fedora-security/audit epel4, 1.4, 1.5 epel5, 1.6, 1.7
by fedora-security-commits@redhat.com
Author: kevin
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17181
Modified Files:
epel4 epel5
Log Message:
Bring epel4/epel5 back up to date.
Index: epel4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/epel4,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- epel4 12 Nov 2007 20:59:39 -0000 1.4
+++ epel4 29 Dec 2007 20:42:43 -0000 1.5
@@ -3,9 +3,23 @@
# *CVE are items that need verification for EPEL-4
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20071112
-# Up to date EPEL4 as of 20071112
-#
+# Up to date CVE as of CVE email 20071229
+# Up to date EPEL4 as of 20071229
+
+CVE-2007-6337 version (clamav, fixed 0.92) #426213
+CVE-2007-6336 version (clamav, fixed 0.92) #426213
+CVE-2007-6335 version (clamav, fixed 0.92) #426213
+CVE-2007-6353 VULNERABLE (exiv2) #425924
+CVE-2007-6350 VULNERABLE (scponly) #418201
+CVE-2007-6328 VULNERABLE (dosbox) design decision
+CVE-2007-6321 VULNERABLE (roundcubemail) #423301
+CVE-2007-6299 VULNERABALE (drupal, fixed 5.4)
+CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4]
+CVE-2007-6208 ignore (claws) We don't ship the script
+CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2)
+CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9]
+CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
+CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
CVE-2007-5715 backport (denyhosts) fixed long ago
CVE-2007-5712 version (Django, fixed 0.96.1) #362761
@@ -30,12 +44,12 @@
*CVE-2007-4629 version (mapserver, fixed 4.10.3) #272081 [since FEDORA-2007-2018]
CVE-2007-4631 version (qgit, fixed 1.5.7) #268381
*CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
-CVE-2007-4560 VULNERABLE (clamav) #260583
+CVE-2007-4560 version (clamav) #260583
*CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
*CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561
*CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
*CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
-CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
+CVE-2007-4510 version (clamav, fixed 0.91.2) #253780
*CVE-2007-4462 version (po4a) #253541 [since FEDORA-2007-1763]
*CVE-2007-4400 VULNERABLE (konversation) #253545
CVE-2007-4323 backport (denyhosts) #252291
@@ -50,28 +64,28 @@
CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591
CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591
-CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3123 version (clamav, fixed 0.90.3) #245219
+CVE-2007-3122 version (clamav, fixed 0.90.3) #245219
CVE-2007-3113 patch (cacti, fixed 0.8.7) #243592
CVE-2007-3112 patch (cacti, fixed 0.8.7) #243592
CVE-2007-3025 ignore (clamav, Solaris only)
-CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3024 version (clamav, fixed 0.90.3) #245219
+CVE-2007-3023 version (clamav, fixed 0.90.3) #245219
*CVE-2007-2958 VULNERABLE (claws-mail) #254121
*CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489
CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
-CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395
+CVE-2007-2650 version (clamav, fixed 0.90.3) #240395
CVE-2007-2637 patch (moin, fixed 1.5.7-2)
CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
*CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615
CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
*CVE-2007-2165 VULNERABLE (proftpd) #237533
-CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-2029 version (clamav, fixed 0.90.3) #245219
CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
-CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2)
+CVE-2007-1997 version (clamav, fixed in 0.90.2)
CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
-CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703
+CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703
CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
*CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293
CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
@@ -89,8 +103,8 @@
*CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
CVE-2007-0902 version (moin, fixed 1.5.7-2) #228764
CVE-2007-0901 version (moin, fixed 1.5.7-2) #228764
-CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202
-CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202
+CVE-2007-0898 version (clamav, fixed 0.90) #229202
+CVE-2007-0897 version (clamav, fixed 0.90) #229202
*CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
CVE-2007-0857 version (moin, fixed 1.5.7) #228139
*CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
@@ -108,8 +122,8 @@
CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
*CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938
-CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7)
-CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095
+CVE-2006-6481 version (clamav, fixed 0.88.7)
+CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
CVE-2006-6374 ** (phpMyAdmin) #218853
CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
Index: epel5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/epel5,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- epel5 12 Nov 2007 20:59:39 -0000 1.6
+++ epel5 29 Dec 2007 20:42:43 -0000 1.7
@@ -3,14 +3,33 @@
# *CVE are items that need verification for EPEL-5
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
-# Up to date CVE as of CVE email 20071112
-# Up to date EPEL5 as of 20071112
+# Up to date CVE as of CVE email 20071229
+# Up to date EPEL5 as of 20071229
#
+
+CVE-2007-6337 version (clamav, fixed 0.92) #426213
+CVE-2007-6336 version (clamav, fixed 0.92) #426213
+CVE-2007-6335 version (clamav, fixed 0.92) #426213
+CVE-2007-6353 VULNERABLE (exiv2) #425924
+CVE-2007-6350 VULNERABLE (scponly) #418201
+CVE-2007-6328 VULNERABLE (dosbox) design decision
+CVE-2007-6321 VULNERABLE (roundcubemail) #423301
+CVE-2007-6318 VULNERABLE (wordpress)
+CVE-2007-6299 VULNERABLE (drupal, fixed 5.4)
+CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4]
+CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2)
+CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1]
+CVE-2007-6013 VULNERABLE (wordpress)
+CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1]
+CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1]
+CVE-2007-5934 version (php-pear-MDB2) #379111 [since php-pear-MDB2-2.4.1-2]
+CVE-2007-5934 version (php-pear-MDB2-Driver-mysql) #379141 [since php-pear-MDB2-Driver-mysql-1.4.1-3]
+CVE-2007-5934 version (php-pear-MDB2-Driver-mysqli) #379171 [since php-pear-MDB2-Driver-mysqli-1.4.1-3]
CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
CVE-2007-5715 backport (denyhosts) fixed long ago
CVE-2007-5712 version (Django, fixed 0.96.1) #362761
CVE-2007-5626 ignore (bacula) known, documented limitation
-CVE-2007-5624 VULNERABLE (nagios, fixed 2.10) #362791
+CVE-2007-5624 version (nagios, fixed 2.10) #362791
CVE-2007-5623 backport (nagios-plugins) #348731
CVE-2007-5597 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
CVE-2007-5596 version (drupal, fixed 5.3) [since FEDORA-2007-2649]
@@ -31,12 +50,12 @@
CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
CVE-2007-4631 version (qgit, fixed 1.5.7) #268381
CVE-2007-4629 VULNERABLE (mapserver, fixed 4.10.3) #272081
-CVE-2007-4560 VULNERABLE (clamav) #260583
+CVE-2007-4560 version (clamav) #260583
CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021
CVE-2007-4542 VULNERABLE (mapserver, fixed 4.10.3) #256561
CVE-2007-4539 version (bugzilla, fixed 3.0.1) #256021
CVE-2007-4538 version (bugzilla, fixed 3.0.1) #256021
-CVE-2007-4510 VULNERABLE (clamav, fixed 0.91.2) #253780
+CVE-2007-4510 version (clamav, fixed 0.91.2) #253780
*CVE-2007-4462 version (po4a) #253541
CVE-2007-4400 VULNERABLE (konversation) #253545
CVE-2007-4323 backport (denyhosts) #252291
@@ -54,27 +73,27 @@
CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled)
CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591
CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591
-CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3123 version (clamav, fixed 0.90.3) #245219
+CVE-2007-3122 version (clamav, fixed 0.90.3) #245219
CVE-2007-3113 patch (cacti, fixed 0.8.7) #243592
CVE-2007-3112 patch (cacti, fixed 0.8.7) #243592
CVE-2007-3025 ignore (clamav, Solaris only)
-CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219
-CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-3024 version (clamav, fixed 0.90.3) #245219
+CVE-2007-3023 version (clamav, fixed 0.90.3) #245219
CVE-2007-2865 version (phpPgAdmin, fixed 4.1.2) #241489
CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397
-CVE-2007-2650 VULNERABLE (clamav, fixed 0.90.3) #240395
+CVE-2007-2650 version (clamav, fixed 0.90.3) #240395
CVE-2007-2637 patch (moin, fixed 1.5.7-2)
CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722
*CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615
CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
CVE-2007-2165 VULNERABLE (proftpd) #237533
-CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) #245219
+CVE-2007-2029 version (clamav, fixed 0.90.3) #245219
CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped)
-CVE-2007-1997 VULNERABLE (clamav, fixed in 0.90.2)
+CVE-2007-1997 version (clamav, fixed in 0.90.2)
CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489
CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489
-CVE-2007-1745 VULNERABLE (clamav, fixed in 0.90.2) #236703
+CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703
CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
CVE-2007-1547 version (nas, fixed 1.8a-2) #233353
CVE-2007-1546 version (nas, fixed 1.8a-2) #233353
@@ -97,8 +116,8 @@
*CVE-2007-1054 version (mediawiki, fixed 1.9.3) [since FEDORA-2007-1442]
CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764
CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764
-CVE-2007-0898 VULNERABLE (clamav, fixed 0.90) #229202
-CVE-2007-0897 VULNERABLE (clamav, fixed 0.90) #229202
+CVE-2007-0898 version (clamav, fixed 0.90) #229202
+CVE-2007-0897 version (clamav, fixed 0.90) #229202
*CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763
CVE-2007-0857 version (moin, fixed 1.5.7) #228139
CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919
@@ -117,8 +136,8 @@
CVE-2006-6626 version (moodle, fixed 1.6.5) #220041
CVE-2006-6625 version (moodle, fixed 1.6.5) #220041
CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938
-CVE-2006-6481 VULNERABLE (clamav, fixed 0.88.7)
-CVE-2006-6406 VULNERABLE (clamav, fixed 0.88.7) #219095
+CVE-2006-6481 version (clamav, fixed 0.88.7)
+CVE-2006-6406 version (clamav, fixed 0.88.7) #219095
*CVE-2006-6374 ** (phpMyAdmin) #218853
CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853
CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824
16 years, 3 months
fedora-security/audit f8,1.51,1.52
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14308
Modified Files:
f8
Log Message:
check-updates check.
The 'fixed' keyword was intentional.
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -r1.51 -r1.52
--- f8 20 Dec 2007 19:59:16 -0000 1.51
+++ f8 20 Dec 2007 23:19:25 -0000 1.52
@@ -15,8 +15,8 @@
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170
CVE-2007-6353 VULNERABLE (exiv2) #425923
-CVE-2007-6352 VULNERABLE (libexif) #425631
-CVE-2007-6351 VULNERABLE (libexif) #425631
+CVE-2007-6352 fixed (libexif) #425631 [since FEDORA-2007-4667]
+CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667]
CVE-2007-6350 VULNERABLE (scponly) rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 VULNERABLE (dosbox) design decision
@@ -90,7 +90,7 @@
CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-3636]
CVE-2007-5501 version (kernel) [since FEDORA-2007-3837]
CVE-2007-5500 version (kernel) [since FEDORA-2007-3837]
-CVE-2007-5497 VULNERABLE (e2fsprogs) #414581
+CVE-2007-5497 VULNERABLE (e2fsprogs) #414581 [since FEDORA-2007-4447]
CVE-2007-5461 version (tomcat5) #363001 [since FEDORA-2007-3474]
CVE-2007-5398 version (samba) [since FEDORA-2007-3403]
CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235]
@@ -148,7 +148,7 @@
CVE-2007-3844 version (firefox, fixed 2.0.0.6)
CVE-2007-3843 version (kernel) #246595 No idea which version fixed this
CVE-2007-3568 VULNERABLE (imlib)
-CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
+CVE-2007-3544 fixed (wordpress, NOT fixed 2.2.1) #245211 [since FEDORA-2007-0894] Incomplete fix for CVE-2007-3543
CVE-2007-3387 version (poppler, fixed 0.5.91) #251512
CVE-2007-3386 version (tomcat5) [since FEDORA-2007-3474]
CVE-2007-3385 version (tomcat5) [since FEDORA-2007-3474]
