Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7191/audit
Modified Files:
f10 f8 f9 fc7
Log Message:
lots of issue from last 3 days
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- f10 13 May 2008 16:32:22 -0000 1.2
+++ f10 16 May 2008 18:59:18 -0000 1.3
@@ -4,23 +4,34 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
+CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2085 VULNERABLE (sipp) #446222
CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806
+CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since
xen-3.2.0-11.fc10]
+CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
+CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
CVE-2008-1999 VULNERABLE (WebKit)
+CVE-2008-1944 version (xen, fixed 3.2)
+CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc10]
CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10]
CVE-2008-1926 backport (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9]
CVE-2008-1836 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
-CVE-2008-1803 VULNERABLE (rdesktop) #445843
-CVE-2008-1802 VULNERABLE (rdesktop) #445843
-CVE-2008-1801 VULNERABLE (rdesktop) #445843
-CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9]
+CVE-2008-1803 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10]
+CVE-2008-1802 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10]
+CVE-2008-1801 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10]
+CVE-2008-1771 version (mt-daapd) [since mt-daapd-0.2.4.2-2.fc10]
CVE-2008-1677 VULNERABLE (fedora-ds-base) #445810
CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10]
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848
+CVE-2008-1423 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10]
+CVE-2008-1420 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10]
+CVE-2008-1419 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10]
CVE-2008-1387 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10]
-CVE-2008-1360 VULNERABLE (nagios) #437852
+CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9]
CVE-2008-1103 VULNERABLE (blender) not fixed upstream
CVE-2008-1100 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
CVE-2008-1078 VULNERABLE (am-utils) #437746
@@ -30,8 +41,10 @@
CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9]
CVE-2007-6321 VULNERABLE (roundcubemail) #423301
CVE-2007-6318 VULNERABLE (wordpress) #426434
+CVE-2007-6131 VULNERABLE (scanbuttond)
CVE-2007-5907 VULNERABLE (xen) #390121
CVE-2007-5906 VULNERABLE (xen) #390121
+CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446383
CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory
traversal
CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where
we use the code.
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.220
retrieving revision 1.221
diff -u -r1.220 -r1.221
--- f8 13 May 2008 16:32:22 -0000 1.220
+++ f8 16 May 2008 18:59:18 -0000 1.221
@@ -6,8 +6,11 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
+CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2146 version (wordpress, fixed 2.2.3)
-CVE-2008-2109 VULNERABLE (libid3tag) #445814
+CVE-2008-2109 fixed (libid3tag) #445814 [since FEDORA-2008-3976]
CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442]
CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442]
@@ -15,12 +18,17 @@
CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445805
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since
xen-3.1.2-3.fc8]
+CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
+CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
CVE-2008-2000 ignore (WebKit) browser DoS
CVE-2008-1999 VULNERABLE (WebKit)
-CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445238
+CVE-2008-1996 fixed (licq, fixed 1.3.6) #445238 [since FEDORA-2008-3969]
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 [since FEDORA-2008-3543]
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3501]
+CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8]
+CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8]
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp
2.5.0
CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443940 [since FEDORA-2008-3352]
@@ -35,9 +43,9 @@
CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420]
-CVE-2008-1803 VULNERABLE (rdesktop) #445842
-CVE-2008-1802 VULNERABLE (rdesktop) #445842
-CVE-2008-1801 VULNERABLE (rdesktop) #445842
+CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917]
+CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917]
+CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917]
CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981]
CVE-2008-1729 ignore (drupal) 6.x only
CVE-2008-1722 fixed (cups) #445802 [since FEDORA-2008-3586]
@@ -75,11 +83,14 @@
CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370]
CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767]
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
+CVE-2008-1423 fixed (libvorbis) #446342 [since FEDORA-2008-3934]
+CVE-2008-1420 fixed (libvorbis) #446342 [since FEDORA-2008-3934]
+CVE-2008-1419 fixed (libvorbis) #446342 [since FEDORA-2008-3934]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554]
CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420]
CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
-CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.37-1.fc8]
+CVE-2008-1382 VULNERABLE (libpng10) [since FEDORA-2008-3937]
CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444436 [since FEDORA-2008-3462]
CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264]
@@ -87,7 +98,7 @@
