Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17907/audit
Modified Files:
f10 f8 f9
Log Message:
issues from last 2 weeks... i hope i haven't missed many
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- f10 12 Sep 2008 19:00:33 -0000 1.15
+++ f10 30 Sep 2008 12:51:46 -0000 1.16
@@ -4,11 +4,52 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10]
+CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10]
+CVE-2008-4242 VULNERABLE (proftpd) #464130
+CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10]
+CVE-2008-4190 VULNERABLE (openswan)
+CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462873
+CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462873
+CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
+CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
+CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
+CVE-2008-4106 version (wordpress, fixed 2.6.2) [since wordpress-2.6.2-1.fc10]
+CVE-2008-4100 VULNERABLE (adns) #462754 upstream design decision
+CVE-2008-4099 version (python-pydns, fixed 2.3.2) #462767 [since python-pydns-2.3.3-1.fc10]
+CVE-2008-4096 version (phpMyAdmin, fixed 2.11.9.1) [since phpMyAdmin-2.11.9.1-1.fc10]
+CVE-2008-4094 version (rubygem-activerecord, fixed 2.1.1) [since rubygem-activerecord-2.1.1-1.fc10]
+CVE-2008-4070 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4069 ignore (firefox) ff2 only
+CVE-2008-4069 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4068 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4068 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4067 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4067 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4066 ignore (firefox) ff2 only
+CVE-2008-4066 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4065 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4065 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4064 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4064 ignore (seamonkey) ff only
+CVE-2008-4063 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4063 ignore (seamonkey) ff only
+CVE-2008-4062 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4062 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4061 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4061 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4060 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4060 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4059 ignore (firefox) ff2 only
+CVE-2008-4059 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-4058 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-4058 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2008-3972 version (opensc, fixed 0.11.6) [since opensc-0.11.6-1.fc10]
CVE-2008-3970 version (pam_mount, fixed 0.47) [since pam_mount-0.47-1.fc10]
CVE-2008-3969 version (bitlbee, fixed 1.2.3) [since bitlbee-1.2.3-1.fc10]
CVE-2008-3964 backport (libpng, fixed 1.2.32beta01) #461620 [since libpng-1.2.31-2.fc10]
CVE-2008-3962 backport (ssmtp) [since ssmtp-2.61-11.6.fc10]
+CVE-2008-3949 VULNERABLE (emacs, fixed 22.3)
CVE-2008-3934 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
CVE-2008-3933 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
CVE-2008-3932 version (wireshark, fixed 1.0.3) [since wireshark-1.0.3-1.fc10]
@@ -16,9 +57,16 @@
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
CVE-2008-3920 version (bitlbee, fixed 1.2.2) [since bitlbee-1.2.2-1.fc10]
-CVE-2008-3906 VULNERABLE (mono) #461755
+CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
+CVE-2008-3906 version (mono) #461755 [since mono-2.0-6.fc10]
CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101
+CVE-2008-3837 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
+CVE-2008-3837 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-3836 ignore (firefox) ff2 only
+CVE-2008-3836 ignore (seamonkey) ff only
+CVE-2008-3835 ignore (firefox) ff2 only
+CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10]
@@ -34,6 +82,9 @@
CVE-2008-3740 version (drupal, fixed 6.4) [since drupal-6.4-1.fc10]
CVE-2008-3714 backport (awstats) #459743 [since awstats-6.8-2.fc10]
CVE-2008-3699 ignore (amarok, fixed 1.4.40) not affected
+CVE-2008-3663 version (squirrelmail, fixed 1.4.16) #464186 [since squirrelmail-1.4.16-1.fc10]
+CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462873
+CVE-2008-3661 VULNERABLE (drupal) #464165 ignored by upstream
CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
@@ -82,6 +133,7 @@
CVE-2008-3139 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
CVE-2008-3138 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
CVE-2008-3137 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
+CVE-2008-3102 VULNERABLE (mantis) #464137
CVE-2008-3067 version (sudo, fixed 1.6.9p12)
CVE-2008-2960 version (phpMyAdmin, fixed 2.11.7) [since phpMyAdmin-2.11.7-1.fc10] PMASA-2008-4
CVE-2008-2954 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
@@ -89,7 +141,7 @@
CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10]
CVE-2008-2951 version (trac, fixed 0.10.5) [since trac-0.10.5-1.fc10]
CVE-2008-2950 version (poppler, fixed 0.8.5) #454290 [since poppler-0.8.5-1.fc10]
-CVE-2008-2942 VULNERABLE (mercurial)
+CVE-2008-2942 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10]
CVE-2008-2941 ignore (hplip) #458991 not run as service
CVE-2008-2940 ignore (hplip) #458991 not run as service
CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
@@ -249,6 +301,8 @@
CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10]
CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
CVE-2008-0166 ignore (openssl) Debian specific
+CVE-2008-0016 ignore (firefox) ff2 only
+CVE-2008-0016 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9]
CVE-2007-6321 version (roundcubemail) #423301 [since roundcubemail-0.2-0.alpha.fc10]
CVE-2007-6318 VULNERABLE (wordpress) #426434
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -r1.233 -r1.234
--- f8 12 Sep 2008 19:00:33 -0000 1.233
+++ f8 30 Sep 2008 12:51:46 -0000 1.234
@@ -6,11 +6,52 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638
+CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632
+CVE-2008-4242 VULNERABLE (proftpd) #464128
+CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8423]
+CVE-2008-4190 VULNERABLE (openswan)
+CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871
+CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462871
+CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
+CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
+CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
+CVE-2008-4106 fixed (wordpress, fixed 2.6.2) [since FEDORA-2008-7760]
+CVE-2008-4100 VULNERABLE (adns) #462752 upstream design decision
+CVE-2008-4099 VULNERABLE (python-pydns, fixed 2.3.2) #462765
+CVE-2008-4096 fixed (phpMyAdmin, fixed 2.11.9.1) [since FEDORA-2008-8269]
+CVE-2008-4094 VULNERABLE (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8282]
+CVE-2008-4070 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4069 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4069 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4068 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4068 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4067 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4067 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4066 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4066 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4065 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4065 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4064 ignore (firefox) ff3 only
+CVE-2008-4064 ignore (seamonkey) ff only
+CVE-2008-4063 ignore (firefox) ff3 only
+CVE-2008-4063 ignore (seamonkey) ff only
+CVE-2008-4062 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4062 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4061 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4061 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4060 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4060 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4059 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4059 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-4058 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-4058 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6)
CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7973]
CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7761]
CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
CVE-2008-3962 VULNERABLE (ssmtp)
+CVE-2008-3949 VULNERABLE (emacs, fixed 22.3)
CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461254 [since FEDORA-2008-7894]
@@ -18,9 +59,16 @@
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7761]
+CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 VULNERABLE (mono) #461753
CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099
+CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-3836 ignore (seamonkey) ff only
+CVE-2008-3835 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3790 VULNERABLE (ruby)
@@ -35,6 +83,9 @@
CVE-2008-3740 fixed (drupal, fixed 5.10) [since FEDORA-2008-7467]
CVE-2008-3714 fixed (awstats) #459741 [since FEDORA-2008-7684]
CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719]
+CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464184
+CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871
+CVE-2008-3661 VULNERABLE (drupal) #464163 ignored by upstream
CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
@@ -81,6 +132,7 @@
CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
+CVE-2008-3102 VULNERABLE (mantis) #464135
CVE-2008-3067 VULNERABLE (sudo, fixed 1.6.9p12)
CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5640] PMASA-2008-4
CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038]
@@ -88,10 +140,10 @@
CVE-2008-2952 fixed (openldap) #453726 [since FEDORA-2008-6029]
CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6830]
CVE-2008-2950 fixed (poppler) #454288 [since FEDORA-2008-7104]
-CVE-2008-2942 VULNERABLE (mercurial)
+CVE-2008-2942 VULNERABLE (mercurial, fixed 1.0.2) #464632
CVE-2008-2941 ignore (hplip) #458989 not run as service
CVE-2008-2940 ignore (hplip) #458989 not run as service
-CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460125
+CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
CVE-2008-2937 VULNERABLE (postfix) #459099
CVE-2008-2936 VULNERABLE (postfix) #459099
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029]
@@ -165,7 +217,7 @@
CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140]
CVE-2008-2371 fixed (pcre) #453555 [since FEDORA-2008-6111]
CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025]
-CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460125
+CVE-2008-2370 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
CVE-2008-2364 fixed (httpd, fixed 2.2.9) #454423 [since FEDORA-2008-6314]
CVE-2008-2363 VULNERABLE (pan) #449333
CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
@@ -209,7 +261,7 @@
CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183]
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460125
+CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8]
CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8]
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
@@ -334,7 +386,7 @@
CVE-2008-1233 version (firefox, fixed 2.0.0.13)
CVE-2008-1233 version (seamonkey, fixed 1.1.9)
CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557]
-CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460125
+CVE-2008-1232 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected
CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2464] not in default config
@@ -470,7 +522,7 @@
CVE-2008-0172 fixed (boost) #428975 [since FEDORA-2008-0754]
CVE-2008-0171 fixed (boost) #428975 [since FEDORA-2008-0754]
CVE-2008-0166 ignore (openssl) Debian specific
-CVE-2008-0128 VULNERABLE (tomcat5) #429904
+CVE-2008-0128 version (tomcat5, fixed 5.5.21) #429904 [since tomcat5-5.5.23-9jpp.4.fc8]
CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610]
CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904]
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
@@ -480,6 +532,8 @@
CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901]
CVE-2008-0047 fixed (cups) #440040 [since FEDORA-2008-2131]
+CVE-2008-0016 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
+CVE-2008-0016 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994]
CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794]
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.223
retrieving revision 1.224
diff -u -r1.223 -r1.224
--- f9 12 Sep 2008 19:00:33 -0000 1.223
+++ f9 30 Sep 2008 12:51:46 -0000 1.224
@@ -5,11 +5,52 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639
+CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490]
