January 2008 - security-commits - Fedora Mailing-Lists

fedora-security/tools/lib/Libexig Fedora.pm, 1.1.2.3, 1.1.2.4

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23159/tools/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Fedora.pm Log Message: an attempt to unscrew add-tracking-bugs Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- Fedora.pm 10 Jan 2008 18:01:24 -0000 1.1.2.3 +++ Fedora.pm 14 Jan 2008 13:52:05 -0000 1.1.2.4 @@ -199,6 +199,14 @@ return \@retval; } +# file_tracking_bugs +# +# Arguments: +# - ref to list of parent bug ids +# - ref to list of bugs to file (each element must be hash as expected by BZ) +# this list is prepared by tracking_bugs +# - Bugzilla object reference +# - component sub file_tracking_bugs { my $parent_bugs = shift; @@ -212,6 +220,11 @@ use Data::Dumper; my $bug_id = $bugzilla->file_bug ($bug); + if (!defined($bug_id)) { + print STDERR "Error: Bug creation failed! (dryrun mode?)\n"; + #return undef; + } + ### XXX: Move this somewhere else? if ($bug->{'version'} ne 'rawhide') { my $tr_comment = @@ -224,7 +237,7 @@ '&bugs='.$bug_id; foreach my $bug (@{$parent_bugs}) { - $tr_comment .= ','.$bug->{'bug_id'}; + $tr_comment .= ','.$bug; } $bugzilla->add_comment ($bug_id, $tr_comment);

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.81, 1.82 f9, 1.73, 1.74

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13872/audit Modified Files: f8 f9 Log Message: just note one old net-snmp issue Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.81 retrieving revision 1.82 diff -u -r1.81 -r1.82 --- f8 14 Jan 2008 10:05:07 -0000 1.81 +++ f8 14 Jan 2008 12:49:26 -0000 1.82 @@ -114,6 +114,7 @@ CVE-2007-5906 VULNERABLE (xen) #390111 CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131 CVE-2007-5848 version (cups, fixed 1.2.0) +CVE-2007-5846 version (net-snmp, fixed 5.4.1) CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946] CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.73 retrieving revision 1.74 diff -u -r1.73 -r1.74 --- f9 14 Jan 2008 10:05:07 -0000 1.73 +++ f9 14 Jan 2008 12:49:26 -0000 1.74 @@ -114,6 +114,7 @@ CVE-2007-5906 VULNERABLE (xen) #390121 CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9] CVE-2007-5848 version (cups, fixed 1.2.0) +CVE-2007-5846 version (net-snmp, fixed 5.4.1) CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9] GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1]

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.80, 1.81 f9, 1.72, 1.73 fc7, 1.237, 1.238

