Author: thoger
Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13765/audit
Modified Files: f10 f8 f9 Log Message: merge josh's commits to my pending pile of changes
Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- f10 30 Sep 2008 12:51:46 -0000 1.16 +++ f10 7 Oct 2008 15:09:59 -0000 1.17 @@ -4,6 +4,14 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959 +CVE-2008-4434 ignore (bittorrent) 6.x only +CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] +CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10] +CVE-2008-4360 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] +CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #465754 +CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10] +CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10] CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] CVE-2008-4242 VULNERABLE (proftpd) #464130 @@ -60,13 +68,15 @@ CVE-2008-3916 VULNERABLE (ed, fixed 1.0) CVE-2008-3906 version (mono) #461755 [since mono-2.0-6.fc10] CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] -CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101 +CVE-2008-3889 version (postfix, fixed 2.4.9, 2.5.5) #459101 [since postfix-2.5.5-1.fc10] CVE-2008-3837 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] CVE-2008-3837 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] CVE-2008-3836 ignore (firefox) ff2 only CVE-2008-3836 ignore (seamonkey) ff only CVE-2008-3835 ignore (firefox) ff2 only CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] +CVE-2008-3834 VULNERABLE (dbus) +CVE-2008-3825 VULNERABLE (pam_krb5, 2.3.2) CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] @@ -88,6 +98,8 @@ CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] +CVE-2008-3652 VULNERABLE (ipsec-tools) #465474 +CVE-2008-3651 version (ipsec-tools, fixed 0.7.1) [since ipsec-tools-0.7.1-1.fc10] CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10] CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc CVE-2008-3529 version (libxml2, fixed 2.7.0) [since libxml2-2.7.1-1.fc10] @@ -146,8 +158,8 @@ CVE-2008-2940 ignore (hplip) #458991 not run as service CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10] CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127 -CVE-2008-2937 VULNERABLE (postfix) #459101 -CVE-2008-2936 backport (postfix) #459101 [since postfix-2.5.1-4.fc10] +CVE-2008-2937 version (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.5-1.fc10] +CVE-2008-2936 backport (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.1-4.fc10] CVE-2008-2935 VULNERABLE (libxslt) CVE-2008-2933 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10] CVE-2008-2932 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10] @@ -301,6 +313,7 @@ CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10] CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9] CVE-2008-0166 ignore (openssl) Debian specific +CVE-2008-0071 ignore (bittorrent) 6.x only CVE-2008-0016 ignore (firefox) ff2 only CVE-2008-0016 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9]
Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.236 retrieving revision 1.237 diff -u -r1.236 -r1.237 --- f8 7 Oct 2008 12:55:57 -0000 1.236 +++ f8 7 Oct 2008 15:09:59 -0000 1.237 @@ -7,10 +7,17 @@ rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957 +CVE-2008-4434 ignore (bittorrent) 6.x only +CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582] +CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8678] +CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464638 +CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638 +CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286] +CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8270] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632 CVE-2008-4242 VULNERABLE (proftpd) #464128 -CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8423] +CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423] CVE-2008-4190 VULNERABLE (openswan) CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871 CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462871 @@ -63,7 +70,7 @@ CVE-2008-3916 VULNERABLE (ed, fixed 1.0) CVE-2008-3906 VULNERABLE (mono) #461753 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] -CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 +CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 [since FEDORA-2008-8595] CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] @@ -71,6 +78,7 @@ CVE-2008-3835 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] CVE-2008-3834 VULNERABLE (dbus) #465835 +CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8605] CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3790 VULNERABLE (ruby) @@ -91,6 +99,8 @@ CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] +CVE-2008-3652 VULNERABLE (ipsec-tools) #465472 +CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472 CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source CVE-2008-3533 fixed (yelp, fixed 2.24) #459502 [since FEDORA-2008-7293] CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7666] @@ -146,8 +156,8 @@ CVE-2008-2941 ignore (hplip) #458989 not run as service CVE-2008-2940 ignore (hplip) #458989 not run as service CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] -CVE-2008-2937 VULNERABLE (postfix) #459099 -CVE-2008-2936 VULNERABLE (postfix) #459099 +CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595] +CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595] CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029] CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642] @@ -530,6 +540,7 @@ CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0073 fixed (xine-lib, fixed 1.1.11) #438192 [since FEDORA-2008-2569] CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292] +CVE-2008-0071 ignore (bittorrent) 6.x only CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901]
Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.226 retrieving revision 1.227 diff -u -r1.226 -r1.227 --- f9 7 Oct 2008 12:55:57 -0000 1.226 +++ f9 7 Oct 2008 15:09:59 -0000 1.227 @@ -6,10 +6,17 @@
rhbz249840 version (tor, fixed 0.1.2.15) CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958 +CVE-2008-4434 ignore (bittorrent) 6.x only +CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] +CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639] +CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464639 +CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639 +CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] +CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252] CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] CVE-2008-4242 VULNERABLE (proftpd) #464129 -CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8379] +CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379] CVE-2008-4190 VULNERABLE (openswan) CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872 CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462872 @@ -62,7 +69,7 @@ CVE-2008-3916 VULNERABLE (ed, fixed 1.0) CVE-2008-3906 VULNERABLE (mono) #461754 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] -CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 +CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 [since FEDORA-2008-8593] CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] CVE-2008-3836 ignore (firefox) ff2 only @@ -70,6 +77,7 @@ CVE-2008-3835 ignore (firefox) ff2 only CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] CVE-2008-3834 VULNERABLE (dbus) #465836 +CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618] CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] @@ -85,12 +93,14 @@ CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663] CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739] -CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 +CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559] CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872 CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] +CVE-2008-3652 VULNERABLE (ipsec-tools) #465473 +CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473 CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7594] @@ -149,8 +159,8 @@ CVE-2008-2940 ignore (hplip) #458990 not run as service CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] -CVE-2008-2937 VULNERABLE (postfix) #459100 -CVE-2008-2936 VULNERABLE (postfix) #459100 +CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593] +CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593] CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062] CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339] @@ -532,6 +542,7 @@ CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9] CVE-2008-0073 version (xine-lib, fixed 1.1.11) #438193 [since xine-lib-1.1.11-1.fc9] CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9] +CVE-2008-0071 ignore (bittorrent) 6.x only CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]
security-commits@lists.fedoraproject.org