[Fedora-security-commits] fedora-security/audit f8, 1.188, 1.189 f9, 1.178, 1.179 fc7, 1.344, 1.345
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Thu Apr 3 09:09:24 UTC 2008
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.187, 1.188 f9, 1.177, 1.178 fc7, 1.343, 1.344
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.189, 1.190 f9, 1.179, 1.180 fc7, 1.345, 1.346
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26817/audit
Modified Files:
f8 f9 fc7
Log Message:
add openssh, audit
note some CVE ids
note rawhide updates
check-updates
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.188
retrieving revision 1.189
diff -u -r1.188 -r1.189
--- f8 2 Apr 2008 17:11:28 -0000 1.188
+++ f8 3 Apr 2008 09:08:54 -0000 1.189
@@ -4,11 +4,12 @@
# *CVE are items that need verification for Fedora 8
# (mozilla) = (gecko-libs dependent stuff)
-439982 VULNERABLE (PolicyKit) #439995
293031 fixed (nx) #293031 [since FEDORA-2008-2258]
-438382 fixed (libsilc) #438382 [since FEDORA-2008-2641]
249840 VULNERABLE (tor)
+CVE-2008-1658 VULNERABLE (PolicyKit) #439995
+CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440375
CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440249
+CVE-2008-1628 VULNERABLE (audit) [since audit-1.6.8-4.fc8]
CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2868]
CVE-2008-1612 VULNERABLE (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2740]
CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635
@@ -16,21 +17,22 @@
CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435487
CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435487
CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435487
+CVE-2008-1552 fixed (libsilc) #438382 [since FEDORA-2008-2641]
CVE-2008-1515 VULNERABLE (otrs) #439724
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438847
CVE-2008-0806 fixed (wyrd) #433720 [since FEDORA-2008-1963]
CVE-2008-1532 fixed (Perlbal) #439056 [since FEDORA-2008-2778]
CVE-2008-1531 VULNERABLE (lighttpd) #439068
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
-CVE-2008-1482 VULNERABLE (xine-lib) #438670
+CVE-2008-1482 VULNERABLE (xine-lib) #438670 [since FEDORA-2008-2849]
CVE-2008-1474 fixed (roundup) #436547 [since FEDORA-2008-2370]
CVE-2008-1468 fixed (namazu) #438667 [since FEDORA-2008-2767]
-CVE-2008-1467 VULNERABLE (centerim) #438871
+CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554]
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
-CVE-2008-1373 VULNERABLE (cups) #440040
-CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855
+CVE-2008-1373 VULNERABLE (cups) #440040 [since FEDORA-2008-2131]
+CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855
CVE-2008-1360 VULNERABLE (nagios) #437850
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 ignore (asterisk) not affected
@@ -163,7 +165,7 @@
CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647]
CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901]
-CVE-2008-0047 VULNERABLE (cups) #440040
+CVE-2008-0047 VULNERABLE (cups) #440040 [since FEDORA-2008-2131]
CVE-2008-0008 fixed (pulseaudio) #425481 [since FEDORA-2008-0994]
CVE-2008-0006 fixed (libXfont) #429132 [since FEDORA-2008-0794]
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
@@ -213,14 +215,14 @@
CVE-2007-6335 fixed (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115]
CVE-2007-6437 fixed (syslog-ng) #426306 [since FEDORA-2008-0523]
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4651]
-CVE-2007-6389 VULNERABLE (gnome-screensaver) #426170
+CVE-2007-6389 fixed (gnome-screensaver) #426170 [since FEDORA-2008-2872]
CVE-2007-6353 VULNERABLE (exiv2) #425923
CVE-2007-6352 fixed (libexif) #425631 [since FEDORA-2007-4667]
CVE-2007-6351 fixed (libexif) #425631 [since FEDORA-2007-4667]
CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423291
+CVE-2007-6321 VULNERABLE (roundcubemail) #423291
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6313 ignore (mysql) 5.1+ only
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.178
retrieving revision 1.179
diff -u -r1.178 -r1.179
--- f9 2 Apr 2008 17:11:28 -0000 1.178
+++ f9 3 Apr 2008 09:08:54 -0000 1.179
@@ -4,23 +4,25 @@
# *CVE are items that need verification for Fedora 9
# (mozilla) = (gecko-libs dependent stuff)
-439982 VULNERABLE (PolicyKit) #439996
438382 VULNERABLE (libsilc) #438382
249840 VULNERABLE (tor)
+CVE-2008-1658 VULNERABLE (PolicyKit) #439996
+CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376
CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440250
+CVE-2008-1628 version (audit) [since audit-1.7-2.fc9]
CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9]
CVE-2008-1612 ignore (squid, fixed 2.6.STABLE19) 3.0 was not affected
-CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635
