fedora-security/audit f8, 1.171, 1.172 f9, 1.162, 1.163 fc7, 1.327, 1.328
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31648
Modified Files:
f8 f9 fc7
Log Message:
moin
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.171
retrieving revision 1.172
diff -u -r1.171 -r1.172
--- f8 24 Mar 2008 10:40:44 -0000 1.171
+++ f8 24 Mar 2008 10:44:59 -0000 1.172
@@ -36,6 +36,8 @@
CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only
CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043]
+CVE-2008-1099 VULNERABLE (moin) #438673
+CVE-2008-1098 VULNERABLE (moin) #438673
CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package
CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435485
CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435485
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.162
retrieving revision 1.163
diff -u -r1.162 -r1.163
--- f9 24 Mar 2008 10:40:45 -0000 1.162
+++ f9 24 Mar 2008 10:44:59 -0000 1.163
@@ -37,6 +37,8 @@
CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9]
CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9]
+CVE-2008-1099 VULNERABLE (moin) #438674
+CVE-2008-1098 VULNERABLE (moin) #438674
CVE-2008-1078 VULNERABLE (am-utils) #437746
CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435488
CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435488
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.327
retrieving revision 1.328
diff -u -r1.327 -r1.328
--- fc7 24 Mar 2008 10:40:45 -0000 1.327
+++ fc7 24 Mar 2008 10:44:59 -0000 1.328
@@ -37,6 +37,8 @@
CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only
CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
+CVE-2008-1099 VULNERABLE (moin) #438672
+CVE-2008-1098 VULNERABLE (moin) #438672
CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package
CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435487
CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435487
16 years, 1 month
fedora-security/audit f8, 1.170, 1.171 f9, 1.161, 1.162 fc7, 1.326, 1.327
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv31446
Modified Files:
f8 f9 fc7
Log Message:
Webkit,namazu,xine-lib
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- f8 21 Mar 2008 08:21:14 -0000 1.170
+++ f8 24 Mar 2008 10:40:44 -0000 1.171
@@ -11,6 +11,9 @@
GENERIC-MAP-NOMATCH fixed (wyrd) #433720 [since FEDORA-2008-1963]
GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159]
GENERIC-MAP-NOMATCH fixed (roundup) #436547 [since FEDORA-2008-2370]
+GENERIC-MAP-NOMATCH VULNERABLE (libsilc) #438382
+GENERIC-MAP-NOMATCH VULNERABLE (namazu) #438667
+GENERIC-MAP-NOMATCH VULNERABLE (xine-lib) #438670
CVE-2008-1394 ignore (plone)
CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438133
CVE-2008-1360 VULNERABLE (nagios) #437850
@@ -40,6 +43,7 @@
CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911]
CVE-2008-1066 VULNERABLE (gallery2) #438058
CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062
+CVE-2008-1010 ignore (WebKit) Nothing uses WebKit
CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262]
CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438023
CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped...
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.161
retrieving revision 1.162
diff -u -r1.161 -r1.162
--- f9 21 Mar 2008 08:21:14 -0000 1.161
+++ f9 24 Mar 2008 10:40:45 -0000 1.162
@@ -11,6 +11,9 @@
GENERIC-MAP-NOMATCH VULNERABLE (wyrd) #433722
GENERIC-MAP-NOMATCH fixed (inkscape) #432807 [since inkscape-0.45.1+0.46pre1-4.fc9]
GENERIC-MAP-NOMATCH version (roundup) #436549 [since roundup-1.4.4-1.fc9]
+GENERIC-MAP-NOMATCH VULNERABLE (libsilc) #438382
+GENERIC-MAP-NOMATCH VULNERABLE (namazu) #438668
+GENERIC-MAP-NOMATCH VULNERABLE (xine-lib) #438671
CVE-2008-1394 ignore (plone)
CVE-2008-1390 VULNERABLE (asterisk, fixed 1.6.0-beta6) #438134
CVE-2008-1360 VULNERABLE (nagios) #437852
@@ -41,6 +44,7 @@
CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9]
CVE-2008-1066 VULNERABLE (gallery2) #438060
CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064
+CVE-2008-1010 ignore (WebKit) #438537 Nothing uses WebKit
CVE-2008-0983 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
CVE-2008-0947 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0932 backport (sword) #433726 [since sword-1.5.10-3.fc9] why? diatheke.pl is not shipped...