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28366/audit Modified Files: f8 f9 fc7 Log Message: bunch of updates some new issues move some misplaced entries Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.80 retrieving revision 1.81 diff -u -r1.80 -r1.81 --- f8 14 Jan 2008 09:47:08 -0000 1.80 +++ f8 14 Jan 2008 10:05:07 -0000 1.81 @@ -5,14 +5,14 @@ # (mozilla) = (gecko-libs dependent stuff) # Up to date CVE as of CVE email 20071215 -# Up to date F8 as of 20071221 +# Up to date F8 as of 20080111 -GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299] -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 -CVE-2007-6018 VULNERABLE (horde) #428628 -CVE-2007-6018 VULNERABLE (imp) #428632 +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0485] +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0485] +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0485] +CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0299] +**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) +CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) @@ -39,8 +39,10 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] +CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982 +CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] @@ -59,8 +61,8 @@ CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 -CVE-2007-6285 VULNERABLE (autofs) #426400 -CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31) +CVE-2007-6285 backport (autofs) #426400 [since FEDORA-2007-4707] +CVE-2007-6284 version (libxml2, fixed 2.6.31) [since FEDORA-2008-0462] CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655] CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176] @@ -86,6 +88,8 @@ CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-6061 VULNERABLE (audacity) #393251 +CVE-2007-6018 VULNERABLE (horde) #428628 +CVE-2007-6018 VULNERABLE (imp) #428632 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-6035 version (cacti, fixed 0.8.7a) #391991 [since FEDORA-2007-3667] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.72 retrieving revision 1.73 diff -u -r1.72 -r1.73 --- f9 14 Jan 2008 09:47:08 -0000 1.72 +++ f9 14 Jan 2008 10:05:07 -0000 1.73 @@ -7,12 +7,12 @@ # Up to date CVE as of CVE email 20071211 # Up to date F9 as of 20071029 -GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 -CVE-2007-6018 VULNERABLE (horde) #428630 -CVE-2007-6018 VULNERABLE (imp) #428634 +CVE-2008-0252 backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] +**CVE-2008-0238 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] +CVE-2008-0225 version (xine-lib, fixed 1.1.9.1) [since xine-lib-1.1.9.1-1.fc9] **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) @@ -39,8 +39,10 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9] +CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984 +CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427984 CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9] @@ -87,6 +89,8 @@ CVE-2007-6067 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9] +CVE-2007-6018 VULNERABLE (horde) #428630 +CVE-2007-6018 VULNERABLE (imp) #428634 CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28) CVE-2007-6013 VULNERABLE (wordpress) #426434 CVE-2007-5977 version (phpMyAdmin) #385911 [since phpMyAdmin-2.11.2.2-1.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.237 retrieving revision 1.238 diff -u -r1.237 -r1.238 --- fc7 14 Jan 2008 09:47:08 -0000 1.237 +++ fc7 14 Jan 2008 10:05:07 -0000 1.238 @@ -6,14 +6,14 @@ # A couple of first F7 updates were marked as FEDORA-2007-0001 # Up to date CVE as of CVE email 200711215 -# Up to date FC7 as of 20071221 +# Up to date FC7 as of 20080111 -GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333] -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 -GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 -CVE-2007-6018 VULNERABLE (horde) #428629 -CVE-2007-6018 VULNERABLE (imp) #428633 +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-007 [since FEDORA-2008-0469] +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-006 [since FEDORA-2008-0469] +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) DRUPAL-SA-2008-005 [since FEDORA-2008-0469] +CVE-2008-0252 backport (python-cherrypy) [since FEDORA-2008-0333] +**CVE-2008-0238 VULNERABLE (xine-lib, fixed 1.1.9.1) +CVE-2008-0225 VULNERABLE (xine-lib, fixed 1.1.9.1) **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) @@ -39,8 +39,10 @@ CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] +CVE-2007-6423 ignore (httpd) can not be reproduced by upstream CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983 +CVE-2007-6420 ignore (httpd) wontfix by upstream CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] @@ -60,7 +62,7 @@ CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709] -CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31) +CVE-2007-6284 version (libxml2, fixed 2.6.31) [since FEDORA-2008-0477] CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658] CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160] @@ -87,6 +89,8 @@ CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] +CVE-2007-6018 VULNERABLE (horde) #428629 +CVE-2007-6018 VULNERABLE (imp) #428633 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] CVE-2007-6013 VULNERABLE (wordpress) CVE-2007-5977 version (phpMyAdmin, fixed 2.11.2.1) #385891 [since FEDORA-2007-3627]

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.79, 1.80 f9, 1.71, 1.72 fc7, 1.236, 1.237

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21392 Modified Files: f8 f9 fc7 Log Message: IMP & Horde Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.79 retrieving revision 1.80 diff -u -r1.79 -r1.80 --- f8 13 Jan 2008 22:45:30 -0000 1.79 +++ f8 14 Jan 2008 09:47:08 -0000 1.80 @@ -11,6 +11,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 +CVE-2007-6018 VULNERABLE (horde) #428628 +CVE-2007-6018 VULNERABLE (imp) #428632 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.71 retrieving revision 1.72 diff -u -r1.71 -r1.72 --- f9 11 Jan 2008 12:54:14 -0000 1.71 +++ f9 14 Jan 2008 09:47:08 -0000 1.72 @@ -11,6 +11,8 @@ GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 +CVE-2007-6018 VULNERABLE (horde) #428630 +CVE-2007-6018 VULNERABLE (imp) #428634 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.236 retrieving revision 1.237 diff -u -r1.236 -r1.237 --- fc7 13 Jan 2008 22:45:30 -0000 1.236 +++ fc7 14 Jan 2008 09:47:08 -0000 1.237 @@ -12,6 +12,8 @@ GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 +CVE-2007-6018 VULNERABLE (horde) #428629 +CVE-2007-6018 VULNERABLE (imp) #428633 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4)

