fedora-security/audit f8, 1.123, 1.124 f9, 1.113, 1.114 fc7, 1.279, 1.280 - security-commits - Fedora mailing-lists

18 Feb 2008

Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2821/audit
Modified Files:
    f8 f9 fc7 
Log Message:
just updates
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.123
retrieving revision 1.124
diff -u -r1.123 -r1.124

--- f8	14 Feb 2008 15:20:58 -0000	1.123
+++ f8	18 Feb 2008 09:42:04 -0000	1.124
@@ -13,7 +13,7 @@
 GENERIC-MAP-NOMATCH VULNERABLE (turba) #432027 
 GENERIC-MAP-NOMATCH VULNERABLE (moin) #432750 
 GENERIC-MAP-NOMATCH VULNERABLE (moin) #432750 
-GENERIC-MAP-NOMATCH VULNERABLE (cacti) #432759 
+GENERIC-MAP-NOMATCH fixed (cacti) #432759 [since FEDORA-2008-1737] 
 GENERIC-MAP-NOMATCH VULNERABLE (inkscape) #432807 
 CVE-2008-0728 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1625] 
 CVE-2008-0674 VULNERABLE (pcre, fixed 7.6) #431677 
@@ -85,7 +85,7 @@
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] 
 CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] 
-CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.8) #427982 
+CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] 
 CVE-2008-0002 fixed (tomcat5) #432474 [since FEDORA-2008-1467] 
 CVE-2007-6698 version (openldap, fixed 2.3.36) 
@@ -121,11 +121,11 @@
 CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] 
 CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] 
 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
-CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.8) #427982 
-CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.8) #427982 
+CVE-2007-6422 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
+CVE-2007-6421 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
 CVE-2007-6420 ignore (httpd) wontfix by upstream
-CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429732 
-CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.8) #427982 
+CVE-2007-6415 fixed (scponly, fixed 4.8) #429732 [since FEDORA-2008-1743] 
+CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
 CVE-2007-6337 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
 CVE-2007-6336 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
 CVE-2007-6335 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
@@ -135,7 +135,7 @@
 CVE-2007-6353 VULNERABLE (exiv2) #425923
 CVE-2007-6352 fixed (libexif) #425631 [since FEDORA-2007-4667] 
 CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667] 
-CVE-2007-6350 VULNERABLE (scponly) #429731 rsync vector only
+CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
 CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
 CVE-2007-6328 ignore (dosbox) design decision
 CVE-2007-6321 VULNERABLE (roundcubemail) #423291
@@ -245,7 +245,7 @@
 CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem
 CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
 CVE-2007-5007 version (balsa, before 2.3.20) #297601
-CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.8) #427982 
+CVE-2007-5000 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
 CVE-2007-4999 version (pidgin, fixed 2.2.2)
 CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
 CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.113
retrieving revision 1.114
diff -u -r1.113 -r1.114
--- f9	14 Feb 2008 15:20:58 -0000	1.113
+++ f9	18 Feb 2008 09:42:04 -0000	1.114
@@ -14,7 +14,7 @@
 GENERIC-MAP-NOMATCH VULNERABLE (cacti) #432761 
 GENERIC-MAP-NOMATCH fixed (inkscape) #432807  [since inkscape-0.45.1+0.46pre1-4.fc9]
 CVE-2008-0728 fixed (clamav, fixed 0.92.1)
-CVE-2008-0674 VULNERABLE (pcre, fixed 7.6) #431678 
+CVE-2008-0674 backport (pcre, fixed 7.6) #431678 [since pcre-7.3-3.fc9]
 CVE-2008-0674 version (glib2) #431680 regex issue fixed in pcre-7.6 [since glib2-2.15.4-2.fc9]
 CVE-2008-0668 version (gnumeric, fixed 1.8.1) [since gnumeric-1.8.1-1.fc9] SA28725
 CVE-2008-0664 version (wordpress, fixed 2.3.3) #431551 [since wordpress-2.3.3-0.fc9]
@@ -122,7 +122,7 @@
 CVE-2007-6422 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
 CVE-2007-6421 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
 CVE-2007-6420 ignore (httpd) wontfix by upstream
-CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) 
+CVE-2007-6415 backport (scponly, fixed 4.8) [since scponly-4.6-10.fc9]
 CVE-2007-6388 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
 CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
 CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.279
retrieving revision 1.280
