fedora-security/audit f10, 1.20, 1.21 f8, 1.239, 1.240 f9, 1.230, 1.231
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv18369/audit
Modified Files:
f10 f8 f9
Log Message:
jhead + updates
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- f10 14 Oct 2008 16:05:00 -0000 1.20
+++ f10 22 Oct 2008 17:14:54 -0000 1.21
@@ -4,6 +4,10 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-4641 VULNERABLE (jhead)
+CVE-2008-4640 VULNERABLE (jhead)
+CVE-2008-4639 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10]
+CVE-2008-4575 version (jhead, fixed 2.84) [since jhead-2.84-1.fc10]
CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10]
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.239
retrieving revision 1.240
diff -u -r1.239 -r1.240
--- f8 14 Oct 2008 16:05:00 -0000 1.239
+++ f8 22 Oct 2008 17:14:54 -0000 1.240
@@ -6,6 +6,10 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-4641 VULNERABLE (jhead)
+CVE-2008-4640 VULNERABLE (jhead)
+CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941]
+CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8941]
CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582]
@@ -28,7 +32,7 @@
CVE-2008-4100 VULNERABLE (adns) #462752 upstream design decision
CVE-2008-4099 VULNERABLE (python-pydns, fixed 2.3.2) #462765
CVE-2008-4096 fixed (phpMyAdmin, fixed 2.11.9.1) [since FEDORA-2008-8269]
-CVE-2008-4094 VULNERABLE (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8282]
+CVE-2008-4094 fixed (rubygem-activerecord, fixed 2.1.1) [since FEDORA-2008-8282]
CVE-2008-4070 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-4069 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
CVE-2008-4069 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
@@ -95,12 +99,12 @@
CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7719]
CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464184
CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871
-CVE-2008-3661 VULNERABLE (drupal) #464163 ignored by upstream
+CVE-2008-3661 fixed (drupal) #464163 [since FEDORA-2008-8905] ignored by upstream
CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736]
CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736]
CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736]
-CVE-2008-3652 VULNERABLE (ipsec-tools) #465472
-CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472
+CVE-2008-3652 VULNERABLE (ipsec-tools) #465472 [since FEDORA-2008-9016]
+CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472 [since FEDORA-2008-9016]
CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466418
CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466418
CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466418
@@ -147,7 +151,7 @@
CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
-CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464135
+CVE-2008-3102 fixed (mantis, fixed 1.1.3) #464135 [since FEDORA-2008-9015]
CVE-2008-3067 VULNERABLE (sudo, fixed 1.6.9p12)
CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5640] PMASA-2008-4
CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038]
@@ -229,7 +233,7 @@
CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only
CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6094]
CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
-CVE-2008-2374 VULNERABLE (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140]
+CVE-2008-2374 fixed (bluez-libs, fixed 3.34) #452820 [since FEDORA-2008-6140]
CVE-2008-2371 fixed (pcre) #453555 [since FEDORA-2008-6111]
CVE-2008-2371 fixed (glib2) #453559 [since FEDORA-2008-6025]
CVE-2008-2370 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.230
retrieving revision 1.231
diff -u -r1.230 -r1.231
--- f9 14 Oct 2008 16:05:00 -0000 1.230
+++ f9 22 Oct 2008 17:14:54 -0000 1.231
@@ -5,6 +5,10 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-4641 VULNERABLE (jhead)
+CVE-2008-4640 VULNERABLE (jhead)
+CVE-2008-4639 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928]
+CVE-2008-4575 fixed (jhead, fixed 2.84) [since FEDORA-2008-8928]
CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575]
@@ -88,7 +92,7 @@
CVE-2008-3790 fixed (ruby) [since FEDORA-2008-8738]
CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243]
CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7279]
-CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415 [since FEDORA-2008-7661]
+CVE-2008-3746 fixed (neon, fixed 0.28.3) #460415 [since FEDORA-2008-7661]
CVE-2008-3745 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
CVE-2008-3744 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
