[Fedora-security-commits] fedora-security/audit f10, 1.33, 1.34 f11, 1.4, 1.5 f9, 1.243, 1.244

Tue Jan 27 14:18:31 UTC 2009

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19216/audit

Modified Files:
	f10 f11 f9 
Log Message:
large pile of updates



Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34

--- f10	19 Dec 2008 19:22:21 -0000	1.33
+++ f10	27 Jan 2009 14:18:01 -0000	1.34
@@ -4,8 +4,33 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
 
+CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025
+CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1) 
+CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550] 
+CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550] 
+CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc10] not security according to upstream
+CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
+CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) [since asterisk-1.6.0.5-2.fc10] AST-2009-001
+CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0451] 
+CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0160] 
+CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0544] 
+CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) 
+CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11678] 
+CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] 
+CVE-2008-5905 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] 
+CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7
+CVE-2008-5744 ignore (zaptel) kernel modules not shipped
+CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2) 
+CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed
+CVE-2008-5714 VULNERABLE (kvm) 
+CVE-2008-5714 VULNERABLE (qemu) 
+CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10) 
+CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10) 
+CVE-2008-5698 ignore (konqueror) KDE3 and DoS only
 CVE-2008-5695 version (wordpress, fixed 2.3.3) 
 CVE-2008-5695 version (wordpress-mu, fixed 1.3.3) 
+CVE-2008-5688 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743] 
+CVE-2008-5687 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743] 
 CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc10] 
 CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10956] 
 CVE-2008-5657 version (quassel, fixed 0.3.0.3) [since quassel-0.3.0.3-1.fc10] 
@@ -13,48 +38,57 @@
 CVE-2008-5646 VULNERABLE (trac, fixed 0.11.2) 
 CVE-2008-5622 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11257] PMASA-2008-10, same as CVE-2008-5621?
 CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11257] PMASA-2008-10
-CVE-2008-5620 VULNERABLE (roundcubemail, fixed 0.2-rc) [since roundcubemail-0.2-5.beta.fc10] 
+CVE-2008-5620 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11456] 
 CVE-2008-5619 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11247] 
-CVE-2008-5618 VULNERABLE (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.21.9-1.fc10] 
-CVE-2008-5617 VULNERABLE (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.21.9-1.fc10] 
+CVE-2008-5618 fixed (rsyslog, fixed 3.20.2,3.21.9) [since FEDORA-2008-11476] 
+CVE-2008-5617 fixed (rsyslog, fixed 3.20.1,3.21.8) [since FEDORA-2008-11476] 
 CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [phpPgAdmin-4.2.2-1.fc10]
 CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected
-CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] 
-CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] 
-CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] 
-CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] 
-CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] 
-CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] 
-CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] 
-CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10] 
-CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
+CVE-2008-5517 version (git, fixed 1.5.6) 
+CVE-2008-5516 version (git, fixed 1.5.5) 
+CVE-2008-5514 fixed (uw-imap, fixed 2007e) [since FEDORA-2009-0413] 
+CVE-2008-5513 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] 
+CVE-2008-5512 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] 
+CVE-2008-5512 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] 
+CVE-2008-5511 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] 
+CVE-2008-5511 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] 
+CVE-2008-5510 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] 
+CVE-2008-5510 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] 
+CVE-2008-5508 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] 
+CVE-2008-5508 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] 
+CVE-2008-5507 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] 
+CVE-2008-5507 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] 
+CVE-2008-5506 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] 