16 years, 4 months
fedora-security/tools parse-announce, 1.1, 1.1.2.1 suidaudit, 1.1, 1.1.2.1
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14238
Modified Files:
Tag: lkundrak-tools-ng
parse-announce suidaudit
Log Message:
Get rid of a copule of useless statements
Index: parse-announce
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/parse-announce,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- parse-announce 5 Jul 2006 14:04:04 -0000 1.1
+++ parse-announce 20 Dec 2007 23:16:41 -0000 1.1.2.1
@@ -5,7 +5,6 @@
use strict;
use Mail::Mbox::MessageParser;
use Email::Simple;
-use Data::Dumper;
die "\nUsage: parse-announce mbox-file audit-file\n\n" if not defined($ARGV[1]);
Index: suidaudit
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/suidaudit,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -u -r1.1 -r1.1.2.1
--- suidaudit 26 Oct 2007 20:07:19 -0000 1.1
+++ suidaudit 20 Dec 2007 23:16:41 -0000 1.1.2.1
@@ -9,7 +9,6 @@
use warnings;
use RPM2;
-use Data::Dumper;
use Fcntl ':mode';
foreach my $rpm (@ARGV) {
16 years, 4 months
fedora-security/tools/Libexig Bodhi.pm, NONE, 1.1.2.1 Audit.pm, 1.1.2.1, 1.1.2.2
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14151/Libexig
Modified Files:
Tag: lkundrak-tools-ng
Audit.pm
Added Files:
Tag: lkundrak-tools-ng
Bodhi.pm
Log Message:
Merge audit parser and bodhi update checker
Move the logic parts into library
***** Error reading new file: [Errno 2] No such file or directory: 'Bodhi.pm'
Index: Audit.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/Audit.pm,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- Audit.pm 9 Nov 2007 06:42:18 -0000 1.1.2.1
+++ Audit.pm 20 Dec 2007 23:15:14 -0000 1.1.2.2
@@ -6,6 +6,32 @@
package Libexig::Audit;
+# Get an entry hash and reconstruct its 'line' field
+# (useful if something got changed)
+sub update_entry
+{
+ my $entry = shift;
+
+ $entry->{'line'} = join " ", (
+ $entry->{'need_verif'}.$entry->{'cve'},
+ $entry->{'status'},
+ ($entry->{'version'}
+ ? "($entry->{'package'}, $entry->{'version'})"
+ : "($entry->{'package'})"),
+ ($entry->{'bug'}
+ ? "#$entry->{'bug'}"
+ : ()),
+ ($entry->{'since'}
+ ? "[since $entry->{'since'}]"
+ : ()),
+ $entry->{'comment'}
+ );
+
+ chomp $entry->{'line'};
+ $entry->{'line'} .= "\n";
+}
+
+# Get line and return a hash
sub parse_line
{
shift;
@@ -15,16 +41,16 @@
'line' => $_,
};
} elsif (/^
- (\*?)* # Needs verification
- (\S+-\S+-\S+)\s* # CVE
- (\*\*|version|VULNERABLE|ignore|backport)\s* # Status
+ (\*?)* # Needs verification
+ (\S+-\S+-\S+)\s* # CVE
+ (\*\*|version|VULNERABLE|ignore|backport|fixed)\s* # Status
\(
- ([^\s,]+)\s* # Component
- (,\s*(.*))?\s* # When fixed upstream
+ ([^\s,]+)\s* # Component
+ (,\s*(.*))?\s* # When fixed upstream
\)\s*
- (\#(\d+))?\s* # Bugzilla IS
- (\[since\s+(\S+)\])?\s* # When fixed in Fedora
- (.*) # Comment
+ (\#(\d+))?\s* # Bugzilla IS
+ (\[since\s+(\S+)\])?\s* # When fixed in Fedora
+ (.*) # Comment
/x) {
return {
'need_verif' => $1,
16 years, 4 months
fedora-security/tools check-updates, NONE, 1.1.2.1 get-bodhi-update, 1.1.2.1, NONE parse-audit, 1.1.2.1, NONE
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14151
Added Files:
Tag: lkundrak-tools-ng
check-updates
Removed Files:
Tag: lkundrak-tools-ng
get-bodhi-update parse-audit
Log Message:
Merge audit parser and bodhi update checker
Move the logic parts into library
***** Error reading new file: [Errno 2] No such file or directory: 'check-updates'
--- get-bodhi-update DELETED ---
--- parse-audit DELETED ---
16 years, 4 months
fedora-security/tools add-cve-bug, 1.1.2.3, 1.1.2.4
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14108
Modified Files:
Tag: lkundrak-tools-ng
add-cve-bug
Log Message:
A couple of debugging statements
Index: add-cve-bug
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/Attic/add-cve-bug,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -r1.1.2.3 -r1.1.2.4
--- add-cve-bug 19 Nov 2007 09:10:37 -0000 1.1.2.3
+++ add-cve-bug 20 Dec 2007 23:13:42 -0000 1.1.2.4
@@ -72,6 +72,8 @@
{
my $component = shift;
+ print "Getting list of owners\n" if $debug;
+
# Call bugzilla
my $call = $bugzilla_rpc->call('bugzilla.getCompInfo', $component);