CVE-2008-3743 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
@@ -99,12 +103,12 @@
CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739]
CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559]
CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872
-CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream
+CVE-2008-3661 fixed (drupal) #464164 [since FEDORA-2008-8852] ignored by upstream
CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738]
CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738]
CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738]
-CVE-2008-3652 VULNERABLE (ipsec-tools) #465473
-CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473
+CVE-2008-3652 VULNERABLE (ipsec-tools) #465473 [since FEDORA-2008-9007]
+CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473 [since FEDORA-2008-9007]
CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466419
CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466419
CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466419
@@ -153,7 +157,7 @@
CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
-CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464136
+CVE-2008-3102 fixed (mantis, fixed 1.1.3) #464136 [since FEDORA-2008-8925]
CVE-2008-3067 version (sudo, fixed 1.6.9p12)
CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5676] PMASA-2008-4
CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018]
15 years, 6 months
fedora-security/tools/lib/Libexig Bodhi.pm, 1.4, 1.5
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7643/tools/lib/Libexig
Modified Files:
Bodhi.pm
Log Message:
port to perl-JSON 2.x
Index: Bodhi.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Bodhi.pm,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- Bodhi.pm 26 Aug 2008 06:37:51 -0000 1.4
+++ Bodhi.pm 20 Oct 2008 11:38:41 -0000 1.5
@@ -96,7 +96,7 @@
# Get updates
$json = `wget --post-data 'package=$pkg&tg_paginate_limit=0' -qO - \\
'https://admin.fedoraproject.org/updates/list?tg_format=json'`;
- $obj = jsonToObj ($json, {unmapping => 1});
+ $obj = from_json ($json);
return @{$obj->{'updates'}};
}
15 years, 6 months
fedora-security/audit f10, 1.19, 1.20 f8, 1.238, 1.239 f9, 1.229, 1.230
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28224/audit
Modified Files:
f10 f8 f9
Log Message:
mantis cleanup
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- f10 10 Oct 2008 13:03:05 -0000 1.19
+++ f10 14 Oct 2008 16:05:00 -0000 1.20
@@ -152,7 +152,7 @@
CVE-2008-3139 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
CVE-2008-3138 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
CVE-2008-3137 version (wireshark, fixed 1.0.1) [since wireshark-1.0.1-1.fc10]
-CVE-2008-3102 VULNERABLE (mantis) #464137
+CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464137
CVE-2008-3067 version (sudo, fixed 1.6.9p12)
CVE-2008-2960 version (phpMyAdmin, fixed 2.11.7) [since phpMyAdmin-2.11.7-1.fc10] PMASA-2008-4
CVE-2008-2954 backport (linuxdcpp) #453734 [since linuxdcpp-1.0.1-3.fc10]
@@ -251,7 +251,7 @@
CVE-2008-2307 version (WebKit, fixed svn34204) [since WebKit-1.0.0-0.11.svn34279.fc10]
CVE-2008-2302 version (Django, fixed 0.96.2) #447260 [since Django-0.96.2-1.fc10]
CVE-2008-2292 backport (net-snmp, fixed 5.4.2.pre1) [since net-snmp-5.4.1-19.fc10]
-CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
+CVE-2008-2276 version (mantis) [since mantis-1.1.2-1.fc10]
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2235 version (opensc, fixed 0.11.5) [since opensc-0.11.6-1.fc10]
CVE-2008-2168 ignore (httpd) browser issue, not apache
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.238
retrieving revision 1.239
diff -u -r1.238 -r1.239
--- f8 10 Oct 2008 13:03:05 -0000 1.238
+++ f8 14 Oct 2008 16:05:00 -0000 1.239
@@ -147,7 +147,7 @@
CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6645]
-CVE-2008-3102 VULNERABLE (mantis) #464135
+CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464135
CVE-2008-3067 VULNERABLE (sudo, fixed 1.6.9p12)
CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5640] PMASA-2008-4
CVE-2008-2954 fixed (linuxdcpp) #453732 [since FEDORA-2008-6038]
@@ -245,7 +245,7 @@
CVE-2008-2307 fixed (WebKit, fixed svn34204) #454094 [since FEDORA-2008-6220]
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248]
CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5218]
-CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
+CVE-2008-2276 fixed (mantis) [since FEDORA-2008-6657]
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5)
CVE-2008-2168 ignore (httpd) browser issue, not apache