diff -u -r1.279 -r1.280
--- fc7	14 Feb 2008 15:20:58 -0000	1.279
+++ fc7	18 Feb 2008 09:42:04 -0000	1.280
@@ -14,7 +14,7 @@
 GENERIC-MAP-NOMATCH VULNERABLE (turba) #432027
 GENERIC-MAP-NOMATCH VULNERABLE (moin) #432749 
 GENERIC-MAP-NOMATCH VULNERABLE (moin) #432749 
-GENERIC-MAP-NOMATCH VULNERABLE (cacti) #432760 
+GENERIC-MAP-NOMATCH fixed (cacti) #432760 [since FEDORA-2008-1699] 
 GENERIC-MAP-NOMATCH VULNERABLE (inkscape) #432807 
 CVE-2008-0728 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1608] 
 CVE-2008-0674 VULNERABLE (pcre, fixed 7.6) #431676 
@@ -85,7 +85,7 @@
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] 
 CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] 
-CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.8) #427983 
+CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] 
 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] 
 CVE-2008-0002 fixed (tomcat5) #432475 [since FEDORA-2008-1603] 
 CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307] 
@@ -120,11 +120,11 @@
 CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] 
 CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] 
 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
-CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.8) #427983 
-CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.8) #427983 
+CVE-2007-6422 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] 
+CVE-2007-6421 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] 
 CVE-2007-6420 ignore (httpd) wontfix by upstream
-CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429731 
-CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.8) #427983 
+CVE-2007-6415 fixed (scponly, fixed 4.8) #429731 [since FEDORA-2008-1728] 
+CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] 
 CVE-2007-6337 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
 CVE-2007-6336 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
 CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
@@ -134,7 +134,7 @@
 CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551] 
 CVE-2007-6352 fixed (libexif) #425621 [since FEDORA-2007-4608] 
 CVE-2007-6351 fixed (libexif) #425621 [since FEDORA-2007-4608] 
-CVE-2007-6350 VULNERABLE (scponly) #429731 rsync vector only
+CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
 CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
 CVE-2007-6328 ignore (dosbox) design decision
 CVE-2007-6321 VULNERABLE (roundcubemail) #423281
@@ -276,7 +276,7 @@
 CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224]
 CVE-2007-5007 version (balsa) #297601 [since FEDORA-2007-2302]
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.8) #427983 
+CVE-2007-5000 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] 
 CVE-2007-4999 version (pidgin, fixed 2.2.2) [since FEDORA-2007-2714]
 CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368]
 CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530]
@@ -299,9 +299,9 @@
 CVE-2007-4771 fixed (icu) #430232 [since FEDORA-2008-1076] 
 CVE-2007-4770 fixed (icu) #430232 [since FEDORA-2008-1076] 
 CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] 
-CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411
-CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411
-CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411
+CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411 
+CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411 
+CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411 
 CVE-2007-4752 VULNERABLE (openssh) #280461
 CVE-2007-4743 backport (krb5) incomplete CVE-2007-3999 fix [since FEDORA-2007-2066]
 CVE-2007-4730 ignore (xorg-x11) #286051 ajax says F7 is not vulnerable
@@ -597,10 +597,10 @@
 CVE-2007-1665 version (ekg) #246034 [since FEDORA-2007-0791]
 CVE-2007-1664 version (ekg) #246034 [since FEDORA-2007-0791]
 CVE-2007-1663 version (ekg) #246034 [since FEDORA-2007-0791]
-CVE-2007-1662 VULNERABLE (pcre, fixed 7.3) #378411
-CVE-2007-1661 VULNERABLE (pcre, fixed 7.3) #378411
-CVE-2007-1660 VULNERABLE (pcre, fixed 7.3) #378411
-CVE-2007-1659 VULNERABLE (pcre, fixed 7.3) #378411
+CVE-2007-1662 VULNERABLE (pcre, fixed 7.3) #378411 
+CVE-2007-1661 VULNERABLE (pcre, fixed 7.3) #378411 
+CVE-2007-1660 VULNERABLE (pcre, fixed 7.3) #378411 
+CVE-2007-1659 VULNERABLE (pcre, fixed 7.3) #378411 
 CVE-2007-1649 version (php, fixed 5.2.2)
 CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703
 CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700

    