Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15518/audit
Modified Files:
f10 f8 f9 fc7
Log Message:
issue collected this week
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- f10 30 May 2008 15:18:25 -0000 1.4
+++ f10 6 Jun 2008 19:59:59 -0000 1.5
@@ -7,12 +7,14 @@
CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10]
CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2363 VULNERABLE (pan) #449335
CVE-2008-2359 ignore (system-config-network) F8 specific issue
CVE-2008-2357 fixed (mtr, fixed 0.73)
CVE-2008-2302 version (Django, fixed 0.96.2) #447260 [since Django-0.96.2-1.fc10]
CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2168 ignore (httpd) browser issue, not apache
+CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
CVE-2008-2085 VULNERABLE (sipp) #446222
CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804
CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10]
@@ -22,6 +24,8 @@
CVE-2008-1950 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
CVE-2008-1949 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
CVE-2008-1948 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
+CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27)
+CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.17)
CVE-2008-1944 version (xen, fixed 3.2)
CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc10]
CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10]
@@ -38,17 +42,21 @@
CVE-2008-1672 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10]
CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10]
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848
+CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5)
CVE-2008-1423 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10]
CVE-2008-1420 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10]
CVE-2008-1419 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10]
CVE-2008-1387 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
-CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
+CVE-2008-1382 version (libpng, fixed 1.2.27) [since libpng-1.2.29-1.fc10]
CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10]
CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9]
+CVE-2008-1109 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
+CVE-2008-1108 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
CVE-2008-1105 VULNERABLE (samba, fixed 3.0.30)
CVE-2008-1103 VULNERABLE (blender) not fixed upstream
CVE-2008-1100 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
CVE-2008-1078 backport (am-utils) #437746 [since am-utils-6.1.5-10.fc10]
+CVE-2008-1033 version (cups, fixed 1.3.7) [since cups-1.3.7-1.fc9]
CVE-2008-0891 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10]
CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10]
CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
@@ -66,6 +74,7 @@
CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
CVE-2007-1320 VULNERABLE (qemu)
CVE-2007-1320 VULNERABLE (kvm)
+CVE-2007-0062 version (dhcp, fixed 4.0.0)
CVE-2006-6698 fixed (GConf2)
CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.222
retrieving revision 1.223
diff -u -r1.222 -r1.223
--- f8 30 May 2008 15:18:25 -0000 1.222
+++ f8 6 Jun 2008 19:59:59 -0000 1.223
@@ -6,9 +6,10 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
-CVE-2008-2426 VULNERABLE (imlib2) [since imlib2-1.4.0-7.fc8]
+CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4842]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2363 VULNERABLE (pan) #449333
CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633]
CVE-2008-2357 fixed (mtr, fixed 0.73)
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248]
@@ -16,6 +17,7 @@
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2146 version (wordpress, fixed 2.2.3)
+CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
CVE-2008-2109 fixed (libid3tag) #445814 [since FEDORA-2008-3976]
CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442]
CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
@@ -36,6 +38,7 @@
CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
+CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27)
CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8]
CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8]
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
@@ -52,7 +55,7 @@
CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420]
-CVE-2008-1804 VULNERABLE (snort, fixed 2.8.1)
+CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5001]
CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917]
CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917]
CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917]
@@ -93,6 +96,7 @@
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849]
+CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5)
CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370]
CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767]
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
@@ -102,7 +106,7 @@
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554]
CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420]
-CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
+CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4847]
CVE-2008-1382 fixed (libpng10) [since FEDORA-2008-3937]
CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444436 [since FEDORA-2008-3462]
CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
@@ -111,6 +115,7 @@
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131]
CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
+CVE-2008-1364 ignore (dhcp) not affected
CVE-2008-1360 fixed (nagios, fixed 2.11) #437850 [since FEDORA-2008-3098]
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 ignore (asterisk) not affected
@@ -158,7 +163,9 @@
CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only
CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043]
-CVE-2008-1105 VULNERABLE (samba, fixed 3.0.30) [since samba-3.0.30-0.fc8]
+CVE-2008-1109 fixed (evolution) #449923 [since FEDORA-2008-5016]
+CVE-2008-1108 fixed (evolution) #449923 [since FEDORA-2008-5016]
+CVE-2008-1105 fixed (samba, fixed 3.0.30) [since FEDORA-2008-4679]
CVE-2008-1103 VULNERABLE (blender) not fixed upstream
CVE-2008-1102 fixed (blender) #443936 [since FEDORA-2008-3875]
CVE-2008-1100 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420]
@@ -171,6 +178,7 @@
CVE-2008-1066 version (php-Smarty) #435811 [since FEDORA-2008-1911]
CVE-2008-1066 fixed (gallery2) #438058 [since FEDORA-2008-2587]
CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438062
+CVE-2008-1033 version (cups, fixed 1.3.7) [since FEDORA-2008-3586]
CVE-2008-1026 version (WebKit, fixed r31388) [since FEDORA-2008-3229]
CVE-2008-1025 version (WebKit, fixed r31438) [since FEDORA-2008-3229]
CVE-2008-1011 version (WebKit) [since FEDORA-2008-3229]
@@ -535,6 +543,9 @@
CVE-2007-0537 version (kdebase, fixed 3.5.6) #225420
CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage
CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since FEDORA-2007-4334]
+CVE-2007-0063 ignore (dhcp) duplicate of CVE-2007-5365
+CVE-2007-0062 ignore (dhcp, fixed 3.0.7)
+CVE-2007-0061 ignore (dhcp) not affected
CVE-2006-7232 version (mysql, fixed 5.0.32)
CVE-2006-6698 ignore (GConf2) #219280 minimal impact
CVE-2006-6698 fixed (GConf2)
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.212
retrieving revision 1.213
diff -u -r1.212 -r1.213
--- f9 30 May 2008 15:18:25 -0000 1.212
+++ f9 6 Jun 2008 19:59:59 -0000 1.213
@@ -5,9 +5,10 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
-CVE-2008-2426 VULNERABLE (imlib2) [since imlib2-1.4.0-7.fc9]
+CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2363 VULNERABLE (pan) #449334
CVE-2008-2359 ignore (system-config-network) F8 specific issue
CVE-2008-2357 fixed (mtr, fixed 0.73)
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267]
@@ -15,6 +16,7 @@
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2146 version (wordpress, fixed 2.2.3)
+CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
CVE-2008-2109 fixed (libid3tag) #445815 [since FEDORA-2008-3757]
CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668]
CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
@@ -35,6 +37,8 @@
CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
+CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27)
+CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.17)
CVE-2008-1944 version (xen, fixed 3.2)
CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
@@ -52,7 +56,7 @@
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9]
CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9]
-CVE-2008-1804 VULNERABLE (snort, fixed 2.8.1)
+CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5045]
CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886]
CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886]
CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886]
@@ -72,7 +76,7 @@
CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3]
CVE-2008-1678 VULNERABLE (httpd) #447311 only affects systems with openssl >= 0.9.8e
CVE-2008-1677 VULNERABLE (fedora-ds-base) #445810
-CVE-2008-1672 VULNERABLE (openssl, fixed 0.9.8h) #448690
+CVE-2008-1672 fixed (openssl, fixed 0.9.8h) #448690 [since FEDORA-2008-4723]
CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped
CVE-2008-1670 backport (kdelibs) [since kdelibs-4.0.3-7.fc9]
CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9]
@@ -93,6 +97,7 @@
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9]
+CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5)
CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9]
CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9]
CVE-2008-1467 fixed (centerim) #438871
@@ -102,7 +107,7 @@
CVE-2008-1394 ignore (plone)
CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9]
CVE-2008-1387 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900]
-CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
+CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4910]
CVE-2008-1382 fixed (libpng10) [since FEDORA-2008-3683]
CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444437 [since FEDORA-2008-3601]
CVE-2008-1380 version (firefox, fixed 2.0.0.14)
@@ -111,6 +116,7 @@
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9]
CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
+CVE-2008-1364 ignore (dhcp) not affected
CVE-2008-1360 version (nagios, fixed 2.11) #437852 [since nagios-2.11-3.fc9]
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9]
@@ -156,7 +162,9 @@
CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9]
CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9]
-CVE-2008-1105 VULNERABLE (samba, fixed 3.0.30) [since samba-3.2.0-1.rc1.14.fc9]
+CVE-2008-1109 fixed (evolution) #449924 [since FEDORA-2008-4990]
+CVE-2008-1108 fixed (evolution) #449924 [since FEDORA-2008-4990]
+CVE-2008-1105 fixed (samba, fixed 3.0.30) [since FEDORA-2008-4724]
CVE-2008-1103 VULNERABLE (blender) not fixed upstream
CVE-2008-1102 backport (blender) #443937 [since blender-2.45-12.fc9]
CVE-2008-1100 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900]
@@ -169,6 +177,7 @@
CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9]
CVE-2008-1066 fixed (gallery2) #438060 [since gallery2-2.2.4-3.fc9]
CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438064 [since php-pear-PhpDocumentor-1.4.1-2.fc9]
+CVE-2008-1033 version (cups, fixed 1.3.7) [since cups-1.3.7-1.fc9]
CVE-2008-1026 version (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc9]
CVE-2008-1025 version (WebKit, fixed r31438) [since WebKit-1.0.0-0.8.svn31787.fc9]
