fedora-security/audit f8, 1.216, 1.217 f9, 1.206, 1.207 fc7, 1.372, 1.373 - security-commits - Fedora mailing-lists

7 May 2008

Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6726/audit
Modified Files:
    f8 f9 fc7 
Log Message:
more pre-f9 cleanups
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.216
retrieving revision 1.217
diff -u -r1.216 -r1.217

--- f8	6 May 2008 16:54:54 -0000	1.216
+++ f8	7 May 2008 16:48:08 -0000	1.217
@@ -5,7 +5,7 @@
 # (mozilla) = (gecko-libs dependent stuff)
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
-rhbz249840 VULNERABLE (tor) 
+rhbz249840 version (tor, fixed 0.1.2.15) 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]  
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2000 ignore (WebKit) browser DoS
@@ -122,6 +122,7 @@
 CVE-2008-1131 ignore (drupal) #435816 drupal 6.x only
 CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] 
 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043]
+CVE-2008-1103 VULNERABLE (blender) not fixed upstream
 CVE-2008-1102 VULNERABLE (blender) #443936 
 CVE-2008-1100 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] 
 CVE-2008-1099 fixed (moin) #438673 [since FEDORA-2008-3301] 
@@ -262,7 +263,7 @@
 CVE-2007-6687 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] 
 CVE-2007-6686 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] 
 CVE-2007-6685 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] 
-CVE-2007-6672 ingore (jetty) #428017 jetty 6.x only
+CVE-2007-6672 ignore (jetty) #428017 jetty 6.x only
 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] 
 CVE-2007-6612 ignore (rubygem-mongrel, only affects 1.0.4) affected version was not shipped
 CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] 
@@ -341,7 +342,7 @@
 CVE-2007-6018 fixed (wordpress) #426433 [since FEDORA-2008-0103] 
 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275]
 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
-CVE-2007-6013 fixed (wordpress) #426433 [since FEDORA-2008-0103] 
+CVE-2007-6013 fixed (wordpress) [since wordpress-2.5.1-1.fc8]
 CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
 CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385901 [since FEDORA-2007-3636]
 CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
@@ -355,7 +356,7 @@
 CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
 CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] 
 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
-CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
+CVE-2007-5938 fixed (kernel) #385861 iwlwifi [since kernel-2.6.23.9-67.fc8] 
 CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows
 CVE-2007-5936 backport (tetex) #379861 [since FEDORA-2007-3308] dviljk uses insecure temporary file
 CVE-2007-5935 backport (tetex) #379861 [since FEDORA-2007-3308] dvips -z buffer overflow with long href
@@ -449,9 +450,9 @@
 CVE-2007-4129 backport (coolkey) [since coolkey-1.1.0-5.fc8]
 CVE-2007-4045 backport (cups) [since FEDORA-2007-2982]
 CVE-2007-4033 backport (tetex) [since FEDORA-2007-3308]
-CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362091
+CVE-2007-3999 fixed (nfs-utils-lib) #362091 [since FEDORA-2008-1102]
 CVE-2007-3999 fixed (libtirpc) #362111 [since FEDORA-2008-1017] 
-CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #363061
+CVE-2007-3920 fixed (compiz, not fixed upstream) #363061 [since xorg-x11-server-1.3.0.0-40.fc8]
 CVE-2007-3919 backport (xen, fixed 3.1.0-13) #361991
 CVE-2007-3844 version (firefox, fixed 2.0.0.6)
 CVE-2007-3843 version (kernel) #246595 No idea which version fixed this
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.206
retrieving revision 1.207
diff -u -r1.206 -r1.207
--- f9	6 May 2008 16:54:54 -0000	1.206
+++ f9	7 May 2008 16:48:08 -0000	1.207
@@ -4,13 +4,13 @@
 # *CVE are items that need verification for Fedora 9
 # (mozilla) = (gecko-libs dependent stuff)
-rhbz249840 VULNERABLE (tor) 
+rhbz249840 version (tor, fixed 0.1.2.15)
