From fedora-security-commits at redhat.com Thu Jan 15 13:21:52 2009 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 15 Jan 2009 13:21:52 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/tools/scripts check-updates, 1.6, 1.7 Message-ID: <20090115132152.402437012D@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4890/tools/scripts Modified Files: check-updates Log Message: only note update id when update is stable Index: check-updates =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/check-updates,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- check-updates 26 Aug 2008 06:37:52 -0000 1.6 +++ check-updates 15 Jan 2009 13:21:21 -0000 1.7 @@ -79,17 +79,15 @@ if ($debug) { print " -> Found: ", keys(%{ $u->{'_builds_hash'}->{$entry->{'component'}} }); - } - - # Modify the line accordingly - if (defined($u->{'updateid'})) { - $entry->{'since'}= $u->{'updateid'}; - if ($debug) { + if (defined($u->{'updateid'})) { print " ($u->{'updateid'})"; } } + + # Modify the line accordingly if ($u->{'status'} eq 'stable') { $entry->{'status'}= 'fixed'; + $entry->{'since'}= $u->{'updateid'}; } Libexig::Audit::update_entry ($entry); From fedora-security-commits at redhat.com Thu Jan 15 13:30:54 2009 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 15 Jan 2009 13:30:54 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/tools/lib/Libexig Fedora.pm, 1.8, 1.9 Message-ID: <20090115133054.66B1F7012D@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6934/tools/lib/Libexig Modified Files: Fedora.pm Log Message: drop F8 support from tools Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Fedora.pm,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- Fedora.pm 26 Nov 2008 10:00:31 -0000 1.8 +++ Fedora.pm 15 Jan 2009 13:30:23 -0000 1.9 @@ -121,9 +121,6 @@ # Valid versions my %versions = ( - '8', => '8', - 'f8', => '8', - 'fc8', => '8', '9', => '9', 'f9', => '9', 'fc9', => '9', From fedora-security-commits at redhat.com Thu Jan 15 13:30:54 2009 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 15 Jan 2009 13:30:54 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/tools/scripts add-issue, 1.10, 1.11 Message-ID: <20090115133054.9DB4F7012D@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6934/tools/scripts Modified Files: add-issue Log Message: drop F8 support from tools Index: add-issue =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/add-issue,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- add-issue 26 Nov 2008 10:00:31 -0000 1.10 +++ add-issue 15 Jan 2009 13:30:24 -0000 1.11 @@ -24,7 +24,6 @@ use strict; my %versions = ( - '8' => 'audit/f8', '9' => 'audit/f9', '10' => 'audit/f10', '11' => 'audit/f11', From fedora-security-commits at redhat.com Thu Jan 15 13:32:20 2009 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 15 Jan 2009 13:32:20 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f8,1.252,1.253 Message-ID: <20090115133220.AD3CE7012D@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7142/audit Modified Files: f8 Log Message: no more werewolf howls, F8 is EOL, no more updates to f8 tracking file Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.252 retrieving revision 1.253 diff -u -r1.252 -r1.253 --- f8 19 Dec 2008 19:22:22 -0000 1.252 +++ f8 15 Jan 2009 13:31:50 -0000 1.253 @@ -1,46 +1,59 @@ # $Id$ +# F* EOLed on 2009-01-09 + # ** are items that need attention # *CVE are items that need verification for Fedora 8 # (mozilla) = (gecko-libs dependent stuff) rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2009-0022 ignore (samba, fixed 3.2.7) not affected +CVE-2008-5718 VULNERABLE (netatalk) +CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed +CVE-2008-5714 VULNERABLE (kvm) +CVE-2008-5714 VULNERABLE (qemu) CVE-2008-5695 version (wordpress, fixed 2.3.3) +CVE-2008-5688 VULNERABLE (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-41.99.fc8] +CVE-2008-5687 VULNERABLE (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-41.99.fc8] CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc8] CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10941] CVE-2008-5647 VULNERABLE (trac, 0.11.2) CVE-2008-5646 VULNERABLE (trac, 0.11.2) CVE-2008-5622 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11221] PMASA-2008-10, same as CVE-2008-5621? CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11221] PMASA-2008-10 -CVE-2008-5620 VULNERABLE (roundcubemail, 0.2-rc) [since roundcubemail-0.2-5.beta.fc8] +CVE-2008-5620 fixed (roundcubemail, 0.2-rc) [since FEDORA-2008-11581] CVE-2008-5619 fixed (roundcubemail, 0.2-rc) [since FEDORA-2008-11220] CVE-2008-5618 ignore (rsyslog, 3.20.2) not affected CVE-2008-5617 ignore (rsyslog, 3.20.1) not affected -CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc8] +CVE-2008-5587 fixed (phpPgAdmin, fixed 4.2.2) [since FEDORA-2008-11576] CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected -CVE-2008-5513 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] -CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] -CVE-2008-5512 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] -CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] -CVE-2008-5511 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] -CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] -CVE-2008-5510 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] -CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] -CVE-2008-5508 