March 2008 - security-commits - Fedora Mailing-Lists

fedora-security/audit f8, 1.171, 1.172 f9, 1.162, 1.163 fc7, 1.327, 1.328

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31648 Modified Files: f8 f9 fc7 Log Message: moin Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.171 retrieving revision 1.172 diff -u -r1.171 -r1.172 --- f8 24 Mar 2008 10:40:44 -0000 1.171 +++ f8 24 Mar 2008 10:44:59 -0000 1.172 @@ -36,6 +36,8 @@ CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043] +CVE-2008-1099 VULNERABLE (moin) #438673 +CVE-2008-1098 VULNERABLE (moin) #438673 CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435485 CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435485 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.162 retrieving revision 1.163 diff -u -r1.162 -r1.163 --- f9 24 Mar 2008 10:40:45 -0000 1.162 +++ f9 24 Mar 2008 10:44:59 -0000 1.163 @@ -37,6 +37,8 @@ CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9] CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] +CVE-2008-1099 VULNERABLE (moin) #438674 +CVE-2008-1098 VULNERABLE (moin) #438674 CVE-2008-1078 VULNERABLE (am-utils) #437746 CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435488 CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435488 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.327 retrieving revision 1.328 diff -u -r1.327 -r1.328 --- fc7 24 Mar 2008 10:40:45 -0000 1.327 +++ fc7 24 Mar 2008 10:44:59 -0000 1.328 @@ -37,6 +37,8 @@ CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047] +CVE-2008-1099 VULNERABLE (moin) #438672 +CVE-2008-1098 VULNERABLE (moin) #438672 CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435487 CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435487

16 years, 1 month

1
0
0 / 0

fedora-security/audit f8, 1.170, 1.171 f9, 1.161, 1.162 fc7, 1.326, 1.327

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31446 Modified Files: f8 f9 fc7 Log Message: Webkit,namazu,xine-lib Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.170 retrieving revision 1.171 diff -u -r1.170 -r1.171 --- f8 21 Mar 2008 08:21:14 -0000 1.170 +++ f8 24 Mar 2008 10:40:44 -0000 1.171 @@ -11,6 +11,9 @@ GENERIC-MAP-NOMATCH fixed (wyrd) #433720 [since FEDORA-2008-1963] GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159] GENERIC-MAP-NOMATCH fixed (roundup) #436547 [since FEDORA-2008-2370] +GENERIC-MAP-NOMATCH VULNERABLE (libsilc) #438382 +GENERIC-MAP-NOMATCH VULNERABLE (namazu) #438667 +GENERIC-MAP-NOMATCH VULNERABLE (xine-lib) #438670 CVE-2008-1394 ignore (plone) CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438133 CVE-2008-1360 VULNERABLE (nagios) #437850 @@ -40,6 +43,7 @@ CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911] CVE-2008-1066 VULNERABLE (gallery2) #438058 CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062 +CVE-2008-1010 ignore (WebKit) Nothing uses WebKit CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262] CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438023 CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped... Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.161 retrieving revision 1.162 diff -u -r1.161 -r1.162 --- f9 21 Mar 2008 08:21:14 -0000 1.161 +++ f9 24 Mar 2008 10:40:45 -0000 1.162 @@ -11,6 +11,9 @@ GENERIC-MAP-NOMATCH VULNERABLE (wyrd) #433722 GENERIC-MAP-NOMATCH fixed (inkscape) #432807 [since inkscape-0.45.1+0.46pre1-4.fc9] GENERIC-MAP-NOMATCH version (roundup) #436549 [since roundup-1.4.4-1.fc9] +GENERIC-MAP-NOMATCH VULNERABLE (libsilc) #438382 +GENERIC-MAP-NOMATCH VULNERABLE (namazu) #438668 +GENERIC-MAP-NOMATCH VULNERABLE (xine-lib) #438671 CVE-2008-1394 ignore (plone) CVE-2008-1390 VULNERABLE (asterisk, fixed 1.6.0-beta6) #438134 CVE-2008-1360 VULNERABLE (nagios) #437852 @@ -41,6 +44,7 @@ CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9] CVE-2008-1066 VULNERABLE (gallery2) #438060 CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064 +CVE-2008-1010 ignore (WebKit) #438537 Nothing uses WebKit CVE-2008-0983 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] CVE-2008-0947 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0932 backport (sword) #433726 [since sword-1.5.10-3.fc9] why? diatheke.pl is not shipped... Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.326 retrieving revision 1.327 diff -u -r1.326 -r1.327 --- fc7 21 Mar 2008 08:21:14 -0000 1.326 +++ fc7 24 Mar 2008 10:40:45 -0000 1.327 @@ -12,6 +12,9 @@ GENERIC-MAP-NOMATCH fixed (wyrd) #433721 [since FEDORA-2008-1986] GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159] GENERIC-MAP-NOMATCH fixed (roundup) #436548 [since FEDORA-2008-2471] +GENERIC-MAP-NOMATCH VULNERABLE (libsilc) #438382 +GENERIC-MAP-NOMATCH VULNERABLE (namazu) #438666 +GENERIC-MAP-NOMATCH VULNERABLE (xine-lib) #438669 CVE-2008-1394 ignore (plone) CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438132 CVE-2008-1360 VULNERABLE (nagios) #437851 @@ -41,6 +44,7 @@ CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928] CVE-2008-1066 VULNERABLE (gallery2) #438059 CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438063 +CVE-2008-1010 ignore (WebKit) Nothing uses WebKit CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438022 CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...

