fedora-security/audit f10, 1.15, 1.16 f8, 1.233, 1.234 f9, 1.223, 1.224
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17907/audit
Modified Files:
f10 f8 f9
Log Message:
issues from last 2 weeks... i hope i haven't missed many
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- f10 12 Sep 2008 19:00:33 -0000 1.15
+++ f10 30 Sep 2008 12:51:46 -0000 1.16
@@ -4,11 +4,52 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10]
+CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10]
+CVE-2008-4242 VULNERABLE (proftpd) #464130
+CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10]
+CVE-2008-4190 VULNERABLE (openswan)
+CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462873
+CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462873
+CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
+CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
+CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
+CVE-2008-4106 version (wordpress, fixed 2.6.2) [since wordpress-2.6.2-1.fc10]
+CVE-2008-4100 VULNERABLE (adns) #462754 upstream design decision
+CVE-2008-4099 version (python-pydns, fixed 2.3.2) #462767 [since python-pydns-2.3.3-1.fc10]
+CVE-2008-4096 version (phpMyAdmin, fixed 2.11.9.1) [since phpMyAdmin-2.11.9.1-1.fc10]
+CVE-2008-4094 version (rubygem-activerecord, fixed 2.1.1) [since rubygem-activerecord-2.1.1-1.fc10]
+CVE-2008-4070 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4069 ignore (firefox) ff2 only
+CVE-2008-4069 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4068 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4068 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4067 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4067 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4066 ignore (firefox) ff2 only
+CVE-2008-4066 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4065 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4065 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4064 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4064 ignore (seamonkey) ff only
+CVE-2008-4063 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4063 ignore (seamonkey) ff only
+CVE-2008-4062 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4062 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4061 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4061 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4060 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4060 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4059 ignore (firefox) ff2 only
+CVE-2008-4059 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4058 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4058 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2008-3972 version (opensc, fixed 0.11.6) [since opensc-0.11.6-1.fc10]
CVE-2008-3970 version (pam_mount, fixed 0.47) [since pam_mount-0.47-1.fc10]
CVE-2008-3969 version (bitlbee, fixed 1.2.3) [since bitlbee-1.2.3-1.fc10]
CVE-2008-3964 backport (libpng, fixed 1.2.32beta01) #461620 [since libpng-1.2.31-2.fc10]
CVE-2008-3962 backport (ssmtp) [since ssmtp-2.61-11.6.fc10]
+CVE-2008-3949 VULNERABLE (emacs, fixed 22.3)
CVE-2008-3934 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
CVE-2008-3933 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
CVE-2008-3932 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
@@ -16,9 +57,16 @@
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
CVE-2008-3920 version (bitlbee, fixed 1.2.2) [since bitlbee-1.2.2-1.fc10]
-CVE-2008-3906 VULNERABLE (mono) #461755
+CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
+CVE-2008-3906 version (mono) #461755 [since mono-2.0-6.fc10]
CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101
+CVE-2008-3837 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-3837 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-3836 ignore (firefox) ff2 only
+CVE-2008-3836 ignore (seamonkey) ff only
+CVE-2008-3835 ignore (firefox) ff2 only
+CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10]
@@ -34,6 +82,9 @@
CVE-2008-3740 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
CVE-2008-3714 backport (awstats) #459743 [since awstats-6.8-2.fc10]
CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected
+CVE-2008-3663 version (squirrelmail, fixed 1.4.16) #464186 [since squirrelmail-1.4.16-1.fc10]
+CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462873
+CVE-2008-3661 VULNERABLE (drupal) #464165 ignored by upstream
CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
@@ -82,6 +133,7 @@
CVE-2008-3139 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
CVE-2008-3138 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
CVE-2008-3137 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
+CVE-2008-3102 VULNERABLE (mantis) #464137
CVE-2008-3067 version (sudo, fixed 1.6.9p12)
CVE-2008-2960 version (phpMyAdmin, fixed 2.11.7) [since phpMyAdmin-2.11.7-1.fc10] PMASA-2008-4
CVE-2008-2954 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
@@ -89,7 +141,7 @@
CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10]
CVE-2008-2951 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10]
CVE-2008-2950 version (poppler, fixed 0.8.5) #454290 [since poppler-0.8.5-1.fc10]
-CVE-2008-2942 VULNERABLE (mercurial)
+CVE-2008-2942 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10]
CVE-2008-2941 ignore (hplip) #458991 not run as service
CVE-2008-2940 ignore (hplip) #458991 not run as service
CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
@@ -249,6 +301,8 @@
CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10]
CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
CVE-2008-0166 ignore (openssl) Debian specific
+CVE-2008-0016 ignore (firefox) ff2 only
+CVE-2008-0016 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9]
CVE-2007-6321 version (roundcubemail) #423301 [since roundcubemail-0.2-0.alpha.fc10]
CVE-2007-6318 VULNERABLE (wordpress) #426434
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -r1.233 -r1.234
--- f8 12 Sep 2008 19:00:33 -0000 1.233
+++ f8 30 Sep 2008 12:51:46 -0000 1.234
@@ -6,11 +6,52 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638
+CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632
+CVE-2008-4242 VULNERABLE (proftpd) #464128
+CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8423]
+CVE-2008-4190 VULNERABLE (openswan)
+CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871
+CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462871
+CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
+CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
+CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
+CVE-2008-4106 fixed (wordpress, fixed 2.6.2) [since FEDORA-2008-7760]
+CVE-2008-4100 VULNERABLE (adns) #462752 upstream design decision
+CVE-2008-4099 VULNERABLE (python-pydns, fixed 2.3.2) #462765
+CVE-2008-4096 fixed (phpMyAdmin, fixed 2.11.9.1) [since FEDORA-2008-8269]
+CVE-2008-4094 VULNERABLE (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8282]
+CVE-2008-4070 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4069 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4069 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4068 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4068 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4067 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4067 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4066 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4066 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4065 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4065 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4064 ignore (firefox) ff3 only
+CVE-2008-4064 ignore (seamonkey) ff only
+CVE-2008-4063 ignore (firefox) ff3 only
+CVE-2008-4063 ignore (seamonkey) ff only
+CVE-2008-4062 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4062 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4061 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4061 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4060 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4060 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4059 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4059 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4058 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4058 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6)
CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7973]
CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7761]
CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
CVE-2008-3962 VULNERABLE (ssmtp)
+CVE-2008-3949 VULNERABLE (emacs, fixed 22.3)
CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
@@ -18,9 +59,16 @@
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7761]
+CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 VULNERABLE (mono) #461753
CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099
+CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-3836 ignore (seamonkey) ff only
+CVE-2008-3835 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3790 VULNERABLE (ruby)
@@ -35,6 +83,9 @@
CVE-2008-3740 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467]
CVE-2008-3714 fixed (awstats) #459741 [since FEDORA-2008-7684]
CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719]
+CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464184
+CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871
+CVE-2008-3661 VULNERABLE (drupal) #464163 ignored by upstream
CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
@@ -81,6 +132,7 @@
CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
+CVE-2008-3102 VULNERABLE (mantis) #464135
CVE-2008-3067 VULNERABLE (sudo, fixed 1.6.9p12)
CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5640] PMASA-2008-4
CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038]
@@ -88,10 +140,10 @@
CVE-2008-2952 fixed (openldap) #453726 [since FEDORA-2008-6029]
CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830]
CVE-2008-2950 fixed (poppler) #454288 [since FEDORA-2008-7104]
-CVE-2008-2942 VULNERABLE (mercurial)
+CVE-2008-2942 VULNERABLE (mercurial, fixed 1.0.2) #464632
CVE-2008-2941 ignore (hplip) #458989 not run as service
CVE-2008-2940 ignore (hplip) #458989 not run as service
-CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460125
+CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
CVE-2008-2937 VULNERABLE (postfix) #459099
CVE-2008-2936 VULNERABLE (postfix) #459099
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029]
@@ -165,7 +217,7 @@
CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140]
CVE-2008-2371 fixed (pcre) #453555 [since FEDORA-2008-6111]
CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025]
-CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460125
+CVE-2008-2370 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
CVE-2008-2364 fixed (httpd, fixed 2.2.9) #454423 [since FEDORA-2008-6314]
CVE-2008-2363 VULNERABLE (pan) #449333
CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
@@ -209,7 +261,7 @@
CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460125
+CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8]
CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8]
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
@@ -334,7 +386,7 @@
CVE-2008-1233 version (firefox, fixed 2.0.0.13)
CVE-2008-1233 version (seamonkey, fixed 1.1.9)
CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557]
-CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460125
+CVE-2008-1232 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected
CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2464] not in default config
@@ -470,7 +522,7 @@
CVE-2008-0172 fixed (boost) #428975 [since FEDORA-2008-0754]
CVE-2008-0171 fixed (boost) #428975 [since FEDORA-2008-0754]
CVE-2008-0166 ignore (openssl) Debian specific
-CVE-2008-0128 VULNERABLE (tomcat5) #429904
+CVE-2008-0128 version (tomcat5, fixed 5.5.21) #429904 [since tomcat5-5.5.23-9jpp.4.fc8]
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
@@ -480,6 +532,8 @@
CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901]
CVE-2008-0047 fixed (cups) #440040 [since FEDORA-2008-2131]
+CVE-2008-0016 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-0016 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994]
CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794]
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.223
retrieving revision 1.224
diff -u -r1.223 -r1.224
--- f9 12 Sep 2008 19:00:33 -0000 1.223
+++ f9 30 Sep 2008 12:51:46 -0000 1.224
@@ -5,11 +5,52 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639
+CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490]
+CVE-2008-4242 VULNERABLE (proftpd) #464129
+CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8379]
+CVE-2008-4190 VULNERABLE (openswan)
+CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872
+CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462872
+CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
+CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
+CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
+CVE-2008-4106 fixed (wordpress, fixed 2.6.2) [since FEDORA-2008-7902]
+CVE-2008-4100 VULNERABLE (adns) #462753 upstream design decision
+CVE-2008-4099 VULNERABLE (python-pydns, fixed 2.3.2) #462766
+CVE-2008-4096 fixed (phpMyAdmin, fixed 2.11.9.1) [since FEDORA-2008-8370]
+CVE-2008-4094 fixed (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8322]
+CVE-2008-4070 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4069 ignore (firefox) ff2 only
+CVE-2008-4069 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4068 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4068 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4067 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4067 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4066 ignore (firefox) ff2 only
+CVE-2008-4066 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4065 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4065 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4064 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4064 ignore (seamonkey) ff only
+CVE-2008-4063 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4063 ignore (seamonkey) ff only
+CVE-2008-4062 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4062 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4061 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4061 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4060 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4060 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4059 ignore (firefox) ff2 only
+CVE-2008-4059 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4058 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4058 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6)
CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976]
CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830]
CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
CVE-2008-3962 VULNERABLE (ssmtp)
+CVE-2008-3949 VULNERABLE (emacs, fixed 22.3)
CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
@@ -17,9 +58,16 @@
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7830]
+CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 VULNERABLE (mono) #461754
CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100
+CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-3836 ignore (firefox) ff2 only
+CVE-2008-3836 ignore (seamonkey) ff only
+CVE-2008-3835 ignore (firefox) ff2 only
+CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9]
@@ -35,6 +83,9 @@
CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663]
CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739]
+CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185
+CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872
+CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream
CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
@@ -83,6 +134,7 @@
CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
+CVE-2008-3102 VULNERABLE (mantis) #464136
CVE-2008-3067 version (sudo, fixed 1.6.9p12)
CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5676] PMASA-2008-4
CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018]
@@ -90,11 +142,11 @@
CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062]
CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833]
CVE-2008-2950 fixed (poppler) #454289 [since FEDORA-2008-7012]
-CVE-2008-2942 VULNERABLE (mercurial)
+CVE-2008-2942 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490]
CVE-2008-2941 ignore (hplip) #458990 not run as service
CVE-2008-2940 ignore (hplip) #458990 not run as service
CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
-CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460126
+CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
CVE-2008-2937 VULNERABLE (postfix) #459100
CVE-2008-2936 VULNERABLE (postfix) #459100
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062]
@@ -168,7 +220,7 @@
CVE-2008-2371 fixed (pcre) #453556 [since FEDORA-2008-6110]
CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048]
CVE-2008-2370 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
-CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460126
+CVE-2008-2370 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
CVE-2008-2364 fixed (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393]
CVE-2008-2363 VULNERABLE (pan) #449334
CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
@@ -213,7 +265,7 @@
CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1947 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460126
+CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
CVE-2008-1944 version (xen, fixed 3.2)
CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
@@ -337,7 +389,7 @@
CVE-2008-1233 version (seamonkey, fixed 1.1.9)
CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1232 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
-CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460126
+CVE-2008-1232 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected
CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config
@@ -482,6 +534,8 @@
CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]
CVE-2008-0047 backport (cups) #440041 [since cups-1.3.6-9.fc9]
+CVE-2008-0016 ignore (firefox) ff2 only
+CVE-2008-0016 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9]
CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
15 years, 6 months
fedora-security/audit f10, 1.14, 1.15 f8, 1.232, 1.233 f9, 1.222, 1.223
