security-commits May 2008

security-commits@lists.fedoraproject.org

1 participants
14 discussions

fedora-security/audit f8, 1.216, 1.217 f9, 1.206, 1.207 fc7, 1.372, 1.373
by fedora-security-commits＠redhat.com 07 May '08

07 May '08

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6726/audit Modified Files: f8 f9 fc7 Log Message: more pre-f9 cleanups Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.216 retrieving revision 1.217 diff -u -r1.216 -r1.217 --- f8 6 May 2008 16:54:54 -0000 1.216 +++ f8 7 May 2008 16:48:08 -0000 1.217 @@ -5,7 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] -rhbz249840 VULNERABLE (tor) +rhbz249840 version (tor, fixed 0.1.2.15) CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-2000 ignore (WebKit) browser DoS @@ -122,6 +122,7 @@ CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043] +CVE-2008-1103 VULNERABLE (blender) not fixed upstream CVE-2008-1102 VULNERABLE (blender) #443936 CVE-2008-1100 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] CVE-2008-1099 fixed (moin) #438673 [since FEDORA-2008-3301] @@ -262,7 +263,7 @@ CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] -CVE-2007-6672 ingore (jetty) #428017 jetty 6.x only +CVE-2007-6672 ignore (jetty) #428017 jetty 6.x only CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] @@ -341,7 +342,7 @@ CVE-2007-6018 fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] -CVE-2007-6013 fixed (wordpress) #426433 [since FEDORA-2008-0103] +CVE-2007-6013 fixed (wordpress) [since wordpress-2.5.1-1.fc8] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636] CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable @@ -355,7 +356,7 @@ CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962] -CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi +CVE-2007-5938 fixed (kernel) #385861 iwlwifi [since kernel-2.6.23.9-67.fc8] CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows CVE-2007-5936 backport (tetex) #379861 [since FEDORA-2007-3308] dviljk uses insecure temporary file CVE-2007-5935 backport (tetex) #379861 [since FEDORA-2007-3308] dvips -z buffer overflow with long href @@ -449,9 +450,9 @@ CVE-2007-4129 backport (coolkey) [since coolkey-1.1.0-5.fc8] CVE-2007-4045 backport (cups) [since FEDORA-2007-2982] CVE-2007-4033 backport (tetex) [since FEDORA-2007-3308] -CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091 +CVE-2007-3999 fixed (nfs-utils-lib) #362091 [since FEDORA-2008-1102] CVE-2007-3999 fixed (libtirpc) #362111 [since FEDORA-2008-1017] -CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #363061 +CVE-2007-3920 fixed (compiz, not fixed upstream) #363061 [since xorg-x11-server-1.3.0.0-40.fc8] CVE-2007-3919 backport (xen, fixed 3.1.0-13) #361991 CVE-2007-3844 version (firefox, fixed 2.0.0.6) CVE-2007-3843 version (kernel) #246595 No idea which version fixed this Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.206 retrieving revision 1.207 diff -u -r1.206 -r1.207 --- f9 6 May 2008 16:54:54 -0000 1.206 +++ f9 7 May 2008 16:48:08 -0000 1.207 @@ -4,13 +4,13 @@ # *CVE are items that need verification for Fedora 9 # (mozilla) = (gecko-libs dependent stuff) -rhbz249840 VULNERABLE (tor) +rhbz249840 version (tor, fixed 0.1.2.15) CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-2000 ignore (WebKit) browser DoS CVE-2008-1999 VULNERABLE (WebKit) CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445239 -CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405 +CVE-2008-1974 ignore (kronolith, fixed 3.1.8) #444405 package removed from f9 and rawhide CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc9] CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] @@ -67,7 +67,7 @@ CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc9] -CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437 +CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437 [since zoneminder-1.22.3-14.fc9] CVE-2008-1380 version (firefox, fixed 2.0.0.14) CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9] CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] @@ -119,6 +119,7 @@ CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9] CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] +CVE-2008-1103 VULNERABLE (blender) not fixed upstream CVE-2008-1102 backport (blender) #443937 [since blender-2.45-12.fc9] CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] CVE-2008-1099 version (moin, fixed 1.5.9) #438674 @@ -329,14 +330,13 @@ CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) CVE-2007-6067 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] -CVE-2007-6061 VULNERABLE (audacity) #393251 +CVE-2007-6061 backport (audacity) #393251 [since audacity-1.3.2-21.fc9] CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] CVE-2007-6029 ignore (clamav) insufficient information about the issue CVE-2007-6018 version (horde, fixed 3.1.6) #428630 [since horde-3.1.6-1.fc9] CVE-2007-6018 version (imp, fixed 4.1.6) #428634 [since