December 2007 - security-commits - Fedora Mailing-Lists

fedora-security/audit epel4, 1.4, 1.5 epel5, 1.6, 1.7

by fedora-security-commits＠redhat.com

Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17181 Modified Files: epel4 epel5 Log Message: Bring epel4/epel5 back up to date. Index: epel4 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel4,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- epel4 12 Nov 2007 20:59:39 -0000 1.4 +++ epel4 29 Dec 2007 20:42:43 -0000 1.5 @@ -3,9 +3,23 @@ # *CVE are items that need verification for EPEL-4 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20071112 -# Up to date EPEL4 as of 20071112 -# +# Up to date CVE as of CVE email 20071229 +# Up to date EPEL4 as of 20071229 + +CVE-2007-6337 version (clamav, fixed 0.92) #426213 +CVE-2007-6336 version (clamav, fixed 0.92) #426213 +CVE-2007-6335 version (clamav, fixed 0.92) #426213 +CVE-2007-6353 VULNERABLE (exiv2) #425924 +CVE-2007-6350 VULNERABLE (scponly) #418201 +CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6321 VULNERABLE (roundcubemail) #423301 +CVE-2007-6299 VULNERABALE (drupal, fixed 5.4) +CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4] +CVE-2007-6208 ignore (claws) We don't ship the script +CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) +CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] +CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] +CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago CVE-2007-5712 version (Django, fixed 0.96.1) #362761 @@ -30,12 +44,12 @@ *CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018] CVE-2007-4631 version (qgit, fixed 1.5.7) #268381 *CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 -CVE-2007-4560 VULNERABLE (clamav) #260583 +CVE-2007-4560 version (clamav) #260583 *CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561 *CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] *CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] -CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 +CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 *CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763] *CVE-2007-4400 VULNERABLE (konversation) #253545 CVE-2007-4323 backport (denyhosts) #252291 @@ -50,28 +64,28 @@ CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 -CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 version (clamav, fixed 0.90.3) #245219 CVE-2007-3113 patch (cacti, fixed 0.8.7) #243592 CVE-2007-3112 patch (cacti, fixed 0.8.7) #243592 CVE-2007-3025 ignore (clamav, Solaris only) -CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3024 version (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 version (clamav, fixed 0.90.3) #245219 *CVE-2007-2958 VULNERABLE (claws-mail) #254121 *CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 -CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395 +CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 CVE-2007-2637 patch (moin, fixed 1.5.7-2) CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 *CVE-2007-2165 VULNERABLE (proftpd) #237533 -CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) -CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2) +CVE-2007-1997 version (clamav, fixed in 0.90.2) CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 -CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703 +CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 @@ -89,8 +103,8 @@ *CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] CVE-2007-0902 version (moin, fixed 1.5.7-2) #228764 CVE-2007-0901 version (moin, fixed 1.5.7-2) #228764 -CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202 -CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202 +CVE-2007-0898 version (clamav, fixed 0.90) #229202 +CVE-2007-0897 version (clamav, fixed 0.90) #229202 *CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 CVE-2007-0857 version (moin, fixed 1.5.7) #228139 *CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 @@ -108,8 +122,8 @@ CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 -CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7) -CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095 +CVE-2006-6481 version (clamav, fixed 0.88.7) +CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 CVE-2006-6374 ** (phpMyAdmin) #218853 CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 Index: epel5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel5,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- epel5 12 Nov 2007 20:59:39 -0000 1.6 +++ epel5 29 Dec 2007 20:42:43 -0000 1.7 @@ -3,14 +3,33 @@ # *CVE are items that need verification for EPEL-5 # (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany) -# Up to date CVE as of CVE email 20071112 -# Up to date EPEL5 as of 20071112 +# Up to date CVE as of CVE email 20071229 +# Up to date EPEL5 as of 20071229 # + +CVE-2007-6337 version (clamav, fixed 0.92) #426213 +CVE-2007-6336 version (clamav, fixed 0.92) #426213 +CVE-2007-6335 version (clamav, fixed 0.92) #426213 +CVE-2007-6353 VULNERABLE (exiv2) #425924 +CVE-2007-6350 VULNERABLE (scponly) #418201 +CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6321 VULNERABLE (roundcubemail) #423301 +CVE-2007-6318 VULNERABLE (wordpress) +CVE-2007-6299 VULNERABLE (drupal, fixed 5.4) +CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4] +CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) +CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1] +CVE-2007-6013 VULNERABLE (wordpress) +CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1] +CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1] +CVE-2007-5934 version (php-pear-MDB2) #379111 [since php-pear-MDB2-2.4.1-2] +CVE-2007-5934 version (php-pear-MDB2-Driver-mysql) #379141 [since php-pear-MDB2-Driver-mysql-1.4.1-3] +CVE-2007-5934 version (php-pear-MDB2-Driver-mysqli) #379171 [since php-pear-MDB2-Driver-mysqli-1.4.1-3] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago CVE-2007-5712 version (Django, fixed 0.96.1) #362761 CVE-2007-5626 ignore (bacula) known, documented limitation -CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362791 +CVE-2007-5624 version (nagios, fixed 2.10) #362791 CVE-2007-5623 backport (nagios-plugins) #348731 CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649] CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649] @@ -31,12 +50,12 @@ CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 CVE-2007-4631 version (qgit, fixed 1.5.7) #268381 CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081 -CVE-2007-4560 VULNERABLE (clamav) #260583 +CVE-2007-4560 version (clamav) #260583 CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561 CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 -CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780 +CVE-2007-4510 version (clamav, fixed 0.91.2) #253780 *CVE-2007-4462 version (po4a) #253541 CVE-2007-4400 VULNERABLE (konversation) #253545 CVE-2007-4323 backport (denyhosts) #252291 @@ -54,27 +73,27 @@ CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 -CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3123 version (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 version (clamav, fixed 0.90.3) #245219 CVE-2007-3113 patch (cacti, fixed 0.8.7) #243592 CVE-2007-3112 patch (cacti, fixed 0.8.7) #243592 CVE-2007-3025 ignore (clamav, Solaris only) -CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 -CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3024 version (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 version (clamav, fixed 0.90.3) #245219 CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489 CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 -CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395 +CVE-2007-2650 version (clamav, fixed 0.90.3) #240395 CVE-2007-2637 patch (moin, fixed 1.5.7-2) CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2165 VULNERABLE (proftpd) #237533 -CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-2029 version (clamav, fixed 0.90.3) #245219 CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) -CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2) +CVE-2007-1997 version (clamav, fixed in 0.90.2) CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 -CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703 +CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 CVE-2007-1546 version (nas, fixed 1.8a-2) #233353 @@ -97,8 +116,8 @@ *CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442] CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 -CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202 -CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202 +CVE-2007-0898 version (clamav, fixed 0.90) #229202 +CVE-2007-0897 version (clamav, fixed 0.90) #229202 *CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 CVE-2007-0857 version (moin, fixed 1.5.7) #228139 CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 @@ -117,8 +136,8 @@ CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 -CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7) -CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095 +CVE-2006-6481 version (clamav, fixed 0.88.7) +CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 *CVE-2006-6374 ** (phpMyAdmin) #218853 CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824

