 0.28.x only @@ -96,15 +96,18 @@ CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464184 CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871 CVE-2008-3661 VULNERABLE (drupal) #464163 ignored by upstream -CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] -CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] -CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] +CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] +CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] +CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] CVE-2008-3652 VULNERABLE (ipsec-tools) #465472 CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472 +CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466418 +CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466418 +CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466418 CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source CVE-2008-3533 fixed (yelp, fixed 2.24) #459502 [since FEDORA-2008-7293] CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7666] -CVE-2008-3443 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] +CVE-2008-3443 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] CVE-2008-3429 fixed (httrack, fixed 3.42-3) [since FEDORA-2008-7896] CVE-2008-3422 VULNERABLE (mono) #461753 CVE-2008-3381 ignore (moin) not affected @@ -156,8 +159,8 @@ CVE-2008-2941 ignore (hplip) #458989 not run as service CVE-2008-2940 ignore (hplip) #458989 not run as service CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] -CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595] -CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595] +CVE-2008-2937 fixed (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595] +CVE-2008-2936 fixed (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595] CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029] CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.228 retrieving revision 1.229 diff -u -r1.228 -r1.229 --- f9 8 Oct 2008 06:54:26 -0000 1.228 +++ f9 10 Oct 2008 13:03:05 -0000 1.229 @@ -68,24 +68,24 @@ CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7830] CVE-2008-3916 VULNERABLE (ed, fixed 1.0) CVE-2008-3906 VULNERABLE (mono) #461754 -CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] -CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 [since FEDORA-2008-8593] +CVE-2008-3905 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] +CVE-2008-3889 fixed (postfix, fixed 2.4.9, 2.5.5) #459100 [since FEDORA-2008-8593] CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] CVE-2008-3836 ignore (firefox) ff2 only CVE-2008-3836 ignore (seamonkey) ff only CVE-2008-3835 ignore (firefox) ff2 only CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] -CVE-2008-3834 VULNERABLE (dbus) #465836 -CVE-2008-3830 VULNERABLE (condor, fixed 7.0.5) #466075 -CVE-2008-3829 VULNERABLE (condor, fixed 7.0.5) #466075 -CVE-2008-3828 VULNERABLE (condor, fixed 7.0.5) #466075 -CVE-2008-3826 VULNERABLE (condor, fixed 7.0.5) #466075 +CVE-2008-3834 fixed (dbus) #465836 [since FEDORA-2008-8764] +CVE-2008-3830 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733] +CVE-2008-3829 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733] +CVE-2008-3828 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733] +CVE-2008-3826 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733] CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618] CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] -CVE-2008-3790 VULNERABLE (ruby) +CVE-2008-3790 fixed (ruby) [since FEDORA-2008-8738] CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243] CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7279] CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415 [since FEDORA-2008-7661] @@ -100,15 +100,18 @@ CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559] CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872 CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream -CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] -CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] -CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] +CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] +CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] +CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] CVE-2008-3652 VULNERABLE (ipsec-tools) #465473 CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473 +CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466419 +CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466419 +CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466419 CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7594] -CVE-2008-3443 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] +CVE-2008-3443 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] CVE-2008-3429 fixed (httrack, fixed 3.42-3) [since FEDORA-2008-7862] CVE-2008-3424 fixed (condor, fixed 7.0.4) #457895 [since FEDORA-2008-7205] CVE-2008-3422 VULNERABLE (mono) #461754 @@ -163,8 +166,8 @@ CVE-2008-2940 ignore (hplip) #458990 not run as service CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] -CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593] -CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593] +CVE-2008-2937 