fedora-security/tools/lib/Libexig Fedora.pm, 1.1.2.3, 1.1.2.4
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23159/tools/lib/Libexig
Modified Files:
Tag: lkundrak-tools-ng
Fedora.pm
Log Message:
an attempt to unscrew add-tracking-bugs
Index: Fedora.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -r1.1.2.3 -r1.1.2.4
--- Fedora.pm 10 Jan 2008 18:01:24 -0000 1.1.2.3
+++ Fedora.pm 14 Jan 2008 13:52:05 -0000 1.1.2.4
@@ -199,6 +199,14 @@
return \@retval;
}
+# file_tracking_bugs
+#
+# Arguments:
+# - ref to list of parent bug ids
+# - ref to list of bugs to file (each element must be hash as expected by BZ)
+# this list is prepared by tracking_bugs
+# - Bugzilla object reference
+# - component
sub file_tracking_bugs
{
my $parent_bugs = shift;
@@ -212,6 +220,11 @@
use Data::Dumper;
my $bug_id = $bugzilla->file_bug ($bug);
+ if (!defined($bug_id)) {
+ print STDERR "Error: Bug creation failed! (dryrun mode?)\n";
+ #return undef;
+ }
+
### XXX: Move this somewhere else?
if ($bug->{'version'} ne 'rawhide') {
my $tr_comment =
@@ -224,7 +237,7 @@
'&bugs='.$bug_id;
foreach my $bug (@{$parent_bugs}) {
- $tr_comment .= ','.$bug->{'bug_id'};
+ $tr_comment .= ','.$bug;
}
$bugzilla->add_comment ($bug_id, $tr_comment);
16 years, 4 months
fedora-security/audit f8, 1.81, 1.82 f9, 1.73, 1.74
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13872/audit
Modified Files:
f8 f9
Log Message:
just note one old net-snmp issue
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- f8 14 Jan 2008 10:05:07 -0000 1.81
+++ f8 14 Jan 2008 12:49:26 -0000 1.82
@@ -114,6 +114,7 @@
CVE-2007-5906 VULNERABLE (xen) #390111
CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
CVE-2007-5848 version (cups, fixed 1.2.0)
+CVE-2007-5846 version (net-snmp, fixed 5.4.1)
CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -r1.73 -r1.74
--- f9 14 Jan 2008 10:05:07 -0000 1.73
+++ f9 14 Jan 2008 12:49:26 -0000 1.74
@@ -114,6 +114,7 @@
CVE-2007-5906 VULNERABLE (xen) #390121
CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9]
CVE-2007-5848 version (cups, fixed 1.2.0)
+CVE-2007-5846 version (net-snmp, fixed 5.4.1)
CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]
GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1]
16 years, 4 months
fedora-security/audit f8, 1.80, 1.81 f9, 1.72, 1.73 fc7, 1.237, 1.238
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28366/audit
Modified Files:
f8 f9 fc7
Log Message:
bunch of updates
some new issues
move some misplaced entries
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -r1.80 -r1.81
--- f8 14 Jan 2008 09:47:08 -0000 1.80
+++ f8 14 Jan 2008 10:05:07 -0000 1.81
@@ -5,14 +5,14 @@
# (mozilla) = (gecko-libs dependent stuff)
# Up to date CVE as of CVE email 20071215
-# Up to date F8 as of 20071221
+# Up to date F8 as of 20080111
-GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299]
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005
-CVE-2007-6018 VULNERABLE (horde) #428628
-CVE-2007-6018 VULNERABLE (imp) #428632
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485]
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485]
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485]
+CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0299]
+**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1)
+CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1)
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
@@ -39,8 +39,10 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
+CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982
+CVE-2007-6420 ignore (httpd) wontfix by upstream
CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982
CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
@@ -59,8 +61,8 @@
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465]
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
-CVE-2007-6285 VULNERABLE (autofs) #426400
-CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31)
+CVE-2007-6285 backport (autofs) #426400 [since FEDORA-2007-4707]
+CVE-2007-6284 version (libxml2, fixed 2.6.31) [since FEDORA-2008-0462]
CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655]
CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170]
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176]
@@ -86,6 +88,8 @@
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478]
CVE-2007-6061 VULNERABLE (audacity) #393251
+CVE-2007-6018 VULNERABLE (horde) #428628
+CVE-2007-6018 VULNERABLE (imp) #428632
CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275]
CVE-2007-6013 VULNERABLE (wordpress)
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- f9 14 Jan 2008 09:47:08 -0000 1.72
+++ f9 14 Jan 2008 10:05:07 -0000 1.73
@@ -7,12 +7,12 @@
# Up to date CVE as of CVE email 20071211
# Up to date F9 as of 20071029
-GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9]
GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007
GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006
GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005
-CVE-2007-6018 VULNERABLE (horde) #428630
-CVE-2007-6018 VULNERABLE (imp) #428634
+CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9]
+**CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9]
+CVE-2008-0225 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9]
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
@@ -39,8 +39,10 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984
+CVE-2007-6420 ignore (httpd) wontfix by upstream
CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427984
CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
@@ -87,6 +89,8 @@
CVE-2007-6067 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9]
+CVE-2007-6018 VULNERABLE (horde) #428630
+CVE-2007-6018 VULNERABLE (imp) #428634
CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28)
CVE-2007-6013 VULNERABLE (wordpress) #426434
CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.237
retrieving revision 1.238
diff -u -r1.237 -r1.238
--- fc7 14 Jan 2008 09:47:08 -0000 1.237
+++ fc7 14 Jan 2008 10:05:07 -0000 1.238
@@ -6,14 +6,14 @@
# A couple of first F7 updates were marked as FEDORA-2007-0001
# Up to date CVE as of CVE email 200711215
-# Up to date FC7 as of 20071221
+# Up to date FC7 as of 20080111
-GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333]
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006
-GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005
-CVE-2007-6018 VULNERABLE (horde) #428629
-CVE-2007-6018 VULNERABLE (imp) #428633
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469]
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469]
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469]
+CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333]
+**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1)
+CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1)
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
@@ -39,8 +39,10 @@
CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
+CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983
+CVE-2007-6420 ignore (httpd) wontfix by upstream
CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983
CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
@@ -60,7 +62,7 @@
CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471]
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709]
-CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31)
+CVE-2007-6284 version (libxml2, fixed 2.6.31) [since FEDORA-2008-0477]
CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658]
CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161]
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]
@@ -87,6 +89,8 @@
CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
+CVE-2007-6018 VULNERABLE (horde) #428629
+CVE-2007-6018 VULNERABLE (imp) #428633
CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269]
CVE-2007-6013 VULNERABLE (wordpress)
CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]
16 years, 4 months
fedora-security/audit f8, 1.79, 1.80 f9, 1.71, 1.72 fc7, 1.236, 1.237
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21392
Modified Files:
f8 f9 fc7
Log Message:
IMP & Horde
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- f8 13 Jan 2008 22:45:30 -0000 1.79
+++ f8 14 Jan 2008 09:47:08 -0000 1.80
@@ -11,6 +11,8 @@
GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007
GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006
GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005
+CVE-2007-6018 VULNERABLE (horde) #428628
+CVE-2007-6018 VULNERABLE (imp) #428632
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -r1.71 -r1.72
--- f9 11 Jan 2008 12:54:14 -0000 1.71
+++ f9 14 Jan 2008 09:47:08 -0000 1.72
@@ -11,6 +11,8 @@
GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007
GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006
GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005
+CVE-2007-6018 VULNERABLE (horde) #428630
+CVE-2007-6018 VULNERABLE (imp) #428634
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.236
retrieving revision 1.237
diff -u -r1.236 -r1.237
--- fc7 13 Jan 2008 22:45:30 -0000 1.236
+++ fc7 14 Jan 2008 09:47:08 -0000 1.237
@@ -12,6 +12,8 @@
GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007
GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006
GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005
+CVE-2007-6018 VULNERABLE (horde) #428629
+CVE-2007-6018 VULNERABLE (imp) #428633
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
16 years, 4 months
fedora-security/audit f8, 1.78, 1.79 fc7, 1.235, 1.236
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8057
Modified Files:
f8 fc7
Log Message:
Some new updates
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- f8 11 Jan 2008 12:54:14 -0000 1.78
+++ f8 13 Jan 2008 22:45:30 -0000 1.79
@@ -19,13 +19,13 @@
CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982
-CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427829
+CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572]
CVE-2007-6672 VULNERABLE (jetty) #428017
CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136]
GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103]
CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282]
-CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427773
-CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427773
+CVE-2007-6601 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478]
+CVE-2007-6600 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478]
CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password
CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw
CVE-2007-6595 VULNERABLE (clamav) #427287
@@ -43,7 +43,7 @@
CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
-CVE-2007-6437 VULNERABLE (syslog-ng) #426306
+CVE-2007-6437 VULNERABLE (syslog-ng) #426306 [since FEDORA-2008-0523]
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170
CVE-2007-6353 VULNERABLE (exiv2) #425923
@@ -82,7 +82,7 @@
CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
-CVE-2007-6067 VULNERABLE (postgresql, fixed 8.2.6) #427773
+CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478]
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275]
CVE-2007-6013 VULNERABLE (wordpress)
@@ -156,8 +156,8 @@
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway
CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281
-CVE-2007-4772 VULNERABLE (postgresql, fixed 8.2.6) #427773
-CVE-2007-4769 VULNERABLE (postgresql, fixed 8.2.6) #427773
+CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478]
+CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478]
CVE-2007-4752 version (openssh, fixed 4.7) #280461
CVE-2007-4619 version (flac, fixed 1.2) #332581
CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-4172]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.235
retrieving revision 1.236
diff -u -r1.235 -r1.236
--- fc7 11 Jan 2008 12:54:14 -0000 1.235
+++ fc7 13 Jan 2008 22:45:30 -0000 1.236
@@ -20,12 +20,12 @@
CVE-2008-0191 ignore (wordpress) File path is not a sensitive information
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983
-CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427828
+CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506]
CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104]
GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126]
CVE-2007-6611 fixed (mantis) #427279 [since FEDORA-2008-0353]
-CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427772
-CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427772
+CVE-2007-6601 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
+CVE-2007-6600 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password
CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw
CVE-2007-6595 VULNERABLE (clamav) #427288
@@ -43,7 +43,7 @@
CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
-CVE-2007-6437 VULNERABLE (syslog-ng) #426305
+CVE-2007-6437 VULNERABLE (syslog-ng) #426305 [since FEDORA-2008-0559]
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593]
CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169
CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551]
@@ -82,7 +82,7 @@
CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
-CVE-2007-6067 VULNERABLE (postgresql, fixed 8.2.6) #427772
+CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
CVE-2007-6061 VULNERABLE (audacity) #393251
CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269]
@@ -203,8 +203,8 @@
CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321
CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189]
CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196]
-CVE-2007-4772 VULNERABLE (postgresql, fixed 8.2.6) #427772
-CVE-2007-4769 VULNERABLE (postgresql, fixed 8.2.6) #427772
+CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
+CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552]
CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411
CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411
CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411
16 years, 4 months
fedora-security/audit f8, 1.77, 1.78 f9, 1.70, 1.71 fc7, 1.234, 1.235
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23940/audit
Modified Files:
f8 f9 fc7
Log Message:
drupal update, pending for F7, F8
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.77
retrieving revision 1.78
diff -u -r1.77 -r1.78
--- f8 11 Jan 2008 12:28:36 -0000 1.77
+++ f8 11 Jan 2008 12:54:14 -0000 1.78
@@ -8,6 +8,9 @@
# Up to date F8 as of 20071221
GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299]
+GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007
+GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006
+GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -r1.70 -r1.71
--- f9 11 Jan 2008 12:28:36 -0000 1.70
+++ f9 11 Jan 2008 12:54:14 -0000 1.71
@@ -8,6 +8,9 @@
# Up to date F9 as of 20071029
GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9]
