May 2008 - security-commits - Fedora Mailing-Lists

fedora-security/audit f10, 1.3, 1.4 f8, 1.221, 1.222 f9, 1.211, 1.212 fc7, 1.377, 1.378

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14130/audit Modified Files: f10 f8 f9 fc7 Log Message: lots of stuff from last 2 weeks Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- f10 16 May 2008 18:59:18 -0000 1.3 +++ f10 30 May 2008 15:18:25 -0000 1.4 @@ -4,25 +4,38 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10] +CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2] +CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default +CVE-2008-2359 ignore (system-config-network) F8 specific issue +CVE-2008-2357 fixed (mtr, fixed 0.73) +CVE-2008-2302 version (Django, fixed 0.96.2) #447260 [since Django-0.96.2-1.fc10] CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2085 VULNERABLE (sipp) #446222 -CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806 +CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804 CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10] CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes CVE-2008-1999 VULNERABLE (WebKit) +CVE-2008-1950 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10] +CVE-2008-1949 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10] +CVE-2008-1948 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10] CVE-2008-1944 version (xen, fixed 3.2) CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc10] CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10] CVE-2008-1926 backport (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] CVE-2008-1836 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9] +CVE-2008-1804 version (snort, fixed 2.8.1) [since snort-2.8.1-3.fc10] CVE-2008-1803 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] CVE-2008-1802 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] CVE-2008-1801 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] CVE-2008-1771 version (mt-daapd) [since mt-daapd-0.2.4.2-2.fc10] +CVE-2008-1767 version (libxslt, fixed 1.1.24) [since libxslt-1.1.24-1.fc10] +CVE-2008-1678 VULNERABLE (httpd) #447312 only affects systems with openssl >= 0.9.8e CVE-2008-1677 VULNERABLE (fedora-ds-base) #445810 +CVE-2008-1672 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10] CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10] CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 CVE-2008-1423 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10] @@ -32,9 +45,11 @@ CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10] CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9] +CVE-2008-1105 VULNERABLE (samba, fixed 3.0.30) CVE-2008-1103 VULNERABLE (blender) not fixed upstream CVE-2008-1100 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9] -CVE-2008-1078 VULNERABLE (am-utils) #437746 +CVE-2008-1078 backport (am-utils) #437746 [since am-utils-6.1.5-10.fc10] +CVE-2008-0891 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10] CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10] CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9] CVE-2008-0166 ignore (openssl) Debian specific @@ -42,11 +57,15 @@ CVE-2007-6321 VULNERABLE (roundcubemail) #423301 CVE-2007-6318 VULNERABLE (wordpress) #426434 CVE-2007-6131 VULNERABLE (scanbuttond) +CVE-2007-5962 fixed (vsftpd) [since vsftpd-2.0.6-4.fc10] CVE-2007-5907 VULNERABLE (xen) #390121 CVE-2007-5906 VULNERABLE (xen) #390121 CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446383 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. +CVE-2007-1320 VULNERABLE (qemu) +CVE-2007-1320 VULNERABLE (kvm) +CVE-2006-6698 fixed (GConf2) CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.221 retrieving revision 1.222 diff -u -r1.221 -r1.222 --- f8 16 May 2008 18:59:18 -0000 1.221 +++ f8 30 May 2008 15:18:25 -0000 1.222 @@ -6,6 +6,12 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-2426 VULNERABLE (imlib2) [since imlib2-1.4.0-7.fc8] +CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579] +CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default +CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633] +CVE-2008-2357 fixed (mtr, fixed 0.73) +CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248] CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp CVE-2008-2168 ignore (httpd) browser issue, not apache @@ -27,6 +33,9 @@ CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 [since FEDORA-2008-3543] CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3501] +CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] +CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] +CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8] CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only @@ -34,7 +43,7 @@ CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443940 [since FEDORA-2008-3352] CVE-2008-1927 fixed (perl) [since FEDORA-2008-3392] CVE-2008-1926 fixed (util-linux-ng) [since FEDORA-2008-3419] -CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc8] PMASA-2008-3 +CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since FEDORA-2008-3461] PMASA-2008-3 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3390] CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443055 [since FEDORA-2008-3353] nsf demuxer overflow @@ -43,10 +52,12 @@ CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420] +CVE-2008-1804 VULNERABLE (snort, fixed 2.8.1) CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] +CVE-2008-1767 version (libxslt, fixed 1.1.24) [since libxslt-1.1.24-1.fc8] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1722 fixed (cups) #445802 [since FEDORA-2008-3586] CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441690 [since FEDORA-2008-3047] @@ -58,7 +69,9 @@ CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441247 [since FEDORA-2008-3059] CVE-2008-1686 fixed (speex) #442572 [since FEDORA-2008-3103] +CVE-2008-1678 ignore (httpd) only affects systems with openssl >= 0.9.8e CVE-2008-1677 VULNERABLE (fedora-ds-base) #445809 +CVE-2008-1672 ignore (openssl, fixed 0.9.8h) not affected CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only CVE-2008-1670 fixed (kdelibs4) #444399 [since FEDORA-2008-3412] kdelibs 4.x only @@ -90,7 +103,7 @@ CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used -CVE-2008-1382 VULNERABLE (libpng10) [since FEDORA-2008-3937] +CVE-2008-1382 fixed (libpng10) [since FEDORA-2008-3937] CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444436 [since FEDORA-2008-3462] CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] @@ -145,6 +158,7 @@ CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043] +CVE-2008-1105 VULNERABLE (samba, fixed 3.0.30) [since samba-3.0.30-0.fc8] CVE-2008-1103 VULNERABLE (blender) not fixed upstream CVE-2008-1102 fixed (blender) #443936 [since FEDORA-2008-3875] CVE-2008-1100 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] @@ -167,6 +181,7 @@ CVE-2008-0928 fixed (qemu) #433561 [since FEDORA-2008-2001] CVE-2008-0928 fixed (kvm) #433564 [since FEDORA-2008-1973] CVE-2008-0928 fixed (xen) #434639 [since FEDORA-2008-2057] +CVE-2008-0891 ignore (openssl, fixed 0.9.8h) not affected CVE-2008-0888 ignore (unzip) caught by glibc malloc checks CVE-2008-0887 fixed (gnome-screensaver) #440256 [since FEDORA-2008-3017] CVE-2008-0882 fixed (cups, fixed 1.3.6) #433803 [since FEDORA-2008-1901] @@ -377,6 +392,7 @@ CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4285] CVE-2007-5964 backport (autofs) #409701 [since FEDORA-2007-4532] CVE-2007-5963 backport (kdebase) [since FEDORA-2008-1283] +CVE-2007-5962 fixed (vsftpd) [since FEDORA-2008-4347] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] @@ -418,6 +434,8 @@ CVE-2007-5501 version (kernel) [since FEDORA-2007-3837] CVE-2007-5500 version (kernel) [since FEDORA-2007-3837] CVE-2007-5497 fixed (e2fsprogs) #414581 [since FEDORA-2007-4447] +CVE-2007-5496 version (setroubleshoot, fixed 2.0) +CVE-2007-5495 version (setroubleshoot, fixed 1.9.4) CVE-2007-5461 version (tomcat5) #363001 [since FEDORA-2007-3474] CVE-2007-5398 version (samba) [since FEDORA-2007-3403] CVE-2007-5395 version (link-grammar) #372351 [since FEDORA-2007-3235] @@ -506,6 +524,8 @@ CVE-2007-1355 version (tomcat5) [since FEDORA-2007-3474] CVE-2007-1352 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1351 version (libXfont, fixed 1.2.8) #235265 +CVE-2007-1320 VULNERABLE (qemu) +CVE-2007-1320 fixed (kvm) #448524 [since FEDORA-2008-4604] CVE-2007-1103 ignore (tor) #230927 CANTFIX really CVE-2007-1004 version (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060 CVE-2007-1003 version (xorg-x11-server, fixed 1.2.1) #235263 @@ -517,6 +537,7 @@ CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since FEDORA-2007-4334] CVE-2006-7232 version (mysql, fixed 5.0.32) CVE-2006-6698 ignore (GConf2) #219280 minimal impact +CVE-2006-6698 fixed (GConf2) CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB CVE-2006-6107 version (dbus, fixed 1.0.2) #219665 CVE-2006-6077 version (firefox, fixed 1.5.0.10) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.211 retrieving revision 1.212 diff -u -r1.211 -r1.212 --- f9 16 May 2008 18:59:18 -0000 1.211 +++ f9 30 May 2008 15:18:25 -0000 1.212 @@ -5,6 +5,12 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-2426 VULNERABLE (imlib2) [since imlib2-1.4.0-7.fc9] +CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531] +CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default +CVE-2008-2359 ignore (system-config-network) F8 specific issue +CVE-2008-2357 fixed (mtr, fixed 0.73) +CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267] CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp CVE-2008-2168 ignore (httpd) browser issue, not apache @@ -26,11 +32,15 @@ CVE-2008-1974 ignore (kronolith, fixed 3.1.8) #444405 package removed from f9 and rawhide CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3690] +CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] +CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] +CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259] CVE-2008-1944 version (xen, fixed 3.2) CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9] CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0 -CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941 +CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443941 [since FEDORA-2008-4003] +CVE-2008-1927 fixed (perl, fixed 5.10) CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 @@ -42,11 +52,13 @@ CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9] CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9] +CVE-2008-1804 VULNERABLE (snort, fixed 2.8.1) CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9] -CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.2.4.2-2.fc9] +CVE-2008-1771 fixed (mt-daapd) [since FEDORA-2008-4126] +CVE-2008-1767 version (libxslt, fixed 1.1.24) [since libxslt-1.1.24-1.fc9] CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9] CVE-2008-1722 fixed (cups) #445803 [since FEDORA-2008-3756] CVE-2008-1720 version (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] @@ -58,7 +70,9 @@ CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9] CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3] +CVE-2008-1678 VULNERABLE (httpd) #447311 only affects systems with openssl >= 0.9.8e CVE-2008-1677 VULNERABLE (fedora-ds-base) #445810 +CVE-2008-1672 VULNERABLE (openssl, fixed 0.9.8h) #448690 CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped CVE-2008-1670 backport (kdelibs) [since kdelibs-4.0.3-7.fc9] CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9] @@ -75,7 +89,7 @@ CVE-2008-1561 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1552 version (libsilc, fixed 1.1.7) #438382 [since libsilc-1.1.7-1.fc9] CVE-2008-1532 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9] -CVE-2008-1531 VULNERABLE (lighttpd) #439069 +CVE-2008-1531 fixed (lighttpd) #439069 [since FEDORA-2008-4119] CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9] @@ -89,7 +103,7 @@ CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] CVE-2008-1387 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used -CVE-2008-1382 VULNERABLE (libpng10) [since FEDORA-2008-3683] +CVE-2008-1382 fixed (libpng10) [since FEDORA-2008-3683] CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444437 [since FEDORA-2008-3601] CVE-2008-1380 version (firefox, fixed 2.0.0.14) CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9] @@ -142,6 +156,7 @@ CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9] CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] +CVE-2008-1105 VULNERABLE (samba, fixed 3.0.30) [since samba-3.2.0-1.rc1.14.fc9] CVE-2008-1103 VULNERABLE (blender) not fixed upstream CVE-2008-1102 backport (blender) #443937 [since blender-2.45-12.fc9] CVE-2008-1100 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] @@ -164,6 +179,7 @@ CVE-2008-0928 backport (qemu) #433563 [since qemu-0.9.1-3.fc9] CVE-2008-0928 backport (kvm) #433566 [since kvm-61-2.fc9] CVE-2008-0928 backport (xen) [since xen-3.2.0-8.fc9] +CVE-2008-0891 VULNERABLE (openssl, fixed 0.9.8h) #448690 CVE-2008-0888 backport (unzip) #437927 [since unzip-5.52-9.fc9] CVE-2008-0887 version (gnome-screensaver, fixed 2.22.1) #440257 [since gnome-screensaver-2.22.1-1.fc9] CVE-2008-0882 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9] @@ -269,7 +285,7 @@ CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) CVE-2008-0002 ignore (tomcat5) #432476 tomcat 6.x only -CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443022 [since dbmail-2.2.9-1.fc9] +CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443022 [since FEDORA-2008-4245] CVE-2007-6703 version (vdccm, fixed 0.10.1) #436027 CVE-2007-6698 version (openldap, fixed 2.3.36) CVE-2007-6697 backport (SDL_image, fixed 1.2.7) #430238 [since SDL_image-1.2.6-4.fc9] @@ -371,6 +387,7 @@ CVE-2007-5965 version (qt4, fixed 4.3.3) [since qt4-4.3.3-1.fc9] CVE-2007-5964 backport (autofs) #421371 [since autofs-5.0.2-21] CVE-2007-5963 version (kdebase) +CVE-2007-5962 fixed (vsftpd) [since FEDORA-2008-4362] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] code removed upstream @@ -409,6 +426,8 @@ CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5503 version (cairo, fixed 1.4.12) [since cairo-1.5.4-1.fc9] CVE-2007-5497 backport (e2fsprogs) #414591 [since e2fsprogs-1.40.2-14.fc9] +CVE-2007-5496 version (setroubleshoot, fixed 2.0) +CVE-2007-5495 version (setroubleshoot, fixed 1.9.4) CVE-2007-5461 version (tomcat5, fixed 5.5.26) #334531 [since tomcat5-5.5.26-1jpp.1.fc9] CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9] CVE-2007-5393 backport (xpdf) #372481 [since xpdf-3.02-4.fc9] @@ -479,6 +498,8 @@ CVE-2007-1558 version (evolution, fixed 1.8.3-5) CVE-2007-1352 version (libXfont, fixed 1.2.8) #235265 CVE-2007-1351 version (libXfont, fixed 1.2.8) #235265 +CVE-2007-1320 VULNERABLE (qemu) +CVE-2007-1320 fixed (kvm) #448525 [since FEDORA-2008-4386] CVE-2007-1103 ignore (tor) #230927 CANTFIX really CVE-2007-1004 version (mozilla) https://bugzilla.mozilla.org/show_bug.cgi?id=402060 CVE-2007-1003 version (xorg-x11-server, fixed 1.2.1) #235263 @@ -490,6 +511,7 @@ CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since phpMyAdmin-2.11.3-1.fc9] CVE-2006-7232 version (mysql, fixed 5.0.32) CVE-2006-6698 ignore (GConf2) #219280 minimal impact, let upstream deal with it if they care +CVE-2006-6698 fixed (GConf2) CVE-2006-6128 version (kernel, fixed 2.6.19) #250625 ReiserFS MOKB CVE-2006-6107 version (dbus, fixed 1.0.2) #219665 CVE-2006-6077 version (firefox, fixed 1.5.0.10) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.377 retrieving revision 1.378 diff -u -r1.377 -r1.378 --- fc7 16 May 2008 18:59:18 -0000 1.377 +++ fc7 30 May 2008 15:18:25 -0000 1.378 @@ -7,6 +7,12 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-2426 VULNERABLE (imlib2) [since imlib2-1.3.0-4.fc7] +CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4606] +CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default +CVE-2008-2359 ignore (system-config-network) F8 specific issue +CVE-2008-2357 fixed (mtr, fixed 0.73) +CVE-2008-2302 fixed (Django, fixed 0.96.2) #447257 [since FEDORA-2008-4191] CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp CVE-2008-2168 ignore (httpd) browser issue, not apache @@ -28,6 +34,9 @@ CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 [since FEDORA-2008-3460] CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3508] +CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447509 [since FEDORA-2008-4274] +CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447509 [since FEDORA-2008-4274] +CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447509 [since FEDORA-2008-4274] CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc7] CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc7] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only @@ -35,7 +44,7 @@ CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443939 [since FEDORA-2008-3920] CVE-2008-1927 fixed (perl) [since FEDORA-2008-3399] CVE-2008-1926 VULNERABLE (util-linux) -CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3 +CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since FEDORA-2008-3560] PMASA-2008-3 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3365] CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443054 [since FEDORA-2008-3326] nsf demuxer overflow @@ -44,10 +53,12 @@ CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358] +CVE-2008-1804 VULNERABLE (snort, fixed 2.8.1) CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985] CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985] CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985] CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] +CVE-2008-1767 version (libxslt, fixed 1.1.24) [since libxslt-1.1.24-1.fc7] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1722 fixed (cups) #445801 [since FEDORA-2008-3449] CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060] @@ -57,9 +68,11 @@ CVE-2008-1693 fixed (poppler, fixed 0.6.2) #443026 [since FEDORA-2008-3312] CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue -CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117] +CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117] CVE-2008-1686 fixed (speex) #442571 [since FEDORA-2008-3191] +CVE-2008-1678 ignore (httpd) only affects systems with openssl >= 0.9.8e CVE-2008-1677 VULNERABLE (fedora-ds-base) #445808 +CVE-2008-1672 ignore (openssl, fixed 0.9.8h) not affected CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only CVE-2008-1670 fixed (kdelibs4) #444398 [since FEDORA-2008-3379] kdelibs 4.x only @@ -77,7 +90,7 @@ CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641] CVE-2008-1532 version (Perlbal, fixed 1.70) #439055 [since FEDORA-2008-2788] CVE-2008-1531 fixed (lighttpd) #439067 [since FEDORA-2008-3343] -CVE-2008-1515 VULNERABLE (otrs) #439723 +CVE-2008-1515 fixed (otrs) #439933 [since FEDORA-2008-3100] CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 fixed (xine-lib) #438669 [since FEDORA-2008-2945] @@ -146,6 +159,7 @@ CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047] +CVE-2008-1105 VULNERABLE (samba, fixed 3.0.30) [since samba-3.0.28a-1.fc7] CVE-2008-1103 VULNERABLE (blender) not fixed upstream CVE-2008-1102 fixed (blender) #443935 [since FEDORA-2008-3862] CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] @@ -168,6 +182,7 @@ CVE-2008-0928 fixed (qemu) #433562 [since FEDORA-2008-1995] CVE-2008-0928 fixed (kvm) #433565 [since FEDORA-2008-1993] CVE-2008-0928 fixed (xen) #434638 [since FEDORA-2008-2083] +CVE-2008-0891 ignore (openssl, fixed 0.9.8h) not affected CVE-2008-0888 ignore (unzip) caught by glibc malloc checks CVE-2008-0887 fixed (gnome-screensaver) #440255 [since FEDORA-2008-2967] CVE-2008-0806 fixed (wyrd) #433721 [since FEDORA-2008-1986] @@ -237,7 +252,7 @@ CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] CVE-2008-0364 ignore (bittorrent) Windows only -CVE-2008-0320 VULNERABLE (openoffice.org, fixed 2.4) #442845 +CVE-2008-0320 fixed (openoffice.org, fixed 2.4) #442845 [since FEDORA-2008-4104] CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1608] CVE-2008-0314 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1669] @@ -376,6 +391,7 @@ CVE-2007-5965 version (qt4, fixed 4.3.3) [since FEDORA-2007-4354] CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469] CVE-2007-5963 backport (kdebase) [since FEDORA-2008-1264] +CVE-2007-5962 fixed (vsftpd) [since FEDORA-2008-4373] CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] @@ -402,9 +418,9 @@ CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725] -CVE-2007-5747 VULNERABLE (openoffice.org, fixed 2.4) #442845 -CVE-2007-5746 VULNERABLE (openoffice.org, fixed 2.4) #442845 -CVE-2007-5745 VULNERABLE (openoffice.org, fixed 2.4) #442845 +CVE-2007-5747 fixed (openoffice.org, fixed 2.4) #442845 [since FEDORA-2008-4104] +CVE-2007-5746 fixed (openoffice.org, fixed 2.4) #442845 [since FEDORA-2008-4104] +CVE-2007-5745 fixed (openoffice.org, fixed 2.4) #442845 [since FEDORA-2008-4104] CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time CVE-2007-5715 backport (denyhosts) fixed long ago @@ -427,6 +443,8 @@ CVE-2007-5501 version (kernel) [since FEDORA-2007-3751] CVE-2007-5500 version (kernel) [since FEDORA-2007-3751] CVE-2007-5497 fixed (e2fsprogs) #414571 [since FEDORA-2007-4461] +CVE-2007-5496 ignore (setroubleshoot, fixed 2.0) +CVE-2007-5495 version (setroubleshoot, fixed 1.9.4) CVE-2007-5461 version (tomcat5) #334511 [since FEDORA-2007-3456] CVE-2007-5416 ignore (drupal) Vulnerability in PHP<5.1.3, we're safe CVE-2007-5398 version (samba) [since FEDORA-2007-3402] @@ -863,7 +881,8 @@ *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 CVE-2007-1321 backport (xen) [since FEDORA-2007-2270] -*CVE-2007-1320 ** (qemu) #238723 +CVE-2007-1320 VULNERABLE (qemu) +CVE-2007-1320 VULNERABLE (kvm) CVE-2007-1308 version (kdelibs) CVE-2007-1287 ignore (php) See NVD CVE-2007-1286 version (php, PHP4 only) @@ -1025,6 +1044,7 @@ *CVE-2006-6731 ** (java-ibm) *CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043] *CVE-2006-6698 ignore (GConf2) #219280 minimal impact +CVE-2006-6698 fixed (GConf2) [since GConf2-2.22.0-5.fc10] CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible

