fedora-security/audit f8, 1.216, 1.217 f9, 1.206, 1.207 fc7, 1.372, 1.373
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6726/audit
Modified Files:
f8 f9 fc7
Log Message:
more pre-f9 cleanups
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.216
retrieving revision 1.217
diff -u -r1.216 -r1.217
--- f8 6 May 2008 16:54:54 -0000 1.216
+++ f8 7 May 2008 16:48:08 -0000 1.217
@@ -5,7 +5,7 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
-rhbz249840 VULNERABLE (tor)
+rhbz249840 version (tor, fixed 0.1.2.15)
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
CVE-2008-2000 ignore (WebKit) browser DoS
@@ -122,6 +122,7 @@
CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only
CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043]
+CVE-2008-1103 VULNERABLE (blender) not fixed upstream
CVE-2008-1102 VULNERABLE (blender) #443936
CVE-2008-1100 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420]
CVE-2008-1099 fixed (moin) #438673 [since FEDORA-2008-3301]
@@ -262,7 +263,7 @@
CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
-CVE-2007-6672 ingore (jetty) #428017 jetty 6.x only
+CVE-2007-6672 ignore (jetty) #428017 jetty 6.x only
CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136]
CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped
CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282]
@@ -341,7 +342,7 @@
CVE-2007-6018 fixed (wordpress) #426433 [since FEDORA-2008-0103]
CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275]
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
-CVE-2007-6013 fixed (wordpress) #426433 [since FEDORA-2008-0103]
+CVE-2007-6013 fixed (wordpress) [since wordpress-2.5.1-1.fc8]
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
@@ -355,7 +356,7 @@
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760]
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
-CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
+CVE-2007-5938 fixed (kernel) #385861 iwlwifi [since kernel-2.6.23.9-67.fc8]
CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows
CVE-2007-5936 backport (tetex) #379861 [since FEDORA-2007-3308] dviljk uses insecure temporary file
CVE-2007-5935 backport (tetex) #379861 [since FEDORA-2007-3308] dvips -z buffer overflow with long href
@@ -449,9 +450,9 @@
CVE-2007-4129 backport (coolkey) [since coolkey-1.1.0-5.fc8]
CVE-2007-4045 backport (cups) [since FEDORA-2007-2982]
CVE-2007-4033 backport (tetex) [since FEDORA-2007-3308]
-CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091
+CVE-2007-3999 fixed (nfs-utils-lib) #362091 [since FEDORA-2008-1102]
CVE-2007-3999 fixed (libtirpc) #362111 [since FEDORA-2008-1017]
-CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #363061
+CVE-2007-3920 fixed (compiz, not fixed upstream) #363061 [since xorg-x11-server-1.3.0.0-40.fc8]
CVE-2007-3919 backport (xen, fixed 3.1.0-13) #361991
CVE-2007-3844 version (firefox, fixed 2.0.0.6)
CVE-2007-3843 version (kernel) #246595 No idea which version fixed this
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.206
retrieving revision 1.207
diff -u -r1.206 -r1.207
--- f9 6 May 2008 16:54:54 -0000 1.206
+++ f9 7 May 2008 16:48:08 -0000 1.207
@@ -4,13 +4,13 @@
# *CVE are items that need verification for Fedora 9
# (mozilla) = (gecko-libs dependent stuff)
-rhbz249840 VULNERABLE (tor)
+rhbz249840 version (tor, fixed 0.1.2.15)
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
CVE-2008-2000 ignore (WebKit) browser DoS
CVE-2008-1999 VULNERABLE (WebKit)
CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445239
-CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405
+CVE-2008-1974 ignore (kronolith, fixed 3.1.8) #444405 package removed from f9 and rawhide
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc9]
CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
@@ -67,7 +67,7 @@
CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc9]
-CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437
+CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437 [since zoneminder-1.22.3-14.fc9]
CVE-2008-1380 version (firefox, fixed 2.0.0.14)
CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9]
CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
@@ -119,6 +119,7 @@
CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9]
CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9]
+CVE-2008-1103 VULNERABLE (blender) not fixed upstream
CVE-2008-1102 backport (blender) #443937 [since blender-2.45-12.fc9]
CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
CVE-2008-1099 version (moin, fixed 1.5.9) #438674
@@ -329,14 +330,13 @@
CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2)
CVE-2007-6067 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
-CVE-2007-6061 VULNERABLE (audacity) #393251
+CVE-2007-6061 backport (audacity) #393251 [since audacity-1.3.2-21.fc9]
CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9]
CVE-2007-6029 ignore (clamav) insufficient information about the issue
CVE-2007-6018 version (horde, fixed 3.1.6) #428630 [since horde-3.1.6-1.fc9]
CVE-2007-6018 version (imp, fixed 4.1.6) #428634 [since imp-4.1.6-1.fc9]
-CVE-2007-6018 VULNERABLE (wordpress) #426434
CVE-2007-6015 version (samba, fixed 3.0.28) #433622 [since samba-3.2.0-1.pre2.5.fc9]
-CVE-2007-6013 VULNERABLE (wordpress) #426434
+CVE-2007-6013 version (wordpress, fixed 2.5) [since wordpress-2.5.1-1.fc9]
CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
@@ -350,7 +350,7 @@
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] code removed upstream
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
-CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
+CVE-2007-5938 fixed (kernel) #385861 iwlwifi [since kernel-2.6.24-0.47.rc3.git2.fc9]
CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9]
CVE-2007-5936 backport (tetex) #379851 dviljk uses insecure temporary file [since tetex-3.0-48.fc9]
CVE-2007-5935 backport (tetex) #379851 dvips -z buffer overflow with long href [since tetex-3.0-48.fc9]
@@ -401,7 +401,7 @@
CVE-2007-5333 version (tomcat5, fixed 5.5.26) #428257 [since tomcat5-5.5.26-1jpp.1.fc9]
CVE-2007-5201 version (duplicity, fixed 0.4.9?) #362841 [since duplicity-0.4.9-1.fc9]
CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9]
-CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901
+CVE-2007-5198 version (nagios-plugins, fixed 1.4.10) #362901 [since nagios-plugins-1.4.11-4.fc9]
CVE-2007-5197 version (mono, fixed 1.2.5.1) #367551 [since mono-1.2.5.1-3.fc9]
CVE-2007-5116 backport (perl) #378151 [since perl-5.8.8-31.fc9]
CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
@@ -423,7 +423,7 @@
CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5)
CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
CVE-2007-4476 backport (cpio, not fixed 2.9) #339691 [since cpio-2.9-5.fc9]
-CVE-2007-4400 VULNERABLE (konversation) #362931 Remove media script?