16 years, 1 month

1
0
0 / 0

fedora-security/audit f8, 1.169, 1.170 f9, 1.160, 1.161 fc7, 1.325, 1.326

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8998 Modified Files: f8 f9 fc7 Log Message: plone Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.169 retrieving revision 1.170 diff -u -r1.169 -r1.170 --- f8 19 Mar 2008 16:54:20 -0000 1.169 +++ f8 21 Mar 2008 08:21:14 -0000 1.170 @@ -11,6 +11,7 @@ GENERIC-MAP-NOMATCH fixed (wyrd) #433720 [since FEDORA-2008-1963] GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159] GENERIC-MAP-NOMATCH fixed (roundup) #436547 [since FEDORA-2008-2370] +CVE-2008-1394 ignore (plone) CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438133 CVE-2008-1360 VULNERABLE (nagios) #437850 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.160 retrieving revision 1.161 diff -u -r1.160 -r1.161 --- f9 19 Mar 2008 16:52:17 -0000 1.160 +++ f9 21 Mar 2008 08:21:14 -0000 1.161 @@ -11,6 +11,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (wyrd) #433722 GENERIC-MAP-NOMATCH fixed (inkscape) #432807 [since inkscape-0.45.1+0.46pre1-4.fc9] GENERIC-MAP-NOMATCH version (roundup) #436549 [since roundup-1.4.4-1.fc9] +CVE-2008-1394 ignore (plone) CVE-2008-1390 VULNERABLE (asterisk, fixed 1.6.0-beta6) #438134 CVE-2008-1360 VULNERABLE (nagios) #437852 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.325 retrieving revision 1.326 diff -u -r1.325 -r1.326 --- fc7 19 Mar 2008 16:54:20 -0000 1.325 +++ fc7 21 Mar 2008 08:21:14 -0000 1.326 @@ -12,6 +12,7 @@ GENERIC-MAP-NOMATCH fixed (wyrd) #433721 [since FEDORA-2008-1986] GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159] GENERIC-MAP-NOMATCH fixed (roundup) #436548 [since FEDORA-2008-2471] +CVE-2008-1394 ignore (plone) CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438132 CVE-2008-1360 VULNERABLE (nagios) #437851 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization

16 years, 1 month

1
0
0 / 0

fedora-security/tools/scripts add-issue, 1.4, 1.5

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16388/tools/scripts Modified Files: add-issue Log Message: make sure keys in %versions are sorted when used as default value for --versions Index: add-issue =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/add-issue,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- add-issue 2 Feb 2008 09:22:18 -0000 1.4 +++ add-issue 19 Mar 2008 17:01:39 -0000 1.5 @@ -56,7 +56,7 @@ @versions = $options{versions} ? split (/,/, $options{versions}) # versions were specified - : keys %versions; # all known versions + : sort {$a <=> $b} keys %versions; # all known versions @bugs = $options{bugs} ? split (/,/, $options{bugs})

