fedora-security/audit f10, 1.9, 1.10 f8, 1.227, 1.228 f9, 1.217, 1.218

Friday, 4 July 2008

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28443/audit

Modified Files:
	f10 f8 f9 
Log Message:
week of issues



Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10

--- f10	1 Jul 2008 09:59:00 -0000	1.9
+++ f10	4 Jul 2008 20:12:09 -0000	1.10
@@ -4,8 +4,39 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
 
+CVE-2008-2960 version (phpMyAdmin, fixed 2.11.7) [since phpMyAdmin-2.11.7-1.fc10]
PMASA-2008-4
+CVE-2008-2954 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
+CVE-2008-2953 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
+CVE-2008-2952 backport (openldap) #453728 [since openldap-2.4.10-2.fc10]
+CVE-2008-2942 VULNERABLE (mercurial) 
 CVE-2008-2841 ignore (xchat) windows-only, IE bug
 CVE-2008-2827 backport (perl) #452642 [since perl-5.10.0-28.fc10]
+CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2811 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2810 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2810 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2809 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2809 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2808 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2808 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2807 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2807 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2806 ignore (firefox, fixed 3.0) Mac OS X specific
+CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
+CVE-2008-2805 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2805 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2803 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2803 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2802 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2802 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2801 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2801 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2800 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2800 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2799 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2799 VULNERABLE (seamonkey, fixed 1.1.10) 
+CVE-2008-2798 version (firefox, fixed 3.0) [since firefox-3.0-1.fc10] 
+CVE-2008-2798 VULNERABLE (seamonkey, fixed 1.1.10) 
 CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
 CVE-2008-2726 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since
ruby-1.8.6.230-1.fc10]
@@ -15,6 +46,7 @@
 CVE-2008-2722 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
 CVE-2008-2721 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
 CVE-2008-2720 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
+CVE-2008-2719 version (nasm, fixed 2.03.01) [since nasm-2.03.01-1.fc10] 
 CVE-2008-2713 version (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc10] 
 CVE-2008-2711 backport (fetchmail, fixed 6.3.9) #452959 crash only in verbose mode [since
fetchmail-6.3.8-7.fc10]
 CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
@@ -25,13 +57,20 @@
 CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10] 
 CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by
default
+CVE-2008-2377 version (gnutls, fixed 2.4.1) [since gnutls-2.4.1-1.fc10] 
