Author: thoger
Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2821/audit
Modified Files: f8 f9 fc7 Log Message: just updates
Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.123 retrieving revision 1.124 diff -u -r1.123 -r1.124 --- f8 14 Feb 2008 15:20:58 -0000 1.123 +++ f8 18 Feb 2008 09:42:04 -0000 1.124 @@ -13,7 +13,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (turba) #432027 GENERIC-MAP-NOMATCH VULNERABLE (moin) #432750 GENERIC-MAP-NOMATCH VULNERABLE (moin) #432750 -GENERIC-MAP-NOMATCH VULNERABLE (cacti) #432759 +GENERIC-MAP-NOMATCH fixed (cacti) #432759 [since FEDORA-2008-1737] GENERIC-MAP-NOMATCH VULNERABLE (inkscape) #432807 CVE-2008-0728 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1625] CVE-2008-0674 VULNERABLE (pcre, fixed 7.6) #431677 @@ -85,7 +85,7 @@ CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] -CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.8) #427982 +CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] CVE-2008-0002 fixed (tomcat5) #432474 [since FEDORA-2008-1467] CVE-2007-6698 version (openldap, fixed 2.3.36) @@ -121,11 +121,11 @@ CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] CVE-2007-6423 ignore (httpd) can not be reproduced by upstream -CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.8) #427982 -CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.8) #427982 +CVE-2007-6422 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] +CVE-2007-6421 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] CVE-2007-6420 ignore (httpd) wontfix by upstream -CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429732 -CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.8) #427982 +CVE-2007-6415 fixed (scponly, fixed 4.8) #429732 [since FEDORA-2008-1743] +CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] CVE-2007-6337 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6336 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6335 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] @@ -135,7 +135,7 @@ CVE-2007-6353 VULNERABLE (exiv2) #425923 CVE-2007-6352 fixed (libexif) #425631 [since FEDORA-2007-4667] CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667] -CVE-2007-6350 VULNERABLE (scponly) #429731 rsync vector only +CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423291 @@ -245,7 +245,7 @@ CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771 CVE-2007-5007 version (balsa, before 2.3.20) #297601 -CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.8) #427982 +CVE-2007-5000 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] CVE-2007-4999 version (pidgin, fixed 2.2.2) CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway
Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.113 retrieving revision 1.114 diff -u -r1.113 -r1.114 --- f9 14 Feb 2008 15:20:58 -0000 1.113 +++ f9 18 Feb 2008 09:42:04 -0000 1.114 @@ -14,7 +14,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (cacti) #432761 GENERIC-MAP-NOMATCH fixed (inkscape) #432807 [since inkscape-0.45.1+0.46pre1-4.fc9] CVE-2008-0728 fixed (clamav, fixed 0.92.1) -CVE-2008-0674 VULNERABLE (pcre, fixed 7.6) #431678 +CVE-2008-0674 backport (pcre, fixed 7.6) #431678 [since pcre-7.3-3.fc9] CVE-2008-0674 version (glib2) #431680 regex issue fixed in pcre-7.6 [since glib2-2.15.4-2.fc9] CVE-2008-0668 version (gnumeric, fixed 1.8.1) [since gnumeric-1.8.1-1.fc9] SA28725 CVE-2008-0664 version (wordpress, fixed 2.3.3) #431551 [since wordpress-2.3.3-0.fc9] @@ -122,7 +122,7 @@ CVE-2007-6422 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] CVE-2007-6421 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] CVE-2007-6420 ignore (httpd) wontfix by upstream -CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) +CVE-2007-6415 backport (scponly, fixed 4.8) [since scponly-4.6-10.fc9] CVE-2007-6388 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2] CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.279 retrieving revision 1.280 diff -u -r1.279 -r1.280 --- fc7 14 Feb 2008 15:20:58 -0000 1.279 +++ fc7 18 Feb 2008 09:42:04 -0000 1.280 @@ -14,7 +14,7 @@ GENERIC-MAP-NOMATCH VULNERABLE (turba) #432027 GENERIC-MAP-NOMATCH VULNERABLE (moin) #432749 GENERIC-MAP-NOMATCH VULNERABLE (moin) #432749 -GENERIC-MAP-NOMATCH VULNERABLE (cacti) #432760 +GENERIC-MAP-NOMATCH fixed (cacti) #432760 [since FEDORA-2008-1699] GENERIC-MAP-NOMATCH VULNERABLE (inkscape) #432807 CVE-2008-0728 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1608] CVE-2008-0674 VULNERABLE (pcre, fixed 7.6) #431676 @@ -85,7 +85,7 @@ CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] -CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.8) #427983 +CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] CVE-2008-0002 fixed (tomcat5) #432475 [since FEDORA-2008-1603] CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307] @@ -120,11 +120,11 @@ CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] CVE-2007-6423 ignore (httpd) can not be reproduced by upstream -CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.8) #427983 -CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.8) #427983 +CVE-2007-6422 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] +CVE-2007-6421 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] CVE-2007-6420 ignore (httpd) wontfix by upstream -CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429731 -CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.8) #427983 +CVE-2007-6415 fixed (scponly, fixed 4.8) #429731 [since FEDORA-2008-1728] +CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] CVE-2007-6337 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6336 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] @@ -134,7 +134,7 @@ CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551] CVE-2007-6352 fixed (libexif) #425621 [since FEDORA-2007-4608] CVE-2007-6351 fixed (libexif) #425621 [since FEDORA-2007-4608] -CVE-2007-6350 VULNERABLE (scponly) #429731 rsync vector only +CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped CVE-2007-6328 ignore (dosbox) design decision CVE-2007-6321 VULNERABLE (roundcubemail) #423281 @@ -276,7 +276,7 @@ CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224] CVE-2007-5007 version (balsa) #297601 [since FEDORA-2007-2302] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 -CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.8) #427983 +CVE-2007-5000 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] CVE-2007-4999 version (pidgin, fixed 2.2.2) [since FEDORA-2007-2714] CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368] CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530] @@ -299,9 +299,9 @@ CVE-2007-4771 fixed (icu) #430232 [since FEDORA-2008-1076] CVE-2007-4770 fixed (icu) #430232 [since FEDORA-2008-1076] CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] -CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411 -CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411 -CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4752 VULNERABLE (openssh) #280461 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066] CVE-2007-4730 ignore (xorg-x11) #286051 ajax says F7 is not vulnerable @@ -597,10 +597,10 @@ CVE-2007-1665 version (ekg) #246034 [since FEDORA-2007-0791] CVE-2007-1664 version (ekg) #246034 [since FEDORA-2007-0791] CVE-2007-1663 version (ekg) #246034 [since FEDORA-2007-0791] -CVE-2007-1662 VULNERABLE (pcre, fixed 7.3) #378411 -CVE-2007-1661 VULNERABLE (pcre, fixed 7.3) #378411 -CVE-2007-1660 VULNERABLE (pcre, fixed 7.3) #378411 -CVE-2007-1659 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-1662 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-1661 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-1660 VULNERABLE (pcre, fixed 7.3) #378411 +CVE-2007-1659 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-1649 version (php, fixed 5.2.2) CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700
security-commits@lists.fedoraproject.org