fedora-security/audit f10, NONE, 1.1 f8, 1.218, 1.219 f9, 1.208, 1.209 fc7, 1.374, 1.375 - security-commits - Fedora mailing-lists

13 May 2008

Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28447/audit
Modified Files:
    f8 f9 fc7 
Added Files:
    f10 
Log Message:
check updates
create f10 tracking file based on f9 unfixed issues
***** Error reading new file: [Errno 2] No such file or directory: 'f10'
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.218
retrieving revision 1.219
diff -u -r1.218 -r1.219

--- f8	9 May 2008 18:59:07 -0000	1.218
+++ f8	13 May 2008 15:46:58 -0000	1.219
@@ -6,19 +6,21 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
+CVE-2008-2146 version (wordpress, fixed 2.2.3) 
 CVE-2008-2109 VULNERABLE (libid3tag) #445814 
-CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445822 
+CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] 
 CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
-CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445822 
+CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] 
+CVE-2008-2085 VULNERABLE (sipp) #446220 
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445805 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]  
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2000 ignore (WebKit) browser DoS
 CVE-2008-1999 VULNERABLE (WebKit) 
 CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445238 
-CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 
+CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 [since FEDORA-2008-3543] 
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
-CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc8] 
+CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3501] 
 CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
 CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0
 CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443940 [since FEDORA-2008-3352] 
@@ -38,7 +40,7 @@
 CVE-2008-1801 VULNERABLE (rdesktop) #445842 
 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] 
 CVE-2008-1729 ignore (drupal) 6.x only
-CVE-2008-1722 VULNERABLE (cups) #445802 
+CVE-2008-1722 fixed (cups) #445802 [since FEDORA-2008-3586] 
 CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441690 [since FEDORA-2008-3047] 
 CVE-2008-1693 version (xpdf, fixed 3.02) 
 CVE-2008-1693 version (poppler, fixed 0.6.2) 
@@ -77,11 +79,11 @@
 CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] 
 CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] 
 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
-CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc8] 
-CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444436 
+CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.37-1.fc8] 
+CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444436 [since FEDORA-2008-3462] 
 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) 
 CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] 
-CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 
+CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] 
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] 
 CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] 
@@ -105,19 +107,19 @@
 CVE-2008-1238 version (seamonkey, fixed 1.1.9) 
 CVE-2008-1237 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1237 version (seamonkey, fixed 1.1.9) 
-CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 
+CVE-2008-1237 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] 
 CVE-2008-1236 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1236 version (seamonkey, fixed 1.1.9) 
-CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 
+CVE-2008-1236 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] 
 CVE-2008-1235 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1235 version (seamonkey, fixed 1.1.9) 
-CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 
+CVE-2008-1235 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] 
 CVE-2008-1234 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1234 version (seamonkey, fixed 1.1.9) 
-CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 
+CVE-2008-1234 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] 
 CVE-2008-1233 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1233 version (seamonkey, fixed 1.1.9) 
-CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856 
+CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] 
 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
 CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected
 CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2464] not in default config
@@ -191,7 +193,7 @@
 CVE-2008-0554 version (netpbm, fixed 10.27) 
 CVE-2008-0553 fixed (perl-Tk) #431532 [since FEDORA-2008-1323] 
 CVE-2008-0553 backport (tk, fixed 8.5.1) [since FEDORA-2008-1122] 
-CVE-2008-0553 VULNERABLE (tkimg) #444951 
+CVE-2008-0553 fixed (tkimg) #444951 [since FEDORA-2008-3514] 
 CVE-2008-0544 fixed (SDL_image) #430694 [since FEDORA-2008-1208] ILBM overflow
 CVE-2008-0486 fixed (xine-lib, fixed 1.1.10.1) #431543 [since FEDORA-2008-1543] 