+CVE-2008-1568 fixed (comix) [since comix-3.6.4-6.fc9]
CVE-2008-1567 version (phpmyadmin, fixed 2.11.5.1) [since phpMyAdmin-2.11.5.1-1.fc9]
-CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435488
-CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435488
-CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435488
+CVE-2008-1563 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9]
+CVE-2008-1562 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9]
+CVE-2008-1561 version (wireshark, fixed 1.0) #435488 [since wireshark-1.0.0-2.fc9]
CVE-2008-1515 VULNERABLE (otrs) #439725
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438848
CVE-2008-0806 VULNERABLE (wyrd) #433722
CVE-2008-1531 VULNERABLE (lighttpd) #439069
CVE-2008-1483 ignore (openssh) was alrady fixed by another patch
-CVE-2008-1482 VULNERABLE (xine-lib) #438671
+CVE-2008-1482 version (xine-lib) #438671 [since xine-lib-1.1.11.1-1.fc9]
CVE-2008-1474 version (roundup) #436549 [since roundup-1.4.4-1.fc9]
CVE-2008-1468 VULNERABLE (namazu) #438668
CVE-2008-1467 fixed (centerim) #438871
@@ -53,9 +55,9 @@
CVE-2008-1099 VULNERABLE (moin) #438674
CVE-2008-1098 VULNERABLE (moin) #438674
CVE-2008-1078 VULNERABLE (am-utils) #437746
-CVE-2008-1072 VULNERABLE (wireshark, fixed 0.99.8) #435488
-CVE-2008-1071 VULNERABLE (wireshark, fixed 0.99.8) #435488
-CVE-2008-1070 VULNERABLE (wireshark, fixed 0.99.8) #435488
+CVE-2008-1072 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
+CVE-2008-1071 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
+CVE-2008-1070 version (wireshark, fixed 0.99.8) #435488 [since wireshark-1.0.0-2.fc9]
CVE-2008-1066 version (php-Smarty) #435813 [since php-Smarty-2.6.19-1.fc9]
CVE-2008-1066 VULNERABLE (gallery2) #438060
CVE-2008-1066 VULNERABLE (php-pear-PhpDocumentor) #438064
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.344
retrieving revision 1.345
diff -u -r1.344 -r1.345
--- fc7 2 Apr 2008 17:11:28 -0000 1.344
+++ fc7 3 Apr 2008 09:08:54 -0000 1.345
@@ -6,9 +6,10 @@
# A couple of first F7 updates were marked as FEDORA-2007-0001
293031 fixed (nx) #293031 [since FEDORA-2008-2258]
-438382 fixed (libsilc) #438382 [since FEDORA-2008-2641]
249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
+CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #280461
CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440248
+CVE-2008-1628 ignore (audit) affected function not used by anything
CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since FEDORA-2008-2815]
CVE-2008-1612 backport (squid, fixed 2.6.STABLE19) [since FEDORA-2008-2729]
CVE-2008-1568 VULNERABLE (comix) multiple issues tracked via bz#430635
@@ -16,6 +17,7 @@
CVE-2008-1563 VULNERABLE (wireshark, fixed 1.0) #435485
CVE-2008-1562 VULNERABLE (wireshark, fixed 1.0) #435485
CVE-2008-1561 VULNERABLE (wireshark, fixed 1.0) #435485
+CVE-2008-1552 fixed (libsilc) #438382 [since FEDORA-2008-2641]
CVE-2008-1515 VULNERABLE (otrs) #439723
CVE-2008-1488 VULNERABLE (php-pecl-apc) #438846
CVE-2008-0806 fixed (wyrd) #433721 [since FEDORA-2008-1986]
@@ -25,12 +27,12 @@
CVE-2008-1482 VULNERABLE (xine-lib) #438669
CVE-2008-1474 fixed (roundup) #436548 [since FEDORA-2008-2471]
CVE-2008-1468 fixed (namazu) #438666 [since FEDORA-2008-2678]
-CVE-2008-1467 VULNERABLE (centerim) #438871
+CVE-2008-1467 fixed (centerim) #438871 [since FEDORA-2008-2869]
CVE-2008-1394 ignore (plone)
CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620]
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 VULNERABLE (cups) #440042
-CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855
+CVE-2008-1372 VULNERABLE (bzip2, fixed 1.0.5) #439855
CVE-2008-1360 VULNERABLE (nagios) #437851
CVE-2008-1353 ignore (zabbix) #437848 Needs authorization
CVE-2008-1333 ignore (asterisk) not affected
@@ -211,14 +213,14 @@
CVE-2007-6335 fixed (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170]
CVE-2007-6437 fixed (syslog-ng) #426305 [since FEDORA-2008-0559]
CVE-2007-6430 version (asterisk, fixed 1.4.16) [since FEDORA-2007-4593]
-CVE-2007-6389 VULNERABLE (gnome-screensaver) #426169
+CVE-2007-6389 fixed (gnome-screensaver) #426169 [since FEDORA-2008-2818]
CVE-2007-6353 fixed (exiv2) #425922 [since FEDORA-2007-4551]
CVE-2007-6352 fixed (libexif) #425621 [since FEDORA-2007-4608]
CVE-2007-6351 fixed (libexif) #425621 [since FEDORA-2007-4608]
CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423281
+CVE-2007-6321 VULNERABLE (roundcubemail) #423281
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6313 ignore (mysql) 5.1+ only
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.187, 1.188 f9, 1.177, 1.178 fc7, 1.343, 1.344
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.189, 1.190 f9, 1.179, 1.180 fc7, 1.345, 1.346
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-security-commits
mailing list