security-commits January 2008

security-commits@lists.fedoraproject.org

1 participants
101 discussions

fedora-security/audit fc7,1.215,1.216
by fedora-security-commits＠redhat.com 03 Jan '08

03 Jan '08

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11861 Modified Files: fc7 Log Message: new bodhi updates for f7 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.215 retrieving revision 1.216 diff -u -r1.215 -r1.216 --- fc7 3 Jan 2008 09:00:44 -0000 1.215 +++ fc7 3 Jan 2008 11:08:09 -0000 1.216 @@ -9,8 +9,8 @@ # Up to date FC7 as of 20071221 GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc7] -GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 -GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 +GENERIC-MAP-NOMATCH fixed (libcdio) #427198 [since FEDORA-2008-0104] +GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427279 CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427288 @@ -20,27 +20,27 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] -CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 -CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 -CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 +CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] +CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] +CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6437 VULNERABLE (syslog-ng) #426305 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 -CVE-2007-6353 VULNERABLE (exiv2) #425922 -CVE-2007-6352 VULNERABLE (libexif) #425621 -CVE-2007-6351 VULNERABLE (libexif) #425621 +CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551] +CVE-2007-6352 fixed (libexif) #425621 [since FEDORA-2007-4608] +CVE-2007-6351 fixed (libexif) #425621 [since FEDORA-2007-4608] CVE-2007-6350 VULNERABLE (scponly) rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423281 -CVE-2007-6318 VULNERABLE (wordpress) #426432 +CVE-2007-6318 fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 GENERIC-MAP-NOMATCH version (libxfcegui4) #412751 [since FEDORA-2007-4385] GENERIC-MAP-NOMATCH version (libxfce4util) #412751 [since FEDORA-2007-4385] GENERIC-MAP-NOMATCH version (xfce-panel) #412751 [since FEDORA-2007-4385] -CVE-2007-6285 VULNERABLE (autofs) #426399 +CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709] CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658] CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160] @@ -67,7 +67,7 @@ CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] -CVE-2007-6013 VULNERABLE (wordpress) #426432 +CVE-2007-6013 fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning @@ -112,7 +112,7 @@ CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652] CVE-2007-5501 version (kernel) [since FEDORA-2007-3751] CVE-2007-5500 version (kernel) [since FEDORA-2007-3751] -CVE-2007-5497 VULNERABLE (e2fsprogs) #414571 +CVE-2007-5497 VULNERABLE (e2fsprogs) #414571 [since FEDORA-2007-4461] CVE-2007-5461 version (tomcat5) #334511 [since FEDORA-2007-3456] CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe CVE-2007-5398 version (samba) [since FEDORA-2007-3402] @@ -300,7 +300,7 @@ CVE-2007-3555 version (moodle) #247528 [since FEDORA-2007-1445] CVE-2007-3546 ignore (nessus-core) Windows only CVE-2007-3528 version (dar, fixed 2.3.4) #246760 [since FEDORA-2007-0904] -CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 +CVE-2007-3544 fixed (wordpress, NOT fixed 2.2.1) #245211 [since FEDORA-2007-0894] Incomplete fix for CVE-2007-3543 CVE-2007-3543 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894] CVE-2007-3511 version (mozilla) ff 2.0.0.8, tb 2.0.0.6, sm 1.1.5 [since FEDORA-2007-2664] CVE-2007-3508 ignore (glibc) not an issue

1 0

fedora-security/audit f8,1.59,1.60
by fedora-security-commits＠redhat.com 03 Jan '08

03 Jan '08

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11760 Modified Files: f8 Log Message: new bodhi updates for f8 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.59 retrieving revision 1.60 diff -u -r1.59 -r1.60 --- f8 3 Jan 2008 09:00:44 -0000 1.59 +++ f8 3 Jan 2008 11:04:18 -0000 1.60 @@ -8,8 +8,8 @@ # Up to date F8 as of 20071221 GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc8] -GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 -GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 +GENERIC-MAP-NOMATCH fixed (libcdio) #427199 [since FEDORA-2008-0136] +GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427278 CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427287 @@ -19,9 +19,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] -CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 -CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 -CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 +CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] +CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] +CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6437 VULNERABLE (syslog-ng) #426306 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 @@ -32,7 +32,7 @@ CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423291 -CVE-2007-6318 VULNERABLE (wordpress) #426433 +CVE-2007-6318 fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 @@ -65,7 +65,7 @@ CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] -CVE-2007-6013 VULNERABLE (wordpress) #426433 +CVE-2007-6013 fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]

1 0

fedora-security/audit f8, 1.58, 1.59 f9, 1.52, 1.53 fc7, 1.214, 1.215
by fedora-security-commits＠redhat.com 03 Jan '08