15 years, 10 months

1
0
0 / 0

fedora-security/tools/scripts add-issue, 1.7, 1.8

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4367/tools/scripts Modified Files: add-issue Log Message: handle --since as mutli-value option, same as --bugs Index: add-issue =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/add-issue,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- add-issue 13 May 2008 15:56:20 -0000 1.7 +++ add-issue 26 May 2008 08:59:36 -0000 1.8 @@ -7,13 +7,13 @@ # XXX: debug, dryrun my $usage = 'add-issue [options...] --versions=<ver>[,...] Affected Fedora versions - --bugs=<bug>[,...]] Tracking bugs for respective versions + --bugs=<bug>[,...] Tracking bugs for respective versions --need_verif Needs verification (**) --cve=<cve> CVE name --status=<status> Either "fixed" or "ignore" or implied "VULNERABLE" --component=<pkg> Affected package, to find owner to CC (mandatory) --fixed=<version> "fixed ..." or "not fixed ..." - --since=<update> Fedora update or NVR this was fixed in + --since=<update>[,...] Fedora update or NVR this was fixed in --comment=<comment> Free-form comment string '; @@ -32,7 +32,7 @@ # Command line options my (@versions, @bugs, $need_verif, $cve, $status, $component, - $fixed, $since, $comment); + $fixed, @since, $comment); # Parse command line options @@ -63,12 +63,15 @@ ? split (/,/, $options{bugs}) : (); +@since = $options{since} + ? split (/,/, $options{since}) + : (); + $need_verif = ($options{need_verif} ? '**' : ''); $cve = ($options{cve} or 'GENERIC-MAP-NOMATCH'); $status = ($options{status} or 'VULNERABLE'); $component = ($options{component}) or die 'component argument is mandatory'; $fixed = ($options{fixed} or ''); -$since = ($options{since} or ''); $comment = ($options{comment} or ''); # Add a line for each version @@ -81,7 +84,7 @@ component => $component, fixed => $fixed, bug => shift @bugs, - since => $since, + since => shift @since, comment => $comment, };