+CVE-2008-5506 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] 
+CVE-2008-5505 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] 
+CVE-2008-5503 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] 
+CVE-2008-5502 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] 
+CVE-2008-5501 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] 
+CVE-2008-5500 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490] 
+CVE-2008-5500 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511] 
 CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9903] 
 CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991] 
 CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991] 
+CVE-2008-5396 ignore (zaptel) kernel modules not shipped
+CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10) 
 CVE-2008-5299 VULNERABLE (chm2pdf) #474459
 CVE-2008-5298 VULNERABLE (chm2pdf) #474459
 CVE-2008-5286 ignore (cups) libpng prevents this
+CVE-2008-5262 fixed (DevIL) [since FEDORA-2009-0867] 
+CVE-2008-5252 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743] 
+CVE-2008-5250 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743] 
+CVE-2008-5249 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743] 
 CVE-2008-5187 fixed (imlib2) #472579 [since FEDORA-2008-10364] 
 CVE-2008-5184 version (cups, fixed 1.3.8) 
 CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10895] 
-CVE-2008-5153 VULNERABLE (moodle) #472120
+CVE-2008-5153 fixed (moodle) #472120 [since FEDORA-2009-0819] 
 CVE-2008-5148 fixed (geda-gnetlist) #472116 [since FEDORA-2008-9730] 
 CVE-2008-5138 VULNERABLE (pam_mount) #472112
 CVE-2008-5113 VULNERABLE (wordpress) #471992
 CVE-2008-5110 fixed (syslog-ng) [since FEDORA-2008-10879] 
 CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10] 
-CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc10] 
-CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) [since avahi-0.6.22-12.fc10] 
+CVE-2008-5086 fixed (libvirt) [since FEDORA-2008-11443] 
+CVE-2008-5081 fixed (avahi, fixed 0.6.24) [since FEDORA-2008-11351] 
 CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10950] 
 CVE-2008-5078 ignore (enscript) 1.6.1 only
 CVE-2008-5076 fixed (htop) [since FEDORA-2008-9944] 
@@ -69,6 +103,7 @@
 CVE-2008-4985 ignore (vdr) Debian-specific
 CVE-2008-4982 fixed (rkhunter) [since rkhunter-1.3.2-5.fc10] 
 CVE-2008-4977 ignore (postfix) Debian-specific
+CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10) 
 CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped
 CVE-2008-4937 ignore (openoffice.org) not affected
 CVE-2008-4936 fixed (mgetty) patched for ages
@@ -82,6 +117,7 @@
 CVE-2008-4789 version (drupal, fixed 6.5) [since drupal-6.5-1.fc10] 
 CVE-2008-4776 version (libgadu, fixed 1.8.2) [since libgadu-1.8.2-1.fc10] 
 CVE-2008-4775 version (phpMyAdmin, fixed 3.0.1.1) [since phpMyAdmin-3.0.1.1-1.fc10] 
+CVE-2008-4770 fixed (vnc, fixed 4.1.3) [since FEDORA-2009-0991] 
 CVE-2008-4769 version (wordpress) 
 CVE-2008-4690 fixed (lynx) [since FEDORA-2008-9952] 
 CVE-2008-4641 VULNERABLE (jhead) 
@@ -96,6 +132,7 @@
 CVE-2008-4434 ignore (bittorrent) 6.x only
 CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] 
 CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10] 
+CVE-2008-4405 VULNERABLE (xen) 
 CVE-2008-4360 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] 
 CVE-2008-4359 version (lighttpd, fixed 1.4.20) #465754 [since lighttpd-1.4.20-1.fc10]
 CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10] 
@@ -108,7 +145,7 @@
 CVE-2008-4306 fixed (enscript) [since enscript-1.6.4-11.fc10] 
 CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] 
 CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] 
-CVE-2008-4242 VULNERABLE (proftpd) #464130 
+CVE-2008-4242 fixed (proftpd) #464130 [since FEDORA-2009-0089] 
 CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-10038] 
 CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-10038] 
 CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10] 
@@ -181,8 +218,8 @@
 CVE-2008-3828 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10]
 CVE-2008-3826 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10]
 CVE-2008-3825 version (pam_krb5, 2.3.2) [since pam_krb5-2.3.2-1.fc10]
-CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
-CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
+CVE-2008-3824 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
+CVE-2008-3823 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] 
 CVE-2008-3790 backport (ruby) [since ruby-1.8.6.287-2.fc10]
 CVE-2008-3789 version (samba, fixed 3.2.3) [since samba-3.2.4-0.22.fc10]
@@ -331,6 +368,9 @@
 CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10] 
 CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2383 fixed (xterm, fixed 238) [since FEDORA-2009-0091] 
+CVE-2008-2382 VULNERABLE (qemu) 