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] -CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] -CVE-2008-5507 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] -CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] -CVE-2008-5506 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] -CVE-2008-5504 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] -CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] -CVE-2008-5503 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] -CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8] -CVE-2008-5500 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8] +CVE-2008-5514 VULNERABLE (uw-imap, fixed 2007e) [since uw-imap-2007e-1.fc8] +CVE-2008-5513 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551] +CVE-2008-5512 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534] +CVE-2008-5512 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551] +CVE-2008-5511 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534] +CVE-2008-5511 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551] +CVE-2008-5510 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534] +CVE-2008-5510 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551] +CVE-2008-5508 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534] +CVE-2008-5508 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551] +CVE-2008-5507 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534] +CVE-2008-5507 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551] +CVE-2008-5506 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534] +CVE-2008-5506 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551] +CVE-2008-5504 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551] +CVE-2008-5503 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534] +CVE-2008-5503 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551] +CVE-2008-5500 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534] +CVE-2008-5500 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551] CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9502] CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10954] CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10954] CVE-2008-5286 ignore (cups) libpng prevents this +CVE-2008-5252 VULNERABLE (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-41.99.fc8] +CVE-2008-5250 VULNERABLE (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-41.99.fc8] +CVE-2008-5249 VULNERABLE (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-41.99.fc8] CVE-2008-5187 fixed (imlib2) #472577 [since FEDORA-2008-10296] CVE-2008-5184 version (cups, fixed 1.3.8) CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10911] @@ -93,6 +106,7 @@ CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582] CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8678] +CVE-2008-4405 VULNERABLE (xen) CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286] @@ -105,7 +119,7 @@ CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9351] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632 -CVE-2008-4242 VULNERABLE (proftpd) #464128 +CVE-2008-4242 fixed (proftpd) #464128 [since FEDORA-2009-0195] CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9729] CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9729] CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423] @@ -321,6 +335,9 @@ CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4842] CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579] CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default +CVE-2008-2383 VULNERABLE (xterm, fixed 238) [since xterm-238-1.fc8] +CVE-2008-2382 VULNERABLE (qemu) +CVE-2008-2382 VULNERABLE (kvm, fixed 82) CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6094] CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only @@ -791,6 +808,7 @@ CVE-2007-5746 fixed (openoffice.org, fixed 2.4) #442846 [since FEDORA-2008-3251] CVE-2007-5745 fixed (openoffice.org, fixed 2.4) #442846 [since FEDORA-2008-3251] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] +CVE-2007-5729 VULNERABLE (kvm, fixed 82) CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788] CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] CVE-2007-5707 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796] From fedora-security-commits at redhat.com Thu Jan 15 13:39:59 2009 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Thu, 15 Jan 2009 13:39:59 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f8,1.253,1.254 Message-ID: <20090115133959.272007012D@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8182/audit Modified Files: f8 Log Message: ok, one more typo fix ;) Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.253 retrieving revision 1.254 diff -u -r1.253 -r1.254 --- f8 15 Jan 2009 13:31:50 -0000 1.253 +++ f8 15 Jan 2009 13:39:28 -0000 1.254 @@ -1,6 +1,6 @@ # $Id$ -# F* EOLed on 2009-01-09 +# F8 EOLed on 2009-01-09 # ** are items that need attention # *CVE are items that need verification for Fedora 8 From fedora-security-commits at redhat.com Tue Jan 27 14:18:31 2009 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 27 Jan 2009 14:18:31 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.33, 1.34 f11, 1.4, 1.5 f9, 1.243, 1.244 Message-ID: <20090127141831.CC6367010B@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19216/audit Modified Files: f10 f11 f9 Log Message: large pile of