fedora-security/audit f10, 1.8, 1.9 f8, 1.226, 1.227 f9, 1.216, 1.217 - security-commits - Fedora mailing-lists

1 Jul 2008

Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv17671/audit
Modified Files:
    f10 f8 f9 
Log Message:
last week's issues
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9

--- f10	20 Jun 2008 19:34:29 -0000	1.8
+++ f10	1 Jul 2008 09:59:00 -0000	1.9
@@ -4,28 +4,32 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-2841 ignore (xchat) windows-only, IE bug
+CVE-2008-2827 backport (perl) #452642 [since perl-5.10.0-28.fc10]
 CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
-CVE-2008-2726 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
-CVE-2008-2725 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
+CVE-2008-2726 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
+CVE-2008-2725 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
 CVE-2008-2724 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
 CVE-2008-2723 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
 CVE-2008-2722 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
 CVE-2008-2721 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
 CVE-2008-2720 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
 CVE-2008-2713 version (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc10] 
+CVE-2008-2711 backport (fetchmail, fixed 6.3.9) #452959 crash only in verbose mode [since fetchmail-6.3.8-7.fc10]
 CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
-CVE-2008-2664 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
-CVE-2008-2663 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
-CVE-2008-2662 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
+CVE-2008-2664 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
+CVE-2008-2663 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
+CVE-2008-2662 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since ruby-1.8.6.230-1.fc10]
 CVE-2008-2575 version (cbrpager) [since cbrpager-0.9.17-2.fc10] 
 CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10] 
 CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
 CVE-2008-2363 VULNERABLE (pan) #449335 
-CVE-2008-2362 VULNERABLE (xorg-x11-server) #450927 
-CVE-2008-2361 VULNERABLE (xorg-x11-server) #450927 
-CVE-2008-2360 VULNERABLE (xorg-x11-server) #450927 
+CVE-2008-2362 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
+CVE-2008-2361 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
+CVE-2008-2360 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
 CVE-2008-2359 ignore (system-config-network) F8 specific issue
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
 CVE-2008-2302 version (Django, fixed 0.96.2) #447260 [since Django-0.96.2-1.fc10]
@@ -35,11 +39,11 @@
 CVE-2008-2168 ignore (httpd) browser issue, not apache
 CVE-2008-2152 version (openoffice.org, fixed 2.4.1) [since openoffice.org-3.0.0-0.0.17.1.fc10] 
 CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
-CVE-2008-2108 VULNERABLE (php, fixed 5.2.6) 
-CVE-2008-2107 VULNERABLE (php, fixed 5.2.6) 
+CVE-2008-2108 version (php, fixed 5.2.6) [since php-5.2.6-2.fc9]
+CVE-2008-2107 version (php, fixed 5.2.6) [since php-5.2.6-2.fc9]
 CVE-2008-2085 VULNERABLE (sipp) #446222 
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804 
-CVE-2008-2051 VULNERABLE (php, fixed 5.2.6) 
+CVE-2008-2051 version (php, fixed 5.2.6) [since php-5.2.6-2.fc9]
 CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10]
 CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
 CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
@@ -76,8 +80,8 @@
 CVE-2008-1387 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
 CVE-2008-1382 version (libpng, fixed 1.2.27) [since libpng-1.2.29-1.fc10]
 CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10] 
-CVE-2008-1379 VULNERABLE (xorg-x11-server) #450927 
-CVE-2008-1377 VULNERABLE (xorg-x11-server) #450927 
+CVE-2008-1379 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
+CVE-2008-1377 version (xorg-x11-server) #450927 [since xorg-x11-server-1.4.99.902-2.20080612.fc10]
 CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9]
 CVE-2008-1109 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
 CVE-2008-1108 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
@@ -88,7 +92,7 @@
 CVE-2008-1033 version (cups, fixed 1.3.7) [since cups-1.3.7-1.fc9] 
 CVE-2008-0960 backport (net-snmp, fixed 5.4.1.1) [since net-snmp-5.4.1-19.fc10] 
 CVE-2008-0891 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10]
-CVE-2008-0599 VULNERABLE (php, fixed 5.2.6) 
+CVE-2008-0599 version (php, fixed 5.2.6) [since php-5.2.6-2.fc9]
 CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10]
 CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
 CVE-2008-0166 ignore (openssl) Debian specific
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.226
retrieving revision 1.227
diff -u -r1.226 -r1.227
--- f8	20 Jun 2008 19:34:29 -0000	1.226
+++ f8	1 Jul 2008 09:59:00 -0000	1.227
@@ -6,25 +6,29 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
+CVE-2008-2841 ignore (xchat) windows-only, IE bug
