fedora-security/audit f10, 1.33, 1.34 f11, 1.4, 1.5 f9, 1.243, 1.244
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19216/audit
Modified Files:
f10 f11 f9
Log Message:
large pile of updates
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- f10 19 Dec 2008 19:22:21 -0000 1.33
+++ f10 27 Jan 2009 14:18:01 -0000 1.34
@@ -4,8 +4,33 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025
+CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1)
+CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550]
+CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0550]
+CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc10] not security according to upstream
+CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
+CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) [since asterisk-1.6.0.5-2.fc10] AST-2009-001
+CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0451]
+CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0160]
+CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0544]
+CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1)
+CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11678]
+CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10]
+CVE-2008-5905 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10]
+CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7
+CVE-2008-5744 ignore (zaptel) kernel modules not shipped
+CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2)
+CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed
+CVE-2008-5714 VULNERABLE (kvm)
+CVE-2008-5714 VULNERABLE (qemu)
+CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5698 ignore (konqueror) KDE3 and DoS only
CVE-2008-5695 version (wordpress, fixed 2.3.3)
CVE-2008-5695 version (wordpress-mu, fixed 1.3.3)
+CVE-2008-5688 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743]
+CVE-2008-5687 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743]
CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc10]
CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10956]
CVE-2008-5657 version (quassel, fixed 0.3.0.3) [since quassel-0.3.0.3-1.fc10]
@@ -13,48 +38,57 @@
CVE-2008-5646 VULNERABLE (trac, fixed 0.11.2)
CVE-2008-5622 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11257] PMASA-2008-10, same as CVE-2008-5621?
CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11257] PMASA-2008-10
-CVE-2008-5620 VULNERABLE (roundcubemail, fixed 0.2-rc) [since roundcubemail-0.2-5.beta.fc10]
+CVE-2008-5620 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11456]
CVE-2008-5619 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11247]
-CVE-2008-5618 VULNERABLE (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.21.9-1.fc10]
-CVE-2008-5617 VULNERABLE (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.21.9-1.fc10]
+CVE-2008-5618 fixed (rsyslog, fixed 3.20.2,3.21.9) [since FEDORA-2008-11476]
+CVE-2008-5617 fixed (rsyslog, fixed 3.20.1,3.21.8) [since FEDORA-2008-11476]
CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [phpPgAdmin-4.2.2-1.fc10]
CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected
-CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
-CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
-CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
-CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
-CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
-CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
-CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
-CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc10]
-CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5517 version (git, fixed 1.5.6)
+CVE-2008-5516 version (git, fixed 1.5.5)
+CVE-2008-5514 fixed (uw-imap, fixed 2007e) [since FEDORA-2009-0413]
+CVE-2008-5513 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511]
+CVE-2008-5512 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490]
+CVE-2008-5512 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511]
+CVE-2008-5511 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490]
+CVE-2008-5511 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511]
+CVE-2008-5510 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490]
+CVE-2008-5510 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511]
+CVE-2008-5508 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490]
+CVE-2008-5508 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511]
+CVE-2008-5507 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490]
+CVE-2008-5507 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511]
+CVE-2008-5506 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490]
+CVE-2008-5506 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511]
+CVE-2008-5505 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511]
+CVE-2008-5503 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490]
+CVE-2008-5502 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511]
+CVE-2008-5501 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511]
+CVE-2008-5500 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11490]
+CVE-2008-5500 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11511]
CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9903]
CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991]
CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10991]
+CVE-2008-5396 ignore (zaptel) kernel modules not shipped
+CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10)
CVE-2008-5299 VULNERABLE (chm2pdf) #474459
CVE-2008-5298 VULNERABLE (chm2pdf) #474459
CVE-2008-5286 ignore (cups) libpng prevents this
+CVE-2008-5262 fixed (DevIL) [since FEDORA-2009-0867]
+CVE-2008-5252 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743]
+CVE-2008-5250 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743]
+CVE-2008-5249 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11743]
CVE-2008-5187 fixed (imlib2) #472579 [since FEDORA-2008-10364]
CVE-2008-5184 version (cups, fixed 1.3.8)
CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10895]
-CVE-2008-5153 VULNERABLE (moodle) #472120
+CVE-2008-5153 fixed (moodle) #472120 [since FEDORA-2009-0819]
CVE-2008-5148 fixed (geda-gnetlist) #472116 [since FEDORA-2008-9730]
CVE-2008-5138 VULNERABLE (pam_mount) #472112
CVE-2008-5113 VULNERABLE (wordpress) #471992
CVE-2008-5110 fixed (syslog-ng) [since FEDORA-2008-10879]
CVE-2008-5101 version (optipng, fixed 0.6.2) [since optipng-0.6.2-1.fc10]
-CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc10]
-CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24) [since avahi-0.6.22-12.fc10]
+CVE-2008-5086 fixed (libvirt) [since FEDORA-2008-11443]
+CVE-2008-5081 fixed (avahi, fixed 0.6.24) [since FEDORA-2008-11351]
CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10950]
CVE-2008-5078 ignore (enscript) 1.6.1 only
CVE-2008-5076 fixed (htop) [since FEDORA-2008-9944]
@@ -69,6 +103,7 @@
CVE-2008-4985 ignore (vdr) Debian-specific
CVE-2008-4982 fixed (rkhunter) [since rkhunter-1.3.2-5.fc10]
CVE-2008-4977 ignore (postfix) Debian-specific
+CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10)
CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped
CVE-2008-4937 ignore (openoffice.org) not affected
CVE-2008-4936 fixed (mgetty) patched for ages
@@ -82,6 +117,7 @@
CVE-2008-4789 version (drupal, fixed 6.5) [since drupal-6.5-1.fc10]
CVE-2008-4776 version (libgadu, fixed 1.8.2) [since libgadu-1.8.2-1.fc10]
CVE-2008-4775 version (phpMyAdmin, fixed 3.0.1.1) [since phpMyAdmin-3.0.1.1-1.fc10]
+CVE-2008-4770 fixed (vnc, fixed 4.1.3) [since FEDORA-2009-0991]
CVE-2008-4769 version (wordpress)
CVE-2008-4690 fixed (lynx) [since FEDORA-2008-9952]
CVE-2008-4641 VULNERABLE (jhead)
@@ -96,6 +132,7 @@
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10]
CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10]
+CVE-2008-4405 VULNERABLE (xen)
CVE-2008-4360 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10]
CVE-2008-4359 version (lighttpd, fixed 1.4.20) #465754 [since lighttpd-1.4.20-1.fc10]
CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10]
@@ -108,7 +145,7 @@
CVE-2008-4306 fixed (enscript) [since enscript-1.6.4-11.fc10]
CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10]
CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10]
-CVE-2008-4242 VULNERABLE (proftpd) #464130
+CVE-2008-4242 fixed (proftpd) #464130 [since FEDORA-2009-0089]
CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-10038]
CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-10038]
CVE-2008-4191 backport (emacspeak) [since emacspeak-28.0-3.fc10]
@@ -181,8 +218,8 @@
CVE-2008-3828 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10]
CVE-2008-3826 version (condor, fixed 7.0.5) #466076 [since condor-7.0.5-1.fc10]
CVE-2008-3825 version (pam_krb5, 2.3.2) [since pam_krb5-2.3.2-1.fc10]
-CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
-CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
+CVE-2008-3824 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
+CVE-2008-3823 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10]
CVE-2008-3790 backport (ruby) [since ruby-1.8.6.287-2.fc10]
CVE-2008-3789 version (samba, fixed 3.2.3) [since samba-3.2.4-0.22.fc10]
@@ -331,6 +368,9 @@
CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10]
CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2383 fixed (xterm, fixed 238) [since FEDORA-2009-0091]
+CVE-2008-2382 VULNERABLE (qemu)
+CVE-2008-2382 fixed (kvm, fixed 82) [since FEDORA-2008-11727]
CVE-2008-2377 version (gnutls, fixed 2.4.1) [since gnutls-2.4.1-1.fc10]
CVE-2008-2376 backport (ruby, fixed 1.8.6-p257) [since ruby-1.8.6.230-4.fc10]
CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
@@ -435,11 +475,12 @@
CVE-2007-5907 version (xen) #390121
CVE-2007-5906 version (xen) #390121
CVE-2007-5803 version (nagios, fixed 2.12) #446383 [since nagios-2.12-3.fc10]
+CVE-2007-5729 VULNERABLE (kvm, fixed 82)
CVE-2007-5615 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10]
CVE-2007-5614 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10]
CVE-2007-5613 backport (jetty) [since jetty-5.1.14-1jpp.2.fc10]
CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
-CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
