From fedora-security-commits at redhat.com Tue Sep 9 14:46:07 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 9 Sep 2008 14:46:07 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.12, 1.13 f8, 1.230, 1.231 f9, 1.220, 1.221 Message-ID: <20080909144607.316E17012E@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19395/audit Modified Files: f10 f8 f9 Log Message: i should remember to commit this more often Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- f10 25 Jul 2008 15:29:25 -0000 1.12 +++ f10 9 Sep 2008 14:45:36 -0000 1.13 @@ -4,9 +4,40 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-3964 VULNERABLE (libpng, fixed 1.2.32beta01) #461620 +CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) +CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) +CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) +CVE-2008-3931 backport (R) [since R-2.7.2-1.fc10] +CVE-2008-3928 ignore (honeyd) affected script not shipped +CVE-2008-3927 VULNERABLE (tiger) +CVE-2008-3920 version (bitlbee, fixed 1.2.2) [since bitlbee-1.2.2-1.fc10] +CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101 +CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] +CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) +CVE-2008-3747 version (wordpress, fixed 2.6.1) [since wordpress-2.6.1-1.fc10] +CVE-2008-3746 version (neon, fixed 0.28.3) [since neon-0.28.3-2] +CVE-2008-3714 VULNERABLE (awstats) #459743 +CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected +CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10] +CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc +CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3) +CVE-2008-3424 version (condor, fixed 7.0.4) #457896 [since condor-7.0.4-1.fc10] +CVE-2008-3422 VULNERABLE (mono) +CVE-2008-3381 VULNERABLE (moin) #457364 +CVE-2008-3333 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10] +CVE-2008-3332 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10] +CVE-2008-3331 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10] +CVE-2008-3330 version (horde, fixed 3.2.1) [since horde-3.2.1-1.fc10] +CVE-2008-3328 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10] +CVE-2008-3327 ignore (moodle) webroot disclosure +CVE-2008-3326 version (moodle) 1.8.x+ not affected +CVE-2008-3325 version (moodle) 1.8.x+ not affected CVE-2008-3294 ignore (vim) build-time tmp file usage -CVE-2008-3264 ignore (asterisk) AST-2008-011 - 1.6.x not affected -CVE-2008-3263 ignore (asterisk) AST-2008-010 - 1.6.x not affected +CVE-2008-3282 VULNERABLE (openoffice.org) +CVE-2008-3281 VULNERABLE (libxml2) #459714 +CVE-2008-3264 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-011 +CVE-2008-3263 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-010 CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only CVE-2008-3252 backport (newsx) [since newsx-1.6-9.fc10] CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected @@ -22,6 +53,7 @@ CVE-2008-3198 VULNERABLE (firefox, fixed 3.0.1) CVE-2008-3197 version (phpMyAdmin, fixed 2.11.7.1) [since phpMyAdmin-2.11.7.1-1.fc10] CVE-2008-3196 backport (byacc) [since byacc-1.9.20070509-4.fc10] +CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) CVE-2008-3145 version (wireshark, fixed 1.0.2) [since wireshark-1.0.2-1.fc10] CVE-2008-3141 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] CVE-2008-3140 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] @@ -33,8 +65,16 @@ CVE-2008-2954 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10] CVE-2008-2953 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10] CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10] +CVE-2008-2951 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10] CVE-2008-2950 VULNERABLE (poppler) #454290 CVE-2008-2942 VULNERABLE (mercurial) +CVE-2008-2941 VULNERABLE (hplip) #458991 +CVE-2008-2940 VULNERABLE (hplip) #458991 +CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460132 +CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127 +CVE-2008-2937 VULNERABLE (postfix) #459101 +CVE-2008-2936 backport (postfix) #459101 [since postfix-2.5.1-4.fc10] +CVE-2008-2935 VULNERABLE (libxslt) CVE-2008-2933 VULNERABLE (firefox, fixed 3.0.1) CVE-2008-2841 ignore (xchat) windows-only, IE bug CVE-2008-2827 backport (perl) #452642 [since perl-5.10.0-28.fc10] @@ -100,6 +140,8 @@ CVE-2008-2374 version (bluez-libs, fixed 3.34) #452822 [since bluez-libs-3.34-1.fc10] CVE-2008-2371 backport (pcre) #453557 [since pcre-7.3-4.fc10] CVE-2008-2371 version (glib2) #453561 [since glib2-2.17.3-1.fc10] +CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460132 +CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460127 CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #447312 CVE-2008-2363 VULNERABLE (pan) #449335 CVE-2008-2362 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10] @@ -107,6 +149,7 @@ CVE-2008-2360 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10] CVE-2008-2359 ignore (system-config-network) F8 specific issue CVE-2008-2357 fixed (mtr, fixed 0.73) +CVE-2008-2327 backport (libtiff) [since libtiff-3.8.2-11.fc10] CVE-2008-2310 ignore (binutils) blocked by fortify_source CVE-2008-2307 version (WebKit, fixed svn34204) [since WebKit-1.0.0-0.11.svn34279.fc10] CVE-2008-2302 version (Django, fixed 0.96.2) #447260 [since Django-0.96.2-1.fc10] @@ -128,8 +171,8 @@ CVE-2008-1950 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10] CVE-2008-1949 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10] CVE-2008-1948 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10] -CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) -CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.17) +CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460132 +CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460127 CVE-2008-1944 version (xen, fixed 3.2) CVE-2008-1943 backport (xen) [since xen-3.2.0-11.fc10] CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10] @@ -162,7 +205,10 @@ CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10] CVE-2008-1379 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10] CVE-2008-1377 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10] +CVE-2008-1376 ignore (nfs-utils) using tcp wrappers CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9] +CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460132 +CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460127 CVE-2008-1109 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10] CVE-2008-1108 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10] CVE-2008-1105 version (samba, fixed 3.0.30) [since samba-3.2.0-1.rc2.16.fc10] Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.230 retrieving revision 1.231 diff -u -r1.230 -r1.231 --- f8 25 Jul 2008 15:29:25 -0000 1.230 +++ f8 9 Sep 2008 14:45:36 -0000 1.231 @@ -6,7 +6,36 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected +CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461254 +CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461254 +CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461254 +CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc8] +CVE-2008-3928 ignore (honeyd) affected script not shipped +CVE-2008-3927 VULNERABLE (tiger) +CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc8] +CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 +CVE-2008-3789 ignore (samba, fixed 3.2.3) 3.2.x only +CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1) +CVE-2008-3746 ignore (neon, fixed 0.28.3) 0.28.x only +CVE-2008-3714 VULNERABLE (awstats) #459741 +CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc8] +CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source +CVE-2008-3533 VULNERABLE (yelp, fixed 2.24) #459502 +CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3) +CVE-2008-3422 VULNERABLE (mono) +CVE-2008-3381 ignore (moin) not affected +CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657] +CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657] +CVE-2008-3331 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657] +CVE-2008-3330 fixed (horde, fixed 3.2.1) [since FEDORA-2008-5691] +CVE-2008-3328 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830] +CVE-2008-3327 ignore (moodle) webroot disclosure +CVE-2008-3326 version (moodle) 1.8.x+ not affected +CVE-2008-3325 version (moodle) 1.8.x+ not affected CVE-2008-3294 ignore (vim) build-time tmp file usage +CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.3.0-6.16.fc8] +CVE-2008-3281 VULNERABLE (libxml2) #459712 CVE-2008-3264 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-011 CVE-2008-3263 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-010 CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only @@ -23,6 +52,7 @@ CVE-2008-3215 fixed (clamav, fixed 0.93.3) [since FEDORA-2008-6422] CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6450] CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6429] +CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461254 CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6645] CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] @@ -34,47 +64,54 @@ CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] CVE-2008-2953 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] CVE-2008-2952 fixed (openldap) #453726 [since FEDORA-2008-6029] -CVE-2008-2950 VULNERABLE (poppler) #454288 +CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830] +CVE-2008-2950 fixed (poppler) #454288 [since FEDORA-2008-7104] CVE-2008-2942 VULNERABLE (mercurial) +CVE-2008-2941 VULNERABLE (hplip) #458989 +CVE-2008-2940 VULNERABLE (hplip) #458989 +CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460125 +CVE-2008-2937 VULNERABLE (postfix) #459099 +CVE-2008-2936 VULNERABLE (postfix) #459099 +CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029] CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] CVE-2008-2841 ignore (xchat) windows-only, IE bug CVE-2008-2827 ignore (perl) perl 5.10 only CVE-2008-2811 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2811 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] -CVE-2008-2811 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] +CVE-2008-2811 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] CVE-2008-2810 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2810 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] CVE-2008-2809 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2809 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] -CVE-2008-2809 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] +CVE-2008-2809 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] CVE-2008-2808 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2808 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] CVE-2008-2807 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2807 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] -CVE-2008-2807 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] +CVE-2008-2807 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] CVE-2008-2806 ignore (firefox, fixed 2.0.0.15) Mac OS X specific CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific CVE-2008-2805 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2805 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] CVE-2008-2803 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2803 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] -CVE-2008-2803 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] +CVE-2008-2803 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] CVE-2008-2802 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2802 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] -CVE-2008-2802 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] +CVE-2008-2802 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] CVE-2008-2801 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2801 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] CVE-2008-2800 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2800 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] CVE-2008-2799 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2799 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] -CVE-2008-2799 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] +CVE-2008-2799 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] CVE-2008-2798 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] CVE-2008-2798 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] -CVE-2008-2798 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] +CVE-2008-2798 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] CVE-2008-2785 fixed (seamonkey, fixed 1.1.11) [since FEDORA-2008-6517] CVE-2008-2785 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] -CVE-2008-2785 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] +CVE-2008-2785 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] CVE-2008-2783 VULNERABLE (kronolith) CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725 @@ -102,13 +139,15 @@ CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140] CVE-2008-2371 fixed (pcre) #453555 [since FEDORA-2008-6111] CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025] -CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #454423 [since FEDORA-2008-6314] +CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460125 +CVE-2008-2364 fixed (httpd, fixed 2.2.9) #454423 [since FEDORA-2008-6314] CVE-2008-2363 VULNERABLE (pan) #449333 CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] CVE-2008-2361 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] CVE-2008-2360 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633] CVE-2008-2357 fixed (mtr, fixed 0.73) +CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc8] CVE-2008-2310 ignore (binutils) blocked by fortify_source CVE-2008-2307 fixed (WebKit, fixed svn34204) #454094 [since FEDORA-2008-6220] CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248] @@ -143,7 +182,7 @@ CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] -CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) +CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460125 CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8] CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only @@ -230,6 +269,7 @@ CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] CVE-2008-1379 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] CVE-2008-1377 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] +CVE-2008-1376 ignore (nfs-utils) using tcp wrappers CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] @@ -267,6 +307,7 @@ CVE-2008-1233 version (firefox, fixed 2.0.0.13) CVE-2008-1233 version (seamonkey, fixed 1.1.9) CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] +CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460125 **CVE-2008-1227 fixed (libsilc) We updated this as non-security CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2464] not in default config Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.220 retrieving revision 1.221 diff -u -r1.220 -r1.221 --- f9 25 Jul 2008 15:29:25 -0000 1.220 +++ f9 9 Sep 2008 14:45:36 -0000 1.221 @@ -5,9 +5,40 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected +CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461255 +CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461255 +CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461255 +CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc9] +CVE-2008-3928 ignore (honeyd) affected script not shipped +CVE-2008-3927 VULNERABLE (tiger) +CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc9] +CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 +CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] +CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) [since samba-3.2.3-0.20.fc9] +CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1) +CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415 +CVE-2008-3714 VULNERABLE (awstats) #459742 +CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc9] +CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source +CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc +CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3) +CVE-2008-3424 fixed (condor, fixed 7.0.4) #457895 [since FEDORA-2008-7205] +CVE-2008-3422 VULNERABLE (mono) +CVE-2008-3381 VULNERABLE (moin) #457363 +CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647] +CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647] +CVE-2008-3331 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647] +CVE-2008-3330 fixed (horde, fixed 3.2.1) [since FEDORA-2008-5683] +CVE-2008-3328 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833] +CVE-2008-3327 ignore (moodle) webroot disclosure +CVE-2008-3326 version (moodle) 1.8.x+ not affected +CVE-2008-3325 version (moodle) 1.8.x+ not affected CVE-2008-3294 ignore (vim) build-time tmp file usage -CVE-2008-3264 ignore (asterisk) AST-2008-011 - 1.6.x not affected -CVE-2008-3263 ignore (asterisk) AST-2008-010 - 1.6.x not affected +CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.4.1-17.6.fc9] +CVE-2008-3281 VULNERABLE (libxml2) #459713 +CVE-2008-3264 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-011 +CVE-2008-3263 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-010 CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only CVE-2008-3252 fixed (newsx) [since FEDORA-2008-6321] CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected @@ -23,6 +54,7 @@ CVE-2008-3198 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6502] CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6414] +CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461255 CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6440] CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] @@ -34,47 +66,55 @@ CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018] CVE-2008-2953 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018] CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062] -CVE-2008-2950 VULNERABLE (poppler) #454289 +CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833] +CVE-2008-2950 VULNERABLE (poppler) #454289 [since FEDORA-2008-7012] CVE-2008-2942 VULNERABLE (mercurial) +CVE-2008-2941 VULNERABLE (hplip) #458990 +CVE-2008-2940 VULNERABLE (hplip) #458990 +CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460131 +CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460126 +CVE-2008-2937 VULNERABLE (postfix) #459100 +CVE-2008-2936 VULNERABLE (postfix) #459100 +CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062] CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] CVE-2008-2841 ignore (xchat) windows-only, IE bug CVE-2008-2827 fixed (perl) #452641 [since FEDORA-2008-5739] CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2811 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] -CVE-2008-2811 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] +CVE-2008-2811 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] CVE-2008-2810 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2810 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] CVE-2008-2809 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2809 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] -CVE-2008-2809 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] +CVE-2008-2809 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] CVE-2008-2808 