03 Jan '08

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20465/audit Modified Files: f8 f9 fc7 Log Message: asterisk issue Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.58 retrieving revision 1.59 diff -u -r1.58 -r1.59 --- f8 2 Jan 2008 19:54:12 -0000 1.58 +++ f8 3 Jan 2008 09:00:44 -0000 1.59 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20071221 +GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc8] GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427278 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.52 retrieving revision 1.53 diff -u -r1.52 -r1.53 --- f9 2 Jan 2008 19:54:12 -0000 1.52 +++ f9 3 Jan 2008 09:00:44 -0000 1.53 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427280 @@ -18,9 +19,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] -CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426213 -CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426213 -CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426213 +CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] +CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] +CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6437 VULNERABLE (syslog-ng) #426307 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.214 retrieving revision 1.215 diff -u -r1.214 -r1.215 --- fc7 2 Jan 2008 19:54:12 -0000 1.214 +++ fc7 3 Jan 2008 09:00:44 -0000 1.215 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20071221 +GENERIC-MAP-NOMATCH VULNERABLE (asterisk, fixed 1.4.17) AST-2008-001 [pending asterisk-1.4.17-1.fc7] GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427279

1 0

fedora-security/audit f8, 1.57, 1.58 f9, 1.51, 1.52 fc7, 1.213, 1.214
by fedora-security-commits＠redhat.com 02 Jan '08

02 Jan '08

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13607 Modified Files: f8 f9 fc7 Log Message: clamav Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- f8 2 Jan 2008 18:50:27 -0000 1.57 +++ f8 2 Jan 2008 19:54:12 -0000 1.58 @@ -10,6 +10,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427278 +CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw +CVE-2007-6595 VULNERABLE (clamav) #427287 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.51 retrieving revision 1.52 diff -u -r1.51 -r1.52 --- f9 2 Jan 2008 18:50:27 -0000 1.51 +++ f9 2 Jan 2008 19:54:12 -0000 1.52 @@ -10,6 +10,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427280 +CVE-2007-6596 VULNERABLE (clamav) #427289 Might be considered a mail client flaw +CVE-2007-6595 VULNERABLE (clamav) #427289 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.213 retrieving revision 1.214 diff -u -r1.213 -r1.214 --- fc7 2 Jan 2008 18:50:27 -0000 1.213 +++ fc7 2 Jan 2008 19:54:12 -0000 1.214 @@ -11,6 +11,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427279 +CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw +CVE-2007-6595 VULNERABLE (clamav) #427288 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]

1 0

fedora-security/tools/Libexig Bugzilla.pm, NONE, 1.1.2.1 Audit.pm, 1.1.2.2, 1.1.2.3 Bodhi.pm, 1.1.2.1, 1.1.2.2 CVE.pm, 1.1.2.1, 1.1.2.2 Util.pm, 1.1.2.2, 1.1.2.3
by fedora-security-commits＠redhat.com 02 Jan '08

