Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24173
Modified Files:
f8 fc7
Log Message:
check-updates
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.174
retrieving revision 1.175
diff -u -r1.174 -r1.175
--- f8 26 Mar 2008 07:31:28 -0000 1.174
+++ f8 26 Mar 2008 17:38:15 -0000 1.175
@@ -6,25 +6,25 @@
GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635
GENERIC-MAP-NOMATCH fixed (wyrd) #433720 [since FEDORA-2008-1963]
-GENERIC-MAP-NOMATCH VULNERABLE (libsilc) #438382
+GENERIC-MAP-NOMATCH fixed (libsilc) #438382 [since FEDORA-2008-2641]
GENERIC-MAP-NOMATCH VULNERABLE (php-pecl-apc) #438847
CVE-2008-1482 VULNERABLE (xine-lib) #438670
CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370]
-CVE-2008-1468 VULNERABLE (namazu) #438667
+CVE-2008-1468 fixed (namazu) #438667 [since FEDORA-2008-2767]
CVE-2008-1467 VULNERABLE (centerim) #438871
CVE-2008-1394 ignore (plone)
-CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438133
+CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554]
CVE-2008-1372 ignore (bzip2) Just a crash
CVE-2008-1360 VULNERABLE (nagios) #437850
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 ignore (asterisk) not affected
-CVE-2008-1332 VULNERABLE (asterisk, fixed 1.4.18.1) #438133
+CVE-2008-1332 fixed (asterisk, fixed 1.4.18.1) #438133 [since FEDORA-2008-2554]
CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped
CVE-2008-1304 ignore (wordpress) bogus CVE id description?
CVE-2008-1292 fixed (viewvc) #435349 [since FEDORA-2008-2159]
CVE-2008-1291 fixed (viewvc) #435349 [since FEDORA-2008-2159]
CVE-2008-1290 fixed (viewvc) #435349 [since FEDORA-2008-2159]
-CVE-2008-1289 VULNERABLE (asterisk, fixed 1.4.18.1) #438133
+CVE-2008-1289 fixed (asterisk, fixed 1.4.18.1) #438133 [since FEDORA-2008-2554]
CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2362]
CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
@@ -45,11 +45,11 @@
CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435485
CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435485
CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911]
-CVE-2008-1066 VULNERABLE (gallery2) #438058
+CVE-2008-1066 VULNERABLE (gallery2) #438058 [since FEDORA-2008-2587]
CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062
CVE-2008-1010 ignore (WebKit) Nothing uses WebKit
CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262]
-CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438023
+CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped...
CVE-2008-0928 fixed (qemu) #433561 [since FEDORA-2008-2001]
CVE-2008-0928 fixed (kvm) #433564 [since FEDORA-2008-1973]
@@ -141,10 +141,10 @@
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
-CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438192
+CVE-2008-0073 fixed (xine-lib, fixed 1.1.11) #438192 [since FEDORA-2008-2569]
CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292]
-CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438023
-CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438023
+CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
+CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994]
CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794]
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
@@ -244,7 +244,7 @@
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) #438023
+CVE-2007-5971 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
CVE-2007-5969 backport (mysql, fixed 5.0.51) #424931 [since FEDORA-2007-4465]
CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4285]
@@ -265,7 +265,7 @@
CVE-2007-5907 VULNERABLE (xen) #390111
CVE-2007-5906 VULNERABLE (xen) #390111
CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) #438023
+CVE-2007-5901 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
CVE-2007-5848 version (cups, fixed 1.2.0)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.330
retrieving revision 1.331
diff -u -r1.330 -r1.331
--- fc7 26 Mar 2008 07:31:28 -0000 1.330
+++ fc7 26 Mar 2008 17:38:15 -0000 1.331
@@ -7,25 +7,25 @@
GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635
GENERIC-MAP-NOMATCH fixed (wyrd) #433721 [since FEDORA-2008-1986]
-GENERIC-MAP-NOMATCH VULNERABLE (libsilc) #438382
+GENERIC-MAP-NOMATCH fixed (libsilc) #438382 [since FEDORA-2008-2641]
GENERIC-MAP-NOMATCH VULNERABLE (php-pecl-apc) #438846
CVE-2008-1482 VULNERABLE (xine-lib) #438669
CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471]
-CVE-2008-1468 VULNERABLE (namazu) #438666
+CVE-2008-1468 fixed (namazu) #438666 [since FEDORA-2008-2678]
CVE-2008-1467 VULNERABLE (centerim) #438871
CVE-2008-1394 ignore (plone)
-CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438132
+CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620]
CVE-2008-1372 ignore (bzip2) Just a crash
CVE-2008-1360 VULNERABLE (nagios) #437851
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 ignore (asterisk) not affected
-CVE-2008-1332 VULNERABLE (asterisk, fixed 1.4.18.1) #438132
+CVE-2008-1332 fixed (asterisk, fixed 1.4.18.1) #438132 [since FEDORA-2008-2620]
CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped
CVE-2008-1304 ignore (wordpress) bogus CVE id description?
CVE-2008-1292 fixed (viewvc) #435349 [since FEDORA-2008-2159]
CVE-2008-1291 fixed (viewvc) #435349 [since FEDORA-2008-2159]
CVE-2008-1290 fixed (viewvc) #435349 [since FEDORA-2008-2159]
-CVE-2008-1289 VULNERABLE (asterisk, fixed 1.4.18.1) #438132
+CVE-2008-1289 fixed (asterisk, fixed 1.4.18.1) #438132 [since FEDORA-2008-2620]
CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2406]
CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
@@ -46,11 +46,11 @@
CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435487
CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435487
CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928]
-CVE-2008-1066 VULNERABLE (gallery2) #438059
-CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438063
+CVE-2008-1066 VULNERABLE (gallery2) #438059 [since FEDORA-2008-2650]
+CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656]
CVE-2008-1010 ignore (WebKit) Nothing uses WebKit
CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
-CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438022
+CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...
CVE-2008-0928 fixed (qemu) #433562 [since FEDORA-2008-1995]
CVE-2008-0928 fixed (kvm) #433565 [since FEDORA-2008-1993]
@@ -143,8 +143,8 @@
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438191
CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290]
-CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438022
-CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438022
+CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
+CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994]
CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891]
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
@@ -243,7 +243,7 @@
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) #438022
+CVE-2007-5971 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
CVE-2007-5969 backport (mysql, fixed 5.0.51) #424921 [since FEDORA-2007-4471]
CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4354]
@@ -264,7 +264,7 @@
CVE-2007-5907 VULNERABLE (xen) #390101
CVE-2007-5906 VULNERABLE (xen) #390101
CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) #438022
+CVE-2007-5901 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
CVE-2007-5848 version (cups, fixed 1.2.0)