15 years, 11 months

1
0
0 / 0

fedora-security/audit f10, 1.2, 1.3 f8, 1.220, 1.221 f9, 1.210, 1.211 fc7, 1.376, 1.377

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7191/audit Modified Files: f10 f8 f9 fc7 Log Message: lots of issue from last 3 days Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- f10 13 May 2008 16:32:22 -0000 1.2 +++ f10 16 May 2008 18:59:18 -0000 1.3 @@ -4,23 +4,34 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff) +CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless +CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp +CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2085 VULNERABLE (sipp) #446222 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806 +CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10] +CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes +CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes CVE-2008-1999 VULNERABLE (WebKit) +CVE-2008-1944 version (xen, fixed 3.2) +CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc10] CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10] CVE-2008-1926 backport (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] CVE-2008-1836 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9] -CVE-2008-1803 VULNERABLE (rdesktop) #445843 -CVE-2008-1802 VULNERABLE (rdesktop) #445843 -CVE-2008-1801 VULNERABLE (rdesktop) #445843 -CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9] +CVE-2008-1803 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] +CVE-2008-1802 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] +CVE-2008-1801 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] +CVE-2008-1771 version (mt-daapd) [since mt-daapd-0.2.4.2-2.fc10] CVE-2008-1677 VULNERABLE (fedora-ds-base) #445810 CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10] CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 +CVE-2008-1423 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10] +CVE-2008-1420 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10] +CVE-2008-1419 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10] CVE-2008-1387 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10] -CVE-2008-1360 VULNERABLE (nagios) #437852 +CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9] CVE-2008-1103 VULNERABLE (blender) not fixed upstream CVE-2008-1100 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9] CVE-2008-1078 VULNERABLE (am-utils) #437746 @@ -30,8 +41,10 @@ CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9] CVE-2007-6321 VULNERABLE (roundcubemail) #423301 CVE-2007-6318 VULNERABLE (wordpress) #426434 +CVE-2007-6131 VULNERABLE (scanbuttond) CVE-2007-5907 VULNERABLE (xen) #390121 CVE-2007-5906 VULNERABLE (xen) #390121 +CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446383 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.220 retrieving revision 1.221 diff -u -r1.220 -r1.221 --- f8 13 May 2008 16:32:22 -0000 1.220 +++ f8 16 May 2008 18:59:18 -0000 1.221 @@ -6,8 +6,11 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless +CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp +CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2146 version (wordpress, fixed 2.2.3) -CVE-2008-2109 VULNERABLE (libid3tag) #445814 +CVE-2008-2109 fixed (libid3tag) #445814 [since FEDORA-2008-3976] CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] @@ -15,12 +18,17 @@ CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445805 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 +CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-3.fc8] +CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes +CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes CVE-2008-2000 ignore (WebKit) browser DoS CVE-2008-1999 VULNERABLE (WebKit) -CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445238 +CVE-2008-1996 fixed (licq, fixed 1.3.6) #445238 [since FEDORA-2008-3969] CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 [since FEDORA-2008-3543] CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3501] +CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8] +CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0 CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443940 [since FEDORA-2008-3352] @@ -35,9 +43,9 @@ CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420] -CVE-2008-1803 VULNERABLE (rdesktop) #445842 -CVE-2008-1802 VULNERABLE (rdesktop) #445842 -CVE-2008-1801 VULNERABLE (rdesktop) #445842 +CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] +CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] +CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1722 fixed (cups) #445802 [since FEDORA-2008-3586] @@ -75,11 +83,14 @@ CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370] CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767] CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] +CVE-2008-1423 fixed (libvorbis) #446342 [since FEDORA-2008-3934] +CVE-2008-1420 fixed (libvorbis) #446342 [since FEDORA-2008-3934] +CVE-2008-1419 fixed (libvorbis) #446342 [since FEDORA-2008-3934] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used -CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.37-1.fc8] +CVE-2008-1382 VULNERABLE (libpng10) [since FEDORA-2008-3937] CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444436 [since FEDORA-2008-3462] CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] @@ -87,7 +98,7 @@ CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] -CVE-2008-1360 VULNERABLE (nagios) #437850 +CVE-2008-1360 fixed (nagios, fixed 2.11) #437850 [since FEDORA-2008-3098] CVE-2008-1353 ignore (zabbix) #437848 Needs authorization CVE-2008-1333 ignore (asterisk) not affected CVE-2008-1332 fixed (asterisk, fixed 1.4.18.1) #438133 [since FEDORA-2008-2554] @@ -135,7 +146,7 @@ CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043] CVE-2008-1103 VULNERABLE (blender) not fixed upstream -CVE-2008-1102 VULNERABLE (blender) #443936 +CVE-2008-1102 fixed (blender) #443936 [since FEDORA-2008-3875] CVE-2008-1100 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] CVE-2008-1099 fixed (moin) #438673 [since FEDORA-2008-3301] CVE-2008-1098 fixed (moin) #438673 [since FEDORA-2008-3301] @@ -334,6 +345,7 @@ CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216] +CVE-2007-6131 VULNERABLE (scanbuttond) CVE-2007-6121 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6120 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6119 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] @@ -385,6 +397,7 @@ CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131 CVE-2007-5848 version (cups, fixed 1.2.0) CVE-2007-5846 version (net-snmp, fixed 5.4.1) +CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446381 CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.210 retrieving revision 1.211 diff -u -r1.210 -r1.211 --- f9 13 May 2008 16:32:22 -0000 1.210 +++ f9 16 May 2008 18:59:18 -0000 1.211 @@ -5,6 +5,9 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless +CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp +CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2146 version (wordpress, fixed 2.2.3) CVE-2008-2109 fixed (libid3tag) #445815 [since FEDORA-2008-3757] CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668] @@ -14,12 +17,17 @@ CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 +CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc9] +CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes +CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes CVE-2008-2000 ignore (WebKit) browser DoS CVE-2008-1999 VULNERABLE (WebKit) CVE-2008-1996 fixed (licq, fixed 1.3.6) #445239 [since FEDORA-2008-3812] CVE-2008-1974 ignore (kronolith, fixed 3.1.8) #444405 package removed from f9 and rawhide CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3690] +CVE-2008-1944 version (xen, fixed 3.2) +CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9] CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941 @@ -30,15 +38,15 @@ CVE-2008-1878 backport (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9] CVE-2008-1845 version (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora? CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped -CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] +CVE-2008-1836 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9] CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9] -CVE-2008-1803 VULNERABLE (rdesktop) #445843 -CVE-2008-1802 VULNERABLE (rdesktop) #445843 -CVE-2008-1801 VULNERABLE (rdesktop) #445843 +CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] +CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] +CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9] -CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9] +CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.2.4.2-2.fc9] CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9] CVE-2008-1722 fixed (cups) #445803 [since FEDORA-2008-3756] CVE-2008-1720 version (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] @@ -74,9 +82,12 @@ CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9] CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9] CVE-2008-1467 fixed (centerim) #438871 +CVE-2008-1423 fixed (libvorbis) #446343 [since FEDORA-2008-3910] +CVE-2008-1420 fixed (libvorbis) #446343 [since FEDORA-2008-3910] +CVE-2008-1419 fixed (libvorbis) #446343 [since FEDORA-2008-3910] CVE-2008-1394 ignore (plone) CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] -CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] +CVE-2008-1387 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 VULNERABLE (libpng10) [since FEDORA-2008-3683] CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444437 [since FEDORA-2008-3601] @@ -86,7 +97,7 @@ CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9] CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9] -CVE-2008-1360 VULNERABLE (nagios) #437852 +CVE-2008-1360 version (nagios, fixed 2.11) #437852 [since nagios-2.11-3.fc9] CVE-2008-1353 ignore (zabbix) #437848 Needs authorization CVE-2008-1333 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] CVE-2008-1332 ignore (asterisk) not affected according to upstream advisory @@ -133,7 +144,7 @@ CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] CVE-2008-1103 VULNERABLE (blender) not fixed upstream CVE-2008-1102 backport (blender) #443937 [since blender-2.45-12.fc9] -CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] +CVE-2008-1100 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] CVE-2008-1099 version (moin, fixed 1.5.9) #438674 CVE-2008-1098 version (moin, fixed 1.5.9) #438674 CVE-2008-1078 ignore (am-utils) minimal impact @@ -223,7 +234,7 @@ CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0320 version (openoffice.org, fixed 2.4) CVE-2008-0318 fixed (clamav, fixed 0.92.1) -CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] +CVE-2008-0314 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9] CVE-2008-0304 version (thuderbird, fixed 2.0.0.12) [since thunderbird-2.0.0.12-1.fc9] CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9] @@ -329,6 +340,7 @@ CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] CVE-2007-6183 backport (ruby-gnome2) #405611 [since ruby-gnome2-0.16.0-22.fc9] +CVE-2007-6131 VULNERABLE (scanbuttond) CVE-2007-6121 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6120 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6119 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] @@ -379,6 +391,7 @@ CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9] CVE-2007-5848 version (cups, fixed 1.2.0) CVE-2007-5846 version (net-snmp, fixed 5.4.1) +CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446382 CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1] CVE-2007-5760 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.376 retrieving revision 1.377 diff -u -r1.376 -r1.377 --- fc7 13 May 2008 16:32:22 -0000 1.376 +++ fc7 16 May 2008 18:59:18 -0000 1.377 @@ -7,8 +7,11 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless +CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp +CVE-2008-2168 ignore (httpd) browser issue, not apache CVE-2008-2146 version (wordpress, fixed 2.2.3) -CVE-2008-2109 VULNERABLE (libid3tag) #445813 +CVE-2008-2109 fixed (libid3tag) #445813 [since FEDORA-2008-3874] CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488] CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488] @@ -16,15 +19,20 @@ CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 +CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-3.fc7] +CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes +CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes CVE-2008-2000 ignore (WebKit) browser DoS CVE-2008-1999 VULNERABLE (WebKit) -CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445237 +CVE-2008-1996 fixed (licq, fixed 1.3.6) #445237 [since FEDORA-2008-3909] CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 [since FEDORA-2008-3460] CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3508] +CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc7] +CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc7] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0 -CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 +CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443939 [since FEDORA-2008-3920] CVE-2008-1927 fixed (perl) [since FEDORA-2008-3399] CVE-2008-1926 VULNERABLE (util-linux) CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3 @@ -36,9 +44,9 @@ CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358] -CVE-2008-1803 VULNERABLE (rdesktop) #445841 -CVE-2008-1802 VULNERABLE (rdesktop) #445841 -CVE-2008-1801 VULNERABLE (rdesktop) #445841 +CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985] +CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985] +CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985] CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1722 fixed (cups) #445801 [since FEDORA-2008-3449] @@ -76,6 +84,9 @@ CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471] CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438666 [since FEDORA-2008-2678] CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] +CVE-2008-1423 fixed (libvorbis) #446341 [since FEDORA-2008-3898] +CVE-2008-1420 fixed (libvorbis) #446341 [since FEDORA-2008-3898] +CVE-2008-1419 fixed (libvorbis) #446341 [since FEDORA-2008-3898] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] @@ -88,7 +99,7 @@ CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897] CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] -CVE-2008-1360 VULNERABLE (nagios) #437851 +CVE-2008-1360 VULNERABLE (nagios, fixed 2.11) #437851 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization CVE-2008-1333 ignore (asterisk) not affected CVE-2008-1332 fixed (asterisk, fixed 1.4.18.1) #438132 [since FEDORA-2008-2620] @@ -136,7 +147,7 @@ CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047] CVE-2008-1103 VULNERABLE (blender) not fixed upstream -CVE-2008-1102 VULNERABLE (blender) #443935 +CVE-2008-1102 fixed (blender) #443935 [since FEDORA-2008-3862] CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] CVE-2008-1099 fixed (moin) #438672 [since FEDORA-2008-3328] CVE-2008-1098 fixed (moin) #438672 [since FEDORA-2008-3328] @@ -333,6 +344,7 @@ CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229] +CVE-2007-6131 VULNERABLE (scanbuttond) CVE-2007-6121 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6120 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6119 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] @@ -384,6 +396,7 @@ CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131 CVE-2007-5848 version (cups, fixed 1.2.0) CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019] +CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #437851 CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056] CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685] CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]