updates Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.33 retrieving revision 1.34 diff -u -r1.33 -r1.34 --- f10 19 Dec 2008 19:22:21 -0000 1.33 +++ f10 27 Jan 2009 14:18:01 -0000 1.34 @@ -4,8 +4,33 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025 +CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1) +CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550] +CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550] +CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc10] not security according to upstream +CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific +CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) [since asterisk-1.6.0.5-2.fc10] AST-2009-001 +CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0451] +CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0160] +CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0544] +CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) +CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11678] +CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] +CVE-2008-5905 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] +CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7 +CVE-2008-5744 ignore (zaptel) kernel modules not shipped +CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2) +CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed +CVE-2008-5714 VULNERABLE (kvm) +CVE-2008-5714 VULNERABLE (qemu) +CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5698 ignore (konqueror) KDE3 and DoS only CVE-2008-5695 version (wordpress, fixed 2.3.3) CVE-2008-5695 version (wordpress-mu, fixed 1.3.3) +CVE-2008-5688 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743] +CVE-2008-5687 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743] CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc10] CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10956] CVE-2008-5657 version (quassel, fixed 0.3.0.3) [since quassel-0.3.0.3-1.fc10] @@ -13,48 +38,57 @@ CVE-2008-5646 VULNERABLE (trac, fixed 0.11.2) CVE-2008-5622 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11257] PMASA-2008-10, same as CVE-2008-5621? CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11257] PMASA-2008-10 -CVE-2008-5620 VULNERABLE (roundcubemail, fixed 0.2-rc) [since roundcubemail-0.2-5.beta.fc10] +CVE-2008-5620 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11456] CVE-2008-5619 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11247] -CVE-2008-5618 VULNERABLE (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.21.9-1.fc10] -CVE-2008-5617 VULNERABLE (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.21.9-1.fc10] +CVE-2008-5618 fixed (rsyslog, fixed 3.20.2,3.21.9) [since FEDORA-2008-11476] +CVE-2008-5617 fixed (rsyslog, fixed 3.20.1,3.21.8) [since FEDORA-2008-11476] CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [phpPgAdmin-4.2.2-1.fc10] CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected -CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] -CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] -CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] -CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] -CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] -CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] -CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] -CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] -CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5517 version (git, fixed 1.5.6) +CVE-2008-5516 version (git, fixed 1.5.5) +CVE-2008-5514 fixed (uw-imap, fixed 2007e) [since FEDORA-2009-0413] +CVE-2008-5513 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] +CVE-2008-5512 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] +CVE-2008-5512 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] +CVE-2008-5511 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] +CVE-2008-5511 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] +CVE-2008-5510 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] +CVE-2008-5510 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] +CVE-2008-5508 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] +CVE-2008-5508 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] +CVE-2008-5507 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] +CVE-2008-5507 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] +CVE-2008-5506 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] +CVE-2008-5506 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] +CVE-2008-5505 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] +CVE-2008-5503 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] +CVE-2008-5502 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] +CVE-2008-5501 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] +CVE-2008-5500 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] +CVE-2008-5500 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9903] CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991] CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991] +CVE-2008-5396 ignore (zaptel) kernel modules not shipped +CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10) CVE-2008-5299 VULNERABLE (chm2pdf) #474459 CVE-2008-5298 VULNERABLE (chm2pdf) #474459 CVE-2008-5286 ignore (cups) libpng prevents this +CVE-2008-5262 fixed (DevIL) [since FEDORA-2009-0867] +CVE-2008-5252 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743] +CVE-2008-5250 