[Fedora-security-commits] fedora-security/audit f8, 1.188, 1.189 f9, 1.178, 1.179 fc7, 1.344, 1.345

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Thu Apr 3 09:09:24 UTC 2008


Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26817/audit

Modified Files:
	f8 f9 fc7 
Log Message:
add openssh, audit
note some CVE ids
note rawhide updates
check-updates



Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.188
retrieving revision 1.189
diff -u -r1.188 -r1.189
--- f8	2 Apr 2008 17:11:28 -0000	1.188
+++ f8	3 Apr 2008 09:08:54 -0000	1.189
@@ -4,11 +4,12 @@
 # *CVE are items that need verification for Fedora 8
 # (mozilla) = (gecko-libs dependent stuff)
 
-439982 VULNERABLE (PolicyKit) #439995
 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
-438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 
 249840 VULNERABLE (tor) 
+CVE-2008-1658 VULNERABLE (PolicyKit) #439995
+CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375
 CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440249 
+CVE-2008-1628 VULNERABLE (audit) [since audit-1.6.8-4.fc8]
 CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868]
 CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740] 
 CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635
@@ -16,21 +17,22 @@
 CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435487 
 CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435487 
 CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435487 
+CVE-2008-1552 fixed (libsilc) #438382 [since FEDORA-2008-2641] 
 CVE-2008-1515 VULNERABLE (otrs) #439724
 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847 
 CVE-2008-0806 fixed (wyrd) #433720 [since FEDORA-2008-1963] 
 CVE-2008-1532 fixed (Perlbal) #439056 [since FEDORA-2008-2778] 
 CVE-2008-1531 VULNERABLE (lighttpd) #439068 
 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
-CVE-2008-1482 VULNERABLE (xine-lib) #438670 
+CVE-2008-1482 VULNERABLE (xine-lib) #438670 [since FEDORA-2008-2849] 
 CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370] 
 CVE-2008-1468 fixed (namazu) #438667 [since FEDORA-2008-2767] 
-CVE-2008-1467 VULNERABLE (centerim) #438871 
+CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] 
 CVE-2008-1394 ignore (plone) 
 CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] 
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
-CVE-2008-1373 VULNERABLE (cups) #440040 
-CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855
+CVE-2008-1373 VULNERABLE (cups) #440040 [since FEDORA-2008-2131] 
+CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 
 CVE-2008-1360 VULNERABLE (nagios) #437850 
 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
 CVE-2008-1333 ignore (asterisk) not affected
@@ -163,7 +165,7 @@
 CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
 CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
 CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901] 
-CVE-2008-0047 VULNERABLE (cups) #440040 
+CVE-2008-0047 VULNERABLE (cups) #440040 [since FEDORA-2008-2131] 
 CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994] 
 CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794] 
 CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
@@ -213,14 +215,14 @@
 CVE-2007-6335 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
 CVE-2007-6437 fixed (syslog-ng) #426306 [since FEDORA-2008-0523] 
 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651]
-CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170 
+CVE-2007-6389 fixed (gnome-screensaver) #426170 [since FEDORA-2008-2872] 
 CVE-2007-6353 VULNERABLE (exiv2) #425923
 CVE-2007-6352 fixed (libexif) #425631 [since FEDORA-2007-4667] 
 CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667] 
 CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
 CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
 CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423291
+CVE-2007-6321 VULNERABLE (roundcubemail) #423291 
 CVE-2007-6318 VULNERABLE (wordpress)
 CVE-2007-6313 ignore (mysql) 5.1+ only
 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.178
retrieving revision 1.179
diff -u -r1.178 -r1.179
--- f9	2 Apr 2008 17:11:28 -0000	1.178
+++ f9	3 Apr 2008 09:08:54 -0000	1.179
@@ -4,23 +4,25 @@
 # *CVE are items that need verification for Fedora 9
 # (mozilla) = (gecko-libs dependent stuff)
 