+CVE-2007-4829 fixed (perl, fixed 1.40) [since FEDORA-2008-11736] #364291 perl-Archive-Tar directory traversal
CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
CVE-2007-1320 VULNERABLE (qemu)
CVE-2007-1320 version (kvm, fixed 70)
Index: f11
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f11,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- f11 19 Dec 2008 16:13:54 -0000 1.4
+++ f11 27 Jan 2009 14:18:01 -0000 1.5
@@ -4,6 +4,31 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025
+CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1)
+CVE-2009-0136 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11]
+CVE-2009-0135 version (amarok, fixed 2.0.1.1) [since amarok-2.0.1.1-1.fc11]
+CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc11] not security according to upstream
+CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
+CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) AST-2009-001
+CVE-2009-0025 version (bind, fixed 9.5.1-P1,9.6.0-P1) [since bind-9.6.0-2.P1.fc11]
+CVE-2009-0022 VULNERABLE (samba, fixed 3.2.7)
+CVE-2009-0021 version (ntp, fixed 4.2.4p6) [since ntp-4.2.4p6-1.fc11]
+CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1)
+CVE-2008-5916 version (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since git-1.6.0.6-1.fc11]
+CVE-2008-5906 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10]
+CVE-2008-5905 version (ktorrent, fixed 3.1.4) [since ktorrent-3.1.4-1.fc10]
+CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7
+CVE-2008-5744 ignore (zaptel) kernel modules not shipped
+CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2)
+CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed
+CVE-2008-5714 VULNERABLE (kvm)
+CVE-2008-5714 VULNERABLE (qemu)
+CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5698 ignore (konqueror) KDE3 and DoS only
+CVE-2008-5688 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11]
+CVE-2008-5687 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11]
CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc10]
CVE-2008-5660 version (vinagre, fixed 0.5.2,2.24.2) [since vinagre-2.25.3-1.fc11]
CVE-2008-5657 version (quassel, fixed 0.3.0.3) [since quassel-0.3.0.3-1.fc11]
@@ -17,61 +42,76 @@
CVE-2008-5617 version (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.21.9-1.fc11]
CVE-2008-5587 version (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc11]
CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected
-CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5517 version (git, fixed 1.5.6)
+CVE-2008-5516 version (git, fixed 1.5.5)
+CVE-2008-5514 version (uw-imap, fixed 2007e) [since uw-imap-2007e-1.fc11]
+CVE-2008-5513 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11]
CVE-2008-5512 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
-CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5512 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11]
CVE-2008-5511 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
-CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5511 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11]
CVE-2008-5510 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
-CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5510 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11]
CVE-2008-5508 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
-CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5508 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11]
CVE-2008-5507 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
-CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5507 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11]
CVE-2008-5506 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
-CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5506 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11]
+CVE-2008-5505 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11]
CVE-2008-5503 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
-CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
-CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5502 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11]
+CVE-2008-5501 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11]
CVE-2008-5500 version (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc11]
-CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc10]
+CVE-2008-5500 version (firefox, fixed 3.0.5) [since firefox-3.1-0.4.beta2.fc11]
CVE-2008-5432 version (moodle, fixed 1.8.7,1.9.3) [since moodle-1.9.3-3.fc11]
CVE-2008-5398 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11]
CVE-2008-5397 version (tor, fixed 0.2.0.32) [since tor-0.2.0.32-1.fc11]
+CVE-2008-5396 ignore (zaptel) kernel modules not shipped
+CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10)
CVE-2008-5299 VULNERABLE (chm2pdf)
CVE-2008-5298 VULNERABLE (chm2pdf)
CVE-2008-5286 ignore (cups) libpng prevents this
+CVE-2008-5262 backport (DevIL) [since DevIL-1.7.5-2.fc11]
+CVE-2008-5252 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11]
+CVE-2008-5250 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11]