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.326
retrieving revision 1.327
diff -u -r1.326 -r1.327
--- fc7 21 Mar 2008 08:21:14 -0000 1.326
+++ fc7 24 Mar 2008 10:40:45 -0000 1.327
@@ -12,6 +12,9 @@
GENERIC-MAP-NOMATCH fixed (wyrd) #433721 [since FEDORA-2008-1986]
GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159]
GENERIC-MAP-NOMATCH fixed (roundup) #436548 [since FEDORA-2008-2471]
+GENERIC-MAP-NOMATCH VULNERABLE (libsilc) #438382
+GENERIC-MAP-NOMATCH VULNERABLE (namazu) #438666
+GENERIC-MAP-NOMATCH VULNERABLE (xine-lib) #438669
CVE-2008-1394 ignore (plone)
CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438132
CVE-2008-1360 VULNERABLE (nagios) #437851
@@ -41,6 +44,7 @@
CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928]
CVE-2008-1066 VULNERABLE (gallery2) #438059
CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438063
+CVE-2008-1010 ignore (WebKit) Nothing uses WebKit
CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438022
CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...
16 years, 1 month
fedora-security/audit f8, 1.169, 1.170 f9, 1.160, 1.161 fc7, 1.325, 1.326
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8998
Modified Files:
f8 f9 fc7
Log Message:
plone
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.169
retrieving revision 1.170
diff -u -r1.169 -r1.170
--- f8 19 Mar 2008 16:54:20 -0000 1.169
+++ f8 21 Mar 2008 08:21:14 -0000 1.170
@@ -11,6 +11,7 @@
GENERIC-MAP-NOMATCH fixed (wyrd) #433720 [since FEDORA-2008-1963]
GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159]
GENERIC-MAP-NOMATCH fixed (roundup) #436547 [since FEDORA-2008-2370]
+CVE-2008-1394 ignore (plone)
CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438133
CVE-2008-1360 VULNERABLE (nagios) #437850
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.160
retrieving revision 1.161
diff -u -r1.160 -r1.161
--- f9 19 Mar 2008 16:52:17 -0000 1.160
+++ f9 21 Mar 2008 08:21:14 -0000 1.161
@@ -11,6 +11,7 @@
GENERIC-MAP-NOMATCH VULNERABLE (wyrd) #433722
GENERIC-MAP-NOMATCH fixed (inkscape) #432807 [since inkscape-0.45.1+0.46pre1-4.fc9]
GENERIC-MAP-NOMATCH version (roundup) #436549 [since roundup-1.4.4-1.fc9]
+CVE-2008-1394 ignore (plone)
CVE-2008-1390 VULNERABLE (asterisk, fixed 1.6.0-beta6) #438134
CVE-2008-1360 VULNERABLE (nagios) #437852
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.325
retrieving revision 1.326
diff -u -r1.325 -r1.326
--- fc7 19 Mar 2008 16:54:20 -0000 1.325
+++ fc7 21 Mar 2008 08:21:14 -0000 1.326
@@ -12,6 +12,7 @@
GENERIC-MAP-NOMATCH fixed (wyrd) #433721 [since FEDORA-2008-1986]
GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159]
GENERIC-MAP-NOMATCH fixed (roundup) #436548 [since FEDORA-2008-2471]
+CVE-2008-1394 ignore (plone)
CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438132
CVE-2008-1360 VULNERABLE (nagios) #437851
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
16 years, 1 month
fedora-security/tools/scripts add-issue, 1.4, 1.5
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/tools/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16388/tools/scripts
Modified Files:
add-issue
Log Message:
make sure keys in %versions are sorted when used as default value for
--versions
Index: add-issue
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/scripts/add-issue,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- add-issue 2 Feb 2008 09:22:18 -0000 1.4
+++ add-issue 19 Mar 2008 17:01:39 -0000 1.5
@@ -56,7 +56,7 @@
@versions = $options{versions}
? split (/,/, $options{versions}) # versions were specified
- : keys %versions; # all known versions
+ : sort {$a <=> $b} keys %versions; # all known versions
@bugs = $options{bugs}
? split (/,/, $options{bugs})
16 years, 1 month
fedora-security/audit f8, 1.168, 1.169 fc7, 1.324, 1.325
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10075/audit
Modified Files:
f8 fc7
Log Message:
fix mixed bz ids
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.168
retrieving revision 1.169
diff -u -r1.168 -r1.169
--- f8 19 Mar 2008 16:52:17 -0000 1.168
+++ f8 19 Mar 2008 16:54:20 -0000 1.169
@@ -132,7 +132,7 @@
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
-CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438191
+CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438192
CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292]
CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438023
CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438023
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.324
retrieving revision 1.325
diff -u -r1.324 -r1.325
--- fc7 19 Mar 2008 16:52:17 -0000 1.324
+++ fc7 19 Mar 2008 16:54:20 -0000 1.325
@@ -132,7 +132,7 @@
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
-CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438192
+CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438191
CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290]
CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438022
CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438022
16 years, 1 month
fedora-security/audit f8, 1.167, 1.168 f9, 1.159, 1.160 fc7, 1.323, 1.324
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10037/audit
Modified Files:
f8 f9 fc7
Log Message:
note xine-lib
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.167
retrieving revision 1.168
diff -u -r1.167 -r1.168
--- f8 19 Mar 2008 11:41:29 -0000 1.167
+++ f8 19 Mar 2008 16:52:17 -0000 1.168
@@ -132,6 +132,7 @@
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
+CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438191
CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292]
CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438023
CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438023
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.159
retrieving revision 1.160
diff -u -r1.159 -r1.160
--- f9 19 Mar 2008 14:16:05 -0000 1.159
+++ f9 19 Mar 2008 16:52:17 -0000 1.160
@@ -131,6 +131,7 @@
CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9]
CVE-2008-0122 backport (bind) #429534 [since bind-9.5.0-24.b1.fc9]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
+CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438193
CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9]
CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.323
retrieving revision 1.324
diff -u -r1.323 -r1.324
--- fc7 19 Mar 2008 11:41:29 -0000 1.323
+++ fc7 19 Mar 2008 16:52:17 -0000 1.324
@@ -132,6 +132,7 @@
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
+CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438192
CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290]
CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438022
CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438022
16 years, 1 month
fedora-security/audit f9,1.158,1.159
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25378/audit
Modified Files:
f9
Log Message:
unzip fix in rawhide
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.158
retrieving revision 1.159
diff -u -r1.158 -r1.159
--- f9 19 Mar 2008 11:41:29 -0000 1.158
+++ f9 19 Mar 2008 14:16:05 -0000 1.159
@@ -46,7 +46,7 @@
CVE-2008-0928 backport (qemu) #433563 [since qemu-0.9.1-3.fc9]
CVE-2008-0928 backport (kvm) #433566 [since kvm-61-2.fc9]
CVE-2008-0928 backport (xen) [since xen-3.2.0-8.fc9]
-CVE-2008-0888 VULNERABLE (unzip) #437927
+CVE-2008-0888 backport (unzip) #437927 [since unzip-5.52-9.fc9]
CVE-2008-0882 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]
CVE-2008-0807 version (turba, fixed 2.1.7) #433318 [since turba-2.1.7-1.fc9]
CVE-2008-0786 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9]
16 years, 1 month
fedora-security/audit f8, 1.166, 1.167 f9, 1.157, 1.158 fc7, 1.322, 1.323
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4042
Modified Files:
f8 f9 fc7
Log Message:
smarty embedded in various ... softwares
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.166
retrieving revision 1.167
diff -u -r1.166 -r1.167
--- f8 19 Mar 2008 11:34:17 -0000 1.166
+++ f8 19 Mar 2008 11:41:29 -0000 1.167
@@ -37,6 +37,8 @@
CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435485
CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435485
CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911]
+CVE-2008-1066 VULNERABLE (gallery2) #438058
+CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062
CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262]
CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438023
CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped...
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.157
retrieving revision 1.158
diff -u -r1.157 -r1.158
--- f9 19 Mar 2008 11:34:17 -0000 1.157
+++ f9 19 Mar 2008 11:41:29 -0000 1.158
@@ -38,6 +38,8 @@
CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435488
CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435488
CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9]
+CVE-2008-1066 VULNERABLE (gallery2) #438060
+CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064
CVE-2008-0983 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
CVE-2008-0947 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0932 backport (sword) #433726 [since sword-1.5.10-3.fc9] why? diatheke.pl is not shipped...
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.322
retrieving revision 1.323
diff -u -r1.322 -r1.323
--- fc7 19 Mar 2008 11:34:17 -0000 1.322
+++ fc7 19 Mar 2008 11:41:29 -0000 1.323
@@ -38,6 +38,8 @@
CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435487
CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435487
CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928]
+CVE-2008-1066 VULNERABLE (gallery2) #438059
+CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438063
CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438022
CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...