imp-4.1.6-1.fc9] -CVE-2007-6018 VULNERABLE (wordpress) #426434 CVE-2007-6015 version (samba, fixed 3.0.28) #433622 [since samba-3.2.0-1.pre2.5.fc9] -CVE-2007-6013 VULNERABLE (wordpress) #426434 +CVE-2007-6013 version (wordpress, fixed 2.5) [since wordpress-2.5.1-1.fc9] CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable @@ -350,7 +350,7 @@ CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] code removed upstream CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) -CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi +CVE-2007-5938 fixed (kernel) #385861 iwlwifi [since kernel-2.6.24-0.47.rc3.git2.fc9] CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9] CVE-2007-5936 backport (tetex) #379851 dviljk uses insecure temporary file [since tetex-3.0-48.fc9] CVE-2007-5935 backport (tetex) #379851 dvips -z buffer overflow with long href [since tetex-3.0-48.fc9] @@ -401,7 +401,7 @@ CVE-2007-5333 version (tomcat5, fixed 5.5.26) #428257 [since tomcat5-5.5.26-1jpp.1.fc9] CVE-2007-5201 version (duplicity, fixed 0.4.9?) #362841 [since duplicity-0.4.9-1.fc9] CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9] -CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901 +CVE-2007-5198 version (nagios-plugins, fixed 1.4.10) #362901 [since nagios-plugins-1.4.11-4.fc9] CVE-2007-5197 version (mono, fixed 1.2.5.1) #367551 [since mono-1.2.5.1-3.fc9] CVE-2007-5116 backport (perl) #378151 [since perl-5.8.8-31.fc9] CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem @@ -423,7 +423,7 @@ CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. CVE-2007-4476 backport (cpio, not fixed 2.9) #339691 [since cpio-2.9-5.fc9] -CVE-2007-4400 VULNERABLE (konversation) #362931 Remove media script? +CVE-2007-4400 backport (konversation) #362931 Remove media script? [since konversation-1.0.1-6.fc9] CVE-2007-4352 backport (xpdf) #372481 [since xpdf-3.02-4.fc9] CVE-2007-4352 backport (cups) CVE-2007-4352 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9] @@ -431,14 +431,14 @@ CVE-2007-4352 backport (koffice) #372611 [since koffice-1.6.3-15.fc9] CVE-2007-4352 version (tetex) #372671 [since tetex-3.0-48.fc9] CVE-2007-4351 version (cups) #361681 -CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101 -CVE-2007-3999 VULNERABLE (libtirpc) #362121 -CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #357091 +CVE-2007-3999 version (nfs-utils-lib) #362101 [since nfs-utils-lib-1.1.0-4.fc9] +CVE-2007-3999 backport (libtirpc) #362121 [since libtirpc-0.1.7-15.fc9] +CVE-2007-3920 fixed (compiz, not fixed upstream) #357091 CVE-2007-3919 backport (xen, fixed 3.1.0-13) #362011 CVE-2007-3844 version (firefox, fixed 2.0.0.6) CVE-2007-3843 version (kernel) #246595 No idea which version fixed this CVE-2007-3568 backport (imlib) [since imlib-1.9.15-6.fc9] -CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543 +CVE-2007-3544 version (wordpress, fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543, insufficient info CVE-2007-3387 version (poppler, fixed 0.5.91) #251512 CVE-2007-3280 ignore (postgresql) bogus CVE assignment CVE-2007-3279 ignore (postgresql) bogus CVE assignment Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.372 retrieving revision 1.373 diff -u -r1.372 -r1.373 --- fc7 6 May 2008 16:54:54 -0000 1.372 +++ fc7 7 May 2008 16:48:08 -0000 1.373 @@ -123,6 +123,7 @@ CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047] +CVE-2008-1103 VULNERABLE (blender) not fixed upstream CVE-2008-1102 VULNERABLE (blender) #443935 CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] CVE-2008-1099 fixed (moin) #438672 [since FEDORA-2008-3328] @@ -340,7 +341,7 @@ CVE-2007-6018 fixed (imp) #428633 [since FEDORA-2008-2087] CVE-2007-6018 fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] -CVE-2007-6013 fixed (wordpress) #426432 [since FEDORA-2008-0126] +CVE-2007-6013 fixed (wordpress, fixed 2.5) [since wordpress-2.5.1-1.fc7] CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627] CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable @@ -354,7 +355,7 @@ CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952] -CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi +CVE-2007-5938 fixed (kernel) #385861 iwlwifi [since kernel-2.6.23.9-39.fc7] CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows CVE-2007-5936 backport (tetex) #379831 [since FEDORA-2007-3390] dviljk uses insecure temporary file CVE-2007-5935 backport (tetex) #379831 [since FEDORA-2007-3390] dvips -z buffer overflow with long href @@ -557,7 +558,7 @@ CVE-2007-3999 VULNERABLE (libtirpc) #294921 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux CVE-2007-3961 ignore (gftp) off-by-one error in fsplib -CVE-2007-3920 VULNERABLE (compiz) #357071 +CVE-2007-3920 fixed (compiz) #357071 [since xorg-x11-server-1.3.0.0-16.fc7] CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697] CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299] CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]