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131]
CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
-CVE-2008-1360 VULNERABLE (nagios) #437850
+CVE-2008-1360 fixed (nagios, fixed 2.11) #437850 [since FEDORA-2008-3098]
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 ignore (asterisk) not affected
CVE-2008-1332 fixed (asterisk, fixed 1.4.18.1) #438133 [since FEDORA-2008-2554]
@@ -135,7 +146,7 @@
CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043]
CVE-2008-1103 VULNERABLE (blender) not fixed upstream
-CVE-2008-1102 VULNERABLE (blender) #443936
+CVE-2008-1102 fixed (blender) #443936 [since FEDORA-2008-3875]
CVE-2008-1100 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420]
CVE-2008-1099 fixed (moin) #438673 [since FEDORA-2008-3301]
CVE-2008-1098 fixed (moin) #438673 [since FEDORA-2008-3301]
@@ -334,6 +345,7 @@
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216]
+CVE-2007-6131 VULNERABLE (scanbuttond)
CVE-2007-6121 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6120 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6119 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
@@ -385,6 +397,7 @@
CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
CVE-2007-5848 version (cups, fixed 1.2.0)
CVE-2007-5846 version (net-snmp, fixed 5.4.1)
+CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446381
CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.210
retrieving revision 1.211
diff -u -r1.210 -r1.211
--- f9 13 May 2008 16:32:22 -0000 1.210
+++ f9 16 May 2008 18:59:18 -0000 1.211
@@ -5,6 +5,9 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
+CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2146 version (wordpress, fixed 2.2.3)
CVE-2008-2109 fixed (libid3tag) #445815 [since FEDORA-2008-3757]
CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668]
@@ -14,12 +17,17 @@
CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since
xen-3.2.0-11.fc9]
+CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
+CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
CVE-2008-2000 ignore (WebKit) browser DoS
CVE-2008-1999 VULNERABLE (WebKit)
CVE-2008-1996 fixed (licq, fixed 1.3.6) #445239 [since FEDORA-2008-3812]
CVE-2008-1974 ignore (kronolith, fixed 3.1.8) #444405 package removed from f9 and
rawhide
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3690]
+CVE-2008-1944 version (xen, fixed 3.2)
+CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9]
CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0
CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941
@@ -30,15 +38,15 @@
CVE-2008-1878 backport (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since
xine-lib-1.1.12-2.fc9]
CVE-2008-1845 version (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on
fedora?
CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
-CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
+CVE-2008-1836 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900]
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9]
CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9]
-CVE-2008-1803 VULNERABLE (rdesktop) #445843
-CVE-2008-1802 VULNERABLE (rdesktop) #445843
-CVE-2008-1801 VULNERABLE (rdesktop) #445843
+CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886]
+CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886]
+CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886]
CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9]
-CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9]
+CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.2.4.2-2.fc9]
CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9]
CVE-2008-1722 fixed (cups) #445803 [since FEDORA-2008-3756]
CVE-2008-1720 version (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9]
@@ -74,9 +82,12 @@
CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9]
CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9]
CVE-2008-1467 fixed (centerim) #438871
+CVE-2008-1423 fixed (libvorbis) #446343 [since FEDORA-2008-3910]
+CVE-2008-1420 fixed (libvorbis) #446343 [since FEDORA-2008-3910]
+CVE-2008-1419 fixed (libvorbis) #446343 [since FEDORA-2008-3910]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since
asterisk-1.6.0-0.6.beta6.fc9]
-CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
+CVE-2008-1387 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900]
CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
CVE-2008-1382 VULNERABLE (libpng10) [since FEDORA-2008-3683]
CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444437 [since FEDORA-2008-3601]
@@ -86,7 +97,7 @@
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9]
CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
-CVE-2008-1360 VULNERABLE (nagios) #437852
+CVE-2008-1360 version (nagios, fixed 2.11) #437852 [since nagios-2.11-3.fc9]
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 version (asterisk, fixed 1.6.0-beta6) #438134 [since
asterisk-1.6.0-0.6.beta6.fc9]
CVE-2008-1332 ignore (asterisk) not affected according to upstream advisory
@@ -133,7 +144,7 @@
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9]
CVE-2008-1103 VULNERABLE (blender) not fixed upstream
CVE-2008-1102 backport (blender) #443937 [since blender-2.45-12.fc9]
-CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
+CVE-2008-1100 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900]
CVE-2008-1099 version (moin, fixed 1.5.9) #438674
CVE-2008-1098 version (moin, fixed 1.5.9) #438674
CVE-2008-1078 ignore (am-utils) minimal impact
@@ -223,7 +234,7 @@
CVE-2008-0364 ignore (bittorrent) Windows only
CVE-2008-0320 version (
openoffice.org, fixed 2.4)