+CVE-2007-4400 backport (konversation) #362931 Remove media script? [since konversation-1.0.1-6.fc9]
CVE-2007-4352 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
CVE-2007-4352 backport (cups)
CVE-2007-4352 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
@@ -431,14 +431,14 @@
CVE-2007-4352 backport (koffice) #372611 [since koffice-1.6.3-15.fc9]
CVE-2007-4352 version (tetex) #372671 [since tetex-3.0-48.fc9]
CVE-2007-4351 version (cups) #361681
-CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101
-CVE-2007-3999 VULNERABLE (libtirpc) #362121
-CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #357091
+CVE-2007-3999 version (nfs-utils-lib) #362101 [since nfs-utils-lib-1.1.0-4.fc9]
+CVE-2007-3999 backport (libtirpc) #362121 [since libtirpc-0.1.7-15.fc9]
+CVE-2007-3920 fixed (compiz, not fixed upstream) #357091
CVE-2007-3919 backport (xen, fixed 3.1.0-13) #362011
CVE-2007-3844 version (firefox, fixed 2.0.0.6)
CVE-2007-3843 version (kernel) #246595 No idea which version fixed this
CVE-2007-3568 backport (imlib) [since imlib-1.9.15-6.fc9]
-CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
+CVE-2007-3544 version (wordpress, fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543, insufficient info
CVE-2007-3387 version (poppler, fixed 0.5.91) #251512
CVE-2007-3280 ignore (postgresql) bogus CVE assignment
CVE-2007-3279 ignore (postgresql) bogus CVE assignment
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.372
retrieving revision 1.373
diff -u -r1.372 -r1.373
--- fc7 6 May 2008 16:54:54 -0000 1.372
+++ fc7 7 May 2008 16:48:08 -0000 1.373
@@ -123,6 +123,7 @@
CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only
CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
+CVE-2008-1103 VULNERABLE (blender) not fixed upstream
CVE-2008-1102 VULNERABLE (blender) #443935
CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
CVE-2008-1099 fixed (moin) #438672 [since FEDORA-2008-3328]
@@ -340,7 +341,7 @@
CVE-2007-6018 fixed (imp) #428633 [since FEDORA-2008-2087]
CVE-2007-6018 fixed (wordpress) #426432 [since FEDORA-2008-0126]
CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269]
-CVE-2007-6013 fixed (wordpress) #426432 [since FEDORA-2008-0126]
+CVE-2007-6013 fixed (wordpress, fixed 2.5) [since wordpress-2.5.1-1.fc7]
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
@@ -354,7 +355,7 @@
CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
-CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
+CVE-2007-5938 fixed (kernel) #385861 iwlwifi [since kernel-2.6.23.9-39.fc7]
CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows
CVE-2007-5936 backport (tetex) #379831 [since FEDORA-2007-3390] dviljk uses insecure temporary file
CVE-2007-5935 backport (tetex) #379831 [since FEDORA-2007-3390] dvips -z buffer overflow with long href
@@ -557,7 +558,7 @@
CVE-2007-3999 VULNERABLE (libtirpc) #294921
CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
-CVE-2007-3920 VULNERABLE (compiz) #357071
+CVE-2007-3920 fixed (compiz) #357071 [since xorg-x11-server-1.3.0.0-16.fc7]
CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
15 years, 12 months
fedora-security/audit f8, 1.215, 1.216 f9, 1.205, 1.206 fc7, 1.371, 1.372
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14762/audit
Modified Files:
f8 f9 fc7
Log Message:
note WebKit, licq
major pre-F9 cleanup
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.215
retrieving revision 1.216
diff -u -r1.215 -r1.216
--- f8 5 May 2008 08:37:37 -0000 1.215
+++ f8 6 May 2008 16:54:54 -0000 1.216
@@ -8,6 +8,9 @@
rhbz249840 VULNERABLE (tor)
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2000 ignore (WebKit) browser DoS
+CVE-2008-1999 VULNERABLE (WebKit)
+CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445238
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc8]
@@ -58,7 +61,7 @@
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849]
CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370]
-CVE-2008-1468 fixed (namazu) #438667 [since FEDORA-2008-2767]
+CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767]
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554]
@@ -259,7 +262,7 @@
CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778]
-CVE-2007-6672 VULNERABLE (jetty) #428017
+CVE-2007-6672 ingore (jetty) #428017 jetty 6.x only
CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136]
CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped
CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282]
@@ -298,7 +301,7 @@
CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423291 [since FEDORA-2008-2962]
+CVE-2007-6321 VULNERABLE (roundcubemail) #423291
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6313 ignore (mysql) 5.1+ only
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
@@ -312,8 +315,8 @@
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
-CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
-CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
+CVE-2007-6207 ignore (kernel-xen) Xen cross-domain memory read, ia64 only
+CVE-2007-6206 version (kernel, fixed 2.6.22.17) Core dump owner issue
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216]
@@ -486,11 +489,11 @@
CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage
CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since FEDORA-2007-4334]
CVE-2006-7232 version (mysql, fixed 5.0.32)
-CVE-2006-6698 VULNERABLE (GConf2) #219280
+CVE-2006-6698 ignore (GConf2) #219280 minimal impact
CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB
CVE-2006-6107 version (dbus, fixed 1.0.2) #219665
CVE-2006-6077 version (firefox, fixed 1.5.0.10)
-CVE-2006-6058 VULNERABLE (kernel) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24
+CVE-2006-6058 version (kernel, fixed 2.6.23.7) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24
CVE-2006-6057 version (kernel, fixed 2_6_20-1_2924_fc6) GFS2 MOKB.
CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560
CVE-2006-5864 version (evince, fixed 0.6.3) #217672
@@ -514,6 +517,6 @@
CVE-2005-4791 version (liferea, fixed 1.4.8) #393301 [since FEDORA-2007-3701]
CVE-2005-4790 backport (blam, fixed 1.8.4) #395761 [since FEDORA-2007-3798]
CVE-2005-4790 backport (tomboy) #362951 [since FEDORA-2007-3253]
-CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness
+CVE-2005-3675 ignore (kernel) optack, no upstream fix -- TCP protocol weakness
CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.205
retrieving revision 1.206
diff -u -r1.205 -r1.206
--- f9 5 May 2008 08:37:37 -0000 1.205
+++ f9 6 May 2008 16:54:54 -0000 1.206
@@ -7,17 +7,20 @@
rhbz249840 VULNERABLE (tor)
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2000 ignore (WebKit) browser DoS
+CVE-2008-1999 VULNERABLE (WebKit)
+CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445239
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc9]
-CVE-2008-1937 VULNERABLE (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
+CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0
CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941
CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9]
CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3
CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
CVE-2008-1897 version (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9]
-CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9]
+CVE-2008-1878 backport (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9]
CVE-2008-1845 version (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora?
CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
@@ -37,7 +40,7 @@
CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9]
CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3]
CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped
-CVE-2008-1670 VULNERABLE (kdelibs) [since kdelibs-4.0.3-7.fc9]
+CVE-2008-1670 backport (kdelibs) [since kdelibs-4.0.3-7.fc9]
CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9]
CVE-2008-1657 version (openssh, fixed 4.9) #440376 [since openssh-5.0p1-1.fc9]
CVE-2008-1652 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9]
@@ -57,7 +60,7 @@
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9]
CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9]
-CVE-2008-1468 VULNERABLE (namazu) #438668
+CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9]
CVE-2008-1467 fixed (centerim) #438871
CVE-2008-1394 ignore (plone)
CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9]
@@ -65,11 +68,11 @@
CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc9]
CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437
-CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
-CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442852
-CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1380 version (firefox, fixed 2.0.0.14)
+CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9]
+CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
-CVE-2008-1373 VULNERABLE (cups) #440041 [since cups-1.3.6-9.fc9]
+CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9]
CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
CVE-2008-1360 VULNERABLE (nagios) #437852
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
@@ -88,19 +91,19 @@
CVE-2008-1238 version (seamonkey, fixed 1.1.9)
CVE-2008-1237 version (firefox, fixed 2.0.0.13)
CVE-2008-1237 version (seamonkey, fixed 1.1.9)
-CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1237 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1236 version (firefox, fixed 2.0.0.13)
CVE-2008-1236 version (seamonkey, fixed 1.1.9)
-CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1236 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1235 version (firefox, fixed 2.0.0.13)
CVE-2008-1235 version (seamonkey, fixed 1.1.9)
-CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1235 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1234 version (firefox, fixed 2.0.0.13)
CVE-2008-1234 version (seamonkey, fixed 1.1.9)
-CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1234 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1233 version (firefox, fixed 2.0.0.13)
CVE-2008-1233 version (seamonkey, fixed 1.1.9)
-CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected
CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config
@@ -116,7 +119,7 @@
CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9]
CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9]
-CVE-2008-1102 VULNERABLE (blender) #443937 [since blender-2.45-12.fc9]
+CVE-2008-1102 backport (blender) #443937 [since blender-2.45-12.fc9]
CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
CVE-2008-1099 version (moin, fixed 1.5.9) #438674