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30842/audit
Modified Files:
f10 f8 f9
Log Message:
few more updates
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- f10 11 Sep 2008 15:15:31 -0000 1.14
+++ f10 12 Sep 2008 19:00:33 -0000 1.15
@@ -8,6 +8,7 @@
CVE-2008-3970 version (pam_mount, fixed 0.47) [since pam_mount-0.47-1.fc10]
CVE-2008-3969 version (bitlbee, fixed 1.2.3) [since bitlbee-1.2.3-1.fc10]
CVE-2008-3964 backport (libpng, fixed 1.2.32beta01) #461620 [since libpng-1.2.31-2.fc10]
+CVE-2008-3962 backport (ssmtp) [since ssmtp-2.61-11.6.fc10]
CVE-2008-3934 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
CVE-2008-3933 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
CVE-2008-3932 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
@@ -18,6 +19,8 @@
CVE-2008-3906 VULNERABLE (mono) #461755
CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101
+CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
+CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10]
CVE-2008-3790 VULNERABLE (ruby)
CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3)
@@ -51,6 +54,7 @@
CVE-2008-3326 version (moodle) 1.8.x+ not affected
CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
+CVE-2008-3283 version (fedora-ds-base, fixed 1.1.2) [since fedora-ds-base-1.1.2-1.fc10]
CVE-2008-3282 VULNERABLE (openoffice.org)
CVE-2008-3281 version (libxml2) #459714 [since libxml2-2.7.0-1.fc10]
CVE-2008-3274 backport (ipa) [since ipa-1.1.0-3.fc10]
@@ -95,6 +99,7 @@
CVE-2008-2935 VULNERABLE (libxslt)
CVE-2008-2933 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10]
CVE-2008-2932 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10]
+CVE-2008-2930 version (fedora-ds-base, fixed 1.1.2) [since fedora-ds-base-1.1.2-1.fc10]
CVE-2008-2929 version (adminutil, fixed 1.1.6) [since adminutil-1.1.6-1.fc10]
CVE-2008-2928 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10]
CVE-2008-2841 ignore (xchat) windows-only, IE bug
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.232
retrieving revision 1.233
diff -u -r1.232 -r1.233
--- f8 11 Sep 2008 15:15:32 -0000 1.232
+++ f8 12 Sep 2008 19:00:33 -0000 1.233
@@ -10,6 +10,7 @@
CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7973]
CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7761]
CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
+CVE-2008-3962 VULNERABLE (ssmtp)
CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
@@ -20,6 +21,8 @@
CVE-2008-3906 VULNERABLE (mono) #461753
CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099
+CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
+CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3790 VULNERABLE (ruby)
CVE-2008-3789 ignore (samba, fixed 3.2.3) 3.2.x only
CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7463]
@@ -51,9 +54,10 @@
CVE-2008-3326 version (moodle) 1.8.x+ not affected
CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
+CVE-2008-3283 fixed (fedora-ds-base, fixed 1.1.2) [since FEDORA-2008-7891]
CVE-2008-3282 fixed (openoffice.org) [since FEDORA-2008-7531]
CVE-2008-3281 fixed (libxml2) #459712 [since FEDORA-2008-7724]
-CVE-2008-3274 VULNERABLE (ipa) [since ipa-1.1.0-4.fc8]
+CVE-2008-3274 fixed (ipa) [since FEDORA-2008-7987]
CVE-2008-3264 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-011
CVE-2008-3263 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-010
CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
@@ -93,6 +97,7 @@
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029]
CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491]
CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642]
+CVE-2008-2930 fixed (fedora-ds-base, fixed 1.1.2) [since FEDORA-2008-7891]
CVE-2008-2929 fixed (adminutil, fixed 1.1.6) [since FEDORA-2008-7642]
CVE-2008-2928 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642]
CVE-2008-2841 ignore (xchat) windows-only, IE bug
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.222
retrieving revision 1.223
diff -u -r1.222 -r1.223
--- f9 11 Sep 2008 15:15:32 -0000 1.222
+++ f9 12 Sep 2008 19:00:33 -0000 1.223
@@ -9,6 +9,7 @@
CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976]
CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830]
CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
+CVE-2008-3962 VULNERABLE (ssmtp)
CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
@@ -19,6 +20,8 @@
CVE-2008-3906 VULNERABLE (mono) #461754
CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100
+CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
+CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9]
CVE-2008-3790 VULNERABLE (ruby)
CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243]
@@ -52,9 +55,10 @@
CVE-2008-3326 version (moodle) 1.8.x+ not affected
CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
+CVE-2008-3283 fixed (fedora-ds-base, fixed 1.1.2) [since FEDORA-2008-7813]
CVE-2008-3282 fixed (openoffice.org) [since FEDORA-2008-7680]
CVE-2008-3281 fixed (libxml2) #459713 [since FEDORA-2008-7395]
-CVE-2008-3274 VULNERABLE (ipa) [since ipa-1.1.0-7.fc9]
+CVE-2008-3274 fixed (ipa) [since FEDORA-2008-8003]
CVE-2008-3264 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-011
CVE-2008-3263 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-010
CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
@@ -96,6 +100,7 @@
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062]
CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518]
CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339]
+CVE-2008-2930 fixed (fedora-ds-base, fixed 1.1.2) [since FEDORA-2008-7813]
CVE-2008-2929 fixed (adminutil, fixed 1.1.6) [since FEDORA-2008-7339]
CVE-2008-2928 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339]
CVE-2008-2841 ignore (xchat) windows-only, IE bug
15 years, 7 months
fedora-security/audit f10, 1.13, 1.14 f8, 1.231, 1.232 f9, 1.221, 1.222
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv5579/audit
Modified Files:
f10 f8 f9
Log Message:
large pile of updates
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- f10 9 Sep 2008 14:45:36 -0000 1.13
+++ f10 11 Sep 2008 15:15:31 -0000 1.14
@@ -4,26 +4,43 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
-CVE-2008-3964 VULNERABLE (libpng, fixed 1.2.32beta01) #461620
-CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3)
-CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3)
-CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3)
+CVE-2008-3972 version (opensc, fixed 0.11.6) [since opensc-0.11.6-1.fc10]
+CVE-2008-3970 version (pam_mount, fixed 0.47) [since pam_mount-0.47-1.fc10]
+CVE-2008-3969 version (bitlbee, fixed 1.2.3) [since bitlbee-1.2.3-1.fc10]
+CVE-2008-3964 backport (libpng, fixed 1.2.32beta01) #461620 [since libpng-1.2.31-2.fc10]
+CVE-2008-3934 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
+CVE-2008-3933 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
+CVE-2008-3932 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
CVE-2008-3931 backport (R) [since R-2.7.2-1.fc10]
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
CVE-2008-3920 version (bitlbee, fixed 1.2.2) [since bitlbee-1.2.2-1.fc10]
+CVE-2008-3906 VULNERABLE (mono) #461755
+CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10]
+CVE-2008-3790 VULNERABLE (ruby)
CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3)
CVE-2008-3747 version (wordpress, fixed 2.6.1) [since wordpress-2.6.1-1.fc10]
CVE-2008-3746 version (neon, fixed 0.28.3) [since neon-0.28.3-2]
-CVE-2008-3714 VULNERABLE (awstats) #459743
+CVE-2008-3745 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3744 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3743 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3742 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3741 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3740 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
+CVE-2008-3714 backport (awstats) #459743 [since awstats-6.8-2.fc10]
CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected
+CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
+CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
+CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10]
CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
-CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3)
+CVE-2008-3529 version (libxml2, fixed 2.7.0) [since libxml2-2.7.1-1.fc10]
+CVE-2008-3443 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
+CVE-2008-3429 version (httrack, fixed 3.42-3) [since httrack-3.42.93-1.fc10]
CVE-2008-3424 version (condor, fixed 7.0.4) #457896 [since condor-7.0.4-1.fc10]
-CVE-2008-3422 VULNERABLE (mono)
+CVE-2008-3422 version (mono) [since mono-2.0-4.fc10]
CVE-2008-3381 VULNERABLE (moin) #457364
CVE-2008-3333 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10]
CVE-2008-3332 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10]
@@ -35,13 +52,14 @@
CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
CVE-2008-3282 VULNERABLE (openoffice.org)
-CVE-2008-3281 VULNERABLE (libxml2) #459714
+CVE-2008-3281 version (libxml2) #459714 [since libxml2-2.7.0-1.fc10]
+CVE-2008-3274 backport (ipa) [since ipa-1.1.0-3.fc10]
CVE-2008-3264 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-011
CVE-2008-3263 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-010
CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
