January 2008 - security-commits - Fedora Mailing-Lists

fedora-security/audit f8, 1.97, 1.98 f9, 1.89, 1.90 fc7, 1.253, 1.254

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6075/audit Modified Files: f8 f9 fc7 Log Message: note pulseaudio cve id Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.97 retrieving revision 1.98 diff -u -r1.97 -r1.98 --- f8 23 Jan 2008 18:59:44 -0000 1.97 +++ f8 24 Jan 2008 07:35:31 -0000 1.98 @@ -8,7 +8,6 @@ # Up to date F8 as of 20080111 GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429903 -GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] @@ -30,6 +29,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] +CVE-2008-0008 VULNERABLE (pulseaudio) #425481 CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.89 retrieving revision 1.90 diff -u -r1.89 -r1.90 --- f9 23 Jan 2008 18:59:44 -0000 1.89 +++ f9 24 Jan 2008 07:35:31 -0000 1.90 @@ -8,7 +8,6 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429905 -GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] @@ -30,6 +29,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0122 VULNERABLE (bind) #429534 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] +CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9] CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.253 retrieving revision 1.254 diff -u -r1.253 -r1.254 --- fc7 23 Jan 2008 18:59:44 -0000 1.253 +++ fc7 24 Jan 2008 07:35:31 -0000 1.254 @@ -9,7 +9,6 @@ # Up to date FC7 as of 20080111 GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429904 -GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] @@ -31,6 +30,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] +CVE-2008-0008 VULNERABLE (pulseaudio) #425481 CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506]

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.96, 1.97 f9, 1.88, 1.89 fc7, 1.252, 1.253

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26507 Modified Files: f8 f9 fc7 Log Message: A bunch of updates went out, tracking pulseaudio and tomcat Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.96 retrieving revision 1.97 diff -u -r1.96 -r1.97 --- f8 22 Jan 2008 19:21:47 -0000 1.96 +++ f8 23 Jan 2008 18:59:44 -0000 1.97 @@ -7,7 +7,9 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 -GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552 +GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429903 +GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 +CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 @@ -23,12 +25,12 @@ CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3. **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information -CVE-2008-0172 VULNERABLE (boost) #428975 -CVE-2008-0171 VULNERABLE (boost) #428975 +CVE-2008-0172 VULNERABLE (boost) #428975 [since FEDORA-2008-0754] +CVE-2008-0171 VULNERABLE (boost) #428975 [since FEDORA-2008-0754] CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] -CVE-2008-0122 VULNERABLE (bind) #429149 +CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] -CVE-2008-0006 VULNERABLE (libXfont) #429132 +CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] @@ -58,18 +60,18 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] -CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 -CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 -CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 +CVE-2007-6429 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] +CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] +CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429732 CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982 -CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] -CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] -CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] +CVE-2007-6337 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] +CVE-2007-6336 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] +CVE-2007-6335 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6437 fixed (syslog-ng) #426306 [since FEDORA-2008-0523] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 @@ -124,7 +126,7 @@ CVE-2007-5964 backport (autofs) #409701 [since FEDORA-2007-4532] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] -CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 +CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows @@ -142,7 +144,7 @@ CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 +CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.88 retrieving revision 1.89 diff -u -r1.88 -r1.89 --- f9 22 Jan 2008 19:21:47 -0000 1.88 +++ f9 23 Jan 2008 18:59:44 -0000 1.89 @@ -7,7 +7,9 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 -GENERIC-MAP-NOMATCH fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] +GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429905 +GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 +CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.252 retrieving revision 1.253 diff -u -r1.252 -r1.253 --- fc7 22 Jan 2008 19:21:47 -0000 1.252 +++ fc7 23 Jan 2008 18:59:44 -0000 1.253 @@ -8,7 +8,9 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 -GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552 +GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429904 +GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 +CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] @@ -24,12 +26,12 @@ CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2 **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information -CVE-2008-0172 VULNERABLE (boost) #428974 -CVE-2008-0171 VULNERABLE (boost) #428974 +CVE-2008-0172 fixed (boost) #428974 [since FEDORA-2008-0880] +CVE-2008-0171 fixed (boost) #428974 [since FEDORA-2008-0880] CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] -CVE-2008-0122 VULNERABLE (bind) #429149 +CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] -CVE-2008-0006 VULNERABLE (libXfont) #429131 +CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] @@ -58,18 +60,18 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] -CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 -CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 -CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 +CVE-2007-6429 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] +CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] +CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429731 CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983 -CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] -CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] -CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] +CVE-2007-6337 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] +CVE-2007-6336 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] +CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6437 fixed (syslog-ng) #426305 [since FEDORA-2008-0559] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 @@ -124,7 +126,7 @@ CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] -CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 +CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows @@ -141,7 +143,7 @@ CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019] CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056] CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] -CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 +CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]

