From fedora-security-commits at redhat.com Tue May 26 08:01:32 2009 From: fedora-security-commits at redhat.com (fedora-security-commits at redhat.com) Date: Tue, 26 May 2009 08:01:32 +0000 (UTC) Subject: [Fedora-security-commits] fedora-security/audit f10, 1.36, 1.37 f11, 1.7, 1.8 f9, 1.246, 1.247 Message-ID: <20090526080132.D138E70114@cvs1.fedora.phx.redhat.com> Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30446/audit Modified Files: f10 f11 f9 Log Message: bunch of old changes i failed to commit previously these files are not really maintained any more :-( Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.36 retrieving revision 1.37 diff -u -r1.36 -r1.37 --- f10 6 Mar 2009 19:45:04 -0000 1.36 +++ f10 26 May 2009 08:01:02 -0000 1.37 @@ -4,16 +4,26 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2009-0845 VULNERABLE (krb5) [since krb5-1.6.3-17.fc10] CVE-2009-0819 ignore (mysql) 5.1+ only CVE-2009-0749 fixed (optipng, fixed 0.6.2.1) [since FEDORA-2009-2100] CVE-2009-0737 fixed (mediawiki, fixed 1.13.4) [since FEDORA-2009-2231] +CVE-2009-0733 VULNERABLE (lcms, fixed 1.18) #491273 +CVE-2009-0723 VULNERABLE (lcms, fixed 1.18) #491273 CVE-2009-0671 ignore (uw-imap) rejected, fake report CVE-2009-0601 ignore (wireshark, fixed 1.0.6) not security CVE-2009-0600 fixed (wireshark, fixed 1.0.6) [since FEDORA-2009-1798] CVE-2009-0599 fixed (wireshark, fixed 1.0.6) [since FEDORA-2009-1798] -CVE-2009-0578 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc10] +CVE-2009-0587 ignore (evolution-data-server) only old EDS versions affected +CVE-2009-0585 ignore (libsoup) not affected +CVE-2009-0584 fixed (ghostscript) #491277 [since FEDORA-2009-2885] +CVE-2009-0583 fixed (ghostscript) #491277 [since FEDORA-2009-2885] +CVE-2009-0582 fixed (evolution-data-server, fixed 2.26.0) [since FEDORA-2009-2784] +CVE-2009-0581 VULNERABLE (lcms, fixed 1.18) #491273 +CVE-2009-0578 fixed (NetworkManager, 0.7.0.99) [since FEDORA-2009-2419] CVE-2009-0577 ignore (cups) not affected CVE-2009-0547 VULNERABLE (evolution) +CVE-2009-0547 fixed (evolution-data-server, fixed 2.26.0) [since FEDORA-2009-2784] CVE-2009-0544 fixed (python-crypto) [since FEDORA-2009-1687] CVE-2009-0543 ignore (proftpd) not affected CVE-2009-0542 VULNERABLE (proftpd) #485130 @@ -22,12 +32,12 @@ CVE-2009-0500 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699] CVE-2009-0499 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1699] CVE-2009-0490 VULNERABLE (audacity, fixed 1.3.6) #484952 -CVE-2009-0486 VULNERABLE (bugzilla, fixed 3.0.8) #484756 -CVE-2009-0485 VULNERABLE (bugzilla, fixed 3.0.7) #484756 -CVE-2009-0484 VULNERABLE (bugzilla, fixed 3.0.7) #484756 -CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484756 -CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484756 -CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484756 +CVE-2009-0486 fixed (bugzilla, fixed 3.0.8) #484756 [since FEDORA-2009-2417] +CVE-2009-0485 fixed (bugzilla, fixed 3.0.7) #484756 [since FEDORA-2009-2417] +CVE-2009-0484 fixed (bugzilla, fixed 3.0.7) #484756 [since FEDORA-2009-2417] +CVE-2009-0483 fixed (bugzilla, fixed 3.0.7) #484756 [since FEDORA-2009-2417] +CVE-2009-0482 fixed (bugzilla, fixed 3.2.1) #484756 [since FEDORA-2009-2417] +CVE-2009-0481 fixed (bugzilla, fixed 3.0.7) #484756 [since FEDORA-2009-2417] CVE-2009-0415 