CVE-2008-1098 version (moin, fixed 1.5.9) #438674
@@ -125,8 +128,8 @@
CVE-2008-1071 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
CVE-2008-1070 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9]
-CVE-2008-1066 VULNERABLE (gallery2) #438060
-CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064
+CVE-2008-1066 fixed (gallery2) #438060 [since gallery2-2.2.4-3.fc9]
+CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438064 [since php-pear-PhpDocumentor-1.4.1-2.fc9]
CVE-2008-1026 version (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc9]
CVE-2008-1025 version (WebKit, fixed r31438) [since WebKit-1.0.0-0.8.svn31787.fc9]
CVE-2008-1011 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9]
@@ -138,10 +141,10 @@
CVE-2008-0928 backport (kvm) #433566 [since kvm-61-2.fc9]
CVE-2008-0928 backport (xen) [since xen-3.2.0-8.fc9]
CVE-2008-0888 backport (unzip) #437927 [since unzip-5.52-9.fc9]
-CVE-2008-0887 VULNERABLE (gnome-screensaver) #440257
+CVE-2008-0887 version (gnome-screensaver, fixed 2.22.1) #440257 [since gnome-screensaver-2.22.1-1.fc9]
CVE-2008-0882 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]
CVE-2008-0807 version (turba, fixed 2.1.7) #433318 [since turba-2.1.7-1.fc9]
-CVE-2008-0806 VULNERABLE (wyrd) #433722
+CVE-2008-0806 fixed (wyrd) #433722 [since wyrd-1.4.3b-1.fc9]
CVE-2008-0786 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9]
CVE-2008-0785 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9]
CVE-2008-0784 version (cacti, fixed 0.8.7b) #432761 [since cacti-0.8.7b-1.fc9]
@@ -226,16 +229,16 @@
CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
CVE-2008-0172 backport (boost) #428976 [since boost-1.34.1-7.fc9]
CVE-2008-0171 backport (boost) #428976 [since boost-1.34.1-7.fc9]
-CVE-2008-0128 VULNERABLE (tomcat5) #429905
+CVE-2008-0128 version (tomcat5, fixed 5.5.21) #429905
CVE-2008-0123 fixed (moodle) #428731 [since moodle-1.8.4-1.fc9]
CVE-2008-0122 backport (bind) #429534 [since bind-9.5.0-24.b1.fc9]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
-CVE-2008-0073 VULNERABLE (xine-lib, fixed 1.1.11) #438193
+CVE-2008-0073 version (xine-lib, fixed 1.1.11) #438193 [since xine-lib-1.1.11-1.fc9]
CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9]
CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]
-CVE-2008-0047 VULNERABLE (cups) #440041
+CVE-2008-0047 backport (cups) #440041 [since cups-1.3.6-9.fc9]
CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9]
CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
@@ -254,7 +257,7 @@
CVE-2007-6687 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
CVE-2007-6686 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
CVE-2007-6685 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1]
-CVE-2007-6672 VULNERABLE (jetty) #428018
+CVE-2007-6672 ignore (jetty) #428018 jetty 6.x only
CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet
CVE-2007-6630 version (netembryo, fixed 0.0.5) #427470 There was not release in stable branches yet [since netembryo-0.0.5-1.fc9]
CVE-2007-6613 version (libcdio) #427200 [since libcdio-0.79-2.fc9]
@@ -286,7 +289,7 @@
CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
CVE-2007-6437 version (syslog-ng, fixed 2.0.6) #426307 [since syslog-ng-2.0.7-1.fc9]
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since asterisk-1.4.16.1-1.fc9]
-CVE-2007-6389 VULNERABLE (gnome-screensaver) #426171
+CVE-2007-6389 version (gnome-screensaver) #426171
CVE-2007-6353 backport (exiv2) #425924 [since exiv2-0.16-0.3.pre1.fc9]
CVE-2007-6352 backport (libexif) #425641 [since libexif-0.6.15-5.fc9]
CVE-2007-6351 backport (libexif) #425641 [since libexif-0.6.15-5.fc9]
@@ -299,7 +302,7 @@
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9]
CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031
-CVE-2007-6286 VULNERABLE (tomcat5) #432476
+CVE-2007-6286 version (tomcat5, fixed 5.5.26) #432476 [since tomcat5-5.5.26-1jpp.1.fc9]
CVE-2007-6285 backport (autofs) #426401 [since autofs-5.0.2-25]
CVE-2007-6284 version (libxml2, fixed 2.6.31) [since libxml2-2.6.31-1]
CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9]
@@ -307,8 +310,8 @@
CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
-CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
-CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
+CVE-2007-6207 ignore (kernel-xen) Xen cross-domain memory read, ia64 only
+CVE-2007-6206 version (kernel, fixed 2.6.22.17) Core dump owner issue
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
CVE-2007-6183 backport (ruby-gnome2) #405611 [since ruby-gnome2-0.16.0-22.fc9]
@@ -332,7 +335,7 @@
CVE-2007-6018 version (horde, fixed 3.1.6) #428630 [since horde-3.1.6-1.fc9]
CVE-2007-6018 version (imp, fixed 4.1.6) #428634 [since imp-4.1.6-1.fc9]
