Author: thoger
Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24341/audit
Modified Files: f8 f9 fc7 Log Message: fix SDL_image CVE ids add openldap note some updates
Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.109 retrieving revision 1.110 diff -u -r1.109 -r1.110 --- f8 1 Feb 2008 16:23:25 -0000 1.109 +++ f8 4 Feb 2008 11:45:26 -0000 1.110 @@ -8,11 +8,11 @@ # Up to date F8 as of 20080111
GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 -GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430694 ILBM overflow GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043] -GENERIC-MAP-NOMATCH VULNERABLE (deluge, fixed 0.5.8.3) -GENERIC-MAP-NOMATCH VULNERABLE (rb_libtorrent) +GENERIC-MAP-NOMATCH fixed (deluge, fixed 0.5.8.3) [since FEDORA-2008-1287] +GENERIC-MAP-NOMATCH fixed (rb_libtorrent) [since FEDORA-2008-1198] GENERIC-MAP-NOMATCH VULNERABLE (gnumeric, fixed 1.8.1) #431228 SA28725 +CVE-2008-0544 fixed (SDL_image) #430694 [since FEDORA-2008-1208] ILBM overflow CVE-2008-0460 VULNERABLE (mediawiki) #430288 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] @@ -41,6 +41,8 @@ CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] +CVE-2007-6698 version (openldap, fixed 2.3.36) +CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430241 [since FEDORA-2008-1208] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] CVE-2007-6692 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] CVE-2007-6691 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] @@ -278,7 +280,6 @@ CVE-2006-5170 version (nss_ldap, fixed 183) CVE-2006-4573 version (screen, fixed 4.0.3) #212057 CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this. -CVE-2006-4484 VULNERABLE (SDL_image, fixed 1.2.7) #430241 CVE-2006-2894 version (firefox, fixed 2.0.0.8) CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511 CVE-2006-0987 ignore (bind) example config file only
Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.100 retrieving revision 1.101 diff -u -r1.100 -r1.101 --- f9 1 Feb 2008 16:23:25 -0000 1.100 +++ f9 4 Feb 2008 11:45:26 -0000 1.101 @@ -8,11 +8,11 @@ # Up to date F9 as of 20071029
GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 -GENERIC-MAP-NOMATCH backport (SDL_image) #430696 ILBM overflow [since SDL_image-1.2.6-5.fc9] GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since xine-lib-1.1.10-2.fc9] GENERIC-MAP-NOMATCH version (deluge, fixed 0.5.8.3) [since deluge-0.5.8.3-1.fc9] GENERIC-MAP-NOMATCH backport (rb_libtorrent) [since rb_libtorrent-0.12-3.fc9] GENERIC-MAP-NOMATCH version (gnumeric, fixed 1.8.1) [since gnumeric-1.8.1-1.fc9] SA28725 +CVE-2008-0544 backport (SDL_image) #430696 ILBM overflow [since SDL_image-1.2.6-5.fc9] CVE-2008-0460 VULNERABLE (mediawiki) #430289 CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9] CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9] @@ -41,6 +41,8 @@ CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) +CVE-2007-6698 version (openldap, fixed 2.3.36) +CVE-2007-6697 backport (SDL_image, fixed 1.2.7) #430238 [since SDL_image-1.2.6-4.fc9] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] CVE-2007-6692 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] CVE-2007-6691 version (gallery2, fixed 2.2.4) [since gallery2-2.2.4-1] @@ -259,7 +261,6 @@ CVE-2006-5170 version (nss_ldap, fixed 183) CVE-2006-4573 version (screen, fixed 4.0.3) #212057 CVE-2006-4561 ignore (firefox) Needs DNS spoofing; https is for this. -CVE-2006-4484 backport (SDL_image, fixed 1.2.7) #430238 [since SDL_image-1.2.6-4.fc9] CVE-2006-2894 version (firefox, fixed 2.0.0.8) CVE-2006-2894 version (seamonkey, fixed 1.1.5) #194511 CVE-2006-0987 ignore (bind) example config file only
Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.265 retrieving revision 1.266 diff -u -r1.265 -r1.266 --- fc7 1 Feb 2008 16:23:25 -0000 1.265 +++ fc7 4 Feb 2008 11:45:26 -0000 1.266 @@ -9,11 +9,11 @@ # Up to date FC7 as of 20080111
GENERIC-MAP-NOMATCH VULNERABLE (comix) multiple issues tracked via #430635 -GENERIC-MAP-NOMATCH VULNERABLE (SDL_image) #430695 ILBM overflow GENERIC-MAP-NOMATCH version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047] -GENERIC-MAP-NOMATCH VULNERABLE (deluge, fixed 0.5.8.3) -GENERIC-MAP-NOMATCH VULNERABLE (rb_libtorrent) +GENERIC-MAP-NOMATCH fixed (deluge, fixed 0.5.8.3) [since FEDORA-2008-1198] +GENERIC-MAP-NOMATCH fixed (rb_libtorrent) [since FEDORA-2008-1245] GENERIC-MAP-NOMATCH VULNERABLE (gnumeric, fixed 1.8.1) #431228 SA28725 +CVE-2008-0544 fixed (SDL_image) #430695 [since FEDORA-2008-1208] ILBM overflow CVE-2008-0460 VULNERABLE (mediawiki) #430287 CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015] @@ -42,6 +42,8 @@ CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] +CVE-2007-6698 VULNERABLE (openldap, fixed 2.3.36) #431409 +CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430239 [since FEDORA-2008-1231] CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] CVE-2007-6692 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] CVE-2007-6691 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] @@ -998,7 +1000,6 @@ CVE-2006-4485 version (php, fixed 5.1.5) CVE-2006-4484 version (php, fixed 5.1.5) CVE-2006-4484 ignore (gd) -CVE-2006-4484 VULNERABLE (SDL_image, fixed 1.2.7) #430239 CVE-2006-4483 ignore (php) not linux CVE-2006-4482 version (php, fixed 5.1.5) CVE-2006-4481 ignore (php) safe mode isn't safe
security-commits@lists.fedoraproject.org