fedora-security/audit f8, 1.214, 1.215 f9, 1.204, 1.205 fc7, 1.370, 1.371 - security-commits - Fedora mailing-lists

5 May 2008

Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9744/audit
Modified Files:
    f8 f9 fc7 
Log Message:
note wordpress CVE id
check updates
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.214
retrieving revision 1.215
diff -u -r1.214 -r1.215

--- f8	2 May 2008 16:12:35 -0000	1.214
+++ f8	5 May 2008 08:37:37 -0000	1.215
@@ -6,24 +6,25 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 VULNERABLE (tor) 
+CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]  
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
 CVE-2008-1959 VULNERABLE (sipp, fixed 3.1) [since sipp-3.1-1.fc8] 
 CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
 CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc8] only for wp 2.5.0
-CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443940 
-CVE-2008-1927 VULNERABLE (perl) [since perl-5.8.8-39.fc8] 
-CVE-2008-1926 VULNERABLE (util-linux-ng) [since util-linux-ng-2.13.1-2.fc8] 
+CVE-2008-1928 fixed (perl-Imager, fixed 0.64) #443940 [since FEDORA-2008-3352] 
+CVE-2008-1927 fixed (perl) [since FEDORA-2008-3392] 
+CVE-2008-1926 fixed (util-linux-ng) [since FEDORA-2008-3419] 
 CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc8] PMASA-2008-3
 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
-CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc8] 
-CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443055 nsf demuxer overflow
+CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3390] 
+CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443055 [since FEDORA-2008-3353] nsf demuxer overflow
 CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3174] 
 CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
-CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442363 
+CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420] 
 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981] 
 CVE-2008-1729 ignore (drupal) 6.x only
 CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441690 [since FEDORA-2008-3047] 
@@ -37,14 +38,14 @@
 CVE-2008-1686 fixed (speex) #442572 [since FEDORA-2008-3103] 
 CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
 CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
-CVE-2008-1670 VULNERABLE (kdelibs4) #444399 kdelibs 4.x only
+CVE-2008-1670 fixed (kdelibs4) #444399 [since FEDORA-2008-3412] kdelibs 4.x only
 CVE-2008-1658 fixed (PolicyKit) #439995 [since FEDORA-2008-2987] 
 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375
 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2778] 
 CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440249 [since FEDORA-2008-3036] 
 CVE-2008-1628 fixed (audit) [since FEDORA-2008-3012] 
 CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868]
-CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] 
+CVE-2008-1612 fixed (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] 
 CVE-2008-1568 fixed (comix) improper shell escaping, bz#430635 [since FEDORA-2008-2981]
 CVE-2008-1567 fixed (phpMyAdmin, fixed 2.11.5.1) [since FEDORA-2008-2825] 
 CVE-2008-1563 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] 
@@ -52,7 +53,7 @@
 CVE-2008-1561 fixed (wireshark, fixed 1.0) #435487 [since FEDORA-2008-3040] 
 CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641] 
 CVE-2008-1532 version (Perlbal, fixed 1.70) #439056 [since FEDORA-2008-2778] 
-CVE-2008-1531 VULNERABLE (lighttpd) #439068 
+CVE-2008-1531 fixed (lighttpd) #439068 [since FEDORA-2008-3376] 
 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847 
 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
 CVE-2008-1482 fixed (xine-lib) #438670 [since FEDORA-2008-2849] 
@@ -61,9 +62,9 @@
 CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] 
 CVE-2008-1394 ignore (plone) 
 CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] 
-CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442363 
+CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] 
 CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
-CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc8]
+CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc8] 
 CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444436 
 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) 
 CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] 
@@ -119,9 +120,9 @@
 CVE-2008-1111 fixed (lighttpd) #435807 [since FEDORA-2008-2262] 
 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1043]
 CVE-2008-1102 VULNERABLE (blender) #443936 
-CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442363 
-CVE-2008-1099 VULNERABLE (moin) #438673 
-CVE-2008-1098 VULNERABLE (moin) #438673 
+CVE-2008-1100 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] 
+CVE-2008-1099 fixed (moin) #438673 [since FEDORA-2008-3301] 
