[Fedora-security-commits] fedora-security/audit f10, 1.13, 1.14 f8, 1.231, 1.232 f9, 1.221, 1.222
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Thu Sep 11 15:16:02 UTC 2008
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f10, 1.12, 1.13 f8, 1.230, 1.231 f9, 1.220, 1.221
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f10, 1.14, 1.15 f8, 1.232, 1.233 f9, 1.222, 1.223
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5579/audit
Modified Files:
f10 f8 f9
Log Message:
large pile of updates
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- f10 9 Sep 2008 14:45:36 -0000 1.13
+++ f10 11 Sep 2008 15:15:31 -0000 1.14
@@ -4,26 +4,43 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
-CVE-2008-3964 VULNERABLE (libpng, fixed 1.2.32beta01) #461620
-CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3)
-CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3)
-CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3)
+CVE-2008-3972 version (opensc, fixed 0.11.6) [since opensc-0.11.6-1.fc10]
+CVE-2008-3970 version (pam_mount, fixed 0.47) [since pam_mount-0.47-1.fc10]
+CVE-2008-3969 version (bitlbee, fixed 1.2.3) [since bitlbee-1.2.3-1.fc10]
+CVE-2008-3964 backport (libpng, fixed 1.2.32beta01) #461620 [since libpng-1.2.31-2.fc10]
+CVE-2008-3934 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
+CVE-2008-3933 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
+CVE-2008-3932 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
CVE-2008-3931 backport (R) [since R-2.7.2-1.fc10]
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
CVE-2008-3920 version (bitlbee, fixed 1.2.2) [since bitlbee-1.2.2-1.fc10]
+CVE-2008-3906 VULNERABLE (mono) #461755
+CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10]
+CVE-2008-3790 VULNERABLE (ruby)
CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3)
CVE-2008-3747 version (wordpress, fixed 2.6.1) [since wordpress-2.6.1-1.fc10]
CVE-2008-3746 version (neon, fixed 0.28.3) [since neon-0.28.3-2]
-CVE-2008-3714 VULNERABLE (awstats) #459743
+CVE-2008-3745 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3744 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3743 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3742 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3741 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3740 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3714 backport (awstats) #459743 [since awstats-6.8-2.fc10]
CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected
+CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
+CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
+CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10]
CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
-CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3)
+CVE-2008-3529 version (libxml2, fixed 2.7.0) [since libxml2-2.7.1-1.fc10]
+CVE-2008-3443 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
+CVE-2008-3429 version (httrack, fixed 3.42-3) [since httrack-3.42.93-1.fc10]
CVE-2008-3424 version (condor, fixed 7.0.4) #457896 [since condor-7.0.4-1.fc10]
-CVE-2008-3422 VULNERABLE (mono)
+CVE-2008-3422 version (mono) [since mono-2.0-4.fc10]
CVE-2008-3381 VULNERABLE (moin) #457364
CVE-2008-3333 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10]
CVE-2008-3332 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10]
@@ -35,13 +52,14 @@
CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
CVE-2008-3282 VULNERABLE (openoffice.org)
-CVE-2008-3281 VULNERABLE (libxml2) #459714
+CVE-2008-3281 version (libxml2) #459714 [since libxml2-2.7.0-1.fc10]
+CVE-2008-3274 backport (ipa) [since ipa-1.1.0-3.fc10]
CVE-2008-3264 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-011
CVE-2008-3263 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-010
CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
CVE-2008-3252 backport (newsx) [since newsx-1.6-9.fc10]
CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
-CVE-2008-3231 VULNERABLE (xine-lib)
+CVE-2008-3231 version (xine-lib) [since xine-lib-1.1.15-1.fc10.1]
CVE-2008-3223 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10]
CVE-2008-3222 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10]
CVE-2008-3221 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10]
@@ -50,10 +68,10 @@
CVE-2008-3218 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10]
CVE-2008-3217 version (pdns-recursor, fixed 3.1.6) [since pdns-recursor-3.1.6-1.fc10]
CVE-2008-3215 version (clamav, fixed 0.93.3) [since clamav-0.93.3-1.fc10]
-CVE-2008-3198 VULNERABLE (firefox, fixed 3.0.1)
+CVE-2008-3198 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10]
CVE-2008-3197 version (phpMyAdmin, fixed 2.11.7.1) [since phpMyAdmin-2.11.7.1-1.fc10]
CVE-2008-3196 backport (byacc) [since byacc-1.9.20070509-4.fc10]
-CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3)
+CVE-2008-3146 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
CVE-2008-3145 version (wireshark, fixed 1.0.2) [since wireshark-1.0.2-1.fc10]
CVE-2008-3141 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
CVE-2008-3140 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
@@ -66,53 +84,56 @@
CVE-2008-2953 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10]