1 0

fedora-security/audit f8, 1.215, 1.216 f9, 1.205, 1.206 fc7, 1.371, 1.372
by fedora-security-commits＠redhat.com 06 May '08

06 May '08

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14762/audit Modified Files: f8 f9 fc7 Log Message: note WebKit, licq major pre-F9 cleanup Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.215 retrieving revision 1.216 diff -u -r1.215 -r1.216 --- f8 5 May 2008 08:37:37 -0000 1.215 +++ f8 6 May 2008 16:54:54 -0000 1.216 @@ -8,6 +8,9 @@ rhbz249840 VULNERABLE (tor) CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 +CVE-2008-2000 ignore (WebKit) browser DoS +CVE-2008-1999 VULNERABLE (WebKit) +CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445238 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc8] @@ -58,7 +61,7 @@ CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849] CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370] -CVE-2008-1468 fixed (namazu) #438667 [since FEDORA-2008-2767] +CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767] CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] @@ -259,7 +262,7 @@ CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] -CVE-2007-6672 VULNERABLE (jetty) #428017 +CVE-2007-6672 ingore (jetty) #428017 jetty 6.x only CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] @@ -298,7 +301,7 @@ CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision -CVE-2007-6321 VULNERABLE (roundcubemail) #423291 [since FEDORA-2008-2962] +CVE-2007-6321 VULNERABLE (roundcubemail) #423291 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6313 ignore (mysql) 5.1+ only CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built @@ -312,8 +315,8 @@ CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176] CVE-2007-6209 ignore (zsh) #409871 We don't ship the script CVE-2007-6208 ignore (claws) We don't ship the script -CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read -CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue +CVE-2007-6207 ignore (kernel-xen) Xen cross-domain memory read, ia64 only +CVE-2007-6206 version (kernel, fixed 2.6.22.17) Core dump owner issue CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989] CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216] @@ -486,11 +489,11 @@ CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since FEDORA-2007-4334] CVE-2006-7232 version (mysql, fixed 5.0.32) -CVE-2006-6698 VULNERABLE (GConf2) #219280 +CVE-2006-6698 ignore (GConf2) #219280 minimal impact CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB CVE-2006-6107 version (dbus, fixed 1.0.2) #219665 CVE-2006-6077 version (firefox, fixed 1.5.0.10) -CVE-2006-6058 VULNERABLE (kernel) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24 +CVE-2006-6058 version (kernel, fixed 2.6.23.7) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24 CVE-2006-6057 version (kernel, fixed 2_6_20-1_2924_fc6) GFS2 MOKB. CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560 CVE-2006-5864 version (evince, fixed 0.6.3) #217672 @@ -514,6 +517,6 @@ CVE-2005-4791 version (liferea, fixed 1.4.8) #393301 [since FEDORA-2007-3701] CVE-2005-4790 backport (blam, fixed 1.8.4) #395761 [since FEDORA-2007-3798] CVE-2005-4790 backport (tomboy) #362951 [since FEDORA-2007-3253] -CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness +CVE-2005-3675 ignore (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.205 retrieving revision 1.206 diff -u -r1.205 -r1.206 --- f9 5 May 2008 08:37:37 -0000 1.205 +++ f9 6 May 2008 16:54:54 -0000 1.206 @@ -7,17 +7,20 @@ rhbz249840 VULNERABLE (tor) CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 +CVE-2008-2000 ignore (WebKit) browser DoS +CVE-2008-1999 VULNERABLE (WebKit) +CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445239 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc9] -CVE-2008-1937 VULNERABLE (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] +CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941 CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 CVE-2008-1897 version (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9] -CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9] +CVE-2008-1878 backport (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9] CVE-2008-1845 version (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora? CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] @@ -37,7 +40,7 @@ CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9] CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3] CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped -CVE-2008-1670 VULNERABLE (kdelibs) [since kdelibs-4.0.3-7.fc9] +CVE-2008-1670 backport (kdelibs) [since kdelibs-4.0.3-7.fc9] CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9] CVE-2008-1657 version (openssh, fixed 4.9) #440376 [since openssh-5.0p1-1.fc9] CVE-2008-1652 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9] @@ -57,7 +60,7 @@ CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9] CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9] -CVE-2008-1468 VULNERABLE (namazu) #438668 +CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9] CVE-2008-1467 fixed (centerim) #438871 CVE-2008-1394 ignore (plone) CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] @@ -65,11 +68,11 @@ CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc9] CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437 -CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) -CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442852 -CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 +CVE-2008-1380 version (firefox, fixed 2.0.0.14) +CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9] +CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL -CVE-2008-1373 VULNERABLE (cups) #440041 [since cups-1.3.6-9.fc9] +CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9] CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9] CVE-2008-1360 VULNERABLE (nagios) #437852 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization @@ -88,19 +91,19 @@ CVE-2008-1238 version (seamonkey, fixed 1.1.9) CVE-2008-1237 version (firefox, fixed 2.0.0.13) CVE-2008-1237 version (seamonkey, fixed 1.1.9) -CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 +CVE-2008-1237 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] CVE-2008-1236 version (firefox, fixed 2.0.0.13) CVE-2008-1236 version (seamonkey, fixed 1.1.9) -CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 +CVE-2008-1236 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] CVE-2008-1235 version (firefox, fixed 2.0.0.13) CVE-2008-1235 version (seamonkey, fixed 1.1.9) -CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 +CVE-2008-1235 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] CVE-2008-1234 version (firefox, fixed 2.0.0.13) CVE-2008-1234 version (seamonkey, fixed 