+CVE-2008-1098 fixed (moin) #438673 [since FEDORA-2008-3301] 
 CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package
 CVE-2008-1072 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040] 
 CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435487 [since FEDORA-2008-3040] 
@@ -211,7 +212,7 @@
 CVE-2008-0364 ignore (bittorrent) Windows only
 CVE-2008-0320 fixed (openoffice.org, fixed 2.4) #442846 [since FEDORA-2008-3251] 
 CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1625] 
-CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442363 
+CVE-2008-0314 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] 
 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1459]
 CVE-2008-0304 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060] 
 CVE-2008-0299 fixed (python-paramiko) #428728 [since FEDORA-2008-0722] 
@@ -245,7 +246,7 @@
 CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] 
 CVE-2008-0002 fixed (tomcat5) #432474 [since FEDORA-2008-1467] 
-CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443021 
+CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443021 [since FEDORA-2008-3333] 
 CVE-2007-6703 fixed (vdccm, fixed 0.10.1) #436026 [since FEDORA-2008-0680] 
 CVE-2007-6698 version (openldap, fixed 2.3.36) 
 CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430241 [since FEDORA-2008-1208]
@@ -330,7 +331,7 @@
 CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958]
 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
 CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] 
-CVE-2007-6061 VULNERABLE (audacity) #393251
+CVE-2007-6061 VULNERABLE (audacity) #393251 
 CVE-2007-6029 ignore (clamav) insufficient information about the issue
 CVE-2007-6018 fixed (horde) #428628 [since FEDORA-2008-2040] 
 CVE-2007-6018 fixed (imp) #428632 [since FEDORA-2008-2040]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.204
retrieving revision 1.205
diff -u -r1.204 -r1.205
--- f9	2 May 2008 16:12:35 -0000	1.204
+++ f9	5 May 2008 08:37:37 -0000	1.205
@@ -5,6 +5,7 @@
 # (mozilla) = (gecko-libs dependent stuff)
rhbz249840 VULNERABLE (tor) 
+CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444405 
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.370
retrieving revision 1.371
diff -u -r1.370 -r1.371
--- fc7	2 May 2008 16:12:35 -0000	1.370
+++ fc7	5 May 2008 08:37:37 -0000	1.371
@@ -7,6 +7,7 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] 
+CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319] 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
@@ -14,31 +15,31 @@
 CVE-2008-1937 ignore (moin, fixed 1.6.3) 1.6.x only
 CVE-2008-1930 ignore (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc7] only for wp 2.5.0
 CVE-2008-1928 VULNERABLE (perl-Imager, fixed 0.64) #443939 
-CVE-2008-1927 VULNERABLE (perl) [since perl-5.8.8-29.fc7] 
+CVE-2008-1927 fixed (perl) [since FEDORA-2008-3399] 
 CVE-2008-1926 VULNERABLE (util-linux) 
 CVE-2008-1924 VULNERABLE (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc7] PMASA-2008-3
 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
-CVE-2008-1897 VULNERABLE (asterisk, fixed 1.4.19.1) [since asterisk-1.4.19.1-1.fc7] 
-CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443054 nsf demuxer overflow
+CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3365] 
+CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443054 [since FEDORA-2008-3326] nsf demuxer overflow
 CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3070] 
 CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
-CVE-2008-1833 VULNERABLE (clamav, fixed 0.93-rc1) #442362 
+CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358] 
 CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993] 
 CVE-2008-1729 ignore (drupal) 6.x only
 CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060] 
 CVE-2008-1693 version (xpdf, fixed 3.02) 
 CVE-2008-1693 ignore (kdegraphics) not affected
 CVE-2008-1693 ignore (koffice) not affected
-CVE-2008-1693 VULNERABLE (poppler, fixed 0.6.2) #443026 
+CVE-2008-1693 fixed (poppler, fixed 0.6.2) #443026 [since FEDORA-2008-3312] 
 CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue
 CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
 CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117] 
 CVE-2008-1686 fixed (speex) #442571 [since FEDORA-2008-3191] 
 CVE-2008-1671 ignore (kdelibs) start_kdeinit not setuid
 CVE-2008-1670 ignore (kdelibs) kdelibs 4.x only
-CVE-2008-1670 VULNERABLE (kdelibs4) #444398 kdelibs 4.x only
+CVE-2008-1670 fixed (kdelibs4) #444398 [since FEDORA-2008-3379] kdelibs 4.x only
 CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461
 CVE-2008-1652 version (Perlbal, fixed 1.70) [since FEDORA-2008-2788] 
 CVE-2008-1637 fixed (pdns-recursor, fixed 3.1.5) #440248 [since FEDORA-2008-3010] 
@@ -52,7 +53,7 @@
 CVE-2008-1561 fixed (wireshark, fixed 1.0) #435485 [since FEDORA-2008-2941] 