CVE-2007-6018 VULNERABLE (wordpress) #426434
-CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) #433622
+CVE-2007-6015 version (samba, fixed 3.0.28) #433622 [since samba-3.2.0-1.pre2.5.fc9]
CVE-2007-6013 VULNERABLE (wordpress) #426434
CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
@@ -380,23 +383,23 @@
CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
CVE-2007-5503 version (cairo, fixed 1.4.12) [since cairo-1.5.4-1.fc9]
CVE-2007-5497 backport (e2fsprogs) #414591 [since e2fsprogs-1.40.2-14.fc9]
-CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531
+CVE-2007-5461 version (tomcat5, fixed 5.5.26) #334531 [since tomcat5-5.5.26-1jpp.1.fc9]
CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9]
CVE-2007-5393 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
CVE-2007-5393 backport (cups)
CVE-2007-5393 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
-CVE-2007-5393 VULNERABLE (kdegraphics) #372581
-CVE-2007-5393 VULNERABLE (koffice) #372611
+CVE-2007-5393 fixed (kdegraphics) #372581 kde4 kdegraphics now use poppler
+CVE-2007-5393 backport (koffice) #372611 [since koffice-1.6.3-15.fc9]
CVE-2007-5393 version (tetex) #372671 [since tetex-3.0-48.fc9]
CVE-2007-5392 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
CVE-2007-5392 backport (cups)
CVE-2007-5392 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
-CVE-2007-5392 VULNERABLE (kdegraphics) #372581
-CVE-2007-5392 VULNERABLE (koffice) #372611
+CVE-2007-5392 fixed (kdegraphics) #372581 kde4 kdegraphics now use poppler
+CVE-2007-5392 backport (koffice) #372611 [since koffice-1.6.3-15.fc9]
CVE-2007-5392 version (tetex) #372671 [since tetex-3.0-48.fc9]
CVE-2007-5386 version (phpmyadmin, fixed 2.11.1.1) #333661 PMASA-2007-5
-CVE-2007-5333 VULNERABLE (tomcat5) #428257
-CVE-2007-5201 VULNERABLE (duplicity, no upstream fix) #362841
+CVE-2007-5333 version (tomcat5, fixed 5.5.26) #428257 [since tomcat5-5.5.26-1jpp.1.fc9]
+CVE-2007-5201 version (duplicity, fixed 0.4.9?) #362841 [since duplicity-0.4.9-1.fc9]
CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9]
CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901
CVE-2007-5197 version (mono, fixed 1.2.5.1) #367551 [since mono-1.2.5.1-3.fc9]
@@ -409,7 +412,7 @@
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
CVE-2007-4879 version (firefox, fixed 2.0.0.13)
CVE-2007-4879 version (seamonkey, fixed 1.1.9)
-CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291
+CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
CVE-2007-4772 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
CVE-2007-4771 backport (icu) [since icu-3.8.1-3.fc9]
CVE-2007-4770 backport (icu) [since icu-3.8.1-3.fc9]
@@ -424,8 +427,8 @@
CVE-2007-4352 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
CVE-2007-4352 backport (cups)
CVE-2007-4352 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
-CVE-2007-4352 VULNERABLE (kdegraphics) #372581
-CVE-2007-4352 VULNERABLE (koffice) #372611
+CVE-2007-4352 fixed (kdegraphics) #372581 kde4 kdegraphics now use poppler
+CVE-2007-4352 backport (koffice) #372611 [since koffice-1.6.3-15.fc9]
CVE-2007-4352 version (tetex) #372671 [since tetex-3.0-48.fc9]
CVE-2007-4351 version (cups) #361681
CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101
@@ -441,8 +444,8 @@
CVE-2007-3279 ignore (postgresql) bogus CVE assignment
CVE-2007-3278 version (postgresql, fixed 8.2.5)
CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
-CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244812
-CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244812
+CVE-2007-2450 version (tomcat5, fixed 5.5.25) #244812 [since tomcat5-5.5.25-1jpp.1.fc9]
+CVE-2007-2449 version (tomcat5, fixed 5.5.25) #244812 [since tomcat5-5.5.25-1jpp.1.fc9]
CVE-2007-2245 version (phpMyAdmin, fixed 2.10.1) #237882
CVE-2007-2165 version (proftpd, fixed 1.3.1rc3) #237533
CVE-2007-1841 version (ipsec-tools, fixed 0.6.7) #238052
@@ -460,11 +463,11 @@
CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage
CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since phpMyAdmin-2.11.3-1.fc9]
CVE-2006-7232 version (mysql, fixed 5.0.32)
-CVE-2006-6698 VULNERABLE (GConf2) #219280
-CVE-2006-6128 version (kernel, fixed 2.6.19-1.2911.fc6) #250625 ReiserFS MOKB
+CVE-2006-6698 ignore (GConf2) #219280 minimal impact, let upstream deal with it if they care
+CVE-2006-6128 version (kernel, fixed 2.6.19) #250625 ReiserFS MOKB
CVE-2006-6107 version (dbus, fixed 1.0.2) #219665
CVE-2006-6077 version (firefox, fixed 1.5.0.10)
-CVE-2006-6058 VULNERABLE (kernel) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24
+CVE-2006-6058 version (kernel, fixed 2.6.23.7) #250623 Minix MOKB. In stable tree, should be fixed in 2.6.24
CVE-2006-6057 version (kernel, fixed 2_6_20-1_2924_fc6) GFS2 MOKB.
