[Fedora-security-commits] fedora-security/audit f10, 1.35, 1.36 f11, 1.6, 1.7 f9, 1.245, 1.246
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Fri Mar 6 19:45:34 UTC 2009
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18046/audit
Modified Files:
f10 f11 f9
Log Message:
another set of updates
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -r1.35 -r1.36
--- f10 16 Feb 2009 08:04:49 -0000 1.35
+++ f10 6 Mar 2009 19:45:04 -0000 1.36
@@ -4,7 +4,17 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2009-0819 ignore (mysql) 5.1+ only
+CVE-2009-0749 fixed (optipng, fixed 0.6.2.1) [since FEDORA-2009-2100]
+CVE-2009-0737 fixed (mediawiki, fixed 1.13.4) [since FEDORA-2009-2231]
+CVE-2009-0671 ignore (uw-imap) rejected, fake report
+CVE-2009-0601 ignore (wireshark, fixed 1.0.6) not security
+CVE-2009-0600 fixed (wireshark, fixed 1.0.6) [since FEDORA-2009-1798]
+CVE-2009-0599 fixed (wireshark, fixed 1.0.6) [since FEDORA-2009-1798]
+CVE-2009-0578 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc10]
+CVE-2009-0577 ignore (cups) not affected
CVE-2009-0547 VULNERABLE (evolution)
+CVE-2009-0544 fixed (python-crypto) [since FEDORA-2009-1687]
CVE-2009-0543 ignore (proftpd) not affected
CVE-2009-0542 VULNERABLE (proftpd) #485130
CVE-2009-0502 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699]
@@ -18,14 +28,18 @@
CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484756
CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484756
CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484756
-CVE-2009-0415 VULNERABLE (trickle) [since trickle-1.07-7.fc10]
+CVE-2009-0415 fixed (trickle) [since FEDORA-2009-1694]
CVE-2009-0414 fixed (tor, fixed 0.2.0.33) [since FEDORA-2009-0917]
CVE-2009-0413 fixed (roundcubemail) [since FEDORA-2009-1204]
CVE-2009-0398 ignore (gstreamer-plugins) only affected old 0.6.x versions
-CVE-2009-0397 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10]
-CVE-2009-0387 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10]
-CVE-2009-0386 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc10]
+CVE-2009-0397 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1213]
+CVE-2009-0387 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1213]
+CVE-2009-0386 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1213]
+CVE-2009-0368 VULNERABLE (opensc, fixed 0.11.7) [since opensc-0.11.7-1.fc10]
+CVE-2009-0365 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc10]
CVE-2009-0362 fixed (fail2ban) [since FEDORA-2009-1737]
+CVE-2009-0361 ignore (pam_krb5) not affected
+CVE-2009-0360 ignore (pam_krb5) not affected
CVE-2009-0358 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398]
CVE-2009-0357 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398]
CVE-2009-0356 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1398]
@@ -38,18 +52,26 @@
CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2)
CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550]
CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550]
+CVE-2009-0129 fixed (perl-Crypt-OpenSSL-DSA) [since FEDORA-2009-2090]
CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc10] not security according to upstream
CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
CVE-2009-0041 fixed (asterisk, fixed 1.6.0.5) [since FEDORA-2009-0984] AST-2009-001
+CVE-2009-0040 fixed (libpng, fixed 1.2.35,1.0.43) [since FEDORA-2009-2112]
+CVE-2009-0040 VULNERABLE (libpng10, fixed 1.2.35,1.0.43) [since libpng10-1.0.43-1.fc10]
+CVE-2009-0040 fixed (mingw32-libpng, fixed 1.2.35,1.0.43) [since FEDORA-2009-2131]
+CVE-2009-0037 VULNERABLE (curl, fixed 7.19.4) #48870
CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped
CVE-2009-0034 fixed (sudo) [since FEDORA-2009-1074]
CVE-2009-0032 ignore (cups) Mandriva-specific
CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0451]
CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0160]
CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0544]
+CVE-2008-6393 fixed (psi, 0.12.1) [since FEDORA-2009-2285]
+CVE-2008-6229 fixed (drupal-cck, fixed 6.x.2.0) [since FEDORA-2008-10143]
CVE-2008-6125 version (moodle)
-CVE-2008-6123 VULNERABLE (net-snmp)
+CVE-2008-6123 fixed (net-snmp) [since FEDORA-2009-1769]
CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484756
+CVE-2008-6059 VULNERABLE (WebKit) [since WebKit-1.1.0-0.14.svn40351.fc10]