1.1.9) -CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 +CVE-2008-1234 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] CVE-2008-1233 version (firefox, fixed 2.0.0.13) CVE-2008-1233 version (seamonkey, fixed 1.1.9) -CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857 +CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9] **CVE-2008-1227 fixed (libsilc) We updated this as non-security CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config @@ -116,7 +119,7 @@ CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9] CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] -CVE-2008-1102 VULNERABLE (blender) #443937 [since blender-2.45-12.fc9] +CVE-2008-1102 backport (blender) #443937 [since blender-2.45-12.fc9] CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] CVE-2008-1099 version (moin, fixed 1.5.9) #438674 CVE-2008-1098 version (moin, fixed 1.5.9) #438674 @@ -125,8 +128,8 @@ CVE-2008-1071 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1070 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9] CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9] -CVE-2008-1066 VULNERABLE (gallery2) #438060 -CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064 +CVE-2008-1066 fixed (gallery2) #438060 [since gallery2-2.2.4-3.fc9] +CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438064 [since php-pear-PhpDocumentor-1.4.1-2.fc9] CVE-2008-1026 version (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc9] CVE-2008-1025 version (WebKit, fixed r31438) [since WebKit-1.0.0-0.8.svn31787.fc9] CVE-2008-1011 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9] @@ -138,10 +141,10 @@ CVE-2008-0928 backport (kvm) #433566 [since kvm-61-2.fc9] CVE-2008-0928 backport (xen) [since xen-3.2.0-8.fc9] CVE-2008-0888 backport (unzip) #437927 [since unzip-5.52-9.fc9] -CVE-2008-0887 VULNERABLE (gnome-screensaver) #440257 +CVE-2008-0887 version (gnome-screensaver, fixed 2.22.1) #440257 [since gnome-screensaver-2.22.1-1.fc9] CVE-2008-0882 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9] CVE-2008-0807 version (turba, fixed 2.1.7) #433318 [since turba-2.1.7-1.fc9] -CVE-2008-0806 VULNERABLE (wyrd) #433722 +CVE-2008-0806 fixed (wyrd) #433722 [since wyrd-1.4.3b-1.fc9] CVE-2008-0786 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9] CVE-2008-0785 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9] CVE-2008-0784 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9] @@ -226,16 +229,16 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0172 backport (boost) #428976 [since boost-1.34.1-7.fc9] CVE-2008-0171 backport (boost) #428976 [since boost-1.34.1-7.fc9] -CVE-2008-0128 VULNERABLE (tomcat5) #429905 +CVE-2008-0128 version (tomcat5, fixed 5.5.21) #429905 CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9] CVE-2008-0122 backport (bind) #429534 [since bind-9.5.0-24.b1.fc9] CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] -CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438193 +CVE-2008-0073 version (xine-lib, fixed 1.1.11) #438193 [since xine-lib-1.1.11-1.fc9] CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9] CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9] -CVE-2008-0047 VULNERABLE (cups) #440041 +CVE-2008-0047 backport (cups) #440041 [since cups-1.3.6-9.fc9] CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9] CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] @@ -254,7 +257,7 @@ CVE-2007-6687 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] CVE-2007-6686 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] CVE-2007-6685 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] -CVE-2007-6672 VULNERABLE (jetty) #428018 +CVE-2007-6672 ignore (jetty) #428018 jetty 6.x only CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet CVE-2007-6630 version (netembryo, fixed 0.0.5) #427470 There was not release in stable branches yet [since netembryo-0.0.5-1.fc9] CVE-2007-6613 version (libcdio) #427200 [since libcdio-0.79-2.fc9] @@ -286,7 +289,7 @@ CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6437 version (syslog-ng, fixed 2.0.6) #426307 [since syslog-ng-2.0.7-1.fc9] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9] -CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171 +CVE-2007-6389 version (gnome-screensaver) #426171 CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9] CVE-2007-6352 backport (libexif) #425641 [since libexif-0.6.15-5.fc9] CVE-2007-6351 backport (libexif) #425641 [since libexif-0.6.15-5.fc9] @@ -299,7 +302,7 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9] CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 -CVE-2007-6286 VULNERABLE (tomcat5) #432476 +CVE-2007-6286 version (tomcat5, fixed 5.5.26) #432476 [since tomcat5-5.5.26-1jpp.1.fc9] CVE-2007-6285 backport (autofs) #426401 [since autofs-5.0.2-25] CVE-2007-6284 version (libxml2, fixed 2.6.31) [since libxml2-2.6.31-1] CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9] @@ -307,8 +310,8 @@ CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9] CVE-2007-6209 ignore (zsh) #409871 We don't ship the script CVE-2007-6208 ignore (claws) We don't ship the script -CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read -CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue +CVE-2007-6207 ignore (kernel-xen) Xen cross-domain memory read, ia64 only +CVE-2007-6206 version (kernel, fixed 2.6.22.17) Core dump owner issue CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9] CVE-2007-6183 backport (ruby-gnome2) #405611 [since ruby-gnome2-0.16.0-22.fc9] @@ -332,7 +335,7 @@ CVE-2007-6018 version (horde, fixed 3.1.6) #428630 [since horde-3.1.6-1.fc9] CVE-2007-6018 version (imp, fixed 4.1.6) #428634 [since imp-4.1.6-1.fc9] CVE-2007-6018 VULNERABLE (wordpress) #426434 -CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) #433622 +CVE-2007-6015 version (samba, fixed 3.0.28) #433622 [since samba-3.2.0-1.pre2.5.fc9] CVE-2007-6013 VULNERABLE (wordpress) #426434 CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] @@ -380,23 +383,23 @@ CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 CVE-2007-5503 version (cairo, fixed 1.4.12) [since cairo-1.5.4-1.fc9] CVE-2007-5497 backport (e2fsprogs) #414591 [since e2fsprogs-1.40.2-14.fc9] -CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531 +CVE-2007-5461 version (tomcat5, fixed 5.5.26) #334531 [since tomcat5-5.5.26-1jpp.1.fc9] CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9] CVE-2007-5393 backport (xpdf) #372481 [since xpdf-3.02-4.fc9] CVE-2007-5393 backport (cups) CVE-2007-5393 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9] -CVE-2007-5393 VULNERABLE (kdegraphics) #372581 -CVE-2007-5393 VULNERABLE (koffice) #372611 +CVE-2007-5393 fixed (kdegraphics) #372581 kde4 kdegraphics now use poppler +CVE-2007-5393 backport (koffice) #372611 [since koffice-1.6.3-15.fc9] CVE-2007-5393 version (tetex) #372671 [since