fedora-security/audit f8, 1.96, 1.97 f9, 1.88, 1.89 fc7, 1.252, 1.253 - security-commits - Fedora mailing-lists

23 Jan 2008

Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26507
Modified Files:
    f8 f9 fc7 
Log Message:
A bunch of updates went out, tracking pulseaudio and tomcat
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97

--- f8	22 Jan 2008 19:21:47 -0000	1.96
+++ f8	23 Jan 2008 18:59:44 -0000	1.97
@@ -7,7 +7,9 @@
 # Up to date CVE as of CVE email 20071215
 # Up to date F8 as of 20080111
-GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552
+GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429903 
+GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 
+CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] 
 CVE-2008-0364 ignore (bittorrent) Windows only
 CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] 
 CVE-2008-0285 ignore (ngircd) Not yet in Fedora, review request #234926
@@ -23,12 +25,12 @@
 CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.
 **CVE-2008-0192 version (wordpress, not fixed 2.0.9) 
 CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
-CVE-2008-0172 VULNERABLE (boost) #428975 
-CVE-2008-0171 VULNERABLE (boost) #428975 
+CVE-2008-0172 VULNERABLE (boost) #428975 [since FEDORA-2008-0754] 
+CVE-2008-0171 VULNERABLE (boost) #428975 [since FEDORA-2008-0754] 
 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] 
-CVE-2008-0122 VULNERABLE (bind) #429149 
+CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] 
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
-CVE-2008-0006 VULNERABLE (libXfont) #429132 
+CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] 
 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 
 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] 
 CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4778] 
@@ -58,18 +60,18 @@
 CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
 CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
 CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
-CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 
-CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 
-CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 
+CVE-2007-6429 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] 
+CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] 
+CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] 
 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
 CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982 
 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982 
 CVE-2007-6420 ignore (httpd) wontfix by upstream
 CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429732 
 CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982 
-CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
-CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
-CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
+CVE-2007-6337 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
+CVE-2007-6336 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
+CVE-2007-6335 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
 CVE-2007-6437 fixed (syslog-ng) #426306 [since FEDORA-2008-0523] 
 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651]
 CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170
@@ -124,7 +126,7 @@
 CVE-2007-5964 backport (autofs) #409701 [since FEDORA-2007-4532]
 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
 CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
-CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 
+CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] 
 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3962]
 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
 CVE-2007-5937 backport (tetex) #379861 [since FEDORA-2007-3308] Multiple dviljk buffer overflows
@@ -142,7 +144,7 @@
 CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
 CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429126 
+CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] 
 CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
 CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.88
retrieving revision 1.89
diff -u -r1.88 -r1.89
--- f9	22 Jan 2008 19:21:47 -0000	1.88
+++ f9	23 Jan 2008 18:59:44 -0000	1.89
@@ -7,7 +7,9 @@
 # Up to date CVE as of CVE email 20071211
 # Up to date F9 as of 20071029
-GENERIC-MAP-NOMATCH fixed (mantis) #429552 [since mantis-1.1.1-1.fc9]
+GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429905 
+GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 
+CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9]
 CVE-2008-0364 ignore (bittorrent) Windows only
 CVE-2008-0299 fixed (python-paramiko) #428730 [since python-paramiko-1.7.1-3.fc9]
 CVE-2008-0274 version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.252
retrieving revision 1.253
diff -u -r1.252 -r1.253
--- fc7	22 Jan 2008 19:21:47 -0000	1.252
+++ fc7	23 Jan 2008 18:59:44 -0000	1.253
@@ -8,7 +8,9 @@
 # Up to date CVE as of CVE email 200711215
 # Up to date FC7 as of 20080111
-GENERIC-MAP-NOMATCH VULNERABLE (mantis) #429552
+GENERIC-MAP-NOMATCH VULNERABLE (tomcat5) #429904 
+GENERIC-MAP-NOMATCH VULNERABLE (pulseaudio) #425481 
+CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796] 
 CVE-2008-0364 ignore (bittorrent) Windows only
 CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] 
 CVE-2008-0274 version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469]
@@ -24,12 +26,12 @@
 CVE-2008-0193 ignore (wordpress, not fixed 2.0.11, and possibly 2.1.x and 2.3.x) wp-db-backup not in wp 2.3.2
 **CVE-2008-0192 version (wordpress, not fixed 2.0.9) 
 CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
-CVE-2008-0172 VULNERABLE (boost) #428974 
-CVE-2008-0171 VULNERABLE (boost) #428974 
+CVE-2008-0172 fixed (boost) #428974 [since FEDORA-2008-0880] 
+CVE-2008-0171 fixed (boost) #428974 [since FEDORA-2008-0880] 
 CVE-2008-0123 fixed (moodle) #428731 [since FEDORA-2008-0610] 
-CVE-2008-0122 VULNERABLE (bind) #429149 
+CVE-2008-0122 fixed (bind) #429149 [since FEDORA-2008-0904] 
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
-CVE-2008-0006 VULNERABLE (libXfont) #429131 
+CVE-2008-0006 fixed (libXfont) #429131 [since FEDORA-2008-0891] 
 CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 
 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] 
 CVE-2007-6693 version (gallery2, fixed 2.2.4) [since FEDORA-2007-4777] 
@@ -58,18 +60,18 @@
 CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
 CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
 CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
-CVE-2007-6429 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 
-CVE-2007-6428 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 
-CVE-2007-6427 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 
+CVE-2007-6429 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] 
+CVE-2007-6428 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] 
+CVE-2007-6427 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] 
 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
 CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983 
 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983 
 CVE-2007-6420 ignore (httpd) wontfix by upstream
 CVE-2007-6415 VULNERABLE (scponly, fixed 4.8) #429731 
 CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983 
-CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
-CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
-CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
+CVE-2007-6337 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
+CVE-2007-6336 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
+CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
 CVE-2007-6437 fixed (syslog-ng) #426305 [since FEDORA-2008-0559] 
 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593]
 CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169
@@ -124,7 +126,7 @@
 CVE-2007-5964 backport (autofs) #421351 [since FEDORA-2007-4469]
 CVE-2007-5960 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
 CVE-2007-5959 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
-CVE-2007-5958 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 
+CVE-2007-5958 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] 
 CVE-2007-5947 version (mozilla, fixed ff 2.0.0.10, sm 1.1.7) [since FEDORA-2007-3952]
 CVE-2007-5938 VULNERABLE (kernel) #385861 iwlwifi
 CVE-2007-5937 backport (tetex) #379831 [since FEDORA-2007-3390] Multiple dviljk buffer overflows
@@ -141,7 +143,7 @@
 CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
 CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
 CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
-CVE-2007-5760 VULNERABLE (xorg-x11-server, fixed 1.4.1) #429125 
+CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] 
 CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
 CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
 CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]

    