CVE-2008-2951 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10]
-CVE-2008-2950 VULNERABLE (poppler) #454290
+CVE-2008-2950 version (poppler, fixed 0.8.5) #454290 [since poppler-0.8.5-1.fc10]
CVE-2008-2942 VULNERABLE (mercurial)
-CVE-2008-2941 VULNERABLE (hplip) #458991
-CVE-2008-2940 VULNERABLE (hplip) #458991
-CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-2941 ignore (hplip) #458991 not run as service
+CVE-2008-2940 ignore (hplip) #458991 not run as service
+CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127
CVE-2008-2937 VULNERABLE (postfix) #459101
CVE-2008-2936 backport (postfix) #459101 [since postfix-2.5.1-4.fc10]
CVE-2008-2935 VULNERABLE (libxslt)
-CVE-2008-2933 VULNERABLE (firefox, fixed 3.0.1)
+CVE-2008-2933 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10]
+CVE-2008-2932 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10]
+CVE-2008-2929 version (adminutil, fixed 1.1.6) [since adminutil-1.1.6-1.fc10]
+CVE-2008-2928 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10]
CVE-2008-2841 ignore (xchat) windows-only, IE bug
CVE-2008-2827 backport (perl) #452642 [since perl-5.10.0-28.fc10]
CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2811 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2811 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2811 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2810 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2810 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2810 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2809 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2809 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2809 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2809 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2808 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2808 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2808 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2807 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2807 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2807 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2807 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2806 ignore (firefox, fixed 3.0) Mac OS X specific
CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
CVE-2008-2805 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2805 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2805 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2803 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2803 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2803 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2803 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2802 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2802 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2802 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2802 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2801 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2801 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2801 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2800 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2800 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2800 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2799 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2799 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2799 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2799 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2798 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2798 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2798 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2798 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
-CVE-2008-2785 VULNERABLE (seamonkey, fixed 1.1.11)
-CVE-2008-2785 VULNERABLE (firefox, fixed 3.0.1)
+CVE-2008-2785 version (seamonkey, fixed 1.1.11) [since seamonkey-1.1.11-1.fc9]
+CVE-2008-2785 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10]
CVE-2008-2785 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
@@ -126,7 +147,7 @@
CVE-2008-2719 version (nasm, fixed 2.03.01) [since nasm-2.03.01-1.fc10]
CVE-2008-2713 version (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc10]
CVE-2008-2711 backport (fetchmail, fixed 6.3.9) #452959 crash only in verbose mode [since fetchmail-6.3.8-7.fc10]
-CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17)
+CVE-2008-2696 version (exiv2, fixed 0.17) [since exiv2-0.17.1-1.fc10]
CVE-2008-2664 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
CVE-2008-2663 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
CVE-2008-2662 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
@@ -140,9 +161,9 @@
CVE-2008-2374 version (bluez-libs, fixed 3.34) #452822 [since bluez-libs-3.34-1.fc10]
CVE-2008-2371 backport (pcre) #453557 [since pcre-7.3-4.fc10]
CVE-2008-2371 version (glib2) #453561 [since glib2-2.17.3-1.fc10]
-CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-2370 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460127
-CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #447312
+CVE-2008-2364 version (httpd, fixed 2.2.9) #447312 [since httpd-2.2.9-2]
CVE-2008-2363 VULNERABLE (pan) #449335
CVE-2008-2362 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