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.78, 1.79 fc7, 1.235, 1.236

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8057 Modified Files: f8 fc7 Log Message: Some new updates Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.78 retrieving revision 1.79 diff -u -r1.78 -r1.79 --- f8 11 Jan 2008 12:54:14 -0000 1.78 +++ f8 13 Jan 2008 22:45:30 -0000 1.79 @@ -19,13 +19,13 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 -CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427829 +CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572] CVE-2007-6672 VULNERABLE (jetty) #428017 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] -CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427773 -CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427773 +CVE-2007-6601 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] +CVE-2007-6600 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427287 @@ -43,7 +43,7 @@ CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] -CVE-2007-6437 VULNERABLE (syslog-ng) #426306 +CVE-2007-6437 VULNERABLE (syslog-ng) #426306 [since FEDORA-2008-0523] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 CVE-2007-6353 VULNERABLE (exiv2) #425923 @@ -82,7 +82,7 @@ CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639] -CVE-2007-6067 VULNERABLE (postgresql, fixed 8.2.6) #427773 +CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275] CVE-2007-6013 VULNERABLE (wordpress) @@ -156,8 +156,8 @@ CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5) CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281 -CVE-2007-4772 VULNERABLE (postgresql, fixed 8.2.6) #427773 -CVE-2007-4769 VULNERABLE (postgresql, fixed 8.2.6) #427773 +CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] +CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] CVE-2007-4752 version (openssh, fixed 4.7) #280461 CVE-2007-4619 version (flac, fixed 1.2) #332581 CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-4172] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.235 retrieving revision 1.236 diff -u -r1.235 -r1.236 --- fc7 11 Jan 2008 12:54:14 -0000 1.235 +++ fc7 13 Jan 2008 22:45:30 -0000 1.236 @@ -20,12 +20,12 @@ CVE-2008-0191 ignore (wordpress) File path is not a sensitive information CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198] CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 -CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427828 +CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506] CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] CVE-2007-6611 fixed (mantis) #427279 [since FEDORA-2008-0353] -CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427772 -CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427772 +CVE-2007-6601 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] +CVE-2007-6600 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-6598 ignore (dovecot) Needs knowledge of victim's password CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw CVE-2007-6595 VULNERABLE (clamav) #427288 @@ -43,7 +43,7 @@ CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] -CVE-2007-6437 VULNERABLE (syslog-ng) #426305 +CVE-2007-6437 VULNERABLE (syslog-ng) #426305 [since FEDORA-2008-0559] CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593] CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551] @@ -82,7 +82,7 @@ CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690] CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907] CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666] -CVE-2007-6067 VULNERABLE (postgresql, fixed 8.2.6) #427772 +CVE-2007-6067 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-6061 VULNERABLE (audacity) #393251 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683] CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269] @@ -203,8 +203,8 @@ CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189] CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196] -CVE-2007-4772 VULNERABLE (postgresql, fixed 8.2.6) #427772 -CVE-2007-4769 VULNERABLE (postgresql, fixed 8.2.6) #427772 +CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] +CVE-2007-4769 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411 CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.77, 1.78 f9, 1.70, 1.71 fc7, 1.234, 1.235

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23940/audit Modified Files: f8 f9 fc7 Log Message: drupal update, pending for F7, F8 Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.77 retrieving revision 1.78 diff -u -r1.77 -r1.78 --- f8 11 Jan 2008 12:28:36 -0000 1.77 +++ f8 11 Jan 2008 12:54:14 -0000 1.78 @@ -8,6 +8,9 @@ # Up to date F8 as of 20071221 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299] +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.70 retrieving revision 1.71 diff -u -r1.70 -r1.71 --- f9 11 Jan 2008 12:28:36 -0000 1.70 +++ f9 11 Jan 2008 12:54:14 -0000 1.71 @@ -8,6 +8,9 @@ # Up to date F9 as of 20071029 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-007 +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-006 +GENERIC-MAP-NOMATCH version (drupal, fixed 5.6) [since drupal-5.6-1.fc9] DRUPAL-SA-2008-005 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.234 retrieving revision 1.235 diff -u -r1.234 -r1.235 --- fc7 11 Jan 2008 12:28:36 -0000 1.234 +++ fc7 11 Jan 2008 12:54:14 -0000 1.235 @@ -9,6 +9,9 @@ # Up to date FC7 as of 20071221 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333] +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-007 +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-006 +GENERIC-MAP-NOMATCH VULNERABLE (drupal, fixed 5.6) DRUPAL-SA-2008-005 **CVE-2008-0196 version (wordpress, not fixed 2.0.11) CVE-2008-0195 ignore (wordpress) File path is not a sensitive information **CVE-2008-0194 version (wordpress, not fixed 2.0.4)

