Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5100/audit
Modified Files:
f8 f9 fc7
Log Message:
add kdelibs, kronolith, xine-lib, wordpress, some of them are non-issues for us
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.210
retrieving revision 1.211
diff -u -r1.210 -r1.211
--- f8 25 Apr 2008 15:23:13 -0000 1.210
+++ f8 28 Apr 2008 09:04:54 -0000 1.211
@@ -6,7 +6,10 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 VULNERABLE (tor)
+CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404
+CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
+CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0
CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443940
CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-2.fc8]
CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc8] PMASA-2008-3
@@ -29,6 +32,9 @@
CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441247 [since FEDORA-2008-3059]
CVE-2008-1686 fixed (speex) #442572 [since FEDORA-2008-3103]
+CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
+CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
+CVE-2008-1670 VULNERABLE (kdelibs4) #444399 kdelibs 4.x only
CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987]
CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375
CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.200
retrieving revision 1.201
diff -u -r1.200 -r1.201
--- f9 25 Apr 2008 15:23:13 -0000 1.200
+++ f9 28 Apr 2008 09:04:54 -0000 1.201
@@ -5,7 +5,10 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 VULNERABLE (tor)
+CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405
+CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1937 VULNERABLE (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
+CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0
CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941
CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9]
CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3
@@ -30,6 +33,8 @@
CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9]
CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3]
+CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped
+CVE-2008-1670 VULNERABLE (kdelibs) [since kdelibs-4.0.3-7.fc9]
CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9]
CVE-2008-1657 version (openssh, fixed 4.9) #440376 [since openssh-5.0p1-1.fc9]
CVE-2008-1652 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.366
retrieving revision 1.367
diff -u -r1.366 -r1.367
--- fc7 25 Apr 2008 15:23:13 -0000 1.366
+++ fc7 28 Apr 2008 09:04:54 -0000 1.367
@@ -7,7 +7,10 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
+CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403
+CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
+CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0
CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939
CVE-2008-1926 VULNERABLE (util-linux)
CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3
@@ -30,6 +33,9 @@
CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117]
CVE-2008-1686 fixed (speex) #442571 [since FEDORA-2008-3191]
+CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
+CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
+CVE-2008-1670 VULNERABLE (kdelibs4) #444398 kdelibs 4.x only
CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461
CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788]
CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440248 [since FEDORA-2008-3010]