fedora-security/audit f8, 1.97, 1.98 f9, 1.89, 1.90 fc7, 1.253, 1.254
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6075/audit
Modified Files:
f8 f9 fc7
Log Message:
note pulseaudio cve id
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -r1.97 -r1.98
--- f8 23 Jan 2008 18:59:44 -0000 1.97
+++ f8 24 Jan 2008 07:35:31 -0000 1.98
@@ -8,7 +8,6 @@
# Up to date F8 as of 20080111
GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429903
-GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481
CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796]
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722]
@@ -30,6 +29,7 @@
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
+CVE-2008-0008 VULNERABLE (pulseaudio) #425481
CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.89
retrieving revision 1.90
diff -u -r1.89 -r1.90
--- f9 23 Jan 2008 18:59:44 -0000 1.89
+++ f9 24 Jan 2008 07:35:31 -0000 1.90
@@ -8,7 +8,6 @@
# Up to date F9 as of 20071029
GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429905
-GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481
CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9]
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9]
@@ -30,6 +29,7 @@
CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9]
CVE-2008-0122 VULNERABLE (bind) #429534
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
+CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9]
CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2008-0003 version (tog-pegasus, fixed 2.7.0)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.253
retrieving revision 1.254
diff -u -r1.253 -r1.254
--- fc7 23 Jan 2008 18:59:44 -0000 1.253
+++ fc7 24 Jan 2008 07:35:31 -0000 1.254
@@ -9,7 +9,6 @@
# Up to date FC7 as of 20080111
GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429904
-GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481
CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796]
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644]
@@ -31,6 +30,7 @@
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
+CVE-2008-0008 VULNERABLE (pulseaudio) #425481
CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506]
16 years, 4 months
fedora-security/audit f8, 1.96, 1.97 f9, 1.88, 1.89 fc7, 1.252, 1.253
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26507
Modified Files:
f8 f9 fc7
Log Message:
A bunch of updates went out, tracking pulseaudio and tomcat
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- f8 22 Jan 2008 19:21:47 -0000 1.96
+++ f8 23 Jan 2008 18:59:44 -0000 1.97
@@ -7,7 +7,9 @@
# Up to date CVE as of CVE email 20071215
# Up to date F8 as of 20080111
-GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552
+GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429903
+GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481
+CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796]
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722]
CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926
@@ -23,12 +25,12 @@
CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.
**CVE-2008-0192 version (wordpress, not fixed 2.0.9)
CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
-CVE-2008-0172 VULNERABLE (boost) #428975
-CVE-2008-0171 VULNERABLE (boost) #428975
+CVE-2008-0172 VULNERABLE (boost) #428975 [since FEDORA-2008-0754]
+CVE-2008-0171 VULNERABLE (boost) #428975 [since FEDORA-2008-0754]
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
-CVE-2008-0122 VULNERABLE (bind) #429149
+CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
-CVE-2008-0006 VULNERABLE (libXfont) #429132
+CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572]
CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
@@ -58,18 +60,18 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
-CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126
-CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126
-CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126
+CVE-2007-6429 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760]
+CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760]
+CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760]
CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2007-6420 ignore (httpd) wontfix by upstream
CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429732
CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982
-CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
-CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
-CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
+CVE-2007-6337 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
+CVE-2007-6336 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
+CVE-2007-6335 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
CVE-2007-6437 fixed (syslog-ng) #426306 [since FEDORA-2008-0523]
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170
@@ -124,7 +126,7 @@
CVE-2007-5964 backport (autofs) #409701 [since FEDORA-2007-4532]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
-CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126
+CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760]
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows
@@ -142,7 +144,7 @@
CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126
+CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760]
CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.88
retrieving revision 1.89
diff -u -r1.88 -r1.89
--- f9 22 Jan 2008 19:21:47 -0000 1.88
+++ f9 23 Jan 2008 18:59:44 -0000 1.89
@@ -7,7 +7,9 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