CVE-2008-6020 fixed (drupal-views, fixed 6.x-2.2) [since FEDORA-2008-11578]
CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1)
CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11678]
@@ -158,15 +180,15 @@
CVE-2008-4770 fixed (vnc, fixed 4.1.3) [since FEDORA-2009-0991]
CVE-2008-4769 version (wordpress)
CVE-2008-4690 fixed (lynx) [since FEDORA-2008-9952]
-CVE-2008-4641 VULNERABLE (jhead)
-CVE-2008-4640 VULNERABLE (jhead)
+CVE-2008-4641 fixed (jhead) [since FEDORA-2009-1824]
+CVE-2008-4640 fixed (jhead) [since FEDORA-2009-1824]
CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10]
CVE-2008-4619 backport (libtirpc) [since libtirpc-0.1.9-6.fc10]
CVE-2008-4578 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10]
CVE-2008-4577 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10]
CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10]
CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10392] dialupadmin subpackage dropped
-CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484756
+CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484756
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10]
CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10]
Index: f11
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f11,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- f11 16 Feb 2009 08:04:49 -0000 1.6
+++ f11 6 Mar 2009 19:45:04 -0000 1.7
@@ -4,7 +4,17 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2009-0819 version (mysql) [since mysql-5.1.32-1.fc11]
+CVE-2009-0749 version (optipng, fixed 0.6.2.1) [since optipng-0.6.2.1-1.fc11]
+CVE-2009-0737 version (mediawiki, fixed 1.13.4) [since mediawiki-1.14.0-45.fc11]
+CVE-2009-0671 ignore (uw-imap) rejected, fake report
+CVE-2009-0601 ignore (wireshark, fixed 1.0.6) not security
+CVE-2009-0600 version (wireshark, fixed 1.0.6)
+CVE-2009-0599 version (wireshark, fixed 1.0.6)
+CVE-2009-0578 version (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc11]
+CVE-2009-0577 ignore (cups) not affected
CVE-2009-0547 VULNERABLE (evolution)
+CVE-2009-0544 version (python-crypto) [since python-crypto-2.0.1-16.1]
CVE-2009-0543 ignore (proftpd) not affected
CVE-2009-0542 VULNERABLE (proftpd) #485131
CVE-2009-0502 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11]
@@ -12,36 +22,48 @@
CVE-2009-0500 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11]
CVE-2009-0499 version (moodle, fixed 1.9.4) [since moodle-1.9.4-1.fc11]
CVE-2009-0490 VULNERABLE (audacity, fixed 1.3.6) #484954
-CVE-2009-0486 VULNERABLE (bugzilla, fixed 3.0.8) #484758
-CVE-2009-0485 VULNERABLE (bugzilla, fixed 3.0.7) #484758
-CVE-2009-0484 VULNERABLE (bugzilla, fixed 3.0.7) #484758
-CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484758
-CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484758
-CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484758
+CVE-2009-0486 version (bugzilla, fixed 3.0.8) #484758 [since bugzilla-3.0.8-1.fc11]
+CVE-2009-0485 version (bugzilla, fixed 3.0.7) #484758 [since bugzilla-3.0.8-1.fc11]
+CVE-2009-0484 version (bugzilla, fixed 3.0.7) #484758 [since bugzilla-3.0.8-1.fc11]
+CVE-2009-0483 version (bugzilla, fixed 3.0.7) #484758 [since bugzilla-3.0.8-1.fc11]
+CVE-2009-0482 version (bugzilla, fixed 3.2.1) [since bugzilla-3.2.2-2.fc11]
+CVE-2009-0481 version (bugzilla, fixed 3.0.7) #484758 [since bugzilla-3.0.8-1.fc11]
CVE-2009-0415 backport (trickle) [since trickle-1.07-6.fc11]
CVE-2009-0414 version (tor, fixed 0.2.0.33) [since tor-0.2.0.33-1.fc11]
CVE-2009-0413 backport (roundcubemail) [since roundcubemail-0.2-7.stable.fc11]
CVE-2009-0397 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11]
CVE-2009-0387 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11]
CVE-2009-0386 version (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.13-1.fc11]
+CVE-2009-0368 VULNERABLE (opensc, fixed 0.11.7) [since opensc-0.11.7-1.fc11]
+CVE-2009-0365 version (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc11]
CVE-2009-0362 backport (fail2ban) [since fail2ban-0.8.3-18.fc11]
+CVE-2009-0361 ignore (pam_krb5) not affected
+CVE-2009-0360 ignore (pam_krb5) not affected
CVE-2009-0312 VULNERABLE (moin, fixed 1.7.4,1.8.2)
CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025
CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2)
CVE-2009-0136 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11]
