Author: thoger
Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7474/audit
Modified Files: f10 f8 f9 Added Files: f11 Log Message: bunch of updates add f11 file
***** Error reading new file: [Errno 2] No such file or directory: 'f11'
Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- f10 21 Nov 2008 20:59:01 -0000 1.28 +++ f10 26 Nov 2008 09:50:09 -0000 1.29 @@ -4,21 +4,21 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff)
-CVE-2008-5187 VULNERABLE (imlib2) #472579 +CVE-2008-5187 fixed (imlib2) #472579 [since FEDORA-2008-10364] CVE-2008-5153 VULNERABLE (moodle) #472120 -CVE-2008-5148 VULNERABLE (geda-gnetlist) #472116 +CVE-2008-5148 fixed (geda-gnetlist) #472116 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472112 CVE-2008-5113 VULNERABLE (wordpress) #471992 CVE-2008-5110 VULNERABLE (syslog-ng) CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10] -CVE-2008-5076 VULNERABLE (htop) +CVE-2008-5076 fixed (htop) [since FEDORA-2008-9944] CVE-2008-5050 version (clamav, fixed 0.94.1) [since clamav-0.94.1-1.fc10] CVE-2008-5030 fixed (libcdaudio) CVE-2008-5008 version (libsamplerate, fixed 0.14) [since libsamplerate-0.1.4-1.fc10] CVE-2008-5007 fixed (lazarus) [since lazarus-0.9.26-1.fc10] CVE-2008-5006 version (uw-imap, fixed 2007d) [since uw-imap-2007d-1.fc10] CVE-2008-5005 version (uw-imap, fixed 2007d) [since uw-imap-2007d-1.fc10] -CVE-2008-4989 VULNERABLE (gnutls, fixed 2.6.1) [since gnutls-2.4.2-3.fc10] +CVE-2008-4989 fixed (gnutls, fixed 2.6.1) [since FEDORA-2008-10162] CVE-2008-4987 fixed (xastir) [since xastir-1.9.2-9.fc10] CVE-2008-4985 ignore (vdr) Debian-specific CVE-2008-4982 fixed (rkhunter) [since rkhunter-1.3.2-5.fc10] @@ -37,7 +37,7 @@ CVE-2008-4776 version (libgadu, fixed 1.8.2) [since libgadu-1.8.2-1.fc10] CVE-2008-4775 version (phpMyAdmin, fixed 3.0.1.1) [since phpMyAdmin-3.0.1.1-1.fc10] CVE-2008-4769 version (wordpress) -CVE-2008-4690 VULNERABLE (lynx) [since lynx-2.8.6-18.fc10] +CVE-2008-4690 VULNERABLE (lynx) [since FEDORA-2008-9952] CVE-2008-4641 VULNERABLE (jhead) CVE-2008-4640 VULNERABLE (jhead) CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] @@ -45,6 +45,7 @@ CVE-2008-4578 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] CVE-2008-4577 version (dovecot, fixed 1.1.14) [since dovecot-1.1.5-1.fc10] CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] +CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10392] dialupadmin subpackage dropped CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] @@ -53,11 +54,15 @@ CVE-2008-4359 version (lighttpd, fixed 1.4.20) #465754 [since lighttpd-1.4.20-1.fc10] CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10] CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10] +CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] +CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-10061] CVE-2008-4309 VULNERABLE (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10] CVE-2008-4306 fixed (enscript) [since enscript-1.6.4-11.fc10] CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] CVE-2008-4242 VULNERABLE (proftpd) #464130 +CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-10038] +CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-10038] CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10] CVE-2008-4190 VULNERABLE (openswan) CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462873 @@ -311,7 +316,7 @@ CVE-2008-2085 backport (sipp) #446222 [since sipp-3.1-2.fc10] CVE-2008-2079 version (mysql, fixed 5.0.60) [since mysql-5.0.67-1.fc10] CVE-2008-2051 version (php, fixed 5.2.6) [since php-5.2.6-2.fc9] -CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10] +CVE-2008-2004 backport (xen) disables format autodetection by default [since