tetex-3.0-48.fc9] CVE-2007-5392 backport (xpdf) #372481 [since xpdf-3.02-4.fc9] CVE-2007-5392 backport (cups) CVE-2007-5392 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9] -CVE-2007-5392 VULNERABLE (kdegraphics) #372581 -CVE-2007-5392 VULNERABLE (koffice) #372611 +CVE-2007-5392 fixed (kdegraphics) #372581 kde4 kdegraphics now use poppler +CVE-2007-5392 backport (koffice) #372611 [since koffice-1.6.3-15.fc9] CVE-2007-5392 version (tetex) #372671 [since tetex-3.0-48.fc9] CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5 -CVE-2007-5333 VULNERABLE (tomcat5) #428257 -CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841 +CVE-2007-5333 version (tomcat5, fixed 5.5.26) #428257 [since tomcat5-5.5.26-1jpp.1.fc9] +CVE-2007-5201 version (duplicity, fixed 0.4.9?) #362841 [since duplicity-0.4.9-1.fc9] CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9] CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901 CVE-2007-5197 version (mono, fixed 1.2.5.1) #367551 [since mono-1.2.5.1-3.fc9] @@ -409,7 +412,7 @@ CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4879 version (firefox, fixed 2.0.0.13) CVE-2007-4879 version (seamonkey, fixed 1.1.9) -CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 +CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal CVE-2007-4772 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-4771 backport (icu) [since icu-3.8.1-3.fc9] CVE-2007-4770 backport (icu) [since icu-3.8.1-3.fc9] @@ -424,8 +427,8 @@ CVE-2007-4352 backport (xpdf) #372481 [since xpdf-3.02-4.fc9] CVE-2007-4352 backport (cups) CVE-2007-4352 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9] -CVE-2007-4352 VULNERABLE (kdegraphics) #372581 -CVE-2007-4352 VULNERABLE (koffice) #372611 +CVE-2007-4352 fixed (kdegraphics) #372581 kde4 kdegraphics now use poppler +CVE-2007-4352 backport (koffice) #372611 [since koffice-1.6.3-15.fc9] CVE-2007-4352 version (tetex) #372671 [since tetex-3.0-48.fc9] CVE-2007-4351 version (cups) #361681 CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101 @@ -441,8 +444,8 @@ CVE-2007-3279 ignore (postgresql) bogus CVE assignment CVE-2007-3278 version (postgresql, fixed 8.2.5) CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length -CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244812 -CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244812 +CVE-2007-2450 version (tomcat5, fixed 5.5.25) #244812 [since tomcat5-5.5.25-1jpp.1.fc9] +CVE-2007-2449 version (tomcat5, fixed 5.5.25) #244812 [since tomcat5-5.5.25-1jpp.1.fc9] CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882 CVE-2007-2165 version (proftpd, fixed 1.3.1rc3) #237533 CVE-2007-1841 version (ipsec-tools, fixed 0.6.7) #238052 @@ -460,11 +463,11 @@ CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since phpMyAdmin-2.11.3-1.fc9] CVE-2006-7232 version (mysql, fixed 5.0.32) -CVE-2006-6698 VULNERABLE (GConf2) #219280 -CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB +CVE-2006-6698 ignore (GConf2) #219280 minimal impact, let upstream deal with it if they care +CVE-2006-6128 version (kernel, fixed 2.6.19) #250625 ReiserFS MOKB CVE-2006-6107 version (dbus, fixed 1.0.2) #219665 CVE-2006-6077 version (firefox, fixed 1.5.0.10) -CVE-2006-6058 VULNERABLE (kernel) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24 +CVE-2006-6058 version (kernel, fixed 2.6.23.7) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24 CVE-2006-6057 version (kernel, fixed 2_6_20-1_2924_fc6) GFS2 MOKB. CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560 CVE-2006-5864 version (evince, fixed 0.6.3) #217672 @@ -488,6 +491,6 @@ CVE-2005-4791 version (liferea, fixed 1.4.8) #393311 [since liferea-1.4.8-1.fc9] CVE-2005-4790 backport (blam, fixed 1.8.4) #395771 [since blam-1.8.3-11.fc9] CVE-2005-4790 backport (tomboy) #362961 [since tomboy-0.8.1-2.fc9] -CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness +CVE-2005-3675 ignore (kernel) optack, no upstream fix -- TCP protocol weakness CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.371 retrieving revision 1.372 diff -u -r1.371 -r1.372 --- fc7 5 May 2008 08:37:37 -0000 1.371 +++ fc7 6 May 2008 16:54:54 -0000 1.372 @@ -9,6 +9,9 @@ rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 +CVE-2008-2000 ignore (WebKit) browser DoS +CVE-2008-1999 VULNERABLE (WebKit) +CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445237 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc7] @@ -59,7 +62,7 @@ CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 fixed (xine-lib) #438669 [since FEDORA-2008-2945] CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471] -CVE-2008-1468 fixed (namazu) #438666 [since FEDORA-2008-2678] +CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438666 [since FEDORA-2008-2678] CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] @@ -297,7 +300,7 @@ CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision -CVE-2007-6321 VULNERABLE (roundcubemail) #423281 [since FEDORA-2008-3019] +CVE-2007-6321 VULNERABLE (roundcubemail) #423281 CVE-2007-6318 VULNERABLE (wordpress) CVE-2007-6313 ignore (mysql) 5.1+ only CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built @@ -311,8 +314,8 @@ CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160] CVE-2007-6209 ignore (zsh) #409871 We don't ship the script CVE-2007-6208 ignore (claws) We don't ship the script -CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read -CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue +CVE-2007-6207 ignore (kernel-xen) Xen cross-domain memory read, ia64 only +CVE-2007-6206 version (kernel, fixed 2.6.22.17) Core dump owner issue CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986] CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229] @@ -994,7 +997,7 @@ *CVE-2006-6736 ** (java-ibm) *CVE-2006-6731 ** (java-ibm) *CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043] -*CVE-2006-6698 VULNERABLE (GConf2) #219280 +*CVE-2006-6698 ignore (GConf2) #219280 minimal impact CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible @@ -1054,7 +1057,7 @@ CVE-2006-6085 version (kile, fixed 1.9.3) #217238 CVE-2006-6077 version (firefox, fixed 1.5.0.10) CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support -CVE-2006-6058 VULNERABLE (kernel, fixed 2.6.24) 250623 +CVE-2006-6058 version (kernel, fixed 2.6.23.7) 250623 CVE-2006-6057 version (kernel, fixed **) CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] @@ -1820,7 +1823,7 @@ CVE-2005-3753 version (kernel, fixed 2.6.14) CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat CVE-2005-3732 version (ipsec-tools, fixed 0.6.3) -*CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix +CVE-2005-3675 ignore (kernel) optack, no upstream fix, wontfix upstream CVE-2005-3671 version (openswan, fixed 2.4.4) *CVE-2005-3662 version (netpbm) CVE-2005-3656 version (mod_auth_pgsql, fixed 2.0.3)