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2000 ignore (WebKit) browser DoS
 CVE-2008-1999 VULNERABLE (WebKit) 
 CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445239 
-CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405 
+CVE-2008-1974 ignore (kronolith, fixed 3.1.8) #444405 package removed from f9 and rawhide
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
 CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc9] 
 CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] 
@@ -67,7 +67,7 @@
 CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
 CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc9]
-CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437 
+CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437 [since zoneminder-1.22.3-14.fc9]
 CVE-2008-1380 version (firefox, fixed 2.0.0.14) 
 CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9]
 CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
@@ -119,6 +119,7 @@
 CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9]
 CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9]
+CVE-2008-1103 VULNERABLE (blender) not fixed upstream
 CVE-2008-1102 backport (blender) #443937 [since blender-2.45-12.fc9] 
 CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
 CVE-2008-1099 version (moin, fixed 1.5.9) #438674
@@ -329,14 +330,13 @@
 CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9]
 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2)
 CVE-2007-6067 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
-CVE-2007-6061 VULNERABLE (audacity) #393251
+CVE-2007-6061 backport (audacity) #393251 [since audacity-1.3.2-21.fc9]
 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9]
 CVE-2007-6029 ignore (clamav) insufficient information about the issue
 CVE-2007-6018 version (horde, fixed 3.1.6) #428630 [since horde-3.1.6-1.fc9]
 CVE-2007-6018 version (imp, fixed 4.1.6) #428634 [since imp-4.1.6-1.fc9]
-CVE-2007-6018 VULNERABLE (wordpress) #426434
 CVE-2007-6015 version (samba, fixed 3.0.28) #433622 [since samba-3.2.0-1.pre2.5.fc9]
-CVE-2007-6013 VULNERABLE (wordpress) #426434 
+CVE-2007-6013 version (wordpress, fixed 2.5) [since wordpress-2.5.1-1.fc9]
 CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
 CVE-2007-5976 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
 CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
@@ -350,7 +350,7 @@
 CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
 CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9] code removed upstream
 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7)
-CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
+CVE-2007-5938 fixed (kernel) #385861 iwlwifi [since kernel-2.6.24-0.47.rc3.git2.fc9]
 CVE-2007-5937 backport (tetex) #379851 Multiple dviljk buffer overflows [since tetex-3.0-48.fc9]
 CVE-2007-5936 backport (tetex) #379851 dviljk uses insecure temporary file [since tetex-3.0-48.fc9]
 CVE-2007-5935 backport (tetex) #379851 dvips -z buffer overflow with long href [since tetex-3.0-48.fc9]
@@ -401,7 +401,7 @@
 CVE-2007-5333 version (tomcat5, fixed 5.5.26) #428257 [since tomcat5-5.5.26-1jpp.1.fc9]
 CVE-2007-5201 version (duplicity, fixed 0.4.9?) #362841 [since duplicity-0.4.9-1.fc9]
 CVE-2007-5200 version (hugin) #362871 [since hugin-0.6.1-11.fc9]
-CVE-2007-5198 VULNERABLE (nagios-plugins, fixed 1.4.10) #362901
+CVE-2007-5198 version (nagios-plugins, fixed 1.4.10) #362901 [since nagios-plugins-1.4.11-4.fc9]
 CVE-2007-5197 version (mono, fixed 1.2.5.1) #367551 [since mono-1.2.5.1-3.fc9]
 CVE-2007-5116 backport (perl) #378151 [since perl-5.8.8-31.fc9]
 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
@@ -423,7 +423,7 @@
 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5)
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
 CVE-2007-4476 backport (cpio, not fixed 2.9) #339691 [since cpio-2.9-5.fc9]
-CVE-2007-4400 VULNERABLE (konversation) #362931 Remove media script?