fixed (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593] +CVE-2008-2936 fixed (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593] CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062] CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339] From fedora-security-commits at redhat.com Tue Oct 14 16:05:31 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 14 Oct 2008 16:05:31 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.19, 1.20 f8, 1.238, 1.239 f9, 1.229, 1.230 Message-ID: <20081014160531.285ED7012D@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28224/audit Modified Files: f10 f8 f9 Log Message: mantis cleanup Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- f10 10 Oct 2008 13:03:05 -0000 1.19 +++ f10 14 Oct 2008 16:05:00 -0000 1.20 @@ -152,7 +152,7 @@ CVE-2008-3139 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] CVE-2008-3138 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] CVE-2008-3137 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] -CVE-2008-3102 VULNERABLE (mantis) #464137 +CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464137 CVE-2008-3067 version (sudo, fixed 1.6.9p12) CVE-2008-2960 version (phpMyAdmin, fixed 2.11.7) [since phpMyAdmin-2.11.7-1.fc10] PMASA-2008-4 CVE-2008-2954 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10] @@ -251,7 +251,7 @@ CVE-2008-2307 version (WebKit, fixed svn34204) [since WebKit-1.0.0-0.11.svn34279.fc10] CVE-2008-2302 version (Django, fixed 0.96.2) #447260 [since Django-0.96.2-1.fc10] CVE-2008-2292 backport (net-snmp, fixed 5.4.2.pre1) [since net-snmp-5.4.1-19.fc10] -CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless +CVE-2008-2276 version (mantis) [since mantis-1.1.2-1.fc10] CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp CVE-2008-2235 version (opensc, fixed 0.11.5) [since opensc-0.11.6-1.fc10] CVE-2008-2168 ignore (httpd) browser issue, not apache Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.238 retrieving revision 1.239 diff -u -r1.238 -r1.239 --- f8 10 Oct 2008 13:03:05 -0000 1.238 +++ f8 14 Oct 2008 16:05:00 -0000 1.239 @@ -147,7 +147,7 @@ CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] -CVE-2008-3102 VULNERABLE (mantis) #464135 +CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464135 CVE-2008-3067 VULNERABLE (sudo, fixed 1.6.9p12) CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5640] PMASA-2008-4 CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] @@ -245,7 +245,7 @@ CVE-2008-2307 fixed (WebKit, fixed svn34204) #454094 [since FEDORA-2008-6220] CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248] CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5218] -CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless +CVE-2008-2276 fixed (mantis) [since FEDORA-2008-6657] CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5) CVE-2008-2168 ignore (httpd) browser issue, not apache Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.229 retrieving revision 1.230 diff -u -r1.229 -r1.230 --- f9 10 Oct 2008 13:03:05 -0000 1.229 +++ f9 14 Oct 2008 16:05:00 -0000 1.230 @@ -153,7 +153,7 @@ CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] -CVE-2008-3102 VULNERABLE (mantis) #464136 +CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464136 CVE-2008-3067 version (sudo, fixed 1.6.9p12) CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5676] PMASA-2008-4 CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018] @@ -252,7 +252,7 @@ CVE-2008-2307 fixed (WebKit, fixed svn34204) #454095 [since FEDORA-2008-6186] CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267] CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5215] -CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless +CVE-2008-2276 fixed (mantis) [since FEDORA-2008-6647] CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5) CVE-2008-2168 ignore (httpd) browser issue, not apache From fedora-security-commits at redhat.com Mon Oct 20 11:39:11 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 20 Oct 2008 11:39:11 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Bodhi.pm, 1.4, 1.5 Message-ID: <20081020113911.A86BC700F8@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7643/tools/lib/Libexig Modified Files: Bodhi.pm Log Message: port to perl-JSON 2.x Index: Bodhi.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Bodhi.pm,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- Bodhi.pm 26 Aug 2008 06:37:51 -0000 1.4 +++ Bodhi.pm 20 Oct 2008 11:38:41 -0000 1.5 @@ -96,7 +96,7 @@ # Get updates $json = `wget --post-data 'package=$pkg&tg_paginate_limit=0' -qO - \\ 'https://admin.fedoraproject.org/updates/list?tg_format=json'`; - $obj = jsonToObj ($json, {unmapping => 1}); + $obj = from_json ($json); return @{$obj->{'updates'}}; } From fedora-security-commits at redhat.com Wed Oct 22 17:15:25 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Wed, 22 Oct 2008 17:15:25 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.20, 1.21 f8, 1.239, 1.240 f9, 1.230, 1.231 Message-ID: <20081022171525.4773A70134@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18369/audit Modified Files: f10 f8 f9 Log Message: jhead + updates Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- f10 