fixed (trickle) [since FEDORA-2009-1694] CVE-2009-0414 fixed (tor, fixed 0.2.0.33) [since FEDORA-2009-0917] CVE-2009-0413 fixed (roundcubemail) [since FEDORA-2009-1204] @@ -35,8 +45,8 @@ CVE-2009-0397 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1213] CVE-2009-0387 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1213] CVE-2009-0386 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1213] -CVE-2009-0368 VULNERABLE (opensc, fixed 0.11.7) [since opensc-0.11.7-1.fc10] -CVE-2009-0365 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc10] +CVE-2009-0368 fixed (opensc, fixed 0.11.7) [since FEDORA-2009-2266] +CVE-2009-0365 fixed (NetworkManager, 0.7.0.99) [since FEDORA-2009-2419] CVE-2009-0362 fixed (fail2ban) [since FEDORA-2009-1737] CVE-2009-0361 ignore (pam_krb5) not affected CVE-2009-0360 ignore (pam_krb5) not affected @@ -57,9 +67,9 @@ CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific CVE-2009-0041 fixed (asterisk, fixed 1.6.0.5) [since FEDORA-2009-0984] AST-2009-001 CVE-2009-0040 fixed (libpng, fixed 1.2.35,1.0.43) [since FEDORA-2009-2112] -CVE-2009-0040 VULNERABLE (libpng10, fixed 1.2.35,1.0.43) [since libpng10-1.0.43-1.fc10] +CVE-2009-0040 fixed (libpng10, fixed 1.2.35,1.0.43) [since FEDORA-2009-1976] CVE-2009-0040 fixed (mingw32-libpng, fixed 1.2.35,1.0.43) [since FEDORA-2009-2131] -CVE-2009-0037 VULNERABLE (curl, fixed 7.19.4) #48870 +CVE-2009-0037 fixed (curl, fixed 7.19.4) #488170 [since FEDORA-2009-2247] CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped CVE-2009-0034 fixed (sudo) [since FEDORA-2009-1074] CVE-2009-0032 ignore (cups) Mandriva-specific @@ -70,7 +80,7 @@ CVE-2008-6229 fixed (drupal-cck, fixed 6.x.2.0) [since FEDORA-2008-10143] CVE-2008-6125 version (moodle) CVE-2008-6123 fixed (net-snmp) [since FEDORA-2009-1769] -CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484756 +CVE-2008-6098 fixed (bugzilla, fixed 3.0.6) #484756 [since FEDORA-2009-2417] CVE-2008-6059 VULNERABLE (WebKit) [since WebKit-1.1.0-0.14.svn40351.fc10] CVE-2008-6020 fixed (drupal-views, fixed 6.x-2.2) [since FEDORA-2008-11578] CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) @@ -78,7 +88,9 @@ CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] CVE-2008-5905 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7 +CVE-2008-5843 fixed (pdfjam, fixed 1.21) [since FEDORA-2009-2651] CVE-2008-5744 ignore (zaptel) kernel modules not shipped +CVE-2008-5743 fixed (pdfjam, fixed 1.21) [since FEDORA-2009-2651] CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2) CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed CVE-2008-5714 VULNERABLE (kvm) @@ -188,7 +200,7 @@ CVE-2008-4577 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10392] dialupadmin subpackage dropped -CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484756 +CVE-2008-4437 fixed (bugzilla, fixed 3.0.5) #484756 [since FEDORA-2009-2417] CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10] @@ -197,6 +209,7 @@ CVE-2008-4359 version (lighttpd, fixed 1.4.20) #465754 [since lighttpd-1.4.20-1.fc10] CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10] CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10] +CVE-2008-4316 VULNERABLE (glib2) [since glib2-2.18.4-2.fc10] CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] CVE-2008-4314 fixed (samba, fixed 