15 years, 11 months

1
0
0 / 0

fedora-security/audit f10, 1.1, 1.2 f8, 1.219, 1.220 f9, 1.209, 1.210 fc7, 1.375, 1.376

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4056/audit Modified Files: f10 f8 f9 fc7 Log Message: debian openssl issue Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- f10 13 May 2008 15:46:58 -0000 1.1 +++ f10 13 May 2008 16:32:22 -0000 1.2 @@ -26,6 +26,7 @@ CVE-2008-1078 VULNERABLE (am-utils) #437746 CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10] CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9] +CVE-2008-0166 ignore (openssl) Debian specific CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9] CVE-2007-6321 VULNERABLE (roundcubemail) #423301 CVE-2007-6318 VULNERABLE (wordpress) #426434 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.219 retrieving revision 1.220 diff -u -r1.219 -r1.220 --- f8 13 May 2008 15:46:58 -0000 1.219 +++ f8 13 May 2008 16:32:22 -0000 1.220 @@ -247,6 +247,7 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0172 fixed (boost) #428975 [since FEDORA-2008-0754] CVE-2008-0171 fixed (boost) #428975 [since FEDORA-2008-0754] +CVE-2008-0166 ignore (openssl) Debian specific CVE-2008-0128 VULNERABLE (tomcat5) #429904 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.209 retrieving revision 1.210 diff -u -r1.209 -r1.210 --- f9 13 May 2008 15:46:58 -0000 1.209 +++ f9 13 May 2008 16:32:22 -0000 1.210 @@ -242,6 +242,7 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0172 backport (boost) #428976 [since boost-1.34.1-7.fc9] CVE-2008-0171 backport (boost) #428976 [since boost-1.34.1-7.fc9] +CVE-2008-0166 ignore (openssl) Debian specific CVE-2008-0128 version (tomcat5, fixed 5.5.21) #429905 CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0122 backport (bind) #429534 [since bind-9.5.0-24.b1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.375 retrieving revision 1.376 diff -u -r1.375 -r1.376 --- fc7 13 May 2008 15:46:58 -0000 1.375 +++ fc7 13 May 2008 16:32:22 -0000 1.376 @@ -247,6 +247,7 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0172 fixed (boost) #428974 [since FEDORA-2008-0880] CVE-2008-0171 fixed (boost) #428974 [since FEDORA-2008-0880] +CVE-2008-0166 ignore (openssl) Debian specific CVE-2008-0128 VULNERABLE (tomcat5) #429903 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]