+CVE-2008-2827 ignore (perl) perl 5.10 only
 CVE-2008-2783 VULNERABLE (kronolith) 
 CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
-CVE-2008-2726 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
-CVE-2008-2725 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
-CVE-2008-2724 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
-CVE-2008-2723 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
-CVE-2008-2722 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
-CVE-2008-2721 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
-CVE-2008-2720 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
+CVE-2008-2726 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 [since FEDORA-2008-5649] 
+CVE-2008-2725 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 [since FEDORA-2008-5649] 
+CVE-2008-2724 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5479] 
+CVE-2008-2723 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5479] 
+CVE-2008-2722 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5479] 
+CVE-2008-2721 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5479] 
+CVE-2008-2720 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5479] 
 CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1) 
+CVE-2008-2711 VULNERABLE (fetchmail, fixed 6.3.9) crash only in verbose mode
 CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
-CVE-2008-2664 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
-CVE-2008-2663 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
-CVE-2008-2662 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
+CVE-2008-2664 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 [since FEDORA-2008-5649] 
+CVE-2008-2663 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 [since FEDORA-2008-5649] 
+CVE-2008-2662 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 [since FEDORA-2008-5649] 
 CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4528] 
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4842] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
 CVE-2008-2363 VULNERABLE (pan) #449333 
 CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-2361 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
@@ -40,15 +44,15 @@
 CVE-2008-2146 version (wordpress, fixed 2.2.3) 
 CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
 CVE-2008-2109 fixed (libid3tag) #445814 [since FEDORA-2008-3976] 
-CVE-2008-2108 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864] 
-CVE-2008-2107 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864] 
+CVE-2008-2108 fixed (php, fixed 5.2.6) [since FEDORA-2008-3864] 
+CVE-2008-2107 fixed (php, fixed 5.2.6) [since FEDORA-2008-3864] 
 CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] 
 CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
 CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] 
 CVE-2008-2085 VULNERABLE (sipp) #446220 
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445805 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]  
-CVE-2008-2051 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864] 
+CVE-2008-2051 fixed (php, fixed 5.2.6) [since FEDORA-2008-3864] 
 CVE-2008-2050 ignore (php, fixed 5.2.6) 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-3.fc8]
@@ -74,7 +78,7 @@
 CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since FEDORA-2008-3461] PMASA-2008-3
 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
 CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3390] 
-CVE-2008-1891 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
+CVE-2008-1891 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 [since FEDORA-2008-5649] 
 CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443055 [since FEDORA-2008-3353] nsf demuxer overflow
 CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3174] 
 CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
@@ -246,7 +250,7 @@
 CVE-2008-0658 fixed (openldap) #432012 [since FEDORA-2008-1616] 
 CVE-2008-0646 fixed (deluge, fixed 0.5.8.3) [since FEDORA-2008-1287]
 CVE-2008-0646 fixed (rb_libtorrent) [since FEDORA-2008-1198]
-CVE-2008-0599 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864] 
+CVE-2008-0599 fixed (php, fixed 5.2.6) [since FEDORA-2008-3864] 
 CVE-2008-0597 version (cups) only old CUPS versions affected
 CVE-2008-0596 version (cups) only old CUPS versions affected
 CVE-2008-0595 backport (dbus, fixed 1.1.20) [since FEDORA-2008-2070]
@@ -455,8 +459,8 @@
 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
 CVE-2007-5901 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
 CVE-2007-5900 ignore (php, fixed 5.2.5) 
-CVE-2007-5899 VULNERABLE (php, fixed 5.2.5) [since FEDORA-2008-3864] 
-CVE-2007-5898 VULNERABLE (php, fixed 5.2.5) [since FEDORA-2008-3864] 
+CVE-2007-5899 fixed (php, fixed 5.2.5) [since FEDORA-2008-3864] 
+CVE-2007-5898 fixed (php, fixed 5.2.5) [since FEDORA-2008-3864] 
 CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
 CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
 CVE-2007-5848 version (cups, fixed 1.2.0) 
@@ -524,7 +528,7 @@