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006
+GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.234
retrieving revision 1.235
diff -u -r1.234 -r1.235
--- fc7 11 Jan 2008 12:28:36 -0000 1.234
+++ fc7 11 Jan 2008 12:54:14 -0000 1.235
@@ -9,6 +9,9 @@
# Up to date FC7 as of 20071221
GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333]
+GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007
+GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006
+GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005
**CVE-2008-0196 version (wordpress, not fixed 2.0.11)
CVE-2008-0195 ignore (wordpress) File path is not a sensitive information
**CVE-2008-0194 version (wordpress, not fixed 2.0.4)
16 years, 4 months
fedora-security/audit f8, 1.76, 1.77 f9, 1.69, 1.70 fc7, 1.233, 1.234
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23420/audit
Modified Files:
f8 f9 fc7
Log Message:
libxml2 issues - updates to F7 and F8 pending
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -r1.76 -r1.77
--- f8 10 Jan 2008 13:54:16 -0000 1.76
+++ f8 11 Jan 2008 12:28:36 -0000 1.77
@@ -55,6 +55,7 @@
CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465]
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031
CVE-2007-6285 VULNERABLE (autofs) #426400
+CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31)
CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655]
CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170]
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- f9 10 Jan 2008 13:54:16 -0000 1.69
+++ f9 11 Jan 2008 12:28:36 -0000 1.70
@@ -55,6 +55,7 @@
CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9]
CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031
CVE-2007-6285 backport (autofs) #426401 [since autofs-5.0.2-25]
+CVE-2007-6284 version (libxml2, fixed 2.6.31) [since libxml2-2.6.31-1]
CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9]
CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9]
CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -r1.233 -r1.234
--- fc7 10 Jan 2008 13:54:16 -0000 1.233
+++ fc7 11 Jan 2008 12:28:36 -0000 1.234
@@ -55,6 +55,7 @@
CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471]
CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031
CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709]
+CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31)
CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658]
CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161]
CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]
16 years, 4 months
fedora-security/tools/scripts add-tracking-bugs, 1.1.2.3, 1.1.2.4
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools/scripts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29915/scripts
Modified Files:
Tag: lkundrak-tools-ng
add-tracking-bugs
Log Message:
I gorribly broke a-t-b, fixing now a bit, needs tidyup
Index: add-tracking-bugs
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/add-tracking-bugs,v
retrieving revision 1.1.2.3
retrieving revision 1.1.2.4
diff -u -r1.1.2.3 -r1.1.2.4
--- add-tracking-bugs 9 Jan 2008 21:42:38 -0000 1.1.2.3
+++ add-tracking-bugs 10 Jan 2008 18:01:25 -0000 1.1.2.4
@@ -4,7 +4,7 @@
# File a bugs for specified versions and add dependencies
# Lubomir Kundrak <lkundrak(a)redhat.com>
-my $usage = 'add-cve-bug [options...]
+my $usage = 'add-tracking-bugs [options...]
--bugs=<bug>[,...] Parent bugs
--versions=<ver>[,...] Affected Fedora versions
--component=<pkg> Affected package, to find owner to CC (mandatory)
@@ -73,12 +73,8 @@
'debug' => $debug,
});
-# Get parent bugs
+# All the work (not the one that makes Jack a dull boy)
my $parent_bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']);
-print Dumper ($parent_bugs) if $debug;
-
my $tracking_bugs = Libexig::Fedora::tracking_bugs ($parent_bugs, $component, @versions);
-
-use Data::Dumper;
-print Dumper ($tracking_bugs);
+print STDERR Libexig::Fedora::file_tracking_bugs ($parent_bugs, $tracking_bugs, $bugzilla, $component);
16 years, 4 months
fedora-security/tools/lib/Libexig Fedora.pm, 1.1.2.2, 1.1.2.3
by fedora-security-commits@redhat.com
Author: lkundrak
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29915/lib/Libexig
Modified Files:
Tag: lkundrak-tools-ng
Fedora.pm
Log Message:
I gorribly broke a-t-b, fixing now a bit, needs tidyup
Index: Fedora.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- Fedora.pm 9 Jan 2008 21:42:37 -0000 1.1.2.2
+++ Fedora.pm 10 Jan 2008 18:01:24 -0000 1.1.2.3
@@ -204,47 +204,39 @@
my $parent_bugs = shift;
my $tracking_bugs = shift;
my $bugzilla = shift;
+ my $component = shift;
+
+ my $comment = "Created Fedora tracking bugs for $component:\n\n";
foreach my $bug (@{$tracking_bugs}) {
- my $bug_id = $bugzilla->file_bug (\%bug);
+ use Data::Dumper;
+ my $bug_id = $bugzilla->file_bug ($bug);
- if ($bug{'version'} ne 'rawhide') {
+ ### XXX: Move this somewhere else?