1 0

fedora-security/audit f8, 1.214, 1.215 f9, 1.204, 1.205 fc7, 1.370, 1.371
by fedora-security-commits＠redhat.com 05 May '08

05 May '08

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9744/audit Modified Files: f8 f9 fc7 Log Message: note wordpress CVE id check updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.214 retrieving revision 1.215 diff -u -r1.214 -r1.215 --- f8 2 May 2008 16:12:35 -0000 1.214 +++ f8 5 May 2008 08:37:37 -0000 1.215 @@ -6,24 +6,25 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 VULNERABLE (tor) +CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc8] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0 -CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443940 -CVE-2008-1927 VULNERABLE (perl) [since perl-5.8.8-39.fc8] -CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-2.fc8] +CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443940 [since FEDORA-2008-3352] +CVE-2008-1927 fixed (perl) [since FEDORA-2008-3392] +CVE-2008-1926 fixed (util-linux-ng) [since FEDORA-2008-3419] CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc8] PMASA-2008-3 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 -CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc8] -CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443055 nsf demuxer overflow +CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3390] +CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443055 [since FEDORA-2008-3353] nsf demuxer overflow CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3174] CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped -CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442363 +CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420] CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441690 [since FEDORA-2008-3047] @@ -37,14 +38,14 @@ CVE-2008-1686 fixed (speex) #442572 [since FEDORA-2008-3103] CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only -CVE-2008-1670 VULNERABLE (kdelibs4) #444399 kdelibs 4.x only +CVE-2008-1670 fixed (kdelibs4) #444399 [since FEDORA-2008-3412] kdelibs 4.x only CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987] CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778] CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440249 [since FEDORA-2008-3036] CVE-2008-1628 fixed (audit) [since FEDORA-2008-3012] CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868] -CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] +CVE-2008-1612 fixed (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] CVE-2008-1568 fixed (comix) improper shell escaping, bz#430635 [since FEDORA-2008-2981] CVE-2008-1567 fixed (phpMyAdmin, fixed 2.11.5.1) [since FEDORA-2008-2825] CVE-2008-1563 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] @@ -52,7 +53,7 @@ CVE-2008-1561 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641] CVE-2008-1532 version (Perlbal, fixed 1.70) #439056 [since FEDORA-2008-2778] -CVE-2008-1531 VULNERABLE (lighttpd) #439068 +CVE-2008-1531 fixed (lighttpd) #439068 [since FEDORA-2008-3376] CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849] @@ -61,9 +62,9 @@ CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] -CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442363 +CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used -CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc8] +CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc8] CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444436 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] @@ -119,9 +120,9 @@ CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043] CVE-2008-1102 VULNERABLE (blender) #443936 -CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442363 -CVE-2008-1099 VULNERABLE (moin) #438673 -CVE-2008-1098 VULNERABLE (moin) #438673 +CVE-2008-1100 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] +CVE-2008-1099 fixed (moin) #438673 [since FEDORA-2008-3301] +CVE-2008-1098 fixed (moin) #438673 [since FEDORA-2008-3301] CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package CVE-2008-1072 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040] CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040] @@ -211,7 +212,7 @@ CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0320 fixed (openoffice.org, fixed 2.4) #442846 [since FEDORA-2008-3251] CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1625] -CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442363 +CVE-2008-0314 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1459] CVE-2008-0304 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] @@ -245,7 +246,7 @@ CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] CVE-2008-0002 fixed (tomcat5) #432474 [since FEDORA-2008-1467] -CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443021 +CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443021 [since FEDORA-2008-3333] CVE-2007-6703 fixed (vdccm, fixed 0.10.1) #436026 [since FEDORA-2008-0680] CVE-2007-6698 version (openldap, fixed 2.3.36) CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430241 [since FEDORA-2008-1208] @@ -330,7 +331,7 @@ CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] -CVE-2007-6061 VULNERABLE (audacity) #393251 +CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6029 ignore (clamav) insufficient information about the issue CVE-2007-6018 fixed (horde) #428628 [since FEDORA-2008-2040] CVE-2007-6018 fixed (imp) #428632 [since FEDORA-2008-2040] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.204 retrieving revision 1.205 diff -u -r1.204 -r1.205 --- f9 2 May 2008 16:12:35 -0000 1.204 +++ f9 5 May 2008 08:37:37 -0000 1.205 @@ -5,6 +5,7 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 VULNERABLE (tor) +CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.370 retrieving revision 1.371 diff -u -r1.370 -r1.371 --- fc7 2 May 2008 16:12:35 -0000 1.370 +++ fc7 5 May 2008 08:37:37 -0000 1.371 @@ -7,6 +7,7 