-GENERIC-MAP-NOMATCH fixed (mantis) #429552 [since mantis-1.1.1-1.fc9]
+GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429905
+GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481
+CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9]
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9]
CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.252
retrieving revision 1.253
diff -u -r1.252 -r1.253
--- fc7 22 Jan 2008 19:21:47 -0000 1.252
+++ fc7 23 Jan 2008 18:59:44 -0000 1.253
@@ -8,7 +8,9 @@
# Up to date CVE as of CVE email 200711215
# Up to date FC7 as of 20080111
-GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552
+GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429904
+GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481
+CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796]
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644]
CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469]
@@ -24,12 +26,12 @@
CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2
**CVE-2008-0192 version (wordpress, not fixed 2.0.9)
CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
-CVE-2008-0172 VULNERABLE (boost) #428974
-CVE-2008-0171 VULNERABLE (boost) #428974
+CVE-2008-0172 fixed (boost) #428974 [since FEDORA-2008-0880]
+CVE-2008-0171 fixed (boost) #428974 [since FEDORA-2008-0880]
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
-CVE-2008-0122 VULNERABLE (bind) #429149
+CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
-CVE-2008-0006 VULNERABLE (libXfont) #429131
+CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506]
CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
@@ -58,18 +60,18 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
-CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125
-CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125
-CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125
+CVE-2007-6429 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
+CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
+CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2007-6420 ignore (httpd) wontfix by upstream
CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429731
CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983
-CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
-CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
-CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
+CVE-2007-6337 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
+CVE-2007-6336 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
+CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
CVE-2007-6437 fixed (syslog-ng) #426305 [since FEDORA-2008-0559]
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169
@@ -124,7 +126,7 @@
CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
-CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125
+CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows
@@ -141,7 +143,7 @@
CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
-CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125
+CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
16 years, 4 months
fedora-security/tools/lib/Libexig Bugzilla.pm, 1.1.2.3, 1.1.2.4
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25032/lib/Libexig
Modified Files:
Tag: lkundrak-tools-ng
Bugzilla.pm
Log Message:
Understand aliases, so that add-tracking-bugs --cve=* can be used
Index: Bugzilla.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Bugzilla.pm,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -r1.1.2.3 -r1.1.2.4
--- Bugzilla.pm 9 Jan 2008 14:37:43 -0000 1.1.2.3
+++ Bugzilla.pm 23 Jan 2008 18:42:04 -0000 1.1.2.4
@@ -102,11 +102,41 @@
return $result->[0];
}
+# Take a bug id or alias and return id
+sub resolve_alias
+{
+ my $self = shift;
+ my $bug = shift;
+
+ my $call = $self->{rpc}->call('bugzilla.getBugSimple', $bug, @{$self->{creds}});
+
+ my $result = $call->result
+ or return $bug;
+
+ return $result->{bug_id};
+}
+
+# Take a reference to list of scalars and replace
+# bug aliases with ids in place
+sub resolve_aliases
+{
+ my $self = shift;
+ my $bugs = shift;
+ my $i = 0;
+
+ foreach my $bug (@{$bugs}) {
+ $bugs->[$i++] = $self->resolve_alias ($bug);
+ }
+
+ return $bugs;
+}
+
# Get bugs
sub get_bugs
{
my $self = shift;
- my $bugs = shift or die 'No bugs to fetch!';
+ my $bugs = $self->resolve_aliases (shift)
+ or die 'No bugs to fetch!';
my $columns = shift;
$columns = [] unless ($columns); # The default set
@@ -156,8 +186,7 @@
sub add_comment
{
my $self = shift;
-
- my $bug = shift or die 'No bug!';
+ my $bug = shift;
my $comment = shift or die 'No comment!';
if ($self->{dryrun}) {
16 years, 4 months
fedora-security/audit f8, 1.95, 1.96 f9, 1.87, 1.88 fc7, 1.251, 1.252
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9059/audit
Modified Files:
f8 f9 fc7
Log Message:
scponly issues
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- f8 21 Jan 2008 16:26:28 -0000 1.95
+++ f8 22 Jan 2008 19:21:47 -0000 1.96
@@ -65,6 +65,7 @@
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2007-6420 ignore (httpd) wontfix by upstream
+CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429732
CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
@@ -75,7 +76,7 @@
CVE-2007-6353 VULNERABLE (exiv2) #425923
CVE-2007-6352 fixed (libexif) #425631 [since FEDORA-2007-4667]
CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667]
-CVE-2007-6350 VULNERABLE (scponly) rsync vector only
+CVE-2007-6350 VULNERABLE (scponly) #429731 rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
