[Fedora-security-commits] fedora-security/audit f10, 1.34, 1.35 f11, 1.5, 1.6 f9, 1.244, 1.245
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Mon Feb 16 08:05:19 UTC 2009
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv640/audit
Modified Files:
f10 f11 f9
Log Message:
pile of updates
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- f10 27 Jan 2009 14:18:01 -0000 1.34
+++ f10 16 Feb 2009 08:04:49 -0000 1.35
@@ -4,16 +4,53 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2009-0547 VULNERABLE (evolution)
+CVE-2009-0543 ignore (proftpd) not affected
+CVE-2009-0542 VULNERABLE (proftpd) #485130
+CVE-2009-0502 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699]
+CVE-2009-0501 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699]
+CVE-2009-0500 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699]
+CVE-2009-0499 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699]
+CVE-2009-0490 VULNERABLE (audacity, fixed 1.3.6) #484952
+CVE-2009-0486 VULNERABLE (bugzilla, fixed 3.0.8) #484756
+CVE-2009-0485 VULNERABLE (bugzilla, fixed 3.0.7) #484756
+CVE-2009-0484 VULNERABLE (bugzilla, fixed 3.0.7) #484756
+CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484756
+CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484756
+CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484756
+CVE-2009-0415 VULNERABLE (trickle) [since trickle-1.07-7.fc10]
+CVE-2009-0414 fixed (tor, fixed 0.2.0.33) [since FEDORA-2009-0917]
+CVE-2009-0413 fixed (roundcubemail) [since FEDORA-2009-1204]
+CVE-2009-0398 ignore (gstreamer-plugins) only affected old 0.6.x versions
+CVE-2009-0397 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10]
+CVE-2009-0387 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10]
+CVE-2009-0386 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10]
+CVE-2009-0362 fixed (fail2ban) [since FEDORA-2009-1737]
+CVE-2009-0358 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398]
+CVE-2009-0357 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398]
+CVE-2009-0356 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398]
+CVE-2009-0355 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398]
+CVE-2009-0354 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398]
+CVE-2009-0353 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398]
+CVE-2009-0352 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398]
+CVE-2009-0312 VULNERABLE (moin, fixed 1.7.4,1.8.2)
CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025
-CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1)
+CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2)
CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550]
CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550]
CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc10] not security according to upstream
CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
-CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) [since asterisk-1.6.0.5-2.fc10] AST-2009-001
+CVE-2009-0041 fixed (asterisk, fixed 1.6.0.5) [since FEDORA-2009-0984] AST-2009-001
+CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped
+CVE-2009-0034 fixed (sudo) [since FEDORA-2009-1074]
+CVE-2009-0032 ignore (cups) Mandriva-specific
CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0451]
CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0160]
CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0544]
+CVE-2008-6125 version (moodle)
+CVE-2008-6123 VULNERABLE (net-snmp)
+CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484756
+CVE-2008-6020 fixed (drupal-views, fixed 6.x-2.2) [since FEDORA-2008-11578]
CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1)
CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11678]
CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10]
@@ -24,8 +61,8 @@
CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed
CVE-2008-5714 VULNERABLE (kvm)
CVE-2008-5714 VULNERABLE (qemu)
-CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10)
-CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5704 ignore (gpsdrive, fixed 2.10) only affected 2.10-pre versions
+CVE-2008-5703 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1225]
CVE-2008-5698 ignore (konqueror) KDE3 and DoS only
CVE-2008-5695 version (wordpress, fixed 2.3.3)
CVE-2008-5695 version (wordpress-mu, fixed 1.3.3)
@@ -70,7 +107,8 @@
CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991]
CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991]
CVE-2008-5396 ignore (zaptel) kernel modules not shipped
-CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5380 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1225]
+CVE-2008-5377 ignore (cups) Debian-specific
CVE-2008-5299 VULNERABLE (chm2pdf) #474459
CVE-2008-5298 VULNERABLE (chm2pdf) #474459
CVE-2008-5286 ignore (cups) libpng prevents this
@@ -103,7 +141,7 @@
CVE-2008-4985 ignore (vdr) Debian-specific
CVE-2008-4982 fixed (rkhunter) [since rkhunter-1.3.2-5.fc10]
CVE-2008-4977 ignore (postfix) Debian-specific
-CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-4959 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1225]
CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped
CVE-2008-4937 ignore (openoffice.org) not affected
CVE-2008-4936 fixed (mgetty) patched for ages
@@ -128,7 +166,7 @@
CVE-2008-4577 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10]
CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10]
CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10392] dialupadmin subpackage dropped
-CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959
+CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484756
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10]
CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10]