xen-3.2.0-14.fc10] CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes CVE-2008-1999 VULNERABLE (WebKit) @@ -342,7 +347,7 @@ CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10] CVE-2008-1502 version (moodle, fixed 1.9) CVE-2008-1488 version (php-pecl-apc) #438848 [since php-pecl-apc-3.0.19-1.fc10] -CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) +CVE-2008-1475 version (roundup, fixed 1.4.5) [since roundup-1.4.6-1.fc10] CVE-2008-1447 version (bind) #454477 [since bind-9.5.1-0.1.b1.fc10)] CVE-2008-1447 version (dnssec-tools) [since dnssec-tools-1.4.1-2.fc10] CVE-2008-1423 backport (libvorbis) #446344 [since libvorbis-1.2.0-4.fc10] @@ -379,8 +384,8 @@ CVE-2007-6318 VULNERABLE (wordpress) #426434 CVE-2007-6131 VULNERABLE (scanbuttond) CVE-2007-5962 fixed (vsftpd) [since vsftpd-2.0.6-4.fc10] -CVE-2007-5907 VULNERABLE (xen) #390121 -CVE-2007-5906 VULNERABLE (xen) #390121 +CVE-2007-5907 version (xen) #390121 +CVE-2007-5906 version (xen) #390121 CVE-2007-5803 version (nagios, fixed 2.12) #446383 [since nagios-2.12-3.fc10] CVE-2007-5615 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10] CVE-2007-5614 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10]
Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.248 retrieving revision 1.249 diff -u -r1.248 -r1.249 --- f8 21 Nov 2008 20:59:01 -0000 1.248 +++ f8 26 Nov 2008 09:50:09 -0000 1.249 @@ -6,14 +6,14 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) -CVE-2008-5187 VULNERABLE (imlib2) #472577 +CVE-2008-5187 fixed (imlib2) #472577 [since FEDORA-2008-10296] CVE-2008-5153 VULNERABLE (moodle) #472118 -CVE-2008-5148 VULNERABLE (geda-gnetlist) #472114 +CVE-2008-5148 fixed (geda-gnetlist) #472114 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472110 CVE-2008-5113 VULNERABLE (wordpress) #471990 CVE-2008-5110 VULNERABLE (syslog-ng) #471985 CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9639] -CVE-2008-5076 VULNERABLE (htop) +CVE-2008-5076 fixed (htop) [since FEDORA-2008-9791] CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9651] CVE-2008-5030 fixed (libcdaudio) CVE-2008-5008 VULNERABLE (libsamplerate, fixed 0.14) @@ -47,6 +47,7 @@ CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9232] CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941] +CVE-2008-4474 ignore (freeradius) dialupadmin not shipped CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582] @@ -55,11 +56,15 @@ CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286] CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8270] +CVE-2008-4315 ignore (tog-pegasus) +CVE-2008-4313 ignore (tog-pegasus) CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9362] CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9351] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632 CVE-2008-4242 VULNERABLE (proftpd) #464128 +CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9729] +CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9729] CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423] CVE-2008-4190 VULNERABLE (openswan) CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871 @@ -392,7 +397,7 @@ CVE-2008-1488 fixed (php-pecl-apc) #438847 [since FEDORA-2008-6344] CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849] -CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) +CVE-2008-1475 fixed (roundup, fixed 1.4.5) [since FEDORA-2008-9712] CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370] CVE-2008-1468 fixed (namazu, fixed 2.0.18) #438667 [since FEDORA-2008-2767] CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.239 retrieving revision 1.240 diff -u -r1.239 -r1.240 --- f9 21 Nov 2008 20:59:01 -0000 1.239 +++ f9 26 Nov 2008 09:50:09 -0000 1.240 @@ -5,14 +5,14 @@ # (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15) -CVE-2008-5187 