15 years, 11 months

1
0
0 / 0

fedora-security/tools/scripts add-issue, 1.6, 1.7

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29041/tools/scripts Modified Files: add-issue Log Message: f9 is out -> update tools Index: add-issue =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/add-issue,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- add-issue 9 May 2008 09:24:59 -0000 1.6 +++ add-issue 13 May 2008 15:56:20 -0000 1.7 @@ -27,6 +27,7 @@ '7' => 'audit/fc7', '8' => 'audit/f8', '9' => 'audit/f9', + '10' => 'audit/f10', ); # Command line options

15 years, 11 months

1
0
0 / 0

fedora-security/tools/lib/Libexig Fedora.pm, 1.4, 1.5

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29041/tools/lib/Libexig Modified Files: Fedora.pm Log Message: f9 is out -> update tools Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Fedora.pm,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- Fedora.pm 9 May 2008 09:26:15 -0000 1.4 +++ Fedora.pm 13 May 2008 15:56:19 -0000 1.5 @@ -104,10 +104,10 @@ my $comment_rawhide = "\n". -# 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '. -# 'Fixed In field if possible) once is it fixed in devel branch. '. - 'Please note it\'s currently not possible to file bugs against F9, '. - 'so please make sure to fix in both rawhide and upcoming F9. '. + 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '. + 'Fixed In field if possible) once is it fixed in devel branch. '. +# 'Please note it\'s currently not possible to file bugs against F9, '. +# 'so please make sure to fix in both rawhide and upcoming F9. '. 'Do *not* include the bug id of this bug in the RPM changelog and the '. 'commit message.'. "\n\n"; @@ -121,18 +121,18 @@ # Valid versions my %versions = ( - '6', => '6', - 'f6', => '6', - 'fc6', => '6', '7', => '7', 'f7', => '7', 'fc7', => '7', '8', => '8', 'f8', => '8', 'fc8', => '8', - '9', => 'rawhide', - 'f9', => 'rawhide', - 'fc9', => 'rawhide', + '9', => '9', + 'f9', => '9', + 'fc9', => '9', + '10', => 'rawhide', + 'f10', => 'rawhide', + 'fc10', => 'rawhide', 'devel', => 'rawhide', ); @@ -244,23 +244,23 @@ $bugzilla->add_comment ($bug_id, $tr_comment); } - # XXX temporary until F9 BZ component is created - else { - my $tr_comment = - 'You can eventually use the following link to '. - 'create the update request for upcoming Fedora 9: '."\n". - 'https://admin.fedoraproject.org/updates/new/'. - '?request=Stable'. - '&type=security'. - '&release=Fedora%209'. - '&bugs='.$bug_id; - - foreach my $bug (@{$parent_bugs}) { - $tr_comment .= ','.$bug; - } - - $bugzilla->add_comment ($bug_id, $tr_comment); - } +# # XXX temporary until F9 BZ component is created +# else { +# my $tr_comment = +# 'You can eventually use the following link to '. +# 'create the update request for upcoming Fedora 9: '."\n". +# 'https://admin.fedoraproject.org/updates/new/'. +# '?request=Stable'. +# '&type=security'. +# '&release=Fedora%209'. +# '&bugs='.$bug_id; +# +# foreach my $bug (@{$parent_bugs}) { +# $tr_comment .= ','.$bug; +# } +# +# $bugzilla->add_comment ($bug_id, $tr_comment); +# } $bugzilla->add_blockers ($bug_id, $parent_bugs); $comment .= $bug->{'version'}.": bug #$bug_id\n";

15 years, 11 months

1
0
0 / 0

fedora-security/audit f10, NONE, 1.1 f8, 1.218, 1.219 f9, 1.208, 1.209 fc7, 1.374, 1.375