 CVE-2008-0460 fixed (mediawiki) #430288 [since FEDORA-2008-2288] 
@@ -259,7 +261,7 @@
 CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] 
 CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] 
-CVE-2008-0002 fixed (tomcat5) #432474 [since FEDORA-2008-1467] 
+CVE-2008-0002 ignore (tomcat5) #432474 tomcat 6.x only
 CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443021 [since FEDORA-2008-3333] 
 CVE-2007-6703 fixed (vdccm, fixed 0.10.1) #436026 [since FEDORA-2008-0680] 
 CVE-2007-6698 version (openldap, fixed 2.3.36) 
@@ -345,7 +347,7 @@
 CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958]
 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
 CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] 
-CVE-2007-6061 VULNERABLE (audacity) #393251 
+CVE-2007-6061 fixed (audacity) #393251 [since FEDORA-2008-3456] 
 CVE-2007-6029 ignore (clamav) insufficient information about the issue
 CVE-2007-6018 fixed (horde) #428628 [since FEDORA-2008-2040] 
 CVE-2007-6018 fixed (imp) #428632 [since FEDORA-2008-2040]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.208
retrieving revision 1.209
diff -u -r1.208 -r1.209
--- f9	9 May 2008 18:59:07 -0000	1.208
+++ f9	13 May 2008 15:46:58 -0000	1.209
@@ -5,19 +5,21 @@
 # (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
-CVE-2008-2109 VULNERABLE (libid3tag) #445815 
-CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445823 
+CVE-2008-2146 version (wordpress, fixed 2.2.3) 
+CVE-2008-2109 fixed (libid3tag) #445815 [since FEDORA-2008-3757] 
+CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668] 
 CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
-CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445823 
+CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668] 
+CVE-2008-2085 VULNERABLE (sipp) #446221 
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2000 ignore (WebKit) browser DoS
 CVE-2008-1999 VULNERABLE (WebKit) 
-CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445239 
+CVE-2008-1996 fixed (licq, fixed 1.3.6) #445239 [since FEDORA-2008-3812] 
 CVE-2008-1974 ignore (kronolith, fixed 3.1.8) #444405 package removed from f9 and rawhide
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
-CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc9] 
+CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3690] 
 CVE-2008-1937 version (moin, fixed 1.6.3) [since moin-1.6.3-1.fc9] 
 CVE-2008-1930 ignore (wordpress, fixed 2.5.1) only for wp 2.5.0
 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443941 
@@ -38,7 +40,7 @@
 CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9] 
 CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9]
 CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9]
-CVE-2008-1722 VULNERABLE (cups) #445803 
+CVE-2008-1722 fixed (cups) #445803 [since FEDORA-2008-3756] 
 CVE-2008-1720 version (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9]
 CVE-2008-1693 version (xpdf, fixed 3.02) 
 CVE-2008-1693 version (poppler, fixed 0.6.2) 
@@ -76,8 +78,8 @@
 CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9]
 CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
-CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc9]
-CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444437 [since zoneminder-1.22.3-14.fc9]
+CVE-2008-1382 VULNERABLE (libpng10) [since FEDORA-2008-3683] 
+CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444437 [since FEDORA-2008-3601] 
 CVE-2008-1380 version (firefox, fixed 2.0.0.14) 
 CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9]
 CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
@@ -134,7 +136,7 @@
 CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442364 [since clamav-0.93-1.fc9]
 CVE-2008-1099 version (moin, fixed 1.5.9) #438674
 CVE-2008-1098 version (moin, fixed 1.5.9) #438674
-CVE-2008-1078 VULNERABLE (am-utils) #437746
+CVE-2008-1078 ignore (am-utils) minimal impact
 CVE-2008-1072 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
 CVE-2008-1071 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
 CVE-2008-1070 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
@@ -254,7 +256,7 @@
 CVE-2008-0006 backport (libXfont) #429133 [since libXfont-1.3.1-3.fc9]
 CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
 CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) 
-CVE-2008-0002 VULNERABLE (tomcat5) #432476 
+CVE-2008-0002 ignore (tomcat5) #432476 tomcat 6.x only
 CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443022 [since dbmail-2.2.9-1.fc9] 
 CVE-2007-6703 version (vdccm, fixed 0.10.1) #436027 
 CVE-2007-6698 version (openldap, fixed 2.3.36)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.374
retrieving revision 1.375
diff -u -r1.374 -r1.375
--- fc7	9 May 2008 18:59:07 -0000	1.374
+++ fc7	13 May 2008 15:46:58 -0000	1.375
@@ -7,19 +7,21 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] 
+CVE-2008-2146 version (wordpress, fixed 2.2.3) 
 CVE-2008-2109 VULNERABLE (libid3tag) #445813 
-CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445821 
+CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488] 
 CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
-CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445821 
+CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488] 
+CVE-2008-2085 VULNERABLE (sipp) #446219 
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319] 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2000 ignore (WebKit) browser DoS
 CVE-2008-1999 VULNERABLE (WebKit) 
 CVE-2008-1996 VULNERABLE (licq, fixed 1.3.6) #445237 
-CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 
+CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 [since FEDORA-2008-3460] 
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
-CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc7] 
+CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3508] 
 CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
 CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0
 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 
@@ -39,7 +41,7 @@
 CVE-2008-1801 VULNERABLE (rdesktop) #445841 
 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] 
 CVE-2008-1729 ignore (drupal) 6.x only
-CVE-2008-1722 VULNERABLE (cups) #445801 
+CVE-2008-1722 fixed (cups) #445801 [since FEDORA-2008-3449] 
 CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060] 
 CVE-2008-1693 version (xpdf, fixed 3.02) 
 CVE-2008-1693 ignore (kdegraphics) not affected
@@ -79,10 +81,10 @@
 CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] 
 CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used
 CVE-2008-1382 ignore (libpng10) [since libpng10-1.0.33-1.fc7] 
-CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444435 
+CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444435 [since FEDORA-2008-3516] 
 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) 
 CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442850 [since FEDORA-2008-3231] 
-CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 
+CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] 
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897] 
 CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] 
@@ -106,19 +108,19 @@
 CVE-2008-1238 version (seamonkey, fixed 1.1.9) 
 CVE-2008-1237 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1237 version (seamonkey, fixed 1.1.9) 
-CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 
+CVE-2008-1237 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] 
 CVE-2008-1236 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1236 version (seamonkey, fixed 1.1.9) 
-CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 
+CVE-2008-1236 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] 
 CVE-2008-1235 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1235 version (seamonkey, fixed 1.1.9) 
-CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 
+CVE-2008-1235 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] 
 CVE-2008-1234 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1234 version (seamonkey, fixed 1.1.9) 
-CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 
+CVE-2008-1234 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] 
 CVE-2008-1233 version (firefox, fixed 2.0.0.13) 
 CVE-2008-1233 version (seamonkey, fixed 1.1.9) 
-CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855 
+CVE-2008-1233 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] 
 **CVE-2008-1227 fixed (libsilc) We updated this as non-security
 CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2475] marginally affected
 CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2475] not in default config
@@ -191,7 +193,7 @@
 CVE-2008-0554 version (netpbm, fixed 10.27) 
 CVE-2008-0553 fixed (perl-Tk) #431531 [since FEDORA-2008-1384] 
 CVE-2008-0553 backport (tk, fixed 8.5.1) [since FEDORA-2008-1131]
-CVE-2008-0553 VULNERABLE (tkimg) #444950 
+CVE-2008-0553 fixed (tkimg) #444950 [since FEDORA-2008-3545] 
 CVE-2008-0544 fixed (SDL_image) #430695 [since FEDORA-2008-1208] ILBM overflow
 CVE-2008-0486 fixed (xine-lib, fixed 1.1.10.1) #431542 [since FEDORA-2008-1581] 
 CVE-2008-0460 fixed (mediawiki) #430287 [since FEDORA-2008-2245] 
@@ -259,7 +261,7 @@
 CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] 
 CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] 
 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] 
-CVE-2008-0002 fixed (tomcat5) #432475 [since FEDORA-2008-1603] 
+CVE-2008-0002 ignore (tomcat5) #432475 tomcat 6.x only
 CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443020 [since FEDORA-2008-3371] 
 CVE-2007-6703 VULNERABLE (vdccm, fixed 0.10.1) #436025 
 CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307] 
@@ -344,7 +346,7 @@
 CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
 CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] 
-CVE-2007-6061 VULNERABLE (audacity) #393251 
+CVE-2007-6061 fixed (audacity) #393251 [since FEDORA-2008-3456] 
 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
 CVE-2007-6029 ignore (clamav) insufficient information about the issue
 CVE-2007-6018 fixed (horde) #428629 [since FEDORA-2008-2087]

    