[Fedora-security-commits] fedora-security/audit f10, 1.15, 1.16 f8, 1.233, 1.234 f9, 1.223, 1.224

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Tue Sep 30 12:52:16 UTC 2008 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17907/audit

Modified Files:
	f10 f8 f9 
Log Message:
issues from last 2 weeks... i hope i haven't missed many



Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- f10	12 Sep 2008 19:00:33 -0000	1.15
+++ f10	30 Sep 2008 12:51:46 -0000	1.16
@@ -4,11 +4,52 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
 
+CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] 
+CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] 
+CVE-2008-4242 VULNERABLE (proftpd) #464130 
+CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10] 
+CVE-2008-4190 VULNERABLE (openswan) 
+CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462873 
+CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462873 
+CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
+CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
+CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
+CVE-2008-4106 version (wordpress, fixed 2.6.2) [since wordpress-2.6.2-1.fc10] 
+CVE-2008-4100 VULNERABLE (adns) #462754 upstream design decision
+CVE-2008-4099 version (python-pydns, fixed 2.3.2) #462767 [since python-pydns-2.3.3-1.fc10]
+CVE-2008-4096 version (phpMyAdmin, fixed 2.11.9.1) [since phpMyAdmin-2.11.9.1-1.fc10] 
+CVE-2008-4094 version (rubygem-activerecord, fixed 2.1.1) [since rubygem-activerecord-2.1.1-1.fc10] 
+CVE-2008-4070 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-4069 ignore (firefox) ff2 only
+CVE-2008-4069 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-4068 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] 
+CVE-2008-4068 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-4067 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] 
+CVE-2008-4067 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-4066 ignore (firefox) ff2 only
+CVE-2008-4066 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-4065 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] 
+CVE-2008-4065 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-4064 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] 
+CVE-2008-4064 ignore (seamonkey) ff only
+CVE-2008-4063 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] 
+CVE-2008-4063 ignore (seamonkey) ff only
+CVE-2008-4062 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] 
+CVE-2008-4062 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-4061 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] 
+CVE-2008-4061 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-4060 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] 
+CVE-2008-4060 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-4059 ignore (firefox) ff2 only
+CVE-2008-4059 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-4058 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] 
+CVE-2008-4058 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
 CVE-2008-3972 version (opensc, fixed 0.11.6) [since opensc-0.11.6-1.fc10]
 CVE-2008-3970 version (pam_mount, fixed 0.47) [since pam_mount-0.47-1.fc10] 
 CVE-2008-3969 version (bitlbee, fixed 1.2.3) [since bitlbee-1.2.3-1.fc10] 
 CVE-2008-3964 backport (libpng, fixed 1.2.32beta01) #461620 [since libpng-1.2.31-2.fc10]
 CVE-2008-3962 backport (ssmtp) [since ssmtp-2.61-11.6.fc10] 
+CVE-2008-3949 VULNERABLE (emacs, fixed 22.3) 
 CVE-2008-3934 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
 CVE-2008-3933 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
 CVE-2008-3932 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
@@ -16,9 +57,16 @@
 CVE-2008-3928 ignore (honeyd) affected script not shipped
 CVE-2008-3927 VULNERABLE (tiger) 
 CVE-2008-3920 version (bitlbee, fixed 1.2.2) [since bitlbee-1.2.2-1.fc10] 
-CVE-2008-3906 VULNERABLE (mono) #461755 
+CVE-2008-3916 VULNERABLE (ed, fixed 1.0) 
+CVE-2008-3906 version (mono) #461755 [since mono-2.0-6.fc10]
 CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] 
 CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101 
+CVE-2008-3837 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] 
+CVE-2008-3837 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-3836 ignore (firefox) ff2 only
+CVE-2008-3836 ignore (seamonkey) ff only
+CVE-2008-3835 ignore (firefox) ff2 only
+CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
 CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] 
@@ -34,6 +82,9 @@
 CVE-2008-3740 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10] 
 CVE-2008-3714 backport (awstats) #459743 [since awstats-6.8-2.fc10]
 CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected
+CVE-2008-3663 version (squirrelmail, fixed 1.4.16) #464186 [since squirrelmail-1.4.16-1.fc10]
+CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462873 
+CVE-2008-3661 VULNERABLE (drupal) #464165 ignored by upstream
 CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] 
 CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] 
 CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] 
@@ -82,6 +133,7 @@
 CVE-2008-3139 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] 
 CVE-2008-3138 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] 
 CVE-2008-3137 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10] 
+CVE-2008-3102 VULNERABLE (mantis) #464137 
 CVE-2008-3067 version (sudo, fixed 1.6.9p12) 
 CVE-2008-2960 version (phpMyAdmin, fixed 2.11.7) [since phpMyAdmin-2.11.7-1.fc10] PMASA-2008-4
 CVE-2008-2954 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
@@ -89,7 +141,7 @@
 CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10]
 CVE-2008-2951 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10] 
 CVE-2008-2950 version (poppler, fixed 0.8.5) #454290 [since poppler-0.8.5-1.fc10]
-CVE-2008-2942 VULNERABLE (mercurial) 
+CVE-2008-2942 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10]
 CVE-2008-2941 ignore (hplip) #458991 not run as service
 CVE-2008-2940 ignore (hplip) #458991 not run as service
 CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
@@ -249,6 +301,8 @@
 CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10]
 CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
 CVE-2008-0166 ignore (openssl) Debian specific
+CVE-2008-0016 ignore (firefox) ff2 only
+CVE-2008-0016 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
 CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9] 
 CVE-2007-6321 version (roundcubemail) #423301 [since roundcubemail-0.2-0.alpha.fc10]
 CVE-2007-6318 VULNERABLE (wordpress) #426434


Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -r1.233 -r1.234
--- f8	12 Sep 2008 19:00:33 -0000	1.233
+++ f8	30 Sep 2008 12:51:46 -0000	1.234
@@ -6,11 +6,52 @@
 
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
+CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 
+CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632 
+CVE-2008-4242 VULNERABLE (proftpd) #464128 
+CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8423] 
+CVE-2008-4190 VULNERABLE (openswan) 
+CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871 
+CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462871 
+CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
+CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
+CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
+CVE-2008-4106 fixed (wordpress, fixed 2.6.2) [since FEDORA-2008-7760] 
+CVE-2008-4100 VULNERABLE (adns) #462752 upstream design decision
+CVE-2008-4099 VULNERABLE (python-pydns, fixed 2.3.2) #462765 
+CVE-2008-4096 fixed (phpMyAdmin, fixed 2.11.9.1) [since FEDORA-2008-8269] 
+CVE-2008-4094 VULNERABLE (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8282] 
+CVE-2008-4070 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
+CVE-2008-4069 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-4069 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
+CVE-2008-4068 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-4068 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
+CVE-2008-4067 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-4067 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
+CVE-2008-4066 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-4066 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
+CVE-2008-4065 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-4065 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
+CVE-2008-4064 ignore (firefox) ff3 only
+CVE-2008-4064 ignore (seamonkey) ff only
+CVE-2008-4063 ignore (firefox) ff3 only
+CVE-2008-4063 ignore (seamonkey) ff only
+CVE-2008-4062 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-4062 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
+CVE-2008-4061 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-4061 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
+CVE-2008-4060 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-4060 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
+CVE-2008-4059 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-4059 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
+CVE-2008-4058 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-4058 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
 CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6) 
 CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7973] 
 CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7761] 
 CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
 CVE-2008-3962 VULNERABLE (ssmtp) 
+CVE-2008-3949 VULNERABLE (emacs, fixed 22.3) 
 CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] 
 CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] 
 CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894] 
@@ -18,9 +59,16 @@
 CVE-2008-3928 ignore (honeyd) affected script not shipped
 CVE-2008-3927 VULNERABLE (tiger) 
 CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7761] 
+CVE-2008-3916 VULNERABLE (ed, fixed 1.0) 
 CVE-2008-3906 VULNERABLE (mono) #461753 
 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] 
 CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 
+CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
+CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-3836 ignore (seamonkey) ff only
+CVE-2008-3835 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
 CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3790 VULNERABLE (ruby) 
@@ -35,6 +83,9 @@
 CVE-2008-3740 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467] 
 CVE-2008-3714 fixed (awstats) #459741 [since FEDORA-2008-7684] 
 CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719] 
+CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464184 
+CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871 
+CVE-2008-3661 VULNERABLE (drupal) #464163 ignored by upstream
 CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] 
 CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] 
 CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] 
@@ -81,6 +132,7 @@
 CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] 
 CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] 
 CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] 
+CVE-2008-3102 VULNERABLE (mantis) #464135 
 CVE-2008-3067 VULNERABLE (sudo, fixed 1.6.9p12) 
 CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5640] PMASA-2008-4
 CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] 
@@ -88,10 +140,10 @@
 CVE-2008-2952 fixed (openldap) #453726 [since FEDORA-2008-6029] 
 CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830] 
 CVE-2008-2950 fixed (poppler) #454288 [since FEDORA-2008-7104] 
-CVE-2008-2942 VULNERABLE (mercurial) 
+CVE-2008-2942 VULNERABLE (mercurial, fixed 1.0.2) #464632
 CVE-2008-2941 ignore (hplip) #458989 not run as service
 CVE-2008-2940 ignore (hplip) #458989 not run as service
-CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460125 
+CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] 
 CVE-2008-2937 VULNERABLE (postfix) #459099 
 CVE-2008-2936 VULNERABLE (postfix) #459099 
 CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029] 
@@ -165,7 +217,7 @@
 CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140] 
 CVE-2008-2371 fixed (pcre) #453555 [since FEDORA-2008-6111] 
 CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025] 
-CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460125 
+CVE-2008-2370 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] 
 CVE-2008-2364 fixed (httpd, fixed 2.2.9) #454423 [since FEDORA-2008-6314] 
 CVE-2008-2363 VULNERABLE (pan) #449333 
 CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
@@ -209,7 +261,7 @@
 CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] 
 CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] 
 CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] 
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460125 
+CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] 
 CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8]
 CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8]
 CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
@@ -334,7 +386,7 @@
 CVE-2008-1233 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1233 version (seamonkey, fixed 1.1.9) 
 CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] 
-CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460125 
+CVE-2008-1232 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] 
 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
 CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected
 CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2464] not in default config
@@ -470,7 +522,7 @@
 CVE-2008-0172 fixed (boost) #428975 [since FEDORA-2008-0754] 
 CVE-2008-0171 fixed (boost) #428975 [since FEDORA-2008-0754] 
 CVE-2008-0166 ignore (openssl) Debian specific
-CVE-2008-0128 VULNERABLE (tomcat5) #429904 
+CVE-2008-0128 version (tomcat5, fixed 5.5.21) #429904 [since tomcat5-5.5.23-9jpp.4.fc8]
 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] 
 CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] 
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
@@ -480,6 +532,8 @@
 CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
 CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901] 
 CVE-2008-0047 fixed (cups) #440040 [since FEDORA-2008-2131] 
+CVE-2008-0016 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
+CVE-2008-0016 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] 
 CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] 
 CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.223
retrieving revision 1.224
diff -u -r1.223 -r1.224
--- f9	12 Sep 2008 19:00:33 -0000	1.223
+++ f9	30 Sep 2008 12:51:46 -0000	1.224
@@ -5,11 +5,52 @@
 # (mozilla) = (gecko-libs dependent stuff)
 
 rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 
+CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] 
+CVE-2008-4242 VULNERABLE (proftpd) #464129 
+CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8379] 
+CVE-2008-4190 VULNERABLE (openswan) 
+CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872 
+CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462872 
+CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
+CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
+CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
+CVE-2008-4106 fixed (wordpress, fixed 2.6.2) [since FEDORA-2008-7902] 
+CVE-2008-4100 VULNERABLE (adns) #462753 upstream design decision
+CVE-2008-4099 VULNERABLE (python-pydns, fixed 2.3.2) #462766 
+CVE-2008-4096 fixed (phpMyAdmin, fixed 2.11.9.1) [since FEDORA-2008-8370] 
+CVE-2008-4094 fixed (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8322] 
+CVE-2008-4070 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
+CVE-2008-4069 ignore (firefox) ff2 only
+CVE-2008-4069 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
+CVE-2008-4068 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] 
+CVE-2008-4068 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
+CVE-2008-4067 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] 
+CVE-2008-4067 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
+CVE-2008-4066 ignore (firefox) ff2 only
+CVE-2008-4066 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
+CVE-2008-4065 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] 
+CVE-2008-4065 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
+CVE-2008-4064 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] 
+CVE-2008-4064 ignore (seamonkey) ff only
+CVE-2008-4063 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] 
+CVE-2008-4063 ignore (seamonkey) ff only
+CVE-2008-4062 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] 
+CVE-2008-4062 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
+CVE-2008-4061 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] 
+CVE-2008-4061 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
+CVE-2008-4060 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] 
+CVE-2008-4060 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
+CVE-2008-4059 ignore (firefox) ff2 only
+CVE-2008-4059 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
+CVE-2008-4058 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] 
+CVE-2008-4058 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
 CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6) 
 CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976] 
 CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830] 
 CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
 CVE-2008-3962 VULNERABLE (ssmtp) 
+CVE-2008-3949 VULNERABLE (emacs, fixed 22.3) 
 CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] 
 CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] 
 CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936] 
@@ -17,9 +58,16 @@
 CVE-2008-3928 ignore (honeyd) affected script not shipped
 CVE-2008-3927 VULNERABLE (tiger) 
 CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7830] 
+CVE-2008-3916 VULNERABLE (ed, fixed 1.0) 
 CVE-2008-3906 VULNERABLE (mono) #461754 
 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] 
 CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 
+CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] 
+CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
+CVE-2008-3836 ignore (firefox) ff2 only
+CVE-2008-3836 ignore (seamonkey) ff only
+CVE-2008-3835 ignore (firefox) ff2 only
+CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
 CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] 
@@ -35,6 +83,9 @@
 CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] 
 CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663] 
 CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739] 
+CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 
+CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872 
+CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream
 CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] 
 CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] 
 CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] 
@@ -83,6 +134,7 @@
 CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] 
 CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] 
 CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] 
+CVE-2008-3102 VULNERABLE (mantis) #464136 
 CVE-2008-3067 version (sudo, fixed 1.6.9p12) 
 CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5676] PMASA-2008-4
 CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018] 
@@ -90,11 +142,11 @@
 CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062] 
 CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833] 
 CVE-2008-2950 fixed (poppler) #454289 [since FEDORA-2008-7012] 
-CVE-2008-2942 VULNERABLE (mercurial) 
+CVE-2008-2942 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] 
 CVE-2008-2941 ignore (hplip) #458990 not run as service
 CVE-2008-2940 ignore (hplip) #458990 not run as service
 CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] 
-CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460126 
+CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] 
 CVE-2008-2937 VULNERABLE (postfix) #459100 
 CVE-2008-2936 VULNERABLE (postfix) #459100 
 CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062] 
@@ -168,7 +220,7 @@
 CVE-2008-2371 fixed (pcre) #453556 [since FEDORA-2008-6110] 
 CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048] 
 CVE-2008-2370 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] 
-CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460126 
+CVE-2008-2370 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] 
 CVE-2008-2364 fixed (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393] 
 CVE-2008-2363 VULNERABLE (pan) #449334 
 CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
@@ -213,7 +265,7 @@
 CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] 
 CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] 
 CVE-2008-1947 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] 
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460126 
+CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] 
 CVE-2008-1944 version (xen, fixed 3.2) 
 CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
 CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] 
@@ -337,7 +389,7 @@
 CVE-2008-1233 version (seamonkey, fixed 1.1.9) 
 CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
 CVE-2008-1232 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] 
-CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460126 
+CVE-2008-1232 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] 
 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
 CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected
 CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config
@@ -482,6 +534,8 @@
 CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] 
 CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9] 
 CVE-2008-0047 backport (cups) #440041 [since cups-1.3.6-9.fc9]
+CVE-2008-0016 ignore (firefox) ff2 only
+CVE-2008-0016 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
 CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9]
 CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
 CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]

More information about the Fedora-security-commits mailing list