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2808 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] CVE-2008-2807 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2807 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] -CVE-2008-2807 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] +CVE-2008-2807 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] CVE-2008-2806 ignore (firefox, fixed 3.0) Mac OS X specific CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific CVE-2008-2805 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2805 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] CVE-2008-2803 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2803 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] -CVE-2008-2803 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] +CVE-2008-2803 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] CVE-2008-2802 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2802 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] -CVE-2008-2802 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] +CVE-2008-2802 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] CVE-2008-2801 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2801 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] CVE-2008-2800 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2800 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] CVE-2008-2799 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2799 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] -CVE-2008-2799 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] +CVE-2008-2799 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] CVE-2008-2798 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] CVE-2008-2798 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] -CVE-2008-2798 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] +CVE-2008-2798 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] CVE-2008-2785 fixed (seamonkey, fixed 1.1.11) [since FEDORA-2008-6519] CVE-2008-2785 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] -CVE-2008-2785 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] +CVE-2008-2785 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725 CVE-2008-2726 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 [since FEDORA-2008-5664] @@ -101,13 +141,16 @@ CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452821 [since FEDORA-2008-6133] CVE-2008-2371 fixed (pcre) #453556 [since FEDORA-2008-6110] CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048] -CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393] +CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460131 +CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460126 +CVE-2008-2364 fixed (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393] CVE-2008-2363 VULNERABLE (pan) #449334 CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] CVE-2008-2361 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] CVE-2008-2360 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] CVE-2008-2359 ignore (system-config-network) F8 specific issue CVE-2008-2357 fixed (mtr, fixed 0.73) +CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc9] CVE-2008-2310 ignore (binutils) blocked by fortify_source CVE-2008-2307 fixed (WebKit, fixed svn34204) #454095 [since FEDORA-2008-6186] CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267] @@ -142,8 +185,8 @@ CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] -CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) -CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.17) +CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460131 +CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460126 CVE-2008-1944 version (xen, fixed 3.2) CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9] CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] @@ -186,7 +229,7 @@ CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9] CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3] -CVE-2008-1678 VULNERABLE (httpd) #447311 [since FEDORA-2008-6393] only affects systems with openssl >= 0.9.8e +CVE-2008-1678 fixed (httpd) #447311 [since FEDORA-2008-6393] only affects systems with openssl >= 0.9.8e CVE-2008-1677 version (fedora-ds-base, fixed 1.1.1) #445810 [since FEDORA-2008-4884] CVE-2008-1672 fixed (openssl, fixed 0.9.8h) #448690 [since FEDORA-2008-4723] CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped @@ -231,6 +274,7 @@ CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] CVE-2008-1379 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] CVE-2008-1377 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] +CVE-2008-1376 ignore (nfs-utils) using tcp wrappers CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9] CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9] @@ -265,6 +309,8 @@ CVE-2008-1233 version (firefox, fixed 2.0.0.13) CVE-2008-1233 version (seamonkey, fixed 1.1.9) CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] +CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460131 +CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460126 **CVE-2008-1227 fixed (libsilc) We updated this as non-security CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config From fedora-security-commits at redhat.com Thu Sep 11 15:16:02 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 11 Sep 2008 15:16:02 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.13, 1.14 f8, 1.231, 1.232 f9, 1.221, 1.222 Message-ID: <20080911151602.7B90270131@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5579/audit Modified Files: f10 f8 f9 Log Message: large pile of updates Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- f10 9 Sep 2008 14:45:36 -0000 1.13 +++ f10 11 Sep 2008 15:15:31 -0000 1.14 @@ -4,26 +4,43 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) -CVE-2008-3964 VULNERABLE (libpng, fixed 1.2.32beta01) #461620 -CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) -CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) -CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) +CVE-2008-3972 version (opensc, fixed 0.11.6) [since opensc-0.11.6-1.fc10] +CVE-2008-3970 version (pam_mount, fixed 0.47) [since pam_mount-0.47-1.fc10] +CVE-2008-3969 version (bitlbee, fixed 1.2.3) [since bitlbee-1.2.3-1.fc10] +CVE-2008-3964 backport (libpng, fixed 1.2.32beta01) #461620 [since libpng-1.2.31-2.fc10] +CVE-2008-3934 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10] +CVE-2008-3933 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10] +CVE-2008-3932 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10] CVE-2008-3931 backport (R) [since R-2.7.2-1.fc10] CVE-2008-3928 ignore (honeyd) affected script not shipped CVE-2008-3927 VULNERABLE (tiger) CVE-2008-3920 version (bitlbee, fixed 1.2.2) [since bitlbee-1.2.2-1.fc10] +CVE-2008-3906 VULNERABLE (mono) #461755 +CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] +CVE-2008-3790 VULNERABLE (ruby) CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) CVE-2008-3747 version (wordpress, fixed 2.6.1) [since wordpress-2.6.1-1.fc10] CVE-2008-3746 version (neon, fixed 0.28.3) [since neon-0.28.3-2] -CVE-2008-3714 VULNERABLE (awstats) #459743 +CVE-2008-3745 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10] +CVE-2008-3744 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10] +CVE-2008-3743 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10] +CVE-2008-3742 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10] +CVE-2008-3741 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10] +CVE-2008-3740 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10] +CVE-2008-3714 backport (awstats) #459743 [since awstats-6.8-2.fc10] CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected +CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] +CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] +CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10] CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc -CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3) +CVE-2008-3529 version (libxml2, fixed 2.7.0) [since libxml2-2.7.1-1.fc10] +CVE-2008-3443 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] +CVE-2008-3429 version (httrack, fixed 3.42-3) [since httrack-3.42.93-1.fc10] CVE-2008-3424 version (condor, fixed 7.0.4) #457896 [since condor-7.0.4-1.fc10] -CVE-2008-3422 VULNERABLE (mono) +CVE-2008-3422 version (mono) [since mono-2.0-4.fc10] CVE-2008-3381 VULNERABLE (moin) #457364 CVE-2008-3333 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10] CVE-2008-3332 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10] @@ -35,13 +52,14 @@ CVE-2008-3325 version (moodle) 1.8.x+ not affected CVE-2008-3294 ignore (vim) build-time tmp file usage CVE-2008-3282 VULNERABLE (openoffice.org) -CVE-2008-3281 VULNERABLE (libxml2) #459714 +CVE-2008-3281 version (libxml2) #459714 [since libxml2-2.7.0-1.fc10] +CVE-2008-3274 backport (ipa) [since ipa-1.1.0-3.fc10] CVE-2008-3264 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-011 CVE-2008-3263 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-010 CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only CVE-2008-3252 backport (newsx) [since newsx-1.6-9.fc10] CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected -CVE-2008-3231 VULNERABLE (xine-lib) +CVE-2008-3231 version (xine-lib) [since xine-lib-1.1.15-1.fc10.1] CVE-2008-3223 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10] CVE-2008-3222 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10] CVE-2008-3221 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10] @@ -50,10 +68,10 @@ CVE-2008-3218 