Index: f11
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f11,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- f11 27 Jan 2009 14:18:01 -0000 1.5
+++ f11 16 Feb 2009 08:04:49 -0000 1.6
@@ -4,16 +4,45 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2009-0547 VULNERABLE (evolution)
+CVE-2009-0543 ignore (proftpd) not affected
+CVE-2009-0542 VULNERABLE (proftpd) #485131
+CVE-2009-0502 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11]
+CVE-2009-0501 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11]
+CVE-2009-0500 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11]
+CVE-2009-0499 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11]
+CVE-2009-0490 VULNERABLE (audacity, fixed 1.3.6) #484954
+CVE-2009-0486 VULNERABLE (bugzilla, fixed 3.0.8) #484758
+CVE-2009-0485 VULNERABLE (bugzilla, fixed 3.0.7) #484758
+CVE-2009-0484 VULNERABLE (bugzilla, fixed 3.0.7) #484758
+CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484758
+CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484758
+CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484758
+CVE-2009-0415 backport (trickle) [since trickle-1.07-6.fc11]
+CVE-2009-0414 version (tor, fixed 0.2.0.33) [since tor-0.2.0.33-1.fc11]
+CVE-2009-0413 backport (roundcubemail) [since roundcubemail-0.2-7.stable.fc11]
+CVE-2009-0397 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11]
+CVE-2009-0387 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11]
+CVE-2009-0386 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11]
+CVE-2009-0362 backport (fail2ban) [since fail2ban-0.8.3-18.fc11]
+CVE-2009-0312 VULNERABLE (moin, fixed 1.7.4,1.8.2)
CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025
-CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1)
+CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2)
CVE-2009-0136 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11]
CVE-2009-0135 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11]
CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc11] not security according to upstream
CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) AST-2009-001
+CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped
+CVE-2009-0034 VULNERABLE (sudo)
+CVE-2009-0032 ignore (cups) Mandriva-specific
CVE-2009-0025 version (bind, fixed 9.5.1-P1,9.6.0-P1) [since bind-9.6.0-2.P1.fc11]
CVE-2009-0022 VULNERABLE (samba, fixed 3.2.7)
CVE-2009-0021 version (ntp, fixed 4.2.4p6) [since ntp-4.2.4p6-1.fc11]
+CVE-2008-6125 version (moodle)
+CVE-2008-6123 VULNERABLE (net-snmp)
+CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484758
+CVE-2008-6020 version (drupal-views, fixed 6.x-2.2) [since drupal-views-6.x.2.2-1.fc11]
CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1)
CVE-2008-5916 version (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since git-1.6.0.6-1.fc11]
CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10]
@@ -24,8 +53,8 @@
CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed
CVE-2008-5714 VULNERABLE (kvm)
CVE-2008-5714 VULNERABLE (qemu)
-CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10)
-CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5704 ignore (gpsdrive, fixed 2.10) only affected 2.10-pre versions
+CVE-2008-5703 backport (gpsdrive, fixed 2.10) [since gpsdrive-2.09-7.fc11]
CVE-2008-5698 ignore (konqueror) KDE3 and DoS only
CVE-2008-5688 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11]
CVE-2008-5687 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11]
@@ -68,7 +97,8 @@
CVE-2008-5398 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11]
CVE-2008-5397 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11]
CVE-2008-5396 ignore (zaptel) kernel modules not shipped
-CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5380 backport (gpsdrive, fixed 2.10) [since gpsdrive-2.09-7.fc11]
+CVE-2008-5377 ignore (cups) Debian-specific
CVE-2008-5299 VULNERABLE (chm2pdf)
CVE-2008-5298 VULNERABLE (chm2pdf)
CVE-2008-5286 ignore (cups) libpng prevents this
@@ -85,13 +115,13 @@
CVE-2008-5086 backport (libvirt) [since libvirt-0.5.1-2.fc11]
CVE-2008-5081 version (avahi, fixed 0.6.24) [since avahi-0.6.24-1.fc11]
CVE-2008-5080 backport (awstats) [since awstats-6.8-3.fc11]
-CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-4959 backport (gpsdrive, fixed 2.10) [since gpsdrive-2.09-7.fc11]
CVE-2008-4863 backport (blender) [blender-2.48a-4.fc10]
CVE-2008-4770 VULNERABLE (vnc, fixed 4.1.3)
CVE-2008-4690 backport (lynx) [since lynx-2.8.6-18.fc10]
CVE-2008-4641 VULNERABLE (jhead)
CVE-2008-4640 VULNERABLE (jhead)
-CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5)
+CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484758
CVE-2008-4405 VULNERABLE (xen)
CVE-2008-4315 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11]
CVE-2008-4314 version (samba, fixed 3.0.33,3.2.5) [since samba-3.2.5-0.23.fc11]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.244
retrieving revision 1.245
diff -u -r1.244 -r1.245
--- f9 27 Jan 2009 14:18:01 -0000 1.244
+++ f9 16 Feb 2009 08:04:49 -0000 1.245
@@ -5,16 +5,53 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2009-0547 VULNERABLE (evolution)
+CVE-2009-0543 ignore (proftpd) not affected
+CVE-2009-0542 VULNERABLE (proftpd) #485129
+CVE-2009-0502 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641]
+CVE-2009-0501 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641]
+CVE-2009-0500 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641]
+CVE-2009-0499 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641]
+CVE-2009-0490 VULNERABLE (audacity, fixed 1.3.6) #484953
+CVE-2009-0486 VULNERABLE (bugzilla, fixed 3.0.8) #484757
+CVE-2009-0485 VULNERABLE (bugzilla, fixed 3.0.7) #484757
+CVE-2009-0484 VULNERABLE (bugzilla, fixed 3.0.7) #484757
+CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484757
+CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484757
+CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484757
+CVE-2009-0415 VULNERABLE (trickle) [since trickle-1.07-7.fc9]
+CVE-2009-0414 fixed (tor, fixed 0.2.0.33) [since FEDORA-2009-0897]
+CVE-2009-0413 fixed (roundcubemail) [since FEDORA-2009-1256]
+CVE-2009-0398 ignore (gstreamer-plugins) only affected old 0.6.x versions
+CVE-2009-0397 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9]
+CVE-2009-0387 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9]
+CVE-2009-0386 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9]
+CVE-2009-0362 fixed (fail2ban) [since FEDORA-2009-1736]
+CVE-2009-0358 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399]
+CVE-2009-0357 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399]
+CVE-2009-0356 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399]
+CVE-2009-0355 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399]
+CVE-2009-0354 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399]
+CVE-2009-0353 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399]
+CVE-2009-0352 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399]
+CVE-2009-0312 VULNERABLE (moin, fixed 1.7.4,1.8.2)
CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025
-CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1)
+CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2)
CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715]
CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715]
CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc9] not security according to upstream
CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
-CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) [since asterisk-1.6.0.5-2.fc9] AST-2009-001
+CVE-2009-0041 fixed (asterisk, fixed 1.6.0.5) [since FEDORA-2009-0973] AST-2009-001
+CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped
+CVE-2009-0034 VULNERABLE (sudo)
+CVE-2009-0032 ignore (cups) Mandriva-specific
CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0350]
CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0268]
CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0547]
+CVE-2008-6125 version (moodle)
+CVE-2008-6123 VULNERABLE (net-snmp)
+CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484757
+CVE-2008-6020 fixed (drupal-views, fixed 6.x-2.2) [since FEDORA-2008-11519]
CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1)
CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11650]
CVE-2008-5906 fixed (ktorrent, fixed 3.1.4) [since FEDORA-2008-9167]
@@ -25,8 +62,8 @@
CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed
CVE-2008-5714 VULNERABLE (kvm)
CVE-2008-5714 VULNERABLE (qemu)
-CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10)
-CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5704 ignore (gpsdrive, fixed 2.10) only affected 2.10-pre versions
+CVE-2008-5703 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1366]
CVE-2008-5698 ignore (konqueror) KDE3 and DoS only
CVE-2008-5695 version (wordpress, fixed 2.3.3)
CVE-2008-5688 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802]
@@ -70,7 +107,8 @@
CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989]
CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989]
CVE-2008-5396 ignore (zaptel) kernel modules not shipped
-CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5380 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1366]
+CVE-2008-5377 ignore (cups) Debian-specific
CVE-2008-5286 ignore (cups) libpng prevents this
CVE-2008-5262 fixed (DevIL) [since FEDORA-2009-0856]
CVE-2008-5252 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802]
@@ -101,7 +139,7 @@
CVE-2008-4985 ignore (vdr) Debian-specific
CVE-2008-4982 fixed (rkhunter) [since FEDORA-2008-8314]
CVE-2008-4977 ignore (postfix) Debian-specific
-CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-4959 fixed (gpsdrive, fixed 2.10) [since FEDORA-2009-1366]
CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped
CVE-2008-4937 fixed (openoffice.org) [since FEDORA-2008-7680]
CVE-2008-4936 fixed (mgetty) patched for ages
@@ -126,13 +164,13 @@
CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9202]
CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928]
CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10309] dialupadmin subpackage dropped
-CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958
+CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484757
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575]
CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639]
CVE-2008-4405 VULNERABLE (xen)
-CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464639
-CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639
+CVE-2008-4360 fixed (lighttpd, fixed 1.4.20) #464639 [since FEDORA-2008-11923]
+CVE-2008-4359 fixed (lighttpd, fixed 1.4.20) #464639 [since FEDORA-2008-11923]
CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335]
CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252]
CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688]
@@ -141,7 +179,7 @@
CVE-2008-4311 fixed (dbus, fixed 1.2.6) [since FEDORA-2008-10907]
CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9367]
CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372]
-CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639
+CVE-2008-4298 fixed (lighttpd, fixed 1.4.20) #464639 [since FEDORA-2008-11923]
CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490]
CVE-2008-4242 fixed (proftpd) #464129 [since FEDORA-2009-0064]
CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9773]
More information about the Fedora-security-commits
mailing list