From fedora-security-commits at redhat.com Mon Feb 16 08:05:19 2009 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 16 Feb 2009 08:05:19 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.34, 1.35 f11, 1.5, 1.6 f9, 1.244, 1.245 Message-ID: <20090216080519.930A870101@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv640/audit Modified Files: f10 f11 f9 Log Message: pile of updates Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- f10 27 Jan 2009 14:18:01 -0000 1.34 +++ f10 16 Feb 2009 08:04:49 -0000 1.35 @@ -4,16 +4,53 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2009-0547 VULNERABLE (evolution) +CVE-2009-0543 ignore (proftpd) not affected +CVE-2009-0542 VULNERABLE (proftpd) #485130 +CVE-2009-0502 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699] +CVE-2009-0501 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699] +CVE-2009-0500 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699] +CVE-2009-0499 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699] +CVE-2009-0490 VULNERABLE (audacity, fixed 1.3.6) #484952 +CVE-2009-0486 VULNERABLE (bugzilla, fixed 3.0.8) #484756 +CVE-2009-0485 VULNERABLE (bugzilla, fixed 3.0.7) #484756 +CVE-2009-0484 VULNERABLE (bugzilla, fixed 3.0.7) #484756 +CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484756 +CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484756 +CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484756 +CVE-2009-0415 VULNERABLE (trickle) [since trickle-1.07-7.fc10] +CVE-2009-0414 fixed (tor, fixed 0.2.0.33) [since FEDORA-2009-0917] +CVE-2009-0413 fixed (roundcubemail) [since FEDORA-2009-1204] +CVE-2009-0398 ignore (gstreamer-plugins) only affected old 0.6.x versions +CVE-2009-0397 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10] +CVE-2009-0387 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10] +CVE-2009-0386 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10] +CVE-2009-0362 fixed (fail2ban) [since FEDORA-2009-1737] +CVE-2009-0358 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398] +CVE-2009-0357 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398] +CVE-2009-0356 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398] +CVE-2009-0355 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398] +CVE-2009-0354 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398] +CVE-2009-0353 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398] +CVE-2009-0352 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398] +CVE-2009-0312 VULNERABLE (moin, fixed 1.7.4,1.8.2) CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025 -CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1) +CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2) CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550] CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550] CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc10] not security according to upstream CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific -CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) [since asterisk-1.6.0.5-2.fc10] AST-2009-001 +CVE-2009-0041 fixed (asterisk, fixed 1.6.0.5) [since FEDORA-2009-0984] AST-2009-001 +CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped +CVE-2009-0034 fixed (sudo) [since FEDORA-2009-1074] +CVE-2009-0032 ignore (cups) Mandriva-specific CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0451] CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0160] CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0544] +CVE-2008-6125 version (moodle) +CVE-2008-6123 VULNERABLE (net-snmp) +CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484756 +CVE-2008-6020 fixed (drupal-views, fixed 6.x-2.2) [since FEDORA-2008-11578] CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11678] CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] @@ -24,8 +61,8 @@ CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed CVE-2008-5714 VULNERABLE (kvm) CVE-2008-5714 VULNERABLE (qemu) -CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10) -CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5704 ignore (gpsdrive, fixed 2.10) only affected 2.10-pre versions +CVE-2008-5703 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1225] CVE-2008-5698 ignore (konqueror) KDE3 and DoS only CVE-2008-5695 version (wordpress, fixed 2.3.3) CVE-2008-5695 version (wordpress-mu, fixed 1.3.3) @@ -70,7 +107,8 @@ CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991] CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991] CVE-2008-5396 ignore (zaptel) kernel modules not shipped -CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5380 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1225] +CVE-2008-5377 ignore (cups) Debian-specific CVE-2008-5299 VULNERABLE (chm2pdf) #474459 CVE-2008-5298 VULNERABLE (chm2pdf) #474459 CVE-2008-5286 ignore (cups) libpng prevents this @@ -103,7 +141,7 @@ CVE-2008-4985 ignore (vdr) Debian-specific CVE-2008-4982 fixed (rkhunter) [since rkhunter-1.3.2-5.fc10] CVE-2008-4977 ignore (postfix) Debian-specific -CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-4959 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1225] CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped CVE-2008-4937 ignore (openoffice.org) not affected CVE-2008-4936 fixed (mgetty) patched for ages @@ -128,7 +166,7 @@ CVE-2008-4577 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10392] dialupadmin subpackage dropped -CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959 +CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484756 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10] Index: f11 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f11,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- f11 27 Jan 2009 14:18:01 -0000 1.5 +++ f11 16 Feb 2009 08:04:49 -0000 1.6 @@ -4,16 +4,45 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2009-0547 VULNERABLE (evolution) +CVE-2009-0543 ignore (proftpd) not affected +CVE-2009-0542 VULNERABLE (proftpd) #485131 +CVE-2009-0502 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11] +CVE-2009-0501 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11] +CVE-2009-0500 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11] +CVE-2009-0499 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11] +CVE-2009-0490 VULNERABLE (audacity, fixed 1.3.6) #484954 +CVE-2009-0486 VULNERABLE (bugzilla, fixed 3.0.8) #484758 +CVE-2009-0485 VULNERABLE (bugzilla, fixed 3.0.7) #484758 +CVE-2009-0484 VULNERABLE (bugzilla, fixed 3.0.7) #484758 +CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484758 +CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484758 +CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484758 +CVE-2009-0415 backport (trickle) [since trickle-1.07-6.fc11] +CVE-2009-0414 version (tor, fixed 0.2.0.33) [since tor-0.2.0.33-1.fc11] +CVE-2009-0413 backport (roundcubemail) [since roundcubemail-0.2-7.stable.fc11] +CVE-2009-0397 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11] +CVE-2009-0387 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11] +CVE-2009-0386 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11] +CVE-2009-0362 backport (fail2ban) [since fail2ban-0.8.3-18.fc11] +CVE-2009-0312 VULNERABLE (moin, fixed 1.7.4,1.8.2) CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025 -CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1) +CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2) CVE-2009-0136 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11] CVE-2009-0135 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11] CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc11] not security according to upstream CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) AST-2009-001 +CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped +CVE-2009-0034 VULNERABLE (sudo) +CVE-2009-0032 ignore (cups) Mandriva-specific CVE-2009-0025 version (bind, fixed 9.5.1-P1,9.6.0-P1) [since bind-9.6.0-2.P1.fc11] CVE-2009-0022 VULNERABLE (samba, fixed 3.2.7) CVE-2009-0021 version (ntp, fixed 4.2.4p6) [since ntp-4.2.4p6-1.fc11] +CVE-2008-6125 version (moodle) +CVE-2008-6123 VULNERABLE (net-snmp) +CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484758 +CVE-2008-6020 version (drupal-views, fixed 6.x-2.2) [since drupal-views-6.x.2.2-1.fc11] CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) CVE-2008-5916 version (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since git-1.6.0.6-1.fc11] CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] @@ -24,8 +53,8 @@ CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed CVE-2008-5714 VULNERABLE (kvm) CVE-2008-5714 VULNERABLE (qemu) -CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10) -CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5704 ignore (gpsdrive, fixed 2.10) only affected 2.10-pre versions +CVE-2008-5703 backport (gpsdrive, fixed 2.10) [since gpsdrive-2.09-7.fc11] CVE-2008-5698 ignore (konqueror) KDE3 and DoS only CVE-2008-5688 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] CVE-2008-5687 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] @@ -68,7 +97,8 @@ CVE-2008-5398 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11] CVE-2008-5397 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11] CVE-2008-5396 ignore (zaptel) kernel modules not shipped -CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5380 backport (gpsdrive, fixed 2.10) [since gpsdrive-2.09-7.fc11] +CVE-2008-5377 ignore (cups) Debian-specific CVE-2008-5299 VULNERABLE (chm2pdf) CVE-2008-5298 VULNERABLE (chm2pdf) CVE-2008-5286 ignore (cups) libpng prevents this @@ -85,13 +115,13 @@ CVE-2008-5086 backport (libvirt) [since libvirt-0.5.1-2.fc11] CVE-2008-5081 version (avahi, fixed 0.6.24) [since avahi-0.6.24-1.fc11] CVE-2008-5080 backport (awstats) [since awstats-6.8-3.fc11] -CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-4959 backport (gpsdrive, fixed 2.10) [since gpsdrive-2.09-7.fc11] CVE-2008-4863 backport (blender) [blender-2.48a-4.fc10] CVE-2008-4770 VULNERABLE (vnc, fixed 4.1.3) CVE-2008-4690 backport (lynx) [since lynx-2.8.6-18.fc10] CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) -CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) +CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484758 CVE-2008-4405 VULNERABLE (xen) CVE-2008-4315 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] CVE-2008-4314 version (samba, fixed 3.0.33,3.2.5) [since samba-3.2.5-0.23.fc11] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.244 retrieving revision 1.245 diff -u -r1.244 -r1.245 --- f9 27 Jan 2009 14:18:01 -0000 1.244 +++ f9 16 Feb 2009 08:04:49 -0000 1.245 @@ -5,16 +5,53 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2009-0547 VULNERABLE (evolution) +CVE-2009-0543 ignore (proftpd) not affected +CVE-2009-0542 VULNERABLE (proftpd) #485129 +CVE-2009-0502 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641] +CVE-2009-0501 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641] +CVE-2009-0500 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641] +CVE-2009-0499 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641] +CVE-2009-0490 VULNERABLE (audacity, fixed 1.3.6) #484953 +CVE-2009-0486 VULNERABLE (bugzilla, fixed 3.0.8) #484757 +CVE-2009-0485 VULNERABLE (bugzilla, fixed 3.0.7) #484757 +CVE-2009-0484 VULNERABLE (bugzilla, fixed 3.0.7) #484757 +CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484757 +CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484757 +CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484757 +CVE-2009-0415 VULNERABLE (trickle) [since trickle-1.07-7.fc9] +CVE-2009-0414 fixed (tor, fixed 0.2.0.33) [since FEDORA-2009-0897] +CVE-2009-0413 fixed (roundcubemail) [since FEDORA-2009-1256] +CVE-2009-0398 ignore (gstreamer-plugins) only affected old 0.6.x versions +CVE-2009-0397 