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10] CVE-2008-3217 version (pdns-recursor, fixed 3.1.6) [since pdns-recursor-3.1.6-1.fc10] CVE-2008-3215 version (clamav, fixed 0.93.3) [since clamav-0.93.3-1.fc10] -CVE-2008-3198 VULNERABLE (firefox, fixed 3.0.1) +CVE-2008-3198 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10] CVE-2008-3197 version (phpMyAdmin, fixed 2.11.7.1) [since phpMyAdmin-2.11.7.1-1.fc10] CVE-2008-3196 backport (byacc) [since byacc-1.9.20070509-4.fc10] -CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) +CVE-2008-3146 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10] CVE-2008-3145 version (wireshark, fixed 1.0.2) [since wireshark-1.0.2-1.fc10] CVE-2008-3141 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] CVE-2008-3140 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] @@ -66,53 +84,56 @@ CVE-2008-2953 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10] CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10] CVE-2008-2951 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10] -CVE-2008-2950 VULNERABLE (poppler) #454290 +CVE-2008-2950 version (poppler, fixed 0.8.5) #454290 [since poppler-0.8.5-1.fc10] CVE-2008-2942 VULNERABLE (mercurial) -CVE-2008-2941 VULNERABLE (hplip) #458991 -CVE-2008-2940 VULNERABLE (hplip) #458991 -CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460132 +CVE-2008-2941 ignore (hplip) #458991 not run as service +CVE-2008-2940 ignore (hplip) #458991 not run as service +CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10] CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127 CVE-2008-2937 VULNERABLE (postfix) #459101 CVE-2008-2936 backport (postfix) #459101 [since postfix-2.5.1-4.fc10] CVE-2008-2935 VULNERABLE (libxslt) -CVE-2008-2933 VULNERABLE (firefox, fixed 3.0.1) +CVE-2008-2933 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10] +CVE-2008-2932 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10] +CVE-2008-2929 version (adminutil, fixed 1.1.6) [since adminutil-1.1.6-1.fc10] +CVE-2008-2928 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10] CVE-2008-2841 ignore (xchat) windows-only, IE bug CVE-2008-2827 backport (perl) #452642 [since perl-5.10.0-28.fc10] CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2811 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2811 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2811 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] CVE-2008-2810 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2810 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2810 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2809 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2809 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2809 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2809 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] CVE-2008-2808 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2808 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2808 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2807 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2807 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2807 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2807 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] CVE-2008-2806 ignore (firefox, fixed 3.0) Mac OS X specific CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific CVE-2008-2805 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2805 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2805 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2803 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2803 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2803 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2803 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] CVE-2008-2802 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2802 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2802 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2802 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] CVE-2008-2801 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2801 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2801 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2800 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2800 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2800 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2799 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2799 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2799 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2799 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] CVE-2008-2798 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] -CVE-2008-2798 VULNERABLE (seamonkey, fixed 1.1.10) +CVE-2008-2798 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9] CVE-2008-2798 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] -CVE-2008-2785 VULNERABLE (seamonkey, fixed 1.1.11) -CVE-2008-2785 VULNERABLE (firefox, fixed 3.0.1) +CVE-2008-2785 version (seamonkey, fixed 1.1.11) [since seamonkey-1.1.11-1.fc9] +CVE-2008-2785 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10] CVE-2008-2785 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10] CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725 @@ -126,7 +147,7 @@ CVE-2008-2719 version (nasm, fixed 2.03.01) [since nasm-2.03.01-1.fc10] CVE-2008-2713 version (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc10] CVE-2008-2711 backport (fetchmail, fixed 6.3.9) #452959 crash only in verbose mode [since fetchmail-6.3.8-7.fc10] -CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) +CVE-2008-2696 version (exiv2, fixed 0.17) [since exiv2-0.17.1-1.fc10] CVE-2008-2664 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10] CVE-2008-2663 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10] CVE-2008-2662 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10] @@ -140,9 +161,9 @@ CVE-2008-2374 version (bluez-libs, fixed 3.34) #452822 [since bluez-libs-3.34-1.fc10] CVE-2008-2371 backport (pcre) #453557 [since pcre-7.3-4.fc10] CVE-2008-2371 version (glib2) #453561 [since glib2-2.17.3-1.fc10] -CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460132 +CVE-2008-2370 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10] CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460127 -CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #447312 +CVE-2008-2364 version (httpd, fixed 2.2.9) #447312 [since httpd-2.2.9-2] CVE-2008-2363 VULNERABLE (pan) #449335 CVE-2008-2362 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10] CVE-2008-2361 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10] @@ -156,6 +177,7 @@ CVE-2008-2292 backport (net-snmp, fixed 5.4.2.pre1) [since net-snmp-5.4.1-19.fc10] CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp +CVE-2008-2235 version (opensc, fixed 0.11.5) [since opensc-0.11.6-1.fc10] CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2152 version (openoffice.org, fixed 2.4.1) [since openoffice.org-3.0.0-0.0.17.1.fc10] CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x @@ -171,7 +193,7 @@ CVE-2008-1950 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10] CVE-2008-1949 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10] CVE-2008-1948 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10] -CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460132 +CVE-2008-1947 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10] CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460127 CVE-2008-1944 version (xen, fixed 3.2) CVE-2008-1943 backport (xen) [since xen-3.2.0-11.fc10] @@ -188,7 +210,7 @@ CVE-2008-1801 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] CVE-2008-1771 version (mt-daapd) [since mt-daapd-0.2.4.2-2.fc10] CVE-2008-1767 version (libxslt, fixed 1.1.24) [since libxslt-1.1.24-1.fc10] -CVE-2008-1678 VULNERABLE (httpd) #447312 only affects systems with openssl >= 0.9.8e +CVE-2008-1678 version (httpd) #447312 only affects systems with openssl >= 0.9.8e [since httpd-2.2.9-2] CVE-2008-1677 version (fedora-ds-base, fixed 1.1.1) #445810 [since fedora-ds-base-1.1.1-1.fc10] CVE-2008-1672 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10] CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10] @@ -207,7 +229,7 @@ CVE-2008-1377 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10] CVE-2008-1376 ignore (nfs-utils) using tcp wrappers CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9] -CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460132 +CVE-2008-1232 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10] CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460127 CVE-2008-1109 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10] CVE-2008-1108 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10] Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.231 retrieving revision 1.232 diff -u -r1.231 -r1.232 --- f8 9 Sep 2008 14:45:36 -0000 1.231 +++ f8 11 Sep 2008 15:15:32 -0000 1.232 @@ -6,24 +6,41 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6) +CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7973] +CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7761] CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected -CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461254 -CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461254 -CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461254 -CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc8] +CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] +CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] +CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] +CVE-2008-3931 fixed (R) [since