CVE-2008-3252 backport (newsx) [since newsx-1.6-9.fc10]
CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
-CVE-2008-3231 VULNERABLE (xine-lib)
+CVE-2008-3231 version (xine-lib) [since xine-lib-1.1.15-1.fc10.1]
CVE-2008-3223 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10]
CVE-2008-3222 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10]
CVE-2008-3221 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10]
@@ -50,10 +68,10 @@
CVE-2008-3218 version (drupal, fixed 6.3) [since drupal-6.3-1.fc10]
CVE-2008-3217 version (pdns-recursor, fixed 3.1.6) [since pdns-recursor-3.1.6-1.fc10]
CVE-2008-3215 version (clamav, fixed 0.93.3) [since clamav-0.93.3-1.fc10]
-CVE-2008-3198 VULNERABLE (firefox, fixed 3.0.1)
+CVE-2008-3198 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10]
CVE-2008-3197 version (phpMyAdmin, fixed 2.11.7.1) [since phpMyAdmin-2.11.7.1-1.fc10]
CVE-2008-3196 backport (byacc) [since byacc-1.9.20070509-4.fc10]
-CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3)
+CVE-2008-3146 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
CVE-2008-3145 version (wireshark, fixed 1.0.2) [since wireshark-1.0.2-1.fc10]
CVE-2008-3141 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
CVE-2008-3140 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
@@ -66,53 +84,56 @@
CVE-2008-2953 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10]
CVE-2008-2951 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10]
-CVE-2008-2950 VULNERABLE (poppler) #454290
+CVE-2008-2950 version (poppler, fixed 0.8.5) #454290 [since poppler-0.8.5-1.fc10]
CVE-2008-2942 VULNERABLE (mercurial)
-CVE-2008-2941 VULNERABLE (hplip) #458991
-CVE-2008-2940 VULNERABLE (hplip) #458991
-CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-2941 ignore (hplip) #458991 not run as service
+CVE-2008-2940 ignore (hplip) #458991 not run as service
+CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127
CVE-2008-2937 VULNERABLE (postfix) #459101
CVE-2008-2936 backport (postfix) #459101 [since postfix-2.5.1-4.fc10]
CVE-2008-2935 VULNERABLE (libxslt)
-CVE-2008-2933 VULNERABLE (firefox, fixed 3.0.1)
+CVE-2008-2933 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10]
+CVE-2008-2932 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10]
+CVE-2008-2929 version (adminutil, fixed 1.1.6) [since adminutil-1.1.6-1.fc10]
+CVE-2008-2928 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10]
CVE-2008-2841 ignore (xchat) windows-only, IE bug
CVE-2008-2827 backport (perl) #452642 [since perl-5.10.0-28.fc10]
CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2811 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2811 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2811 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2810 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2810 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2810 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2809 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2809 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2809 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2809 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2808 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2808 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2808 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2807 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2807 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2807 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2807 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2806 ignore (firefox, fixed 3.0) Mac OS X specific
CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
CVE-2008-2805 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2805 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2805 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2803 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2803 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2803 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2803 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2802 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2802 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2802 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2802 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2801 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2801 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2801 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2800 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2800 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2800 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2799 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2799 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2799 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2799 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2798 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10]
-CVE-2008-2798 VULNERABLE (seamonkey, fixed 1.1.10)
+CVE-2008-2798 version (seamonkey, fixed 1.1.10) [since seamonkey-1.1.11-1.fc9]
CVE-2008-2798 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
-CVE-2008-2785 VULNERABLE (seamonkey, fixed 1.1.11)
-CVE-2008-2785 VULNERABLE (firefox, fixed 3.0.1)
+CVE-2008-2785 version (seamonkey, fixed 1.1.11) [since seamonkey-1.1.11-1.fc9]
+CVE-2008-2785 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10]
CVE-2008-2785 version (thunderbird, fixed 2.0.0.16) [since thunderbird-2.0.0.16-1.fc10]
CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
@@ -126,7 +147,7 @@
CVE-2008-2719 version (nasm, fixed 2.03.01) [since nasm-2.03.01-1.fc10]
CVE-2008-2713 version (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc10]
CVE-2008-2711 backport (fetchmail, fixed 6.3.9) #452959 crash only in verbose mode [since fetchmail-6.3.8-7.fc10]
-CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17)
+CVE-2008-2696 version (exiv2, fixed 0.17) [since exiv2-0.17.1-1.fc10]
CVE-2008-2664 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
CVE-2008-2663 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
CVE-2008-2662 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
@@ -140,9 +161,9 @@
CVE-2008-2374 version (bluez-libs, fixed 3.34) #452822 [since bluez-libs-3.34-1.fc10]
CVE-2008-2371 backport (pcre) #453557 [since pcre-7.3-4.fc10]
CVE-2008-2371 version (glib2) #453561 [since glib2-2.17.3-1.fc10]
-CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-2370 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460127
-CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #447312
+CVE-2008-2364 version (httpd, fixed 2.2.9) #447312 [since httpd-2.2.9-2]
CVE-2008-2363 VULNERABLE (pan) #449335
CVE-2008-2362 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
CVE-2008-2361 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
@@ -156,6 +177,7 @@
CVE-2008-2292 backport (net-snmp, fixed 5.4.2.pre1) [since net-snmp-5.4.1-19.fc10]
CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2235 version (opensc, fixed 0.11.5) [since opensc-0.11.6-1.fc10]
CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2152 version (openoffice.org, fixed 2.4.1) [since openoffice.org-3.0.0-0.0.17.1.fc10]
CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
@@ -171,7 +193,7 @@
CVE-2008-1950 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
CVE-2008-1949 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
CVE-2008-1948 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
-CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-1947 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460127
CVE-2008-1944 version (xen, fixed 3.2)
CVE-2008-1943 backport (xen) [since xen-3.2.0-11.fc10]
@@ -188,7 +210,7 @@
CVE-2008-1801 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10]
CVE-2008-1771 version (mt-daapd) [since mt-daapd-0.2.4.2-2.fc10]
CVE-2008-1767 version (libxslt, fixed 1.1.24) [since libxslt-1.1.24-1.fc10]
-CVE-2008-1678 VULNERABLE (httpd) #447312 only affects systems with openssl >= 0.9.8e
+CVE-2008-1678 version (httpd) #447312 only affects systems with openssl >= 0.9.8e [since httpd-2.2.9-2]
CVE-2008-1677 version (fedora-ds-base, fixed 1.1.1) #445810 [since fedora-ds-base-1.1.1-1.fc10]
CVE-2008-1672 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10]
CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10]
@@ -207,7 +229,7 @@
CVE-2008-1377 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
CVE-2008-1376 ignore (nfs-utils) using tcp wrappers
CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9]
-CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-1232 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460127
CVE-2008-1109 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
CVE-2008-1108 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.231
retrieving revision 1.232
diff -u -r1.231 -r1.232
--- f8 9 Sep 2008 14:45:36 -0000 1.231
+++ f8 11 Sep 2008 15:15:32 -0000 1.232
@@ -6,24 +6,41 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6)
+CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7973]
+CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7761]
CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
-CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461254
-CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461254
-CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461254
-CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc8]
+CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
+CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
+CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
+CVE-2008-3931 fixed (R) [since FEDORA-2008-7619]
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
-CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc8]
+CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7761]
+CVE-2008-3906 VULNERABLE (mono) #461753
+CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099
+CVE-2008-3790 VULNERABLE (ruby)
CVE-2008-3789 ignore (samba, fixed 3.2.3) 3.2.x only
-CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1)
+CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7463]
CVE-2008-3746 ignore (neon, fixed 0.28.3) 0.28.x only
-CVE-2008-3714 VULNERABLE (awstats) #459741
-CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc8]
+CVE-2008-3745 ignore (drupal) 6.x only
+CVE-2008-3744 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467]
+CVE-2008-3743 ignore (drupal) 6.x only
+CVE-2008-3742 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467]
+CVE-2008-3741 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467]
+CVE-2008-3740 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467]
+CVE-2008-3714 fixed (awstats) #459741 [since FEDORA-2008-7684]
+CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719]
+CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
+CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
+CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
-CVE-2008-3533 VULNERABLE (yelp, fixed 2.24) #459502
-CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3)
-CVE-2008-3422 VULNERABLE (mono)
+CVE-2008-3533 fixed (yelp, fixed 2.24) #459502 [since FEDORA-2008-7293]
+CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7666]
+CVE-2008-3443 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
+CVE-2008-3429 fixed (httrack, fixed 3.42-3) [since FEDORA-2008-7896]
+CVE-2008-3422 VULNERABLE (mono) #461753
CVE-2008-3381 ignore (moin) not affected
CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657]
CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657]
@@ -34,14 +51,15 @@
CVE-2008-3326 version (moodle) 1.8.x+ not affected
CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
-CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.3.0-6.16.fc8]
-CVE-2008-3281 VULNERABLE (libxml2) #459712
+CVE-2008-3282 fixed (openoffice.org) [since FEDORA-2008-7531]
+CVE-2008-3281 fixed (libxml2) #459712 [since FEDORA-2008-7724]
+CVE-2008-3274 VULNERABLE (ipa) [since ipa-1.1.0-4.fc8]
CVE-2008-3264 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-011
CVE-2008-3263 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-010
CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
CVE-2008-3252 fixed (newsx) [since FEDORA-2008-6319]
CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
-CVE-2008-3231 VULNERABLE (xine-lib)
+CVE-2008-3231 fixed (xine-lib) [since FEDORA-2008-7572]
CVE-2008-3223 ignore (drupal) 6.x only
CVE-2008-3222 fixed (drupal, fixed 5.8) [since FEDORA-2008-6411]
CVE-2008-3221 ignore (drupal) 6.x only
@@ -52,7 +70,7 @@
CVE-2008-3215 fixed (clamav, fixed 0.93.3) [since FEDORA-2008-6422]
CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6450]
CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6429]
-CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461254
+CVE-2008-3146 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6645]
CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
@@ -67,13 +85,16 @@
CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830]
CVE-2008-2950 fixed (poppler) #454288 [since FEDORA-2008-7104]
CVE-2008-2942 VULNERABLE (mercurial)
-CVE-2008-2941 VULNERABLE (hplip) #458989
-CVE-2008-2940 VULNERABLE (hplip) #458989
+CVE-2008-2941 ignore (hplip) #458989 not run as service
+CVE-2008-2940 ignore (hplip) #458989 not run as service
CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460125
CVE-2008-2937 VULNERABLE (postfix) #459099
CVE-2008-2936 VULNERABLE (postfix) #459099
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029]
CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491]
+CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642]
+CVE-2008-2929 fixed (adminutil, fixed 1.1.6) [since FEDORA-2008-7642]
+CVE-2008-2928 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642]
CVE-2008-2841 ignore (xchat) windows-only, IE bug
CVE-2008-2827 ignore (perl) perl 5.10 only
CVE-2008-2811 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
@@ -147,13 +168,14 @@
CVE-2008-2360 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633]
CVE-2008-2357 fixed (mtr, fixed 0.73)
-CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc8]
+CVE-2008-2327 fixed (libtiff) [since FEDORA-2008-7388]
CVE-2008-2310 ignore (binutils) blocked by fortify_source
CVE-2008-2307 fixed (WebKit, fixed svn34204) #454094 [since FEDORA-2008-6220]
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248]
CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5218]
CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5)
CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) #450650 [since FEDORA-2008-5247]
CVE-2008-2146 version (wordpress, fixed 2.2.3)
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.221
retrieving revision 1.222
diff -u -r1.221 -r1.222
--- f9 9 Sep 2008 14:45:36 -0000 1.221
+++ f9 11 Sep 2008 15:15:32 -0000 1.222
@@ -5,26 +5,43 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6)
+CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976]
+CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830]
CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
-CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461255
-CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461255
-CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461255
-CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc9]
+CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
+CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
+CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
+CVE-2008-3931 fixed (R) [since FEDORA-2008-7670]
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
-CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc9]
+CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7830]
+CVE-2008-3906 VULNERABLE (mono) #461754
+CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9]
-CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) [since samba-3.2.3-0.20.fc9]
-CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1)
-CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415
-CVE-2008-3714 VULNERABLE (awstats) #459742
-CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc9]
+CVE-2008-3790 VULNERABLE (ruby)
+CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243]
+CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7279]
+CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415 [since FEDORA-2008-7661]
+CVE-2008-3745 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3744 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3743 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3742 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3741 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
+CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663]
+CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739]
+CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
+CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
+CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
-CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3)
+CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7594]
+CVE-2008-3443 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
+CVE-2008-3429 fixed (httrack, fixed 3.42-3) [since FEDORA-2008-7862]
CVE-2008-3424 fixed (condor, fixed 7.0.4) #457895 [since FEDORA-2008-7205]
-CVE-2008-3422 VULNERABLE (mono)
+CVE-2008-3422 VULNERABLE (mono) #461754
CVE-2008-3381 VULNERABLE (moin) #457363
CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647]
CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647]
@@ -35,14 +52,15 @@
CVE-2008-3326 version (moodle) 1.8.x+ not affected
CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
-CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.4.1-17.6.fc9]
-CVE-2008-3281 VULNERABLE (libxml2) #459713
+CVE-2008-3282 fixed (openoffice.org) [since FEDORA-2008-7680]
+CVE-2008-3281 fixed (libxml2) #459713 [since FEDORA-2008-7395]
+CVE-2008-3274 VULNERABLE (ipa) [since ipa-1.1.0-7.fc9]
CVE-2008-3264 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-011
CVE-2008-3263 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-010
CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
CVE-2008-3252 fixed (newsx) [since FEDORA-2008-6321]
CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
-CVE-2008-3231 VULNERABLE (xine-lib)
+CVE-2008-3231 fixed (xine-lib) [since FEDORA-2008-7512]
CVE-2008-3223 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415]
CVE-2008-3222 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415]
CVE-2008-3221 fixed (drupal, fixed 6.3) [since FEDORA-2008-6415]
@@ -54,7 +72,7 @@