+CVE-2008-5249 version (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-42.fc11]
CVE-2008-5184 version (cups, fixed 1.3.8)
CVE-2008-5183 VULNERABLE (cups, fixed 1.3.10) [since cups-1.4-0.b1.5.fc11]
-CVE-2008-5153 VULNERABLE (moodle)
+CVE-2008-5153 backport (moodle) [since moodle-1.9.3-5.fc11]
CVE-2008-5138 VULNERABLE (pam_mount)
CVE-2008-5113 VULNERABLE (wordpress) #471992
CVE-2008-5110 version (syslog-ng, fixed 2.0.10) [since syslog-ng-2.0.10-1.fc11]
CVE-2008-5086 backport (libvirt) [since libvirt-0.5.1-2.fc11]
CVE-2008-5081 version (avahi, fixed 0.6.24) [since avahi-0.6.24-1.fc11]
CVE-2008-5080 backport (awstats) [since awstats-6.8-3.fc11]
+CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10)
CVE-2008-4863 backport (blender) [blender-2.48a-4.fc10]
+CVE-2008-4770 VULNERABLE (vnc, fixed 4.1.3)
CVE-2008-4690 backport (lynx) [since lynx-2.8.6-18.fc10]
CVE-2008-4641 VULNERABLE (jhead)
CVE-2008-4640 VULNERABLE (jhead)
CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5)
+CVE-2008-4405 VULNERABLE (xen)
CVE-2008-4315 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11]
CVE-2008-4314 version (samba, fixed 3.0.33,3.2.5) [since samba-3.2.5-0.23.fc11]
CVE-2008-4313 fixed (tog-pegasus) [since tog-pegasus-2.7.2-2.fc11]
CVE-2008-4311 version (dbus, fixed 1.2.6) [since dbus-1.2.6-1.fc11]
CVE-2008-4309 version (net-snmp, fixed 5.4.2.1) [since net-snmp-5.4.2.1-1.fc10]
-CVE-2008-4242 VULNERABLE (proftpd) #464130
+CVE-2008-4242 version (proftpd, fixed 1.3.2) #464130 [since 1.3.2-0.1.rc3]
CVE-2008-4190 VULNERABLE (openswan)
-CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6)
-CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6)
+CVE-2008-4130 version (gallery2, fixed 2.2.6) [since gallery2-2.3-1.fc11]
+CVE-2008-4129 version (gallery2, fixed 2.2.6) [since gallery2-2.3-1.fc11]
CVE-2008-4100 VULNERABLE (adns) #462754 upstream design decision
CVE-2008-3949 VULNERABLE (emacs, fixed 22.3)
CVE-2008-3927 VULNERABLE (tiger)
-CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
-CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
-CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6)
+CVE-2008-3824 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
+CVE-2008-3823 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
+CVE-2008-3662 version (gallery2, fixed 2.2.6) [since gallery2-2.3-1.fc11]
CVE-2008-3381 VULNERABLE (moin) #457364
+CVE-2008-2383 version (xterm, fixed 238) [since xterm-238-1.fc11]
+CVE-2008-2382 VULNERABLE (qemu)
+CVE-2008-2382 VULNERABLE (kvm, fixed 82)
CVE-2008-2363 VULNERABLE (pan) #449335
CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
@@ -79,8 +119,9 @@
CVE-2008-1103 VULNERABLE (blender) not fixed upstream
CVE-2007-6318 VULNERABLE (wordpress) #426434
CVE-2007-6131 VULNERABLE (scanbuttond)
+CVE-2007-5729 VULNERABLE (kvm, fixed 82)
CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
-CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
+CVE-2007-4829 version (perl, fixed 1.40) [since perl-5.10.0-52.fc11] #364291 perl-Archive-Tar directory traversal
CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.
CVE-2007-1320 VULNERABLE (qemu)
CVE-2006-1390 VULNERABLE (nethack) bz#187353, but requires other access to games group
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.243
retrieving revision 1.244
diff -u -r1.243 -r1.244
--- f9 19 Dec 2008 19:22:22 -0000 1.243
+++ f9 27 Jan 2009 14:18:01 -0000 1.244
@@ -5,7 +5,32 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2009-0265 ignore (bind) dupe of CVE-2009-0025
+CVE-2009-0260 VULNERABLE (moin, fixed 1.7.3,1.8.1)
+CVE-2009-0136 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715]
+CVE-2009-0135 fixed (amarok, fixed 2.0.1.1) [since FEDORA-2009-0715]
+CVE-2009-0125 ignore (libnasl) [since libnasl-2.2.11-3.fc9] not security according to upstream
+CVE-2009-0122 ignore (hplip) Debian/Ubuntu specific
+CVE-2009-0041 VULNERABLE (asterisk, fixed 1.6.0.5) [since asterisk-1.6.0.5-2.fc9] AST-2009-001
+CVE-2009-0025 fixed (bind, fixed 9.5.1-P1,9.6.0-P1) [since FEDORA-2009-0350]
+CVE-2009-0022 fixed (samba, fixed 3.2.7) [since FEDORA-2009-0268]
+CVE-2009-0021 fixed (ntp, fixed 4.2.4p6) [since FEDORA-2009-0547]
+CVE-2008-5917 VULNERABLE (horde, fixed 3.2.3,3.3.1)
+CVE-2008-5916 fixed (git, fixed 1.6.0.6,1.5.6.6,1.5.5.6,1.5.4.7) [since FEDORA-2008-11650]
+CVE-2008-5906 fixed (ktorrent, fixed 3.1.4) [since FEDORA-2008-9167]
+CVE-2008-5905 fixed (ktorrent, fixed 3.1.4) [since FEDORA-2008-9167]
+CVE-2008-5844 ignore (php, fixed 5.2.8) only affected 5.2.7
+CVE-2008-5744 ignore (zaptel) kernel modules not shipped
+CVE-2008-5718 VULNERABLE (netatalk, fixed 2.0.4-beta2)
+CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed
+CVE-2008-5714 VULNERABLE (kvm)
+CVE-2008-5714 VULNERABLE (qemu)
+CVE-2008-5704 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5703 VULNERABLE (gpsdrive, fixed 2.10)
+CVE-2008-5698 ignore (konqueror) KDE3 and DoS only
CVE-2008-5695 version (wordpress, fixed 2.3.3)
+CVE-2008-5688 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802]
+CVE-2008-5687 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802]
CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc9]
CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10932]
CVE-2008-5657 fixed (quassel, fixed 0.3.0.3) [since FEDORA-2008-9658]
@@ -15,43 +40,52 @@
CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11208] PMASA-2008-10
CVE-2008-5620 VULNERABLE (roundcubemail, fixed 0.2-rc)
CVE-2008-5619 fixed (roundcubemail, fixed 0.2-rc) [since FEDORA-2008-11234]
-CVE-2008-5618 VULNERABLE (rsyslog, fixed 3.20.2,3.21.9) [since rsyslog-3.20.2-2.fc9]
-CVE-2008-5617 VULNERABLE (rsyslog, fixed 3.20.1,3.21.8) [since rsyslog-3.20.2-2.fc9]
-CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc9]
+CVE-2008-5618 fixed (rsyslog, fixed 3.20.2,3.21.9) [since FEDORA-2008-11538]
+CVE-2008-5617 fixed (rsyslog, fixed 3.20.1,3.21.8) [since FEDORA-2008-11538]
+CVE-2008-5587 fixed (phpPgAdmin, fixed 4.2.2) [since FEDORA-2008-11602]
CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected
-CVE-2008-5513 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
-CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
-CVE-2008-5512 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
-CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
-CVE-2008-5511 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
-CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
-CVE-2008-5510 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
-CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
-CVE-2008-5508 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
-CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
-CVE-2008-5507 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
-CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
-CVE-2008-5506 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
-CVE-2008-5505 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
-CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
-CVE-2008-5502 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
-CVE-2008-5501 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
-CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc9]
-CVE-2008-5500 VULNERABLE (firefox, fixed 3.0.5) [since firefox-3.0.5-1.fc9]
+CVE-2008-5517 version (git, fixed 1.5.6)
+CVE-2008-5516 version (git, fixed 1.5.5)
+CVE-2008-5514 fixed (uw-imap, fixed 2007e) [since FEDORA-2009-0371]
+CVE-2008-5513 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598]
+CVE-2008-5512 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586]
+CVE-2008-5512 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598]
+CVE-2008-5511 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586]
+CVE-2008-5511 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598]
+CVE-2008-5510 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586]
+CVE-2008-5510 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598]
+CVE-2008-5508 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586]
+CVE-2008-5508 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598]
+CVE-2008-5507 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586]
+CVE-2008-5507 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598]
+CVE-2008-5506 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586]
+CVE-2008-5506 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598]
+CVE-2008-5505 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598]
+CVE-2008-5503 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586]
+CVE-2008-5502 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598]
+CVE-2008-5501 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598]
+CVE-2008-5500 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11586]
+CVE-2008-5500 fixed (firefox, fixed 3.0.5) [since FEDORA-2008-11598]
CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9508]
CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989]
CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10989]
+CVE-2008-5396 ignore (zaptel) kernel modules not shipped
+CVE-2008-5380 VULNERABLE (gpsdrive, fixed 2.10)
CVE-2008-5286 ignore (cups) libpng prevents this
+CVE-2008-5262 fixed (DevIL) [since FEDORA-2009-0856]
+CVE-2008-5252 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802]
+CVE-2008-5250 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802]
+CVE-2008-5249 fixed (mediawiki, fixed 1.13.3) [since FEDORA-2008-11802]
CVE-2008-5187 fixed (imlib2) #472578 [since FEDORA-2008-10287]
CVE-2008-5184 version (cups, fixed 1.3.8)
CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10917]
-CVE-2008-5153 VULNERABLE (moodle) #472119
+CVE-2008-5153 fixed (moodle) #472119 [since FEDORA-2009-0814]
CVE-2008-5148 fixed (geda-gnetlist) #472115 [since FEDORA-2008-9730]
CVE-2008-5138 VULNERABLE (pam_mount) #472111
CVE-2008-5113 VULNERABLE (wordpress) #471991
CVE-2008-5110 fixed (syslog-ng) #471986 [since FEDORA-2008-10752]
CVE-2008-5101 fixed (optipng, fixed 0.6.2) [since FEDORA-2008-9633]
-CVE-2008-5086 VULNERABLE (libvirt) [since libvirt-0.5.1-2.fc9]
+CVE-2008-5086 fixed (libvirt) [since FEDORA-2008-11433]
CVE-2008-5081 VULNERABLE (avahi, fixed 0.6.24)
CVE-2008-5080 fixed (awstats) [since FEDORA-2008-10962]