02 Jan '08

Author: lkundrak Update of /cvs/fedora/fedora-security/tools/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12601/Libexig Modified Files: Tag: lkundrak-tools-ng Audit.pm Bodhi.pm CVE.pm Util.pm Added Files: Tag: lkundrak-tools-ng Bugzilla.pm Log Message: * Move some more bits into library * Audit and Bugzilla made object oriented * Minor tidyup * Tool for adding flaws into audit files ***** Error reading new file: [Errno 2] No such file or directory: 'Bugzilla.pm' Index: Audit.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/Audit.pm,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- Audit.pm 20 Dec 2007 23:15:14 -0000 1.1.2.2 +++ Audit.pm 2 Jan 2008 19:09:55 -0000 1.1.2.3 @@ -1,41 +1,96 @@ -#!/usr/bin/env perl - -# Dump what's VULNERABLE, sample use of Libexig::Audit # $Id$ +# Audit database interface # Lubomir Kundrak <lkundrak(a)redhat.com> package Libexig::Audit; +use Libexig::Util; + +use warnings; +use strict; + +# Get lines from file and parse them +sub new +{ + my $class = shift; + my $self = shift; + + open (AUDIT, $self->{file}) + or die "Could not open $self->{file}"; + + $self->{audit} = []; + push @{$self->{audit}}, parse_line ($_) foreach <AUDIT>; + + close (AUDIT); + + bless $self, $class; + return $self; +} + +# Add an entry, to the proper place alphabetically +sub add +{ + my $self = shift; + my $entry = shift; + my $index; + + for ($index = 0; $index <= $#{$self->{audit}}; $index++) { + $self->{audit}->[$index]->{cve} or next; + $self->{audit}->[$index]->{cve} lt $entry->{cve} and last; + }; + + update_entry ($entry); + use Data::Dumper; + parse_line ($entry->{line}); # Check if it is well formed + insert ($self->{audit}, $index, $entry); +} + +# Save +sub save +{ + my $self = shift; + + open (AUDIT, '>'.$self->{file}) + or die "Could not open $self->{file}"; + + foreach my $entry (@{$self->{audit}}) { + #update_entry ($entry); + print AUDIT $entry->{line}; + } + + close (AUDIT); +} + # Get an entry hash and reconstruct its 'line' field # (useful if something got changed) sub update_entry { my $entry = shift; - $entry->{'line'} = join " ", ( - $entry->{'need_verif'}.$entry->{'cve'}, - $entry->{'status'}, - ($entry->{'version'} - ? "($entry->{'package'}, $entry->{'version'})" - : "($entry->{'package'})"), - ($entry->{'bug'} - ? "#$entry->{'bug'}" + $entry->{cve} or return; + $entry->{line} = join " ", ( + $entry->{need_verif}.$entry->{cve}, + $entry->{status}, + ($entry->{fixed} + ? "($entry->{component}, $entry->{fixed})" + : "($entry->{component})"), + ($entry->{bug} + ? "#$entry->{bug}" : ()), - ($entry->{'since'} - ? "[since $entry->{'since'}]" + ($entry->{since} + ? "[since $entry->{since}]" : ()), - $entry->{'comment'} + $entry->{comment} ); - chomp $entry->{'line'}; - $entry->{'line'} .= "\n"; + chomp $entry->{line}; + $entry->{line} .= "\n"; } # Get line and return a hash sub parse_line { - shift; - + $_ = shift; if (/^#/ or /^\s*$/) { return { 'line' => $_, @@ -53,15 +108,15 @@ (.*) # Comment /x) { return { - 'need_verif' => $1, - 'cve' => $2, - 'status' => $3, - 'package' => $4, - 'version' => $6, - 'bug' => $8, - 'since' => $10, - 'comment' => $11, - 'line' => $_, + need_verif => $1, + cve => $2, + status => $3, + component => $4, + fixed => $6, + bug => $8, + since => $10, + comment => $11, + line => $_, }; next; } else { @@ -69,13 +124,4 @@ } } -sub parse_audit -{ - my @retval; - - push @retval, parse_line $_ foreach @_; - - return @retval; -} - 0.99999; Index: Bodhi.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/Bodhi.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- Bodhi.pm 20 Dec 2007 23:15:14 -0000 1.1.2.1 +++ Bodhi.pm 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -1,5 +1,3 @@ -#!/usr/bin/env perl - # $Id$ # This is how do we interface with the Fedora Update System # Lubomir Kundrak <lkundrak(a)redhat.com> Index: CVE.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/CVE.pm,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- CVE.pm 7 Nov 2007 16:20:39 -0000 1.1.2.1 +++ CVE.pm 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -7,8 +7,11 @@ use warnings; use strict; +use Exporter 'import'; use XML::Parser; +my @EXPORT = qw/cve/; + my $sourcebase = 'http://nvd.nist.gov/download/'; my $cachebase = $ENV{'HOME'}.'/.nvdcache/'; Index: Util.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Libexig/Attic/Util.pm,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- Util.pm 19 Nov 2007 09:10:38 -0000 1.1.2.2 +++ Util.pm 2 Jan 2008 19:09:55 -0000 1.1.2.3 @@ -1,13 +1,17 @@ -#!/usr/bin/env perl - # $Id$ # Random routines that are shared across the tooling # Lubomir Kundrak <lkundrak(a)redhat.com> package Libexig::Util; +#use warnings; +#use strict; + +use Exporter 'import'; use File::Temp ('tempfile'); +@EXPORT = qw/edit_string read_noecho insert/; + # Launch an editor for editing the bugzilla comment or whatever sub edit_string { @@ -37,4 +41,14 @@ $string; } +# Insert a sub-list into a list +sub insert +{ + my $array = shift; + my $index = shift; + my @what = @_; + + splice (@{$array}, $index, 0, @what); +} + 1;

1 0

fedora-security/tools add-issue, NONE, 1.1.2.1 add-cve-bug, 1.1.2.4, 1.1.2.5 add-tracking-bugs, 1.2.2.3, 1.2.2.4 check-updates, 1.1.2.1, 1.1.2.2 get-cve, 1.1.2.1, 1.1.2.2 suidaudit, 1.1.2.1, 1.1.2.2 update-cve-cache, 1.1.2.1, 1.1.2.2
by fedora-security-commits＠redhat.com 02 Jan '08