16 years, 1 month

1
0
0 / 0

fedora-security/audit f8, 1.168, 1.169 fc7, 1.324, 1.325

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10075/audit Modified Files: f8 fc7 Log Message: fix mixed bz ids Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.168 retrieving revision 1.169 diff -u -r1.168 -r1.169 --- f8 19 Mar 2008 16:52:17 -0000 1.168 +++ f8 19 Mar 2008 16:54:20 -0000 1.169 @@ -132,7 +132,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] -CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438191 +CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438192 CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292] CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438023 CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438023 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.324 retrieving revision 1.325 diff -u -r1.324 -r1.325 --- fc7 19 Mar 2008 16:52:17 -0000 1.324 +++ fc7 19 Mar 2008 16:54:20 -0000 1.325 @@ -132,7 +132,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] -CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438192 +CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438191 CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290] CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438022 CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438022

16 years, 1 month

1
0
0 / 0

fedora-security/audit f8, 1.167, 1.168 f9, 1.159, 1.160 fc7, 1.323, 1.324

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10037/audit Modified Files: f8 f9 fc7 Log Message: note xine-lib Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.167 retrieving revision 1.168 diff -u -r1.167 -r1.168 --- f8 19 Mar 2008 11:41:29 -0000 1.167 +++ f8 19 Mar 2008 16:52:17 -0000 1.168 @@ -132,6 +132,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] +CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438191 CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292] CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438023 CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438023 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.159 retrieving revision 1.160 diff -u -r1.159 -r1.160 --- f9 19 Mar 2008 14:16:05 -0000 1.159 +++ f9 19 Mar 2008 16:52:17 -0000 1.160 @@ -131,6 +131,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0122 backport (bind) #429534 [since bind-9.5.0-24.b1.fc9] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] +CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438193 CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9] CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.323 retrieving revision 1.324 diff -u -r1.323 -r1.324 --- fc7 19 Mar 2008 11:41:29 -0000 1.323 +++ fc7 19 Mar 2008 16:52:17 -0000 1.324 @@ -132,6 +132,7 @@ CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] +CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438192 CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290] CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438022 CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438022

16 years, 1 month

1
0
0 / 0

fedora-security/audit f9,1.158,1.159

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25378/audit Modified Files: f9 Log Message: unzip fix in rawhide Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.158 retrieving revision 1.159 diff -u -r1.158 -r1.159 --- f9 19 Mar 2008 11:41:29 -0000 1.158 +++ f9 19 Mar 2008 14:16:05 -0000 1.159 @@ -46,7 +46,7 @@ CVE-2008-0928 backport (qemu) #433563 [since qemu-0.9.1-3.fc9] CVE-2008-0928 backport (kvm) #433566 [since kvm-61-2.fc9] CVE-2008-0928 backport (xen) [since xen-3.2.0-8.fc9] -CVE-2008-0888 VULNERABLE (unzip) #437927 +CVE-2008-0888 backport (unzip) #437927 [since unzip-5.52-9.fc9] CVE-2008-0882 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9] CVE-2008-0807 version (turba, fixed 2.1.7) #433318 [since turba-2.1.7-1.fc9] CVE-2008-0786 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9]

16 years, 1 month

1
0
0 / 0

fedora-security/audit f8, 1.166, 1.167 f9, 1.157, 1.158 fc7, 1.322, 1.323

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4042 Modified Files: f8 f9 fc7 Log Message: smarty embedded in various ... softwares Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.166 retrieving revision 1.167 diff -u -r1.166 -r1.167 --- f8 19 Mar 2008 11:34:17 -0000 1.166 +++ f8 19 Mar 2008 11:41:29 -0000 1.167 @@ -37,6 +37,8 @@ CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435485 CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435485 CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911] +CVE-2008-1066 VULNERABLE (gallery2) #438058 +CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062 CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262] CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438023 CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped... Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.157 retrieving revision 1.158 diff -u -r1.157 -r1.158 --- f9 19 Mar 2008 11:34:17 -0000 1.157 +++ f9 19 Mar 2008 11:41:29 -0000 1.158 @@ -38,6 +38,8 @@ CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435488 CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435488 CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9] +CVE-2008-1066 VULNERABLE (gallery2) #438060 +CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064 CVE-2008-0983 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] CVE-2008-0947 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0932 backport (sword) #433726 [since sword-1.5.10-3.fc9] why? diatheke.pl is not shipped... Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.322 retrieving revision 1.323 diff -u -r1.322 -r1.323 --- fc7 19 Mar 2008 11:34:17 -0000 1.322 +++ fc7 19 Mar 2008 11:41:29 -0000 1.323 @@ -38,6 +38,8 @@ CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435487 CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435487 CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928] +CVE-2008-1066 VULNERABLE (gallery2) #438059 +CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438063 CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438022 CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...