+CVE-2008-2382 fixed (kvm, fixed 82) [since FEDORA-2008-11727] 
 CVE-2008-2377 version (gnutls, fixed 2.4.1) [since gnutls-2.4.1-1.fc10] 
 CVE-2008-2376 backport (ruby, fixed 1.8.6-p257) [since ruby-1.8.6.230-4.fc10] 
 CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
@@ -435,11 +475,12 @@
 CVE-2007-5907 version (xen) #390121
 CVE-2007-5906 version (xen) #390121
 CVE-2007-5803 version (nagios, fixed 2.12) #446383 [since nagios-2.12-3.fc10]
+CVE-2007-5729 VULNERABLE (kvm, fixed 82) 
 CVE-2007-5615 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] 
 CVE-2007-5614 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] 
 CVE-2007-5613 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] 
 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
-CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
+CVE-2007-4829 fixed (perl, fixed 1.40) [since FEDORA-2008-11736] #364291 perl-Archive-Tar directory traversal
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
 CVE-2007-1320 VULNERABLE (qemu) 
 CVE-2007-1320 version (kvm, fixed 70) 


Index: f11
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f11,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- f11	19 Dec 2008 16:13:54 -0000	1.4
+++ f11	27 Jan 2009 14:18:01 -0000	1.5
@@ -4,6 +4,31 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
 
+CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025
+CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1) 
+CVE-2009-0136 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11] 
+CVE-2009-0135 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11] 
+CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc11] not security according to upstream
+CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
+CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) AST-2009-001
+CVE-2009-0025 version (bind, fixed 9.5.1-P1,9.6.0-P1) [since bind-9.6.0-2.P1.fc11] 
+CVE-2009-0022 VULNERABLE (samba, fixed 3.2.7) 
+CVE-2009-0021 version (ntp, fixed 4.2.4p6) [since ntp-4.2.4p6-1.fc11] 
+CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) 
+CVE-2008-5916 version (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since git-1.6.0.6-1.fc11] 
+CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] 
+CVE-2008-5905 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] 
+CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7
+CVE-2008-5744 ignore (zaptel) kernel modules not shipped
+CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2) 
+CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed
+CVE-2008-5714 VULNERABLE (kvm) 
+CVE-2008-5714 VULNERABLE (qemu) 
+CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10) 
+CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10) 
+CVE-2008-5698 ignore (konqueror) KDE3 and DoS only
+CVE-2008-5688 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] 
+CVE-2008-5687 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] 
 CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc10] 
 CVE-2008-5660 version (vinagre, fixed 0.5.2,2.24.2) [since vinagre-2.25.3-1.fc11] 
 CVE-2008-5657 version (quassel, fixed 0.3.0.3) [since quassel-0.3.0.3-1.fc11] 
@@ -17,61 +42,76 @@
 CVE-2008-5617 version (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.21.9-1.fc11] 
 CVE-2008-5587 version (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc11]
 CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected
-CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
+CVE-2008-5517 version (git, fixed 1.5.6) 
+CVE-2008-5516 version (git, fixed 1.5.5) 
+CVE-2008-5514 version (uw-imap, fixed 2007e) [since uw-imap-2007e-1.fc11] 
+CVE-2008-5513 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] 
 CVE-2008-5512 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] 
-CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
+CVE-2008-5512 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] 
 CVE-2008-5511 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] 
-CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
+CVE-2008-5511 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] 
 CVE-2008-5510 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] 
-CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
+CVE-2008-5510 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] 
 CVE-2008-5508 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] 
-CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
+CVE-2008-5508 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] 
 CVE-2008-5507 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] 
-CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
+CVE-2008-5507 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] 
 CVE-2008-5506 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] 
-CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
+CVE-2008-5506 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] 