16 years, 4 months

1
0
0 / 0

fedora-security/tools/lib/Libexig Bugzilla.pm, 1.1.2.3, 1.1.2.4

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25032/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Bugzilla.pm Log Message: Understand aliases, so that add-tracking-bugs --cve=* can be used Index: Bugzilla.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Bugzilla.pm,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- Bugzilla.pm 9 Jan 2008 14:37:43 -0000 1.1.2.3 +++ Bugzilla.pm 23 Jan 2008 18:42:04 -0000 1.1.2.4 @@ -102,11 +102,41 @@ return $result->[0]; } +# Take a bug id or alias and return id +sub resolve_alias +{ + my $self = shift; + my $bug = shift; + + my $call = $self->{rpc}->call('bugzilla.getBugSimple', $bug, @{$self->{creds}}); + + my $result = $call->result + or return $bug; + + return $result->{bug_id}; +} + +# Take a reference to list of scalars and replace +# bug aliases with ids in place +sub resolve_aliases +{ + my $self = shift; + my $bugs = shift; + my $i = 0; + + foreach my $bug (@{$bugs}) { + $bugs->[$i++] = $self->resolve_alias ($bug); + } + + return $bugs; +} + # Get bugs sub get_bugs { my $self = shift; - my $bugs = shift or die 'No bugs to fetch!'; + my $bugs = $self->resolve_aliases (shift) + or die 'No bugs to fetch!'; my $columns = shift; $columns = [] unless ($columns); # The default set @@ -156,8 +186,7 @@ sub add_comment { my $self = shift; - - my $bug = shift or die 'No bug!'; + my $bug = shift; my $comment = shift or die 'No comment!'; if ($self->{dryrun}) {

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.95, 1.96 f9, 1.87, 1.88 fc7, 1.251, 1.252

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9059/audit Modified Files: f8 f9 fc7 Log Message: scponly issues Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.95 retrieving revision 1.96 diff -u -r1.95 -r1.96 --- f8 21 Jan 2008 16:26:28 -0000 1.95 +++ f8 22 Jan 2008 19:21:47 -0000 1.96 @@ -65,6 +65,7 @@ CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6420 ignore (httpd) wontfix by upstream +CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429732 CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] @@ -75,7 +76,7 @@ CVE-2007-6353 VULNERABLE (exiv2) #425923 CVE-2007-6352 fixed (libexif) #425631 [since FEDORA-2007-4667] CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667] -CVE-2007-6350 VULNERABLE (scponly) rsync vector only +CVE-2007-6350 VULNERABLE (scponly) #429731 rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423291 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.87 retrieving revision 1.88 diff -u -r1.87 -r1.88 --- f9 21 Jan 2008 16:26:28 -0000 1.87 +++ f9 22 Jan 2008 19:21:47 -0000 1.88 @@ -65,6 +65,7 @@ CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6420 ignore (httpd) wontfix by upstream +CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.251 retrieving revision 1.252 diff -u -r1.251 -r1.252 --- fc7 21 Jan 2008 16:26:28 -0000 1.251 +++ fc7 22 Jan 2008 19:21:47 -0000 1.252 @@ -65,6 +65,7 @@ CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6420 ignore (httpd) wontfix by upstream +CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429731 CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] @@ -75,7 +76,7 @@ CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551] CVE-2007-6352 fixed (libexif) #425621 [since FEDORA-2007-4608] CVE-2007-6351 fixed (libexif) #425621 [since FEDORA-2007-4608] -CVE-2007-6350 VULNERABLE (scponly) rsync vector only +CVE-2007-6350 VULNERABLE (scponly) #429731 rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423281

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.94, 1.95 f9, 1.86, 1.87 fc7, 1.250, 1.251