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.229
retrieving revision 1.230
diff -u -r1.229 -r1.230
--- f9 10 Oct 2008 13:03:05 -0000 1.229
+++ f9 14 Oct 2008 16:05:00 -0000 1.230
@@ -153,7 +153,7 @@
CVE-2008-3139 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
CVE-2008-3138 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
CVE-2008-3137 fixed (wireshark, fixed 1.0.1) [since FEDORA-2008-6440]
-CVE-2008-3102 VULNERABLE (mantis) #464136
+CVE-2008-3102 VULNERABLE (mantis, fixed 1.1.3) #464136
CVE-2008-3067 version (sudo, fixed 1.6.9p12)
CVE-2008-2960 fixed (phpMyAdmin, fixed 2.11.7) [since FEDORA-2008-5676] PMASA-2008-4
CVE-2008-2954 fixed (linuxdcpp) #453733 [since FEDORA-2008-6018]
@@ -252,7 +252,7 @@
CVE-2008-2307 fixed (WebKit, fixed svn34204) #454095 [since FEDORA-2008-6186]
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267]
CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5215]
-CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
+CVE-2008-2276 fixed (mantis) [since FEDORA-2008-6647]
CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
CVE-2008-2235 VULNERABLE (opensc, fixed 0.11.5)
CVE-2008-2168 ignore (httpd) browser issue, not apache
15 years, 6 months
fedora-security/audit f10, 1.18, 1.19 f8, 1.237, 1.238 f9, 1.228, 1.229
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv820/audit
Modified Files:
f10 f8 f9
Log Message:
add cups
updates
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- f10 8 Oct 2008 06:54:26 -0000 1.18
+++ f10 10 Oct 2008 13:03:05 -0000 1.19
@@ -76,15 +76,15 @@
CVE-2008-3835 ignore (firefox) ff2 only
CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2008-3834 VULNERABLE (dbus)
-CVE-2008-3830 VULNERABLE (condor, fixed 7.0.5) #466076
-CVE-2008-3829 VULNERABLE (condor, fixed 7.0.5) #466076
-CVE-2008-3828 VULNERABLE (condor, fixed 7.0.5) #466076
-CVE-2008-3826 VULNERABLE (condor, fixed 7.0.5) #466076
+CVE-2008-3830 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10]
+CVE-2008-3829 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10]
+CVE-2008-3828 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10]
+CVE-2008-3826 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10]
CVE-2008-3825 VULNERABLE (pam_krb5, 2.3.2)
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10]
-CVE-2008-3790 VULNERABLE (ruby)
+CVE-2008-3790 backport (ruby) [since ruby-1.8.6.287-2.fc10]
CVE-2008-3789 VULNERABLE (samba, fixed 3.2.3)
CVE-2008-3747 version (wordpress, fixed 2.6.1) [since wordpress-2.6.1-1.fc10]
CVE-2008-3746 version (neon, fixed 0.28.3) [since neon-0.28.3-2]
@@ -104,6 +104,9 @@
CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3652 VULNERABLE (ipsec-tools) #465474
CVE-2008-3651 version (ipsec-tools, fixed 0.7.1) [since ipsec-tools-0.7.1-1.fc10]
+CVE-2008-3641 version (cups, fixed 1.3.9) #466420 [since cups-1.3.9-1.fc10]
+CVE-2008-3640 version (cups, fixed 1.3.9) #466420 [since cups-1.3.9-1.fc10]
+CVE-2008-3639 version (cups, fixed 1.3.9) #466420 [since cups-1.3.9-1.fc10]
CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10]
CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
CVE-2008-3529 version (libxml2, fixed 2.7.0) [since libxml2-2.7.1-1.fc10]
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.237
retrieving revision 1.238
diff -u -r1.237 -r1.238
--- f8 7 Oct 2008 15:09:59 -0000 1.237
+++ f8 10 Oct 2008 13:03:05 -0000 1.238
@@ -69,8 +69,8 @@
CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7761]
CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 VULNERABLE (mono) #461753
-CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
-CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 [since FEDORA-2008-8595]
+CVE-2008-3905 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736]
+CVE-2008-3889 fixed (postfix, fixed 2.4.9, 2.5.5) #459099 [since FEDORA-2008-8595]
CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
@@ -81,7 +81,7 @@
CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8605]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
-CVE-2008-3790 VULNERABLE (ruby)
+CVE-2008-3790 fixed (ruby) [since FEDORA-2008-8736]
CVE-2008-3789 ignore (samba, fixed 3.2.3) 3.2.x only
CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7463]
CVE-2008-3746 ignore (neon, fixed 0.28.3) 0.28.x only
@@ -96,15 +96,18 @@
CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464184
CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462871
CVE-2008-3661 VULNERABLE (drupal) #464163 ignored by upstream
-CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
-CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
-CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
+CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736]
+CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736]
+CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736]
CVE-2008-3652 VULNERABLE (ipsec-tools) #465472
CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472
+CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466418
+CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466418
+CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466418
CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
CVE-2008-3533 fixed (yelp, fixed 2.24) #459502 [since FEDORA-2008-7293]
CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7666]
-CVE-2008-3443 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
+CVE-2008-3443 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8736]
CVE-2008-3429 fixed (httrack, fixed 3.42-3) [since FEDORA-2008-7896]
CVE-2008-3422 VULNERABLE (mono) #461753
CVE-2008-3381 ignore (moin) not affected
@@ -156,8 +159,8 @@
CVE-2008-2941 ignore (hplip) #458989 not run as service
CVE-2008-2940 ignore (hplip) #458989 not run as service
CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
-CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595]
-CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595]
+CVE-2008-2937 fixed (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595]
+CVE-2008-2936 fixed (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595]
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029]
CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491]
CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.228
retrieving revision 1.229
diff -u -r1.228 -r1.229
--- f9 8 Oct 2008 06:54:26 -0000 1.228
+++ f9 10 Oct 2008 13:03:05 -0000 1.229
@@ -68,24 +68,24 @@
CVE-2008-3920 fixed (bitlbee, fixed 1.2.2) [since FEDORA-2008-7830]
CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 VULNERABLE (mono) #461754
-CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
-CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 [since FEDORA-2008-8593]
+CVE-2008-3905 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738]
+CVE-2008-3889 fixed (postfix, fixed 2.4.9, 2.5.5) #459100 [since FEDORA-2008-8593]
CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-3836 ignore (firefox) ff2 only
CVE-2008-3836 ignore (seamonkey) ff only
CVE-2008-3835 ignore (firefox) ff2 only
CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
-CVE-2008-3834 VULNERABLE (dbus) #465836
-CVE-2008-3830 VULNERABLE (condor, fixed 7.0.5) #466075
-CVE-2008-3829 VULNERABLE (condor, fixed 7.0.5) #466075
-CVE-2008-3828 VULNERABLE (condor, fixed 7.0.5) #466075
-CVE-2008-3826 VULNERABLE (condor, fixed 7.0.5) #466075
+CVE-2008-3834 fixed (dbus) #465836 [since FEDORA-2008-8764]
+CVE-2008-3830 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733]
+CVE-2008-3829 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733]
+CVE-2008-3828 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733]
+CVE-2008-3826 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733]
CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9]
-CVE-2008-3790 VULNERABLE (ruby)
+CVE-2008-3790 fixed (ruby) [since FEDORA-2008-8738]
CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243]
CVE-2008-3747 fixed (wordpress, fixed 2.6.1) [since FEDORA-2008-7279]
CVE-2008-3746 VULNERABLE (neon, fixed 0.28.3) #460415 [since FEDORA-2008-7661]
@@ -100,15 +100,18 @@
CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559]
CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872
CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream
-CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
-CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
-CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
+CVE-2008-3657 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738]
+CVE-2008-3656 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738]
+CVE-2008-3655 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738]
CVE-2008-3652 VULNERABLE (ipsec-tools) #465473
CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473
+CVE-2008-3641 VULNERABLE (cups, fixed 1.3.9) #466419
+CVE-2008-3640 VULNERABLE (cups, fixed 1.3.9) #466419
+CVE-2008-3639 VULNERABLE (cups, fixed 1.3.9) #466419
CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7594]
-CVE-2008-3443 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
+CVE-2008-3443 fixed (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-8738]
CVE-2008-3429 fixed (httrack, fixed 3.42-3) [since FEDORA-2008-7862]
