fedora-security/audit f8, 1.217, 1.218 f9, 1.207, 1.208 fc7, 1.373, 1.374 - security-commits - Fedora mailing-lists

9 May 2008

Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15451/audit
Modified Files:
    f8 f9 fc7 
Log Message:
bunch of new CVE ids...
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -r1.217 -r1.218

--- f8	7 May 2008 16:48:08 -0000	1.217
+++ f8	9 May 2008 18:59:07 -0000	1.218
@@ -6,6 +6,11 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
+CVE-2008-2109 VULNERABLE (libid3tag) #445814 
+CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445822 
+CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
+CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445822 
+CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445805 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]  
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2000 ignore (WebKit) browser DoS
@@ -28,8 +33,12 @@
 CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420] 
+CVE-2008-1803 VULNERABLE (rdesktop) #445842 
+CVE-2008-1802 VULNERABLE (rdesktop) #445842 
+CVE-2008-1801 VULNERABLE (rdesktop) #445842 
 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] 
 CVE-2008-1729 ignore (drupal) 6.x only
+CVE-2008-1722 VULNERABLE (cups) #445802 
 CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441690 [since FEDORA-2008-3047] 
 CVE-2008-1693 version (xpdf, fixed 3.02) 
 CVE-2008-1693 version (poppler, fixed 0.6.2) 
@@ -39,6 +48,7 @@
 CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
 CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441247 [since FEDORA-2008-3059] 
 CVE-2008-1686 fixed (speex) #442572 [since FEDORA-2008-3103] 
+CVE-2008-1677 VULNERABLE (fedora-ds-base) #445809 
 CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
 CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
 CVE-2008-1670 fixed (kdelibs4) #444399 [since FEDORA-2008-3412] kdelibs 4.x only
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.207
retrieving revision 1.208
diff -u -r1.207 -r1.208
--- f9	7 May 2008 16:48:08 -0000	1.207
+++ f9	9 May 2008 18:59:07 -0000	1.208
@@ -5,6 +5,11 @@
 # (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2109 VULNERABLE (libid3tag) #445815 
+CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445823 
+CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
+CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445823 
+CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2000 ignore (WebKit) browser DoS
@@ -27,9 +32,13 @@
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9]
 CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9] 
+CVE-2008-1803 VULNERABLE (rdesktop) #445843 
+CVE-2008-1802 VULNERABLE (rdesktop) #445843 
+CVE-2008-1801 VULNERABLE (rdesktop) #445843 
 CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9] 
 CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9]
 CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9]
+CVE-2008-1722 VULNERABLE (cups) #445803 
 CVE-2008-1720 version (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9]
 CVE-2008-1693 version (xpdf, fixed 3.02) 
 CVE-2008-1693 version (poppler, fixed 0.6.2) 
@@ -39,6 +48,7 @@
 CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
 CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9]
 CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3]
+CVE-2008-1677 VULNERABLE (fedora-ds-base) #445810 
 CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped
 CVE-2008-1670 backport (kdelibs) [since kdelibs-4.0.3-7.fc9] 
 CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.373
retrieving revision 1.374
diff -u -r1.373 -r1.374
--- fc7	7 May 2008 16:48:08 -0000	1.373
+++ fc7	9 May 2008 18:59:07 -0000	1.374
@@ -7,6 +7,11 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] 
+CVE-2008-2109 VULNERABLE (libid3tag) #445813 
+CVE-2008-2105 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445821 
+CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
+CVE-2008-2103 VULNERABLE (bugzilla, fixed 3.0.4, 3.1.4) #445821 
+CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319] 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2000 ignore (WebKit) browser DoS
@@ -29,8 +34,12 @@
 CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358] 
+CVE-2008-1803 VULNERABLE (rdesktop) #445841 
+CVE-2008-1802 VULNERABLE (rdesktop) #445841 
+CVE-2008-1801 VULNERABLE (rdesktop) #445841 
 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] 
 CVE-2008-1729 ignore (drupal) 6.x only
+CVE-2008-1722 VULNERABLE (cups) #445801 
 CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060] 
 CVE-2008-1693 version (xpdf, fixed 3.02) 
 CVE-2008-1693 ignore (kdegraphics) not affected
@@ -40,6 +49,7 @@
 CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
 CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117] 
 CVE-2008-1686 fixed (speex) #442571 [since FEDORA-2008-3191] 
+CVE-2008-1677 VULNERABLE (fedora-ds-base) #445808 
 CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
 CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
 CVE-2008-1670 fixed (kdelibs4) #444398 [since FEDORA-2008-3379] kdelibs 4.x only

    