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv30158 Modified Files: f8 f9 fc7 Log Message: bind && mantis Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.94 retrieving revision 1.95 diff -u -r1.94 -r1.95 --- f8 18 Jan 2008 23:04:51 -0000 1.94 +++ f8 21 Jan 2008 16:26:28 -0000 1.95 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 +GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552 CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 @@ -25,6 +26,7 @@ CVE-2008-0172 VULNERABLE (boost) #428975 CVE-2008-0171 VULNERABLE (boost) #428975 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] +CVE-2008-0122 VULNERABLE (bind) #429149 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0006 VULNERABLE (libXfont) #429132 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.86 retrieving revision 1.87 diff -u -r1.86 -r1.87 --- f9 18 Jan 2008 23:04:51 -0000 1.86 +++ f9 21 Jan 2008 16:26:28 -0000 1.87 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +GENERIC-MAP-NOMATCH fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 @@ -25,6 +26,7 @@ CVE-2008-0172 backport (boost) #428976 [since boost-1.34.1-7.fc9] CVE-2008-0171 backport (boost) #428976 [since boost-1.34.1-7.fc9] CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] +CVE-2008-0122 VULNERABLE (bind) #429534 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.250 retrieving revision 1.251 diff -u -r1.250 -r1.251 --- fc7 18 Jan 2008 23:04:51 -0000 1.250 +++ fc7 21 Jan 2008 16:26:28 -0000 1.251 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 +GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552 CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] @@ -26,6 +27,7 @@ CVE-2008-0172 VULNERABLE (boost) #428974 CVE-2008-0171 VULNERABLE (boost) #428974 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] +CVE-2008-0122 VULNERABLE (bind) #429149 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0006 VULNERABLE (libXfont) #429131 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.93, 1.94 f9, 1.85, 1.86 fc7, 1.249, 1.250

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17400 Modified Files: f8 f9 fc7 Log Message: bittorrent Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.93 retrieving revision 1.94 diff -u -r1.93 -r1.94 --- f8 18 Jan 2008 17:26:13 -0000 1.93 +++ f8 18 Jan 2008 23:04:51 -0000 1.94 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 +CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.85 retrieving revision 1.86 diff -u -r1.85 -r1.86 --- f9 18 Jan 2008 17:26:13 -0000 1.85 +++ f9 18 Jan 2008 23:04:51 -0000 1.86 @@ -7,6 +7,7 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 CVE-2008-0273 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.249 retrieving revision 1.250 diff -u -r1.249 -r1.250 --- fc7 18 Jan 2008 17:26:13 -0000 1.249 +++ fc7 18 Jan 2008 23:04:51 -0000 1.250 @@ -8,6 +8,7 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 +CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469]

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.92, 1.93 f9, 1.84, 1.85 fc7, 1.248, 1.249

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28528 Modified Files: f8 f9 fc7 Log Message: gallery2 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.92 retrieving revision 1.93 diff -u -r1.92 -r1.93 --- f8 18 Jan 2008 10:02:36 -0000 1.92 +++ f8 18 Jan 2008 17:26:13 -0000 1.93 @@ -28,6 +28,15 @@ CVE-2008-0006 VULNERABLE (libXfont) #429132 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] +CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6692 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6691 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6690 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6689 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6688 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] +CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] CVE-2007-6672 VULNERABLE (jetty) #428017 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.84 retrieving revision 1.85 diff -u -r1.84 -r1.85 --- f9 18 Jan 2008 10:02:36 -0000 1.84 +++ f9 18 Jan 2008 17:26:13 -0000 1.85 @@ -28,6 +28,15 @@ CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) +CVE-2007-6693 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6692 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6691 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6690 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6689 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6688 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6687 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6686 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] +CVE-2007-6685 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] CVE-2007-6672 VULNERABLE (jetty) #428018 CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet CVE-2007-6630 version (netembryo, fixed 0.0.5) #427470 There was not release in stable branches yet [since netembryo-0.0.5-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.248 retrieving revision 1.249 diff -u -r1.248 -r1.249 --- fc7 18 Jan 2008 10:02:36 -0000 1.248 +++ fc7 18 Jan 2008 17:26:13 -0000 1.249 @@ -29,6 +29,15 @@ CVE-2008-0006 VULNERABLE (libXfont) #429131 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] +CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6692 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6691 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6690 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6689 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6688 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] +CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped

16 years, 4 months

1
0
0 / 0

fedora-security/tools/lib/Libexig Bugzilla.pm, 1.4, 1.5

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12257/tools/lib/Libexig Modified Files: Bugzilla.pm Log Message: CC also co-maintainers (BZ initial CC list) Index: Bugzilla.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Bugzilla.pm,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- Bugzilla.pm 16 Jan 2008 17:27:01 -0000 1.4 +++ Bugzilla.pm 18 Jan 2008 16:00:14 -0000 1.5 @@ -76,6 +76,11 @@ # XXX: Add also 'initialqa'? $people{$instance->{initialowner}} = 1 if defined $instance->{initialowner}; + + # Add initial CC list if any + foreach my $cc (@{ $instance->{'initialcclist'} }) { + $people{$cc} = 1; + } } return keys %people;

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.91, 1.92 f9, 1.83, 1.84 fc7, 1.247, 1.248