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743] +CVE-2008-5249 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743] CVE-2008-5187 fixed (imlib2) #472579 [since FEDORA-2008-10364] CVE-2008-5184 version (cups, fixed 1.3.8) CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10895] -CVE-2008-5153 VULNERABLE (moodle) #472120 +CVE-2008-5153 fixed (moodle) #472120 [since FEDORA-2009-0819] CVE-2008-5148 fixed (geda-gnetlist) #472116 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472112 CVE-2008-5113 VULNERABLE (wordpress) #471992 CVE-2008-5110 fixed (syslog-ng) [since FEDORA-2008-10879] CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10] -CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc10] -CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) [since avahi-0.6.22-12.fc10] +CVE-2008-5086 fixed (libvirt) [since FEDORA-2008-11443] +CVE-2008-5081 fixed (avahi, fixed 0.6.24) [since FEDORA-2008-11351] CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10950] CVE-2008-5078 ignore (enscript) 1.6.1 only CVE-2008-5076 fixed (htop) [since FEDORA-2008-9944] @@ -69,6 +103,7 @@ CVE-2008-4985 ignore (vdr) Debian-specific CVE-2008-4982 fixed (rkhunter) [since rkhunter-1.3.2-5.fc10] CVE-2008-4977 ignore (postfix) Debian-specific +CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10) CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped CVE-2008-4937 ignore (openoffice.org) not affected CVE-2008-4936 fixed (mgetty) patched for ages @@ -82,6 +117,7 @@ CVE-2008-4789 version (drupal, fixed 6.5) [since drupal-6.5-1.fc10] CVE-2008-4776 version (libgadu, fixed 1.8.2) [since libgadu-1.8.2-1.fc10] CVE-2008-4775 version (phpMyAdmin, fixed 3.0.1.1) [since phpMyAdmin-3.0.1.1-1.fc10] +CVE-2008-4770 fixed (vnc, fixed 4.1.3) [since FEDORA-2009-0991] CVE-2008-4769 version (wordpress) CVE-2008-4690 fixed (lynx) [since FEDORA-2008-9952] CVE-2008-4641 VULNERABLE (jhead) @@ -96,6 +132,7 @@ CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10] +CVE-2008-4405 VULNERABLE (xen) CVE-2008-4360 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] CVE-2008-4359 version (lighttpd, fixed 1.4.20) #465754 [since lighttpd-1.4.20-1.fc10] CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10] @@ -108,7 +145,7 @@ CVE-2008-4306 fixed (enscript) [since enscript-1.6.4-11.fc10] CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] -CVE-2008-4242 VULNERABLE (proftpd) #464130 +CVE-2008-4242 fixed (proftpd) #464130 [since FEDORA-2009-0089] CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-10038] CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-10038] CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10] @@ -181,8 +218,8 @@ CVE-2008-3828 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10] CVE-2008-3826 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10] CVE-2008-3825 version (pam_krb5, 2.3.2) [since pam_krb5-2.3.2-1.fc10] -CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 -CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 +CVE-2008-3824 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012 +CVE-2008-3823 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] CVE-2008-3790 backport (ruby) [since ruby-1.8.6.287-2.fc10] CVE-2008-3789 version (samba, fixed 3.2.3) [since samba-3.2.4-0.22.fc10] @@ -331,6 +368,9 @@ CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10] CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2] CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default +CVE-2008-2383 fixed (xterm, fixed 238) [since FEDORA-2009-0091] +CVE-2008-2382 VULNERABLE (qemu) +CVE-2008-2382 fixed (kvm, fixed 82) [since FEDORA-2008-11727] CVE-2008-2377 version (gnutls, fixed 2.4.1) [since gnutls-2.4.1-1.fc10] CVE-2008-2376 backport (ruby, fixed 1.8.6-p257) [since ruby-1.8.6.230-4.fc10] CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only @@ -435,11 +475,12 @@ CVE-2007-5907 version (xen) #390121 CVE-2007-5906 version (xen) #390121 CVE-2007-5803 version (nagios, fixed 2.12) #446383 [since nagios-2.12-3.fc10] +CVE-2007-5729 VULNERABLE (kvm, fixed 82) CVE-2007-5615 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] CVE-2007-5614 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] CVE-2007-5613 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem -CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal +CVE-2007-4829 fixed (perl, fixed 1.40) [since FEDORA-2008-11736] #364291 perl-Archive-Tar directory traversal CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-1320 VULNERABLE (qemu) CVE-2007-1320 version (kvm, fixed 70) Index: f11 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f11,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- f11 19 Dec 2008 16:13:54 -0000 1.4 +++ f11 27 Jan 2009 14:18:01 -0000 1.5 @@ -4,6 +4,31 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025 +CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1) +CVE-2009-0136 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11] +CVE-2009-0135 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11] +CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc11] not security according to upstream +CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific +CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) AST-2009-001 +CVE-2009-0025 version (bind, fixed 9.5.1-P1,9.6.0-P1) [since bind-9.6.0-2.P1.fc11] +CVE-2009-0022 VULNERABLE (samba, fixed 3.2.7) +CVE-2009-0021 version (ntp, fixed 4.2.4p6) [since ntp-4.2.4p6-1.fc11] +CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) +CVE-2008-5916 version (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since git-1.6.0.6-1.fc11] +CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] +CVE-2008-5905 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] +CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7 +CVE-2008-5744 ignore (zaptel) kernel modules not shipped +CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2) +CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed +CVE-2008-5714 VULNERABLE (kvm) +CVE-2008-5714 VULNERABLE (qemu) +CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5698 ignore (konqueror) KDE3 and DoS only +CVE-2008-5688 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] +CVE-2008-5687 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc10] CVE-2008-5660 version (vinagre, fixed 0.5.2,2.24.2) [since vinagre-2.25.3-1.fc11] CVE-2008-5657 version (quassel, fixed 0.3.0.3) [since quassel-0.3.0.3-1.fc11] @@ -17,61 +42,76 @@ CVE-2008-5617 version (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.21.9-1.fc11] CVE-2008-5587 version (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc11] CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected -CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5517 version (git, fixed 1.5.6) +CVE-2008-5516 version (git, fixed 1.5.5) +CVE-2008-5514 version (uw-imap, fixed 2007e) [since uw-imap-2007e-1.fc11] +CVE-2008-5513 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] CVE-2008-5512 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] -CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5512 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] CVE-2008-5511 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] -CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5511 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] CVE-2008-5510 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] -CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5510 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] CVE-2008-5508 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] -CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5508 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] CVE-2008-5507 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] -CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5507 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] CVE-2008-5506 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] -CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5506 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] +CVE-2008-5505 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] CVE-2008-5503 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] -CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] -CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5502 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] +CVE-2008-5501 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] CVE-2008-5500 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] -CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] +CVE-2008-5500 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] CVE-2008-5432 version (moodle, fixed 1.8.7,1.9.3) [since moodle-1.9.3-3.fc11] CVE-2008-5398 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11] CVE-2008-5397 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11] +CVE-2008-5396 ignore (zaptel) kernel modules not shipped +CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10) CVE-2008-5299 VULNERABLE (chm2pdf) CVE-2008-5298 VULNERABLE (chm2pdf) CVE-2008-5286 ignore (cups) libpng prevents this +CVE-2008-5262 backport (DevIL) [since DevIL-1.7.5-2.fc11] +CVE-2008-5252 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] +CVE-2008-5250 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] +CVE-2008-5249 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] CVE-2008-5184 version (cups, fixed 1.3.8) CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.4-0.b1.5.fc11] -CVE-2008-5153 VULNERABLE (moodle) +CVE-2008-5153 backport (moodle) [since moodle-1.9.3-5.fc11] CVE-2008-5138 VULNERABLE (pam_mount) CVE-2008-5113 VULNERABLE (wordpress) #471992 CVE-2008-5110 version (syslog-ng, fixed 2.0.10) [since syslog-ng-2.0.10-1.fc11] CVE-2008-5086 backport (libvirt) [since libvirt-0.5.1-2.fc11] CVE-2008-5081 version (avahi, fixed 0.6.24) [since avahi-0.6.24-1.fc11] CVE-2008-5080 backport (awstats) [since awstats-6.8-3.fc11] +CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10) CVE-2008-4863 backport (blender) [blender-2.48a-4.fc10] +CVE-2008-4770 VULNERABLE (vnc, fixed 4.1.3) CVE-2008-4690 backport (lynx) [since lynx-2.8.6-18.fc10] CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) +CVE-2008-4405 VULNERABLE (xen) CVE-2008-4315 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] CVE-2008-4314 version (samba, fixed 3.0.33,3.2.5) [since samba-3.2.5-0.23.fc11] CVE-2008-4313 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] CVE-2008-4311 version (dbus, fixed 1.2.6) [since dbus-1.2.6-1.fc11] CVE-2008-4309 version (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10] -CVE-2008-4242 VULNERABLE (proftpd) #464130 +CVE-2008-4242 version (proftpd, fixed 1.3.2) #464130 [since 1.3.2-0.1.rc3] CVE-2008-4190 VULNERABLE (openswan) -CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) -CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) +CVE-2008-4130 version (gallery2, fixed 2.2.6) [since gallery2-2.3-1.fc11] +CVE-2008-4129 version (gallery2, fixed 2.2.6) [since gallery2-2.3-1.fc11] CVE-2008-4100 VULNERABLE (adns) #462754 upstream design decision CVE-2008-3949 VULNERABLE (emacs, fixed 22.3) CVE-2008-3927 VULNERABLE (tiger) -CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 -CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 -CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) +CVE-2008-3824 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012 +CVE-2008-3823 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012 +CVE-2008-3662 version (gallery2, fixed 2.2.6) [since gallery2-2.3-1.fc11] CVE-2008-3381 VULNERABLE (moin) #457364 +CVE-2008-2383 version (xterm, fixed 238) [since xterm-238-1.fc11] +CVE-2008-2382 VULNERABLE (qemu) +CVE-2008-2382 VULNERABLE (kvm, fixed 82) CVE-2008-2363 VULNERABLE (pan) #449335 CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes @@ -79,8 +119,9 @@ CVE-2008-1103 VULNERABLE (blender) not fixed upstream CVE-2007-6318 VULNERABLE (wordpress) #426434 CVE-2007-6131 VULNERABLE (scanbuttond) +CVE-2007-5729 VULNERABLE (kvm, fixed 82) CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem -CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal +CVE-2007-4829 version (perl, fixed 1.40) [since perl-5.10.0-52.fc11] #364291 perl-Archive-Tar directory traversal CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-1320 VULNERABLE (qemu) CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.243 retrieving revision 1.244 diff -u -r1.243 -r1.244 --- f9 19 Dec 2008 19:22:22 -0000 1.243 +++ f9 27 Jan 2009 14:18:01 -0000 1.244 @@ -5,7 +5,32 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025 +CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1) +CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715] +CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715] +CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc9] not security according to upstream +CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific +CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) [since asterisk-1.6.0.5-2.fc9] AST-2009-001 +CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0350] +CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0268] +CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0547] +CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) +CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11650] +CVE-2008-5906 fixed (ktorrent, fixed 3.1.4) [since FEDORA-2008-9167] +CVE-2008-5905 fixed (ktorrent, fixed 3.1.4) [since FEDORA-2008-9167] +CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7 +CVE-2008-5744 ignore (zaptel) kernel modules not shipped +CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2) +CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed +CVE-2008-5714 VULNERABLE (kvm) +CVE-2008-5714 VULNERABLE (qemu) +CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10) +CVE-2008-5698 ignore (konqueror) KDE3 and DoS only CVE-2008-5695 version (wordpress, fixed 2.3.3) +CVE-2008-5688 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] +CVE-2008-5687 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc9] CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10932] CVE-2008-5657 fixed (quassel, fixed 0.3.0.3) [since FEDORA-2008-9658] @@ -15,43 +40,52 @@ CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11208] PMASA-2008-10 CVE-2008-5620 VULNERABLE (roundcubemail, fixed 0.2-rc) CVE-2008-5619 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11234] -CVE-2008-5618 VULNERABLE (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.20.2-2.fc9] -CVE-2008-5617 VULNERABLE (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.20.2-2.fc9] -CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc9] +CVE-2008-5618 fixed (rsyslog, fixed 3.20.2,3.21.9) [since FEDORA-2008-11538] +CVE-2008-5617 fixed (rsyslog, fixed 3.20.1,3.21.8) [since FEDORA-2008-11538] +CVE-2008-5587 fixed (phpPgAdmin, fixed 4.2.2) [since FEDORA-2008-11602] CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected -CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] -CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] -CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] -CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] -CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] -CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] -CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] -CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] -CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] -CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] -CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] -CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] -CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] -CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] -CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] -CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] -CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] -CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] -CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] +CVE-2008-5517 version (git, fixed 1.5.6) +CVE-2008-5516 version (git, fixed 1.5.5) +CVE-2008-5514 fixed (uw-imap, fixed 2007e) [since FEDORA-2009-0371] +CVE-2008-5513 