CVE-2006-5868 version (ImageMagick, fixed 6.2.9.1) #217560
CVE-2006-5864 version (evince, fixed 0.6.3) #217672
@@ -488,6 +491,6 @@
CVE-2005-4791 version (liferea, fixed 1.4.8) #393311 [since liferea-1.4.8-1.fc9]
CVE-2005-4790 backport (blam, fixed 1.8.4) #395771 [since blam-1.8.3-11.fc9]
CVE-2005-4790 backport (tomboy) #362961 [since tomboy-0.8.1-2.fc9]
-CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix -- TCP protocol weakness
+CVE-2005-3675 ignore (kernel) optack, no upstream fix -- TCP protocol weakness
CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go away physically moz#198442
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.371
retrieving revision 1.372
diff -u -r1.371 -r1.372
--- fc7 5 May 2008 08:37:37 -0000 1.371
+++ fc7 6 May 2008 16:54:54 -0000 1.372
@@ -9,6 +9,9 @@
rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2000 ignore (WebKit) browser DoS
+CVE-2008-1999 VULNERABLE (WebKit)
+CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445237
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc7]
@@ -59,7 +62,7 @@
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 fixed (xine-lib) #438669 [since FEDORA-2008-2945]
CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471]
-CVE-2008-1468 fixed (namazu) #438666 [since FEDORA-2008-2678]
+CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438666 [since FEDORA-2008-2678]
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620]
@@ -297,7 +300,7 @@
CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423281 [since FEDORA-2008-3019]
+CVE-2007-6321 VULNERABLE (roundcubemail) #423281
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6313 ignore (mysql) 5.1+ only
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
@@ -311,8 +314,8 @@
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]
CVE-2007-6209 ignore (zsh) #409871 We don't ship the script
CVE-2007-6208 ignore (claws) We don't ship the script
-CVE-2007-6207 VULNERABLE (kernel) Xen cross-domain memory read
-CVE-2007-6206 VULNERABLE (kernel) Core dump owner issue
+CVE-2007-6207 ignore (kernel-xen) Xen cross-domain memory read, ia64 only
+CVE-2007-6206 version (kernel, fixed 2.6.22.17) Core dump owner issue
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229]
@@ -994,7 +997,7 @@
*CVE-2006-6736 ** (java-ibm)
*CVE-2006-6731 ** (java-ibm)
*CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043]
-*CVE-2006-6698 VULNERABLE (GConf2) #219280
+*CVE-2006-6698 ignore (GConf2) #219280 minimal impact
CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped)
CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible
@@ -1054,7 +1057,7 @@
CVE-2006-6085 version (kile, fixed 1.9.3) #217238
CVE-2006-6077 version (firefox, fixed 1.5.0.10)
CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support
-CVE-2006-6058 VULNERABLE (kernel, fixed 2.6.24) 250623
+CVE-2006-6058 version (kernel, fixed 2.6.23.7) 250623
CVE-2006-6057 version (kernel, fixed **)
CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471
CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058]
@@ -1820,7 +1823,7 @@
CVE-2005-3753 version (kernel, fixed 2.6.14)
CVE-2005-3745 ignore (struts, fixed 1.2.8) but not through tomcat
CVE-2005-3732 version (ipsec-tools, fixed 0.6.3)
-*CVE-2005-3675 VULNERABLE (kernel) optack, no upstream fix
+CVE-2005-3675 ignore (kernel) optack, no upstream fix, wontfix upstream
CVE-2005-3671 version (openswan, fixed 2.4.4)
*CVE-2005-3662 version (netpbm)
CVE-2005-3656 version (mod_auth_pgsql, fixed 2.0.3)
15 years, 12 months
fedora-security/audit f8, 1.214, 1.215 f9, 1.204, 1.205 fc7, 1.370, 1.371
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9744/audit
Modified Files:
f8 f9 fc7
Log Message:
note wordpress CVE id
check updates
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.214
retrieving revision 1.215
diff -u -r1.214 -r1.215
--- f8 2 May 2008 16:12:35 -0000 1.214
+++ f8 5 May 2008 08:37:37 -0000 1.215
@@ -6,24 +6,25 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 VULNERABLE (tor)
+CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc8]
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0
-CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443940
-CVE-2008-1927 VULNERABLE (perl) [since perl-5.8.8-39.fc8]
-CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-2.fc8]
+CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443940 [since FEDORA-2008-3352]
+CVE-2008-1927 fixed (perl) [since FEDORA-2008-3392]
+CVE-2008-1926 fixed (util-linux-ng) [since FEDORA-2008-3419]
CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc8] PMASA-2008-3
CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
-CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc8]
-CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443055 nsf demuxer overflow
+CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3390]
+CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443055 [since FEDORA-2008-3353] nsf demuxer overflow
CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3174]
CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
-CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442363
+CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420]
CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981]
CVE-2008-1729 ignore (drupal) 6.x only
CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441690 [since FEDORA-2008-3047]
@@ -37,14 +38,14 @@
CVE-2008-1686 fixed (speex) #442572 [since FEDORA-2008-3103]
CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
-CVE-2008-1670 VULNERABLE (kdelibs4) #444399 kdelibs 4.x only
+CVE-2008-1670 fixed (kdelibs4) #444399 [since FEDORA-2008-3412] kdelibs 4.x only
CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987]
CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375
CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778]
CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440249 [since FEDORA-2008-3036]
CVE-2008-1628 fixed (audit) [since FEDORA-2008-3012]
CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868]
-CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740]
+CVE-2008-1612 fixed (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740]
CVE-2008-1568 fixed (comix) improper shell escaping, bz#430635 [since FEDORA-2008-2981]
CVE-2008-1567 fixed (phpMyAdmin, fixed 2.11.5.1) [since FEDORA-2008-2825]
CVE-2008-1563 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040]
@@ -52,7 +53,7 @@
CVE-2008-1561 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040]
CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641]
CVE-2008-1532 version (Perlbal, fixed 1.70) #439056 [since FEDORA-2008-2778]
-CVE-2008-1531 VULNERABLE (lighttpd) #439068
+CVE-2008-1531 fixed (lighttpd) #439068 [since FEDORA-2008-3376]
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849]
@@ -61,9 +62,9 @@
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554]
-CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442363
+CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420]
CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
-CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc8]
+CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc8]
CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444436
CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264]
@@ -119,9 +120,9 @@
CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043]
CVE-2008-1102 VULNERABLE (blender) #443936
-CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442363
-CVE-2008-1099 VULNERABLE (moin) #438673
-CVE-2008-1098 VULNERABLE (moin) #438673
+CVE-2008-1100 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420]
+CVE-2008-1099 fixed (moin) #438673 [since FEDORA-2008-3301]
+CVE-2008-1098 fixed (moin) #438673 [since FEDORA-2008-3301]
CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package
CVE-2008-1072 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040]
CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040]
@@ -211,7 +212,7 @@
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0320 fixed (openoffice.org, fixed 2.4) #442846 [since FEDORA-2008-3251]
CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1625]
-CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442363
+CVE-2008-0314 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420]
CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1459]
CVE-2008-0304 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060]
CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722]
@@ -245,7 +246,7 @@
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572]
CVE-2008-0002 fixed (tomcat5) #432474 [since FEDORA-2008-1467]
-CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443021
+CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443021 [since FEDORA-2008-3333]
CVE-2007-6703 fixed (vdccm, fixed 0.10.1) #436026 [since FEDORA-2008-0680]
CVE-2007-6698 version (openldap, fixed 2.3.36)
CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430241 [since FEDORA-2008-1208]
@@ -330,7 +331,7 @@
CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478]
-CVE-2007-6061 VULNERABLE (audacity) #393251
+CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6029 ignore (clamav) insufficient information about the issue
CVE-2007-6018 fixed (horde) #428628 [since FEDORA-2008-2040]
CVE-2007-6018 fixed (imp) #428632 [since FEDORA-2008-2040]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.204
retrieving revision 1.205
diff -u -r1.204 -r1.205
--- f9 2 May 2008 16:12:35 -0000 1.204
+++ f9 5 May 2008 08:37:37 -0000 1.205
@@ -5,6 +5,7 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 VULNERABLE (tor)
+CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.370
retrieving revision 1.371
diff -u -r1.370 -r1.371
--- fc7 2 May 2008 16:12:35 -0000 1.370
+++ fc7 5 May 2008 08:37:37 -0000 1.371
@@ -7,6 +7,7 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
+CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
@@ -14,31 +15,31 @@
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0
CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939
-CVE-2008-1927 VULNERABLE (perl) [since perl-5.8.8-29.fc7]
+CVE-2008-1927 fixed (perl) [since FEDORA-2008-3399]
CVE-2008-1926 VULNERABLE (util-linux)
CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3
CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
-CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc7]
-CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443054 nsf demuxer overflow
+CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3365]
+CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443054 [since FEDORA-2008-3326] nsf demuxer overflow
CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3070]
CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
-CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442362
+CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358]
CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993]
CVE-2008-1729 ignore (drupal) 6.x only
CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060]
CVE-2008-1693 version (xpdf, fixed 3.02)
CVE-2008-1693 ignore (kdegraphics) not affected
CVE-2008-1693 ignore (koffice) not affected
-CVE-2008-1693 VULNERABLE (poppler, fixed 0.6.2) #443026
+CVE-2008-1693 fixed (poppler, fixed 0.6.2) #443026 [since FEDORA-2008-3312]
CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue
CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117]
CVE-2008-1686 fixed (speex) #442571 [since FEDORA-2008-3191]
CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
-CVE-2008-1670 VULNERABLE (kdelibs4) #444398 kdelibs 4.x only
+CVE-2008-1670 fixed (kdelibs4) #444398 [since FEDORA-2008-3379] kdelibs 4.x only
CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461
CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788]
CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440248 [since FEDORA-2008-3010]
@@ -52,7 +53,7 @@
CVE-2008-1561 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941]
CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641]
CVE-2008-1532 version (Perlbal, fixed 1.70) #439055 [since FEDORA-2008-2788]
-CVE-2008-1531 VULNERABLE (lighttpd) #439067
+CVE-2008-1531 fixed (lighttpd) #439067 [since FEDORA-2008-3343]
CVE-2008-1515 VULNERABLE (otrs) #439723
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
@@ -62,7 +63,7 @@
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620]
-CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442362
+CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used
CVE-2008-1382 ignore (libpng10) [since libpng10-1.0.33-1.fc7]
CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444435
@@ -120,9 +121,9 @@
CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
CVE-2008-1102 VULNERABLE (blender) #443935
-CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442362
-CVE-2008-1099 VULNERABLE (moin) #438672
-CVE-2008-1098 VULNERABLE (moin) #438672
+CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
+CVE-2008-1099 fixed (moin) #438672 [since FEDORA-2008-3328]
+CVE-2008-1098 fixed (moin) #438672 [since FEDORA-2008-3328]
CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package
CVE-2008-1072 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941]
CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941]
@@ -130,10 +131,10 @@
CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928]
CVE-2008-1066 fixed (gallery2) #438059 [since FEDORA-2008-2650]
CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656]
-CVE-2008-1026 VULNERABLE (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc7]
-CVE-2008-1025 VULNERABLE (WebKit, fixed r31438) [since WebKit-1.0.0-0.8.svn31787.fc7]
-CVE-2008-1011 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7]
-CVE-2008-1010 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7]
+CVE-2008-1026 fixed (WebKit, fixed r31388) [since FEDORA-2008-3415]
+CVE-2008-1025 fixed (WebKit, fixed r31438) [since FEDORA-2008-3415]
+CVE-2008-1011 fixed (WebKit) [since FEDORA-2008-3415]
+CVE-2008-1010 fixed (WebKit) [since FEDORA-2008-3415]
CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637]
CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...