16 years, 1 month

1
0
0 / 0

fedora-security/audit f8, 1.165, 1.166 f9, 1.156, 1.157 fc7, 1.321, 1.322

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3893/audit Modified Files: f8 f9 fc7 Log Message: note asterisk, perl-Net-DNS Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.165 retrieving revision 1.166 diff -u -r1.165 -r1.166 --- f8 19 Mar 2008 08:57:54 -0000 1.165 +++ f8 19 Mar 2008 11:34:17 -0000 1.166 @@ -11,10 +11,14 @@ GENERIC-MAP-NOMATCH fixed (wyrd) #433720 [since FEDORA-2008-1963] GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159] GENERIC-MAP-NOMATCH fixed (roundup) #436547 [since FEDORA-2008-2370] +CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438133 CVE-2008-1360 VULNERABLE (nagios) #437850 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization +CVE-2008-1333 ignore (asterisk) not affected +CVE-2008-1332 VULNERABLE (asterisk, fixed 1.4.18.1) #438133 CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped CVE-2008-1304 ignore (wordpress) bogus CVE id description? +CVE-2008-1289 VULNERABLE (asterisk, fixed 1.4.18.1) #438133 CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2362] CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects. **CVE-2008-1227 fixed (libsilc) We updated this as non-security @@ -173,6 +177,7 @@ CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6415 fixed (scponly, fixed 4.8) #429732 [since FEDORA-2008-1743] CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] +CVE-2007-6341 ignore (perl-Net-DNS) no impact CVE-2007-6337 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6336 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6335 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.156 retrieving revision 1.157 diff -u -r1.156 -r1.157 --- f9 19 Mar 2008 08:57:54 -0000 1.156 +++ f9 19 Mar 2008 11:34:17 -0000 1.157 @@ -11,10 +11,14 @@ GENERIC-MAP-NOMATCH VULNERABLE (wyrd) #433722 GENERIC-MAP-NOMATCH fixed (inkscape) #432807 [since inkscape-0.45.1+0.46pre1-4.fc9] GENERIC-MAP-NOMATCH version (roundup) #436549 [since roundup-1.4.4-1.fc9] +CVE-2008-1390 VULNERABLE (asterisk, fixed 1.6.0-beta6) #438134 CVE-2008-1360 VULNERABLE (nagios) #437852 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization +CVE-2008-1333 VULNERABLE (asterisk, fixed 1.6.0-beta6) #438134 +CVE-2008-1332 ignore (asterisk) not affected according to upstream advisory CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped CVE-2008-1304 ignore (wordpress) bogus CVE id description? +CVE-2008-1289 VULNERABLE (asterisk, fixed 1.6.0-beta6) #438134 CVE-2008-1284 version (horde, fixed 3.1.7) #436628 CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects. **CVE-2008-1227 fixed (libsilc) We updated this as non-security @@ -172,6 +176,7 @@ CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6415 backport (scponly, fixed 4.8) [since scponly-4.6-10.fc9] CVE-2007-6388 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] +CVE-2007-6341 version (perl-Net-DNS) [since perl-Net-DNS-0.63-1.fc9] CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.321 retrieving revision 1.322 diff -u -r1.321 -r1.322 --- fc7 19 Mar 2008 08:57:54 -0000 1.321 +++ fc7 19 Mar 2008 11:34:17 -0000 1.322 @@ -12,10 +12,14 @@ GENERIC-MAP-NOMATCH fixed (wyrd) #433721 [since FEDORA-2008-1986] GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159] GENERIC-MAP-NOMATCH fixed (roundup) #436548 [since FEDORA-2008-2471] +CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438132 CVE-2008-1360 VULNERABLE (nagios) #437851 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization +CVE-2008-1333 ignore (asterisk) not affected +CVE-2008-1332 VULNERABLE (asterisk, fixed 1.4.18.1) #438132 CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped CVE-2008-1304 ignore (wordpress) bogus CVE id description? +CVE-2008-1289 VULNERABLE (asterisk, fixed 1.4.18.1) #438132 CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2406] CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects. **CVE-2008-1227 fixed (libsilc) We updated this as non-security @@ -172,6 +176,7 @@ CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6415 fixed (scponly, fixed 4.8) #429731 [since FEDORA-2008-1728] CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] +CVE-2007-6341 ignore (perl-Net-DNS) no impact CVE-2007-6337 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6336 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]