3.0.33,3.2.5) [since FEDORA-2008-10612] CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] Index: f11 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f11,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- f11 6 Mar 2009 19:45:04 -0000 1.7 +++ f11 26 May 2009 08:01:02 -0000 1.8 @@ -4,16 +4,26 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2009-0845 backport (krb5) [since krb5-1.6.3-19.fc11] CVE-2009-0819 version (mysql) [since mysql-5.1.32-1.fc11] CVE-2009-0749 version (optipng, fixed 0.6.2.1) [since optipng-0.6.2.1-1.fc11] CVE-2009-0737 version (mediawiki, fixed 1.13.4) [since mediawiki-1.14.0-45.fc11] +CVE-2009-0733 VULNERABLE (lcms, fixed 1.18) #491274 +CVE-2009-0723 VULNERABLE (lcms, fixed 1.18) #491274 CVE-2009-0671 ignore (uw-imap) rejected, fake report CVE-2009-0601 ignore (wireshark, fixed 1.0.6) not security CVE-2009-0600 version (wireshark, fixed 1.0.6) CVE-2009-0599 version (wireshark, fixed 1.0.6) +CVE-2009-0587 ignore (evolution-data-server) only old EDS versions affected +CVE-2009-0585 ignore (libsoup) not affected +CVE-2009-0584 VULNERABLE (ghostscript) #491278 +CVE-2009-0583 VULNERABLE (ghostscript) #491278 +CVE-2009-0582 VULNERABLE (evolution-data-server, fixed 2.26.0) [since evolution-data-server-2.26.0-1.fc11] +CVE-2009-0581 VULNERABLE (lcms, fixed 1.18) #491274 CVE-2009-0578 version (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc11] CVE-2009-0577 ignore (cups) not affected CVE-2009-0547 VULNERABLE (evolution) +CVE-2009-0547 VULNERABLE (evolution-data-server, fixed 2.26.0) [since evolution-data-server-2.26.0-1.fc11] CVE-2009-0544 version (python-crypto) [since python-crypto-2.0.1-16.1] CVE-2009-0543 ignore (proftpd) not affected CVE-2009-0542 VULNERABLE (proftpd) #485131 @@ -70,7 +80,9 @@ CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] CVE-2008-5905 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10] CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7 +CVE-2008-5843 version (pdfjam, fixed 1.21) [since pdfjam-1.21-1.fc11] CVE-2008-5744 ignore (zaptel) kernel modules not shipped +CVE-2008-5743 version (pdfjam, fixed 1.21) [since pdfjam-1.21-1.fc11] CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2) CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed CVE-2008-5714 VULNERABLE (kvm) @@ -145,6 +157,7 @@ CVE-2008-4640 version (jhead) [since jhead-2.86-1.fc11] CVE-2008-4437 version (bugzilla, fixed 3.0.5) #484758 [since bugzilla-3.0.8-1.fc11] CVE-2008-4405 VULNERABLE (xen) +CVE-2008-4316 VULNERABLE (glib2) [since glib2-2.19.10-2.fc11] CVE-2008-4315 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] CVE-2008-4314 version (samba, fixed 3.0.33,3.2.5) [since samba-3.2.5-0.23.fc11] CVE-2008-4313 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.246 retrieving revision 1.247 diff -u -r1.246 -r1.247 --- f9 6 Mar 2009 19:45:04 -0000 1.246 +++ f9 26 May 2009 08:01:02 -0000 1.247 @@ -5,16 +5,26 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2009-0845 VULNERABLE (krb5) [since krb5-1.6.3-15.fc9] CVE-2009-0819 ignore (mysql) 5.1+ only CVE-2009-0749 fixed (optipng, fixed 0.6.2.1) [since FEDORA-2009-2098] CVE-2009-0737 fixed (mediawiki, fixed 1.13.4) [since FEDORA-2009-2237] +CVE-2009-0733 VULNERABLE (lcms, fixed 1.18) #491272 +CVE-2009-0723 VULNERABLE (lcms, fixed 1.18) #491272 CVE-2009-0671 