fedora-security/audit f10, 1.2, 1.3 f8, 1.220, 1.221 f9, 1.210, 1.211 fc7, 1.376, 1.377 - security-commits - Fedora mailing-lists

16 May 2008

Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7191/audit
Modified Files:
    f10 f8 f9 fc7 
Log Message:
lots of issue from last 3 days
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3

--- f10	13 May 2008 16:32:22 -0000	1.2
+++ f10	16 May 2008 18:59:18 -0000	1.3
@@ -4,23 +4,34 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
+CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2168 ignore (httpd) browser issue, not apache
 CVE-2008-2085 VULNERABLE (sipp) #446222 
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806 
+CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10]
+CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
+CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
 CVE-2008-1999 VULNERABLE (WebKit) 
+CVE-2008-1944 version (xen, fixed 3.2) 
+CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc10]
 CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10]
 CVE-2008-1926 backport (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] 
 CVE-2008-1836 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
-CVE-2008-1803 VULNERABLE (rdesktop) #445843 
-CVE-2008-1802 VULNERABLE (rdesktop) #445843 
-CVE-2008-1801 VULNERABLE (rdesktop) #445843 
-CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9]
+CVE-2008-1803 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] 
+CVE-2008-1802 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] 
+CVE-2008-1801 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] 
+CVE-2008-1771 version (mt-daapd) [since mt-daapd-0.2.4.2-2.fc10]
 CVE-2008-1677 VULNERABLE (fedora-ds-base) #445810 
 CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10]
 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 
+CVE-2008-1423 backport (libvorbis) #446344  [since libvorbis-1.2.0-4.fc10]
+CVE-2008-1420 backport (libvorbis) #446344  [since libvorbis-1.2.0-4.fc10]
+CVE-2008-1419 backport (libvorbis) #446344  [since libvorbis-1.2.0-4.fc10]
 CVE-2008-1387 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
 CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10] 
-CVE-2008-1360 VULNERABLE (nagios) #437852 
+CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9]
 CVE-2008-1103 VULNERABLE (blender) not fixed upstream
 CVE-2008-1100 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
 CVE-2008-1078 VULNERABLE (am-utils) #437746
@@ -30,8 +41,10 @@
 CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9] 
 CVE-2007-6321 VULNERABLE (roundcubemail) #423301
 CVE-2007-6318 VULNERABLE (wordpress) #426434
+CVE-2007-6131 VULNERABLE (scanbuttond) 
 CVE-2007-5907 VULNERABLE (xen) #390121
 CVE-2007-5906 VULNERABLE (xen) #390121
+CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446383 
 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
 CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.220
retrieving revision 1.221
diff -u -r1.220 -r1.221
--- f8	13 May 2008 16:32:22 -0000	1.220
+++ f8	16 May 2008 18:59:18 -0000	1.221
@@ -6,8 +6,11 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
+CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
+CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2168 ignore (httpd) browser issue, not apache
 CVE-2008-2146 version (wordpress, fixed 2.2.3) 
-CVE-2008-2109 VULNERABLE (libid3tag) #445814 
+CVE-2008-2109 fixed (libid3tag) #445814 [since FEDORA-2008-3976] 
 CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] 
 CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
 CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] 
@@ -15,12 +18,17 @@
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445805 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]  
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-3.fc8]
+CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
+CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
 CVE-2008-2000 ignore (WebKit) browser DoS
 CVE-2008-1999 VULNERABLE (WebKit) 
-CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445238 
+CVE-2008-1996 fixed (licq, fixed 1.3.6) #445238 [since FEDORA-2008-3969] 
 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 [since FEDORA-2008-3543] 
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
 CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3501] 
+CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc8]
+CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc8]
 CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
 CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0
 CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443940 [since FEDORA-2008-3352] 
@@ -35,9 +43,9 @@
 CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420] 
-CVE-2008-1803 VULNERABLE (rdesktop) #445842 
-CVE-2008-1802 VULNERABLE (rdesktop) #445842 
-CVE-2008-1801 VULNERABLE (rdesktop) #445842 
+CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] 
+CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] 
+CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] 
 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] 
 CVE-2008-1729 ignore (drupal) 6.x only
 CVE-2008-1722 fixed (cups) #445802 [since FEDORA-2008-3586] 
@@ -75,11 +83,14 @@
 CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370] 
 CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767] 
 CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] 
+CVE-2008-1423 fixed (libvorbis) #446342 [since FEDORA-2008-3934] 
+CVE-2008-1420 fixed (libvorbis) #446342 [since FEDORA-2008-3934] 
+CVE-2008-1419 fixed (libvorbis) #446342 [since FEDORA-2008-3934] 
 CVE-2008-1394 ignore (plone) 
 CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] 
 CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] 
 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
-CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.37-1.fc8] 
+CVE-2008-1382 VULNERABLE (libpng10) [since FEDORA-2008-3937] 
 CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444436 [since FEDORA-2008-3462] 
 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) 
 CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] 