 CVE-2008-1552 fixed (libsilc, fixed 1.1.7) #438382 [since FEDORA-2008-2641] 
 CVE-2008-1532 version (Perlbal, fixed 1.70) #439055 [since FEDORA-2008-2788] 
-CVE-2008-1531 VULNERABLE (lighttpd) #439067 
+CVE-2008-1531 fixed (lighttpd) #439067 [since FEDORA-2008-3343] 
 CVE-2008-1515 VULNERABLE (otrs) #439723
 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846 
 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
@@ -62,7 +63,7 @@
 CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] 
 CVE-2008-1394 ignore (plone) 
 CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] 
-CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442362 
+CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] 
 CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used
 CVE-2008-1382 ignore (libpng10) [since libpng10-1.0.33-1.fc7] 
 CVE-2008-1381 VULNERABLE (zoneminder, fixed 1.23.3) #444435 
@@ -120,9 +121,9 @@
 CVE-2008-1111 fixed (lighttpd) #435808 [since FEDORA-2008-2278] 
 CVE-2008-1110 version (xine-lib, fixed 1.1.10) [since FEDORA-2008-1047]
 CVE-2008-1102 VULNERABLE (blender) #443935 
-CVE-2008-1100 VULNERABLE (clamav, fixed 0.93) #442362 
-CVE-2008-1099 VULNERABLE (moin) #438672 
-CVE-2008-1098 VULNERABLE (moin) #438672 
+CVE-2008-1100 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] 
+CVE-2008-1099 fixed (moin) #438672 [since FEDORA-2008-3328] 
+CVE-2008-1098 fixed (moin) #438672 [since FEDORA-2008-3328] 
 CVE-2008-1078 ignore (am-utils) does not seem used by any other Fedora package
 CVE-2008-1072 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941] 
 CVE-2008-1071 fixed (wireshark, fixed 0.99.8) #435485 [since FEDORA-2008-2941] 
@@ -130,10 +131,10 @@
 CVE-2008-1066 version (php-Smarty, fixed 2.6.19) #435812 [since FEDORA-2008-1928]
 CVE-2008-1066 fixed (gallery2) #438059 [since FEDORA-2008-2650] 
 CVE-2008-1066 fixed (php-pear-PhpDocumentor) #438063 [since FEDORA-2008-2656] 
-CVE-2008-1026 VULNERABLE (WebKit, fixed r31388) [since WebKit-1.0.0-0.8.svn31787.fc7] 
-CVE-2008-1025 VULNERABLE (WebKit, fixed r31438) [since WebKit-1.0.0-0.8.svn31787.fc7] 
-CVE-2008-1011 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] 
-CVE-2008-1010 VULNERABLE (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc7] 
+CVE-2008-1026 fixed (WebKit, fixed r31388) [since FEDORA-2008-3415] 
+CVE-2008-1025 fixed (WebKit, fixed r31438) [since FEDORA-2008-3415] 
+CVE-2008-1011 fixed (WebKit) [since FEDORA-2008-3415] 
+CVE-2008-1010 fixed (WebKit) [since FEDORA-2008-3415] 
 CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278] 
 CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] 
 CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...
@@ -211,7 +212,7 @@
 CVE-2008-0364 ignore (bittorrent) Windows only
 CVE-2008-0320 VULNERABLE (openoffice.org, fixed 2.4) #442845 
 CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1608] 
-CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442362 
+CVE-2008-0314 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] 
 CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1669]
 CVE-2008-0304 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118] 
 CVE-2008-0299 fixed (python-paramiko) #428729 [since FEDORA-2008-0644] 
@@ -245,7 +246,7 @@
 CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] 
 CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] 
 CVE-2008-0002 fixed (tomcat5) #432475 [since FEDORA-2008-1603] 
-CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443020 
+CVE-2007-6714 fixed (dbmail, fixed 2.2.9) #443020 [since FEDORA-2008-3371] 
 CVE-2007-6703 VULNERABLE (vdccm, fixed 0.10.1) #436025 
 CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307] 
 CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430239 [since FEDORA-2008-1231] 
@@ -329,7 +330,7 @@
 CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
 CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] 
-CVE-2007-6061 VULNERABLE (audacity) #393251
+CVE-2007-6061 VULNERABLE (audacity) #393251 
 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
 CVE-2007-6029 ignore (clamav) insufficient information about the issue
 CVE-2007-6018 fixed (horde) #428629 [since FEDORA-2008-2087] 
@@ -497,7 +498,7 @@
 CVE-2007-4568 version (xorg-x11-xfs, fixed 1.0.5) #373261 [since FEDORA-2007-4263]
 CVE-2007-4565 backport (fetchmail) #260861 [since FEDORA-2007-1983]
 CVE-2007-4560 version (clamav) #260583 [since FEDORA-2007-2050]
-CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
+CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315281 Upstream WONTFIX. See where we use the code.
 CVE-2007-4558 ignore (star, fixed 1.5a84) duplicate of CVE-2007-4134
 CVE-2007-4543 version (bugzilla, fixed 3.0.1) #256021 [since FEDORA-2007-1853]
 CVE-2007-4542 version (mapserver, fixed 4.10.3) #256561 [since FEDORA-2007-2018]

    