02 Jan '08

Author: lkundrak Update of /cvs/fedora/fedora-security/tools In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12601 Modified Files: Tag: lkundrak-tools-ng add-cve-bug add-tracking-bugs check-updates get-cve suidaudit update-cve-cache Added Files: Tag: lkundrak-tools-ng add-issue Log Message: * Move some more bits into library * Audit and Bugzilla made object oriented * Minor tidyup * Tool for adding flaws into audit files ***** Error reading new file: [Errno 2] No such file or directory: 'add-issue' Index: add-cve-bug =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/add-cve-bug,v retrieving revision 1.1.2.4 retrieving revision 1.1.2.5 diff -u -r1.1.2.4 -r1.1.2.5 --- add-cve-bug 20 Dec 2007 23:13:42 -0000 1.1.2.4 +++ add-cve-bug 2 Jan 2008 19:09:55 -0000 1.1.2.5 @@ -25,11 +25,11 @@ --help This text '; -use XMLRPC::Lite; use Getopt::Long; use Data::Dumper; use Libexig::CVE; +use Libexig::Bugzilla; use Libexig::Util; use warnings; @@ -42,85 +42,11 @@ 'low' => 'low', ); -# RPC -my $bugzilla = 'https://bugzilla.redhat.com/xmlrpc.cgi'; -my $bugzilla_rpc = new XMLRPC::Lite ('proxy' => $bugzilla, 'encoding' => 'UTF-8'); # Command line options my ($cve, $interactive, $dryrun, $debug, $username, $password, $component, $summary, $impact); -# Launch an editor for editing the bugzilla comment -sub edit_string -{ - my $string = shift; - - my ($tmpfh, $tmpname) = tempfile (); - print $tmpfh $string; - close ($tmpfh); - my $editor = ($ENV{'EDITOR'} or 'vi'); - system ($editor, $tmpname); - open ($tmpfh, "<$tmpname"); - $string = join ('', <$tmpfh>); - close ($tmpfh); - - return $string; -} - -# Get list of owners of a package from Bugzilla -sub owners -{ - my $component = shift; - - print "Getting list of owners\n" if $debug; - - # Call bugzilla - my $call = $bugzilla_rpc->call('bugzilla.getCompInfo', $component); - # print Dumper ($call) if $debug; # too verbose - my $result = $call->result - or die $call->faultstring; - print Dumper ($result) if $debug; - - # Eliminate duplicates - my %people; - foreach my $instance (@{$result}) { - # blacklist some EOLed products - if ($instance->{'product'} eq 'Red Hat Linux' - || $instance->{'product'} eq 'Red Hat Linux Beta' - || $instance->{'product'} eq 'Red Hat Public Beta' - || $instance->{'product'} eq 'Red Hat Raw Hide' - || $instance->{'product'} eq 'Fedora Legacy' - || $instance->{'product'} eq 'eCos' - || $instance->{'product'} eq 'eCos runtime kernel' - || $instance->{'product'} =~ /^Red Hat Powertools/ - || $instance->{'product'} =~ /^Stronghold /) { - next; - } - # XXX: Add also 'initialqa'? - $people{$instance->{'initialowner'}} = 1 - if defined $instance->{'initialowner'}; - } - - return keys %people; -} - -# Create a bug (unless dryrun) and return its ID -sub file_bug -{ - return 0 if $dryrun; - - print "Creating a bug\n" if $debug; - - my $call = $bugzilla_rpc->call('bugzilla.createBug', - shift, $username, $password); - - my $result = $call->result - or die $call->faultstring; - - print 'Bugzilla answered to createBug: '.Dumper($result) if $debug; - return $result->[0]; -} - # Get the text to include in the bug desc sub bug_desc { @@ -130,7 +56,7 @@ print "Getting a bug description from CVE\n" if $debug; - ($desc, $refs) = Libexig::CVE::cve ($cve); + ($desc, $refs) = cve ($cve); die 'Cannot fetch CVE description; re-run with --interactive' unless $desc or $interactive; @@ -167,26 +93,34 @@ $dryrun = ($options{'dryrun'} or 0); $debug = ($options{'debug'} or 0); +$interactive = ($options{'interactive'} or 0); $cve = $options{'cve'} or die 'cve argument is mandatory'; $component = $options{'component'} or die 'component argument is mandatory'; $summary = $options{'summary'} or die 'summary argument is mandatory'; $impact = ($options{'impact'} or 'low'); defined $impact{$impact} or die 'specified unrecognized impact value'; + $username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com'); $password = ($options{'password'} or $dryrun or - Libexig::Util::read_noecho ("Bugzilla password for $username: ")); + read_noecho ("Bugzilla password for $username: ")); # TODO: add whiteboard option to fill in and get impact from it -$interactive = ($options{'interactive'} or 0); + +my $bugzilla = new Libexig::Bugzilla ({ + 'username' => $username, + 'password' => $password, + 'dryrun' => $dryrun, + 'debug' => $debug, +}); my $bug_desc = bug_desc ($cve); -$bug_desc = Libexig::Util::edit_string ($bug_desc) if $interactive; +$bug_desc = edit_string ($bug_desc) if $interactive; # Get CC