Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15662/audit
Modified Files:
f10 f11 f8 f9
Log Message:
large pile of updates
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- f10 4 Dec 2008 13:05:45 -0000 1.31
+++ f10 19 Dec 2008 16:13:54 -0000 1.32
@@ -4,18 +4,56 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc10]
+CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10956]
+CVE-2008-5657 version (quassel, fixed 0.3.0.3) [since quassel-0.3.0.3-1.fc10]
+CVE-2008-5647 VULNERABLE (trac, fixed 0.11.2)
+CVE-2008-5646 VULNERABLE (trac, fixed 0.11.2)
+CVE-2008-5622 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11257] PMASA-2008-10, same as CVE-2008-5621?
+CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11257] PMASA-2008-10
+CVE-2008-5620 VULNERABLE (roundcubemail, fixed 0.2-rc) [since roundcubemail-0.2-5.beta.fc10]
+CVE-2008-5619 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11247]
+CVE-2008-5618 VULNERABLE (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.21.9-1.fc10]
+CVE-2008-5617 VULNERABLE (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.21.9-1.fc10]
+CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [phpPgAdmin-4.2.2-1.fc10]
+CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected
+CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
+CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
+CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
+CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
+CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
+CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
+CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
+CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
+CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9903]
+CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991]
+CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991]
CVE-2008-5299 VULNERABLE (chm2pdf) #474459
CVE-2008-5298 VULNERABLE (chm2pdf) #474459
CVE-2008-5286 ignore (cups) libpng prevents this
CVE-2008-5187 fixed (imlib2) #472579 [since FEDORA-2008-10364]
CVE-2008-5184 version (cups, fixed 1.3.8)
-CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.3.9-4.fc10]
+CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10895]
CVE-2008-5153 VULNERABLE (moodle) #472120
CVE-2008-5148 fixed (geda-gnetlist) #472116 [since FEDORA-2008-9730]
CVE-2008-5138 VULNERABLE (pam_mount) #472112
CVE-2008-5113 VULNERABLE (wordpress) #471992
-CVE-2008-5110 VULNERABLE (syslog-ng) [since syslog-ng-2.0.10-1.fc10]
+CVE-2008-5110 fixed (syslog-ng) [since FEDORA-2008-10879]
CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10]
+CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc10]
+CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) [since avahi-0.6.22-12.fc10]
+CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10950]
CVE-2008-5076 fixed (htop) [since FEDORA-2008-9944]
CVE-2008-5050 version (clamav, fixed 0.94.1) [since clamav-0.94.1-1.fc10]
CVE-2008-5030 fixed (libcdaudio)
@@ -62,6 +100,7 @@
CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061]
CVE-2008-4314 fixed (samba, fixed 3.0.33,3.2.5) [since FEDORA-2008-10612]
CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061]
+CVE-2008-4311 fixed (dbus, fixed 1.2.6) [since FEDORA-2008-10733]
CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-10451]
CVE-2008-4306 fixed (enscript) [since enscript-1.6.4-11.fc10]
CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10]
@@ -71,8 +110,8 @@
CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-10038]
CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10]
CVE-2008-4190 VULNERABLE (openswan)
-CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462873
-CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462873
+CVE-2008-4130 fixed (gallery2, fixed 2.2.6) #462873 [since FEDORA-2008-11218]
+CVE-2008-4129 fixed (gallery2, fixed 2.2.6) #462873 [since FEDORA-2008-11218]
CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
@@ -155,7 +194,7 @@
CVE-2008-3714 backport (awstats) #459743 [since awstats-6.8-2.fc10]
CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected
CVE-2008-3663 version (squirrelmail, fixed 1.4.16) #464186 [since squirrelmail-1.4.16-1.fc10]
-CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462873
+CVE-2008-3662 fixed (gallery2, fixed 2.2.6) #462873 [since FEDORA-2008-11218]
CVE-2008-3661 fixed (drupal) #464165 ignored by upstream [since drupal-6.5-1.fc10]
CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
Index: f11
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f11,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- f11 4 Dec 2008 13:05:45 -0000 1.3
+++ f11 19 Dec 2008 16:13:54 -0000 1.4
@@ -4,15 +4,53 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc10]
+CVE-2008-5660 version (vinagre, fixed 0.5.2,2.24.2) [since vinagre-2.25.3-1.fc11]
+CVE-2008-5657 version (quassel, fixed 0.3.0.3) [since quassel-0.3.0.3-1.fc11]
+CVE-2008-5647 version (trac, fixed 0.11.2) [since trac-0.11.2.1-2.fc11]
+CVE-2008-5646 version (trac, fixed 0.11.2) [since trac-0.11.2.1-2.fc11]
+CVE-2008-5622 version (phpMyAdmin, fixed 3.1.1) [since phpMyAdmin-3.1.1-1.fc11] PMASA-2008-10, same as CVE-2008-5621?