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28447/audit Modified Files: f8 f9 fc7 Added Files: f10 Log Message: check updates create f10 tracking file based on f9 unfixed issues ***** Error reading new file: [Errno 2] No such file or directory: 'f10' Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.218 retrieving revision 1.219 diff -u -r1.218 -r1.219 --- f8 9 May 2008 18:59:07 -0000 1.218 +++ f8 13 May 2008 15:46:58 -0000 1.219 @@ -6,19 +6,21 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-2146 version (wordpress, fixed 2.2.3) CVE-2008-2109 VULNERABLE (libid3tag) #445814 -CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445822 +CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora -CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445822 +CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] +CVE-2008-2085 VULNERABLE (sipp) #446220 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445805 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-2000 ignore (WebKit) browser DoS CVE-2008-1999 VULNERABLE (WebKit) CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445238 -CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 +CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 [since FEDORA-2008-3543] CVE-2008-1964 ignore (xine-lib) bogus vulnerability report -CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc8] +CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3501] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0 CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443940 [since FEDORA-2008-3352] @@ -38,7 +40,7 @@ CVE-2008-1801 VULNERABLE (rdesktop) #445842 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] CVE-2008-1729 ignore (drupal) 6.x only -CVE-2008-1722 VULNERABLE (cups) #445802 +CVE-2008-1722 fixed (cups) #445802 [since FEDORA-2008-3586] CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441690 [since FEDORA-2008-3047] CVE-2008-1693 version (xpdf, fixed 3.02) CVE-2008-1693 version (poppler, fixed 0.6.2) @@ -77,11 +79,11 @@ CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used -CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc8] -CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444436 +CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.37-1.fc8] +CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444436 [since FEDORA-2008-3462] CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] -CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 +CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] @@ -105,19 +107,19 @@ CVE-2008-1238 version (seamonkey, fixed 1.1.9) CVE-2008-1237 version (firefox, fixed 2.0.0.13) CVE-2008-1237 version (seamonkey, fixed 1.1.9) -CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 +CVE-2008-1237 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] CVE-2008-1236 version (firefox, fixed 2.0.0.13) CVE-2008-1236 version (seamonkey, fixed 1.1.9) -CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 +CVE-2008-1236 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] CVE-2008-1235 version (firefox, fixed 2.0.0.13) CVE-2008-1235 version (seamonkey, fixed 1.1.9) -CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 +CVE-2008-1235 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] CVE-2008-1234 version (firefox, fixed 2.0.0.13) CVE-2008-1234 version (seamonkey, fixed 1.1.9) -CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 +CVE-2008-1234 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] CVE-2008-1233 version (firefox, fixed 2.0.0.13) CVE-2008-1233 version (seamonkey, fixed 1.1.9) -CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 +CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] **CVE-2008-1227 fixed (libsilc) We updated this as non-security CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2464] not in default config @@ -191,7 +193,7 @@ CVE-2008-0554 version (netpbm, fixed 10.27) CVE-2008-0553 fixed (perl-Tk) #431532 [since FEDORA-2008-1323] CVE-2008-0553 backport (tk, fixed 8.5.1) [since FEDORA-2008-1122] -CVE-2008-0553 VULNERABLE (tkimg) #444951 +CVE-2008-0553 fixed (tkimg) #444951 [since FEDORA-2008-3514] CVE-2008-0544 fixed (SDL_image) #430694 [since FEDORA-2008-1208] ILBM overflow CVE-2008-0486 fixed (xine-lib, fixed 1.1.10.1) #431543 [since FEDORA-2008-1543] CVE-2008-0460 fixed (mediawiki) #430288 [since FEDORA-2008-2288] @@ -259,7 +261,7 @@ CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] -CVE-2008-0002 fixed (tomcat5) #432474 [since FEDORA-2008-1467] +CVE-2008-0002 ignore (tomcat5) #432474 tomcat 6.x only CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443021 [since FEDORA-2008-3333] CVE-2007-6703 fixed (vdccm, fixed 0.10.1) #436026 [since FEDORA-2008-0680] CVE-2007-6698 version (openldap, fixed 2.3.36) @@ -345,7 +347,7 @@ CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] -CVE-2007-6061 VULNERABLE (audacity) #393251 +CVE-2007-6061 fixed (audacity) #393251 [since FEDORA-2008-3456] CVE-2007-6029 ignore (clamav) insufficient information about the issue CVE-2007-6018 fixed (horde) #428628 [since FEDORA-2008-2040] CVE-2007-6018 fixed (imp) #428632 [since FEDORA-2008-2040] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.208 retrieving revision 1.209 diff -u -r1.208 -r1.209 --- f9 9 May 2008 18:59:07 -0000 1.208 +++ f9 13 May 2008 15:46:58 -0000 1.209 @@ -5,19 +5,21 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) -CVE-2008-2109 VULNERABLE (libid3tag) #445815 -CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445823 +CVE-2008-2146 version (wordpress, fixed 2.2.3) +CVE-2008-2109 fixed (libid3tag) #445815 [since FEDORA-2008-3757] +CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668] CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora -CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445823 +CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668] +CVE-2008-2085 VULNERABLE (sipp) #446221 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-2000 ignore (WebKit) browser DoS CVE-2008-1999 VULNERABLE (WebKit) -CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445239 +CVE-2008-1996 fixed (licq, fixed 1.3.6) #445239 [since FEDORA-2008-3812] CVE-2008-1974 ignore (kronolith, fixed 3.1.8) #444405 package removed from f9 and rawhide CVE-2008-1964 ignore (xine-lib) bogus vulnerability report -CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc9] +CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3690] CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941 @@ -38,7 +40,7 @@ CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9] CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9] CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9] -CVE-2008-1722 VULNERABLE (cups) #445803 +CVE-2008-1722 fixed (cups) #445803 [since FEDORA-2008-3756] CVE-2008-1720 version (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] CVE-2008-1693 version (xpdf, fixed 3.02) CVE-2008-1693 version (poppler, fixed 0.6.2) @@ -76,8 +78,8 @@ CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used -CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc9] -CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437 [since zoneminder-1.22.3-14.fc9] +CVE-2008-1382 VULNERABLE (libpng10) [since FEDORA-2008-3683] +CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444437 [since FEDORA-2008-3601] CVE-2008-1380 version (firefox, fixed 2.0.0.14) CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9] CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] @@ -134,7 +136,7 @@ CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] CVE-2008-1099 version (moin, fixed 1.5.9) #438674 CVE-2008-1098 version (moin, fixed 1.5.9) #438674 -CVE-2008-1078 VULNERABLE (am-utils) #437746 +CVE-2008-1078 ignore (am-utils) minimal impact CVE-2008-1072 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1071 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1070 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9] @@ -254,7 +256,7 @@ CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) -CVE-2008-0002 VULNERABLE (tomcat5) #432476 +CVE-2008-0002 ignore (tomcat5) #432476 tomcat 6.x only CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443022 [since dbmail-2.2.9-1.fc9] CVE-2007-6703 version (vdccm, fixed 0.10.1) #436027 CVE-2007-6698 version (openldap, fixed 2.3.36) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.374 retrieving revision 1.375 diff -u -r1.374 -r1.375 --- fc7 9 May 2008 18:59:07 -0000 1.374 +++ fc7 13 May 2008 15:46:58 -0000 1.375 @@ -7,19 +7,21 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-2146 version (wordpress, fixed 2.2.3) CVE-2008-2109 VULNERABLE (libid3tag) #445813 -CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445821 +CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488] CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora -CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445821 +CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488] +CVE-2008-2085 VULNERABLE (sipp) #446219 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-2000 ignore (WebKit) browser DoS CVE-2008-1999 VULNERABLE (WebKit) CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445237 -CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 +CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 [since FEDORA-2008-3460] CVE-2008-1964 ignore (xine-lib) bogus vulnerability report -CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc7] +CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3508] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 @@ -39,7 +41,7 @@ CVE-2008-1801 VULNERABLE (rdesktop) #445841 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] CVE-2008-1729 ignore (drupal) 6.x only -CVE-2008-1722 VULNERABLE (cups) #445801 +CVE-2008-1722 fixed (cups) #445801 [since FEDORA-2008-3449] CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060] CVE-2008-1693 version (xpdf, fixed 3.02) CVE-2008-1693 ignore (kdegraphics) not affected @@ -79,10 +81,10 @@ CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 ignore (libpng10) [since libpng10-1.0.33-1.fc7] -CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444435 +CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444435 [since FEDORA-2008-3516] CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442850 [since FEDORA-2008-3231] -CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 +CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897] CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] @@ -106,19 +108,19 @@ CVE-2008-1238 version (seamonkey, fixed 1.1.9) CVE-2008-1237 version (firefox, fixed 2.0.0.13) CVE-2008-1237 version (seamonkey, fixed 1.1.9) -CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 +CVE-2008-1237 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] CVE-2008-1236 version (firefox, fixed 2.0.0.13) CVE-2008-1236 version (seamonkey, fixed 1.1.9) -CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 +CVE-2008-1236 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] CVE-2008-1235 version (firefox, fixed 2.0.0.13) CVE-2008-1235 version (seamonkey, fixed 1.1.9) -CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 +CVE-2008-1235 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] CVE-2008-1234 version (firefox, fixed 2.0.0.13) CVE-2008-1234 version (seamonkey, fixed 1.1.9) -CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 +CVE-2008-1234 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] CVE-2008-1233 version (firefox, fixed 2.0.0.13) CVE-2008-1233 version (seamonkey, fixed 1.1.9) -CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 +CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] **CVE-2008-1227 fixed (libsilc) We updated this as non-security CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2475] marginally affected CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2475] not in default config @@ -191,7 +193,7 @@ CVE-2008-0554 version (netpbm, fixed 10.27) CVE-2008-0553 fixed (perl-Tk) #431531 [since FEDORA-2008-1384] CVE-2008-0553 backport (tk, fixed 8.5.1) [since FEDORA-2008-1131] -CVE-2008-0553 VULNERABLE (tkimg) #444950 +CVE-2008-0553 fixed (tkimg) #444950 [since FEDORA-2008-3545] CVE-2008-0544 fixed (SDL_image) #430695 [since FEDORA-2008-1208] ILBM overflow CVE-2008-0486 fixed (xine-lib, fixed 1.1.10.1) #431542 [since FEDORA-2008-1581] CVE-2008-0460 fixed (mediawiki) #430287 [since FEDORA-2008-2245] @@ -259,7 +261,7 @@ CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] -CVE-2008-0002 fixed (tomcat5) #432475 [since FEDORA-2008-1603] +CVE-2008-0002 ignore (tomcat5) #432475 tomcat 6.x only CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443020 [since FEDORA-2008-3371] CVE-2007-6703 VULNERABLE (vdccm, fixed 0.10.1) #436025 CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307] @@ -344,7 +346,7 @@ CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] -CVE-2007-6061 VULNERABLE (audacity) #393251 +CVE-2007-6061 fixed (audacity) #393251 [since FEDORA-2008-3456] CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-6029 ignore (clamav) insufficient information about the issue CVE-2007-6018 fixed (horde) #428629 [since FEDORA-2008-2087]