16 years, 3 months

1
0
0 / 0

fedora-security/audit f8,1.51,1.52

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14308 Modified Files: f8 Log Message: check-updates check. The 'fixed' keyword was intentional. Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.51 retrieving revision 1.52 diff -u -r1.51 -r1.52 --- f8 20 Dec 2007 19:59:16 -0000 1.51 +++ f8 20 Dec 2007 23:19:25 -0000 1.52 @@ -15,8 +15,8 @@ CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 CVE-2007-6353 VULNERABLE (exiv2) #425923 -CVE-2007-6352 VULNERABLE (libexif) #425631 -CVE-2007-6351 VULNERABLE (libexif) #425631 +CVE-2007-6352 fixed (libexif) #425631 [since FEDORA-2007-4667] +CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667] CVE-2007-6350 VULNERABLE (scponly) rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 VULNERABLE (dosbox) design decision @@ -90,7 +90,7 @@ CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-3636] CVE-2007-5501 version (kernel) [since FEDORA-2007-3837] CVE-2007-5500 version (kernel) [since FEDORA-2007-3837] -CVE-2007-5497 VULNERABLE (e2fsprogs) #414581 +CVE-2007-5497 VULNERABLE (e2fsprogs) #414581 [since FEDORA-2007-4447] CVE-2007-5461 version (tomcat5) #363001 [since FEDORA-2007-3474] CVE-2007-5398 version (samba) [since FEDORA-2007-3403] CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235] @@ -148,7 +148,7 @@ CVE-2007-3844 version (firefox, fixed 2.0.0.6) CVE-2007-3843 version (kernel) #246595 No idea which version fixed this CVE-2007-3568 VULNERABLE (imlib) -CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 +CVE-2007-3544 fixed (wordpress, NOT fixed 2.2.1) #245211 [since FEDORA-2007-0894] Incomplete fix for CVE-2007-3543 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 CVE-2007-3386 version (tomcat5) [since FEDORA-2007-3474] CVE-2007-3385 version (tomcat5) [since FEDORA-2007-3474]