@@ -87,7 +98,7 @@
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] 
 CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] 
-CVE-2008-1360 VULNERABLE (nagios) #437850 
+CVE-2008-1360 fixed (nagios, fixed 2.11) #437850 [since FEDORA-2008-3098] 
 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
 CVE-2008-1333 ignore (asterisk) not affected
 CVE-2008-1332 fixed (asterisk, fixed 1.4.18.1) #438133 [since FEDORA-2008-2554] 
@@ -135,7 +146,7 @@
 CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] 
 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043]
 CVE-2008-1103 VULNERABLE (blender) not fixed upstream
-CVE-2008-1102 VULNERABLE (blender) #443936 
+CVE-2008-1102 fixed (blender) #443936 [since FEDORA-2008-3875] 
 CVE-2008-1100 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] 
 CVE-2008-1099 fixed (moin) #438673 [since FEDORA-2008-3301] 
 CVE-2008-1098 fixed (moin) #438673 [since FEDORA-2008-3301] 
@@ -334,6 +345,7 @@
 CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
 CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
 CVE-2007-6183 backport (ruby-gnome2) #405601 [since FEDORA-2007-4216]
+CVE-2007-6131 VULNERABLE (scanbuttond) 
 CVE-2007-6121 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
 CVE-2007-6120 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
 CVE-2007-6119 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
@@ -385,6 +397,7 @@
 CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
 CVE-2007-5848 version (cups, fixed 1.2.0) 
 CVE-2007-5846 version (net-snmp, fixed 5.4.1) 
+CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446381 
 CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
 CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
 CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.210
retrieving revision 1.211
diff -u -r1.210 -r1.211
--- f9	13 May 2008 16:32:22 -0000	1.210
+++ f9	16 May 2008 18:59:18 -0000	1.211
@@ -5,6 +5,9 @@
 # (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
+CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2168 ignore (httpd) browser issue, not apache
 CVE-2008-2146 version (wordpress, fixed 2.2.3) 
 CVE-2008-2109 fixed (libid3tag) #445815 [since FEDORA-2008-3757] 
 CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668] 
@@ -14,12 +17,17 @@
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc9]
+CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
+CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
 CVE-2008-2000 ignore (WebKit) browser DoS
 CVE-2008-1999 VULNERABLE (WebKit) 
 CVE-2008-1996 fixed (licq, fixed 1.3.6) #445239 [since FEDORA-2008-3812] 
 CVE-2008-1974 ignore (kronolith, fixed 3.1.8) #444405 package removed from f9 and rawhide
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
 CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3690] 
+CVE-2008-1944 version (xen, fixed 3.2) 
+CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9]
 CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] 
 CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0
 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941 
@@ -30,15 +38,15 @@
 CVE-2008-1878 backport (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9]
 CVE-2008-1845 version (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora?
 CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
-CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
+CVE-2008-1836 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] 
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9]
 CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9] 
-CVE-2008-1803 VULNERABLE (rdesktop) #445843 
-CVE-2008-1802 VULNERABLE (rdesktop) #445843 
-CVE-2008-1801 VULNERABLE (rdesktop) #445843 
+CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] 
+CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] 
+CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] 
 CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9] 
-CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9]
+CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.2.4.2-2.fc9]
 CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9]
 CVE-2008-1722 fixed (cups) #445803 [since FEDORA-2008-3756] 
 CVE-2008-1720 version (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9]
@@ -74,9 +82,12 @@
 CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9]
 CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9]
 CVE-2008-1467 fixed (centerim) #438871
+CVE-2008-1423 fixed (libvorbis) #446343 [since FEDORA-2008-3910] 
+CVE-2008-1420 fixed (libvorbis) #446343 [since FEDORA-2008-3910] 
+CVE-2008-1419 fixed (libvorbis) #446343 [since FEDORA-2008-3910] 
 CVE-2008-1394 ignore (plone) 
 CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9]
-CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
+CVE-2008-1387 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] 
 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
 CVE-2008-1382 VULNERABLE (libpng10) [since FEDORA-2008-3683] 
 CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444437 [since FEDORA-2008-3601] 
@@ -86,7 +97,7 @@
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9]
 CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
-CVE-2008-1360 VULNERABLE (nagios) #437852 
+CVE-2008-1360 version (nagios, fixed 2.11) #437852 [since nagios-2.11-3.fc9]
 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
 CVE-2008-1333 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9]
 CVE-2008-1332 ignore (asterisk) not affected according to upstream advisory
@@ -133,7 +144,7 @@
 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9]
 CVE-2008-1103 VULNERABLE (blender) not fixed upstream
 CVE-2008-1102 backport (blender) #443937 [since blender-2.45-12.fc9] 
-CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
+CVE-2008-1100 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] 
 CVE-2008-1099 version (moin, fixed 1.5.9) #438674
 CVE-2008-1098 version (moin, fixed 1.5.9) #438674
 CVE-2008-1078 ignore (am-utils) minimal impact
@@ -223,7 +234,7 @@
 CVE-2008-0364 ignore (bittorrent) Windows only
 CVE-2008-0320 version (openoffice.org, fixed 2.4) 