CVE-2008-3198 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518]
CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6502]
CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6414]
-CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461255
+CVE-2008-3146 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6440]
CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
@@ -67,16 +85,19 @@
CVE-2008-2953 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018]
CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062]
CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833]
-CVE-2008-2950 VULNERABLE (poppler) #454289 [since FEDORA-2008-7012]
+CVE-2008-2950 fixed (poppler) #454289 [since FEDORA-2008-7012]
CVE-2008-2942 VULNERABLE (mercurial)
-CVE-2008-2941 VULNERABLE (hplip) #458990
-CVE-2008-2940 VULNERABLE (hplip) #458990
-CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-2941 ignore (hplip) #458990 not run as service
+CVE-2008-2940 ignore (hplip) #458990 not run as service
+CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460126
CVE-2008-2937 VULNERABLE (postfix) #459100
CVE-2008-2936 VULNERABLE (postfix) #459100
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062]
CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518]
+CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339]
+CVE-2008-2929 fixed (adminutil, fixed 1.1.6) [since FEDORA-2008-7339]
+CVE-2008-2928 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339]
CVE-2008-2841 ignore (xchat) windows-only, IE bug
CVE-2008-2827 fixed (perl) #452641 [since FEDORA-2008-5739]
CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
@@ -138,10 +159,10 @@
CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only
CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6033]
CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
-CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452821 [since FEDORA-2008-6133]
+CVE-2008-2374 fixed (bluez-libs, fixed 3.34) #452821 [since FEDORA-2008-6133]
CVE-2008-2371 fixed (pcre) #453556 [since FEDORA-2008-6110]
CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048]
-CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-2370 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460126
CVE-2008-2364 fixed (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393]
CVE-2008-2363 VULNERABLE (pan) #449334
@@ -150,13 +171,14 @@
CVE-2008-2360 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
CVE-2008-2359 ignore (system-config-network) F8 specific issue
CVE-2008-2357 fixed (mtr, fixed 0.73)
-CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc9]
+CVE-2008-2327 fixed (libtiff) [since FEDORA-2008-7370]
CVE-2008-2310 ignore (binutils) blocked by fortify_source
CVE-2008-2307 fixed (WebKit, fixed svn34204) #454095 [since FEDORA-2008-6186]
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267]
CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5215]
CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5)
CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) [since FEDORA-2008-5143]
CVE-2008-2146 version (wordpress, fixed 2.2.3)
@@ -185,7 +207,7 @@
CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
-CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-1947 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460126
CVE-2008-1944 version (xen, fixed 3.2)
CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
@@ -309,7 +331,7 @@
CVE-2008-1233 version (firefox, fixed 2.0.0.13)
CVE-2008-1233 version (seamonkey, fixed 1.1.9)
CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
-CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-1232 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460126
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected
15 years, 7 months
fedora-security/audit f10, 1.12, 1.13 f8, 1.230, 1.231 f9, 1.220, 1.221
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19395/audit
Modified Files:
f10 f8 f9
Log Message:
i should remember to commit this more often
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- f10 25 Jul 2008 15:29:25 -0000 1.12
+++ f10 9 Sep 2008 14:45:36 -0000 1.13
@@ -4,9 +4,40 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-3964 VULNERABLE (libpng, fixed 1.2.32beta01) #461620
+CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3)
+CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3)
+CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3)
+CVE-2008-3931 backport (R) [since R-2.7.2-1.fc10]
+CVE-2008-3928 ignore (honeyd) affected script not shipped
+CVE-2008-3927 VULNERABLE (tiger)
+CVE-2008-3920 version (bitlbee, fixed 1.2.2) [since bitlbee-1.2.2-1.fc10]
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101
+CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10]
+CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3)
+CVE-2008-3747 version (wordpress, fixed 2.6.1) [since wordpress-2.6.1-1.fc10]
+CVE-2008-3746 version (neon, fixed 0.28.3) [since neon-0.28.3-2]
+CVE-2008-3714 VULNERABLE (awstats) #459743
+CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected
+CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10]
+CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
+CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3)
+CVE-2008-3424 version (condor, fixed 7.0.4) #457896 [since condor-7.0.4-1.fc10]
+CVE-2008-3422 VULNERABLE (mono)
+CVE-2008-3381 VULNERABLE (moin) #457364
+CVE-2008-3333 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10]
+CVE-2008-3332 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10]
+CVE-2008-3331 version (mantis, fixed 1.1.2) [since mantis-1.1.2-1.fc10]
+CVE-2008-3330 version (horde, fixed 3.2.1) [since horde-3.2.1-1.fc10]
+CVE-2008-3328 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10]
+CVE-2008-3327 ignore (moodle) webroot disclosure
+CVE-2008-3326 version (moodle) 1.8.x+ not affected
+CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
-CVE-2008-3264 ignore (asterisk) AST-2008-011 - 1.6.x not affected
-CVE-2008-3263 ignore (asterisk) AST-2008-010 - 1.6.x not affected
+CVE-2008-3282 VULNERABLE (openoffice.org)
+CVE-2008-3281 VULNERABLE (libxml2) #459714
+CVE-2008-3264 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-011
+CVE-2008-3263 backport (asterisk) [since asterisk-1.6.0-0.19.beta9.fc10] AST-2008-010
CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
CVE-2008-3252 backport (newsx) [since newsx-1.6-9.fc10]
CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
@@ -22,6 +53,7 @@
CVE-2008-3198 VULNERABLE (firefox, fixed 3.0.1)
CVE-2008-3197 version (phpMyAdmin, fixed 2.11.7.1) [since phpMyAdmin-2.11.7.1-1.fc10]
CVE-2008-3196 backport (byacc) [since byacc-1.9.20070509-4.fc10]
+CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3)
CVE-2008-3145 version (wireshark, fixed 1.0.2) [since wireshark-1.0.2-1.fc10]
CVE-2008-3141 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
CVE-2008-3140 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
@@ -33,8 +65,16 @@
CVE-2008-2954 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
CVE-2008-2953 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10]
+CVE-2008-2951 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10]
CVE-2008-2950 VULNERABLE (poppler) #454290
CVE-2008-2942 VULNERABLE (mercurial)
+CVE-2008-2941 VULNERABLE (hplip) #458991
+CVE-2008-2940 VULNERABLE (hplip) #458991
+CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127
+CVE-2008-2937 VULNERABLE (postfix) #459101
+CVE-2008-2936 backport (postfix) #459101 [since postfix-2.5.1-4.fc10]
+CVE-2008-2935 VULNERABLE (libxslt)
CVE-2008-2933 VULNERABLE (firefox, fixed 3.0.1)
CVE-2008-2841 ignore (xchat) windows-only, IE bug
CVE-2008-2827 backport (perl) #452642 [since perl-5.10.0-28.fc10]
@@ -100,6 +140,8 @@
CVE-2008-2374 version (bluez-libs, fixed 3.34) #452822 [since bluez-libs-3.34-1.fc10]
CVE-2008-2371 backport (pcre) #453557 [since pcre-7.3-4.fc10]
CVE-2008-2371 version (glib2) #453561 [since glib2-2.17.3-1.fc10]
+CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460127
CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #447312
CVE-2008-2363 VULNERABLE (pan) #449335
CVE-2008-2362 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
@@ -107,6 +149,7 @@
CVE-2008-2360 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
CVE-2008-2359 ignore (system-config-network) F8 specific issue
CVE-2008-2357 fixed (mtr, fixed 0.73)
+CVE-2008-2327 backport (libtiff) [since libtiff-3.8.2-11.fc10]
CVE-2008-2310 ignore (binutils) blocked by fortify_source
CVE-2008-2307 version (WebKit, fixed svn34204) [since WebKit-1.0.0-0.11.svn34279.fc10]
CVE-2008-2302 version (Django, fixed 0.96.2) #447260 [since Django-0.96.2-1.fc10]
@@ -128,8 +171,8 @@
CVE-2008-1950 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
CVE-2008-1949 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
CVE-2008-1948 backport (gnutls, fixed 2.2.4) #447512 [since gnutls-2.0.4-3.fc10]
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27)
-CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.17)
+CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460127
CVE-2008-1944 version (xen, fixed 3.2)
CVE-2008-1943 backport (xen) [since xen-3.2.0-11.fc10]
CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10]
@@ -162,7 +205,10 @@
CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10]