+CVE-2008-2376 backport (ruby, fixed 1.8.6-p257) [since ruby-1.8.6.230-4.fc10] 
 CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
+CVE-2008-2374 version (bluez-libs, fixed 3.34) #452822 [since bluez-libs-3.34-1.fc10]
+CVE-2008-2371 backport (pcre) #453557 [since pcre-7.3-4.fc10]
+CVE-2008-2371 version (glib2) #453561 [since glib2-2.17.3-1.fc10]
 CVE-2008-2363 VULNERABLE (pan) #449335 
 CVE-2008-2362 version (xorg-x11-server) #450927 [since
xorg-x11-server-1.4.99.902-2.20080612.fc10]
 CVE-2008-2361 version (xorg-x11-server) #450927 [since
xorg-x11-server-1.4.99.902-2.20080612.fc10]
 CVE-2008-2360 version (xorg-x11-server) #450927 [since
xorg-x11-server-1.4.99.902-2.20080612.fc10]
 CVE-2008-2359 ignore (system-config-network) F8 specific issue
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
+CVE-2008-2310 ignore (binutils) blocked by fortify_source
+CVE-2008-2307 version (WebKit, fixed svn34204) [since WebKit-1.0.0-0.11.svn34279.fc10] 
 CVE-2008-2302 version (Django, fixed 0.96.2) #447260 [since Django-0.96.2-1.fc10]
 CVE-2008-2292 backport (net-snmp, fixed 5.4.2.pre1) [since net-snmp-5.4.1-19.fc10] 
 CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
@@ -54,10 +93,10 @@
 CVE-2008-1947 VULNERABLE (tomcat5, fixed 5.5.27) 
 CVE-2008-1947 VULNERABLE (tomcat6, fixed 6.0.17) 
 CVE-2008-1944 version (xen, fixed 3.2) 
-CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc10]
+CVE-2008-1943 backport (xen) [since xen-3.2.0-11.fc10]
 CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10]
 CVE-2008-1926 backport (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] 
-CVE-2008-1891 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
+CVE-2008-1891 version (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 [since
ruby-1.8.6.230-1.fc10]
 CVE-2008-1836 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
 CVE-2008-1808 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10] 
 CVE-2008-1807 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10] 
@@ -69,7 +108,7 @@
 CVE-2008-1771 version (mt-daapd) [since mt-daapd-0.2.4.2-2.fc10]
 CVE-2008-1767 version (libxslt, fixed 1.1.24) [since libxslt-1.1.24-1.fc10] 
 CVE-2008-1678 VULNERABLE (httpd) #447312 only affects systems with openssl >= 0.9.8e
-CVE-2008-1677 VULNERABLE (fedora-ds-base) #445810 
+CVE-2008-1677 version (fedora-ds-base, fixed 1.1.1) #445810 [since
fedora-ds-base-1.1.1-1.fc10]
 CVE-2008-1672 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10]
 CVE-2008-1531 backport (lighttpd) [since lighttpd-1.4.19-4.fc10]
 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 
@@ -104,6 +143,9 @@
 CVE-2007-5907 VULNERABLE (xen) #390121
 CVE-2007-5906 VULNERABLE (xen) #390121
 CVE-2007-5803 version (nagios, fixed 2.12) #446383 [since nagios-2.12-3.fc10]
+CVE-2007-5615 backport (jetty) [since jetty-5.1.14-1jpp.1.fc10] 
+CVE-2007-5614 backport (jetty) [since jetty-5.1.14-1jpp.1.fc10] 
+CVE-2007-5613 backport (jetty) [since jetty-5.1.14-1jpp.1.fc10] 
 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
 CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory
traversal
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where
we use the code.
@@ -112,4 +154,4 @@
 CVE-2007-0062 version (dhcp, fixed 4.0.0) 
 CVE-2006-6698 fixed (GConf2) 
 CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group
-
+CVE-2004-0918 version (squid) [since squid-3.0.STABLE7-1.fc10] 


Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.227
retrieving revision 1.228
diff -u -r1.227 -r1.228
--- f8	1 Jul 2008 09:59:00 -0000	1.227
+++ f8	4 Jul 2008 20:12:09 -0000	1.228
@@ -6,8 +6,39 @@
 
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
+CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5640] PMASA-2008-4
+CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] 
+CVE-2008-2953 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] 
+CVE-2008-2952 fixed (openldap) #453726 [since FEDORA-2008-6029] 
+CVE-2008-2942 VULNERABLE (mercurial) 
 CVE-2008-2841 ignore (xchat) windows-only, IE bug
 CVE-2008-2827 ignore (perl) perl 5.10 only
+CVE-2008-2811 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2811 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
+CVE-2008-2810 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2810 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
+CVE-2008-2809 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2809 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
+CVE-2008-2808 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2808 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
+CVE-2008-2807 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2807 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
+CVE-2008-2806 ignore (firefox, fixed 2.0.0.15) Mac OS X specific
+CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
+CVE-2008-2805 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2805 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
+CVE-2008-2803 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2803 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
+CVE-2008-2802 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2802 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
+CVE-2008-2801 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2801 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
+CVE-2008-2800 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2800 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
+CVE-2008-2799 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2799 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
+CVE-2008-2798 VULNERABLE (firefox, fixed 2.0.0.15) [since firefox-2.0.0.15-1.fc8] 
+CVE-2008-2798 VULNERABLE (seamonkey, fixed 1.1.10) #453954 
 CVE-2008-2783 VULNERABLE (kronolith) 
 CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
@@ -18,6 +49,7 @@
 CVE-2008-2722 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5479] 
 CVE-2008-2721 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5479] 
 CVE-2008-2720 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5479] 
+CVE-2008-2719 ignore (nasm, fixed 2.03.01) not affected
 CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1) 
 CVE-2008-2711 VULNERABLE (fetchmail, fixed 6.3.9) crash only in verbose mode
 CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
@@ -28,13 +60,20 @@
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4842] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by
default
+CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only
+CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6094] 
 CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
+CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 
+CVE-2008-2371 VULNERABLE (pcre) #453555 
+CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025] 
 CVE-2008-2363 VULNERABLE (pan) #449333 
 CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-2361 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-2360 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633] 
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
+CVE-2008-2310 ignore (binutils) blocked by fortify_source
+CVE-2008-2307 VULNERABLE (WebKit, fixed svn34204) #454094 
 CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248] 
 CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5218] 
 CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
@@ -109,7 +148,7 @@
 CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441247 [since FEDORA-2008-3059] 
 CVE-2008-1686 fixed (speex) #442572 [since FEDORA-2008-3103] 
 CVE-2008-1678 ignore (httpd) only affects systems with openssl >= 0.9.8e
-CVE-2008-1677 VULNERABLE (fedora-ds-base) #445809 
+CVE-2008-1677 version (fedora-ds-base, fixed 1.1.1) #445809 [since FEDORA-2008-4941]
 CVE-2008-1672 ignore (openssl, fixed 0.9.8h) not affected
 CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
 CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
@@ -481,6 +520,9 @@
 CVE-2007-5690 version (zaptel) [since FEDORA-2007-2860] not really an issue
 CVE-2007-5624 version (nagios, fixed 2.10) #362801 [since FEDORA-2007-4145]
 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since
FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8
+CVE-2007-5615 VULNERABLE (jetty) [since jetty-5.1.14-1jpp.1.fc8] 
+CVE-2007-5614 VULNERABLE (jetty) [since jetty-5.1.14-1jpp.1.fc8] 
+CVE-2007-5613 VULNERABLE (jetty) [since jetty-5.1.14-1jpp.1.fc8] 
 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since
FEDORA-2007-3636]
 CVE-2007-5503 version (cairo, fixed 1.4.12) [since FEDORA-2007-3913] 
 CVE-2007-5501 version (kernel) [since FEDORA-2007-3837]
@@ -628,5 +670,6 @@
 CVE-2005-4790 backport (blam, fixed 1.8.4) #395761 [since FEDORA-2007-3798]
 CVE-2005-4790 backport (tomboy) #362951 [since FEDORA-2007-3253]
 CVE-2005-3675 ignore (kernel) optack, no upstream fix -- TCP protocol weakness
+CVE-2004-0918 version (squid) 
 CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go
away physically moz#198442
 CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go
away physically moz#198442


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.217
retrieving revision 1.218
diff -u -r1.217 -r1.218
--- f9	1 Jul 2008 09:59:00 -0000	1.217
+++ f9	4 Jul 2008 20:12:10 -0000	1.218
@@ -5,8 +5,39 @@
 # (mozilla) = (gecko-libs dependent stuff)
 
 rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5676] PMASA-2008-4
+CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018] 
+CVE-2008-2953 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018] 
+CVE-2008-2952 fixed (openldap) #453727 [since FEDORA-2008-6062] 
+CVE-2008-2942 VULNERABLE (mercurial) 
 CVE-2008-2841 ignore (xchat) windows-only, IE bug
 CVE-2008-2827 fixed (perl) #452641 [since FEDORA-2008-5739] 
+CVE-2008-2811 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2811 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
+CVE-2008-2810 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2810 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
+CVE-2008-2809 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2809 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
+CVE-2008-2808 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2808 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
+CVE-2008-2807 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2807 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
+CVE-2008-2806 ignore (firefox, fixed 3.0) Mac OS X specific
+CVE-2008-2806 ignore (seamonkey, fixed 1.1.10) Mac OS X specific
+CVE-2008-2805 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2805 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
+CVE-2008-2803 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2803 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
+CVE-2008-2802 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2802 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
+CVE-2008-2801 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2801 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
+CVE-2008-2800 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2800 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
+CVE-2008-2799 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2799 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
+CVE-2008-2798 version (firefox, fixed 3.0) [since firefox-3.0-1.fc9] 
+CVE-2008-2798 VULNERABLE (seamonkey, fixed 1.1.10) #453955 
 CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
 CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
 CVE-2008-2726 fixed (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 [since FEDORA-2008-5664]