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9] +CVE-2009-0387 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9] +CVE-2009-0386 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9] +CVE-2009-0362 fixed (fail2ban) [since FEDORA-2009-1736] +CVE-2009-0358 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399] +CVE-2009-0357 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399] +CVE-2009-0356 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399] +CVE-2009-0355 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399] +CVE-2009-0354 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399] +CVE-2009-0353 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399] +CVE-2009-0352 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399] +CVE-2009-0312 VULNERABLE (moin, fixed 1.7.4,1.8.2) CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025 -CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1) +CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2) CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715] CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715] CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc9] not security according to upstream CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific -CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) [since asterisk-1.6.0.5-2.fc9] AST-2009-001 +CVE-2009-0041 fixed (asterisk, fixed 1.6.0.5) [since FEDORA-2009-0973] AST-2009-001 +CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped +CVE-2009-0034 VULNERABLE (sudo) +CVE-2009-0032 ignore (cups) Mandriva-specific CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0350] CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0268] CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0547] +CVE-2008-6125 version (moodle) +CVE-2008-6123 VULNERABLE (net-snmp) +CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484757 +CVE-2008-6020 fixed (drupal-views, fixed 6.x-2.2) [since FEDORA-2008-11519] CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11650] CVE-2008-5906 fixed (ktorrent, fixed 3.1.4) [since FEDORA-2008-9167] @@ -25,8 +62,8 @@ CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed CVE-2008-5714 VULNERABLE (kvm) CVE-2008-5714 VULNERABLE (qemu) -CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10) -CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5704 ignore (gpsdrive, fixed 2.10) only affected 2.10-pre versions +CVE-2008-5703 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1366] CVE-2008-5698 ignore (konqueror) KDE3 and DoS only CVE-2008-5695 version (wordpress, fixed 2.3.3) CVE-2008-5688 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] @@ -70,7 +107,8 @@ CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989] CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989] CVE-2008-5396 ignore (zaptel) kernel modules not shipped -CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5380 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1366] +CVE-2008-5377 ignore (cups) Debian-specific CVE-2008-5286 ignore (cups) libpng prevents this CVE-2008-5262 fixed (DevIL) [since FEDORA-2009-0856] CVE-2008-5252 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] @@ -101,7 +139,7 @@ CVE-2008-4985 ignore (vdr) Debian-specific CVE-2008-4982 fixed (rkhunter) [since FEDORA-2008-8314] CVE-2008-4977 ignore (postfix) Debian-specific -CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-4959 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1366] CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped CVE-2008-4937 fixed (openoffice.org) [since FEDORA-2008-7680] CVE-2008-4936 fixed (mgetty) patched for ages @@ -126,13 +164,13 @@ CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9202] CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10309] dialupadmin subpackage dropped -CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958 +CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484757 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639] CVE-2008-4405 VULNERABLE (xen) -CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464639 -CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639 +CVE-2008-4360 fixed (lighttpd, fixed 1.4.20) #464639 [since FEDORA-2008-11923] +CVE-2008-4359 fixed (lighttpd, fixed 1.4.20) #464639 [since FEDORA-2008-11923] CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252] CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] @@ -141,7 +179,7 @@ CVE-2008-4311 fixed (dbus, fixed 1.2.6) [since FEDORA-2008-10907] CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9367] CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372] -CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 +CVE-2008-4298 fixed (lighttpd, fixed 1.4.20) #464639 [since FEDORA-2008-11923] CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] CVE-2008-4242 fixed (proftpd) #464129 [since FEDORA-2009-0064] CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9773] From fedora-security-commits at redhat.com Mon Feb 23 15:35:44 2009 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Mon, 23 Feb 2009 15:35:44 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Fedora.pm, 1.9, 1.10 Message-ID: <20090223153544.EA31870104@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28318/lib/Libexig Modified Files: Fedora.pm Log Message: fix bodhi link - type is now type_, release version is no longer manually selected, rather auto-guessed from brew tags Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Fedora.pm,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- Fedora.pm 15 Jan 2009 13:30:23 -0000 1.9 +++ Fedora.pm 23 Feb 2009 15:35:14 -0000 1.10 @@ -236,8 +236,7 @@ 'create the update request: '."\n". 'https://admin.fedoraproject.org/updates/new/'. '?request=Stable'. - '&type=security'. - '&release=Fedora%20'.$bug->{'version'}. + '&type_=security'. '&bugs='.$bug_id; foreach my $bug (@{$parent_bugs}) {