16 years, 1 month
fedora-security/audit f8, 1.165, 1.166 f9, 1.156, 1.157 fc7, 1.321, 1.322
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3893/audit
Modified Files:
f8 f9 fc7
Log Message:
note asterisk, perl-Net-DNS
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.165
retrieving revision 1.166
diff -u -r1.165 -r1.166
--- f8 19 Mar 2008 08:57:54 -0000 1.165
+++ f8 19 Mar 2008 11:34:17 -0000 1.166
@@ -11,10 +11,14 @@
GENERIC-MAP-NOMATCH fixed (wyrd) #433720 [since FEDORA-2008-1963]
GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159]
GENERIC-MAP-NOMATCH fixed (roundup) #436547 [since FEDORA-2008-2370]
+CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438133
CVE-2008-1360 VULNERABLE (nagios) #437850
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
+CVE-2008-1333 ignore (asterisk) not affected
+CVE-2008-1332 VULNERABLE (asterisk, fixed 1.4.18.1) #438133
CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped
CVE-2008-1304 ignore (wordpress) bogus CVE id description?
+CVE-2008-1289 VULNERABLE (asterisk, fixed 1.4.18.1) #438133
CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2362]
CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
@@ -173,6 +177,7 @@
CVE-2007-6420 ignore (httpd) wontfix by upstream
CVE-2007-6415 fixed (scponly, fixed 4.8) #429732 [since FEDORA-2008-1743]
CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
+CVE-2007-6341 ignore (perl-Net-DNS) no impact
CVE-2007-6337 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
CVE-2007-6336 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
CVE-2007-6335 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.156
retrieving revision 1.157
diff -u -r1.156 -r1.157
--- f9 19 Mar 2008 08:57:54 -0000 1.156
+++ f9 19 Mar 2008 11:34:17 -0000 1.157
@@ -11,10 +11,14 @@
GENERIC-MAP-NOMATCH VULNERABLE (wyrd) #433722
GENERIC-MAP-NOMATCH fixed (inkscape) #432807 [since inkscape-0.45.1+0.46pre1-4.fc9]
GENERIC-MAP-NOMATCH version (roundup) #436549 [since roundup-1.4.4-1.fc9]
+CVE-2008-1390 VULNERABLE (asterisk, fixed 1.6.0-beta6) #438134
CVE-2008-1360 VULNERABLE (nagios) #437852
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
+CVE-2008-1333 VULNERABLE (asterisk, fixed 1.6.0-beta6) #438134
+CVE-2008-1332 ignore (asterisk) not affected according to upstream advisory
CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped
CVE-2008-1304 ignore (wordpress) bogus CVE id description?
+CVE-2008-1289 VULNERABLE (asterisk, fixed 1.6.0-beta6) #438134
CVE-2008-1284 version (horde, fixed 3.1.7) #436628
CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
@@ -172,6 +176,7 @@
CVE-2007-6420 ignore (httpd) wontfix by upstream
CVE-2007-6415 backport (scponly, fixed 4.8) [since scponly-4.6-10.fc9]
CVE-2007-6388 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
+CVE-2007-6341 version (perl-Net-DNS) [since perl-Net-DNS-0.63-1.fc9]
CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.321
retrieving revision 1.322
diff -u -r1.321 -r1.322
--- fc7 19 Mar 2008 08:57:54 -0000 1.321
+++ fc7 19 Mar 2008 11:34:17 -0000 1.322
@@ -12,10 +12,14 @@
GENERIC-MAP-NOMATCH fixed (wyrd) #433721 [since FEDORA-2008-1986]
GENERIC-MAP-NOMATCH fixed (viewvc) #435349 [since FEDORA-2008-2159]
GENERIC-MAP-NOMATCH fixed (roundup) #436548 [since FEDORA-2008-2471]
+CVE-2008-1390 VULNERABLE (asterisk, fixed 1.4.19-rc3) #438132
CVE-2008-1360 VULNERABLE (nagios) #437851
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
+CVE-2008-1333 ignore (asterisk) not affected
+CVE-2008-1332 VULNERABLE (asterisk, fixed 1.4.18.1) #438132
CVE-2008-1318 ignore (mediawiki) 1.11.2 security fix applies only for 1.11 we never shipped
CVE-2008-1304 ignore (wordpress) bogus CVE id description?