+CVE-2007-4400 backport (konversation) #362931 Remove media script? [since konversation-1.0.1-6.fc9]
 CVE-2007-4352 backport (xpdf) #372481 [since xpdf-3.02-4.fc9]
 CVE-2007-4352 backport (cups)
 CVE-2007-4352 version (poppler, fixed 0.6.2) #372521 [since poppler-0.6.2-1.fc9]
@@ -431,14 +431,14 @@
 CVE-2007-4352 backport (koffice) #372611 [since koffice-1.6.3-15.fc9]
 CVE-2007-4352 version (tetex) #372671 [since tetex-3.0-48.fc9]
 CVE-2007-4351 version (cups) #361681
-CVE-2007-3999 VULNERABLE (nfs-utils-lib) #362101
-CVE-2007-3999 VULNERABLE (libtirpc) #362121
-CVE-2007-3920 VULNERABLE (compiz, not fixed upstream) #357091
+CVE-2007-3999 version (nfs-utils-lib) #362101 [since nfs-utils-lib-1.1.0-4.fc9]
+CVE-2007-3999 backport (libtirpc) #362121 [since libtirpc-0.1.7-15.fc9]
+CVE-2007-3920 fixed (compiz, not fixed upstream) #357091
 CVE-2007-3919 backport (xen, fixed 3.1.0-13) #362011
 CVE-2007-3844 version (firefox, fixed 2.0.0.6)
 CVE-2007-3843 version (kernel) #246595 No idea which version fixed this
 CVE-2007-3568 backport (imlib) [since imlib-1.9.15-6.fc9]
-CVE-2007-3544 VULNERABLE (wordpress, NOT fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543
+CVE-2007-3544 version (wordpress, fixed 2.2.1) #245211 Incomplete fix for CVE-2007-3543, insufficient info
 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512
 CVE-2007-3280 ignore (postgresql) bogus CVE assignment
 CVE-2007-3279 ignore (postgresql) bogus CVE assignment
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.372
retrieving revision 1.373
diff -u -r1.372 -r1.373
--- fc7	6 May 2008 16:54:54 -0000	1.372
+++ fc7	7 May 2008 16:48:08 -0000	1.373
@@ -123,6 +123,7 @@
 CVE-2008-1131 ignore (drupal) #435815 drupal 6.x only
 CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] 
 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
+CVE-2008-1103 VULNERABLE (blender) not fixed upstream
 CVE-2008-1102 VULNERABLE (blender) #443935 
 CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] 
 CVE-2008-1099 fixed (moin) #438672 [since FEDORA-2008-3328] 
@@ -340,7 +341,7 @@
 CVE-2007-6018 fixed (imp) #428633 [since FEDORA-2008-2087] 
 CVE-2007-6018 fixed (wordpress) #426432 [since FEDORA-2008-0126] 
 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269]
-CVE-2007-6013 fixed (wordpress) #426432 [since FEDORA-2008-0126] 
+CVE-2007-6013 fixed (wordpress, fixed 2.5) [since wordpress-2.5.1-1.fc7]
 CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
 CVE-2007-5976 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
 CVE-2007-5972 ignore (krb5, fixed 1.6.4) not exploitable
@@ -354,7 +355,7 @@
 CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
 CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] 
 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
-CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
+CVE-2007-5938 fixed (kernel) #385861 iwlwifi [since kernel-2.6.23.9-39.fc7]
 CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows
 CVE-2007-5936 backport (tetex) #379831 [since FEDORA-2007-3390] dviljk uses insecure temporary file
 CVE-2007-5935 backport (tetex) #379831 [since FEDORA-2007-3390] dvips -z buffer overflow with long href
@@ -557,7 +558,7 @@
 CVE-2007-3999 VULNERABLE (libtirpc) #294921
 CVE-2007-3962 ignore (gftp) multiple buffer overflows in fsplib, not on Linux
 CVE-2007-3961 ignore (gftp) off-by-one error in fsplib
-CVE-2007-3920 VULNERABLE (compiz) #357071
+CVE-2007-3920 fixed (compiz) #357071 [since xorg-x11-server-1.3.0.0-16.fc7]
 CVE-2007-3852 backport (sysstat) #252295 [since FEDORA-2007-1697]
 CVE-2007-3950 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]
 CVE-2007-3949 version (lighttpd, fixed 1.4.16) #249162 [since FEDORA-2007-1299]

    