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25772/audit Modified Files: f8 f9 fc7 Log Message: paramiko cve id rawhide updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.91 retrieving revision 1.92 diff -u -r1.91 -r1.92 --- f8 17 Jan 2008 15:20:06 -0000 1.91 +++ f8 18 Jan 2008 10:02:36 -0000 1.92 @@ -7,11 +7,11 @@ # Up to date CVE as of CVE email 20071215 # Up to date F8 as of 20080111 +CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485] CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485] CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485] -GENERIC-MAP-NOMATCH fixed (python-paramiko) #428728 [since FEDORA-2008-0722] CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0299] **CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.83 retrieving revision 1.84 diff -u -r1.83 -r1.84 --- f9 17 Jan 2008 15:20:06 -0000 1.83 +++ f9 18 Jan 2008 10:02:36 -0000 1.84 @@ -7,10 +7,10 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 +CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 CVE-2008-0273 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 CVE-2008-0272 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 -GENERIC-MAP-NOMATCH fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] **CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] @@ -21,11 +21,11 @@ CVE-2008-0193 version (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2 **CVE-2008-0192 version (wordpress, not fixed 2.0.9) CVE-2008-0191 ignore (wordpress) File path is not a sensitive information -CVE-2008-0172 VULNERABLE (boost) #428976 -CVE-2008-0171 VULNERABLE (boost) #428976 +CVE-2008-0172 backport (boost) #428976 [since boost-1.34.1-7.fc9] +CVE-2008-0171 backport (boost) #428976 [since boost-1.34.1-7.fc9] CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] -CVE-2008-0006 VULNERABLE (libXfont) #429133 +CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) CVE-2007-6672 VULNERABLE (jetty) #428018 @@ -46,9 +46,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] -CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 -CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 -CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 +CVE-2007-6429 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] +CVE-2007-6428 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] +CVE-2007-6427 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984 @@ -111,7 +111,7 @@ CVE-2007-5964 backport (autofs) #421371 [since autofs-5.0.2-21] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) -CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 +CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] code removed upstream CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9] @@ -129,7 +129,7 @@ CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] -CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 +CVE-2007-5760 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.247 retrieving revision 1.248 diff -u -r1.247 -r1.248 --- fc7 17 Jan 2008 15:20:06 -0000 1.247 +++ fc7 18 Jan 2008 10:02:36 -0000 1.248 @@ -8,10 +8,10 @@ # Up to date CVE as of CVE email 200711215 # Up to date FC7 as of 20080111 +CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] CVE-2008-0273 version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469] CVE-2008-0272 version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469] -GENERIC-MAP-NOMATCH fixed (python-paramiko) #428729 [since FEDORA-2008-0644] CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926 CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333] **CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1)

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.90, 1.91 f9, 1.82, 1.83 fc7, 1.246, 1.247

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28552/audit Modified Files: f8 f9 fc7 Log Message: Xorg issues Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.90 retrieving revision 1.91 diff -u -r1.90 -r1.91 --- f8 17 Jan 2008 10:00:09 -0000 1.90 +++ f8 17 Jan 2008 15:20:06 -0000 1.91 @@ -25,6 +25,7 @@ CVE-2008-0171 VULNERABLE (boost) #428975 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] +CVE-2008-0006 VULNERABLE (libXfont) #429132 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] CVE-2007-6672 VULNERABLE (jetty) #428017 @@ -45,6 +46,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 +CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 +CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982 @@ -107,6 +111,7 @@ CVE-2007-5964 backport (autofs) #409701 [since FEDORA-2007-4532] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] +CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows @@ -124,6 +129,7 @@ CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 +CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.82 retrieving revision 1.83 diff -u -r1.82 -r1.83 --- f9 16 Jan 2008 15:40:25 -0000 1.82 +++ f9 17 Jan 2008 15:20:06 -0000 1.83 @@ -25,6 +25,7 @@ CVE-2008-0171 VULNERABLE (boost) #428976 CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] +CVE-2008-0006 VULNERABLE (libXfont) #429133 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) CVE-2007-6672 VULNERABLE (jetty) #428018 @@ -45,6 +46,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 +CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 +CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984 @@ -107,6 +111,7 @@ CVE-2007-5964 backport (autofs) #421371 [since autofs-5.0.2-21] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) +CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9] @@ -124,6 +129,7 @@ CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] +CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429127 CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.246 retrieving revision 1.247 diff -u -r1.246 -r1.247 --- fc7 17 Jan 2008 10:00:09 -0000 1.246 +++ fc7 17 Jan 2008 15:20:06 -0000 1.247 @@ -26,6 +26,7 @@ CVE-2008-0171 VULNERABLE (boost) #428974 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] +CVE-2008-0006 VULNERABLE (libXfont) #429131 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] @@ -45,6 +46,9 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 +CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 +CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983 @@ -107,6 +111,7 @@ CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] +CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows @@ -123,6 +128,7 @@ CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019] CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056] CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] +CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]

16 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

security-commits January 2008