[Fedora-security-commits] fedora-security/audit f10, 1.12, 1.13 f8, 1.230, 1.231 f9, 1.220, 1.221

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Tue Sep 9 14:46:07 UTC 2008 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19395/audit

Modified Files:
	f10 f8 f9 
Log Message:
i should remember to commit this more often



Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- f10	25 Jul 2008 15:29:25 -0000	1.12
+++ f10	9 Sep 2008 14:45:36 -0000	1.13
@@ -4,9 +4,40 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
 
+CVE-2008-3964 VULNERABLE (libpng, fixed 1.2.32beta01) #461620 
+CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) 
+CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) 
+CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) 
+CVE-2008-3931 backport (R) [since R-2.7.2-1.fc10] 
+CVE-2008-3928 ignore (honeyd) affected script not shipped
+CVE-2008-3927 VULNERABLE (tiger) 
+CVE-2008-3920 version (bitlbee, fixed 1.2.2) [since bitlbee-1.2.2-1.fc10] 
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101 
+CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] 
+CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) 
+CVE-2008-3747 version (wordpress, fixed 2.6.1) [since wordpress-2.6.1-1.fc10] 
+CVE-2008-3746 version (neon, fixed 0.28.3) [since neon-0.28.3-2]
+CVE-2008-3714 VULNERABLE (awstats) #459743 
+CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected
+CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10] 
+CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
+CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3) 
+CVE-2008-3424 version (condor, fixed 7.0.4) #457896 [since condor-7.0.4-1.fc10]
+CVE-2008-3422 VULNERABLE (mono) 
+CVE-2008-3381 VULNERABLE (moin) #457364 
+CVE-2008-3333 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10] 
+CVE-2008-3332 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10] 
+CVE-2008-3331 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10] 
+CVE-2008-3330 version (horde, fixed 3.2.1) [since horde-3.2.1-1.fc10] 
+CVE-2008-3328 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10] 
+CVE-2008-3327 ignore (moodle) webroot disclosure
+CVE-2008-3326 version (moodle) 1.8.x+ not affected
+CVE-2008-3325 version (moodle) 1.8.x+ not affected
 CVE-2008-3294 ignore (vim) build-time tmp file usage
-CVE-2008-3264 ignore (asterisk) AST-2008-011 - 1.6.x not affected
-CVE-2008-3263 ignore (asterisk) AST-2008-010 - 1.6.x not affected
+CVE-2008-3282 VULNERABLE (openoffice.org) 
+CVE-2008-3281 VULNERABLE (libxml2) #459714 
+CVE-2008-3264 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-011
+CVE-2008-3263 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-010
 CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
 CVE-2008-3252 backport (newsx) [since newsx-1.6-9.fc10] 
 CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
@@ -22,6 +53,7 @@
 CVE-2008-3198 VULNERABLE (firefox, fixed 3.0.1) 
 CVE-2008-3197 version (phpMyAdmin, fixed 2.11.7.1) [since phpMyAdmin-2.11.7.1-1.fc10] 
 CVE-2008-3196 backport (byacc) [since byacc-1.9.20070509-4.fc10] 
+CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) 
 CVE-2008-3145 version (wireshark, fixed 1.0.2) [since wireshark-1.0.2-1.fc10] 
 CVE-2008-3141 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] 