CVE-2008-5078 ignore (enscript) 1.6.1 only
@@ -67,6 +101,7 @@
CVE-2008-4985 ignore (vdr) Debian-specific
CVE-2008-4982 fixed (rkhunter) [since FEDORA-2008-8314]
CVE-2008-4977 ignore (postfix) Debian-specific
+CVE-2008-4959 VULNERABLE (gpsdrive, fixed 2.10)
CVE-2008-4956 ignore (fwbuilder) fwb_install not shipped
CVE-2008-4937 fixed (openoffice.org) [since FEDORA-2008-7680]
CVE-2008-4936 fixed (mgetty) patched for ages
@@ -80,6 +115,7 @@
CVE-2008-4789 fixed (drupal, fixed 6.5) [since FEDORA-2008-8852]
CVE-2008-4776 fixed (libgadu, fixed 1.8.2) [since FEDORA-2008-9293]
CVE-2008-4775 fixed (phpMyAdmin, fixed 3.0.1.1) [since FEDORA-2008-9316]
+CVE-2008-4770 fixed (vnc, fixed 4.1.3) [since FEDORA-2009-1001]
CVE-2008-4769 version (wordpress)
CVE-2008-4690 fixed (lynx) #468550 [since FEDORA-2008-9550]
CVE-2008-4641 VULNERABLE (jhead)
@@ -94,6 +130,7 @@
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575]
CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639]
+CVE-2008-4405 VULNERABLE (xen)
CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464639
CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639
CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335]
@@ -106,7 +143,7 @@
CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9372]
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639
CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490]
-CVE-2008-4242 VULNERABLE (proftpd) #464129
+CVE-2008-4242 fixed (proftpd) #464129 [since FEDORA-2009-0064]
CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9773]
CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9773]
CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379]
@@ -179,8 +216,8 @@
CVE-2008-3828 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733]
CVE-2008-3826 fixed (condor, fixed 7.0.5) #466075 [since FEDORA-2008-8733]
CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618]
-CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
-CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
+CVE-2008-3824 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
+CVE-2008-3823 VULNERABLE (horde, fixed 3.2.2) oCERT-2008-012
CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9]
CVE-2008-3790 fixed (ruby) [since FEDORA-2008-8738]
CVE-2008-3789 fixed (samba, fixed 3.2.3) [since FEDORA-2008-7243]
@@ -329,6 +366,9 @@
CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2383 fixed (xterm, fixed 238) [since FEDORA-2009-0059]
+CVE-2008-2382 VULNERABLE (qemu)
+CVE-2008-2382 fixed (kvm, fixed 82) [since FEDORA-2008-11705]
CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only
CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6033]
CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
@@ -796,6 +836,7 @@
CVE-2007-5746 version (openoffice.org, fixed 2.4)
CVE-2007-5745 version (openoffice.org, fixed 2.4)
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
+CVE-2007-5729 VULNERABLE (kvm, fixed 82)
CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9]
CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
CVE-2007-5707 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
15 years, 3 months
fedora-security/audit f8,1.253,1.254
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8182/audit
Modified Files:
f8
Log Message:
ok, one more typo fix ;)
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.253
retrieving revision 1.254
diff -u -r1.253 -r1.254
--- f8 15 Jan 2009 13:31:50 -0000 1.253
+++ f8 15 Jan 2009 13:39:28 -0000 1.254
@@ -1,6 +1,6 @@
# $Id$
-# F* EOLed on 2009-01-09
+# F8 EOLed on 2009-01-09
# ** are items that need attention
# *CVE are items that need verification for Fedora 8
15 years, 3 months
fedora-security/audit f8,1.252,1.253
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv7142/audit
Modified Files:
f8
Log Message:
no more werewolf howls, F8 is EOL, no more updates to f8 tracking file
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.252
retrieving revision 1.253
diff -u -r1.252 -r1.253
--- f8 19 Dec 2008 19:22:22 -0000 1.252
+++ f8 15 Jan 2009 13:31:50 -0000 1.253
@@ -1,46 +1,59 @@
# $Id$
+# F* EOLed on 2009-01-09
+
# ** are items that need attention
# *CVE are items that need verification for Fedora 8
# (mozilla) = (gecko-libs dependent stuff)
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2009-0022 ignore (samba, fixed 3.2.7) not affected
+CVE-2008-5718 VULNERABLE (netatalk)
+CVE-2008-5716 ignore (xen) CVE-2008-4405 was not yet fixed
+CVE-2008-5714 VULNERABLE (kvm)
+CVE-2008-5714 VULNERABLE (qemu)
CVE-2008-5695 version (wordpress, fixed 2.3.3)
+CVE-2008-5688 VULNERABLE (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-41.99.fc8]
+CVE-2008-5687 VULNERABLE (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-41.99.fc8]
CVE-2008-5676 version (mod_security, fixed 2.5.6) [since mod_security-2.5.6-1.fc8]
CVE-2008-5660 fixed (vinagre, fixed 0.5.2,2.24.2) [since FEDORA-2008-10941]
CVE-2008-5647 VULNERABLE (trac, 0.11.2)
CVE-2008-5646 VULNERABLE (trac, 0.11.2)
CVE-2008-5622 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11221] PMASA-2008-10, same as CVE-2008-5621?
