Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7474/audit
Modified Files:
f10 f8 f9
Added Files:
f11
Log Message:
bunch of updates
add f11 file
***** Error reading new file: [Errno 2] No such file or directory: 'f11'
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- f10 21 Nov 2008 20:59:01 -0000 1.28
+++ f10 26 Nov 2008 09:50:09 -0000 1.29
@@ -4,21 +4,21 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
-CVE-2008-5187 VULNERABLE (imlib2) #472579
+CVE-2008-5187 fixed (imlib2) #472579 [since FEDORA-2008-10364]
CVE-2008-5153 VULNERABLE (moodle) #472120
-CVE-2008-5148 VULNERABLE (geda-gnetlist) #472116
+CVE-2008-5148 fixed (geda-gnetlist) #472116 [since FEDORA-2008-9730]
CVE-2008-5138 VULNERABLE (pam_mount) #472112
CVE-2008-5113 VULNERABLE (wordpress) #471992
CVE-2008-5110 VULNERABLE (syslog-ng)
CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10]
-CVE-2008-5076 VULNERABLE (htop)
+CVE-2008-5076 fixed (htop) [since FEDORA-2008-9944]
CVE-2008-5050 version (clamav, fixed 0.94.1) [since clamav-0.94.1-1.fc10]
CVE-2008-5030 fixed (libcdaudio)
CVE-2008-5008 version (libsamplerate, fixed 0.14) [since libsamplerate-0.1.4-1.fc10]
CVE-2008-5007 fixed (lazarus) [since lazarus-0.9.26-1.fc10]
CVE-2008-5006 version (uw-imap, fixed 2007d) [since uw-imap-2007d-1.fc10]
CVE-2008-5005 version (uw-imap, fixed 2007d) [since uw-imap-2007d-1.fc10]
-CVE-2008-4989 VULNERABLE (gnutls, fixed 2.6.1) [since gnutls-2.4.2-3.fc10]
+CVE-2008-4989 fixed (gnutls, fixed 2.6.1) [since FEDORA-2008-10162]
CVE-2008-4987 fixed (xastir) [since xastir-1.9.2-9.fc10]
CVE-2008-4985 ignore (vdr) Debian-specific
CVE-2008-4982 fixed (rkhunter) [since rkhunter-1.3.2-5.fc10]
@@ -37,7 +37,7 @@
CVE-2008-4776 version (libgadu, fixed 1.8.2) [since libgadu-1.8.2-1.fc10]
CVE-2008-4775 version (phpMyAdmin, fixed 3.0.1.1) [since phpMyAdmin-3.0.1.1-1.fc10]
CVE-2008-4769 version (wordpress)
-CVE-2008-4690 VULNERABLE (lynx) [since lynx-2.8.6-18.fc10]
+CVE-2008-4690 VULNERABLE (lynx) [since FEDORA-2008-9952]
CVE-2008-4641 VULNERABLE (jhead)
CVE-2008-4640 VULNERABLE (jhead)
CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10]
@@ -45,6 +45,7 @@
CVE-2008-4578 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10]
CVE-2008-4577 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10]
CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10]
+CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10392] dialupadmin subpackage dropped
CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10]
@@ -53,11 +54,15 @@
CVE-2008-4359 version (lighttpd, fixed 1.4.20) #465754 [since lighttpd-1.4.20-1.fc10]
CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10]
CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10]
+CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061]
+CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061]
CVE-2008-4309 VULNERABLE (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10]
CVE-2008-4306 fixed (enscript) [since enscript-1.6.4-11.fc10]
CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10]
CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10]
CVE-2008-4242 VULNERABLE (proftpd) #464130
+CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-10038]
+CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-10038]
CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10]
CVE-2008-4190 VULNERABLE (openswan)
CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462873
@@ -311,7 +316,7 @@
CVE-2008-2085 backport (sipp) #446222 [since sipp-3.1-2.fc10]
CVE-2008-2079 version (mysql, fixed 5.0.60) [since mysql-5.0.67-1.fc10]
CVE-2008-2051 version (php, fixed 5.2.6) [since php-5.2.6-2.fc9]
-CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10]
+CVE-2008-2004 backport (xen) disables format autodetection by default [since xen-3.2.0-14.fc10]
CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
CVE-2008-1999 VULNERABLE (WebKit)
@@ -342,7 +347,7 @@
CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10]
CVE-2008-1502 version (moodle, fixed 1.9)
CVE-2008-1488 version (php-pecl-apc) #438848 [since php-pecl-apc-3.0.19-1.fc10]
-CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5)
+CVE-2008-1475 version (roundup, fixed 1.4.5) [since roundup-1.4.6-1.fc10]
CVE-2008-1447 version (bind) #454477 [since bind-9.5.1-0.1.b1.fc10)]
CVE-2008-1447 version (dnssec-tools) [since dnssec-tools-1.4.1-2.fc10]
CVE-2008-1423 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10]
@@ -379,8 +384,8 @@
CVE-2007-6318 VULNERABLE (wordpress) #426434
CVE-2007-6131 VULNERABLE (scanbuttond)
CVE-2007-5962 fixed (vsftpd) [since vsftpd-2.0.6-4.fc10]
-CVE-2007-5907 VULNERABLE (xen) #390121
-CVE-2007-5906 VULNERABLE (xen) #390121
+CVE-2007-5907 version (xen) #390121
+CVE-2007-5906 version (xen) #390121
CVE-2007-5803 version (nagios, fixed 2.12) #446383 [since nagios-2.12-3.fc10]
CVE-2007-5615 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10]
CVE-2007-5614 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10]
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.248
retrieving revision 1.249
diff -u -r1.248 -r1.249
--- f8 21 Nov 2008 20:59:01 -0000 1.248
+++ f8 26 Nov 2008 09:50:09 -0000 1.249
@@ -6,14 +6,14 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
-CVE-2008-5187 VULNERABLE (imlib2) #472577
+CVE-2008-5187 fixed (imlib2) #472577 [since FEDORA-2008-10296]
CVE-2008-5153 VULNERABLE (moodle) #472118
-CVE-2008-5148 VULNERABLE (geda-gnetlist) #472114
+CVE-2008-5148 fixed (geda-gnetlist) #472114 [since FEDORA-2008-9730]
CVE-2008-5138 VULNERABLE (pam_mount) #472110
CVE-2008-5113 VULNERABLE (wordpress) #471990
CVE-2008-5110 VULNERABLE (syslog-ng) #471985
CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9639]
-CVE-2008-5076 VULNERABLE (htop)