 CVE-2008-3140 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] 
@@ -33,8 +65,16 @@
 CVE-2008-2954 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
 CVE-2008-2953 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
 CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10]
+CVE-2008-2951 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10] 
 CVE-2008-2950 VULNERABLE (poppler) #454290 
 CVE-2008-2942 VULNERABLE (mercurial) 
+CVE-2008-2941 VULNERABLE (hplip) #458991 
+CVE-2008-2940 VULNERABLE (hplip) #458991 
+CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460132 
+CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127 
+CVE-2008-2937 VULNERABLE (postfix) #459101 
+CVE-2008-2936 backport (postfix) #459101 [since postfix-2.5.1-4.fc10]
+CVE-2008-2935 VULNERABLE (libxslt) 
 CVE-2008-2933 VULNERABLE (firefox, fixed 3.0.1) 
 CVE-2008-2841 ignore (xchat) windows-only, IE bug
 CVE-2008-2827 backport (perl) #452642 [since perl-5.10.0-28.fc10]
@@ -100,6 +140,8 @@
 CVE-2008-2374 version (bluez-libs, fixed 3.34) #452822 [since bluez-libs-3.34-1.fc10]
 CVE-2008-2371 backport (pcre) #453557 [since pcre-7.3-4.fc10]
 CVE-2008-2371 version (glib2) #453561 [since glib2-2.17.3-1.fc10]
+CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460132 
+CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460127 
 CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #447312 
 CVE-2008-2363 VULNERABLE (pan) #449335 
 CVE-2008-2362 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
@@ -107,6 +149,7 @@
 CVE-2008-2360 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
 CVE-2008-2359 ignore (system-config-network) F8 specific issue
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
+CVE-2008-2327 backport (libtiff) [since libtiff-3.8.2-11.fc10] 
 CVE-2008-2310 ignore (binutils) blocked by fortify_source
 CVE-2008-2307 version (WebKit, fixed svn34204) [since WebKit-1.0.0-0.11.svn34279.fc10] 
 CVE-2008-2302 version (Django, fixed 0.96.2) #447260 [since Django-0.96.2-1.fc10]
@@ -128,8 +171,8 @@
 CVE-2008-1950 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
 CVE-2008-1949 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
 CVE-2008-1948 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) 
-CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.17) 
+CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460132 
+CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460127 
 CVE-2008-1944 version (xen, fixed 3.2) 
 CVE-2008-1943 backport (xen) [since xen-3.2.0-11.fc10]
 CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10]
@@ -162,7 +205,10 @@
 CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10] 
 CVE-2008-1379 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
 CVE-2008-1377 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
+CVE-2008-1376 ignore (nfs-utils) using tcp wrappers
 CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9]
+CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460132 
+CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460127 
 CVE-2008-1109 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
 CVE-2008-1108 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
 CVE-2008-1105 version (samba, fixed 3.0.30) [since samba-3.2.0-1.rc2.16.fc10]


Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.230
retrieving revision 1.231
diff -u -r1.230 -r1.231
--- f8	25 Jul 2008 15:29:25 -0000	1.230
+++ f8	9 Sep 2008 14:45:36 -0000	1.231
@@ -6,7 +6,36 @@
 
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
+CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
+CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461254 
+CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461254 
+CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461254 
+CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc8] 
+CVE-2008-3928 ignore (honeyd) affected script not shipped
+CVE-2008-3927 VULNERABLE (tiger) 
+CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc8] 
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 
+CVE-2008-3789 ignore (samba, fixed 3.2.3) 3.2.x only
+CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1) 
+CVE-2008-3746 ignore (neon, fixed 0.28.3) 0.28.x only
+CVE-2008-3714 VULNERABLE (awstats) #459741 
+CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc8] 
+CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
+CVE-2008-3533 VULNERABLE (yelp, fixed 2.24) #459502 
+CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3) 
+CVE-2008-3422 VULNERABLE (mono) 
+CVE-2008-3381 ignore (moin) not affected
+CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657] 
+CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657] 
+CVE-2008-3331 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657] 
+CVE-2008-3330 fixed (horde, fixed 3.2.1) [since FEDORA-2008-5691] 
+CVE-2008-3328 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830] 
+CVE-2008-3327 ignore (moodle) webroot disclosure
+CVE-2008-3326 version (moodle) 1.8.x+ not affected
+CVE-2008-3325 version (moodle) 1.8.x+ not affected
 CVE-2008-3294 ignore (vim) build-time tmp file usage
+CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.3.0-6.16.fc8] 
+CVE-2008-3281 VULNERABLE (libxml2) #459712 
 CVE-2008-3264 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-011
 CVE-2008-3263 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-010
 CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
@@ -23,6 +52,7 @@
 CVE-2008-3215 fixed (clamav, fixed 0.93.3) [since FEDORA-2008-6422] 
 CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6450] 
 CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6429] 
+CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461254 
 CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] 
 CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6645] 
 CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] 
@@ -34,47 +64,54 @@
 CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] 
 CVE-2008-2953 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] 
 CVE-2008-2952 fixed (openldap) #453726 [since FEDORA-2008-6029] 
-CVE-2008-2950 VULNERABLE (poppler) #454288 
+CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830] 
+CVE-2008-2950 fixed (poppler) #454288 [since FEDORA-2008-7104] 
 CVE-2008-2942 VULNERABLE (mercurial) 
+CVE-2008-2941 VULNERABLE (hplip) #458989 
+CVE-2008-2940 VULNERABLE (hplip) #458989 
+CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460125 
+CVE-2008-2937 VULNERABLE (postfix) #459099 
+CVE-2008-2936 VULNERABLE (postfix) #459099 
+CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029] 
 CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] 
 CVE-2008-2841 ignore (xchat) windows-only, IE bug
 CVE-2008-2827 ignore (perl) perl 5.10 only
 CVE-2008-2811 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2811 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
-CVE-2008-2811 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
+CVE-2008-2811 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2810 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2810 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
 CVE-2008-2809 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2809 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
-CVE-2008-2809 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
+CVE-2008-2809 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2808 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2808 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
 CVE-2008-2807 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2807 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
-CVE-2008-2807 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
+CVE-2008-2807 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2806 ignore (firefox, fixed 2.0.0.15) Mac OS X specific
 CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
 CVE-2008-2805 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2805 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
 CVE-2008-2803 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2803 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
-CVE-2008-2803 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
+CVE-2008-2803 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2802 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2802 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
-CVE-2008-2802 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
+CVE-2008-2802 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2801 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2801 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
 CVE-2008-2800 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2800 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
 CVE-2008-2799 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2799 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
-CVE-2008-2799 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
+CVE-2008-2799 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2798 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127] 
 CVE-2008-2798 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196] 
-CVE-2008-2798 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
+CVE-2008-2798 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2785 fixed (seamonkey, fixed 1.1.11) [since FEDORA-2008-6517] 
 CVE-2008-2785 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] 
-CVE-2008-2785 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
+CVE-2008-2785 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706] 
 CVE-2008-2783 VULNERABLE (kronolith) 
 CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
@@ -102,13 +139,15 @@
 CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140] 
 CVE-2008-2371 fixed (pcre) #453555 [since FEDORA-2008-6111] 
 CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025] 
-CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #454423 [since FEDORA-2008-6314] 
+CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460125 
+CVE-2008-2364 fixed (httpd, fixed 2.2.9) #454423 [since FEDORA-2008-6314] 
 CVE-2008-2363 VULNERABLE (pan) #449333 
 CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-2361 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-2360 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633] 
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
+CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc8] 
 CVE-2008-2310 ignore (binutils) blocked by fortify_source
 CVE-2008-2307 fixed (WebKit, fixed svn34204) #454094 [since FEDORA-2008-6220] 
 CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248] 
@@ -143,7 +182,7 @@
 CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] 
 CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] 
 CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] 
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) 
+CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460125 
 CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8]
 CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8]
 CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
@@ -230,6 +269,7 @@
 CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] 
 CVE-2008-1379 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-1377 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
+CVE-2008-1376 ignore (nfs-utils) using tcp wrappers
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] 
 CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] 
@@ -267,6 +307,7 @@
 CVE-2008-1233 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1233 version (seamonkey, fixed 1.1.9) 
 CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] 
+CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460125 
 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
 CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected
 CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2464] not in default config


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.220
retrieving revision 1.221
diff -u -r1.220 -r1.221
--- f9	25 Jul 2008 15:29:25 -0000	1.220
+++ f9	9 Sep 2008 14:45:36 -0000	1.221
@@ -5,9 +5,40 @@
 # (mozilla) = (gecko-libs dependent stuff)
 
 rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
+CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461255 
+CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461255 
+CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461255 
+CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc9] 
+CVE-2008-3928 ignore (honeyd) affected script not shipped
+CVE-2008-3927 VULNERABLE (tiger) 
+CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc9] 
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 
+CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] 
+CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) [since samba-3.2.3-0.20.fc9] 
+CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1) 
+CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415 
+CVE-2008-3714 VULNERABLE (awstats) #459742 
+CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc9] 
+CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
+CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
+CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3) 
+CVE-2008-3424 fixed (condor, fixed 7.0.4) #457895 [since FEDORA-2008-7205] 
+CVE-2008-3422 VULNERABLE (mono) 
+CVE-2008-3381 VULNERABLE (moin) #457363 
+CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647] 
+CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647] 
+CVE-2008-3331 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647] 
+CVE-2008-3330 fixed (horde, fixed 3.2.1) [since FEDORA-2008-5683] 
+CVE-2008-3328 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833] 
+CVE-2008-3327 ignore (moodle) webroot disclosure
+CVE-2008-3326 version (moodle) 1.8.x+ not affected
+CVE-2008-3325 version (moodle) 1.8.x+ not affected
 CVE-2008-3294 ignore (vim) build-time tmp file usage
-CVE-2008-3264 ignore (asterisk) AST-2008-011 - 1.6.x not affected
-CVE-2008-3263 ignore (asterisk) AST-2008-010 - 1.6.x not affected
+CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.4.1-17.6.fc9] 
+CVE-2008-3281 VULNERABLE (libxml2) #459713 
+CVE-2008-3264 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-011
+CVE-2008-3263 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-010
 CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
 CVE-2008-3252 fixed (newsx) [since FEDORA-2008-6321] 
 CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
@@ -23,6 +54,7 @@
 CVE-2008-3198 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] 
 CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6502] 
 CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6414] 
+CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461255 
 CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] 
 CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6440] 
 CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] 
@@ -34,47 +66,55 @@
 CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018] 
 CVE-2008-2953 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018] 
 CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062] 
-CVE-2008-2950 VULNERABLE (poppler) #454289 
+CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833] 
+CVE-2008-2950 VULNERABLE (poppler) #454289 [since FEDORA-2008-7012] 
 CVE-2008-2942 VULNERABLE (mercurial) 
+CVE-2008-2941 VULNERABLE (hplip) #458990 
+CVE-2008-2940 VULNERABLE (hplip) #458990 
+CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460131 
+CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460126 
+CVE-2008-2937 VULNERABLE (postfix) #459100 
+CVE-2008-2936 VULNERABLE (postfix) #459100 
+CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062] 
 CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] 
 CVE-2008-2841 ignore (xchat) windows-only, IE bug
 CVE-2008-2827 fixed (perl) #452641 [since FEDORA-2008-5739] 
 CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2811 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
-CVE-2008-2811 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
+CVE-2008-2811 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2810 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2810 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
 CVE-2008-2809 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2809 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
-CVE-2008-2809 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
+CVE-2008-2809 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2808 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2808 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
 CVE-2008-2807 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2807 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
-CVE-2008-2807 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
+CVE-2008-2807 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2806 ignore (firefox, fixed 3.0) Mac OS X specific
 CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
 CVE-2008-2805 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2805 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
 CVE-2008-2803 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2803 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
-CVE-2008-2803 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
+CVE-2008-2803 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2802 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2802 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
-CVE-2008-2802 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
+CVE-2008-2802 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2801 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2801 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
 CVE-2008-2800 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2800 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
 CVE-2008-2799 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2799 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
-CVE-2008-2799 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
+CVE-2008-2799 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2798 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
 CVE-2008-2798 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193] 
-CVE-2008-2798 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
+CVE-2008-2798 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2785 fixed (seamonkey, fixed 1.1.11) [since FEDORA-2008-6519] 
 CVE-2008-2785 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] 
-CVE-2008-2785 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
+CVE-2008-2785 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737] 
 CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
 CVE-2008-2726 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 [since FEDORA-2008-5664] 
@@ -101,13 +141,16 @@
 CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452821 [since FEDORA-2008-6133] 
 CVE-2008-2371 fixed (pcre) #453556 [since FEDORA-2008-6110] 
 CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048] 
-CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393] 
+CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460131 
+CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460126 
+CVE-2008-2364 fixed (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393] 
 CVE-2008-2363 VULNERABLE (pan) #449334 
 CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-2361 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-2360 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-2359 ignore (system-config-network) F8 specific issue
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
+CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc9] 
 CVE-2008-2310 ignore (binutils) blocked by fortify_source
 CVE-2008-2307 fixed (WebKit, fixed svn34204) #454095 [since FEDORA-2008-6186] 
 CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267] 
@@ -142,8 +185,8 @@
 CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] 
 CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] 
 CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] 
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) 
-CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.17) 
+CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460131 
+CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460126 
 CVE-2008-1944 version (xen, fixed 3.2) 
 CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
 CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] 
@@ -186,7 +229,7 @@
 CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
 CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9]
 CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3]
-CVE-2008-1678 VULNERABLE (httpd) #447311 [since FEDORA-2008-6393] only affects systems with openssl >= 0.9.8e
+CVE-2008-1678 fixed (httpd) #447311 [since FEDORA-2008-6393] only affects systems with openssl >= 0.9.8e
 CVE-2008-1677 version (fedora-ds-base, fixed 1.1.1) #445810 [since FEDORA-2008-4884]
 CVE-2008-1672 fixed (openssl, fixed 0.9.8h) #448690 [since FEDORA-2008-4723] 
 CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped
@@ -231,6 +274,7 @@
 CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
 CVE-2008-1379 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-1377 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
+CVE-2008-1376 ignore (nfs-utils) using tcp wrappers
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9]
 CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
@@ -265,6 +309,8 @@
 CVE-2008-1233 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1233 version (seamonkey, fixed 1.1.9) 
 CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
+CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460131 
+CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460126 
 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
 CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected
 CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config

More information about the Fedora-security-commits mailing list