 CVE-2008-0318 fixed (clamav, fixed 0.92.1)
-CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
+CVE-2008-0314 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] 
 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9]
 CVE-2008-0304 version (thuderbird, fixed 2.0.0.12) [since thunderbird-2.0.0.12-1.fc9]
 CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9]
@@ -329,6 +340,7 @@
 CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
 CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
 CVE-2007-6183 backport (ruby-gnome2) #405611 [since ruby-gnome2-0.16.0-22.fc9]
+CVE-2007-6131 VULNERABLE (scanbuttond) 
 CVE-2007-6121 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
 CVE-2007-6120 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
 CVE-2007-6119 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
@@ -379,6 +391,7 @@
 CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9] 
 CVE-2007-5848 version (cups, fixed 1.2.0) 
 CVE-2007-5846 version (net-snmp, fixed 5.4.1) 
+CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446382 
 CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]
 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1]
 CVE-2007-5760 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.376
retrieving revision 1.377
diff -u -r1.376 -r1.377
--- fc7	13 May 2008 16:32:22 -0000	1.376
+++ fc7	16 May 2008 18:59:18 -0000	1.377
@@ -7,8 +7,11 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] 
+CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
+CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
+CVE-2008-2168 ignore (httpd) browser issue, not apache
 CVE-2008-2146 version (wordpress, fixed 2.2.3) 
-CVE-2008-2109 VULNERABLE (libid3tag) #445813 
+CVE-2008-2109 fixed (libid3tag) #445813 [since FEDORA-2008-3874] 
 CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488] 
 CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
 CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488] 
@@ -16,15 +19,20 @@
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319] 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
+CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-3.fc7]
+CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
+CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
 CVE-2008-2000 ignore (WebKit) browser DoS
 CVE-2008-1999 VULNERABLE (WebKit) 
-CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445237 
+CVE-2008-1996 fixed (licq, fixed 1.3.6) #445237 [since FEDORA-2008-3909] 
 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 [since FEDORA-2008-3460] 
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
 CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3508] 
+CVE-2008-1944 VULNERABLE (xen, fixed 3.2) [since xen-3.1.2-3.fc7]
+CVE-2008-1943 VULNERABLE (xen) [since xen-3.1.2-3.fc7]
 CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
 CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0
-CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 
+CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443939 [since FEDORA-2008-3920] 
 CVE-2008-1927 fixed (perl) [since FEDORA-2008-3399] 
 CVE-2008-1926 VULNERABLE (util-linux) 
 CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3
@@ -36,9 +44,9 @@
 CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358] 
-CVE-2008-1803 VULNERABLE (rdesktop) #445841 
-CVE-2008-1802 VULNERABLE (rdesktop) #445841 
-CVE-2008-1801 VULNERABLE (rdesktop) #445841 
+CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985] 
+CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985] 
+CVE-2008-1801 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985] 
 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] 
 CVE-2008-1729 ignore (drupal) 6.x only
 CVE-2008-1722 fixed (cups) #445801 [since FEDORA-2008-3449] 
@@ -76,6 +84,9 @@
 CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471] 
 CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438666 [since FEDORA-2008-2678] 
 CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] 
+CVE-2008-1423 fixed (libvorbis) #446341 [since FEDORA-2008-3898] 
+CVE-2008-1420 fixed (libvorbis) #446341 [since FEDORA-2008-3898] 
+CVE-2008-1419 fixed (libvorbis) #446341 [since FEDORA-2008-3898] 
 CVE-2008-1394 ignore (plone) 
 CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] 
 CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] 
@@ -88,7 +99,7 @@
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897] 
 CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] 
-CVE-2008-1360 VULNERABLE (nagios) #437851 
+CVE-2008-1360 VULNERABLE (nagios, fixed 2.11) #437851
 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
 CVE-2008-1333 ignore (asterisk) not affected
 CVE-2008-1332 fixed (asterisk, fixed 1.4.18.1) #438132 [since FEDORA-2008-2620] 
@@ -136,7 +147,7 @@
 CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] 
 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
 CVE-2008-1103 VULNERABLE (blender) not fixed upstream
-CVE-2008-1102 VULNERABLE (blender) #443935 
+CVE-2008-1102 fixed (blender) #443935 [since FEDORA-2008-3862] 
 CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] 
 CVE-2008-1099 fixed (moin) #438672 [since FEDORA-2008-3328] 
 CVE-2008-1098 fixed (moin) #438672 [since FEDORA-2008-3328] 
@@ -333,6 +344,7 @@
 CVE-2007-6203 ignore (httpd) #409831 User can't unput garbage before method name
 CVE-2007-6201 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
 CVE-2007-6183 version (ruby-gnome2) #405591 [since FEDORA-2007-4229]
+CVE-2007-6131 VULNERABLE (scanbuttond) 
 CVE-2007-6121 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
 CVE-2007-6120 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
 CVE-2007-6119 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
@@ -384,6 +396,7 @@
 CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
 CVE-2007-5848 version (cups, fixed 1.2.0) 
 CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
+CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #437851
 CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
 CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
 CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]

    