FEDORA-2008-7619] CVE-2008-3928 ignore (honeyd) affected script not shipped CVE-2008-3927 VULNERABLE (tiger) -CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc8] +CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7761] +CVE-2008-3906 VULNERABLE (mono) #461753 +CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 +CVE-2008-3790 VULNERABLE (ruby) CVE-2008-3789 ignore (samba, fixed 3.2.3) 3.2.x only -CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1) +CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7463] CVE-2008-3746 ignore (neon, fixed 0.28.3) 0.28.x only -CVE-2008-3714 VULNERABLE (awstats) #459741 -CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc8] +CVE-2008-3745 ignore (drupal) 6.x only +CVE-2008-3744 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467] +CVE-2008-3743 ignore (drupal) 6.x only +CVE-2008-3742 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467] +CVE-2008-3741 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467] +CVE-2008-3740 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467] +CVE-2008-3714 fixed (awstats) #459741 [since FEDORA-2008-7684] +CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719] +CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] +CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] +CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source -CVE-2008-3533 VULNERABLE (yelp, fixed 2.24) #459502 -CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3) -CVE-2008-3422 VULNERABLE (mono) +CVE-2008-3533 fixed (yelp, fixed 2.24) #459502 [since FEDORA-2008-7293] +CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7666] +CVE-2008-3443 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] +CVE-2008-3429 fixed (httrack, fixed 3.42-3) [since FEDORA-2008-7896] +CVE-2008-3422 VULNERABLE (mono) #461753 CVE-2008-3381 ignore (moin) not affected CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657] CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657] @@ -34,14 +51,15 @@ CVE-2008-3326 version (moodle) 1.8.x+ not affected CVE-2008-3325 version (moodle) 1.8.x+ not affected CVE-2008-3294 ignore (vim) build-time tmp file usage -CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.3.0-6.16.fc8] -CVE-2008-3281 VULNERABLE (libxml2) #459712 +CVE-2008-3282 fixed (openoffice.org) [since FEDORA-2008-7531] +CVE-2008-3281 fixed (libxml2) #459712 [since FEDORA-2008-7724] +CVE-2008-3274 VULNERABLE (ipa) [since ipa-1.1.0-4.fc8] CVE-2008-3264 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-011 CVE-2008-3263 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-010 CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only CVE-2008-3252 fixed (newsx) [since FEDORA-2008-6319] CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected -CVE-2008-3231 VULNERABLE (xine-lib) +CVE-2008-3231 fixed (xine-lib) [since FEDORA-2008-7572] CVE-2008-3223 ignore (drupal) 6.x only CVE-2008-3222 fixed (drupal, fixed 5.8) [since FEDORA-2008-6411] CVE-2008-3221 ignore (drupal) 6.x only @@ -52,7 +70,7 @@ CVE-2008-3215 fixed (clamav, fixed 0.93.3) [since FEDORA-2008-6422] CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6450] CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6429] -CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461254 +CVE-2008-3146 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6645] CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] @@ -67,13 +85,16 @@ CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830] CVE-2008-2950 fixed (poppler) #454288 [since FEDORA-2008-7104] CVE-2008-2942 VULNERABLE (mercurial) -CVE-2008-2941 VULNERABLE (hplip) #458989 -CVE-2008-2940 VULNERABLE (hplip) #458989 +CVE-2008-2941 ignore (hplip) #458989 not run as service +CVE-2008-2940 ignore (hplip) #458989 not run as service CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460125 CVE-2008-2937 VULNERABLE (postfix) #459099 CVE-2008-2936 VULNERABLE (postfix) #459099 CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029] CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] +CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642] +CVE-2008-2929 fixed (adminutil, fixed 1.1.6) [since FEDORA-2008-7642] +CVE-2008-2928 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642] CVE-2008-2841 ignore (xchat) windows-only, IE bug CVE-2008-2827 ignore (perl) perl 5.10 only CVE-2008-2811 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] @@ -147,13 +168,14 @@ CVE-2008-2360 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633] CVE-2008-2357 fixed (mtr, fixed 0.73) -CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc8] +CVE-2008-2327 fixed (libtiff) [since FEDORA-2008-7388] CVE-2008-2310 ignore (binutils) blocked by fortify_source CVE-2008-2307 fixed (WebKit, fixed svn34204) #454094 [since FEDORA-2008-6220] CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248] CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5218] CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp +CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5) CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) #450650 [since FEDORA-2008-5247] CVE-2008-2146 version (wordpress, fixed 2.2.3) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.221 retrieving revision 1.222 diff -u -r1.221 -r1.222 --- f9 9 Sep 2008 14:45:36 -0000 1.221 +++ f9 11 Sep 2008 15:15:32 -0000 1.222 @@ -5,26 +5,43 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6) +CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976] +CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830] CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected -CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461255 -CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461255 -CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461255 -CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc9] +CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] +CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] +CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] +CVE-2008-3931 fixed (R) [since FEDORA-2008-7670] CVE-2008-3928 ignore (honeyd) affected script not shipped CVE-2008-3927 VULNERABLE (tiger) -CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc9] +CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7830] +CVE-2008-3906 VULNERABLE (mono) #461754 +CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] -CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) [since samba-3.2.3-0.20.fc9] -CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1) -CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415 -CVE-2008-3714 VULNERABLE (awstats) #459742 -CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc9] +CVE-2008-3790 VULNERABLE (ruby) +CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243] +CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7279] +CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415 [since FEDORA-2008-7661] +CVE-2008-3745 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] +CVE-2008-3744 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] +CVE-2008-3743 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] +CVE-2008-3742 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] +CVE-2008-3741 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] +CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] +CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663] +CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739] +CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] +CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] +CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc -CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3) +CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7594] +CVE-2008-3443 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] +CVE-2008-3429 fixed (httrack, fixed 3.42-3) [since FEDORA-2008-7862] CVE-2008-3424 fixed (condor, fixed 7.0.4) #457895 [since FEDORA-2008-7205] -CVE-2008-3422 VULNERABLE (mono) +CVE-2008-3422 VULNERABLE (mono) #461754 CVE-2008-3381 VULNERABLE (moin) #457363 CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647] CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647] @@ -35,14 +52,15 @@ CVE-2008-3326 version (moodle) 1.8.x+ not affected CVE-2008-3325 version (moodle) 1.8.x+ not affected CVE-2008-3294 ignore (vim) build-time tmp file usage -CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.4.1-17.6.fc9] -CVE-2008-3281 VULNERABLE (libxml2) #459713 +CVE-2008-3282 fixed (openoffice.org) [since FEDORA-2008-7680] +CVE-2008-3281 fixed (libxml2) #459713 [since FEDORA-2008-7395] +CVE-2008-3274 VULNERABLE (ipa) [since ipa-1.1.0-7.fc9] CVE-2008-3264 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-011 CVE-2008-3263 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-010 CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only CVE-2008-3252 fixed (newsx) [since FEDORA-2008-6321] CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected -CVE-2008-3231 VULNERABLE (xine-lib) +CVE-2008-3231 fixed (xine-lib) [since FEDORA-2008-7512] CVE-2008-3223 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415] CVE-2008-3222 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415] CVE-2008-3221 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415] @@ -54,7 +72,7 @@ CVE-2008-3198 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6502] CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6414] -CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461255 +CVE-2008-3146 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6440] CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] @@ -67,16 +85,19 @@ CVE-2008-2953 