+ if ($bug->{'version'} ne 'rawhide') {
my $tr_comment =
'You can eventually use the following link to '.
'create the update request: '."\n".
'https://admin.fedoraproject.org/updates/new/'.
'?request=Stable'.
'&type=security'.
- '&release=Fedora%20'.$bug{'version'}.
+ '&release=Fedora%20'.$bug->{'version'}.
'&bugs='.$bug_id;
- foreach my $bug (@{$bugs}) {
+ foreach my $bug (@{$parent_bugs}) {
$tr_comment .= ','.$bug->{'bug_id'};
}
- # XXX: public
- $bugzilla->add_private_comment ($bug_id, $tr_comment);
+ $bugzilla->add_comment ($bug_id, $tr_comment);
}
- $bugzilla->add_blockers ($bug_id, \@bugs);
- $comment .= $bug{'version'}.": bug #$bug_id\n";
-=cut
-}
-
-=cut
-
-# File for each version
+ $bugzilla->add_blockers ($bug_id, $parent_bugs);
+ $comment .= $bug->{'version'}.": bug #$bug_id\n";
+ }
+
+ foreach my $bug (@{$parent_bugs}) {
+ $bugzilla->add_private_comment ($bug, $comment);
+ }
-my $comment = "Created Fedora tracking bugs for $component:\n\n";
-
-=cut
-=cut
-
-# Add comment to original bugs
-
-foreach my $bug (@bugs) {
- $bugzilla->add_private_comment ($bug, $comment);
+ return $comment;
}
-
-print STDERR $comment;
-=cut
16 years, 4 months
fedora-security/tools/lib/Libexig Bodhi.pm, 1.1.2.2, 1.1.2.3
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10681/lib/Libexig
Modified Files:
Tag: lkundrak-tools-ng
Bodhi.pm
Log Message:
improve bodhi output parsing a bit
- fix for comment containing ': '
- extract also update url
Index: Bodhi.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Bodhi.pm,v
retrieving revision 1.1.2.2
retrieving revision 1.1.2.3
diff -u -r1.1.2.2 -r1.1.2.3
--- Bodhi.pm 10 Jan 2008 14:56:12 -0000 1.1.2.2
+++ Bodhi.pm 10 Jan 2008 15:31:41 -0000 1.1.2.3
@@ -28,6 +28,20 @@
$line =~ /\s+(.*)/ and $retval{'_NVR'} .= $1;
} while ($line ne '=' x 80);
+ # Additional comment lines do not have leading :
+ # This causes havoc on comments including : character
+ } elsif ($line =~ /^\s*(Comments): (.*)/) {
+ $name = $1; # always 'Comments'
+ $retval{$name} = $2;
+
+ # expect comments until blank line
+ $line = shift @lines;
+ while (defined($line) && $line !~ /^$/) {
+ $line =~ s/^\s*//;
+ $retval{$name} .= "\n$line";
+ $line = shift @lines;
+ }
+
# Blah: blah
} elsif ($line =~ /\s*([^:]*): (.*)/) {
$name = $1 if ($1);
@@ -37,10 +51,9 @@
$retval{$name} = $2;
}
- # Possibly continuation of previous key (comment?)
- } else {
- $line =~ /\s*(.*)/;
- $retval{$name} .= "\n$1";
+ # Update URL
+ } elsif ($line =~ /^ (http.*)/) {
+ $retval{'_Update URL'} = "$1";
}
}
16 years, 4 months