CVE-2007-6321 VULNERABLE (roundcubemail) #423291
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- f9 21 Jan 2008 16:26:28 -0000 1.87
+++ f9 22 Jan 2008 19:21:47 -0000 1.88
@@ -65,6 +65,7 @@
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2007-6420 ignore (httpd) wontfix by upstream
+CVE-2007-6415 VULNERABLE (scponly, fixed 4.8)
CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.251
retrieving revision 1.252
diff -u -r1.251 -r1.252
--- fc7 21 Jan 2008 16:26:28 -0000 1.251
+++ fc7 22 Jan 2008 19:21:47 -0000 1.252
@@ -65,6 +65,7 @@
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2007-6420 ignore (httpd) wontfix by upstream
+CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429731
CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
@@ -75,7 +76,7 @@
CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551]
CVE-2007-6352 fixed (libexif) #425621 [since FEDORA-2007-4608]
CVE-2007-6351 fixed (libexif) #425621 [since FEDORA-2007-4608]
-CVE-2007-6350 VULNERABLE (scponly) rsync vector only
+CVE-2007-6350 VULNERABLE (scponly) #429731 rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
CVE-2007-6321 VULNERABLE (roundcubemail) #423281
16 years, 4 months
fedora-security/audit f8, 1.94, 1.95 f9, 1.86, 1.87 fc7, 1.250, 1.251
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30158
Modified Files:
f8 f9 fc7
Log Message:
bind && mantis
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.94
retrieving revision 1.95
diff -u -r1.94 -r1.95
--- f8 18 Jan 2008 23:04:51 -0000 1.94
+++ f8 21 Jan 2008 16:26:28 -0000 1.95
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20071215
# Up to date F8 as of 20080111
+GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722]
CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926
@@ -25,6 +26,7 @@
CVE-2008-0172 VULNERABLE (boost) #428975
CVE-2008-0171 VULNERABLE (boost) #428975
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
+CVE-2008-0122 VULNERABLE (bind) #429149
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
CVE-2008-0006 VULNERABLE (libXfont) #429132
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -r1.86 -r1.87
--- f9 18 Jan 2008 23:04:51 -0000 1.86
+++ f9 21 Jan 2008 16:26:28 -0000 1.87
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
+GENERIC-MAP-NOMATCH fixed (mantis) #429552 [since mantis-1.1.1-1.fc9]
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9]
CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007
@@ -25,6 +26,7 @@
CVE-2008-0172 backport (boost) #428976 [since boost-1.34.1-7.fc9]
CVE-2008-0171 backport (boost) #428976 [since boost-1.34.1-7.fc9]
CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9]
+CVE-2008-0122 VULNERABLE (bind) #429534
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.250
retrieving revision 1.251
diff -u -r1.250 -r1.251
--- fc7 18 Jan 2008 23:04:51 -0000 1.250
+++ fc7 21 Jan 2008 16:26:28 -0000 1.251
@@ -8,6 +8,7 @@
# Up to date CVE as of CVE email 200711215
# Up to date FC7 as of 20080111
+GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644]
CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469]
@@ -26,6 +27,7 @@
CVE-2008-0172 VULNERABLE (boost) #428974
CVE-2008-0171 VULNERABLE (boost) #428974
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
+CVE-2008-0122 VULNERABLE (bind) #429149
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
CVE-2008-0006 VULNERABLE (libXfont) #429131
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983
16 years, 4 months
fedora-security/audit f8, 1.93, 1.94 f9, 1.85, 1.86 fc7, 1.249, 1.250
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17400
Modified Files:
f8 f9 fc7
Log Message:
bittorrent
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -r1.93 -r1.94
--- f8 18 Jan 2008 17:26:13 -0000 1.93
+++ f8 18 Jan 2008 23:04:51 -0000 1.94
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20071215
# Up to date F8 as of 20080111
+CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722]
CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926
CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -r1.85 -r1.86
--- f9 18 Jan 2008 17:26:13 -0000 1.85
+++ f9 18 Jan 2008 23:04:51 -0000 1.86
@@ -7,6 +7,7 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
+CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9]
CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007
CVE-2008-0273 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.249
retrieving revision 1.250
diff -u -r1.249 -r1.250
--- fc7 18 Jan 2008 17:26:13 -0000 1.249
+++ fc7 18 Jan 2008 23:04:51 -0000 1.250
@@ -8,6 +8,7 @@
# Up to date CVE as of CVE email 200711215
# Up to date FC7 as of 20080111
+CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644]
CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469]
CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469]
16 years, 4 months
fedora-security/audit f8, 1.92, 1.93 f9, 1.84, 1.85 fc7, 1.248, 1.249
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28528
Modified Files:
f8 f9 fc7
Log Message:
gallery2
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.92
retrieving revision 1.93
diff -u -r1.92 -r1.93
--- f8 18 Jan 2008 10:02:36 -0000 1.92
+++ f8 18 Jan 2008 17:26:13 -0000 1.93
@@ -28,6 +28,15 @@
CVE-2008-0006 VULNERABLE (libXfont) #429132
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572]
+CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
+CVE-2007-6692 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
+CVE-2007-6691 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