ignore (uw-imap) rejected, fake report CVE-2009-0601 ignore (wireshark, fixed 1.0.6) not security -CVE-2009-0600 VULNERABLE (wireshark, fixed 1.0.6) [since wireshark-1.0.6-1.fc9] -CVE-2009-0599 VULNERABLE (wireshark, fixed 1.0.6) [since wireshark-1.0.6-1.fc9] -CVE-2009-0578 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc9] +CVE-2009-0600 fixed (wireshark, fixed 1.0.6) [since FEDORA-2009-1877] +CVE-2009-0599 fixed (wireshark, fixed 1.0.6) [since FEDORA-2009-1877] +CVE-2009-0587 ignore (evolution-data-server) only old EDS versions affected +CVE-2009-0585 ignore (libsoup) not affected +CVE-2009-0584 fixed (ghostscript) #491276 [since FEDORA-2009-2883] +CVE-2009-0583 fixed (ghostscript) #491276 [since FEDORA-2009-2883] +CVE-2009-0582 fixed (evolution-data-server, fixed 2.26.0) [since FEDORA-2009-2792] +CVE-2009-0581 VULNERABLE (lcms, fixed 1.18) #491272 +CVE-2009-0578 fixed (NetworkManager, 0.7.0.99) [since FEDORA-2009-2420] CVE-2009-0577 ignore (cups) not affected CVE-2009-0547 VULNERABLE (evolution) +CVE-2009-0547 fixed (evolution-data-server, fixed 2.26.0) [since FEDORA-2009-2792] CVE-2009-0544 fixed (python-crypto) [since FEDORA-2009-1680] CVE-2009-0543 ignore (proftpd) not affected CVE-2009-0542 VULNERABLE (proftpd) #485129 @@ -23,12 +33,12 @@ CVE-2009-0500 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641] CVE-2009-0499 fixed (moodle, fixed 1.9.4) [since FEDORA-2009-1641] CVE-2009-0490 VULNERABLE (audacity, fixed 1.3.6) #484953 -CVE-2009-0486 VULNERABLE (bugzilla, fixed 3.0.8) #484757 -CVE-2009-0485 VULNERABLE (bugzilla, fixed 3.0.7) #484757 -CVE-2009-0484 VULNERABLE (bugzilla, fixed 3.0.7) #484757 -CVE-2009-0483 VULNERABLE (bugzilla, fixed 3.0.7) #484757 -CVE-2009-0482 VULNERABLE (bugzilla, fixed 3.2.1) #484757 -CVE-2009-0481 VULNERABLE (bugzilla, fixed 3.0.7) #484757 +CVE-2009-0486 fixed (bugzilla, fixed 3.0.8) #484757 [since FEDORA-2009-2418] +CVE-2009-0485 fixed (bugzilla, fixed 3.0.7) #484757 [since FEDORA-2009-2418] +CVE-2009-0484 fixed (bugzilla, fixed 3.0.7) #484757 [since FEDORA-2009-2418] +CVE-2009-0483 fixed (bugzilla, fixed 3.0.7) #484757 [since FEDORA-2009-2418] +CVE-2009-0482 fixed (bugzilla, fixed 3.2.1) #484757 [since FEDORA-2009-2418] +CVE-2009-0481 fixed (bugzilla, fixed 3.0.7) #484757 [since FEDORA-2009-2418] CVE-2009-0415 fixed (trickle) [since FEDORA-2009-1675] CVE-2009-0414 fixed (tor, fixed 0.2.0.33) [since FEDORA-2009-0897] CVE-2009-0413 fixed (roundcubemail) [since FEDORA-2009-1256] @@ -36,8 +46,8 @@ CVE-2009-0397 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1343] CVE-2009-0387 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1343] CVE-2009-0386 fixed (gstreamer-plugins-good, fixed 0.10.13) [since FEDORA-2009-1343] -CVE-2009-0368 VULNERABLE (opensc, fixed 0.11.7) [since opensc-0.11.7-1.fc9] -CVE-2009-0365 VULNERABLE (NetworkManager, 0.7.0.99) [since NetworkManager-0.7.0.99-1.fc9] +CVE-2009-0368 fixed (opensc, fixed 0.11.7) [since FEDORA-2009-2267] +CVE-2009-0365 fixed (NetworkManager, 0.7.0.99) [since FEDORA-2009-2420] CVE-2009-0362 fixed (fail2ban) [since FEDORA-2009-1736] CVE-2009-0361 ignore (pam_krb5) not affected CVE-2009-0360 ignore (pam_krb5) not affected @@ -58,7 +68,7 @@ CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific CVE-2009-0041 fixed (asterisk, fixed 1.6.0.5) [since FEDORA-2009-0973] AST-2009-001 