16 years, 4 months

1
0
0 / 0

fedora-security/tools parse-announce, 1.1, 1.1.2.1 suidaudit, 1.1, 1.1.2.1

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14238 Modified Files: Tag: lkundrak-tools-ng parse-announce suidaudit Log Message: Get rid of a copule of useless statements Index: parse-announce =================================================================== RCS file: /cvs/fedora/fedora-security/tools/parse-announce,v retrieving revision 1.1 retrieving revision 1.1.2.1 diff -u -r1.1 -r1.1.2.1 --- parse-announce 5 Jul 2006 14:04:04 -0000 1.1 +++ parse-announce 20 Dec 2007 23:16:41 -0000 1.1.2.1 @@ -5,7 +5,6 @@ use strict; use Mail::Mbox::MessageParser; use Email::Simple; -use Data::Dumper; die "\nUsage: parse-announce mbox-file audit-file\n\n" if not defined($ARGV[1]); Index: suidaudit =================================================================== RCS file: /cvs/fedora/fedora-security/tools/suidaudit,v retrieving revision 1.1 retrieving revision 1.1.2.1 diff -u -r1.1 -r1.1.2.1 --- suidaudit 26 Oct 2007 20:07:19 -0000 1.1 +++ suidaudit 20 Dec 2007 23:16:41 -0000 1.1.2.1 @@ -9,7 +9,6 @@ use warnings; use RPM2; -use Data::Dumper; use Fcntl ':mode'; foreach my $rpm (@ARGV) {

16 years, 4 months

1
0
0 / 0

fedora-security/tools/Libexig Bodhi.pm, NONE, 1.1.2.1 Audit.pm, 1.1.2.1, 1.1.2.2

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14151/Libexig Modified Files: Tag: lkundrak-tools-ng Audit.pm Added Files: Tag: lkundrak-tools-ng Bodhi.pm Log Message: Merge audit parser and bodhi update checker Move the logic parts into library ***** Error reading new file: [Errno 2] No such file or directory: 'Bodhi.pm' Index: Audit.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/Audit.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- Audit.pm 9 Nov 2007 06:42:18 -0000 1.1.2.1 +++ Audit.pm 20 Dec 2007 23:15:14 -0000 1.1.2.2 @@ -6,6 +6,32 @@ package Libexig::Audit; +# Get an entry hash and reconstruct its 'line' field +# (useful if something got changed) +sub update_entry +{ + my $entry = shift; + + $entry->{'line'} = join " ", ( + $entry->{'need_verif'}.$entry->{'cve'}, + $entry->{'status'}, + ($entry->{'version'} + ? "($entry->{'package'}, $entry->{'version'})" + : "($entry->{'package'})"), + ($entry->{'bug'} + ? "#$entry->{'bug'}" + : ()), + ($entry->{'since'} + ? "[since $entry->{'since'}]" + : ()), + $entry->{'comment'} + ); + + chomp $entry->{'line'}; + $entry->{'line'} .= "\n"; +} + +# Get line and return a hash sub parse_line { shift; @@ -15,16 +41,16 @@ 'line' => $_, }; } elsif (/^ - (\*?)* # Needs verification - (\S+-\S+-\S+)\s* # CVE - (\*\*|version|VULNERABLE|ignore|backport)\s* # Status + (\*?)* # Needs verification + (\S+-\S+-\S+)\s* # CVE + (\*\*|version|VULNERABLE|ignore|backport|fixed)\s* # Status $ - ([^\s,]+)\s* # Component - (,\s*(.*))?\s* # When fixed upstream + ([^\s,]+)\s* # Component + (,\s*(.*))?\s* # When fixed upstream $\s* - (\#(\d+))?\s* # Bugzilla IS - (\[since\s+(\S+)\])?\s* # When fixed in Fedora - (.*) # Comment + (\#(\d+))?\s* # Bugzilla IS + (\[since\s+(\S+)\])?\s* # When fixed in Fedora + (.*) # Comment /x) { return { 'need_verif' => $1,