16 years, 1 month

1
0
0 / 0

fedora-security/audit f8, 1.164, 1.165 f9, 1.155, 1.156 fc7, 1.320, 1.321

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10034/audit Modified Files: f8 f9 fc7 Log Message: note krb5 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.164 retrieving revision 1.165 diff -u -r1.164 -r1.165 --- f8 18 Mar 2008 07:57:01 -0000 1.164 +++ f8 19 Mar 2008 08:57:54 -0000 1.165 @@ -34,6 +34,7 @@ CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435485 CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911] CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262] +CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438023 CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped... CVE-2008-0928 fixed (qemu) #433561 [since FEDORA-2008-2001] CVE-2008-0928 fixed (kvm) #433564 [since FEDORA-2008-1973] @@ -126,6 +127,8 @@ CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292] +CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438023 +CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438023 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] @@ -224,7 +227,7 @@ CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable -CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) +CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) #438023 CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning CVE-2007-5969 backport (mysql, fixed 5.0.51) #424931 [since FEDORA-2007-4465] CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4285] @@ -245,7 +248,7 @@ CVE-2007-5907 VULNERABLE (xen) #390111 CVE-2007-5906 VULNERABLE (xen) #390111 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable -CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) +CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) #438023 CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131 CVE-2007-5848 version (cups, fixed 1.2.0) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.155 retrieving revision 1.156 diff -u -r1.155 -r1.156 --- f9 18 Mar 2008 07:57:01 -0000 1.155 +++ f9 19 Mar 2008 08:57:54 -0000 1.156 @@ -35,6 +35,7 @@ CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435488 CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9] CVE-2008-0983 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] +CVE-2008-0947 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0932 backport (sword) #433726 [since sword-1.5.10-3.fc9] why? diatheke.pl is not shipped... CVE-2008-0928 backport (qemu) #433563 [since qemu-0.9.1-3.fc9] CVE-2008-0928 backport (kvm) #433566 [since kvm-61-2.fc9] @@ -125,6 +126,8 @@ CVE-2008-0122 backport (bind) #429534 [since bind-9.5.0-24.b1.fc9] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9] +CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] +CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9] CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] @@ -223,7 +226,7 @@ CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable -CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) +CVE-2007-5971 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning CVE-2007-5969 backport (mysql, fixed 5.0.51) [since mysql-5.0.45-6.fc9] CVE-2007-5965 version (qt4, fixed 4.3.3) [since qt4-4.3.3-1.fc9] @@ -244,7 +247,7 @@ CVE-2007-5907 VULNERABLE (xen) #390121 CVE-2007-5906 VULNERABLE (xen) #390121 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable -CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) +CVE-2007-5901 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9] CVE-2007-5848 version (cups, fixed 1.2.0) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.320 retrieving revision 1.321 diff -u -r1.320 -r1.321 --- fc7 18 Mar 2008 07:57:01 -0000 1.320 +++ fc7 19 Mar 2008 08:57:54 -0000 1.321 @@ -35,6 +35,7 @@ CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435487 CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928] CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278] +CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438022 CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped... CVE-2008-0928 fixed (qemu) #433562 [since FEDORA-2008-1995] CVE-2008-0928 fixed (kvm) #433565 [since FEDORA-2008-1993] @@ -126,6 +127,8 @@ CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290] +CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438022 +CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438022 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] @@ -223,7 +226,7 @@ CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable -CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) +CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) #438022 CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning CVE-2007-5969 backport (mysql, fixed 5.0.51) #424921 [since FEDORA-2007-4471] CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4354] @@ -244,7 +247,7 @@ CVE-2007-5907 VULNERABLE (xen) #390101 CVE-2007-5906 VULNERABLE (xen) #390101 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable -CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) +CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) #438022 CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131 CVE-2007-5848 version (cups, fixed 1.2.0)

16 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

security-commits March 2008