+CVE-2008-5076 fixed (htop) [since FEDORA-2008-9791]
CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9651]
CVE-2008-5030 fixed (libcdaudio)
CVE-2008-5008 VULNERABLE (libsamplerate, fixed 0.14)
@@ -47,6 +47,7 @@
CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix
CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9232]
CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941]
+CVE-2008-4474 ignore (freeradius) dialupadmin not shipped
CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582]
@@ -55,11 +56,15 @@
CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638
CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286]
CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8270]
+CVE-2008-4315 ignore (tog-pegasus)
+CVE-2008-4313 ignore (tog-pegasus)
CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9362]
CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9351]
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638
CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632
CVE-2008-4242 VULNERABLE (proftpd) #464128
+CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9729]
+CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9729]
CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423]
CVE-2008-4190 VULNERABLE (openswan)
CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871
@@ -392,7 +397,7 @@
CVE-2008-1488 fixed (php-pecl-apc) #438847 [since FEDORA-2008-6344]
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849]
-CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5)
+CVE-2008-1475 fixed (roundup, fixed 1.4.5) [since FEDORA-2008-9712]
CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370]
CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767]
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.239
retrieving revision 1.240
diff -u -r1.239 -r1.240
--- f9 21 Nov 2008 20:59:01 -0000 1.239
+++ f9 26 Nov 2008 09:50:09 -0000 1.240
@@ -5,14 +5,14 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
-CVE-2008-5187 VULNERABLE (imlib2) #472578
+CVE-2008-5187 fixed (imlib2) #472578 [since FEDORA-2008-10287]
CVE-2008-5153 VULNERABLE (moodle) #472119
-CVE-2008-5148 VULNERABLE (geda-gnetlist) #472115
+CVE-2008-5148 fixed (geda-gnetlist) #472115 [since FEDORA-2008-9730]
CVE-2008-5138 VULNERABLE (pam_mount) #472111
CVE-2008-5113 VULNERABLE (wordpress) #471991
CVE-2008-5110 VULNERABLE (syslog-ng) #471986
CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633]
-CVE-2008-5076 VULNERABLE (htop)
+CVE-2008-5076 fixed (htop) [since FEDORA-2008-9728]
CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9644]
CVE-2008-5030 fixed (libcdaudio)
CVE-2008-5008 VULNERABLE (libsamplerate, fixed 0.14)
@@ -46,6 +46,7 @@
CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix
CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9202]
CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928]
+CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10309] dialupadmin subpackage dropped
CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575]
@@ -54,11 +55,15 @@
CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639
CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335]
CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252]
+CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688]
+CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688]
CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9367]
CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372]
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639
CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490]
CVE-2008-4242 VULNERABLE (proftpd) #464129
+CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9773]
+CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9773]
CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379]
CVE-2008-4190 VULNERABLE (openswan)
CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872
@@ -320,7 +325,7 @@
CVE-2008-2051 fixed (php, fixed 5.2.6) [since FEDORA-2008-3606]
CVE-2008-2050 ignore (php, fixed 5.2.6)
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
-CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc9]
+CVE-2008-2004 fixed (xen) [since FEDORA-2008-5053] disables format autodetection by default
CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
CVE-2008-2000 ignore (WebKit) browser DoS
@@ -335,7 +340,7 @@
CVE-2008-1947 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
CVE-2008-1944 version (xen, fixed 3.2)
-CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
+CVE-2008-1943 fixed (xen) [since FEDORA-2008-5053]
CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0
CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443941 [since FEDORA-2008-4003]
@@ -401,7 +406,7 @@
CVE-2008-1488 fixed (php-pecl-apc) #455166 [since FEDORA-2008-6401]
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9]
-CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5)
+CVE-2008-1475 fixed (roundup, fixed 1.4.5) [since FEDORA-2008-9734]
CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9]
CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9]
CVE-2008-1467 fixed (centerim) #438871
@@ -727,8 +732,8 @@
CVE-2007-5934 version (php-pear-MDB2-Driver-mysql) #379141 [since php-pear-MDB2-Driver-mysql-1.4.1-3.fc9]
CVE-2007-5934 version (php-pear-MDB2-Driver-mysqli) #379171 [since php-pear-MDB2-Driver-mysqli-1.4.1-3.fc9]
CVE-2007-5925 backport (mysql, fixed 5.0.54) [since mysql-5.0.45-6.fc9]
-CVE-2007-5907 VULNERABLE (xen) #390121
-CVE-2007-5906 VULNERABLE (xen) #390121
+CVE-2007-5907 version (xen) #390121
+CVE-2007-5906 version (xen) #390121
CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5901 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2007-5900 ignore (php, fixed 5.2.5)