16 years, 4 months

1
0
0 / 0

fedora-security/tools check-updates, NONE, 1.1.2.1 get-bodhi-update, 1.1.2.1, NONE parse-audit, 1.1.2.1, NONE

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14151 Added Files: Tag: lkundrak-tools-ng check-updates Removed Files: Tag: lkundrak-tools-ng get-bodhi-update parse-audit Log Message: Merge audit parser and bodhi update checker Move the logic parts into library ***** Error reading new file: [Errno 2] No such file or directory: 'check-updates' --- get-bodhi-update DELETED --- --- parse-audit DELETED ---

16 years, 4 months

1
0
0 / 0

fedora-security/tools add-cve-bug, 1.1.2.3, 1.1.2.4

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14108 Modified Files: Tag: lkundrak-tools-ng add-cve-bug Log Message: A couple of debugging statements Index: add-cve-bug =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/add-cve-bug,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- add-cve-bug 19 Nov 2007 09:10:37 -0000 1.1.2.3 +++ add-cve-bug 20 Dec 2007 23:13:42 -0000 1.1.2.4 @@ -72,6 +72,8 @@ { my $component = shift; + print "Getting list of owners\n" if $debug; + # Call bugzilla my $call = $bugzilla_rpc->call('bugzilla.getCompInfo', $component); # print Dumper ($call) if $debug; # too verbose @@ -106,6 +108,9 @@ sub file_bug { return 0 if $dryrun; + + print "Creating a bug\n" if $debug; + my $call = $bugzilla_rpc->call('bugzilla.createBug', shift, $username, $password); @@ -123,6 +128,8 @@ my $desc; my $refs; + print "Getting a bug description from CVE\n" if $debug; + ($desc, $refs) = Libexig::CVE::cve ($cve); die 'Cannot fetch CVE description; re-run with --interactive'

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.50, 1.51 f9, 1.45, 1.46 fc7, 1.207, 1.208

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16327/audit Modified Files: f8 f9 fc7 Log Message: autofs Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.50 retrieving revision 1.51 diff -u -r1.50 -r1.51 --- f8 20 Dec 2007 09:40:01 -0000 1.50 +++ f8 20 Dec 2007 19:59:16 -0000 1.51 @@ -28,7 +28,8 @@ GENERIC-MAP-NOMATCH version (libxfcegui4) #412761 [since FEDORA-2007-4368] GENERIC-MAP-NOMATCH version (libxfce4util) #412761 [since FEDORA-2007-4368] GENERIC-MAP-NOMATCH version (xfce-panel) #412761 [since FEDORA-2007-4368] -CVE-2007-6283 VULNERABLE (bind) #423071 +CVE-2007-6285 VULNERABLE (autofs) #426400 +CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655] CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176] CVE-2007-6209 ignore (zsh) #409871 We don't ship the script Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- f9 20 Dec 2007 09:40:01 -0000 1.45 +++ f9 20 Dec 2007 19:59:16 -0000 1.46 @@ -25,6 +25,7 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9] CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 +CVE-2007-6285 VULNERABLE (autofs) #426401 CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9] CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9] CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.207 retrieving revision 1.208 diff -u -r1.207 -r1.208 --- fc7 20 Dec 2007 09:40:01 -0000 1.207 +++ fc7 20 Dec 2007 19:59:16 -0000 1.208 @@ -29,7 +29,8 @@ GENERIC-MAP-NOMATCH version (libxfcegui4) #412751 [since FEDORA-2007-4385] GENERIC-MAP-NOMATCH version (libxfce4util) #412751 [since FEDORA-2007-4385] GENERIC-MAP-NOMATCH version (xfce-panel) #412751 [since FEDORA-2007-4385] -CVE-2007-6283 VULNERABLE (bind) #423061 +CVE-2007-6285 VULNERABLE (autofs) #426399 +CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658] CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160] CVE-2007-6209 ignore (zsh) #409871 We don't ship the script

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.49, 1.50 f9, 1.44, 1.45 fc7, 1.206, 1.207