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018] CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062] CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833] -CVE-2008-2950 VULNERABLE (poppler) #454289 [since FEDORA-2008-7012] +CVE-2008-2950 fixed (poppler) #454289 [since FEDORA-2008-7012] CVE-2008-2942 VULNERABLE (mercurial) -CVE-2008-2941 VULNERABLE (hplip) #458990 -CVE-2008-2940 VULNERABLE (hplip) #458990 -CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460131 +CVE-2008-2941 ignore (hplip) #458990 not run as service +CVE-2008-2940 ignore (hplip) #458990 not run as service +CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460126 CVE-2008-2937 VULNERABLE (postfix) #459100 CVE-2008-2936 VULNERABLE (postfix) #459100 CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062] CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] +CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339] +CVE-2008-2929 fixed (adminutil, fixed 1.1.6) [since FEDORA-2008-7339] +CVE-2008-2928 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339] CVE-2008-2841 ignore (xchat) windows-only, IE bug CVE-2008-2827 fixed (perl) #452641 [since FEDORA-2008-5739] CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] @@ -138,10 +159,10 @@ CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6033] CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only -CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452821 [since FEDORA-2008-6133] +CVE-2008-2374 fixed (bluez-libs, fixed 3.34) #452821 [since FEDORA-2008-6133] CVE-2008-2371 fixed (pcre) #453556 [since FEDORA-2008-6110] CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048] -CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460131 +CVE-2008-2370 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460126 CVE-2008-2364 fixed (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393] CVE-2008-2363 VULNERABLE (pan) #449334 @@ -150,13 +171,14 @@ CVE-2008-2360 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] CVE-2008-2359 ignore (system-config-network) F8 specific issue CVE-2008-2357 fixed (mtr, fixed 0.73) -CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc9] +CVE-2008-2327 fixed (libtiff) [since FEDORA-2008-7370] CVE-2008-2310 ignore (binutils) blocked by fortify_source CVE-2008-2307 fixed (WebKit, fixed svn34204) #454095 [since FEDORA-2008-6186] CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267] CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5215] CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp +CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5) CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) [since FEDORA-2008-5143] CVE-2008-2146 version (wordpress, fixed 2.2.3) @@ -185,7 +207,7 @@ CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] -CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460131 +CVE-2008-1947 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460126 CVE-2008-1944 version (xen, fixed 3.2) CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9] @@ -309,7 +331,7 @@ CVE-2008-1233 version (firefox, fixed 2.0.0.13) CVE-2008-1233 version (seamonkey, fixed 1.1.9) CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] -CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460131 +CVE-2008-1232 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460126 **CVE-2008-1227 fixed (libsilc) We updated this as non-security CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected From fedora-security-commits at redhat.com Fri Sep 12 19:01:04 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Fri, 12 Sep 2008 19:01:04 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.14, 1.15 f8, 1.232, 1.233 f9, 1.222, 1.223 Message-ID: <20080912190104.4694570131@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30842/audit Modified Files: f10 f8 f9 Log Message: few more updates Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- f10 11 Sep 2008 15:15:31 -0000 1.14 +++ f10 12 Sep 2008 19:00:33 -0000 1.15 @@ -8,6 +8,7 @@ CVE-2008-3970 version (pam_mount, fixed 0.47) [since pam_mount-0.47-1.fc10] CVE-2008-3969 version (bitlbee, fixed 1.2.3) [since bitlbee-1.2.3-1.fc10] CVE-2008-3964 backport (libpng, fixed 1.2.32beta01) #461620 [since libpng-1.2.31-2.fc10] +CVE-2008-3962 backport (ssmtp) [since ssmtp-2.61-11.6.fc10] CVE-2008-3934 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10] CVE-2008-3933 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10] CVE-2008-3932 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10] @@ -18,6 +19,8 @@ CVE-2008-3906 VULNERABLE (mono) #461755 CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101 +CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 +CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] CVE-2008-3790 VULNERABLE (ruby) CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) @@ -51,6 +54,7 @@ CVE-2008-3326 version (moodle) 1.8.x+ not affected CVE-2008-3325 version (moodle) 1.8.x+ not affected CVE-2008-3294 ignore (vim) build-time tmp file usage +CVE-2008-3283 version (fedora-ds-base, fixed 1.1.2) [since fedora-ds-base-1.1.2-1.fc10] CVE-2008-3282 VULNERABLE (openoffice.org) CVE-2008-3281 version (libxml2) #459714 [since libxml2-2.7.0-1.fc10] CVE-2008-3274 backport (ipa) [since ipa-1.1.0-3.fc10] @@ -95,6 +99,7 @@ CVE-2008-2935 VULNERABLE (libxslt) CVE-2008-2933 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10] CVE-2008-2932 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10] +CVE-2008-2930 version (fedora-ds-base, fixed 1.1.2) [since fedora-ds-base-1.1.2-1.fc10] CVE-2008-2929 version (adminutil, fixed 1.1.6) [since adminutil-1.1.6-1.fc10] CVE-2008-2928 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10] CVE-2008-2841 ignore (xchat) windows-only, IE bug Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.232 retrieving revision 1.233 diff -u -r1.232 -r1.233 --- f8 11 Sep 2008 15:15:32 -0000 1.232 +++ f8 12 Sep 2008 19:00:33 -0000 1.233 @@ -10,6 +10,7 @@ CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7973] CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7761] CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected +CVE-2008-3962 VULNERABLE (ssmtp) CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] @@ -20,6 +21,8 @@ CVE-2008-3906 VULNERABLE (mono) #461753 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 +CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 +CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3790 VULNERABLE (ruby) CVE-2008-3789 ignore (samba, fixed 3.2.3) 3.2.x only CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7463] @@ -51,9 +54,10 @@ CVE-2008-3326 version (moodle) 1.8.x+ not affected CVE-2008-3325 version (moodle) 1.8.x+ not affected CVE-2008-3294 ignore (vim) build-time tmp file usage +CVE-2008-3283 fixed (fedora-ds-base, fixed 1.1.2) [since FEDORA-2008-7891] CVE-2008-3282 fixed (openoffice.org) [since FEDORA-2008-7531] CVE-2008-3281 fixed (libxml2) #459712 [since FEDORA-2008-7724] -CVE-2008-3274 VULNERABLE (ipa) [since ipa-1.1.0-4.fc8] +CVE-2008-3274 fixed (ipa) [since FEDORA-2008-7987] CVE-2008-3264 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-011 CVE-2008-3263 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-010 CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only @@ -93,6 +97,7 @@ CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029] CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642] +CVE-2008-2930 fixed (fedora-ds-base, fixed 1.1.2) [since FEDORA-2008-7891] CVE-2008-2929 fixed (adminutil, fixed 1.1.6) [since FEDORA-2008-7642] CVE-2008-2928 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642] CVE-2008-2841 ignore (xchat) windows-only, IE bug Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.222 retrieving revision 1.223 diff -u -r1.222 -r1.223 --- f9 11 Sep 2008 15:15:32 -0000 1.222 +++ f9 12 Sep 2008 19:00:33 -0000 1.223 @@ -9,6 +9,7 @@ CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976] CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830] CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected +CVE-2008-3962 VULNERABLE (ssmtp) CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] @@ -19,6 +20,8 @@ CVE-2008-3906 VULNERABLE (mono) #461754 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 +CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 +CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] CVE-2008-3790 VULNERABLE (ruby) CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243] @@ -52,9 +55,10 @@ CVE-2008-3326 version (moodle) 1.8.x+ not affected CVE-2008-3325 version (moodle) 1.8.x+ not affected CVE-2008-3294 ignore (vim) build-time tmp file usage +CVE-2008-3283 fixed (fedora-ds-base, fixed 1.1.2) [since FEDORA-2008-7813] CVE-2008-3282 fixed (openoffice.org) [since FEDORA-2008-7680] CVE-2008-3281 fixed (libxml2) #459713 [since FEDORA-2008-7395] -CVE-2008-3274 VULNERABLE (ipa) [since ipa-1.1.0-7.fc9] +CVE-2008-3274 fixed (ipa) [since FEDORA-2008-8003] CVE-2008-3264 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-011 CVE-2008-3263 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-010 CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only @@ -96,6 +100,7 @@ CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062] CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339] +CVE-2008-2930 fixed (fedora-ds-base, fixed 1.1.2) [since FEDORA-2008-7813] CVE-2008-2929 fixed (adminutil, fixed 1.1.6) [since FEDORA-2008-7339] CVE-2008-2928 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339] CVE-2008-2841 ignore (xchat) windows-only, IE bug From fedora-security-commits at redhat.com Tue Sep 30 12:52:16 2008 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 30 Sep 