Author: thoger
Update of /cvs/fedora/fedora-security/audit In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18369/audit
Modified Files: f10 f8 f9 Log Message: jhead + updates
Index: f10 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f10,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- f10 14 Oct 2008 16:05:00 -0000 1.20 +++ f10 22 Oct 2008 17:14:54 -0000 1.21 @@ -4,6 +4,10 @@ # *CVE are items that need verification for Fedora 10 # (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-4641 VULNERABLE (jhead) +CVE-2008-4640 VULNERABLE (jhead) +CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] +CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10] CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10]
Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.239 retrieving revision 1.240 diff -u -r1.239 -r1.240 --- f8 14 Oct 2008 16:05:00 -0000 1.239 +++ f8 22 Oct 2008 17:14:54 -0000 1.240 @@ -6,6 +6,10 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-4641 VULNERABLE (jhead) +CVE-2008-4640 VULNERABLE (jhead) +CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941] +CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941] CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582] @@ -28,7 +32,7 @@ CVE-2008-4100 VULNERABLE (adns) #462752 upstream design decision CVE-2008-4099 VULNERABLE (python-pydns, fixed 2.3.2) #462765 CVE-2008-4096 fixed (phpMyAdmin, fixed 2.11.9.1) [since FEDORA-2008-8269] -CVE-2008-4094 VULNERABLE (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8282] +CVE-2008-4094 fixed (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8282] CVE-2008-4070 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] CVE-2008-4069 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] CVE-2008-4069 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] @@ -95,12 +99,12 @@ CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719] CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464184 CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871 -CVE-2008-3661 VULNERABLE (drupal) #464163 ignored by upstream +CVE-2008-3661 fixed (drupal) #464163 [since FEDORA-2008-8905] ignored by upstream CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736] -CVE-2008-3652 VULNERABLE (ipsec-tools) #465472 -CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472 +CVE-2008-3652 VULNERABLE (ipsec-tools) #465472 [since FEDORA-2008-9016] +CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472 [since FEDORA-2008-9016] CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466418 CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466418 CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466418 @@ -147,7 +151,7 @@ CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645] -CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464135 +CVE-2008-3102 fixed (mantis, fixed 1.1.3) #464135 [since FEDORA-2008-9015] CVE-2008-3067 VULNERABLE (sudo, fixed 1.6.9p12) CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5640] PMASA-2008-4 CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038] @@ -229,7 +233,7 @@ CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6094] CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only -CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140] +CVE-2008-2374 fixed (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140] CVE-2008-2371 fixed (pcre) #453555 [since FEDORA-2008-6111] CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025] CVE-2008-2370 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.230 retrieving revision 1.231 diff -u -r1.230 -r1.231 --- f9 14 Oct 2008 16:05:00 -0000 1.230 +++ f9 22 Oct 2008 17:14:54 -0000 1.231 @@ -5,6 +5,10 @@ # (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15) +CVE-2008-4641 VULNERABLE (jhead) +CVE-2008-4640 VULNERABLE (jhead) +CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] +CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928] CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958 CVE-2008-4434 ignore (bittorrent) 6.x only CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] @@ -88,7 +92,7 @@ CVE-2008-3790 fixed (ruby) [since FEDORA-2008-8738] CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243] CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7279] -CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415 [since FEDORA-2008-7661] +CVE-2008-3746 fixed (neon, fixed 0.28.3) #460415 [since FEDORA-2008-7661] CVE-2008-3745 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] CVE-2008-3744 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] CVE-2008-3743 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] @@ -99,12 +103,12 @@ CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739] CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559] CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872 -CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream +CVE-2008-3661 fixed (drupal) #464164 [since FEDORA-2008-8852] ignored by upstream CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738] -CVE-2008-3652 VULNERABLE (ipsec-tools) #465473 -CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473 +CVE-2008-3652 VULNERABLE (ipsec-tools) #465473 [since FEDORA-2008-9007] +CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473 [since FEDORA-2008-9007] CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466419 CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466419 CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466419 @@ -153,7 +157,7 @@ CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440] -CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464136 +CVE-2008-3102 fixed (mantis, fixed 1.1.3) #464136 [since FEDORA-2008-8925] CVE-2008-3067 version (sudo, fixed 1.6.9p12) CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5676] PMASA-2008-4 CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018]
security-commits@lists.fedoraproject.org