+CVE-2008-1289 VULNERABLE (asterisk, fixed 1.4.18.1) #438132
CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2406]
CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
@@ -172,6 +176,7 @@
CVE-2007-6420 ignore (httpd) wontfix by upstream
CVE-2007-6415 fixed (scponly, fixed 4.8) #429731 [since FEDORA-2008-1728]
CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
+CVE-2007-6341 ignore (perl-Net-DNS) no impact
CVE-2007-6337 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
CVE-2007-6336 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
16 years, 1 month
fedora-security/audit f8, 1.164, 1.165 f9, 1.155, 1.156 fc7, 1.320, 1.321
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10034/audit
Modified Files:
f8 f9 fc7
Log Message:
note krb5
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.164
retrieving revision 1.165
diff -u -r1.164 -r1.165
--- f8 18 Mar 2008 07:57:01 -0000 1.164
+++ f8 19 Mar 2008 08:57:54 -0000 1.165
@@ -34,6 +34,7 @@
CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435485
CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911]
CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262]
+CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438023
CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped...
CVE-2008-0928 fixed (qemu) #433561 [since FEDORA-2008-2001]
CVE-2008-0928 fixed (kvm) #433564 [since FEDORA-2008-1973]
@@ -126,6 +127,8 @@
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292]
+CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438023
+CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438023
CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994]
CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794]
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
@@ -224,7 +227,7 @@
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4)
+CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) #438023
CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
CVE-2007-5969 backport (mysql, fixed 5.0.51) #424931 [since FEDORA-2007-4465]
CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4285]
@@ -245,7 +248,7 @@
CVE-2007-5907 VULNERABLE (xen) #390111
CVE-2007-5906 VULNERABLE (xen) #390111
CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4)
+CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) #438023
CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
CVE-2007-5848 version (cups, fixed 1.2.0)
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.155
retrieving revision 1.156
diff -u -r1.155 -r1.156
--- f9 18 Mar 2008 07:57:01 -0000 1.155
+++ f9 19 Mar 2008 08:57:54 -0000 1.156
@@ -35,6 +35,7 @@
CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435488
CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9]
CVE-2008-0983 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
+CVE-2008-0947 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0932 backport (sword) #433726 [since sword-1.5.10-3.fc9] why? diatheke.pl is not shipped...
CVE-2008-0928 backport (qemu) #433563 [since qemu-0.9.1-3.fc9]
CVE-2008-0928 backport (kvm) #433566 [since kvm-61-2.fc9]
@@ -125,6 +126,8 @@
CVE-2008-0122 backport (bind) #429534 [since bind-9.5.0-24.b1.fc9]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9]
+CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
+CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9]
CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
@@ -223,7 +226,7 @@
CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4)
+CVE-2007-5971 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
CVE-2007-5969 backport (mysql, fixed 5.0.51) [since mysql-5.0.45-6.fc9]
CVE-2007-5965 version (qt4, fixed 4.3.3) [since qt4-4.3.3-1.fc9]
@@ -244,7 +247,7 @@
CVE-2007-5907 VULNERABLE (xen) #390121
CVE-2007-5906 VULNERABLE (xen) #390121
CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4)
+CVE-2007-5901 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9]
CVE-2007-5848 version (cups, fixed 1.2.0)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.320
retrieving revision 1.321
diff -u -r1.320 -r1.321
--- fc7 18 Mar 2008 07:57:01 -0000 1.320
+++ fc7 19 Mar 2008 08:57:54 -0000 1.321
@@ -35,6 +35,7 @@
CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435487
CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928]
CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
+CVE-2008-0947 VULNERABLE (krb5, fixed 1.6.4) #438022
CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...
CVE-2008-0928 fixed (qemu) #433562 [since FEDORA-2008-1995]
CVE-2008-0928 fixed (kvm) #433565 [since FEDORA-2008-1993]
@@ -126,6 +127,8 @@
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
CVE-2008-0072 fixed (evolution) #436080 [since FEDORA-2008-2290]
+CVE-2008-0063 VULNERABLE (krb5, fixed 1.6.4) #438022
+CVE-2008-0062 VULNERABLE (krb5, fixed 1.6.4) #438022
CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994]
CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891]
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
@@ -223,7 +226,7 @@
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4)
+CVE-2007-5971 VULNERABLE (krb5, fixed 1.6.4) #438022
CVE-2007-5970 ignore (mysql, fixed 5.1.23) mysql 5.1+ only, affects partitioning
CVE-2007-5969 backport (mysql, fixed 5.0.51) #424921 [since FEDORA-2007-4471]
CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4354]
@@ -244,7 +247,7 @@
CVE-2007-5907 VULNERABLE (xen) #390101
CVE-2007-5906 VULNERABLE (xen) #390101
CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
-CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4)
+CVE-2007-5901 VULNERABLE (krb5, fixed 1.6.4) #438022
CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
CVE-2007-5848 version (cups, fixed 1.2.0)
16 years, 1 month