CVE-2008-3424 fixed (condor, fixed 7.0.4) #457895 [since FEDORA-2008-7205]
CVE-2008-3422 VULNERABLE (mono) #461754
@@ -163,8 +166,8 @@
CVE-2008-2940 ignore (hplip) #458990 not run as service
CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
-CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593]
-CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593]
+CVE-2008-2937 fixed (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593]
+CVE-2008-2936 fixed (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593]
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062]
CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518]
CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339]
15 years, 6 months
fedora-security/audit f10, 1.17, 1.18 f9, 1.227, 1.228
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7289/audit
Modified Files:
f10 f9
Log Message:
note condor
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- f10 7 Oct 2008 15:09:59 -0000 1.17
+++ f10 8 Oct 2008 06:54:26 -0000 1.18
@@ -76,6 +76,10 @@
CVE-2008-3835 ignore (firefox) ff2 only
CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2008-3834 VULNERABLE (dbus)
+CVE-2008-3830 VULNERABLE (condor, fixed 7.0.5) #466076
+CVE-2008-3829 VULNERABLE (condor, fixed 7.0.5) #466076
+CVE-2008-3828 VULNERABLE (condor, fixed 7.0.5) #466076
+CVE-2008-3826 VULNERABLE (condor, fixed 7.0.5) #466076
CVE-2008-3825 VULNERABLE (pam_krb5, 2.3.2)
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.227
retrieving revision 1.228
diff -u -r1.227 -r1.228
--- f9 7 Oct 2008 15:09:59 -0000 1.227
+++ f9 8 Oct 2008 06:54:26 -0000 1.228
@@ -76,7 +76,11 @@
CVE-2008-3836 ignore (seamonkey) ff only
CVE-2008-3835 ignore (firefox) ff2 only
CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
-CVE-2008-3834 VULNERABLE (dbus) #465836
+CVE-2008-3834 VULNERABLE (dbus) #465836
+CVE-2008-3830 VULNERABLE (condor, fixed 7.0.5) #466075
+CVE-2008-3829 VULNERABLE (condor, fixed 7.0.5) #466075
+CVE-2008-3828 VULNERABLE (condor, fixed 7.0.5) #466075
+CVE-2008-3826 VULNERABLE (condor, fixed 7.0.5) #466075
CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
15 years, 6 months
fedora-security/audit f10, 1.16, 1.17 f8, 1.236, 1.237 f9, 1.226, 1.227
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13765/audit
Modified Files:
f10 f8 f9
Log Message:
merge josh's commits to my pending pile of changes
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- f10 30 Sep 2008 12:51:46 -0000 1.16
+++ f10 7 Oct 2008 15:09:59 -0000 1.17
@@ -4,6 +4,14 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959
+CVE-2008-4434 ignore (bittorrent) 6.x only
+CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10]
+CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10]
+CVE-2008-4360 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10]
+CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #465754
+CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10]
+CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10]
CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10]
CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10]
CVE-2008-4242 VULNERABLE (proftpd) #464130
@@ -60,13 +68,15 @@
CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 version (mono) #461755 [since mono-2.0-6.fc10]
CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
-CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101
+CVE-2008-3889 version (postfix, fixed 2.4.9, 2.5.5) #459101 [since postfix-2.5.5-1.fc10]
CVE-2008-3837 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10]
CVE-2008-3837 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2008-3836 ignore (firefox) ff2 only
CVE-2008-3836 ignore (seamonkey) ff only
CVE-2008-3835 ignore (firefox) ff2 only
CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
+CVE-2008-3834 VULNERABLE (dbus)
+CVE-2008-3825 VULNERABLE (pam_krb5, 2.3.2)
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10]
@@ -88,6 +98,8 @@
CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10]
+CVE-2008-3652 VULNERABLE (ipsec-tools) #465474
+CVE-2008-3651 version (ipsec-tools, fixed 0.7.1) [since ipsec-tools-0.7.1-1.fc10]
CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10]
CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
CVE-2008-3529 version (libxml2, fixed 2.7.0) [since libxml2-2.7.1-1.fc10]
@@ -146,8 +158,8 @@
CVE-2008-2940 ignore (hplip) #458991 not run as service
CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127
-CVE-2008-2937 VULNERABLE (postfix) #459101
-CVE-2008-2936 backport (postfix) #459101 [since postfix-2.5.1-4.fc10]