CVE-2008-1379 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
CVE-2008-1377 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
+CVE-2008-1376 ignore (nfs-utils) using tcp wrappers
CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9]
+CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460132
+CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460127
CVE-2008-1109 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
CVE-2008-1108 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
CVE-2008-1105 version (samba, fixed 3.0.30) [since samba-3.2.0-1.rc2.16.fc10]
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.230
retrieving revision 1.231
diff -u -r1.230 -r1.231
--- f8 25 Jul 2008 15:29:25 -0000 1.230
+++ f8 9 Sep 2008 14:45:36 -0000 1.231
@@ -6,7 +6,36 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
+CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461254
+CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461254
+CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461254
+CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc8]
+CVE-2008-3928 ignore (honeyd) affected script not shipped
+CVE-2008-3927 VULNERABLE (tiger)
+CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc8]
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099
+CVE-2008-3789 ignore (samba, fixed 3.2.3) 3.2.x only
+CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1)
+CVE-2008-3746 ignore (neon, fixed 0.28.3) 0.28.x only
+CVE-2008-3714 VULNERABLE (awstats) #459741
+CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc8]
+CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
+CVE-2008-3533 VULNERABLE (yelp, fixed 2.24) #459502
+CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3)
+CVE-2008-3422 VULNERABLE (mono)
+CVE-2008-3381 ignore (moin) not affected
+CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657]
+CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657]
+CVE-2008-3331 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6657]
+CVE-2008-3330 fixed (horde, fixed 3.2.1) [since FEDORA-2008-5691]
+CVE-2008-3328 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830]
+CVE-2008-3327 ignore (moodle) webroot disclosure
+CVE-2008-3326 version (moodle) 1.8.x+ not affected
+CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
+CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.3.0-6.16.fc8]
+CVE-2008-3281 VULNERABLE (libxml2) #459712
CVE-2008-3264 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-011
CVE-2008-3263 fixed (asterisk, fixed 1.4.21.2) [since FEDORA-2008-6676] AST-2008-010
CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
@@ -23,6 +52,7 @@
CVE-2008-3215 fixed (clamav, fixed 0.93.3) [since FEDORA-2008-6422]
CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6450]
CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6429]
+CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461254
CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6645]
CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
@@ -34,47 +64,54 @@
CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038]
CVE-2008-2953 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038]
CVE-2008-2952 fixed (openldap) #453726 [since FEDORA-2008-6029]
-CVE-2008-2950 VULNERABLE (poppler) #454288
+CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830]
+CVE-2008-2950 fixed (poppler) #454288 [since FEDORA-2008-7104]
CVE-2008-2942 VULNERABLE (mercurial)
+CVE-2008-2941 VULNERABLE (hplip) #458989
+CVE-2008-2940 VULNERABLE (hplip) #458989
+CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460125
+CVE-2008-2937 VULNERABLE (postfix) #459099
+CVE-2008-2936 VULNERABLE (postfix) #459099
+CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029]
CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491]
CVE-2008-2841 ignore (xchat) windows-only, IE bug
CVE-2008-2827 ignore (perl) perl 5.10 only
CVE-2008-2811 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2811 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
-CVE-2008-2811 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
+CVE-2008-2811 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
CVE-2008-2810 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2810 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
CVE-2008-2809 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2809 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
-CVE-2008-2809 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
+CVE-2008-2809 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
CVE-2008-2808 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2808 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
CVE-2008-2807 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2807 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
-CVE-2008-2807 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
+CVE-2008-2807 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
CVE-2008-2806 ignore (firefox, fixed 2.0.0.15) Mac OS X specific
CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
CVE-2008-2805 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2805 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
CVE-2008-2803 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2803 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
-CVE-2008-2803 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
+CVE-2008-2803 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
CVE-2008-2802 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2802 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
-CVE-2008-2802 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
+CVE-2008-2802 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
CVE-2008-2801 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2801 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
CVE-2008-2800 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2800 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
CVE-2008-2799 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2799 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
-CVE-2008-2799 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
+CVE-2008-2799 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
CVE-2008-2798 fixed (firefox, fixed 2.0.0.15) [since FEDORA-2008-6127]
CVE-2008-2798 fixed (seamonkey, fixed 1.1.10) #453954 [since FEDORA-2008-6196]
-CVE-2008-2798 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
+CVE-2008-2798 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
CVE-2008-2785 fixed (seamonkey, fixed 1.1.11) [since FEDORA-2008-6517]
CVE-2008-2785 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491]
-CVE-2008-2785 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
+CVE-2008-2785 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6706]
CVE-2008-2783 VULNERABLE (kronolith)
CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
@@ -102,13 +139,15 @@
CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140]
CVE-2008-2371 fixed (pcre) #453555 [since FEDORA-2008-6111]
CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025]
-CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #454423 [since FEDORA-2008-6314]
+CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460125
+CVE-2008-2364 fixed (httpd, fixed 2.2.9) #454423 [since FEDORA-2008-6314]
CVE-2008-2363 VULNERABLE (pan) #449333
CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
CVE-2008-2361 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
CVE-2008-2360 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633]
CVE-2008-2357 fixed (mtr, fixed 0.73)
+CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc8]
CVE-2008-2310 ignore (binutils) blocked by fortify_source
CVE-2008-2307 fixed (WebKit, fixed svn34204) #454094 [since FEDORA-2008-6220]
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248]
@@ -143,7 +182,7 @@
CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27)
+CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460125
CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8]
CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8]
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
@@ -230,6 +269,7 @@
CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557]
CVE-2008-1379 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
CVE-2008-1377 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
+CVE-2008-1376 ignore (nfs-utils) using tcp wrappers
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131]
CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
@@ -267,6 +307,7 @@
CVE-2008-1233 version (firefox, fixed 2.0.0.13)
CVE-2008-1233 version (seamonkey, fixed 1.1.9)
CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557]
+CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460125
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected
CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2464] not in default config
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.220
retrieving revision 1.221
diff -u -r1.220 -r1.221
--- f9 25 Jul 2008 15:29:25 -0000 1.220
+++ f9 9 Sep 2008 14:45:36 -0000 1.221
@@ -5,9 +5,40 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
+CVE-2008-3934 VULNERABLE (wireshark, fixed 1.0.3) #461255
+CVE-2008-3933 VULNERABLE (wireshark, fixed 1.0.3) #461255
+CVE-2008-3932 VULNERABLE (wireshark, fixed 1.0.3) #461255
