[Fedora-security-commits] fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Fri Jun 20 19:34:59 UTC 2008 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29644/audit

Modified Files:
	f10 f8 f9 
Log Message:
ruby bugs



Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- f10	20 Jun 2008 08:50:45 -0000	1.7
+++ f10	20 Jun 2008 19:34:29 -0000	1.8
@@ -4,6 +4,10 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
 
+CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
+CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
+CVE-2008-2726 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
+CVE-2008-2725 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
 CVE-2008-2724 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
 CVE-2008-2723 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
 CVE-2008-2722 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
@@ -11,6 +15,9 @@
 CVE-2008-2720 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
 CVE-2008-2713 version (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc10] 
 CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
+CVE-2008-2664 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
+CVE-2008-2663 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
+CVE-2008-2662 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
 CVE-2008-2575 version (cbrpager) [since cbrpager-0.9.17-2.fc10] 
 CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10] 
 CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2] 
@@ -46,6 +53,7 @@
 CVE-2008-1943 VULNERABLE (xen) [since xen-3.2.0-11.fc10]
 CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10]
 CVE-2008-1926 backport (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] 
+CVE-2008-1891 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452295 
 CVE-2008-1836 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
 CVE-2008-1808 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10] 
 CVE-2008-1807 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10] 


Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.225
retrieving revision 1.226
diff -u -r1.225 -r1.226
--- f8	20 Jun 2008 08:50:45 -0000	1.225
+++ f8	20 Jun 2008 19:34:29 -0000	1.226
@@ -7,6 +7,10 @@
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
 CVE-2008-2783 VULNERABLE (kronolith) 
+CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
+CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
+CVE-2008-2726 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
+CVE-2008-2725 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
 CVE-2008-2724 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
 CVE-2008-2723 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
 CVE-2008-2722 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
@@ -14,6 +18,9 @@
 CVE-2008-2720 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
 CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1) 
 CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
+CVE-2008-2664 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
+CVE-2008-2663 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
+CVE-2008-2662 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
 CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4528] 
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4842] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579] 
@@ -67,6 +74,7 @@
 CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since FEDORA-2008-3461] PMASA-2008-3
 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
 CVE-2008-1897 fixed (asterisk, fixed 1.4.19.1) [since FEDORA-2008-3390] 
+CVE-2008-1891 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452293 
 CVE-2008-1878 fixed (xine-lib, fixed 1.1.12.1) #443055 [since FEDORA-2008-3353] nsf demuxer overflow
 CVE-2008-1845 version (mksh, fixed 33d) [since FEDORA-2008-3174] 
 CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.215
retrieving revision 1.216
diff -u -r1.215 -r1.216
--- f9	20 Jun 2008 08:50:45 -0000	1.215
+++ f9	20 Jun 2008 19:34:29 -0000	1.216
@@ -5,6 +5,10 @@
 # (mozilla) = (gecko-libs dependent stuff)
 
 rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2728 ignore (ruby) 1.6.x variant of CVE-2008-2726
+CVE-2008-2727 ignore (ruby) 1.6.x variant of CVE-2008-2725
+CVE-2008-2726 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
+CVE-2008-2725 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
 CVE-2008-2724 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
 CVE-2008-2723 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
 CVE-2008-2722 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
@@ -12,6 +16,9 @@
 CVE-2008-2720 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
 CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc9] 
 CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
+CVE-2008-2664 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
+CVE-2008-2663 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
+CVE-2008-2662 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
 CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4501] 
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531] 
@@ -66,6 +73,7 @@
 CVE-2008-1924 version (phpMyAdmin, fixed 2.11.5.2) [since phpMyAdmin-2.11.5.2-1.fc9] PMASA-2008-3
 CVE-2008-1923 version (asterisk) upstream fix incomplete, resulting in CVE-2008-1897
 CVE-2008-1897 version (asterisk, fixed 1.6.0.beta3) [since asterisk-1.6.0-0.13.beta8.fc9]
+CVE-2008-1891 VULNERABLE (ruby, fixed 1.8.6-p230, 1.8.7-p22) #452294 
 CVE-2008-1878 backport (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow [since xine-lib-1.1.12-2.fc9]
 CVE-2008-1845 version (mksh, fixed 33d) [since mksh-33d-1.fc9] what is real impact on fedora?
 CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped

More information about the Fedora-security-commits mailing list