+CVE-2008-2937 version (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.5-1.fc10]
+CVE-2008-2936 backport (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.1-4.fc10]
CVE-2008-2935 VULNERABLE (libxslt)
CVE-2008-2933 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10]
CVE-2008-2932 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10]
@@ -301,6 +313,7 @@
CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10]
CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
CVE-2008-0166 ignore (openssl) Debian specific
+CVE-2008-0071 ignore (bittorrent) 6.x only
CVE-2008-0016 ignore (firefox) ff2 only
CVE-2008-0016 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9]
CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9]
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.236
retrieving revision 1.237
diff -u -r1.236 -r1.237
--- f8 7 Oct 2008 12:55:57 -0000 1.236
+++ f8 7 Oct 2008 15:09:59 -0000 1.237
@@ -7,10 +7,17 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957
+CVE-2008-4434 ignore (bittorrent) 6.x only
+CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582]
+CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8678]
+CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464638
+CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638
+CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286]
+CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8270]
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638
CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632
CVE-2008-4242 VULNERABLE (proftpd) #464128
-CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8423]
+CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423]
CVE-2008-4190 VULNERABLE (openswan)
CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871
CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462871
@@ -63,7 +70,7 @@
CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 VULNERABLE (mono) #461753
CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
-CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 [since FEDORA-2008-8595]
CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
@@ -71,6 +78,7 @@
CVE-2008-3835 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
CVE-2008-3834 VULNERABLE (dbus) #465835
+CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8605]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3790 VULNERABLE (ruby)
@@ -91,6 +99,8 @@
CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554]
+CVE-2008-3652 VULNERABLE (ipsec-tools) #465472
+CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472
CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
CVE-2008-3533 fixed (yelp, fixed 2.24) #459502 [since FEDORA-2008-7293]
CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7666]
@@ -146,8 +156,8 @@
CVE-2008-2941 ignore (hplip) #458989 not run as service
CVE-2008-2940 ignore (hplip) #458989 not run as service
CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130]
-CVE-2008-2937 VULNERABLE (postfix) #459099
-CVE-2008-2936 VULNERABLE (postfix) #459099
+CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595]
+CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595]
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029]
CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491]
CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642]
@@ -530,6 +540,7 @@
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
CVE-2008-0073 fixed (xine-lib, fixed 1.1.11) #438192 [since FEDORA-2008-2569]
CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292]
+CVE-2008-0071 ignore (bittorrent) 6.x only
CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.226
retrieving revision 1.227
diff -u -r1.226 -r1.227
--- f9 7 Oct 2008 12:55:57 -0000 1.226
+++ f9 7 Oct 2008 15:09:59 -0000 1.227
@@ -6,10 +6,17 @@
rhbz249840 version (tor, fixed 0.1.2.15)
CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958
+CVE-2008-4434 ignore (bittorrent) 6.x only
+CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575]
+CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639]
+CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464639
+CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639
+CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335]
+CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252]
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639
CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490]
CVE-2008-4242 VULNERABLE (proftpd) #464129
-CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8379]
+CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379]