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319] CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report @@ -14,31 +15,31 @@ CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 -CVE-2008-1927 VULNERABLE (perl) [since perl-5.8.8-29.fc7] +CVE-2008-1927 fixed (perl) [since FEDORA-2008-3399] CVE-2008-1926 VULNERABLE (util-linux) CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897 -CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc7] -CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443054 nsf demuxer overflow +CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3365] +CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443054 [since FEDORA-2008-3326] nsf demuxer overflow CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3070] CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped -CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442362 +CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358] CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] CVE-2008-1729 ignore (drupal) 6.x only CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060] CVE-2008-1693 version (xpdf, fixed 3.02) CVE-2008-1693 ignore (kdegraphics) not affected CVE-2008-1693 ignore (koffice) not affected -CVE-2008-1693 VULNERABLE (poppler, fixed 0.6.2) #443026 +CVE-2008-1693 fixed (poppler, fixed 0.6.2) #443026 [since FEDORA-2008-3312] CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117] CVE-2008-1686 fixed (speex) #442571 [since FEDORA-2008-3191] CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only -CVE-2008-1670 VULNERABLE (kdelibs4) #444398 kdelibs 4.x only +CVE-2008-1670 fixed (kdelibs4) #444398 [since FEDORA-2008-3379] kdelibs 4.x only CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440248 [since FEDORA-2008-3010] @@ -52,7 +53,7 @@ CVE-2008-1561 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941] CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641] CVE-2008-1532 version (Perlbal, fixed 1.70) #439055 [since FEDORA-2008-2788] -CVE-2008-1531 VULNERABLE (lighttpd) #439067 +CVE-2008-1531 fixed (lighttpd) #439067 [since FEDORA-2008-3343] CVE-2008-1515 VULNERABLE (otrs) #439723 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch @@ -62,7 +63,7 @@ CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] CVE-2008-1394 ignore (plone) CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] -CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442362 +CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used CVE-2008-1382 ignore (libpng10) [since libpng10-1.0.33-1.fc7] CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444435 @@ -120,9 +121,9 @@ CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047] CVE-2008-1102 VULNERABLE (blender) #443935 -CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442362 -CVE-2008-1099 VULNERABLE (moin) #438672 -CVE-2008-1098 VULNERABLE (moin) #438672 +CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] +CVE-2008-1099 fixed (moin) #438672 [since FEDORA-2008-3328] +CVE-2008-1098 fixed (moin) #438672 [since FEDORA-2008-3328] CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package CVE-2008-1072 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941] CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941] @@ -130,10 +131,10 @@ CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928] CVE-2008-1066 fixed (gallery2) #438059 [since FEDORA-2008-2650] CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656] -CVE-2008-1026 VULNERABLE (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc7] -CVE-2008-1025 VULNERABLE (WebKit, fixed r31438) [since WebKit-1.0.0-0.8.svn31787.fc7] -CVE-2008-1011 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] -CVE-2008-1010 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] +CVE-2008-1026 fixed (WebKit, fixed r31388) [since FEDORA-2008-3415] +CVE-2008-1025 fixed (WebKit, fixed r31438) [since FEDORA-2008-3415] +CVE-2008-1011 fixed (WebKit) [since FEDORA-2008-3415] +CVE-2008-1010 fixed (WebKit) [since FEDORA-2008-3415] CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278] CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped... @@ -211,7 +212,7 @@ CVE-2008-0364 ignore (bittorrent) Windows only CVE-2008-0320 VULNERABLE (openoffice.org, fixed 2.4) #442845 CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1608] -CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442362 +CVE-2008-0314 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1669] CVE-2008-0304 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118] CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] @@ -245,7 +246,7 @@ CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] CVE-2008-0002 fixed (tomcat5) #432475 [since FEDORA-2008-1603] -CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443020 +CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443020 [since FEDORA-2008-3371] CVE-2007-6703 VULNERABLE (vdccm, fixed 0.10.1) #436025 CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307] CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430239 [since FEDORA-2008-1231] @@ -329,7 +330,7 @@ CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] -CVE-2007-6061 VULNERABLE (audacity) #393251 +CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-6029 ignore (clamav) insufficient information about the issue CVE-2007-6018 fixed (horde) #428629 [since FEDORA-2008-2087] @@ -497,7 +498,7 @@ CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) #373261 [since FEDORA-2007-4263] CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983] CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050] -CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code. +CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315281 Upstream WONTFIX. See where we use the code. CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134 CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853] CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]