CVE-2008-0318 fixed (clamav, fixed 0.92.1)
-CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
+CVE-2008-0314 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900]
CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9]
CVE-2008-0304 version (thuderbird, fixed 2.0.0.12) [since thunderbird-2.0.0.12-1.fc9]
CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9]
@@ -329,6 +340,7 @@
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
CVE-2007-6183 backport (ruby-gnome2) #405611 [since ruby-gnome2-0.16.0-22.fc9]
+CVE-2007-6131 VULNERABLE (scanbuttond)
CVE-2007-6121 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
CVE-2007-6120 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
CVE-2007-6119 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
@@ -379,6 +391,7 @@
CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9]
CVE-2007-5848 version (cups, fixed 1.2.0)
CVE-2007-5846 version (net-snmp, fixed 5.4.1)
+CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446382
CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]
CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1]
CVE-2007-5760 backport (xorg-x11-server, fixed 1.4.1) #429127 [since
xorg-x11-server-1.4.99.1-0.17.20080107.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.376
retrieving revision 1.377
diff -u -r1.376 -r1.377
--- fc7 13 May 2008 16:32:22 -0000 1.376
+++ fc7 16 May 2008 18:59:18 -0000 1.377
@@ -7,8 +7,11 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
+CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
+CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2168 ignore (httpd) browser issue, not apache
CVE-2008-2146 version (wordpress, fixed 2.2.3)
-CVE-2008-2109 VULNERABLE (libid3tag) #445813
+CVE-2008-2109 fixed (libid3tag) #445813 [since FEDORA-2008-3874]
CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488]
CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488]
@@ -16,15 +19,20 @@
CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804
CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319]
CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since
xen-3.1.2-3.fc7]
+CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
+CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
CVE-2008-2000 ignore (WebKit) browser DoS
CVE-2008-1999 VULNERABLE (WebKit)
-CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445237
+CVE-2008-1996 fixed (licq, fixed 1.3.6) #445237 [since FEDORA-2008-3909]
CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 [since FEDORA-2008-3460]
CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3508]
+CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc7]
+CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc7]
CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp
2.5.0
-CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939
+CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443939 [since FEDORA-2008-3920]
CVE-2008-1927 fixed (perl) [since FEDORA-2008-3399]
CVE-2008-1926 VULNERABLE (util-linux)
CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7]
PMASA-2008-3
@@ -36,9 +44,9 @@
CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358]
-CVE-2008-1803 VULNERABLE (rdesktop) #445841
-CVE-2008-1802 VULNERABLE (rdesktop) #445841
-CVE-2008-1801 VULNERABLE (rdesktop) #445841
+CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985]
+CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985]
+CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985]
CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993]
CVE-2008-1729 ignore (drupal) 6.x only
CVE-2008-1722 fixed (cups) #445801 [since FEDORA-2008-3449]
@@ -76,6 +84,9 @@
CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471]
CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438666 [since FEDORA-2008-2678]
CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
+CVE-2008-1423 fixed (libvorbis) #446341 [since FEDORA-2008-3898]
+CVE-2008-1420 fixed (libvorbis) #446341 [since FEDORA-2008-3898]
+CVE-2008-1419 fixed (libvorbis) #446341 [since FEDORA-2008-3898]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620]
CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
@@ -88,7 +99,7 @@
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897]
CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
-CVE-2008-1360 VULNERABLE (nagios) #437851
+CVE-2008-1360 VULNERABLE (nagios, fixed 2.11) #437851
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 ignore (asterisk) not affected
CVE-2008-1332 fixed (asterisk, fixed 1.4.18.1) #438132 [since FEDORA-2008-2620]
@@ -136,7 +147,7 @@
CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278]
CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
CVE-2008-1103 VULNERABLE (blender) not fixed upstream
-CVE-2008-1102 VULNERABLE (blender) #443935
+CVE-2008-1102 fixed (blender) #443935 [since FEDORA-2008-3862]
CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358]
CVE-2008-1099 fixed (moin) #438672 [since FEDORA-2008-3328]
CVE-2008-1098 fixed (moin) #438672 [since FEDORA-2008-3328]
@@ -333,6 +344,7 @@
CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229]
+CVE-2007-6131 VULNERABLE (scanbuttond)
CVE-2007-6121 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6120 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6119 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
@@ -384,6 +396,7 @@
CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
CVE-2007-5848 version (cups, fixed 1.2.0)
CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
+CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #437851
CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]