-439982 VULNERABLE (PolicyKit) #439996
 438382 VULNERABLE (libsilc) #438382 
 249840 VULNERABLE (tor) 
+CVE-2008-1658 VULNERABLE (PolicyKit) #439996
+CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376
 CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440250 
+CVE-2008-1628 version (audit) [since audit-1.7-2.fc9]
 CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9]
 CVE-2008-1612 ignore (squid, fixed 2.6.STABLE19) 3.0 was not affected 
-CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635
+CVE-2008-1568 fixed (comix) [since comix-3.6.4-6.fc9]
 CVE-2008-1567 version (phpmyadmin, fixed 2.11.5.1) [since phpMyAdmin-2.11.5.1-1.fc9]
-CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435488 
-CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435488 
-CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435488 
+CVE-2008-1563 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9]
+CVE-2008-1562 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9]
+CVE-2008-1561 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9]
 CVE-2008-1515 VULNERABLE (otrs) #439725
 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848 
 CVE-2008-0806 VULNERABLE (wyrd) #433722 
 CVE-2008-1531 VULNERABLE (lighttpd) #439069 
 CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
-CVE-2008-1482 VULNERABLE (xine-lib) #438671 
+CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9]
 CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9]
 CVE-2008-1468 VULNERABLE (namazu) #438668 
 CVE-2008-1467 fixed (centerim) #438871
@@ -53,9 +55,9 @@
 CVE-2008-1099 VULNERABLE (moin) #438674 
 CVE-2008-1098 VULNERABLE (moin) #438674 
 CVE-2008-1078 VULNERABLE (am-utils) #437746
-CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435488 
-CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435488 
-CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435488 
+CVE-2008-1072 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
+CVE-2008-1071 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
+CVE-2008-1070 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
 CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9]
 CVE-2008-1066 VULNERABLE (gallery2) #438060 
 CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064 


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.344
retrieving revision 1.345
diff -u -r1.344 -r1.345
--- fc7	2 Apr 2008 17:11:28 -0000	1.344
+++ fc7	3 Apr 2008 09:08:54 -0000	1.345
@@ -6,9 +6,10 @@
 # A couple of first F7 updates were marked as FEDORA-2007-0001
 
 293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
-438382 fixed (libsilc) #438382 [since FEDORA-2008-2641] 
 249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] 
+CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461
 CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440248 
+CVE-2008-1628 ignore (audit) affected function not used by anything
 CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2815]
 CVE-2008-1612 backport (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2729] 
 CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635
@@ -16,6 +17,7 @@
 CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435485 
 CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435485 
 CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435485 
+CVE-2008-1552 fixed (libsilc) #438382 [since FEDORA-2008-2641] 
 CVE-2008-1515 VULNERABLE (otrs) #439723
 CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846 
 CVE-2008-0806 fixed (wyrd) #433721 [since FEDORA-2008-1986] 
@@ -25,12 +27,12 @@
 CVE-2008-1482 VULNERABLE (xine-lib) #438669 
 CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471] 
 CVE-2008-1468 fixed (namazu) #438666 [since FEDORA-2008-2678] 
-CVE-2008-1467 VULNERABLE (centerim) #438871 
+CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869] 
 CVE-2008-1394 ignore (plone) 
 CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] 
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 VULNERABLE (cups) #440042 
-CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855
+CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855 
 CVE-2008-1360 VULNERABLE (nagios) #437851 
 CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
 CVE-2008-1333 ignore (asterisk) not affected
@@ -211,14 +213,14 @@
 CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
 CVE-2007-6437 fixed (syslog-ng) #426305 [since FEDORA-2008-0559] 
 CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593]
-CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169 
+CVE-2007-6389 fixed (gnome-screensaver) #426169 [since FEDORA-2008-2818] 
 CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551] 
 CVE-2007-6352 fixed (libexif) #425621 [since FEDORA-2007-4608] 
 CVE-2007-6351 fixed (libexif) #425621 [since FEDORA-2007-4608] 
 CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
 CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
 CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423281
+CVE-2007-6321 VULNERABLE (roundcubemail) #423281 
 CVE-2007-6318 VULNERABLE (wordpress)
 CVE-2007-6313 ignore (mysql) 5.1+ only
 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built




More information about the Fedora-security-commits mailing list