list # TODO: get rid of duplicates my @cc; foreach (split (/,/,$component)) { - push (@cc,owners ($_)); + push (@cc,$bugzilla->owners ($_)); } # File it in Bugzilla @@ -207,6 +141,6 @@ ); print 'About to add this bug: '.Dumper(\%bug) if $debug; -my $bug_id = file_bug (\%bug); +my $bug_id = $bugzilla->file_bug (\%bug); print STDERR "Created bug #$bug_id\n"; Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/add-tracking-bugs,v retrieving revision 1.2.2.3 retrieving revision 1.2.2.4 diff -u -r1.2.2.3 -r1.2.2.4 --- add-tracking-bugs 6 Dec 2007 16:16:18 -0000 1.2.2.3 +++ add-tracking-bugs 2 Jan 2008 19:09:55 -0000 1.2.2.4 @@ -20,35 +20,45 @@ use Data::Dumper; use Libexig::Util; +use Libexig::Bugzilla; use warnings; use strict; my $comment_head = - 'This is an automatically created tracking bug!'. - "\n\n". + 'This is an automatically created tracking bug! '. 'It was created to ensure that one or more security '. - 'vulnerabilities are fixed in all affected releases. You should '. - 'not refer to it anywhere except in the update system as it is a '. - 'private "Fedora Project Contributors" bug. The update system '. - 'should close this bug it once the update is pushed.'. + 'vulnerabilities are fixed in all affected branches.'. + "\n\n". + 'You should *not* refer to this bug publicly, as it is a '. + 'private "Fedora Project Contributors" bug.'. "\n\n". - 'For comments that are specific to a vulnerability please use bugs '. + 'For comments that are specific to the vulnerability please use bugs '. 'filed against "Security Response" product referenced in "Blocks" '. 'field.'. "\n\n"; my $comment_tail = + 'For more information see: '. + 'http://fedoraproject.org/wiki/Security/TrackingBugs'; + +my $comment_update = + # Following the list of parent bugs "\n". 'When creating an update for the version this this bug is reported '. 'against please include the bug IDs of respective bugs filed '. - 'against "Security Response" product as well as of this bug. Please '. + 'against "Security Response" product as well as of this bug and let the '. + 'update system close them. Please '. 'note that the update announcement will (and should) contain only '. 'references to "Security Response" bugs as long as the tracking '. 'bug is restricted to "Fedora Project Contributors".'. - "\n\n". - 'For more information see: '. - 'http://fedoraproject.org/wiki/Security/TrackingBugs'; + "\n\n"; + +my $comment_rawhide = + 'Please close this bug withe RAWHIDE once is it fixed in devel '. + 'branch. Do *not* include the bug id of thid bug in the commit message'. + "\n\n"; + my %impact = ( 'urgent', => 4, @@ -74,85 +84,10 @@ 'devel', => 'rawhide', ); -# RPC -my $bugzilla = 'https://bugzilla.redhat.com/xmlrpc.cgi'; -my $bugzilla_rpc = new XMLRPC::Lite ('proxy' => $bugzilla, 'encoding' => 'UTF-8'); - # Command line options my (@bugs, @versions, $dryrun, $debug, $username, $password, $component); -# Create a bug (unless dryrun) and return its ID -sub file_bug -{ - return 0 if $dryrun; - my $call = $bugzilla_rpc->call('bugzilla.createBug', - shift, $username, $password); - - my $result = $call->result - or die $call->faultstring; - - print STDERR 'Bugzilla answered to createBug: '.Dumper($result) if $debug; - return $result->[0]; -} - -# Get bugs -sub get_bugs -{ - my $bugs = shift or die 'No bugs to fetch!'; - my $columns = shift; - $columns = [] unless ($columns); # The default set - - my $call = $bugzilla_rpc->call('bugzilla.runQuery', { - 'bug_id' => $bugs, - 'bug_status' => [], - 'column_list' => $columns, - }, ($dryrun ? () : ($username, $password))); - - my $result = $call->result - or die $call->faultstring; - - print STDERR 'Bugzilla answered to runQuery: '.Dumper($result) if $debug; - return $result->{'bugs'}; -} - -# Add blockers (unless dryrun) to a bug -sub add_blockers -{ - return 0 if $dryrun; - - my $bug = shift or die 'No blocker!'; - my $parents = shift or die 'No bug to block!'; - - my $call = $bugzilla_rpc->call('bugzilla.updateDepends', $bug, { - 'blocked' => $parents, - 'action' => 'add', - }, $username, $password, 1); - - my $result = $call->result - or die $call->faultstring; - - print STDERR 'Bugzilla answered to updateDepends: '.Dumper($result) if $debug; - return undef; -} - -# Add private comment (unless dryrun) to a bug -sub add_private_comment -{ - return 0 if $dryrun; - - my $bug = shift or die 'No bug!'; - my $comment = shift or die 'No comment!'; - - my $call = $bugzilla_rpc->call('bugzilla.addComment', $bug, $comment, $username, $password, 1); - - my $result = $call->result - or die $call->faultstring; - - print STDERR 'Bugzilla answered to updateComment: '.Dumper($result) if $debug; - return undef; -} - # Parse command line options: my %options; @@ -184,11 +119,18 @@ $debug = ($options{'debug'} or 0); $username = ($options{'username'} or $ENV{'LOGNAME'}.'