14 Oct 2008 16:05:00 -0000 1.20 +++ f10 22 Oct 2008 17:14:54 -0000 1.21 @@ -4,6 +4,10 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-4641 VULNERABLE (jhead) +CVE-2008-4640 VULNERABLE (jhead) +CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] +CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.239 retrieving revision 1.240 diff -u -r1.239 -r1.240 --- f8 14 Oct 2008 16:05:00 -0000 1.239 +++ f8 22 Oct 2008 17:14:54 -0000 1.240 @@ -6,6 +6,10 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-4641 VULNERABLE (jhead) +CVE-2008-4640 VULNERABLE (jhead) +CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941] +CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941] CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582] @@ -28,7 +32,7 @@ CVE-2008-4100 VULNERABLE (adns) #462752 upstream design decision CVE-2008-4099 VULNERABLE (python-pydns, fixed 2.3.2) #462765 CVE-2008-4096 fixed (phpMyAdmin, fixed 2.11.9.1) [since FEDORA-2008-8269] -CVE-2008-4094 VULNERABLE (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8282] +CVE-2008-4094 fixed (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8282] CVE-2008-4070 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] CVE-2008-4069 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] CVE-2008-4069 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] @@ -95,12 +99,12 @@ CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719] CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464184 CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871 -CVE-2008-3661 VULNERABLE (drupal) #464163 ignored by upstream +CVE-2008-3661 fixed (drupal) #464163 [since FEDORA-2008-8905] ignored by upstream CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] -CVE-2008-3652 VULNERABLE (ipsec-tools) #465472 -CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472 +CVE-2008-3652 VULNERABLE (ipsec-tools) #465472 [since FEDORA-2008-9016] +CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472 [since FEDORA-2008-9016] CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466418 CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466418 CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466418 @@ -147,7 +151,7 @@ CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] -CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464135 +CVE-2008-3102 fixed (mantis, fixed 1.1.3) #464135 [since FEDORA-2008-9015] CVE-2008-3067 VULNERABLE (sudo, fixed 1.6.9p12) CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5640] PMASA-2008-4 CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] @@ -229,7 +233,7 @@ CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6094] CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only -CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140] +CVE-2008-2374 fixed (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140] CVE-2008-2371 fixed (pcre) #453555 [since FEDORA-2008-6111] CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025] CVE-2008-2370 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.230 retrieving revision 1.231 diff -u -r1.230 -r1.231 --- f9 14 Oct 2008 16:05:00 -0000 1.230 +++ f9 22 Oct 2008 17:14:54 -0000 1.231 @@ -5,6 +5,10 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-4641 VULNERABLE (jhead) +CVE-2008-4640 VULNERABLE (jhead) +CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] +CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] @@ -88,7 +92,7 @@ CVE-2008-3790 fixed (ruby) [since FEDORA-2008-8738] CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243] CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7279] -CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415 [since FEDORA-2008-7661] +CVE-2008-3746 fixed (neon, fixed 0.28.3) #460415 [since FEDORA-2008-7661] CVE-2008-3745 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] CVE-2008-3744 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] CVE-2008-3743 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] @@ -99,12 +103,12 @@ CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739] CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559] CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872 -CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream +CVE-2008-3661 fixed (drupal) #464164 [since FEDORA-2008-8852] ignored by upstream CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] -CVE-2008-3652 VULNERABLE (ipsec-tools) #465473 -CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473 +CVE-2008-3652 VULNERABLE (ipsec-tools) #465473 [since FEDORA-2008-9007] +CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473 [since FEDORA-2008-9007] CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466419 CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466419 CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466419 @@ -153,7 +157,7 @@ CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] -CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464136 +CVE-2008-3102 fixed (mantis, fixed 1.1.3) #464136 [since FEDORA-2008-8925] CVE-2008-3067 version (sudo, fixed 1.6.9p12) CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5676] PMASA-2008-4 CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018]