Author: kevin
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17181
Modified Files:
epel4 epel5
Log Message:
Bring epel4/epel5 back up to date.
Index: epel4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/epel4,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- epel4 12 Nov 2007 20:59:39 -0000 1.4
+++ epel4 29 Dec 2007 20:42:43 -0000 1.5
@@ -3,9 +3,23 @@
# *CVE are items that need verification for EPEL-4
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20071112
-# Up to date EPEL4 as of 20071112
-#
+# Up to date CVE as of CVE email 20071229
+# Up to date EPEL4 as of 20071229
+
+CVE-2007-6337 version (clamav, fixed 0.92) #426213
+CVE-2007-6336 version (clamav, fixed 0.92) #426213
+CVE-2007-6335 version (clamav, fixed 0.92) #426213
+CVE-2007-6353 VULNERABLE (exiv2) #425924
+CVE-2007-6350 VULNERABLE (scponly) #418201
+CVE-2007-6328 VULNERABLE (dosbox) design decision
+CVE-2007-6321 VULNERABLE (roundcubemail) #423301
+CVE-2007-6299 VULNERABALE (drupal, fixed 5.4)
+CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4]
+CVE-2007-6208 ignore (claws) We don't ship the script
+CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2)
+CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9]
+CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
+CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
CVE-2007-5715 backport (denyhosts) fixed long ago
CVE-2007-5712 version (Django, fixed 0.96.1) #362761
@@ -30,12 +44,12 @@
*CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
CVE-2007-4631 version (qgit, fixed 1.5.7) #268381
*CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
-CVE-2007-4560 VULNERABLE (clamav) #260583
+CVE-2007-4560 version (clamav) #260583
*CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
*CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561
*CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
*CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
-CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
+CVE-2007-4510 version (clamav, fixed 0.91.2) #253780
*CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
*CVE-2007-4400 VULNERABLE (konversation) #253545
CVE-2007-4323 backport (denyhosts) #252291
@@ -50,28 +64,28 @@
CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591
CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591
-CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3123 version (clamav, fixed 0.90.3) #245219
+CVE-2007-3122 version (clamav, fixed 0.90.3) #245219
CVE-2007-3113 patch (cacti, fixed 0.8.7) #243592
CVE-2007-3112 patch (cacti, fixed 0.8.7) #243592
CVE-2007-3025 ignore (clamav, Solaris only)
-CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3024 version (clamav, fixed 0.90.3) #245219
+CVE-2007-3023 version (clamav, fixed 0.90.3) #245219
*CVE-2007-2958 VULNERABLE (claws-mail) #254121
*CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489
CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
-CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395
+CVE-2007-2650 version (clamav, fixed 0.90.3) #240395
CVE-2007-2637 patch (moin, fixed 1.5.7-2)
CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
*CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615
CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
*CVE-2007-2165 VULNERABLE (proftpd) #237533
-CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-2029 version (clamav, fixed 0.90.3) #245219
CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
-CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2)
+CVE-2007-1997 version (clamav, fixed in 0.90.2)
CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
-CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703
+CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703
CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
*CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
@@ -89,8 +103,8 @@
*CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
CVE-2007-0902 version (moin, fixed 1.5.7-2) #228764
CVE-2007-0901 version (moin, fixed 1.5.7-2) #228764
-CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202
-CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202
+CVE-2007-0898 version (clamav, fixed 0.90) #229202
+CVE-2007-0897 version (clamav, fixed 0.90) #229202
*CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
CVE-2007-0857 version (moin, fixed 1.5.7) #228139
*CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
@@ -108,8 +122,8 @@
CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
*CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938
-CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7)
-CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095
+CVE-2006-6481 version (clamav, fixed 0.88.7)
+CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
CVE-2006-6374 ** (phpMyAdmin) #218853
CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
Index: epel5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/epel5,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- epel5 12 Nov 2007 20:59:39 -0000 1.6