VULNERABLE (imlib2) #472578 +CVE-2008-5187 fixed (imlib2) #472578 [since FEDORA-2008-10287] CVE-2008-5153 VULNERABLE (moodle) #472119 -CVE-2008-5148 VULNERABLE (geda-gnetlist) #472115 +CVE-2008-5148 fixed (geda-gnetlist) #472115 [since FEDORA-2008-9730] CVE-2008-5138 VULNERABLE (pam_mount) #472111 CVE-2008-5113 VULNERABLE (wordpress) #471991 CVE-2008-5110 VULNERABLE (syslog-ng) #471986 CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633] -CVE-2008-5076 VULNERABLE (htop) +CVE-2008-5076 fixed (htop) [since FEDORA-2008-9728] CVE-2008-5050 fixed (clamav, fixed 0.94.1) [since FEDORA-2008-9644] CVE-2008-5030 fixed (libcdaudio) CVE-2008-5008 VULNERABLE (libsamplerate, fixed 0.14) @@ -46,6 +46,7 @@ CVE-2008-4578 ignore (dovecot, fixed 1.1.14) wontfix CVE-2008-4577 fixed (dovecot, fixed 1.1.14) [since FEDORA-2008-9202] CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] +CVE-2008-4474 fixed (freeradius) [since FEDORA-2008-10309] dialupadmin subpackage dropped CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] @@ -54,11 +55,15 @@ CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252] +CVE-2008-4315 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] +CVE-2008-4313 VULNERABLE (tog-pegasus) [since FEDORA-2008-9688] CVE-2008-4309 fixed (net-snmp, fixed 5.4.2.1) [since FEDORA-2008-9367] CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] CVE-2008-4242 VULNERABLE (proftpd) #464129 +CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9773] +CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9773] CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379] CVE-2008-4190 VULNERABLE (openswan) CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872 @@ -320,7 +325,7 @@ CVE-2008-2051 fixed (php, fixed 5.2.6) [since FEDORA-2008-3606] CVE-2008-2050 ignore (php, fixed 5.2.6) CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381 -CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc9] +CVE-2008-2004 fixed (xen) [since FEDORA-2008-5053] disables format autodetection by default CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes CVE-2008-2000 ignore (WebKit) browser DoS @@ -335,7 +340,7 @@ CVE-2008-1947 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] CVE-2008-1947 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] CVE-2008-1944 version (xen, fixed 3.2) -CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc9] +CVE-2008-1943 fixed (xen) [since FEDORA-2008-5053] CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0 CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443941 [since FEDORA-2008-4003] @@ -401,7 +406,7 @@ CVE-2008-1488 fixed (php-pecl-apc) #455166 [since FEDORA-2008-6401] CVE-2008-1483 ignore (openssh) was alrady fixed by another patch CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9] -CVE-2008-1475 VULNERABLE (roundup, fixed 1.4.5) +CVE-2008-1475 fixed (roundup, fixed 1.4.5) [since FEDORA-2008-9734] CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9] CVE-2008-1468 version (namazu, fixed 2.0.18) #438668 [since namazu-2.0.18-1.fc9] CVE-2008-1467 fixed (centerim) #438871 @@ -727,8 +732,8 @@ CVE-2007-5934 version (php-pear-MDB2-Driver-mysql) #379141 [since php-pear-MDB2-Driver-mysql-1.4.1-3.fc9] CVE-2007-5934 version (php-pear-MDB2-Driver-mysqli) #379171 [since php-pear-MDB2-Driver-mysqli-1.4.1-3.fc9] CVE-2007-5925 backport (mysql, fixed 5.0.54) [since mysql-5.0.45-6.fc9] -CVE-2007-5907 VULNERABLE (xen) #390121 -CVE-2007-5906 VULNERABLE (xen) #390121 +CVE-2007-5907 version (xen) #390121 +CVE-2007-5906 version (xen) #390121 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable CVE-2007-5901 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2007-5900 ignore (php, fixed 5.2.5)
security-commits@lists.fedoraproject.org