CVE-2008-2361 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
@@ -156,6 +177,7 @@
CVE-2008-2292 backport (net-snmp, fixed 5.4.2.pre1) [since net-snmp-5.4.1-19.fc10]
CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2235 version (opensc, fixed 0.11.5) [since opensc-0.11.6-1.fc10]
CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2152 version (openoffice.org, fixed 2.4.1) [since openoffice.org-3.0.0-0.0.17.1.fc10]
CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
@@ -171,7 +193,7 @@
CVE-2008-1950 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
CVE-2008-1949 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
CVE-2008-1948 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
-CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-1947 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460127
CVE-2008-1944 version (xen, fixed 3.2)
CVE-2008-1943 backport (xen) [since xen-3.2.0-11.fc10]
@@ -188,7 +210,7 @@
CVE-2008-1801 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10]
CVE-2008-1771 version (mt-daapd) [since mt-daapd-0.2.4.2-2.fc10]
CVE-2008-1767 version (libxslt, fixed 1.1.24) [since libxslt-1.1.24-1.fc10]
-CVE-2008-1678 VULNERABLE (httpd) #447312 only affects systems with openssl >= 0.9.8e
+CVE-2008-1678 version (httpd) #447312 only affects systems with openssl >= 0.9.8e [since httpd-2.2.9-2]
CVE-2008-1677 version (fedora-ds-base, fixed 1.1.1) #445810 [since fedora-ds-base-1.1.1-1.fc10]
CVE-2008-1672 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10]
CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10]
@@ -207,7 +229,7 @@
CVE-2008-1377 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
CVE-2008-1376 ignore (nfs-utils) using tcp wrappers
CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9]
-CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-1232 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460127
CVE-2008-1109 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
CVE-2008-1108 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.231
retrieving revision 1.232
diff -u -r1.231 -r1.232
--- f8 9 Sep 2008 14:45:36 -0000 1.231
+++ f8 11 Sep 2008 15:15:32 -0000 1.232
@@ -6,24 +6,41 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6)
+CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7973]
+CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7761]
CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
-CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461254
-CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461254
-CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461254
-CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc8]
+CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
+CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
+CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
+CVE-2008-3931 fixed (R) [since FEDORA-2008-7619]
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
-CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc8]
+CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7761]
+CVE-2008-3906 VULNERABLE (mono) #461753
+CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099
+CVE-2008-3790 VULNERABLE (ruby)
CVE-2008-3789 ignore (samba, fixed 3.2.3) 3.2.x only
-CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1)
+CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7463]
CVE-2008-3746 ignore (neon, fixed 0.28.3) 0.28.x only
-CVE-2008-3714 VULNERABLE (awstats) #459741
-CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc8]
+CVE-2008-3745 ignore (drupal) 6.x only
+CVE-2008-3744 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467]
+CVE-2008-3743 ignore (drupal) 6.x only
+CVE-2008-3742 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467]
+CVE-2008-3741 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467]
+CVE-2008-3740 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467]
+CVE-2008-3714 fixed (awstats) #459741 [since FEDORA-2008-7684]
+CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719]
+CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
+CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
+CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
-CVE-2008-3533 VULNERABLE (yelp, fixed 2.24) #459502
-CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3)
-CVE-2008-3422 VULNERABLE (mono)
+CVE-2008-3533 fixed (yelp, fixed 2.24) #459502 [since FEDORA-2008-7293]
+CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7666]
+CVE-2008-3443 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
+CVE-2008-3429 fixed (httrack, fixed 3.42-3) [since FEDORA-2008-7896]
+CVE-2008-3422 VULNERABLE (mono) #461753
CVE-2008-3381 ignore (moin) not affected
CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657]
CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657]
@@ -34,14 +51,15 @@
CVE-2008-3326 version (moodle) 1.8.x+ not affected
CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
-CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.3.0-6.16.fc8]
-CVE-2008-3281 VULNERABLE (libxml2) #459712
+CVE-2008-3282 fixed (openoffice.org) [since FEDORA-2008-7531]
+CVE-2008-3281 fixed (libxml2) #459712 [since FEDORA-2008-7724]
+CVE-2008-3274 VULNERABLE (ipa) [since ipa-1.1.0-4.fc8]