# print Dumper ($call) if $debug; # too verbose
@@ -106,6 +108,9 @@
sub file_bug
{
return 0 if $dryrun;
+
+ print "Creating a bug\n" if $debug;
+
my $call = $bugzilla_rpc->call('bugzilla.createBug',
shift, $username, $password);
@@ -123,6 +128,8 @@
my $desc;
my $refs;
+ print "Getting a bug description from CVE\n" if $debug;
+
($desc, $refs) = Libexig::CVE::cve ($cve);
die 'Cannot fetch CVE description; re-run with --interactive'
16 years, 4 months
fedora-security/audit f8, 1.50, 1.51 f9, 1.45, 1.46 fc7, 1.207, 1.208
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16327/audit
Modified Files:
f8 f9 fc7
Log Message:
autofs
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- f8 20 Dec 2007 09:40:01 -0000 1.50
+++ f8 20 Dec 2007 19:59:16 -0000 1.51
@@ -28,7 +28,8 @@
GENERIC-MAP-NOMATCH version (libxfcegui4) #412761 [since FEDORA-2007-4368]
GENERIC-MAP-NOMATCH version (libxfce4util) #412761 [since FEDORA-2007-4368]
GENERIC-MAP-NOMATCH version (xfce-panel) #412761 [since FEDORA-2007-4368]
-CVE-2007-6283 VULNERABLE (bind) #423071
+CVE-2007-6285 VULNERABLE (autofs) #426400
+CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655]
CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170]
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- f9 20 Dec 2007 09:40:01 -0000 1.45
+++ f9 20 Dec 2007 19:59:16 -0000 1.46
@@ -25,6 +25,7 @@
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9]
CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031
+CVE-2007-6285 VULNERABLE (autofs) #426401
CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9]
CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9]
CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.207
retrieving revision 1.208
diff -u -r1.207 -r1.208
--- fc7 20 Dec 2007 09:40:01 -0000 1.207
+++ fc7 20 Dec 2007 19:59:16 -0000 1.208
@@ -29,7 +29,8 @@
GENERIC-MAP-NOMATCH version (libxfcegui4) #412751 [since FEDORA-2007-4385]
GENERIC-MAP-NOMATCH version (libxfce4util) #412751 [since FEDORA-2007-4385]
GENERIC-MAP-NOMATCH version (xfce-panel) #412751 [since FEDORA-2007-4385]
-CVE-2007-6283 VULNERABLE (bind) #423061
+CVE-2007-6285 VULNERABLE (autofs) #426399
+CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658]
CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161]
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
16 years, 4 months
fedora-security/audit f8, 1.49, 1.50 f9, 1.44, 1.45 fc7, 1.206, 1.207
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22647/audit
Modified Files:
f8 f9 fc7
Log Message:
clamav, ganglia
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- f8 20 Dec 2007 08:41:14 -0000 1.49
+++ f8 20 Dec 2007 09:40:01 -0000 1.50
@@ -7,6 +7,10 @@
# Up to date CVE as of CVE email 20071215
# Up to date F8 as of 20071212
+CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562]
+CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212
+CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212
+CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212
CVE-2007-6437 VULNERABLE (syslog-ng) #426306
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170
@@ -73,7 +77,7 @@
CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426212
+CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- f9 20 Dec 2007 08:41:14 -0000 1.44
+++ f9 20 Dec 2007 09:40:01 -0000 1.45
@@ -7,6 +7,10 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
+CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9]
+CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426213
+CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426213
+CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426213
CVE-2007-6437 VULNERABLE (syslog-ng) #426307
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171
@@ -69,7 +73,7 @@
CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1]
-CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426213
+CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.206
retrieving revision 1.207
diff -u -r1.206 -r1.207
--- fc7 20 Dec 2007 08:41:14 -0000 1.206
+++ fc7 20 Dec 2007 09:40:01 -0000 1.207
@@ -8,6 +8,10 @@
# Up to date CVE as of CVE email 200711215
# Up to date FC7 as of 20071212
+CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584]
+CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211
+CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211
+CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211
CVE-2007-6437 VULNERABLE (syslog-ng) #426305
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169
@@ -73,7 +77,7 @@
CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
-CVE-2007-5759 VULNERABLE (clamav, fixed 0.92) #426211
+CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
16 years, 4 months
fedora-security/audit f8, 1.48, 1.49 f9, 1.43, 1.44 fc7, 1.205, 1.206
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14841/audit
Modified Files:
f8 f9 fc7
Log Message:
syslog-ng cve id, asterisk
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- f8 20 Dec 2007 00:14:14 -0000 1.48
+++ f8 20 Dec 2007 08:41:14 -0000 1.49
@@ -7,7 +7,8 @@
# Up to date CVE as of CVE email 20071215
# Up to date F8 as of 20071212
-GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426306
+CVE-2007-6437 VULNERABLE (syslog-ng) #426306
+CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170
CVE-2007-6353 VULNERABLE (exiv2) #425923
CVE-2007-6352 VULNERABLE (libexif) #425631
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- f9 20 Dec 2007 00:14:14 -0000 1.43
+++ f9 20 Dec 2007 08:41:14 -0000 1.44
@@ -7,7 +7,8 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
-GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426307
+CVE-2007-6437 VULNERABLE (syslog-ng) #426307
+CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171
CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9]
CVE-2007-6352 backport (libexif) #425641 [since libexif-0.6.15-5.fc9]
@@ -20,7 +21,7 @@
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9]
CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031
-CVE-2007-6283 VULNERABLE (bind) #423081
+CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9]
CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9]
CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.205
retrieving revision 1.206
diff -u -r1.205 -r1.206
--- fc7 20 Dec 2007 00:14:14 -0000 1.205
+++ fc7 20 Dec 2007 08:41:14 -0000 1.206
@@ -8,7 +8,8 @@
# Up to date CVE as of CVE email 200711215
# Up to date FC7 as of 20071212
-GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426305
+CVE-2007-6437 VULNERABLE (syslog-ng) #426305
+CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169
CVE-2007-6353 VULNERABLE (exiv2) #425922
CVE-2007-6352 VULNERABLE (libexif) #425621
16 years, 4 months
fedora-security/audit f8, 1.47, 1.48 f9, 1.42, 1.43 fc7, 1.204, 1.205
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15621
Modified Files:
f8 f9 fc7
Log Message:
syslog-ng, gnome-screensaver
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- f8 19 Dec 2007 13:59:39 -0000 1.47
+++ f8 20 Dec 2007 00:14:14 -0000 1.48
@@ -7,6 +7,8 @@
# Up to date CVE as of CVE email 20071215
# Up to date F8 as of 20071212
+GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426306
+CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170
CVE-2007-6353 VULNERABLE (exiv2) #425923
CVE-2007-6352 VULNERABLE (libexif) #425631
CVE-2007-6351 VULNERABLE (libexif) #425631
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- f9 19 Dec 2007 13:59:39 -0000 1.42
+++ f9 20 Dec 2007 00:14:14 -0000 1.43
@@ -7,6 +7,8 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
+GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426307
+CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171
CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9]
CVE-2007-6352 backport (libexif) #425641 [since libexif-0.6.15-5.fc9]
CVE-2007-6351 backport (libexif) #425641 [since libexif-0.6.15-5.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.204
retrieving revision 1.205
diff -u -r1.204 -r1.205
--- fc7 19 Dec 2007 13:59:39 -0000 1.204
+++ fc7 20 Dec 2007 00:14:14 -0000 1.205
@@ -8,6 +8,8 @@
# Up to date CVE as of CVE email 200711215
# Up to date FC7 as of 20071212
+GENERIC-MAP-NOMATCH VULNERABLE (syslog-ng) #426305
+CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169
CVE-2007-6353 VULNERABLE (exiv2) #425922
CVE-2007-6352 VULNERABLE (libexif) #425621
CVE-2007-6351 VULNERABLE (libexif) #425621
16 years, 4 months