15 years, 11 months

1
0
0 / 0

fedora-security/audit f8, 1.217, 1.218 f9, 1.207, 1.208 fc7, 1.373, 1.374

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15451/audit Modified Files: f8 f9 fc7 Log Message: bunch of new CVE ids... Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.217 retrieving revision 1.218 diff -u -r1.217 -r1.218 --- f8 7 May 2008 16:48:08 -0000 1.217 +++ f8 9 May 2008 18:59:07 -0000 1.218 @@ -6,6 +6,11 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-2109 VULNERABLE (libid3tag) #445814 +CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445822 +CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora +CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445822 +CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445805 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-2000 ignore (WebKit) browser DoS @@ -28,8 +33,12 @@ CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420] +CVE-2008-1803 VULNERABLE (rdesktop) #445842 +CVE-2008-1802 VULNERABLE (rdesktop) #445842 +CVE-2008-1801 VULNERABLE (rdesktop) #445842 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] CVE-2008-1729 ignore (drupal) 6.x only +CVE-2008-1722 VULNERABLE (cups) #445802 CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441690 [since FEDORA-2008-3047] CVE-2008-1693 version (xpdf, fixed 3.02) CVE-2008-1693 version (poppler, fixed 0.6.2) @@ -39,6 +48,7 @@ CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441247 [since FEDORA-2008-3059] CVE-2008-1686 fixed (speex) #442572 [since FEDORA-2008-3103] +CVE-2008-1677 VULNERABLE (fedora-ds-base) #445809 CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only CVE-2008-1670 fixed (kdelibs4) #444399 [since FEDORA-2008-3412] kdelibs 4.x only Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.207 retrieving revision 1.208 diff -u -r1.207 -r1.208 --- f9 7 May 2008 16:48:08 -0000 1.207 +++ f9 9 May 2008 18:59:07 -0000 1.208 @@ -5,6 +5,11 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-2109 VULNERABLE (libid3tag) #445815 +CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445823 +CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora +CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445823 +CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-2000 ignore (WebKit) browser DoS @@ -27,9 +32,13 @@ CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9] CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9] +CVE-2008-1803 VULNERABLE (rdesktop) #445843 +CVE-2008-1802 VULNERABLE (rdesktop) #445843 +CVE-2008-1801 VULNERABLE (rdesktop) #445843 CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9] CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9] CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9] +CVE-2008-1722 VULNERABLE (cups) #445803 CVE-2008-1720 version (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9] CVE-2008-1693 version (xpdf, fixed 3.02) CVE-2008-1693 version (poppler, fixed 0.6.2) @@ -39,6 +48,7 @@ CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9] CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3] +CVE-2008-1677 VULNERABLE (fedora-ds-base) #445810 CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped CVE-2008-1670 backport (kdelibs) [since kdelibs-4.0.3-7.fc9] CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.373 retrieving revision 1.374 diff -u -r1.373 -r1.374 --- fc7 7 May 2008 16:48:08 -0000 1.373 +++ fc7 9 May 2008 18:59:07 -0000 1.374 @@ -7,6 +7,11 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-2109 VULNERABLE (libid3tag) #445813 +CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445821 +CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora +CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445821 +CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-2000 ignore (WebKit) browser DoS @@ -29,8 +34,12 @@ CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358] +CVE-2008-1803 VULNERABLE (rdesktop) #445841 +CVE-2008-1802 VULNERABLE (rdesktop) #445841 +CVE-2008-1801 VULNERABLE (rdesktop) #445841 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] CVE-2008-1729 ignore (drupal) 6.x only +CVE-2008-1722 VULNERABLE (cups) #445801 CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060] CVE-2008-1693 version (xpdf, fixed 3.02) CVE-2008-1693 ignore (kdegraphics) not affected @@ -40,6 +49,7 @@ CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117] CVE-2008-1686 fixed (speex) #442571 [since FEDORA-2008-3191] +CVE-2008-1677 VULNERABLE (fedora-ds-base) #445808 CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only CVE-2008-1670 fixed (kdelibs4) #444398 [since FEDORA-2008-3379] kdelibs 4.x only

15 years, 11 months

1
0
0 / 0

fedora-security/tools/lib/Libexig Fedora.pm, 1.3, 1.4

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1357/tools/lib/Libexig Modified Files: Fedora.pm Log Message: F9 is almost out but still no F9 component, hence change wording of rawhide bugs (temporarily) Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Fedora.pm,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- Fedora.pm 14 Jan 2008 16:33:12 -0000 1.3 +++ Fedora.pm 9 May 2008 09:26:15 -0000 1.4 @@ -104,8 +104,10 @@ my $comment_rawhide = "\n". - 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '. - 'Fixed In field if possible) once is it fixed in devel branch. '. +# 'Please close this bug with RAWHIDE (referencing appropriate N-V-R in '. +# 'Fixed In field if possible) once is it fixed in devel branch. '. + 'Please note it\'s currently not possible to file bugs against F9, '. + 'so please make sure to fix in both rawhide and upcoming F9. '. 'Do *not* include the bug id of this bug in the RPM changelog and the '. 'commit message.'. "\n\n"; @@ -113,7 +115,7 @@ my %priorities = ( 'urgent', => 4, 'high', => 3, - 'medium', => 2, + 'medium', => 2, 'low' => 1, ); @@ -242,6 +244,23 @@ $bugzilla->add_comment ($bug_id, $tr_comment); } + # XXX temporary until F9 BZ component is created + else { + my $tr_comment = + 'You can eventually use the following link to '. + 'create the update request for upcoming Fedora 9: '."\n". + 'https://admin.fedoraproject.org/updates/new/'. + '?request=Stable'. + '&type=security'. + '&release=Fedora%209'. + '&bugs='.$bug_id; + + foreach my $bug (@{$parent_bugs}) { + $tr_comment .= ','.$bug; + } + + $bugzilla->add_comment ($bug_id, $tr_comment); + } $bugzilla->add_blockers ($bug_id, $parent_bugs); $comment .= $bug->{'version'}.": bug #$bug_id\n";

15 years, 11 months

1
0
0 / 0

fedora-security/tools/scripts add-issue, 1.5, 1.6

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1333/tools/scripts Modified Files: add-issue Log Message: change path to audit files as I hate having to cd to tools every time Index: add-issue =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/add-issue,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- add-issue 19 Mar 2008 17:01:39 -0000 1.5 +++ add-issue 9 May 2008 09:24:59 -0000 1.6 @@ -24,9 +24,9 @@ use strict; my %versions = ( - '7' => '../audit/fc7', - '8' => '../audit/f8', - '9' => '../audit/f9', + '7' => 'audit/fc7', + '8' => 'audit/f8', + '9' => 'audit/f9', ); # Command line options

15 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

security-commits May 2008