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] +CVE-2008-5512 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] +CVE-2008-5512 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] +CVE-2008-5511 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] +CVE-2008-5511 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] +CVE-2008-5510 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] +CVE-2008-5510 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] +CVE-2008-5508 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] +CVE-2008-5508 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] +CVE-2008-5507 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] +CVE-2008-5507 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] +CVE-2008-5506 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] +CVE-2008-5506 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] +CVE-2008-5505 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] +CVE-2008-5503 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] +CVE-2008-5502 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] +CVE-2008-5501 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] +CVE-2008-5500 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] +CVE-2008-5500 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9508] CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989] CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989] +CVE-2008-5396 ignore (zaptel) kernel modules not shipped +CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10) CVE-2008-5286 ignore (cups) libpng prevents this +CVE-2008-5262 fixed (DevIL) [since FEDORA-2009-0856] +CVE-2008-5252 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] +CVE-2008-5250 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] +CVE-2008-5249 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] CVE-2008-5187 fixed (imlib2) #472578 [since FEDORA-2008-10287] CVE-2008-5184 version (cups, fixed 1.3.8) CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10917] -CVE-2008-5153 VULNERABLE (moodle) #472119 +CVE-2008-5153 fixed (moodle) #472119 [since FEDORA-2009-0814] CVE-2008-5148 fixed (geda-gnetlist) #472115 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472111 CVE-2008-5113 VULNERABLE (wordpress) #471991 CVE-2008-5110 fixed (syslog-ng) #471986 [since FEDORA-2008-10752] CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633] -CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc9] +CVE-2008-5086 fixed (libvirt) [since FEDORA-2008-11433] CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10962] CVE-2008-5078 ignore (enscript) 1.6.1 only @@ -67,6 +101,7 @@ CVE-2008-4985 ignore (vdr) Debian-specific CVE-2008-4982 fixed (rkhunter) [since FEDORA-2008-8314] CVE-2008-4977 ignore (postfix) Debian-specific +CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10) CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped CVE-2008-4937 fixed (openoffice.org) [since FEDORA-2008-7680] CVE-2008-4936 fixed (mgetty) patched for ages @@ -80,6 +115,7 @@ CVE-2008-4789 fixed (drupal, fixed 6.5) [since FEDORA-2008-8852] CVE-2008-4776 fixed (libgadu, fixed 1.8.2) [since FEDORA-2008-9293] CVE-2008-4775 fixed (phpMyAdmin, fixed 3.0.1.1) [since FEDORA-2008-9316] +CVE-2008-4770 fixed (vnc, fixed 4.1.3) [since FEDORA-2009-1001] CVE-2008-4769 version (wordpress) CVE-2008-4690 fixed (lynx) #468550 [since FEDORA-2008-9550] CVE-2008-4641 VULNERABLE (jhead) @@ -94,6 +130,7 @@ CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639] +CVE-2008-4405 VULNERABLE (xen) CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] @@ -106,7 +143,7 @@ CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] -CVE-2008-4242 VULNERABLE (proftpd) #464129 +CVE-2008-4242 fixed (proftpd) #464129 [since FEDORA-2009-0064] CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9773] CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9773] CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379] @@ -179,8 +216,8 @@ CVE-2008-3828 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733] CVE-2008-3826 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733] CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618] -CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 -CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 +CVE-2008-3824 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012 +CVE-2008-3823 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] CVE-2008-3790 fixed (ruby) [since FEDORA-2008-8738] CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243] @@ -329,6 +366,9 @@ CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871] CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531] CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default +CVE-2008-2383 fixed (xterm, fixed 238) [since FEDORA-2009-0059] +CVE-2008-2382 VULNERABLE (qemu) +CVE-2008-2382 fixed (kvm, fixed 82) [since FEDORA-2008-11705] CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6033] CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only @@ -796,6 +836,7 @@ CVE-2007-5746 version (openoffice.org, fixed 2.4) CVE-2007-5745 version (openoffice.org, fixed 2.4) CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] +CVE-2007-5729 VULNERABLE (kvm, fixed 82) CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9] CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9] CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]