+CVE-2008-4242 VULNERABLE (proftpd) #464129
+CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8379]
+CVE-2008-4190 VULNERABLE (openswan)
+CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872
+CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462872
+CVE-2008-4126 ignore (python-pydns, fixed 2.3.2) Debian-specific
+CVE-2008-4109 ignore (openssh, fixed 4.4) Debian incomplete fix
+CVE-2008-4107 version (wordpress, fixed 2.6.2) really PHP flaw
+CVE-2008-4106 fixed (wordpress, fixed 2.6.2) [since FEDORA-2008-7902]
+CVE-2008-4100 VULNERABLE (adns) #462753 upstream design decision
+CVE-2008-4099 VULNERABLE (python-pydns, fixed 2.3.2) #462766
+CVE-2008-4096 fixed (phpMyAdmin, fixed 2.11.9.1) [since FEDORA-2008-8370]
+CVE-2008-4094 fixed (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8322]
+CVE-2008-4070 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4069 ignore (firefox) ff2 only
+CVE-2008-4069 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4068 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4068 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4067 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4067 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4066 ignore (firefox) ff2 only
+CVE-2008-4066 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4065 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4065 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4064 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4064 ignore (seamonkey) ff only
+CVE-2008-4063 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4063 ignore (seamonkey) ff only
+CVE-2008-4062 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4062 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4061 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4061 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4060 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4060 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4059 ignore (firefox) ff2 only
+CVE-2008-4059 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-4058 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-4058 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-3972 VULNERABLE (opensc, fixed 0.11.6)
CVE-2008-3970 fixed (pam_mount, fixed 0.47) [since FEDORA-2008-7976]
CVE-2008-3969 fixed (bitlbee, fixed 1.2.3) [since FEDORA-2008-7830]
CVE-2008-3964 ignore (libpng, fixed 1.2.32beta01) not affected
CVE-2008-3962 VULNERABLE (ssmtp)
+CVE-2008-3949 VULNERABLE (emacs, fixed 22.3)
CVE-2008-3934 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
CVE-2008-3933 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
CVE-2008-3932 fixed (wireshark, fixed 1.0.3) #461255 [since FEDORA-2008-7936]
@@ -17,9 +58,16 @@
CVE-2008-3928 ignore (honeyd) affected script not shipped
CVE-2008-3927 VULNERABLE (tiger)
CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7830]
+CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 VULNERABLE (mono) #461754
CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100
+CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
+CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-3836 ignore (firefox) ff2 only
+CVE-2008-3836 ignore (seamonkey) ff only
+CVE-2008-3835 ignore (firefox) ff2 only
+CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9]
@@ -35,6 +83,9 @@
CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663]
CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739]
+CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185
+CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872
+CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream
CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
@@ -83,6 +134,7 @@
CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
+CVE-2008-3102 VULNERABLE (mantis) #464136
CVE-2008-3067 version (sudo, fixed 1.6.9p12)
CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5676] PMASA-2008-4
CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018]
@@ -90,11 +142,11 @@
CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062]
CVE-2008-2951 fixed (trac, fixed 0.10.5) [since FEDORA-2008-6833]
CVE-2008-2950 fixed (poppler) #454289 [since FEDORA-2008-7012]
-CVE-2008-2942 VULNERABLE (mercurial)
+CVE-2008-2942 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490]
CVE-2008-2941 ignore (hplip) #458990 not run as service
CVE-2008-2940 ignore (hplip) #458990 not run as service
CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
-CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460126
+CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
CVE-2008-2937 VULNERABLE (postfix) #459100
CVE-2008-2936 VULNERABLE (postfix) #459100
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062]
@@ -168,7 +220,7 @@
CVE-2008-2371 fixed (pcre) #453556 [since FEDORA-2008-6110]
CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048]
CVE-2008-2370 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
-CVE-2008-2370 VULNERABLE (tomcat5, fixed 5.5.27) #460126
+CVE-2008-2370 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
CVE-2008-2364 fixed (httpd, fixed 2.2.9) #447311 [since FEDORA-2008-6393]
CVE-2008-2363 VULNERABLE (pan) #449334
CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
@@ -213,7 +265,7 @@
CVE-2008-1949 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1948 fixed (gnutls, fixed 2.2.4) #447511 [since FEDORA-2008-4259]
CVE-2008-1947 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
-CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) #460126
+CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
CVE-2008-1944 version (xen, fixed 3.2)
CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
@@ -337,7 +389,7 @@
CVE-2008-1233 version (seamonkey, fixed 1.1.9)
CVE-2008-1233 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
CVE-2008-1232 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
-CVE-2008-1232 VULNERABLE (tomcat5, fixed 5.5.27) #460126
+CVE-2008-1232 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected
CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config
@@ -482,6 +534,8 @@
CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]
CVE-2008-0047 backport (cups) #440041 [since cups-1.3.6-9.fc9]
+CVE-2008-0016 ignore (firefox) ff2 only
+CVE-2008-0016 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-0008 backport (pulseaudio) #425481 [since pulseaudio-0.9.8-5.fc9]
CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]