CVE-2009-0040 fixed (libpng, fixed 1.2.35,1.0.43) [since FEDORA-2009-2128] -CVE-2009-0040 VULNERABLE (libpng10, fixed 1.2.35,1.0.43) [since libpng10-1.0.43-1.fc9] +CVE-2009-0040 fixed (libpng10, fixed 1.2.35,1.0.43) [since FEDORA-2009-2045] CVE-2009-0037 fixed (curl, fixed 7.19.4) #488169 [since FEDORA-2009-2265] CVE-2009-0036 ignore (libvirt) libvirt_proxy not shipped CVE-2009-0034 VULNERABLE (sudo) @@ -70,7 +80,7 @@ CVE-2008-6229 fixed (drupal-cck, fixed 6.x.2.0) [since FEDORA-2008-9479] CVE-2008-6125 version (moodle) CVE-2008-6123 ignore (net-snmp) not affected -CVE-2008-6098 VULNERABLE (bugzilla, fixed 3.0.6) #484757 +CVE-2008-6098 fixed (bugzilla, fixed 3.0.6) #484757 [since FEDORA-2009-2418] CVE-2008-6059 VULNERABLE (WebKit) [since WebKit-1.1.0-0.14.svn40351.fc9] CVE-2008-6020 fixed (drupal-views, fixed 6.x-2.2) [since FEDORA-2008-11519] CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1) @@ -78,7 +88,9 @@ CVE-2008-5906 fixed (ktorrent, fixed 3.1.4) [since FEDORA-2008-9167] CVE-2008-5905 fixed (ktorrent, fixed 3.1.4) [since FEDORA-2008-9167] CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7 +CVE-2008-5843 fixed (pdfjam, fixed 1.21) [since FEDORA-2009-2655] CVE-2008-5744 ignore (zaptel) kernel modules not shipped +CVE-2008-5743 fixed (pdfjam, fixed 1.21) [since FEDORA-2009-2655] CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2) CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed CVE-2008-5714 VULNERABLE (kvm) @@ -185,7 +197,7 @@ CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9202] CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10309] dialupadmin subpackage dropped -CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #484757 +CVE-2008-4437 fixed (bugzilla, fixed 3.0.5) #484757 [since FEDORA-2009-2418] CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639] @@ -194,6 +206,7 @@ CVE-2008-4359 fixed (lighttpd, fixed 1.4.20) #464639 [since FEDORA-2008-11923] CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252] +CVE-2008-4316 VULNERABLE (glib2) [since glib2-2.16.6-3.fc9] CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] CVE-2008-4314 fixed (samba, fixed 3.0.33,3.2.5) [since FEDORA-2008-10518] CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] @@ -242,7 +255,7 @@ CVE-2008-4059 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] CVE-2008-4058 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] CVE-2008-4058 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] -CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6) [since opensc-0.11.7-1.fc9] +CVE-2008-3972 fixed (opensc, fixed 0.11.6) [since FEDORA-2009-2267] CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976] CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830] CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected @@ -452,7 +465,7 @@ CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp CVE-2008-2238 fixed (openoffice.org, fixed 2.4.2) [since FEDORA-2008-9313] CVE-2008-2237 fixed (openoffice.org, fixed 2.4.2) [since FEDORA-2008-9313] -CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5) [since opensc-0.11.7-1.fc9] +CVE-2008-2235 fixed (opensc, fixed 0.11.5) [since FEDORA-2009-2267] CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) [since FEDORA-2008-5143] CVE-2008-2146 version (wordpress, fixed 2.2.3)