+CVE-2007-6690 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
+CVE-2007-6689 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
+CVE-2007-6688 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
+CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
+CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
+CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
CVE-2007-6672 VULNERABLE (jetty) #428017
CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136]
GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- f9 18 Jan 2008 10:02:36 -0000 1.84
+++ f9 18 Jan 2008 17:26:13 -0000 1.85
@@ -28,6 +28,15 @@
CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2008-0003 version (tog-pegasus, fixed 2.7.0)
+CVE-2007-6693 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
+CVE-2007-6692 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
+CVE-2007-6691 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
+CVE-2007-6690 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
+CVE-2007-6689 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
+CVE-2007-6688 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
+CVE-2007-6687 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
+CVE-2007-6686 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
+CVE-2007-6685 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
CVE-2007-6672 VULNERABLE (jetty) #428018
CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet
CVE-2007-6630 version (netembryo, fixed 0.0.5) #427470 There was not release in stable branches yet [since netembryo-0.0.5-1.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.248
retrieving revision 1.249
diff -u -r1.248 -r1.249
--- fc7 18 Jan 2008 10:02:36 -0000 1.248
+++ fc7 18 Jan 2008 17:26:13 -0000 1.249
@@ -29,6 +29,15 @@
CVE-2008-0006 VULNERABLE (libXfont) #429131
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506]
+CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
+CVE-2007-6692 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
+CVE-2007-6691 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
+CVE-2007-6690 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
+CVE-2007-6689 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
+CVE-2007-6688 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
+CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
+CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
+CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777]
CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104]
GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126]
CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped
16 years, 4 months
fedora-security/tools/lib/Libexig Bugzilla.pm, 1.4, 1.5
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12257/tools/lib/Libexig
Modified Files:
Bugzilla.pm
Log Message:
CC also co-maintainers (BZ initial CC list)
Index: Bugzilla.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Bugzilla.pm,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- Bugzilla.pm 16 Jan 2008 17:27:01 -0000 1.4
+++ Bugzilla.pm 18 Jan 2008 16:00:14 -0000 1.5
@@ -76,6 +76,11 @@
# XXX: Add also 'initialqa'?
$people{$instance->{initialowner}} = 1
if defined $instance->{initialowner};
+
+ # Add initial CC list if any
+ foreach my $cc (@{ $instance->{'initialcclist'} }) {
+ $people{$cc} = 1;
+ }
}
return keys %people;
16 years, 4 months
fedora-security/audit f8, 1.91, 1.92 f9, 1.83, 1.84 fc7, 1.247, 1.248
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25772/audit
Modified Files:
f8 f9 fc7
Log Message:
paramiko cve id
rawhide updates
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.91
retrieving revision 1.92
diff -u -r1.91 -r1.92
--- f8 17 Jan 2008 15:20:06 -0000 1.91
+++ f8 18 Jan 2008 10:02:36 -0000 1.92
@@ -7,11 +7,11 @@
# Up to date CVE as of CVE email 20071215
# Up to date F8 as of 20080111
+CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722]
CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926
CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485]
CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485]
CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485]
-GENERIC-MAP-NOMATCH fixed (python-paramiko) #428728 [since FEDORA-2008-0722]
CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0299]
**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1)
CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1)
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.83
retrieving revision 1.84
diff -u -r1.83 -r1.84
--- f9 17 Jan 2008 15:20:06 -0000 1.83
+++ f9 18 Jan 2008 10:02:36 -0000 1.84
@@ -7,10 +7,10 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
+CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9]
CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007
CVE-2008-0273 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006
CVE-2008-0272 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005
-GENERIC-MAP-NOMATCH fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9]
CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926
CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9]
**CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9]
@@ -21,11 +21,11 @@
CVE-2008-0193 version (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2
**CVE-2008-0192 version (wordpress, not fixed 2.0.9)
CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
-CVE-2008-0172 VULNERABLE (boost) #428976
-CVE-2008-0171 VULNERABLE (boost) #428976
+CVE-2008-0172 backport (boost) #428976 [since boost-1.34.1-7.fc9]
+CVE-2008-0171 backport (boost) #428976 [since boost-1.34.1-7.fc9]
CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
-CVE-2008-0006 VULNERABLE (libXfont) #429133
+CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2008-0003 version (tog-pegasus, fixed 2.7.0)
CVE-2007-6672 VULNERABLE (jetty) #428018
@@ -46,9 +46,9 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
-CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127
-CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127
-CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127
+CVE-2007-6429 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9]
+CVE-2007-6428 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9]
+CVE-2007-6427 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9]
CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984
@@ -111,7 +111,7 @@
CVE-2007-5964 backport (autofs) #421371 [since autofs-5.0.2-21]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
-CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127
+CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] code removed upstream
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9]
@@ -129,7 +129,7 @@
CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1]
-CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127
+CVE-2007-5760 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9]
CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.247
retrieving revision 1.248
diff -u -r1.247 -r1.248
--- fc7 17 Jan 2008 15:20:06 -0000 1.247
+++ fc7 18 Jan 2008 10:02:36 -0000 1.248
@@ -8,10 +8,10 @@
# Up to date CVE as of CVE email 200711215
# Up to date FC7 as of 20080111
+CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644]
CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469]
CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469]
CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469]
-GENERIC-MAP-NOMATCH fixed (python-paramiko) #428729 [since FEDORA-2008-0644]
CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926
CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333]
**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1)
16 years, 4 months
fedora-security/audit f8, 1.90, 1.91 f9, 1.82, 1.83 fc7, 1.246, 1.247
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28552/audit
Modified Files:
f8 f9 fc7
Log Message:
Xorg issues
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.90
retrieving revision 1.91
diff -u -r1.90 -r1.91
--- f8 17 Jan 2008 10:00:09 -0000 1.90
+++ f8 17 Jan 2008 15:20:06 -0000 1.91
@@ -25,6 +25,7 @@
CVE-2008-0171 VULNERABLE (boost) #428975
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
+CVE-2008-0006 VULNERABLE (libXfont) #429132
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572]
CVE-2007-6672 VULNERABLE (jetty) #428017
@@ -45,6 +46,9 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
+CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126
+CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126
+CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126
CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982
@@ -107,6 +111,7 @@
CVE-2007-5964 backport (autofs) #409701 [since FEDORA-2007-4532]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
+CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows
@@ -124,6 +129,7 @@
CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
+CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126
CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- f9 16 Jan 2008 15:40:25 -0000 1.82
+++ f9 17 Jan 2008 15:20:06 -0000 1.83
@@ -25,6 +25,7 @@
CVE-2008-0171 VULNERABLE (boost) #428976
CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
+CVE-2008-0006 VULNERABLE (libXfont) #429133
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2008-0003 version (tog-pegasus, fixed 2.7.0)
CVE-2007-6672 VULNERABLE (jetty) #428018
@@ -45,6 +46,9 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127
+CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127
+CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127
CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984
@@ -107,6 +111,7 @@
CVE-2007-5964 backport (autofs) #421371 [since autofs-5.0.2-21]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
+CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9]
@@ -124,6 +129,7 @@
CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1]
+CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127
CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.246
retrieving revision 1.247
diff -u -r1.246 -r1.247
--- fc7 17 Jan 2008 10:00:09 -0000 1.246
+++ fc7 17 Jan 2008 15:20:06 -0000 1.247
@@ -26,6 +26,7 @@
CVE-2008-0171 VULNERABLE (boost) #428974
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
+CVE-2008-0006 VULNERABLE (libXfont) #429131
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506]
CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104]
@@ -45,6 +46,9 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
+CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125
+CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125
+CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125
CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983
@@ -107,6 +111,7 @@
CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469]
CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
+CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows
@@ -123,6 +128,7 @@
CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
+CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125
CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
16 years, 4 months