@@ -211,7 +212,7 @@
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0320 VULNERABLE (openoffice.org, fixed 2.4) #442845
CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1608]
-CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442362
+CVE-2008-0314 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1669]
CVE-2008-0304 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644]
@@ -245,7 +246,7 @@
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506]
CVE-2008-0002 fixed (tomcat5) #432475 [since FEDORA-2008-1603]
-CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443020
+CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443020 [since FEDORA-2008-3371]
CVE-2007-6703 VULNERABLE (vdccm, fixed 0.10.1) #436025
CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307]
CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430239 [since FEDORA-2008-1231]
@@ -329,7 +330,7 @@
CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
-CVE-2007-6061 VULNERABLE (audacity) #393251
+CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
CVE-2007-6029 ignore (clamav) insufficient information about the issue
CVE-2007-6018 fixed (horde) #428629 [since FEDORA-2008-2087]
@@ -497,7 +498,7 @@
CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) #373261 [since FEDORA-2007-4263]
CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
-CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
+CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315281 Upstream WONTFIX. See where we use the code.
CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]
16 years
fedora-security/audit f8, 1.213, 1.214 f9, 1.203, 1.204 fc7, 1.369, 1.370
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv27473/audit
Modified Files:
f8 f9 fc7
Log Message:
add tkimg, sipp, zoneminder dupe
update on libpng10
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.213
retrieving revision 1.214
diff -u -r1.213 -r1.214
--- f8 29 Apr 2008 08:26:54 -0000 1.213
+++ f8 2 May 2008 16:12:35 -0000 1.214
@@ -6,8 +6,10 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 VULNERABLE (tor)
+CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
+CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc8]
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0
CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443940
@@ -61,7 +63,7 @@
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554]
CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442363
CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
-CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used
+CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc8]
CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444436
CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264]
@@ -174,6 +176,7 @@
CVE-2008-0554 version (netpbm, fixed 10.27)
CVE-2008-0553 fixed (perl-Tk) #431532 [since FEDORA-2008-1323]
CVE-2008-0553 backport (tk, fixed 8.5.1) [since FEDORA-2008-1122]
+CVE-2008-0553 VULNERABLE (tkimg) #444951
CVE-2008-0544 fixed (SDL_image) #430694 [since FEDORA-2008-1208] ILBM overflow
CVE-2008-0486 fixed (xine-lib, fixed 1.1.10.1) #431543 [since FEDORA-2008-1543]
CVE-2008-0460 fixed (mediawiki) #430288 [since FEDORA-2008-2288]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.203
retrieving revision 1.204
diff -u -r1.203 -r1.204
--- f9 29 Apr 2008 08:26:54 -0000 1.203
+++ f9 2 May 2008 16:12:35 -0000 1.204
@@ -5,8 +5,10 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 VULNERABLE (tor)
+CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
+CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc9]
CVE-2008-1937 VULNERABLE (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0
CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941
@@ -60,7 +62,7 @@
CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9]
CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
-CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used
+CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc9]
CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437
CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442852
@@ -169,6 +171,7 @@
CVE-2008-0554 version (netpbm, fixed 10.27)
CVE-2008-0553 backport (perl-Tk) #431529 [since perl-Tk-804.028-3.fc9]
CVE-2008-0553 backport (tk, fixed 8.5.1) [since tk-8.5.0-4.fc9]
+CVE-2008-0553 VULNERABLE (tkimg) #444872
CVE-2008-0544 backport (SDL_image) #430696 ILBM overflow [since SDL_image-1.2.6-5.fc9]
CVE-2008-0486 version (xine-lib, fixed 1.1.10.1) #431544 [since xine-lib-1.1.10.1-1.fc9]
CVE-2008-0460 version (mediawiki) #430289 [since mediawiki-1.10.4-38.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.369
retrieving revision 1.370
diff -u -r1.369 -r1.370
--- fc7 29 Apr 2008 08:26:54 -0000 1.369
+++ fc7 2 May 2008 16:12:35 -0000 1.370
@@ -7,8 +7,10 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
+CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
+CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc7]
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0
CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939
@@ -62,7 +64,7 @@
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620]
CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442362
CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used
-CVE-2008-1382 ignore (libpng10) minimal impact, affected api rarely used
+CVE-2008-1382 ignore (libpng10) [since libpng10-1.0.33-1.fc7]
CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444435
CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442850 [since FEDORA-2008-3231]
@@ -174,6 +176,7 @@
CVE-2008-0554 version (netpbm, fixed 10.27)
CVE-2008-0553 fixed (perl-Tk) #431531 [since FEDORA-2008-1384]
CVE-2008-0553 backport (tk, fixed 8.5.1) [since FEDORA-2008-1131]
+CVE-2008-0553 VULNERABLE (tkimg) #444950
CVE-2008-0544 fixed (SDL_image) #430695 [since FEDORA-2008-1208] ILBM overflow
CVE-2008-0486 fixed (xine-lib, fixed 1.1.10.1) #431542 [since FEDORA-2008-1581]
CVE-2008-0460 fixed (mediawiki) #430287 [since FEDORA-2008-2245]
16 years