+CVE-2008-3931 VULNERABLE (R) [since R-2.7.2-1.fc9]
+CVE-2008-3928 ignore (honeyd) affected script not shipped
+CVE-2008-3927 VULNERABLE (tiger)
+CVE-2008-3920 VULNERABLE (bitlbee, fixed 1.2.2) [since bitlbee-1.2.3-1.fc9]
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100
+CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9]
+CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3) [since samba-3.2.3-0.20.fc9]
+CVE-2008-3747 VULNERABLE (wordpress, fixed 2.6.1)
+CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415
+CVE-2008-3714 VULNERABLE (awstats) #459742
+CVE-2008-3699 VULNERABLE (amarok, fixed 1.4.40) [since amarok-1.4.10-1.fc9]
+CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
+CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
+CVE-2008-3429 VULNERABLE (httrack, fixed 3.42-3)
+CVE-2008-3424 fixed (condor, fixed 7.0.4) #457895 [since FEDORA-2008-7205]
+CVE-2008-3422 VULNERABLE (mono)
+CVE-2008-3381 VULNERABLE (moin) #457363
+CVE-2008-3333 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647]
+CVE-2008-3332 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647]
+CVE-2008-3331 fixed (mantis, fixed 1.1.2) [since FEDORA-2008-6647]
+CVE-2008-3330 fixed (horde, fixed 3.2.1) [since FEDORA-2008-5683]
+CVE-2008-3328 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833]
+CVE-2008-3327 ignore (moodle) webroot disclosure
+CVE-2008-3326 version (moodle) 1.8.x+ not affected
+CVE-2008-3325 version (moodle) 1.8.x+ not affected
CVE-2008-3294 ignore (vim) build-time tmp file usage
-CVE-2008-3264 ignore (asterisk) AST-2008-011 - 1.6.x not affected
-CVE-2008-3263 ignore (asterisk) AST-2008-010 - 1.6.x not affected
+CVE-2008-3282 VULNERABLE (openoffice.org) [since openoffice.org-2.4.1-17.6.fc9]
+CVE-2008-3281 VULNERABLE (libxml2) #459713
+CVE-2008-3264 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-011
+CVE-2008-3263 fixed (asterisk) [since FEDORA-2008-6853] AST-2008-010
CVE-2008-3259 ignore (openssh, fixed 5.1) HP-UX only
CVE-2008-3252 fixed (newsx) [since FEDORA-2008-6321]
CVE-2008-3233 ignore (wordrepss, fixed 2.6) only 2.6 devel versions affected
@@ -23,6 +54,7 @@
CVE-2008-3198 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518]
CVE-2008-3197 fixed (phpMyAdmin, fixed 2.11.7.1) [since FEDORA-2008-6502]
CVE-2008-3196 VULNERABLE (byacc) [since FEDORA-2008-6414]
+CVE-2008-3146 VULNERABLE (wireshark, fixed 1.0.3) #461255
CVE-2008-3145 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
CVE-2008-3141 fixed (wireshark, fixed 1.0.2) [since FEDORA-2008-6440]
CVE-2008-3140 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
@@ -34,47 +66,55 @@
CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018]
CVE-2008-2953 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018]
CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062]
-CVE-2008-2950 VULNERABLE (poppler) #454289
+CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833]
+CVE-2008-2950 VULNERABLE (poppler) #454289 [since FEDORA-2008-7012]
CVE-2008-2942 VULNERABLE (mercurial)
+CVE-2008-2941 VULNERABLE (hplip) #458990
+CVE-2008-2940 VULNERABLE (hplip) #458990
+CVE-2008-2938 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460126
+CVE-2008-2937 VULNERABLE (postfix) #459100
+CVE-2008-2936 VULNERABLE (postfix) #459100
+CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062]
CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518]
CVE-2008-2841 ignore (xchat) windows-only, IE bug
CVE-2008-2827 fixed (perl) #452641 [since FEDORA-2008-5739]
CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2811 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
-CVE-2008-2811 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
+CVE-2008-2811 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
CVE-2008-2810 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2810 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
CVE-2008-2809 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2809 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
-CVE-2008-2809 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
+CVE-2008-2809 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
CVE-2008-2808 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2808 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
CVE-2008-2807 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2807 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
-CVE-2008-2807 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
+CVE-2008-2807 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
CVE-2008-2806 ignore (firefox, fixed 3.0) Mac OS X specific
CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
CVE-2008-2805 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2805 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
CVE-2008-2803 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2803 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
-CVE-2008-2803 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
+CVE-2008-2803 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
CVE-2008-2802 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2802 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
-CVE-2008-2802 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
+CVE-2008-2802 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
CVE-2008-2801 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2801 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
CVE-2008-2800 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2800 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
CVE-2008-2799 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2799 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
-CVE-2008-2799 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
+CVE-2008-2799 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
CVE-2008-2798 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9]
CVE-2008-2798 fixed (seamonkey, fixed 1.1.10) #453955 [since FEDORA-2008-6193]
-CVE-2008-2798 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
+CVE-2008-2798 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
CVE-2008-2785 fixed (seamonkey, fixed 1.1.11) [since FEDORA-2008-6519]
CVE-2008-2785 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518]
-CVE-2008-2785 VULNERABLE (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
+CVE-2008-2785 fixed (thunderbird, fixed 2.0.0.16) [since FEDORA-2008-6737]
CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
CVE-2008-2726 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 [since FEDORA-2008-5664]
@@ -101,13 +141,16 @@
CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452821 [since FEDORA-2008-6133]
CVE-2008-2371 fixed (pcre) #453556 [since FEDORA-2008-6110]
CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048]
-CVE-2008-2364 VULNERABLE (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393]
+CVE-2008-2370 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460126
+CVE-2008-2364 fixed (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393]
CVE-2008-2363 VULNERABLE (pan) #449334
CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
CVE-2008-2361 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
CVE-2008-2360 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
CVE-2008-2359 ignore (system-config-network) F8 specific issue
CVE-2008-2357 fixed (mtr, fixed 0.73)
+CVE-2008-2327 VULNERABLE (libtiff) [since libtiff-3.8.2-11.fc9]
CVE-2008-2310 ignore (binutils) blocked by fortify_source
CVE-2008-2307 fixed (WebKit, fixed svn34204) #454095 [since FEDORA-2008-6186]
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267]
@@ -142,8 +185,8 @@
CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27)
-CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.17)
+CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460126
CVE-2008-1944 version (xen, fixed 3.2)
CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
@@ -186,7 +229,7 @@
CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9]
CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3]
-CVE-2008-1678 VULNERABLE (httpd) #447311 [since FEDORA-2008-6393] only affects systems with openssl >= 0.9.8e
+CVE-2008-1678 fixed (httpd) #447311 [since FEDORA-2008-6393] only affects systems with openssl >= 0.9.8e
CVE-2008-1677 version (fedora-ds-base, fixed 1.1.1) #445810 [since FEDORA-2008-4884]
CVE-2008-1672 fixed (openssl, fixed 0.9.8h) #448690 [since FEDORA-2008-4723]
CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped
@@ -231,6 +274,7 @@
CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1379 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
CVE-2008-1377 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
+CVE-2008-1376 ignore (nfs-utils) using tcp wrappers
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9]
CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
@@ -265,6 +309,8 @@
CVE-2008-1233 version (firefox, fixed 2.0.0.13)
CVE-2008-1233 version (seamonkey, fixed 1.1.9)
CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
+CVE-2008-1232 VULNERABLE (tomcat6, fixed 6.0.18) #460131
+CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460126
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected
CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config
15 years, 7 months