CVE-2009-0135 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11]
+CVE-2009-0129 VULNERABLE (perl-Crypt-OpenSSL-DSA)
CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc11] not security according to upstream
CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) AST-2009-001
+CVE-2009-0040 version (libpng, fixed 1.2.35,1.0.43) [since libpng-1.2.35-1.fc11]
+CVE-2009-0040 version (libpng10, fixed 1.2.35,1.0.43) [since libpng10-1.0.43-1.fc11]
+CVE-2009-0040 version (mingw32-libpng, fixed 1.2.35,1.0.43) [since mingw32-libpng-1.2.35-1.fc11]
+CVE-2009-0037 version (curl, fixed 7.19.4) [since curl-7.19.4-1.fc11]
CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped
CVE-2009-0034 VULNERABLE (sudo)
CVE-2009-0032 ignore (cups) Mandriva-specific
CVE-2009-0025 version (bind, fixed 9.5.1-P1,9.6.0-P1) [since bind-9.6.0-2.P1.fc11]
CVE-2009-0022 VULNERABLE (samba, fixed 3.2.7)
CVE-2009-0021 version (ntp, fixed 4.2.4p6) [since ntp-4.2.4p6-1.fc11]
+CVE-2008-6393 VULNERABLE (psi, 0.12.1) [since psi-0.12.1-1.fc11]
+CVE-2008-6229 version (drupal-cck, fixed 6.x.2.0) [since drupal-cck-6.x.2.0-4.fc11]
CVE-2008-6125 version (moodle)
-CVE-2008-6123 VULNERABLE (net-snmp)
-CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484758
+CVE-2008-6123 backport (net-snmp) [since net-snmp-5.4.2.1-8.fc11]
+CVE-2008-6098 version (bugzilla, fixed 3.0.6) #484758 [since bugzilla-3.0.8-1.fc11]
+CVE-2008-6059 VULNERABLE (WebKit) [since WebKit-1.1.0-0.14.svn40351.fc11]
CVE-2008-6020 version (drupal-views, fixed 6.x-2.2) [since drupal-views-6.x.2.2-1.fc11]
CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1)
CVE-2008-5916 version (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since git-1.6.0.6-1.fc11]
@@ -119,9 +141,9 @@
CVE-2008-4863 backport (blender) [blender-2.48a-4.fc10]
CVE-2008-4770 VULNERABLE (vnc, fixed 4.1.3)
CVE-2008-4690 backport (lynx) [since lynx-2.8.6-18.fc10]
-CVE-2008-4641 VULNERABLE (jhead)
-CVE-2008-4640 VULNERABLE (jhead)
-CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484758
+CVE-2008-4641 version (jhead) [since jhead-2.86-1.fc11]
+CVE-2008-4640 version (jhead) [since jhead-2.86-1.fc11]
+CVE-2008-4437 version (bugzilla, fixed 3.0.5) #484758 [since bugzilla-3.0.8-1.fc11]
CVE-2008-4405 VULNERABLE (xen)
CVE-2008-4315 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11]
CVE-2008-4314 version (samba, fixed 3.0.33,3.2.5) [since samba-3.2.5-0.23.fc11]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.245
retrieving revision 1.246
diff -u -r1.245 -r1.246
--- f9 16 Feb 2009 08:04:49 -0000 1.245
+++ f9 6 Mar 2009 19:45:04 -0000 1.246
@@ -5,7 +5,17 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2009-0819 ignore (mysql) 5.1+ only
+CVE-2009-0749 fixed (optipng, fixed 0.6.2.1) [since FEDORA-2009-2098]
+CVE-2009-0737 fixed (mediawiki, fixed 1.13.4) [since FEDORA-2009-2237]
+CVE-2009-0671 ignore (uw-imap) rejected, fake report
+CVE-2009-0601 ignore (wireshark, fixed 1.0.6) not security
+CVE-2009-0600 VULNERABLE (wireshark, fixed 1.0.6) [since wireshark-1.0.6-1.fc9]
+CVE-2009-0599 VULNERABLE (wireshark, fixed 1.0.6) [since wireshark-1.0.6-1.fc9]
+CVE-2009-0578 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc9]
+CVE-2009-0577 ignore (cups) not affected
CVE-2009-0547 VULNERABLE (evolution)
+CVE-2009-0544 fixed (python-crypto) [since FEDORA-2009-1680]
CVE-2009-0543 ignore (proftpd) not affected
CVE-2009-0542 VULNERABLE (proftpd) #485129
CVE-2009-0502 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641]
@@ -19,14 +29,18 @@
CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484757
CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484757
CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484757
-CVE-2009-0415 VULNERABLE (trickle) [since trickle-1.07-7.fc9]
+CVE-2009-0415 fixed (trickle) [since FEDORA-2009-1675]
CVE-2009-0414 fixed (tor, fixed 0.2.0.33) [since FEDORA-2009-0897]
CVE-2009-0413 fixed (roundcubemail) [since FEDORA-2009-1256]
CVE-2009-0398 ignore (gstreamer-plugins) only affected old 0.6.x versions
-CVE-2009-0397 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9]
-CVE-2009-0387 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9]
-CVE-2009-0386 VULNERABLE (gstreamer-plugins-good, fixed 0.10.13) [since gstreamer-plugins-good-0.10.8-10.fc9]
+CVE-2009-0397 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1343]