CVE-2008-5621 fixed (phpMyAdmin, fixed 3.1.1) [since FEDORA-2008-11221] PMASA-2008-10
-CVE-2008-5620 VULNERABLE (roundcubemail, 0.2-rc) [since roundcubemail-0.2-5.beta.fc8]
+CVE-2008-5620 fixed (roundcubemail, 0.2-rc) [since FEDORA-2008-11581]
CVE-2008-5619 fixed (roundcubemail, 0.2-rc) [since FEDORA-2008-11220]
CVE-2008-5618 ignore (rsyslog, 3.20.2) not affected
CVE-2008-5617 ignore (rsyslog, 3.20.1) not affected
-CVE-2008-5587 VULNERABLE (phpPgAdmin, fixed 4.2.2) [since phpPgAdmin-4.2.2-1.fc8]
+CVE-2008-5587 fixed (phpPgAdmin, fixed 4.2.2) [since FEDORA-2008-11576]
CVE-2008-5558 ignore (asterisk) AST-2008-012, not affected
-CVE-2008-5513 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
-CVE-2008-5512 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
-CVE-2008-5512 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
-CVE-2008-5511 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
-CVE-2008-5511 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
-CVE-2008-5510 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
-CVE-2008-5510 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
-CVE-2008-5508 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
-CVE-2008-5508 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
-CVE-2008-5507 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
-CVE-2008-5507 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
-CVE-2008-5506 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
-CVE-2008-5506 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
-CVE-2008-5504 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
-CVE-2008-5503 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
-CVE-2008-5503 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
-CVE-2008-5500 VULNERABLE (seamonkey, fixed 1.1.14) [since seamonkey-1.1.14-1.fc8]
-CVE-2008-5500 VULNERABLE (firefox, fixed 2.0.0.19) [since firefox-2.0.0.19-1.fc8]
+CVE-2008-5514 VULNERABLE (uw-imap, fixed 2007e) [since uw-imap-2007e-1.fc8]
+CVE-2008-5513 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551]
+CVE-2008-5512 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534]
+CVE-2008-5512 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551]
+CVE-2008-5511 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534]
+CVE-2008-5511 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551]
+CVE-2008-5510 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534]
+CVE-2008-5510 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551]
+CVE-2008-5508 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534]
+CVE-2008-5508 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551]
+CVE-2008-5507 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534]
+CVE-2008-5507 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551]
+CVE-2008-5506 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534]
+CVE-2008-5506 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551]
+CVE-2008-5504 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551]
+CVE-2008-5503 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534]
+CVE-2008-5503 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551]
+CVE-2008-5500 fixed (seamonkey, fixed 1.1.14) [since FEDORA-2008-11534]
+CVE-2008-5500 fixed (firefox, fixed 2.0.0.19) [since FEDORA-2008-11551]
CVE-2008-5432 fixed (moodle, fixed 1.8.7,1.9.3) [since FEDORA-2008-9502]
CVE-2008-5398 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10954]
CVE-2008-5397 fixed (tor, fixed 0.2.0.32) [since FEDORA-2008-10954]
CVE-2008-5286 ignore (cups) libpng prevents this
+CVE-2008-5252 VULNERABLE (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-41.99.fc8]
+CVE-2008-5250 VULNERABLE (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-41.99.fc8]
+CVE-2008-5249 VULNERABLE (mediawiki, fixed 1.13.3) [since mediawiki-1.13.3-41.99.fc8]
CVE-2008-5187 fixed (imlib2) #472577 [since FEDORA-2008-10296]
CVE-2008-5184 version (cups, fixed 1.3.8)
CVE-2008-5183 fixed (cups, fixed 1.3.10) [since FEDORA-2008-10911]
@@ -93,6 +106,7 @@
CVE-2008-4434 ignore (bittorrent) 6.x only
CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582]
CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8678]
+CVE-2008-4405 VULNERABLE (xen)
CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464638
CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638
CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286]
@@ -105,7 +119,7 @@
CVE-2008-4306 fixed (enscript) [since FEDORA-2008-9351]
CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638
CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632
-CVE-2008-4242 VULNERABLE (proftpd) #464128
+CVE-2008-4242 fixed (proftpd) #464128 [since FEDORA-2009-0195]
CVE-2008-4226 fixed (libxml2) [since FEDORA-2008-9729]
CVE-2008-4225 fixed (libxml2) [since FEDORA-2008-9729]
CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423]
@@ -321,6 +335,9 @@
CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4842]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
+CVE-2008-2383 VULNERABLE (xterm, fixed 238) [since xterm-238-1.fc8]
+CVE-2008-2382 VULNERABLE (qemu)
+CVE-2008-2382 VULNERABLE (kvm, fixed 82)
CVE-2008-2377 ignore (gnutls, fixed 2.4.1) 2.3.5+ only
CVE-2008-2376 fixed (ruby, fixed 1.8.6-p257) [since FEDORA-2008-6094]
CVE-2008-2375 ignore (vsftpd) pre-2.0.5 versions only
@@ -791,6 +808,7 @@
CVE-2007-5746 fixed (openoffice.org, fixed 2.4) #442846 [since FEDORA-2008-3251]
CVE-2007-5745 fixed (openoffice.org, fixed 2.4) #442846 [since FEDORA-2008-3251]
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
+CVE-2007-5729 VULNERABLE (kvm, fixed 82)
CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788]
CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
CVE-2007-5707 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
15 years, 3 months
fedora-security/tools/lib/Libexig Fedora.pm, 1.8, 1.9
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/tools/lib/Libexig
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6934/tools/lib/Libexig
Modified Files:
Fedora.pm
Log Message:
drop F8 support from tools
Index: Fedora.pm
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/lib/Libexig/Fedora.pm,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- Fedora.pm 26 Nov 2008 10:00:31 -0000 1.8
+++ Fedora.pm 15 Jan 2009 13:30:23 -0000 1.9
@@ -121,9 +121,6 @@
# Valid versions
my %versions = (
- '8', => '8',
- 'f8', => '8',
- 'fc8', => '8',
'9', => '9',
'f9', => '9',
'fc9', => '9',
15 years, 3 months
fedora-security/tools/scripts add-issue, 1.10, 1.11
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/tools/scripts
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6934/tools/scripts
Modified Files:
add-issue
Log Message:
drop F8 support from tools
Index: add-issue
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/scripts/add-issue,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- add-issue 26 Nov 2008 10:00:31 -0000 1.10
+++ add-issue 15 Jan 2009 13:30:24 -0000 1.11
@@ -24,7 +24,6 @@
use strict;
my %versions = (
- '8' => 'audit/f8',
'9' => 'audit/f9',
'10' => 'audit/f10',
'11' => 'audit/f11',
15 years, 3 months
fedora-security/tools/scripts check-updates, 1.6, 1.7
by fedora-security-commits@redhat.com
Author: thoger
Update of /cvs/fedora/fedora-security/tools/scripts
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4890/tools/scripts
Modified Files:
check-updates
Log Message:
only note update id when update is stable
Index: check-updates
===================================================================
RCS file: /cvs/fedora/fedora-security/tools/scripts/check-updates,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- check-updates 26 Aug 2008 06:37:52 -0000 1.6
+++ check-updates 15 Jan 2009 13:21:21 -0000 1.7
@@ -79,17 +79,15 @@
if ($debug) {
print " -> Found: ", keys(%{ $u->{'_builds_hash'}->{$entry->{'component'}} });
- }
-
- # Modify the line accordingly
- if (defined($u->{'updateid'})) {
- $entry->{'since'}= $u->{'updateid'};
- if ($debug) {
+ if (defined($u->{'updateid'})) {
print " ($u->{'updateid'})";
}
}
+
+ # Modify the line accordingly
if ($u->{'status'} eq 'stable') {
$entry->{'status'}= 'fixed';
+ $entry->{'since'}= $u->{'updateid'};
}
Libexig::Audit::update_entry ($entry);
15 years, 3 months