@redhat.com'); $password = ($options{'password'} or $dryrun or - Libexig::Util::read_noecho ("Bugzilla password for $username: ")); + read_noecho ("Bugzilla password for $username: ")); + +my $bugzilla = new Libexig::Bugzilla ({ + 'username' => $username, + 'password' => $password, + 'dryrun' => $dryrun, + 'debug' => $debug, +}); # Get parent bugs -my $bugs = get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); +my $bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); print Dumper ($bugs) if $debug; # Construct a tracking bug template @@ -222,8 +164,6 @@ $bug_tmpl{'comment'} .= "\tbug #$bug->{'bug_id'}: $bug->{'short_short_desc'}\n"; } -$bug_tmpl{'comment'} .= $comment_tail; - if ($#bugs) { $bug_tmpl{'short_desc'} .= "Multiple $component vulnerabilities"; } else { @@ -236,19 +176,46 @@ foreach my $version (@versions) { my %bug = %bug_tmpl; - $bug{'short_desc'} .= " [$versions{$version}]"; + $bug{'short_desc'} .= " [Fedora $versions{$version}]"; $bug{'version'} = $versions{$version}; + if ($bug{'version'} eq 'rawhide') { + $bug{'comment'} .= $comment_rawhide; + } else { + $bug{'comment'} .= $comment_update; + } + + $bug{'comment'} .= $comment_tail; + print Dumper (\%bug) if $debug; - my $bug_id = file_bug (\%bug); - add_blockers ($bug_id, \@bugs); + my $bug_id = $bugzilla->file_bug (\%bug); + + if ($bug{'version'} ne 'rawhide') { + my $tr_comment = + 'You can eventually use the following link to '. + 'create the update request: '."\n". + 'https://admin.fedoraproject.org/updates/new/'. + '?request=Stable'. + '&type=security'. + '&release=Fedora%20'.$bug{'version'}. + '&bugs='.$bug_id; + + foreach my $bug (@{$bugs}) { + $tr_comment .= ','.$bug->{'bug_id'}; + } + + # XXX: public + $bugzilla->add_private_comment ($bug_id, $tr_comment); + } + + $bugzilla->add_blockers ($bug_id, \@bugs); $comment .= $bug{'version'}.": bug #$bug_id\n"; } # Add comment to original bugs foreach my $bug (@bugs) { - add_private_comment ($bug, $comment); + $bugzilla->add_private_comment ($bug, $comment); } print STDERR $comment; Index: check-updates =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/check-updates,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- check-updates 20 Dec 2007 23:15:10 -0000 1.1.2.1 +++ check-updates 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -1,9 +1,12 @@ #!/usr/bin/env perl -# Dump what's VULNERABLE, but been subject to an update # $Id$ +# Dump what's VULNERABLE, but been subject to an update # Lubomir Kundrak <lkundrak(a)redhat.com> +die 'Needs rewrite for object-oriented Audit interface'; +=cut + #use warnings; use strict; Index: get-cve =================================================================== RCS file: /cvs/fedora/fedora-security/tools/get-cve,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- get-cve 7 Nov 2007 16:20:40 -0000 1.1.2.1 +++ get-cve 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -1,9 +1,12 @@ #!/usr/bin/env perl -# Get CVE information from NVD # $Id$ +# Get CVE information from NVD # Lubomir Kundrak <lkundrak(a)redhat.com> +die "Possibly useless"; +=cut + use warnings; use strict; Index: suidaudit =================================================================== RCS file: /cvs/fedora/fedora-security/tools/suidaudit,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- suidaudit 20 Dec 2007 23:16:41 -0000 1.1.2.1 +++ suidaudit 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -2,7 +2,6 @@ # $Id$ # Audit RPM files for setuid and setgid files -# List generate list of latest versions of all packages in a brew tag # Lubomir Kundrak <lkundrak(a)redhat.com> use strict; Index: update-cve-cache =================================================================== RCS file: /cvs/fedora/fedora-security/tools/Attic/update-cve-cache,v retrieving revision 1.1.2.1 retrieving revision 1.1.2.2 diff -u -r1.1.2.1 -r1.1.2.2 --- update-cve-cache 7 Nov 2007 16:59:33 -0000 1.1.2.1 +++ update-cve-cache 2 Jan 2008 19:09:55 -0000 1.1.2.2 @@ -1,7 +1,7 @@ #!/usr/bin/env perl -# Generate CVE cache so that tools utilizing Libexig::CVE run smoothly # $Id$ +# Generate CVE cache so that tools utilizing Libexig::CVE run smoothly # Lubomir Kundrak <lkundrak(a)redhat.com> use warnings;