1 0

fedora-security/audit f8, 1.213, 1.214 f9, 1.203, 1.204 fc7, 1.369, 1.370
by fedora-security-commits＠redhat.com 02 May '08

02 May '08

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27473/audit Modified Files: f8 f9 fc7 Log Message: add tkimg, sipp, zoneminder dupe update on libpng10 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.213 retrieving revision 1.214 diff -u -r1.213 -r1.214 --- f8 29 Apr 2008 08:26:54 -0000 1.213 +++ f8 2 May 2008 16:12:35 -0000 1.214 @@ -6,8 +6,10 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 VULNERABLE (tor) +CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report +CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc8] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443940 @@ -61,7 +63,7 @@ CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442363 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used -CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used +CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc8] CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444436 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] @@ -174,6 +176,7 @@ CVE-2008-0554 version (netpbm, fixed 10.27) CVE-2008-0553 fixed (perl-Tk) #431532 [since FEDORA-2008-1323] CVE-2008-0553 backport (tk, fixed 8.5.1) [since FEDORA-2008-1122] +CVE-2008-0553 VULNERABLE (tkimg) #444951 CVE-2008-0544 fixed (SDL_image) #430694 [since FEDORA-2008-1208] ILBM overflow CVE-2008-0486 fixed (xine-lib, fixed 1.1.10.1) #431543 [since FEDORA-2008-1543] CVE-2008-0460 fixed (mediawiki) #430288 [since FEDORA-2008-2288] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.203 retrieving revision 1.204 diff -u -r1.203 -r1.204 --- f9 29 Apr 2008 08:26:54 -0000 1.203 +++ f9 2 May 2008 16:12:35 -0000 1.204 @@ -5,8 +5,10 @@ # (mozilla) = (gecko-libs dependent stuff) rhbz249840 VULNERABLE (tor) +CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report +CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc9] CVE-2008-1937 VULNERABLE (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941 @@ -60,7 +62,7 @@ CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9] CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9] CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used -CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used +CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc9] CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442852 @@ -169,6 +171,7 @@ CVE-2008-0554 version (netpbm, fixed 10.27) CVE-2008-0553 backport (perl-Tk) #431529 [since perl-Tk-804.028-3.fc9] CVE-2008-0553 backport (tk, fixed 8.5.1) [since tk-8.5.0-4.fc9] +CVE-2008-0553 VULNERABLE (tkimg) #444872 CVE-2008-0544 backport (SDL_image) #430696 ILBM overflow [since SDL_image-1.2.6-5.fc9] CVE-2008-0486 version (xine-lib, fixed 1.1.10.1) #431544 [since xine-lib-1.1.10.1-1.fc9] CVE-2008-0460 version (mediawiki) #430289 [since mediawiki-1.10.4-38.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.369 retrieving revision 1.370 diff -u -r1.369 -r1.370 --- fc7 29 Apr 2008 08:26:54 -0000 1.369 +++ fc7 2 May 2008 16:12:35 -0000 1.370 @@ -7,8 +7,10 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] +CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report +CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc7] CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 @@ -62,7 +64,7 @@ CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442362 CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used -CVE-2008-1382 ignore (libpng10) minimal impact, affected api rarely used +CVE-2008-1382 ignore (libpng10) [since libpng10-1.0.33-1.fc7] CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444435 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442850 [since FEDORA-2008-3231] @@ -174,6 +176,7 @@ CVE-2008-0554 version (netpbm, fixed 10.27) CVE-2008-0553 fixed (perl-Tk) #431531 [since FEDORA-2008-1384] CVE-2008-0553 backport (tk, fixed 8.5.1) [since FEDORA-2008-1131] +CVE-2008-0553 VULNERABLE (tkimg) #444950 CVE-2008-0544 fixed (SDL_image) #430695 [since FEDORA-2008-1208] ILBM overflow CVE-2008-0486 fixed (xine-lib, fixed 1.1.10.1) #431542 [since FEDORA-2008-1581] CVE-2008-0460 fixed (mediawiki) #430287 [since FEDORA-2008-2245]

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

security-commits May 2008