CVE-2008-3264 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-011
CVE-2008-3263 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-010
CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
CVE-2008-3252 fixed (newsx) [since FEDORA-2008-6319]
CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
-CVE-2008-3231 VULNERABLE (xine-lib)
+CVE-2008-3231 fixed (xine-lib) [since FEDORA-2008-7572]
CVE-2008-3223 ignore (drupal) 6.x only
CVE-2008-3222 fixed (drupal, fixed 5.8) [since FEDORA-2008-6411]
CVE-2008-3221 ignore (drupal) 6.x only
@@ -52,7 +70,7 @@
CVE-2008-3215 fixed (clamav, fixed 0.93.3) [since FEDORA-2008-6422]
CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6450]
CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6429]
-CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461254
+CVE-2008-3146 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6645]
CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
@@ -67,13 +85,16 @@
CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830]
CVE-2008-2950 fixed (poppler) #454288 [since FEDORA-2008-7104]
CVE-2008-2942 VULNERABLE (mercurial)
-CVE-2008-2941 VULNERABLE (hplip) #458989
-CVE-2008-2940 VULNERABLE (hplip) #458989
+CVE-2008-2941 ignore (hplip) #458989 not run as service
+CVE-2008-2940 ignore (hplip) #458989 not run as service
CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460125
CVE-2008-2937 VULNERABLE (postfix) #459099
CVE-2008-2936 VULNERABLE (postfix) #459099
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029]
CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491]
+CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642]
+CVE-2008-2929 fixed (adminutil, fixed 1.1.6) [since FEDORA-2008-7642]
+CVE-2008-2928 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642]
CVE-2008-2841 ignore (xchat) windows-only, IE bug
CVE-2008-2827 ignore (perl) perl 5.10 only
CVE-2008-2811 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
@@ -147,13 +168,14 @@
CVE-2008-2360 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633]
CVE-2008-2357 fixed (mtr, fixed 0.73)
-CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc8]
+CVE-2008-2327 fixed (libtiff) [since FEDORA-2008-7388]
CVE-2008-2310 ignore (binutils) blocked by fortify_source
CVE-2008-2307 fixed (WebKit, fixed svn34204) #454094 [since FEDORA-2008-6220]
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248]
CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5218]
CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5)
CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) #450650 [since FEDORA-2008-5247]
CVE-2008-2146 version (wordpress, fixed 2.2.3)
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.221
retrieving revision 1.222
diff -u -r1.221 -r1.222
--- f9 9 Sep 2008 14:45:36 -0000 1.221
+++ f9 11 Sep 2008 15:15:32 -0000 1.222
@@ -5,26 +5,43 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6)
+CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976]
+CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830]
CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
-CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461255
-CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461255
-CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461255
-CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc9]
+CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
+CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
+CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
+CVE-2008-3931 fixed (R) [since FEDORA-2008-7670]
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
-CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc9]
+CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7830]
+CVE-2008-3906 VULNERABLE (mono) #461754
+CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9]
-CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) [since samba-3.2.3-0.20.fc9]
-CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1)
-CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415
-CVE-2008-3714 VULNERABLE (awstats) #459742
-CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc9]
+CVE-2008-3790 VULNERABLE (ruby)
+CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243]
+CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7279]
+CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415 [since FEDORA-2008-7661]
+CVE-2008-3745 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3744 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3743 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3742 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3741 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663]
+CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739]
+CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
+CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
+CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
-CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3)
+CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7594]
+CVE-2008-3443 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
+CVE-2008-3429 fixed (httrack, fixed 3.42-3) [since FEDORA-2008-7862]
CVE-2008-3424 fixed (condor, fixed 7.0.4) #457895 [since FEDORA-2008-7205]
-CVE-2008-3422 VULNERABLE (mono)