@@ -16,6 +47,7 @@
 CVE-2008-2722 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5576] 
 CVE-2008-2721 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5576] 
 CVE-2008-2720 fixed (gallery2, fixed 2.2.5) [since FEDORA-2008-5576] 
+CVE-2008-2719 VULNERABLE (nasm, fixed 2.03.01) [since nasm-2.03.01-1.fc9] 
 CVE-2008-2713 fixed (clamav, fixed 0.93.1) [since FEDORA-2008-5476] 
 CVE-2008-2711 VULNERABLE (fetchmail, fixed 6.3.9) crash only in verbose mode
 CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
@@ -26,13 +58,20 @@
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by
default
+CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only
+CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6033] 
 CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
+CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452821 
+CVE-2008-2371 VULNERABLE (pcre) #453556 
+CVE-2008-2371 fixed (glib2) #453560 [since FEDORA-2008-6048] 
 CVE-2008-2363 VULNERABLE (pan) #449334 
 CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-2361 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-2360 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-2359 ignore (system-config-network) F8 specific issue
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
+CVE-2008-2310 ignore (binutils) blocked by fortify_source
+CVE-2008-2307 VULNERABLE (WebKit, fixed svn34204) #454095 
 CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267] 
 CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5215] 
 CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
@@ -110,7 +149,7 @@
 CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since
libfishsound-0.9.1-1.fc9]
 CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3]
 CVE-2008-1678 VULNERABLE (httpd) #447311 only affects systems with openssl >= 0.9.8e
-CVE-2008-1677 VULNERABLE (fedora-ds-base) #445810 
+CVE-2008-1677 version (fedora-ds-base, fixed 1.1.1) #445810 [since FEDORA-2008-4884]
 CVE-2008-1672 fixed (openssl, fixed 0.9.8h) #448690 [since FEDORA-2008-4723] 
 CVE-2008-1671 ignore (kdelibs) start_kdeinit not shipped
 CVE-2008-1670 backport (kdelibs) [since kdelibs-4.0.3-7.fc9] 
@@ -473,6 +512,9 @@
 CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
 CVE-2007-5624 version (nagios, fixed 2.10) #362811 [since nagios-2.10-3.fc9]
 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731
+CVE-2007-5615 VULNERABLE (jetty) [since jetty-5.1.14-1jpp.1.fc9] 
+CVE-2007-5614 VULNERABLE (jetty) [since jetty-5.1.14-1jpp.1.fc9] 
+CVE-2007-5613 VULNERABLE (jetty) [since jetty-5.1.14-1jpp.1.fc9] 
 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
 CVE-2007-5503 version (cairo, fixed 1.4.12) [since cairo-1.5.4-1.fc9] 
 CVE-2007-5497 backport (e2fsprogs) #414591 [since e2fsprogs-1.40.2-14.fc9]
@@ -599,5 +641,6 @@
 CVE-2005-4790 backport (blam, fixed 1.8.4) #395771 [since blam-1.8.3-11.fc9]
 CVE-2005-4790 backport (tomboy) #362961 [since tomboy-0.8.1-2.fc9]
 CVE-2005-3675 ignore (kernel) optack, no upstream fix -- TCP protocol weakness
+CVE-2004-0918 fixed (squid) [since FEDORA-2008-6045] 
 CVE-2003-1265 ignore (thunderbird) Stuff deleted from userspace is not guarranteed to go
away physically moz#198442
 CVE-2003-1265 ignore (seamonkey) Stuff deleted from userspace is not guarranteed to go
away physically moz#198442


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007