+CVE-2008-5505 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] 
 CVE-2008-5503 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] 
-CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
-CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
+CVE-2008-5502 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] 
+CVE-2008-5501 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] 
 CVE-2008-5500 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11] 
-CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10] 
+CVE-2008-5500 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11] 
 CVE-2008-5432 version (moodle, fixed 1.8.7,1.9.3) [since moodle-1.9.3-3.fc11] 
 CVE-2008-5398 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11] 
 CVE-2008-5397 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11] 
+CVE-2008-5396 ignore (zaptel) kernel modules not shipped
+CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10) 
 CVE-2008-5299 VULNERABLE (chm2pdf)
 CVE-2008-5298 VULNERABLE (chm2pdf)
 CVE-2008-5286 ignore (cups) libpng prevents this
+CVE-2008-5262 backport (DevIL) [since DevIL-1.7.5-2.fc11] 
+CVE-2008-5252 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] 
+CVE-2008-5250 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] 
+CVE-2008-5249 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11] 
 CVE-2008-5184 version (cups, fixed 1.3.8) 
 CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.4-0.b1.5.fc11]
-CVE-2008-5153 VULNERABLE (moodle)
+CVE-2008-5153 backport (moodle) [since moodle-1.9.3-5.fc11]
 CVE-2008-5138 VULNERABLE (pam_mount)
 CVE-2008-5113 VULNERABLE (wordpress) #471992
 CVE-2008-5110 version (syslog-ng, fixed 2.0.10) [since syslog-ng-2.0.10-1.fc11]
 CVE-2008-5086 backport (libvirt) [since libvirt-0.5.1-2.fc11] 
 CVE-2008-5081 version (avahi, fixed 0.6.24) [since avahi-0.6.24-1.fc11] 
 CVE-2008-5080 backport (awstats) [since awstats-6.8-3.fc11] 
+CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10) 
 CVE-2008-4863 backport (blender) [blender-2.48a-4.fc10]
+CVE-2008-4770 VULNERABLE (vnc, fixed 4.1.3) 
 CVE-2008-4690 backport (lynx) [since lynx-2.8.6-18.fc10] 
 CVE-2008-4641 VULNERABLE (jhead) 
 CVE-2008-4640 VULNERABLE (jhead) 
 CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5)
+CVE-2008-4405 VULNERABLE (xen) 
 CVE-2008-4315 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] 
 CVE-2008-4314 version (samba, fixed 3.0.33,3.2.5) [since samba-3.2.5-0.23.fc11]
 CVE-2008-4313 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] 
 CVE-2008-4311 version (dbus, fixed 1.2.6) [since dbus-1.2.6-1.fc11] 
 CVE-2008-4309 version (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10] 
-CVE-2008-4242 VULNERABLE (proftpd) #464130 
+CVE-2008-4242 version (proftpd, fixed 1.3.2) #464130 [since 1.3.2-0.1.rc3]
 CVE-2008-4190 VULNERABLE (openswan) 
-CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6)
-CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6)
+CVE-2008-4130 version (gallery2, fixed 2.2.6) [since gallery2-2.3-1.fc11]
+CVE-2008-4129 version (gallery2, fixed 2.2.6) [since gallery2-2.3-1.fc11]
 CVE-2008-4100 VULNERABLE (adns) #462754 upstream design decision
 CVE-2008-3949 VULNERABLE (emacs, fixed 22.3) 
 CVE-2008-3927 VULNERABLE (tiger) 
-CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
-CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
-CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6)
+CVE-2008-3824 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
+CVE-2008-3823 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
+CVE-2008-3662 version (gallery2, fixed 2.2.6) [since gallery2-2.3-1.fc11]
 CVE-2008-3381 VULNERABLE (moin) #457364 
+CVE-2008-2383 version (xterm, fixed 238) [since xterm-238-1.fc11] 
+CVE-2008-2382 VULNERABLE (qemu) 
+CVE-2008-2382 VULNERABLE (kvm, fixed 82) 
 CVE-2008-2363 VULNERABLE (pan) #449335 
 CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
 CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
@@ -79,8 +119,9 @@
 CVE-2008-1103 VULNERABLE (blender) not fixed upstream
 CVE-2007-6318 VULNERABLE (wordpress) #426434
 CVE-2007-6131 VULNERABLE (scanbuttond) 
+CVE-2007-5729 VULNERABLE (kvm, fixed 82) 
 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
-CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
+CVE-2007-4829 version (perl, fixed 1.40) [since perl-5.10.0-52.fc11] #364291 perl-Archive-Tar directory traversal
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
 CVE-2007-1320 VULNERABLE (qemu) 
 CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.243
retrieving revision 1.244
diff -u -r1.243 -r1.244
--- f9	19 Dec 2008 19:22:22 -0000	1.243
+++ f9	27 Jan 2009 14:18:01 -0000	1.244
@@ -5,7 +5,32 @@
 # (mozilla) = (gecko-libs dependent stuff)
 
 rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025
+CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1) 
+CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715] 
+CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715] 
+CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc9] not security according to upstream
+CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
+CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) [since asterisk-1.6.0.5-2.fc9] AST-2009-001
+CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0350] 
+CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0268] 
+CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0547] 
+CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) 
+CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11650] 
+CVE-2008-5906 fixed (ktorrent, fixed 3.1.4) [since FEDORA-2008-9167] 
+CVE-2008-5905 fixed (ktorrent, fixed 3.1.4) [since FEDORA-2008-9167] 
+CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7
+CVE-2008-5744 ignore (zaptel) kernel modules not shipped
+CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2) 
+CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed
+CVE-2008-5714 VULNERABLE (kvm) 
+CVE-2008-5714 VULNERABLE (qemu) 
+CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10) 
+CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10) 
+CVE-2008-5698 ignore (konqueror) KDE3 and DoS only
 CVE-2008-5695 version (wordpress, fixed 2.3.3) 
+CVE-2008-5688 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] 
+CVE-2008-5687 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] 
 CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc9] 
 CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10932] 
 CVE-2008-5657 fixed (quassel, fixed 0.3.0.3) [since FEDORA-2008-9658] 
@@ -15,43 +40,52 @@
 CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11208] PMASA-2008-10
 CVE-2008-5620 VULNERABLE (roundcubemail, fixed 0.2-rc) 
 CVE-2008-5619 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11234] 
-CVE-2008-5618 VULNERABLE (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.20.2-2.fc9] 
-CVE-2008-5617 VULNERABLE (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.20.2-2.fc9] 
-CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc9]
+CVE-2008-5618 fixed (rsyslog, fixed 3.20.2,3.21.9) [since FEDORA-2008-11538] 
+CVE-2008-5617 fixed (rsyslog, fixed 3.20.1,3.21.8) [since FEDORA-2008-11538] 
+CVE-2008-5587 fixed (phpPgAdmin, fixed 4.2.2) [since FEDORA-2008-11602] 
 CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected
-CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] 
-CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] 
-CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] 
-CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] 
-CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] 
-CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] 
-CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] 
-CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] 
-CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] 
-CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] 
-CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] 
-CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] 
-CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] 
-CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] 
-CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] 
-CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] 
-CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] 
-CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9] 
-CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9] 
+CVE-2008-5517 version (git, fixed 1.5.6) 
+CVE-2008-5516 version (git, fixed 1.5.5) 
+CVE-2008-5514 fixed (uw-imap, fixed 2007e) [since FEDORA-2009-0371] 
+CVE-2008-5513 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] 
+CVE-2008-5512 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] 
+CVE-2008-5512 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] 
+CVE-2008-5511 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] 
+CVE-2008-5511 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] 
+CVE-2008-5510 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] 
+CVE-2008-5510 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] 
+CVE-2008-5508 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] 
+CVE-2008-5508 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] 
+CVE-2008-5507 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] 
+CVE-2008-5507 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] 
+CVE-2008-5506 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] 
+CVE-2008-5506 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] 
+CVE-2008-5505 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] 
+CVE-2008-5503 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] 
+CVE-2008-5502 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] 