+CVE-2008-5621 version (phpMyAdmin, fixed 3.1.1) [since phpMyAdmin-3.1.1-1.fc11] PMASA-2008-10
+CVE-2008-5620 backport (roundcubemail, fixed 0.2-rc) [sice roundcubemail-0.2-5.beta.fc11]
+CVE-2008-5619 backport (roundcubemail, fixed 0.2-rc) [since roundcubemail-0.2-4.beta.fc11]
+CVE-2008-5618 version (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.21.9-1.fc11]
+CVE-2008-5617 version (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.21.9-1.fc11]
+CVE-2008-5587 version (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc11]
+CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected
+CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5512 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
+CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5511 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
+CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5510 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
+CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5508 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
+CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5507 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
+CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5506 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
+CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5503 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
+CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5500 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
+CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5432 version (moodle, fixed 1.8.7,1.9.3) [since moodle-1.9.3-3.fc11]
+CVE-2008-5398 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11]
+CVE-2008-5397 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11]
CVE-2008-5299 VULNERABLE (chm2pdf)
CVE-2008-5298 VULNERABLE (chm2pdf)
CVE-2008-5286 ignore (cups) libpng prevents this
CVE-2008-5184 version (cups, fixed 1.3.8)
-CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10)
+CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.4-0.b1.5.fc11]
CVE-2008-5153 VULNERABLE (moodle)
CVE-2008-5138 VULNERABLE (pam_mount)
CVE-2008-5113 VULNERABLE (wordpress) #471992
CVE-2008-5110 version (syslog-ng, fixed 2.0.10) [since syslog-ng-2.0.10-1.fc11]
+CVE-2008-5086 backport (libvirt) [since libvirt-0.5.1-2.fc11]
+CVE-2008-5081 version (avahi, fixed 0.6.24) [since avahi-0.6.24-1.fc11]
+CVE-2008-5080 backport (awstats) [since awstats-6.8-3.fc11]
CVE-2008-4863 backport (blender) [blender-2.48a-4.fc10]
CVE-2008-4690 backport (lynx) [since lynx-2.8.6-18.fc10]
CVE-2008-4641 VULNERABLE (jhead)
@@ -21,6 +59,7 @@
CVE-2008-4315 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11]
CVE-2008-4314 version (samba, fixed 3.0.33,3.2.5) [since samba-3.2.5-0.23.fc11]
CVE-2008-4313 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11]
+CVE-2008-4311 version (dbus, fixed 1.2.6) [since dbus-1.2.6-1.fc11]
CVE-2008-4309 version (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10]
CVE-2008-4242 VULNERABLE (proftpd) #464130
CVE-2008-4190 VULNERABLE (openswan)
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.250
retrieving revision 1.251
diff -u -r1.250 -r1.251
--- f8 4 Dec 2008 13:05:45 -0000 1.250
+++ f8 19 Dec 2008 16:13:54 -0000 1.251
@@ -6,16 +6,52 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc8]
+CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10941]
+CVE-2008-5647 VULNERABLE (trac, 0.11.2)
+CVE-2008-5646 VULNERABLE (trac, 0.11.2)
+CVE-2008-5622 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11221] PMASA-2008-10, same as CVE-2008-5621?
+CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11221] PMASA-2008-10
+CVE-2008-5620 VULNERABLE (roundcubemail, 0.2-rc) [since roundcubemail-0.2-5.beta.fc8]
+CVE-2008-5619 fixed (roundcubemail, 0.2-rc) [since FEDORA-2008-11220]
+CVE-2008-5618 ignore (rsyslog, 3.20.2) not affected
+CVE-2008-5617 ignore (rsyslog, 3.20.1) not affected
+CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc8]
+CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected
+CVE-2008-5513 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
+CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
+CVE-2008-5512 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
+CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
+CVE-2008-5511 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
+CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
+CVE-2008-5510 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
+CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
+CVE-2008-5508 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
+CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
+CVE-2008-5507 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
+CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
+CVE-2008-5506 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
+CVE-2008-5504 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
+CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
+CVE-2008-5503 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
+CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
+CVE-2008-5500 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
+CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9502]
+CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10954]
+CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10954]
CVE-2008-5286 ignore (cups) libpng prevents this
CVE-2008-5187 fixed (imlib2) #472577 [since FEDORA-2008-10296]
CVE-2008-5184 version (cups, fixed 1.3.8)
-CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.3.9-2.fc8]
+CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10911]
CVE-2008-5153 VULNERABLE (moodle) #472118
CVE-2008-5148 fixed (geda-gnetlist) #472114 [since FEDORA-2008-9730]
CVE-2008-5138 VULNERABLE (pam_mount) #472110
CVE-2008-5113 VULNERABLE (wordpress) #471990
-CVE-2008-5110 VULNERABLE (syslog-ng) #471985
+CVE-2008-5110 fixed (syslog-ng) #471985 [since FEDORA-2008-10920]
CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9639]
+CVE-2008-5086 VULNERABLE (libvirt)
+CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24)
+CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10938]
CVE-2008-5076 fixed (htop) [since FEDORA-2008-9791]
CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9651]
CVE-2008-5030 fixed (libcdaudio)
@@ -62,6 +98,7 @@
CVE-2008-4315 ignore (tog-pegasus)
CVE-2008-4314 fixed (samba, fixed 3.0.33,3.2.5) [since FEDORA-2008-10638]
CVE-2008-4313 ignore (tog-pegasus)
+CVE-2008-4311 VULNERABLE (dbus, fixed 1.2.6)
CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9362]
CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9351]
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638
@@ -71,8 +108,8 @@
CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9729]
CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423]
CVE-2008-4190 VULNERABLE (openswan)
-CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871
-CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462871
+CVE-2008-4130 fixed (gallery2, fixed 2.2.6) #462871 [since FEDORA-2008-11230]
+CVE-2008-4129 fixed (gallery2, fixed 2.2.6) #462871 [since FEDORA-2008-11230]
CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
@@ -150,7 +187,7 @@
CVE-2008-3714 fixed (awstats) #459741 [since FEDORA-2008-7684]
CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719]
CVE-2008-3663 fixed (squirrelmail, fixed 1.4.16) #464184 [since FEDORA-2008-9071]
-CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871
+CVE-2008-3662 fixed (gallery2, fixed 2.2.6) #462871 [since FEDORA-2008-11230]
CVE-2008-3661 fixed (drupal) #464163 [since FEDORA-2008-8905] ignored by upstream
CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736]
CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.241
retrieving revision 1.242
diff -u -r1.241 -r1.242
--- f9 4 Dec 2008 13:05:46 -0000 1.241
+++ f9 19 Dec 2008 16:13:54 -0000 1.242
@@ -5,16 +5,54 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc9]
+CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10932]
+CVE-2008-5657 fixed (quassel, fixed 0.3.0.3) [since FEDORA-2008-9658]
+CVE-2008-5647 VULNERABLE (trac, fixed 0.11.2)
+CVE-2008-5646 VULNERABLE (trac, fixed 0.11.2)
+CVE-2008-5622 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11208] PMASA-2008-10, same as CVE-2008-5621?
+CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11208] PMASA-2008-10
+CVE-2008-5620 VULNERABLE (roundcubemail, fixed 0.2-rc)
+CVE-2008-5619 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11234]
+CVE-2008-5618 VULNERABLE (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.20.2-2.fc9]
+CVE-2008-5617 VULNERABLE (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.20.2-2.fc9]
+CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc9]
+CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected
+CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
+CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
+CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
+CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
+CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
+CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
+CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
+CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
+CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9508]
+CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989]
+CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989]
CVE-2008-5286 ignore (cups) libpng prevents this
CVE-2008-5187 fixed (imlib2) #472578 [since FEDORA-2008-10287]
CVE-2008-5184 version (cups, fixed 1.3.8)
-CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.3.9-2.fc9]
+CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10917]
CVE-2008-5153 VULNERABLE (moodle) #472119
CVE-2008-5148 fixed (geda-gnetlist) #472115 [since FEDORA-2008-9730]
CVE-2008-5138 VULNERABLE (pam_mount) #472111
CVE-2008-5113 VULNERABLE (wordpress) #471991
-CVE-2008-5110 VULNERABLE (syslog-ng) #471986
+CVE-2008-5110 fixed (syslog-ng) #471986 [since FEDORA-2008-10752]
CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633]
+CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc9]
+CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24)
+CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10962]
CVE-2008-5076 fixed (htop) [since FEDORA-2008-9728]
CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9644]
CVE-2008-5030 fixed (libcdaudio)
@@ -61,6 +99,7 @@
CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688]
CVE-2008-4314 fixed (samba, fixed 3.0.33,3.2.5) [since FEDORA-2008-10518]
CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688]
+CVE-2008-4311 fixed (dbus, fixed 1.2.6) [since FEDORA-2008-10907]
CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9367]
CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372]
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639
@@ -70,8 +109,8 @@
CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9773]
CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379]
CVE-2008-4190 VULNERABLE (openswan)
-CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872
-CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462872
+CVE-2008-4130 fixed (gallery2, fixed 2.2.6) #462872 [since FEDORA-2008-11258]
+CVE-2008-4129 fixed (gallery2, fixed 2.2.6) #462872 [since FEDORA-2008-11258]
CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
@@ -154,7 +193,7 @@
CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663]
CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739]
CVE-2008-3663 fixed (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559]
-CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872
+CVE-2008-3662 fixed (gallery2, fixed 2.2.6) #462872 [since FEDORA-2008-11258]
CVE-2008-3661 fixed (drupal) #464164 [since FEDORA-2008-8852] ignored by upstream
CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738]
CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738]