16 years, 4 months

1
0
0 / 0

fedora-security/audit f8, 1.76, 1.77 f9, 1.69, 1.70 fc7, 1.233, 1.234

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23420/audit Modified Files: f8 f9 fc7 Log Message: libxml2 issues - updates to F7 and F8 pending Index: f8 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f8,v retrieving revision 1.76 retrieving revision 1.77 diff -u -r1.76 -r1.77 --- f8 10 Jan 2008 13:54:16 -0000 1.76 +++ f8 11 Jan 2008 12:28:36 -0000 1.77 @@ -55,6 +55,7 @@ CVE-2007-6303 backport (mysql, fixed 5.0.52) #424931 [since FEDORA-2007-4465] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4163] SA-2007-031 CVE-2007-6285 VULNERABLE (autofs) #426400 +CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31) CVE-2007-6283 backport (bind) #423071 [since FEDORA-2007-4655] CVE-2007-6239 version (squid, fixed 2.6.17) #412391 [since FEDORA-2007-4170] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4176] Index: f9 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/f9,v retrieving revision 1.69 retrieving revision 1.70 diff -u -r1.69 -r1.70 --- f9 10 Jan 2008 13:54:16 -0000 1.69 +++ f9 11 Jan 2008 12:28:36 -0000 1.70 @@ -55,6 +55,7 @@ CVE-2007-6303 backport (mysql, fixed 5.0.52) [since mysql-5.0.45-6.fc9] CVE-2007-6299 version (drupal, fixed 5.4) [since drupal-5.4-1.fc9] SA-2007-031 CVE-2007-6285 backport (autofs) #426401 [since autofs-5.0.2-25] +CVE-2007-6284 version (libxml2, fixed 2.6.31) [since libxml2-2.6.31-1] CVE-2007-6283 backport (bind) #423081 [since bind-9.5.0-21.b1.fc9] CVE-2007-6239 version (squid, fixed 2.6.17) [since squid-2.6.STABLE17-1.fc9] CVE-2007-6210 backport (zabbix) #407181 [since zabbix-1.4.2-4.fc9] Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.233 retrieving revision 1.234 diff -u -r1.233 -r1.234 --- fc7 10 Jan 2008 13:54:16 -0000 1.233 +++ fc7 11 Jan 2008 12:28:36 -0000 1.234 @@ -55,6 +55,7 @@ CVE-2007-6303 backport (mysql, fixed 5.0.52) #424921 [since FEDORA-2007-4471] CVE-2007-6299 version (drupal, fixed 5.4) [since FEDORA-2007-4136] SA-2007-031 CVE-2007-6285 fixed (autofs) #426399 [since FEDORA-2007-4709] +CVE-2007-6284 VULNERABLE (libxml2, fixed 2.6.31) CVE-2007-6283 backport (bind) #423061 [since FEDORA-2007-4658] CVE-2007-6239 version (squid, fixed 2.6.17) #412381 [since FEDORA-2007-4161] CVE-2007-6210 backport (zabbix) #407181 [since FEDORA-2007-4160]

16 years, 4 months

1
0
0 / 0

fedora-security/tools/scripts add-tracking-bugs, 1.1.2.3, 1.1.2.4

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools/scripts In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29915/scripts Modified Files: Tag: lkundrak-tools-ng add-tracking-bugs Log Message: I gorribly broke a-t-b, fixing now a bit, needs tidyup Index: add-tracking-bugs =================================================================== RCS file: /cvs/fedora/fedora-security/tools/scripts/Attic/add-tracking-bugs,v retrieving revision 1.1.2.3 retrieving revision 1.1.2.4 diff -u -r1.1.2.3 -r1.1.2.4 --- add-tracking-bugs 9 Jan 2008 21:42:38 -0000 1.1.2.3 +++ add-tracking-bugs 10 Jan 2008 18:01:25 -0000 1.1.2.4 @@ -4,7 +4,7 @@ # File a bugs for specified versions and add dependencies # Lubomir Kundrak <lkundrak(a)redhat.com> -my $usage = 'add-cve-bug [options...] +my $usage = 'add-tracking-bugs [options...] --bugs=<bug>[,...] Parent bugs --versions=<ver>[,...] Affected Fedora versions --component=<pkg> Affected package, to find owner to CC (mandatory) @@ -73,12 +73,8 @@ 'debug' => $debug, }); -# Get parent bugs +# All the work (not the one that makes Jack a dull boy) my $parent_bugs = $bugzilla->get_bugs (\@bugs, ['alias','keywords','priority','bug_id', 'bug_severity', 'short_short_desc']); -print Dumper ($parent_bugs) if $debug; - my $tracking_bugs = Libexig::Fedora::tracking_bugs ($parent_bugs, $component, @versions); - -use Data::Dumper; -print Dumper ($tracking_bugs); +print STDERR Libexig::Fedora::file_tracking_bugs ($parent_bugs, $tracking_bugs, $bugzilla, $component);