+CVE-2009-0387 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1343]
+CVE-2009-0386 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1343]
+CVE-2009-0368 VULNERABLE (opensc, fixed 0.11.7) [since opensc-0.11.7-1.fc9]
+CVE-2009-0365 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc9]
CVE-2009-0362 fixed (fail2ban) [since FEDORA-2009-1736]
+CVE-2009-0361 ignore (pam_krb5) not affected
+CVE-2009-0360 ignore (pam_krb5) not affected
CVE-2009-0358 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399]
CVE-2009-0357 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399]
CVE-2009-0356 fixed (firefox, fixed 3.0.6) [since FEDORA-2009-1399]
@@ -39,18 +53,25 @@
CVE-2009-0260 VULNERABLE (moin, fixed 1.7.4,1.8.2)
CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715]
CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715]
+CVE-2009-0129 fixed (perl-Crypt-OpenSSL-DSA) [since FEDORA-2009-1914]
CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc9] not security according to upstream
CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
CVE-2009-0041 fixed (asterisk, fixed 1.6.0.5) [since FEDORA-2009-0973] AST-2009-001
+CVE-2009-0040 fixed (libpng, fixed 1.2.35,1.0.43) [since FEDORA-2009-2128]
+CVE-2009-0040 VULNERABLE (libpng10, fixed 1.2.35,1.0.43) [since libpng10-1.0.43-1.fc9]
+CVE-2009-0037 fixed (curl, fixed 7.19.4) #488169 [since FEDORA-2009-2265]
CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped
CVE-2009-0034 VULNERABLE (sudo)
CVE-2009-0032 ignore (cups) Mandriva-specific
CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0350]
CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0268]
CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0547]
+CVE-2008-6393 fixed (psi, 0.12.1) [since FEDORA-2009-2295]
+CVE-2008-6229 fixed (drupal-cck, fixed 6.x.2.0) [since FEDORA-2008-9479]
CVE-2008-6125 version (moodle)
-CVE-2008-6123 VULNERABLE (net-snmp)
+CVE-2008-6123 ignore (net-snmp) not affected
CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484757
+CVE-2008-6059 VULNERABLE (WebKit) [since WebKit-1.1.0-0.14.svn40351.fc9]
CVE-2008-6020 fixed (drupal-views, fixed 6.x-2.2) [since FEDORA-2008-11519]
CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1)
CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11650]
@@ -156,15 +177,15 @@
CVE-2008-4770 fixed (vnc, fixed 4.1.3) [since FEDORA-2009-1001]
CVE-2008-4769 version (wordpress)
CVE-2008-4690 fixed (lynx) #468550 [since FEDORA-2008-9550]
-CVE-2008-4641 VULNERABLE (jhead)
-CVE-2008-4640 VULNERABLE (jhead)
+CVE-2008-4641 fixed (jhead) [since FEDORA-2009-1776]
+CVE-2008-4640 fixed (jhead) [since FEDORA-2009-1776]
CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928]
CVE-2008-4619 fixed (libtirpc) [since FEDORA-2008-9204]
CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix
CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9202]
CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928]
CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10309] dialupadmin subpackage dropped
-CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484757
+CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484757
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575]
CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639]
@@ -221,7 +242,7 @@
CVE-2008-4059 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-4058 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
CVE-2008-4058 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
-CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6)
+CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6) [since opensc-0.11.7-1.fc9]
CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976]
CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830]
CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
@@ -431,7 +452,7 @@
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2238 fixed (openoffice.org, fixed 2.4.2) [since FEDORA-2008-9313]
CVE-2008-2237 fixed (openoffice.org, fixed 2.4.2) [since FEDORA-2008-9313]
-CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5)
+CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5) [since opensc-0.11.7-1.fc9]
CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) [since FEDORA-2008-5143]
CVE-2008-2146 version (wordpress, fixed 2.2.3)
More information about the Fedora-security-commits
mailing list