CVE-2008-4190 VULNERABLE (openswan)
CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872
CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462872
@@ -62,7 +69,7 @@
CVE-2008-3916 VULNERABLE (ed, fixed 1.0)
CVE-2008-3906 VULNERABLE (mono) #461754
CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
-CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 [since FEDORA-2008-8593]
CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425]
CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-3836 ignore (firefox) ff2 only
@@ -70,6 +77,7 @@
CVE-2008-3835 ignore (firefox) ff2 only
CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
CVE-2008-3834 VULNERABLE (dbus) #465836
+CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618]
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9]
@@ -85,12 +93,14 @@
CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626]
CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663]
CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739]
-CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185
+CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559]
CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872
CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream
CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697]
+CVE-2008-3652 VULNERABLE (ipsec-tools) #465473
+CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473
CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7594]
@@ -149,8 +159,8 @@
CVE-2008-2940 ignore (hplip) #458990 not run as service
CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977]
CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113]
-CVE-2008-2937 VULNERABLE (postfix) #459100
-CVE-2008-2936 VULNERABLE (postfix) #459100
+CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593]
+CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593]
CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062]
CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518]
CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339]
@@ -532,6 +542,7 @@
CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
CVE-2008-0073 version (xine-lib, fixed 1.1.11) #438193 [since xine-lib-1.1.11-1.fc9]
CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9]
+CVE-2008-0071 ignore (bittorrent) 6.x only
CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9]
CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]
15 years, 6 months
fedora-security/audit f8, 1.235, 1.236 f9, 1.225, 1.226
by fedora-security-commits@redhat.com
Author: bressers
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22135
Modified Files:
f8 f9
Log Message:
Note a bugzilla flaw
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.235
retrieving revision 1.236
diff -u -r1.235 -r1.236
--- f8 6 Oct 2008 16:51:17 -0000 1.235
+++ f8 7 Oct 2008 12:55:57 -0000 1.236
@@ -6,6 +6,7 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638
CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632
CVE-2008-4242 VULNERABLE (proftpd) #464128
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.225
retrieving revision 1.226
diff -u -r1.225 -r1.226
--- f9 6 Oct 2008 16:51:17 -0000 1.225
+++ f9 7 Oct 2008 12:55:57 -0000 1.226
@@ -5,6 +5,7 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639
CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490]
CVE-2008-4242 VULNERABLE (proftpd) #464129
15 years, 6 months
fedora-security/audit f8, 1.234, 1.235 f9, 1.224, 1.225
by fedora-security-commits@redhat.com
Author: bressers
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19604
Modified Files:
f8 f9
Log Message:
Add CVE-2008-3834
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.234
retrieving revision 1.235
diff -u -r1.234 -r1.235
--- f8 30 Sep 2008 12:51:46 -0000 1.234
+++ f8 6 Oct 2008 16:51:17 -0000 1.235
@@ -69,6 +69,7 @@
CVE-2008-3836 ignore (seamonkey) ff only
CVE-2008-3835 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399]
CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401]
+CVE-2008-3834 VULNERABLE (dbus) #465835
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3790 VULNERABLE (ruby)
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.224
retrieving revision 1.225
diff -u -r1.224 -r1.225
--- f9 30 Sep 2008 12:51:46 -0000 1.224
+++ f9 6 Oct 2008 16:51:17 -0000 1.225
@@ -68,6 +68,7 @@
CVE-2008-3836 ignore (seamonkey) ff only
CVE-2008-3835 ignore (firefox) ff2 only
CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429]
+CVE-2008-3834 VULNERABLE (dbus) #465836
CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9]
15 years, 6 months