2008 12:52:16 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.15, 1.16 f8, 1.233, 1.234 f9, 1.223, 1.224 Message-ID: <20080930125216.C9DAA70119@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17907/audit Modified Files: f10 f8 f9 Log Message: issues from last 2 weeks... i hope i haven't missed many Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- f10 12 Sep 2008 19:00:33 -0000 1.15 +++ f10 30 Sep 2008 12:51:46 -0000 1.16 @@ -4,11 +4,52 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] +CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] +CVE-2008-4242 VULNERABLE (proftpd) #464130 +CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10] +CVE-2008-4190 VULNERABLE (openswan) +CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462873 +CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462873 +CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific +CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix +CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw +CVE-2008-4106 version (wordpress, fixed 2.6.2) [since wordpress-2.6.2-1.fc10] +CVE-2008-4100 VULNERABLE (adns) #462754 upstream design decision +CVE-2008-4099 version (python-pydns, fixed 2.3.2) #462767 [since python-pydns-2.3.3-1.fc10] +CVE-2008-4096 version (phpMyAdmin, fixed 2.11.9.1) [since phpMyAdmin-2.11.9.1-1.fc10] +CVE-2008-4094 version (rubygem-activerecord, fixed 2.1.1) [since rubygem-activerecord-2.1.1-1.fc10] +CVE-2008-4070 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-4069 ignore (firefox) ff2 only +CVE-2008-4069 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-4068 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] +CVE-2008-4068 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-4067 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] +CVE-2008-4067 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-4066 ignore (firefox) ff2 only +CVE-2008-4066 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-4065 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] +CVE-2008-4065 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-4064 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] +CVE-2008-4064 ignore (seamonkey) ff only +CVE-2008-4063 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] +CVE-2008-4063 ignore (seamonkey) ff only +CVE-2008-4062 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] +CVE-2008-4062 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-4061 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] +CVE-2008-4061 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-4060 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] +CVE-2008-4060 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-4059 ignore (firefox) ff2 only +CVE-2008-4059 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-4058 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] +CVE-2008-4058 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] CVE-2008-3972 version (opensc, fixed 0.11.6) [since opensc-0.11.6-1.fc10] CVE-2008-3970 version (pam_mount, fixed 0.47) [since pam_mount-0.47-1.fc10] CVE-2008-3969 version (bitlbee, fixed 1.2.3) [since bitlbee-1.2.3-1.fc10] CVE-2008-3964 backport (libpng, fixed 1.2.32beta01) #461620 [since libpng-1.2.31-2.fc10] CVE-2008-3962 backport (ssmtp) [since ssmtp-2.61-11.6.fc10] +CVE-2008-3949 VULNERABLE (emacs, fixed 22.3) CVE-2008-3934 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10] CVE-2008-3933 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10] CVE-2008-3932 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10] @@ -16,9 +57,16 @@ CVE-2008-3928 ignore (honeyd) affected script not shipped CVE-2008-3927 VULNERABLE (tiger) CVE-2008-3920 version (bitlbee, fixed 1.2.2) [since bitlbee-1.2.2-1.fc10] -CVE-2008-3906 VULNERABLE (mono) #461755 +CVE-2008-3916 VULNERABLE (ed, fixed 1.0) +CVE-2008-3906 version (mono) #461755 [since mono-2.0-6.fc10] CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101 +CVE-2008-3837 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] +CVE-2008-3837 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-3836 ignore (firefox) ff2 only +CVE-2008-3836 ignore (seamonkey) ff only +CVE-2008-3835 ignore (firefox) ff2 only +CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] @@ -34,6 +82,9 @@ CVE-2008-3740 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10] CVE-2008-3714 backport (awstats) #459743 [since awstats-6.8-2.fc10] CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected +CVE-2008-3663 version (squirrelmail, fixed 1.4.16) #464186 [since squirrelmail-1.4.16-1.fc10] +CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462873 +CVE-2008-3661 VULNERABLE (drupal) #464165 ignored by upstream CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] @@ -82,6 +133,7 @@ CVE-2008-3139 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] CVE-2008-3138 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] CVE-2008-3137 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] +CVE-2008-3102 VULNERABLE (mantis) #464137 CVE-2008-3067 version (sudo, fixed 1.6.9p12) CVE-2008-2960 version (phpMyAdmin, fixed 2.11.7) [since phpMyAdmin-2.11.7-1.fc10] PMASA-2008-4 CVE-2008-2954 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10] @@ -89,7 +141,7 @@ CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10] CVE-2008-2951 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10] CVE-2008-2950 version (poppler, fixed 0.8.5) #454290 [since poppler-0.8.5-1.fc10] -CVE-2008-2942 VULNERABLE (mercurial) +CVE-2008-2942 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] CVE-2008-2941 ignore (hplip) #458991 not run as service CVE-2008-2940 ignore (hplip) #458991 not run as service CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10] @@ -249,6 +301,8 @@ CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10] CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9] CVE-2008-0166 ignore (openssl) Debian specific +CVE-2008-0016 ignore (firefox) ff2 only +CVE-2008-0016 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9] CVE-2007-6321 version (roundcubemail) #423301 [since roundcubemail-0.2-0.alpha.fc10] CVE-2007-6318 VULNERABLE (wordpress) #426434 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.233 retrieving revision 1.234 diff -u -r1.233 -r1.234 --- f8 12 Sep 2008 19:00:33 -0000 1.233 +++ f8 30 Sep 2008 12:51:46 -0000 1.234 @@ -6,11 +6,52 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 +CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632 +CVE-2008-4242 VULNERABLE (proftpd) #464128 +CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8423] +CVE-2008-4190 VULNERABLE (openswan) +CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871 +CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462871 +CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific +CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix +CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw +CVE-2008-4106 fixed (wordpress, fixed 2.6.2) [since FEDORA-2008-7760] +CVE-2008-4100 VULNERABLE (adns) #462752 upstream design decision +CVE-2008-4099 VULNERABLE (python-pydns, fixed 2.3.2) #462765 +CVE-2008-4096 fixed (phpMyAdmin, fixed 2.11.9.1) [since FEDORA-2008-8269] +CVE-2008-4094 VULNERABLE (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8282] +CVE-2008-4070 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-4069 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-4069 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-4068 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-4068 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-4067 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-4067 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-4066 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-4066 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-4065 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-4065 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-4064 ignore (firefox) ff3 only +CVE-2008-4064 ignore (seamonkey) ff only +CVE-2008-4063 ignore (firefox) ff3 only +CVE-2008-4063 ignore (seamonkey) ff only +CVE-2008-4062 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-4062 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-4061 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-4061 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-4060 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-4060 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-4059 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-4059 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-4058 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-4058 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6) CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7973] CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7761] CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected CVE-2008-3962 VULNERABLE (ssmtp) +CVE-2008-3949 VULNERABLE (emacs, fixed 22.3) CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] @@ -18,9 +59,16 @@ CVE-2008-3928 ignore (honeyd) affected script not shipped CVE-2008-3927 VULNERABLE (tiger) CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7761] +CVE-2008-3916 VULNERABLE (ed, fixed 1.0) CVE-2008-3906 VULNERABLE (mono) #461753 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 +CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] +CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-3836 ignore (seamonkey) ff only +CVE-2008-3835 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3790 VULNERABLE (ruby) @@ -35,6 +83,9 @@ CVE-2008-3740 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467] CVE-2008-3714 fixed (awstats) #459741 [since FEDORA-2008-7684] CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719] +CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464184 +CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871 +CVE-2008-3661 VULNERABLE (drupal) #464163 ignored by upstream CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] @@ -81,6 +132,7 @@ CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] +CVE-2008-3102 VULNERABLE (mantis) #464135 CVE-2008-3067 VULNERABLE (sudo, fixed 1.6.9p12) CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5640] PMASA-2008-4 CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] @@ -88,10 +140,10 @@ CVE-2008-2952 fixed (openldap) #453726 [since FEDORA-2008-6029] CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830] CVE-2008-2950 fixed (poppler) #454288 [since FEDORA-2008-7104] -CVE-2008-2942 VULNERABLE (mercurial) +CVE-2008-2942 VULNERABLE (mercurial, fixed 1.0.2) #464632 CVE-2008-2941 ignore (hplip) #458989 not run as service CVE-2008-2940 ignore (hplip) #458989 not run as service -CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460125 +CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] CVE-2008-2937 VULNERABLE (postfix) #459099 CVE-2008-2936 VULNERABLE (postfix) #459099 CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029] @@ -165,7 +217,7 @@ CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140] CVE-2008-2371 fixed (pcre) #453555 [since FEDORA-2008-6111] CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025] -CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460125 +CVE-2008-2370 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] CVE-2008-2364 fixed (httpd, fixed 2.2.9) #454423 [since FEDORA-2008-6314] CVE-2008-2363 VULNERABLE (pan) #449333 CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] @@ -209,7 +261,7 @@ CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] -CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460125 +CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8] CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only @@ -334,7 +386,7 @@ CVE-2008-1233 version (firefox, fixed 2.0.0.13) CVE-2008-1233 version (seamonkey, fixed 1.1.9) CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] -CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460125 +CVE-2008-1232 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] **CVE-2008-1227 fixed (libsilc) We updated this as non-security CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2464] not in default config @@ -470,7 +522,7 @@ CVE-2008-0172 fixed (boost) #428975 [since FEDORA-2008-0754] CVE-2008-0171 fixed (boost) #428975 [since FEDORA-2008-0754] CVE-2008-0166 ignore (openssl) Debian specific -CVE-2008-0128 VULNERABLE (tomcat5) #429904 +CVE-2008-0128 version (tomcat5, fixed 5.5.21) #429904 [since tomcat5-5.5.23-9jpp.4.fc8] CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] @@ -480,6 +532,8 @@ CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901] CVE-2008-0047 fixed (cups) #440040 [since FEDORA-2008-2131] +CVE-2008-0016 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] +CVE-2008-0016 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.223 retrieving revision 1.224 diff -u -r1.223 -r1.224 --- f9 12 Sep 2008 19:00:33 -0000 1.223 +++ f9 30 Sep 2008 12:51:46 -0000 1.224 @@ -5,11 +5,52 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 +CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] +CVE-2008-4242 VULNERABLE (proftpd) #464129 +CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8379] +CVE-2008-4190 VULNERABLE (openswan) +CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872 +CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462872 +CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific +CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix +CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw +CVE-2008-4106 fixed (wordpress, fixed 2.6.2) [since FEDORA-2008-7902] +CVE-2008-4100 VULNERABLE (adns) #462753 upstream design decision +CVE-2008-4099 VULNERABLE (python-pydns, fixed 2.3.2) #462766 +CVE-2008-4096 fixed (phpMyAdmin, fixed 2.11.9.1) [since FEDORA-2008-8370] +CVE-2008-4094 fixed (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8322] +CVE-2008-4070 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-4069 ignore (firefox) ff2 only +CVE-2008-4069 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-4068 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] +CVE-2008-4068 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-4067 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] +CVE-2008-4067 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-4066 ignore (firefox) ff2 only +CVE-2008-4066 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-4065 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] +CVE-2008-4065 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-4064 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] +CVE-2008-4064 ignore (seamonkey) ff only +CVE-2008-4063 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] +CVE-2008-4063 ignore (seamonkey) ff only +CVE-2008-4062 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] +CVE-2008-4062 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-4061 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] +CVE-2008-4061 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-4060 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] +CVE-2008-4060 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-4059 ignore (firefox) ff2 only +CVE-2008-4059 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-4058 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] +CVE-2008-4058 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6) CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976] CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830] CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected CVE-2008-3962 VULNERABLE (ssmtp) +CVE-2008-3949 VULNERABLE (emacs, fixed 22.3) CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] @@ -17,9 +58,16 @@ CVE-2008-3928 ignore (honeyd) affected script not shipped CVE-2008-3927 VULNERABLE (tiger) CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7830] +CVE-2008-3916 VULNERABLE (ed, fixed 1.0) CVE-2008-3906 VULNERABLE (mono) #461754 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 +CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] +CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] +CVE-2008-3836 ignore (firefox) ff2 only +CVE-2008-3836 ignore (seamonkey) ff only +CVE-2008-3835 ignore (firefox) ff2 only +CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] @@ -35,6 +83,9 @@ CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663] CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739] +CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 +CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872 +CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] @@ -83,6 +134,7 @@ CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] +CVE-2008-3102 VULNERABLE (mantis) #464136 CVE-2008-3067 version (sudo, fixed 1.6.9p12) CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5676] PMASA-2008-4 CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018] @@ -90,11 +142,11 @@ CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062] CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833] CVE-2008-2950 fixed (poppler) #454289 [since FEDORA-2008-7012] -CVE-2008-2942 VULNERABLE (mercurial) +CVE-2008-2942 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] CVE-2008-2941 ignore (hplip) #458990 not run as service CVE-2008-2940 ignore (hplip) #458990 not run as service CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] -CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460126 +CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] CVE-2008-2937 VULNERABLE (postfix) #459100 CVE-2008-2936 VULNERABLE (postfix) #459100 CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062] @@ -168,7 +220,7 @@ CVE-2008-2371 fixed (pcre) #453556 [since FEDORA-2008-6110] CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048] CVE-2008-2370 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] -CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460126 +CVE-2008-2370 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] CVE-2008-2364 fixed (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393] CVE-2008-2363 VULNERABLE (pan) #449334 CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] @@ -213,7 +265,7 @@ CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] CVE-2008-1947 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] -CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460126 +CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] CVE-2008-1944 version (xen, fixed 3.2) CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9] CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] @@ -337,7 +389,7 @@ CVE-2008-1233 version (seamonkey, fixed 1.1.9) CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] CVE-2008-1232 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] -CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460126 +CVE-2008-1232 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] **CVE-2008-1227 fixed (libsilc) We updated this as non-security CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config @@ -482,6 +534,8 @@ CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9] CVE-2008-0047 backport (cups) #440041 [since cups-1.3.6-9.fc9] +CVE-2008-0016 ignore (firefox) ff2 only +CVE-2008-0016 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9] CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]