CVE-2008-1011 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9]
@@ -179,7 +188,7 @@
CVE-2008-0928 backport (qemu) #433563 [since qemu-0.9.1-3.fc9]
CVE-2008-0928 backport (kvm) #433566 [since kvm-61-2.fc9]
CVE-2008-0928 backport (xen) [since xen-3.2.0-8.fc9]
-CVE-2008-0891 VULNERABLE (openssl, fixed 0.9.8h) #448690
+CVE-2008-0891 fixed (openssl, fixed 0.9.8h) #448690 [since FEDORA-2008-4723]
CVE-2008-0888 backport (unzip) #437927 [since unzip-5.52-9.fc9]
CVE-2008-0887 version (gnome-screensaver, fixed 2.22.1) #440257 [since gnome-screensaver-2.22.1-1.fc9]
CVE-2008-0882 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]
@@ -509,6 +518,9 @@
CVE-2007-0537 version (kdebase, fixed 3.5.6) #225420
CVE-2007-0235 version (libgtop2, fixed 2.14.6) #222637 not sure, will triage
CVE-2007-0095 backport (phpMyAdmin) #221694 "Reveals path" [since phpMyAdmin-2.11.3-1.fc9]
+CVE-2007-0063 ignore (dhcp) duplicate of CVE-2007-5365
+CVE-2007-0062 version (dhcp, fixed 4.0.0)
+CVE-2007-0061 ignore (dhcp) not affected
CVE-2006-7232 version (mysql, fixed 5.0.32)
CVE-2006-6698 ignore (GConf2) #219280 minimal impact, let upstream deal with it if they care
CVE-2006-6698 fixed (GConf2)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.378
retrieving revision 1.379
diff -u -r1.378 -r1.379
--- fc7 30 May 2008 15:18:25 -0000 1.378
+++ fc7 6 Jun 2008 19:59:59 -0000 1.379
@@ -7,9 +7,10 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
-CVE-2008-2426 VULNERABLE (imlib2) [since imlib2-1.3.0-4.fc7]
+CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4950]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4606]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2363 VULNERABLE (pan)
CVE-2008-2359 ignore (system-config-network) F8 specific issue
CVE-2008-2357 fixed (mtr, fixed 0.73)
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447257 [since FEDORA-2008-4191]
@@ -17,6 +18,7 @@
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2146 version (wordpress, fixed 2.2.3)
+CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
CVE-2008-2109 fixed (libid3tag) #445813 [since FEDORA-2008-3874]
CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488]
CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
@@ -37,6 +39,7 @@
CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447509 [since FEDORA-2008-4274]
CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447509 [since FEDORA-2008-4274]
CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447509 [since FEDORA-2008-4274]
+CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27)
CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc7]
CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc7]
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
@@ -53,7 +56,7 @@
CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358]
-CVE-2008-1804 VULNERABLE (snort, fixed 2.8.1)
+CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5045]
CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985]
CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985]
CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985]
@@ -94,6 +97,7 @@
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
CVE-2008-1482 fixed (xine-lib) #438669 [since FEDORA-2008-2945]
+CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5)
CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471]
CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438666 [since FEDORA-2008-2678]
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
@@ -103,8 +107,8 @@
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620]
CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
-CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used
-CVE-2008-1382 ignore (libpng10) [since libpng10-1.0.33-1.fc7]
+CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4947]
+CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc7]
CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444435 [since FEDORA-2008-3516]
CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442850 [since FEDORA-2008-3231]
@@ -112,6 +116,7 @@
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897]
CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
+CVE-2008-1364 ignore (dhcp) not affected
CVE-2008-1360 VULNERABLE (nagios, fixed 2.11) #437851
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 ignore (asterisk) not affected
@@ -159,7 +164,9 @@
CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only
CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
-CVE-2008-1105 VULNERABLE (samba, fixed 3.0.30) [since samba-3.0.28a-1.fc7]
+CVE-2008-1109 fixed (evolution) #449922 [since FEDORA-2008-5018]
+CVE-2008-1108 fixed (evolution) #449922 [since FEDORA-2008-5018]
+CVE-2008-1105 fixed (samba, fixed 3.0.30) [since FEDORA-2008-4797]
CVE-2008-1103 VULNERABLE (blender) not fixed upstream
CVE-2008-1102 fixed (blender) #443935 [since FEDORA-2008-3862]
CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
@@ -172,6 +179,7 @@
CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928]
CVE-2008-1066 fixed (gallery2) #438059 [since FEDORA-2008-2650]
CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656]
+CVE-2008-1033 ignore (cups) only affected 1.3.6
CVE-2008-1026 fixed (WebKit, fixed r31388) [since FEDORA-2008-3415]
CVE-2008-1025 fixed (WebKit, fixed r31438) [since FEDORA-2008-3415]
CVE-2008-1011 fixed (WebKit) [since FEDORA-2008-3415]
@@ -1002,6 +1010,9 @@
CVE-2007-0095 backport (phpMyAdmin) #221694 [since FEDORA-2007-4298]
CVE-2007-0086 ignore (apache) not a security issue
*CVE-2007-0080 ** (freeradius)
+CVE-2007-0063 ignore (dhcp) duplicate of CVE-2007-5365
+CVE-2007-0062 ignore (dhcp, fixed 3.0.7)
+CVE-2007-0061 ignore (dhcp) not affected
*CVE-2007-0010 ** (gtk2)
CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]
CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279]