Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13765/audit
Modified Files:
f10 f8 f9
Log Message:
merge josh's commits to my pending pile of changes
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- f10 30 Sep 2008 12:51:46 -0000 1.16
+++ f10 7 Oct 2008 15:09:59 -0000 1.17
@@ -4,6 +4,14 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959
+CVE-2008-4434 ignore (bittorrent) 6.x only
+CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10]
+CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10]
+CVE-2008-4360 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10]
+CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #465754
+CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10]
+CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10]
CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10]
CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10]
CVE-2008-4242 VULNERABLE (proftpd) #464130
@@ -60,13 +68,15 @@
CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 version (mono) #461755 [since mono-2.0-6.fc10]
CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
-CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101
+CVE-2008-3889 version (postfix, fixed 2.4.9, 2.5.5) #459101 [since postfix-2.5.5-1.fc10]
CVE-2008-3837 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
CVE-2008-3837 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2008-3836 ignore (firefox) ff2 only
CVE-2008-3836 ignore (seamonkey) ff only
CVE-2008-3835 ignore (firefox) ff2 only
CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-3834 VULNERABLE (dbus)
+CVE-2008-3825 VULNERABLE (pam_krb5, 2.3.2)
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10]
@@ -88,6 +98,8 @@
CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
+CVE-2008-3652 VULNERABLE (ipsec-tools) #465474
+CVE-2008-3651 version (ipsec-tools, fixed 0.7.1) [since ipsec-tools-0.7.1-1.fc10]
CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10]
CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
CVE-2008-3529 version (libxml2, fixed 2.7.0) [since libxml2-2.7.1-1.fc10]
@@ -146,8 +158,8 @@
CVE-2008-2940 ignore (hplip) #458991 not run as service
CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127
-CVE-2008-2937 VULNERABLE (postfix) #459101
-CVE-2008-2936 backport (postfix) #459101 [since postfix-2.5.1-4.fc10]
+CVE-2008-2937 version (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.5-1.fc10]
+CVE-2008-2936 backport (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.1-4.fc10]
CVE-2008-2935 VULNERABLE (libxslt)
CVE-2008-2933 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10]
CVE-2008-2932 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10]
@@ -301,6 +313,7 @@
CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10]
CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
CVE-2008-0166 ignore (openssl) Debian specific
+CVE-2008-0071 ignore (bittorrent) 6.x only
CVE-2008-0016 ignore (firefox) ff2 only
CVE-2008-0016 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9]
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.236
retrieving revision 1.237
diff -u -r1.236 -r1.237
--- f8 7 Oct 2008 12:55:57 -0000 1.236
+++ f8 7 Oct 2008 15:09:59 -0000 1.237
@@ -7,10 +7,17 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957
+CVE-2008-4434 ignore (bittorrent) 6.x only
+CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582]
+CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8678]
+CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464638
+CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638
+CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286]
+CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8270]
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638
CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632
CVE-2008-4242 VULNERABLE (proftpd) #464128
-CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8423]
+CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423]
CVE-2008-4190 VULNERABLE (openswan)
CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871
CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462871
@@ -63,7 +70,7 @@
CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 VULNERABLE (mono) #461753
CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
-CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 [since FEDORA-2008-8595]
CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
@@ -71,6 +78,7 @@
CVE-2008-3835 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-3834 VULNERABLE (dbus) #465835
+CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8605]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3790 VULNERABLE (ruby)
@@ -91,6 +99,8 @@
CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
+CVE-2008-3652 VULNERABLE (ipsec-tools) #465472
+CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472
CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
CVE-2008-3533 fixed (yelp, fixed 2.24) #459502 [since FEDORA-2008-7293]
CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7666]
@@ -146,8 +156,8 @@
CVE-2008-2941 ignore (hplip) #458989 not run as service
CVE-2008-2940 ignore (hplip) #458989 not run as service
CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
-CVE-2008-2937 VULNERABLE (postfix) #459099
-CVE-2008-2936 VULNERABLE (postfix) #459099
+CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595]
+CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595]
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029]
CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491]
CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642]
@@ -530,6 +540,7 @@
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
CVE-2008-0073 fixed (xine-lib, fixed 1.1.11) #438192 [since FEDORA-2008-2569]
CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292]
+CVE-2008-0071 ignore (bittorrent) 6.x only
CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.226
retrieving revision 1.227
diff -u -r1.226 -r1.227
--- f9 7 Oct 2008 12:55:57 -0000 1.226
+++ f9 7 Oct 2008 15:09:59 -0000 1.227
@@ -6,10 +6,17 @@
rhbz249840 version (tor, fixed 0.1.2.15)
CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958
+CVE-2008-4434 ignore (bittorrent) 6.x only
+CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575]
+CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639]
+CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464639
+CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639
+CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335]
+CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252]
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639
CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490]
CVE-2008-4242 VULNERABLE (proftpd) #464129
-CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8379]
+CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379]
CVE-2008-4190 VULNERABLE (openswan)
CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872
CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462872
@@ -62,7 +69,7 @@
CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 VULNERABLE (mono) #461754
CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
-CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 [since FEDORA-2008-8593]
CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-3836 ignore (firefox) ff2 only
@@ -70,6 +77,7 @@
CVE-2008-3835 ignore (firefox) ff2 only
CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-3834 VULNERABLE (dbus) #465836
+CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9]
@@ -85,12 +93,14 @@
CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663]
CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739]
-CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185
+CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559]
CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872
CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream
CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
+CVE-2008-3652 VULNERABLE (ipsec-tools) #465473
+CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473
CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7594]
@@ -149,8 +159,8 @@
CVE-2008-2940 ignore (hplip) #458990 not run as service
CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
-CVE-2008-2937 VULNERABLE (postfix) #459100
-CVE-2008-2936 VULNERABLE (postfix) #459100
+CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593]
+CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593]
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062]
CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518]
CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339]
@@ -532,6 +542,7 @@
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
CVE-2008-0073 version (xine-lib, fixed 1.1.11) #438193 [since xine-lib-1.1.11-1.fc9]
CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9]
+CVE-2008-0071 ignore (bittorrent) 6.x only
CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]