+++ epel5 29 Dec 2007 20:42:43 -0000 1.7
@@ -3,14 +3,33 @@
# *CVE are items that need verification for EPEL-5
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20071112
-# Up to date EPEL5 as of 20071112
+# Up to date CVE as of CVE email 20071229
+# Up to date EPEL5 as of 20071229
#
+
+CVE-2007-6337 version (clamav, fixed 0.92) #426213
+CVE-2007-6336 version (clamav, fixed 0.92) #426213
+CVE-2007-6335 version (clamav, fixed 0.92) #426213
+CVE-2007-6353 VULNERABLE (exiv2) #425924
+CVE-2007-6350 VULNERABLE (scponly) #418201
+CVE-2007-6328 VULNERABLE (dosbox) design decision
+CVE-2007-6321 VULNERABLE (roundcubemail) #423301
+CVE-2007-6318 VULNERABLE (wordpress)
+CVE-2007-6299 VULNERABLE (drupal, fixed 5.4)
+CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4]
+CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2)
+CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1]
+CVE-2007-6013 VULNERABLE (wordpress)
+CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1]
+CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1]
+CVE-2007-5934 version (php-pear-MDB2) #379111 [since php-pear-MDB2-2.4.1-2]
+CVE-2007-5934 version (php-pear-MDB2-Driver-mysql) #379141 [since php-pear-MDB2-Driver-mysql-1.4.1-3]
+CVE-2007-5934 version (php-pear-MDB2-Driver-mysqli) #379171 [since php-pear-MDB2-Driver-mysqli-1.4.1-3]
CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
CVE-2007-5715 backport (denyhosts) fixed long ago
CVE-2007-5712 version (Django, fixed 0.96.1) #362761
CVE-2007-5626 ignore (bacula) known, documented limitation
-CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362791
+CVE-2007-5624 version (nagios, fixed 2.10) #362791
CVE-2007-5623 backport (nagios-plugins) #348731
CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
@@ -31,12 +50,12 @@
CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
CVE-2007-4631 version (qgit, fixed 1.5.7) #268381
CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
-CVE-2007-4560 VULNERABLE (clamav) #260583
+CVE-2007-4560 version (clamav) #260583
CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021
CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561
CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021
CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021
-CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
+CVE-2007-4510 version (clamav, fixed 0.91.2) #253780
*CVE-2007-4462 version (po4a) #253541
CVE-2007-4400 VULNERABLE (konversation) #253545
CVE-2007-4323 backport (denyhosts) #252291
@@ -54,27 +73,27 @@
CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591
CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591
-CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3123 version (clamav, fixed 0.90.3) #245219
+CVE-2007-3122 version (clamav, fixed 0.90.3) #245219
CVE-2007-3113 patch (cacti, fixed 0.8.7) #243592
CVE-2007-3112 patch (cacti, fixed 0.8.7) #243592
CVE-2007-3025 ignore (clamav, Solaris only)
-CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3024 version (clamav, fixed 0.90.3) #245219
+CVE-2007-3023 version (clamav, fixed 0.90.3) #245219
CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489
CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
-CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395
+CVE-2007-2650 version (clamav, fixed 0.90.3) #240395
CVE-2007-2637 patch (moin, fixed 1.5.7-2)
CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
*CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615
CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
CVE-2007-2165 VULNERABLE (proftpd) #237533
-CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-2029 version (clamav, fixed 0.90.3) #245219
CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
-CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2)
+CVE-2007-1997 version (clamav, fixed in 0.90.2)
CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
-CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703
+CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703
CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
CVE-2007-1546 version (nas, fixed 1.8a-2) #233353
@@ -97,8 +116,8 @@
*CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764
CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764
-CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202
-CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202
+CVE-2007-0898 version (clamav, fixed 0.90) #229202
+CVE-2007-0897 version (clamav, fixed 0.90) #229202
*CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
CVE-2007-0857 version (moin, fixed 1.5.7) #228139
CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
@@ -117,8 +136,8 @@
CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938
-CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7)
-CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095
+CVE-2006-6481 version (clamav, fixed 0.88.7)
+CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
*CVE-2006-6374 ** (phpMyAdmin) #218853
CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824