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22647/audit Modified Files: f8 f9 fc7 Log Message: clamav, ganglia Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.49 retrieving revision 1.50 diff -u -r1.49 -r1.50 --- f8 20 Dec 2007 08:41:14 -0000 1.49 +++ f8 20 Dec 2007 09:40:01 -0000 1.50 @@ -7,6 +7,10 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20071212 +CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] +CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 +CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 +CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 CVE-2007-6437 VULNERABLE (syslog-ng) #426306 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 @@ -73,7 +77,7 @@ CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426212 +CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- f9 20 Dec 2007 08:41:14 -0000 1.44 +++ f9 20 Dec 2007 09:40:01 -0000 1.45 @@ -7,6 +7,10 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] +CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426213 +CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426213 +CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426213 CVE-2007-6437 VULNERABLE (syslog-ng) #426307 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171 @@ -69,7 +73,7 @@ CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] -CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426213 +CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.206 retrieving revision 1.207 diff -u -r1.206 -r1.207 --- fc7 20 Dec 2007 08:41:14 -0000 1.206 +++ fc7 20 Dec 2007 09:40:01 -0000 1.207 @@ -8,6 +8,10 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20071212 +CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] +CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 +CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 +CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 CVE-2007-6437 VULNERABLE (syslog-ng) #426305 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 @@ -73,7 +77,7 @@ CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019] CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056] CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] -CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426211 +CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.48, 1.49 f9, 1.43, 1.44 fc7, 1.205, 1.206

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14841/audit Modified Files: f8 f9 fc7 Log Message: syslog-ng cve id, asterisk Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- f8 20 Dec 2007 00:14:14 -0000 1.48 +++ f8 20 Dec 2007 08:41:14 -0000 1.49 @@ -7,7 +7,8 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20071212 -GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426306 +CVE-2007-6437 VULNERABLE (syslog-ng) #426306 +CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 CVE-2007-6353 VULNERABLE (exiv2) #425923 CVE-2007-6352 VULNERABLE (libexif) #425631 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- f9 20 Dec 2007 00:14:14 -0000 1.43 +++ f9 20 Dec 2007 08:41:14 -0000 1.44 @@ -7,7 +7,8 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 -GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426307 +CVE-2007-6437 VULNERABLE (syslog-ng) #426307 +CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171 CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9] CVE-2007-6352 backport (libexif) #425641 [since libexif-0.6.15-5.fc9] @@ -20,7 +21,7 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9] CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 -CVE-2007-6283 VULNERABLE (bind) #423081 +CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9] CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9] CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9] CVE-2007-6209 ignore (zsh) #409871 We don't ship the script Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.205 retrieving revision 1.206 diff -u -r1.205 -r1.206 --- fc7 20 Dec 2007 00:14:14 -0000 1.205 +++ fc7 20 Dec 2007 08:41:14 -0000 1.206 @@ -8,7 +8,8 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20071212 -GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426305 +CVE-2007-6437 VULNERABLE (syslog-ng) #426305 +CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 CVE-2007-6353 VULNERABLE (exiv2) #425922 CVE-2007-6352 VULNERABLE (libexif) #425621

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.47, 1.48 f9, 1.42, 1.43 fc7, 1.204, 1.205

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15621 Modified Files: f8 f9 fc7 Log Message: syslog-ng, gnome-screensaver Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.47 retrieving revision 1.48 diff -u -r1.47 -r1.48 --- f8 19 Dec 2007 13:59:39 -0000 1.47 +++ f8 20 Dec 2007 00:14:14 -0000 1.48 @@ -7,6 +7,8 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20071212 +GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426306 +CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 CVE-2007-6353 VULNERABLE (exiv2) #425923 CVE-2007-6352 VULNERABLE (libexif) #425631 CVE-2007-6351 VULNERABLE (libexif) #425631 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- f9 19 Dec 2007 13:59:39 -0000 1.42 +++ f9 20 Dec 2007 00:14:14 -0000 1.43 @@ -7,6 +7,8 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426307 +CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171 CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9] CVE-2007-6352 backport (libexif) #425641 [since libexif-0.6.15-5.fc9] CVE-2007-6351 backport (libexif) #425641 [since libexif-0.6.15-5.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.204 retrieving revision 1.205 diff -u -r1.204 -r1.205 --- fc7 19 Dec 2007 13:59:39 -0000 1.204 +++ fc7 20 Dec 2007 00:14:14 -0000 1.205 @@ -8,6 +8,8 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20071212 +GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426305 +CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 CVE-2007-6353 VULNERABLE (exiv2) #425922 CVE-2007-6352 VULNERABLE (libexif) #425621 CVE-2007-6351 VULNERABLE (libexif) #425621

16 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

security-commits December 2007