Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28366/audit
Modified Files:
f8 f9 fc7
Log Message:
bunch of updates
some new issues
move some misplaced entries
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -r1.80 -r1.81
--- f8 14 Jan 2008 09:47:08 -0000 1.80
+++ f8 14 Jan 2008 10:05:07 -0000 1.81
@@ -5,14 +5,14 @@
# (mozilla) = (gecko-libs dependent stuff)
# Up to date CVE as of CVE email 20071215
-# Up to date F8 as of 20071221
+# Up to date F8 as of 20080111
-GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299]
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005
-CVE-2007-6018 VULNERABLE (horde) #428628
-CVE-2007-6018 VULNERABLE (imp) #428632
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485]
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485]
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485]
+CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0299]
+**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1)
+CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1)
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
@@ -39,8 +39,10 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
+CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982
+CVE-2007-6420 ignore (httpd) wontfix by upstream
CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
@@ -59,8 +61,8 @@
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465]
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
-CVE-2007-6285 VULNERABLE (autofs) #426400
-CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31)
+CVE-2007-6285 backport (autofs) #426400 [since FEDORA-2007-4707]
+CVE-2007-6284 version (libxml2, fixed 2.6.31) [since FEDORA-2008-0462]
CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655]
CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170]
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176]
@@ -86,6 +88,8 @@
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478]
CVE-2007-6061 VULNERABLE (audacity) #393251
+CVE-2007-6018 VULNERABLE (horde) #428628
+CVE-2007-6018 VULNERABLE (imp) #428632
CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275]
CVE-2007-6013 VULNERABLE (wordpress)
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- f9 14 Jan 2008 09:47:08 -0000 1.72
+++ f9 14 Jan 2008 10:05:07 -0000 1.73
@@ -7,12 +7,12 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
-GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9]
GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007
GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006
GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005
-CVE-2007-6018 VULNERABLE (horde) #428630
-CVE-2007-6018 VULNERABLE (imp) #428634
+CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9]
+**CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9]
+CVE-2008-0225 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9]
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
@@ -39,8 +39,10 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984
+CVE-2007-6420 ignore (httpd) wontfix by upstream
CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
@@ -87,6 +89,8 @@
CVE-2007-6067 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9]
+CVE-2007-6018 VULNERABLE (horde) #428630
+CVE-2007-6018 VULNERABLE (imp) #428634
CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28)
CVE-2007-6013 VULNERABLE (wordpress) #426434
CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.237
retrieving revision 1.238
diff -u -r1.237 -r1.238
--- fc7 14 Jan 2008 09:47:08 -0000 1.237
+++ fc7 14 Jan 2008 10:05:07 -0000 1.238
@@ -6,14 +6,14 @@
# A couple of first F7 updates were marked as FEDORA-2007-0001
# Up to date CVE as of CVE email 200711215
-# Up to date FC7 as of 20071221
+# Up to date FC7 as of 20080111
-GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333]
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005
-CVE-2007-6018 VULNERABLE (horde) #428629
-CVE-2007-6018 VULNERABLE (imp) #428633
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469]
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469]
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469]
+CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333]
+**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1)
+CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1)
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
@@ -39,8 +39,10 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
+CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983
+CVE-2007-6420 ignore (httpd) wontfix by upstream
CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
@@ -60,7 +62,7 @@
CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471]
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709]
-CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31)
+CVE-2007-6284 version (libxml2, fixed 2.6.31) [since FEDORA-2008-0477]
CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658]
CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161]
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]
@@ -87,6 +89,8 @@
CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
+CVE-2007-6018 VULNERABLE (horde) #428629
+CVE-2007-6018 VULNERABLE (imp) #428633
CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269]
CVE-2007-6013 VULNERABLE (wordpress)
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]