16 years, 4 months

1
0
0 / 0

fedora-security/tools/lib/Libexig Fedora.pm, 1.1.2.2, 1.1.2.3

by fedora-security-commits＠redhat.com

Author: lkundrak Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29915/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Fedora.pm Log Message: I gorribly broke a-t-b, fixing now a bit, needs tidyup Index: Fedora.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Fedora.pm,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- Fedora.pm 9 Jan 2008 21:42:37 -0000 1.1.2.2 +++ Fedora.pm 10 Jan 2008 18:01:24 -0000 1.1.2.3 @@ -204,47 +204,39 @@ my $parent_bugs = shift; my $tracking_bugs = shift; my $bugzilla = shift; + my $component = shift; + + my $comment = "Created Fedora tracking bugs for $component:\n\n"; foreach my $bug (@{$tracking_bugs}) { - my $bug_id = $bugzilla->file_bug (\%bug); + use Data::Dumper; + my $bug_id = $bugzilla->file_bug ($bug); - if ($bug{'version'} ne 'rawhide') { + ### XXX: Move this somewhere else? + if ($bug->{'version'} ne 'rawhide') { my $tr_comment = 'You can eventually use the following link to '. 'create the update request: '."\n". 'https://admin.fedoraproject.org/updates/new/'. '?request=Stable'. '&type=security'. - '&release=Fedora%20'.$bug{'version'}. + '&release=Fedora%20'.$bug->{'version'}. '&bugs='.$bug_id; - foreach my $bug (@{$bugs}) { + foreach my $bug (@{$parent_bugs}) { $tr_comment .= ','.$bug->{'bug_id'}; } - # XXX: public - $bugzilla->add_private_comment ($bug_id, $tr_comment); + $bugzilla->add_comment ($bug_id, $tr_comment); } - $bugzilla->add_blockers ($bug_id, \@bugs); - $comment .= $bug{'version'}.": bug #$bug_id\n"; -=cut -} - -=cut - -# File for each version + $bugzilla->add_blockers ($bug_id, $parent_bugs); + $comment .= $bug->{'version'}.": bug #$bug_id\n"; + } + + foreach my $bug (@{$parent_bugs}) { + $bugzilla->add_private_comment ($bug, $comment); + } -my $comment = "Created Fedora tracking bugs for $component:\n\n"; - -=cut -=cut - -# Add comment to original bugs - -foreach my $bug (@bugs) { - $bugzilla->add_private_comment ($bug, $comment); + return $comment; } - -print STDERR $comment; -=cut

16 years, 4 months

1
0
0 / 0

fedora-security/tools/lib/Libexig Bodhi.pm, 1.1.2.2, 1.1.2.3

by fedora-security-commits＠redhat.com

Author: thoger Update of /cvs/fedora/fedora-security/tools/lib/Libexig In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10681/lib/Libexig Modified Files: Tag: lkundrak-tools-ng Bodhi.pm Log Message: improve bodhi output parsing a bit - fix for comment containing ': ' - extract also update url Index: Bodhi.pm =================================================================== RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Attic/Bodhi.pm,v retrieving revision 1.1.2.2 retrieving revision 1.1.2.3 diff -u -r1.1.2.2 -r1.1.2.3 --- Bodhi.pm 10 Jan 2008 14:56:12 -0000 1.1.2.2 +++ Bodhi.pm 10 Jan 2008 15:31:41 -0000 1.1.2.3 @@ -28,6 +28,20 @@ $line =~ /\s+(.*)/ and $retval{'_NVR'} .= $1; } while ($line ne '=' x 80); + # Additional comment lines do not have leading : + # This causes havoc on comments including : character + } elsif ($line =~ /^\s*(Comments): (.*)/) { + $name = $1; # always 'Comments' + $retval{$name} = $2; + + # expect comments until blank line + $line = shift @lines; + while (defined($line) && $line !~ /^$/) { + $line =~ s/^\s*//; + $retval{$name} .= "\n$line"; + $line = shift @lines; + } + # Blah: blah } elsif ($line =~ /\s*([^:]*): (.*)/) { $name = $1 if ($1); @@ -37,10 +51,9 @@ $retval{$name} = $2; } - # Possibly continuation of previous key (comment?) - } else { - $line =~ /\s*(.*)/; - $retval{$name} .= "\n$1"; + # Update URL + } elsif ($line =~ /^ (http.*)/) { + $retval{'_Update URL'} = "$1"; } }

16 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

security-commits January 2008