 CVE-2007-4825 ignore (php, fixed 5.2.5) 
 CVE-2007-4784 ignore (php, fixed 5.2.5) 
 CVE-2007-4783 ignore (php, fixed 5.2.5) 
-CVE-2007-4782 VULNERABLE (php, fixed 5.2.5) [since FEDORA-2008-3864] 
+CVE-2007-4782 fixed (php, fixed 5.2.5) [since FEDORA-2008-3864] 
 CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] 
 CVE-2007-4771 fixed (icu) #430233 [since FEDORA-2008-1036] 
 CVE-2007-4770 fixed (icu) #430233 [since FEDORA-2008-1036]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.216
retrieving revision 1.217
diff -u -r1.216 -r1.217
--- f9	20 Jun 2008 19:34:29 -0000	1.216
+++ f9	1 Jul 2008 09:59:00 -0000	1.217
@@ -5,24 +5,28 @@
 # (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2841 ignore (xchat) windows-only, IE bug
+CVE-2008-2827 fixed (perl) #452641 [since FEDORA-2008-5739] 
 CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
-CVE-2008-2726 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
-CVE-2008-2725 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
-CVE-2008-2724 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
-CVE-2008-2723 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
-CVE-2008-2722 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
-CVE-2008-2721 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
-CVE-2008-2720 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
-CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc9] 
+CVE-2008-2726 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 [since FEDORA-2008-5664] 
+CVE-2008-2725 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 [since FEDORA-2008-5664] 
+CVE-2008-2724 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5576] 
+CVE-2008-2723 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5576] 
+CVE-2008-2722 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5576] 
+CVE-2008-2721 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5576] 
+CVE-2008-2720 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5576] 
+CVE-2008-2713 fixed (clamav, fixed 0.93.1) [since FEDORA-2008-5476] 
+CVE-2008-2711 VULNERABLE (fetchmail, fixed 6.3.9) crash only in verbose mode
 CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
-CVE-2008-2664 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
-CVE-2008-2663 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
-CVE-2008-2662 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
+CVE-2008-2664 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 [since FEDORA-2008-5664] 
+CVE-2008-2663 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 [since FEDORA-2008-5664] 
+CVE-2008-2662 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 [since FEDORA-2008-5664] 
 CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4501] 
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
 CVE-2008-2363 VULNERABLE (pan) #449334 
 CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-2361 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
@@ -38,15 +42,15 @@
 CVE-2008-2146 version (wordpress, fixed 2.2.3) 
 CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
 CVE-2008-2109 fixed (libid3tag) #445815 [since FEDORA-2008-3757] 
-CVE-2008-2108 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606] 
-CVE-2008-2107 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606] 
+CVE-2008-2108 fixed (php, fixed 5.2.6) [since FEDORA-2008-3606] 
+CVE-2008-2107 fixed (php, fixed 5.2.6) [since FEDORA-2008-3606] 
 CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668] 
 CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
 CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668] 
 CVE-2008-2085 VULNERABLE (sipp) #446221 
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] 
-CVE-2008-2051 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606] 
+CVE-2008-2051 fixed (php, fixed 5.2.6) [since FEDORA-2008-3606] 
 CVE-2008-2050 ignore (php, fixed 5.2.6) 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc9]
@@ -73,7 +77,7 @@
 CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3
 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
 CVE-2008-1897 version (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9]
-CVE-2008-1891 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
+CVE-2008-1891 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 [since FEDORA-2008-5664] 
 CVE-2008-1878 backport (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9]
 CVE-2008-1845 version (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora?
 CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
@@ -242,7 +246,7 @@
 CVE-2008-0658 backport (openldap) #432014 [since openldap-2.4.7-7.fc9]
 CVE-2008-0646 version (deluge, fixed 0.5.8.3) [since deluge-0.5.8.3-1.fc9]
 CVE-2008-0646 backport (rb_libtorrent) [since rb_libtorrent-0.12-3.fc9]
-CVE-2008-0599 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606] 
+CVE-2008-0599 fixed (php, fixed 5.2.6) [since FEDORA-2008-3606] 
 CVE-2008-0597 version (cups) only old CUPS versions affected
 CVE-2008-0596 version (cups) only old CUPS versions affected
 CVE-2008-0595 version (dbus, fixed 1.1.20) [since dbus-1.1.20-1.fc9]

    