1 0

fedora-security/audit f8, 1.56, 1.57 f9, 1.50, 1.51 fc7, 1.212, 1.213
by fedora-security-commits＠redhat.com 02 Jan '08

02 Jan '08

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5433 Modified Files: f8 f9 fc7 Log Message: mantis Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- f8 2 Jan 2008 18:34:26 -0000 1.56 +++ f8 2 Jan 2008 18:50:27 -0000 1.57 @@ -9,6 +9,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 +GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427278 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.50 retrieving revision 1.51 diff -u -r1.50 -r1.51 --- f9 2 Jan 2008 18:34:26 -0000 1.50 +++ f9 2 Jan 2008 18:50:27 -0000 1.51 @@ -9,6 +9,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 +GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427280 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.212 retrieving revision 1.213 diff -u -r1.212 -r1.213 --- fc7 2 Jan 2008 18:34:26 -0000 1.212 +++ fc7 2 Jan 2008 18:50:27 -0000 1.213 @@ -10,6 +10,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 +GENERIC-MAP-NOMATCH VULNERABLE (mantis) #427279 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]

1 0

fedora-security/audit epel4, 1.5, 1.6 epel5, 1.7, 1.8 f8, 1.55, 1.56 f9, 1.49, 1.50 fc7, 1.211, 1.212
by fedora-security-commits＠redhat.com 02 Jan '08

02 Jan '08

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4817 Modified Files: epel4 epel5 f8 f9 fc7 Log Message: This is nor a bug Index: epel4 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel4,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- epel4 29 Dec 2007 20:42:43 -0000 1.5 +++ epel4 2 Jan 2008 18:34:26 -0000 1.6 @@ -11,7 +11,7 @@ CVE-2007-6335 version (clamav, fixed 0.92) #426213 CVE-2007-6353 VULNERABLE (exiv2) #425924 CVE-2007-6350 VULNERABLE (scponly) #418201 -CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423301 CVE-2007-6299 VULNERABALE (drupal, fixed 5.4) CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4] Index: epel5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/epel5,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- epel5 29 Dec 2007 20:42:43 -0000 1.7 +++ epel5 2 Jan 2008 18:34:26 -0000 1.8 @@ -12,7 +12,7 @@ CVE-2007-6335 version (clamav, fixed 0.92) #426213 CVE-2007-6353 VULNERABLE (exiv2) #425924 CVE-2007-6350 VULNERABLE (scponly) #418201 -CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423301 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6299 VULNERABLE (drupal, fixed 5.4) Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.55 retrieving revision 1.56 diff -u -r1.55 -r1.56 --- f8 2 Jan 2008 15:20:01 -0000 1.55 +++ f8 2 Jan 2008 18:34:26 -0000 1.56 @@ -26,7 +26,7 @@ CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667] CVE-2007-6350 VULNERABLE (scponly) rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped -CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423291 CVE-2007-6318 VULNERABLE (wordpress) #426433 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.49 retrieving revision 1.50 diff -u -r1.49 -r1.50 --- f9 2 Jan 2008 15:20:01 -0000 1.49 +++ f9 2 Jan 2008 18:34:26 -0000 1.50 @@ -26,7 +26,7 @@ CVE-2007-6351 backport (libexif) #425641 [since libexif-0.6.15-5.fc9] CVE-2007-6350 backport (scponly) [since scponly-4.6-8.fc9] rsync support disabled CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped -CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423301 CVE-2007-6318 VULNERABLE (wordpress) #426434 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.211 retrieving revision 1.212 diff -u -r1.211 -r1.212 --- fc7 2 Jan 2008 15:20:01 -0000 1.211 +++ fc7 2 Jan 2008 18:34:26 -0000 1.212 @@ -27,7 +27,7 @@ CVE-2007-6351 VULNERABLE (libexif) #425621 CVE-2007-6350 VULNERABLE (scponly) rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped -CVE-2007-6328 VULNERABLE (dosbox) design decision +CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423281 CVE-2007-6318 VULNERABLE (wordpress) #426432 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built