+CVE-2008-5501 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] 
+CVE-2008-5500 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586] 
+CVE-2008-5500 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598] 
 CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9508] 
 CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989] 
 CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989] 
+CVE-2008-5396 ignore (zaptel) kernel modules not shipped
+CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10) 
 CVE-2008-5286 ignore (cups) libpng prevents this
+CVE-2008-5262 fixed (DevIL) [since FEDORA-2009-0856] 
+CVE-2008-5252 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] 
+CVE-2008-5250 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] 
+CVE-2008-5249 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802] 
 CVE-2008-5187 fixed (imlib2) #472578 [since FEDORA-2008-10287] 
 CVE-2008-5184 version (cups, fixed 1.3.8) 
 CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10917] 
-CVE-2008-5153 VULNERABLE (moodle) #472119
+CVE-2008-5153 fixed (moodle) #472119 [since FEDORA-2009-0814] 
 CVE-2008-5148 fixed (geda-gnetlist) #472115 [since FEDORA-2008-9730] 
 CVE-2008-5138 VULNERABLE (pam_mount) #472111
 CVE-2008-5113 VULNERABLE (wordpress) #471991
 CVE-2008-5110 fixed (syslog-ng) #471986 [since FEDORA-2008-10752] 
 CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633] 
-CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc9] 
+CVE-2008-5086 fixed (libvirt) [since FEDORA-2008-11433] 
 CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) 
 CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10962] 
 CVE-2008-5078 ignore (enscript) 1.6.1 only
@@ -67,6 +101,7 @@
 CVE-2008-4985 ignore (vdr) Debian-specific
 CVE-2008-4982 fixed (rkhunter) [since FEDORA-2008-8314] 
 CVE-2008-4977 ignore (postfix) Debian-specific
+CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10) 
 CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped
 CVE-2008-4937 fixed (openoffice.org) [since FEDORA-2008-7680] 
 CVE-2008-4936 fixed (mgetty) patched for ages
@@ -80,6 +115,7 @@
 CVE-2008-4789 fixed (drupal, fixed 6.5) [since FEDORA-2008-8852] 
 CVE-2008-4776 fixed (libgadu, fixed 1.8.2) [since FEDORA-2008-9293] 
 CVE-2008-4775 fixed (phpMyAdmin, fixed 3.0.1.1) [since FEDORA-2008-9316] 
+CVE-2008-4770 fixed (vnc, fixed 4.1.3) [since FEDORA-2009-1001] 
 CVE-2008-4769 version (wordpress) 
 CVE-2008-4690 fixed (lynx) #468550 [since FEDORA-2008-9550] 
 CVE-2008-4641 VULNERABLE (jhead) 
@@ -94,6 +130,7 @@
 CVE-2008-4434 ignore (bittorrent) 6.x only
 CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] 
 CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639] 
+CVE-2008-4405 VULNERABLE (xen) 
 CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464639 
 CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639 
 CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] 
@@ -106,7 +143,7 @@
 CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372] 
 CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 
 CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] 
-CVE-2008-4242 VULNERABLE (proftpd) #464129 
+CVE-2008-4242 fixed (proftpd) #464129 [since FEDORA-2009-0064] 
 CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9773] 
 CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9773] 
 CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379] 
@@ -179,8 +216,8 @@
 CVE-2008-3828 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733] 
 CVE-2008-3826 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733] 
 CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618] 
-CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
-CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
+CVE-2008-3824 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
+CVE-2008-3823 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] 
 CVE-2008-3790 fixed (ruby) [since FEDORA-2008-8738] 
 CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243] 
@@ -329,6 +366,9 @@
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2383 fixed (xterm, fixed 238) [since FEDORA-2009-0059] 
+CVE-2008-2382 VULNERABLE (qemu) 
+CVE-2008-2382 fixed (kvm, fixed 82) [since FEDORA-2008-11705] 
 CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only
 CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6033] 
 CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
@@ -796,6 +836,7 @@
 CVE-2007-5746 version (openoffice.org, fixed 2.4) 
 CVE-2007-5745 version (openoffice.org, fixed 2.4) 
 CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
+CVE-2007-5729 VULNERABLE (kvm, fixed 82) 
 CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9]
 CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
 CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]