+CVE-2008-3422 VULNERABLE (mono) #461754
CVE-2008-3381 VULNERABLE (moin) #457363
CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647]
CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647]
@@ -35,14 +52,15 @@
CVE-2008-3326 version (moodle) 1.8.x+ not affected
CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
-CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.4.1-17.6.fc9]
-CVE-2008-3281 VULNERABLE (libxml2) #459713
+CVE-2008-3282 fixed (openoffice.org) [since FEDORA-2008-7680]
+CVE-2008-3281 fixed (libxml2) #459713 [since FEDORA-2008-7395]
+CVE-2008-3274 VULNERABLE (ipa) [since ipa-1.1.0-7.fc9]
CVE-2008-3264 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-011
CVE-2008-3263 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-010
CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
CVE-2008-3252 fixed (newsx) [since FEDORA-2008-6321]
CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
-CVE-2008-3231 VULNERABLE (xine-lib)
+CVE-2008-3231 fixed (xine-lib) [since FEDORA-2008-7512]
CVE-2008-3223 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415]
CVE-2008-3222 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415]
CVE-2008-3221 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415]
@@ -54,7 +72,7 @@
CVE-2008-3198 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518]
CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6502]
CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6414]
-CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461255
+CVE-2008-3146 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6440]
CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
@@ -67,16 +85,19 @@
CVE-2008-2953 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018]
CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062]
CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833]
-CVE-2008-2950 VULNERABLE (poppler) #454289 [since FEDORA-2008-7012]
+CVE-2008-2950 fixed (poppler) #454289 [since FEDORA-2008-7012]
CVE-2008-2942 VULNERABLE (mercurial)
-CVE-2008-2941 VULNERABLE (hplip) #458990
-CVE-2008-2940 VULNERABLE (hplip) #458990
-CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-2941 ignore (hplip) #458990 not run as service
+CVE-2008-2940 ignore (hplip) #458990 not run as service
+CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460126
CVE-2008-2937 VULNERABLE (postfix) #459100
CVE-2008-2936 VULNERABLE (postfix) #459100
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062]
CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518]
+CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339]
+CVE-2008-2929 fixed (adminutil, fixed 1.1.6) [since FEDORA-2008-7339]
+CVE-2008-2928 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339]
CVE-2008-2841 ignore (xchat) windows-only, IE bug
CVE-2008-2827 fixed (perl) #452641 [since FEDORA-2008-5739]
CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
@@ -138,10 +159,10 @@
CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only
CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6033]
CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
-CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452821 [since FEDORA-2008-6133]
+CVE-2008-2374 fixed (bluez-libs, fixed 3.34) #452821 [since FEDORA-2008-6133]
CVE-2008-2371 fixed (pcre) #453556 [since FEDORA-2008-6110]
CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048]
-CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-2370 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460126
CVE-2008-2364 fixed (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393]
CVE-2008-2363 VULNERABLE (pan) #449334
@@ -150,13 +171,14 @@
CVE-2008-2360 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
CVE-2008-2359 ignore (system-config-network) F8 specific issue
CVE-2008-2357 fixed (mtr, fixed 0.73)
-CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc9]
+CVE-2008-2327 fixed (libtiff) [since FEDORA-2008-7370]
CVE-2008-2310 ignore (binutils) blocked by fortify_source
CVE-2008-2307 fixed (WebKit, fixed svn34204) #454095 [since FEDORA-2008-6186]
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267]
CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5215]
CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5)
CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) [since FEDORA-2008-5143]
CVE-2008-2146 version (wordpress, fixed 2.2.3)
@@ -185,7 +207,7 @@
CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
-CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-1947 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460126
CVE-2008-1944 version (xen, fixed 3.2)
CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
@@ -309,7 +331,7 @@
CVE-2008-1233 version (firefox, fixed 2.0.0.13)
CVE-2008-1233 version (seamonkey, fixed 1.1.9)
CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
-CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-1232 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460126
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f10, 1.12, 1.13 f8, 1.230, 1.231 f9, 1.220, 1.221
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f10, 1.14, 1.15 f8, 1.232, 1.233 f9, 1.222, 1.223
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-security-commits
mailing list