1 0

fedora-security/audit f8, 1.54, 1.55 f9, 1.48, 1.49 fc7, 1.210, 1.211
by fedora-security-commits＠redhat.com 02 Jan '08

02 Jan '08

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13593/audit Modified Files: f8 f9 fc7 Log Message: ton of wireshark cve ids Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.54 retrieving revision 1.55 diff -u -r1.54 -r1.55 --- f8 2 Jan 2008 09:01:44 -0000 1.54 +++ f8 2 Jan 2008 15:20:01 -0000 1.55 @@ -10,6 +10,11 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] +CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 @@ -41,17 +46,17 @@ CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216] -CVE-2007-6121 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6120 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6119 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6118 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6117 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6116 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6115 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6114 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6113 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6112 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6111 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6121 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6120 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6119 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6118 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6117 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6116 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6115 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6114 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6113 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6112 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6061 VULNERABLE (audacity) #393251 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- f9 2 Jan 2008 09:01:44 -0000 1.48 +++ f9 2 Jan 2008 15:20:01 -0000 1.49 @@ -10,6 +10,11 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] +CVE-2007-6451 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6450 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426213 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426213 CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426213 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.210 retrieving revision 1.211 diff -u -r1.210 -r1.211 --- fc7 2 Jan 2008 09:01:44 -0000 1.210 +++ fc7 2 Jan 2008 15:20:01 -0000 1.211 @@ -11,6 +11,11 @@ GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] +CVE-2007-6451 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6450 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 @@ -42,17 +47,17 @@ CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229] -CVE-2007-6121 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6120 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6119 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6118 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6117 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6116 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6115 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6114 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6113 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6112 VULNERABLE (wireshark, fixed 0.99.7) -CVE-2007-6111 VULNERABLE (wireshark, fixed 0.99.7) +CVE-2007-6121 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6120 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6119 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6118 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6117 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6116 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6115 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6114 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6113 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6112 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] CVE-2007-6061 VULNERABLE (audacity) #393251

1 0

fedora-security/audit f8, 1.53, 1.54 f9, 1.47, 1.48 fc7, 1.209, 1.210
by fedora-security-commits＠redhat.com 02 Jan '08

02 Jan '08

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6171 Modified Files: f8 f9 fc7 Log Message: libcdio Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.53 retrieving revision 1.54 diff -u -r1.53 -r1.54 --- f8 2 Jan 2008 08:12:28 -0000 1.53 +++ f8 2 Jan 2008 09:01:44 -0000 1.54 @@ -5,8 +5,10 @@ # (mozilla) = (gecko-libs dependent stuff) # Up to date CVE as of CVE email 20071215 -# Up to date F8 as of 20071212 +# Up to date F8 as of 20071221 +GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427199 +GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426433 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 @@ -21,7 +23,7 @@ CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 VULNERABLE (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423291 -CVE-2007-6318 VULNERABLE (wordpress) +CVE-2007-6318 VULNERABLE (wordpress) #426433 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 @@ -54,7 +56,7 @@ CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] -CVE-2007-6013 VULNERABLE (wordpress) +CVE-2007-6013 VULNERABLE (wordpress) #426433 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.47 retrieving revision 1.48 diff -u -r1.47 -r1.48 --- f9 2 Jan 2008 08:12:28 -0000 1.47 +++ f9 2 Jan 2008 09:01:44 -0000 1.48 @@ -7,6 +7,8 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427200 +GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426213 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426213 @@ -21,7 +23,7 @@ CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 VULNERABLE (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423301 -CVE-2007-6318 VULNERABLE (wordpress) +CVE-2007-6318 VULNERABLE (wordpress) #426434 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9] CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 @@ -52,7 +54,7 @@ CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) -CVE-2007-6013 VULNERABLE (wordpress) +CVE-2007-6013 VULNERABLE (wordpress) #426434 CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.209 retrieving revision 1.210 diff -u -r1.209 -r1.210 --- fc7 2 Jan 2008 08:12:28 -0000 1.209 +++ fc7 2 Jan 2008 09:01:44 -0000 1.210 @@ -6,8 +6,10 @@ # A couple of first F7 updates were marked as FEDORA-2007-0001 # Up to date CVE as of CVE email 200711215 -# Up to date FC7 as of 20071212 +# Up to date FC7 as of 20071221 +GENERIC-MAP-NOMATCH VULNERABLE (libcdio) #427198 +GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426432 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584] CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 @@ -22,7 +24,7 @@ CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 VULNERABLE (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423281 -CVE-2007-6318 VULNERABLE (wordpress) +CVE-2007-6318 VULNERABLE (wordpress) #426432 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 @@ -56,7 +58,7 @@ CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] -CVE-2007-6013 VULNERABLE (wordpress) +CVE-2007-6013 VULNERABLE (wordpress) #426432 CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

security-commits January 2008