[Fedora-security-commits] fedora-security/audit f8, 1.198, 1.199 f9, 1.189, 1.190 fc7, 1.354, 1.355
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Thu Apr 17 09:20:51 UTC 2008
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.197, 1.198 f9, 1.188, 1.189 fc7, 1.353, 1.354
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.199, 1.200 f9, 1.190, 1.191 fc7, 1.355, 1.356
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12611/audit
Modified Files:
f8 f9 fc7
Log Message:
add OOo and recent mozilla CVEs
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.198
retrieving revision 1.199
diff -u -r1.198 -r1.199
--- f8 16 Apr 2008 16:05:37 -0000 1.198
+++ f8 17 Apr 2008 09:20:21 -0000 1.199
@@ -43,6 +43,9 @@
CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442363
CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used
+CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
+CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442851
+CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131]
CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
@@ -58,9 +61,32 @@
CVE-2008-1289 fixed (asterisk, fixed 1.4.18.1) #438133 [since FEDORA-2008-2554]
CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2362]
CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
+CVE-2008-1241 version (firefox, fixed 2.0.0.13)
+CVE-2008-1241 version (seamonkey, fixed 1.1.9)
+CVE-2008-1240 version (firefox, fixed 2.0.0.13)
+CVE-2008-1240 version (seamonkey, fixed 1.1.9)
+CVE-2008-1238 version (firefox, fixed 2.0.0.13)
+CVE-2008-1238 version (seamonkey, fixed 1.1.9)
+CVE-2008-1237 version (firefox, fixed 2.0.0.13)
+CVE-2008-1237 version (seamonkey, fixed 1.1.9)
+CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856
+CVE-2008-1236 version (firefox, fixed 2.0.0.13)
+CVE-2008-1236 version (seamonkey, fixed 1.1.9)
+CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856
+CVE-2008-1235 version (firefox, fixed 2.0.0.13)
+CVE-2008-1235 version (seamonkey, fixed 1.1.9)
+CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856
+CVE-2008-1234 version (firefox, fixed 2.0.0.13)
+CVE-2008-1234 version (seamonkey, fixed 1.1.9)
+CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856
+CVE-2008-1233 version (firefox, fixed 2.0.0.13)
+CVE-2008-1233 version (seamonkey, fixed 1.1.9)
+CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442856
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2464] marginally affected
CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2464] not in default config
+CVE-2008-1195 version (firefox, fixed 2.0.0.13)
+CVE-2008-1195 version (seamonkey, fixed 1.1.9)
CVE-2008-1184 version (dnssec-tools, fixed 1.3.2) [since FEDORA-2008-1771]
CVE-2008-1161 version (xine-lib, fixed 1.1.10.1) [since FEDORA-2008-1543]
CVE-2008-1149 version (phpMyAdmin, fixed 2.11.5) [since FEDORA-2008-2189]
@@ -137,6 +163,9 @@
CVE-2008-0418 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060]
CVE-2008-0417 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535]
CVE-2008-0417 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459]
+CVE-2008-0416 version (firefox, fixed 2.0.0.12)
+CVE-2008-0416 version (thunderbird, fixed 2.0.0.12)
+CVE-2008-0416 version (seamonkey, fixed 1.1.8)
CVE-2008-0415 fixed (firefox, fixed 2.0.0.12) #432043 [since FEDORA-2008-1535]
CVE-2008-0415 fixed (seamonkey, fixed 1.1.8) #432046 [since FEDORA-2008-1459]
CVE-2008-0415 fixed (thunderbird, fixed 2.0.0.12) #432048 [since FEDORA-2008-2060]
@@ -152,6 +181,7 @@
CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796]
CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015]
CVE-2008-0364 ignore (bittorrent) Windows only
+CVE-2008-0320 VULNERABLE (openoffice.org, fixed 2.4) #442846
CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1625]
CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442363
CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1459]
@@ -312,6 +342,9 @@
CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760]
CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2853]
+CVE-2007-5747 VULNERABLE (openoffice.org, fixed 2.4) #442846
+CVE-2007-5746 VULNERABLE (openoffice.org, fixed 2.4) #442846
+CVE-2007-5745 VULNERABLE (openoffice.org, fixed 2.4) #442846
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3989]
CVE-2007-5712 version (Django, fixed 0.96.1) #362771 [since FEDORA-2007-2788]
CVE-2007-5708 version (openldap, fixed 2.3.39) #362991 [since FEDORA-2007-2796]
@@ -354,6 +387,8 @@
CVE-2007-5000 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
CVE-2007-4999 version (pidgin, fixed 2.2.2)
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
+CVE-2007-4879 version (firefox, fixed 2.0.0.13)
+CVE-2007-4879 version (seamonkey, fixed 1.1.9)
CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway
CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281
CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.189
retrieving revision 1.190
diff -u -r1.189 -r1.190
--- f9 16 Apr 2008 16:05:37 -0000 1.189
+++ f9 17 Apr 2008 09:20:21 -0000 1.190
@@ -44,6 +44,9 @@
CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442364
CVE-2008-1382 VULNERABLE (libpng, fixed 1.2.27) minimal impact, affected api rarely used
CVE-2008-1382 VULNERABLE (libpng10) minimal impact, affected api rarely used
+CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
+CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442852
+CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 VULNERABLE (cups) #440041
CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
@@ -56,14 +59,37 @@
CVE-2008-1289 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9]
CVE-2008-1284 version (horde, fixed 3.1.7) #436628
CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
+CVE-2008-1241 version (firefox, fixed 2.0.0.13)
+CVE-2008-1241 version (seamonkey, fixed 1.1.9)
+CVE-2008-1240 version (firefox, fixed 2.0.0.13)
+CVE-2008-1240 version (seamonkey, fixed 1.1.9)
+CVE-2008-1238 version (firefox, fixed 2.0.0.13)
+CVE-2008-1238 version (seamonkey, fixed 1.1.9)
+CVE-2008-1237 version (firefox, fixed 2.0.0.13)
+CVE-2008-1237 version (seamonkey, fixed 1.1.9)
+CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1236 version (firefox, fixed 2.0.0.13)
+CVE-2008-1236 version (seamonkey, fixed 1.1.9)
+CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1235 version (firefox, fixed 2.0.0.13)
+CVE-2008-1235 version (seamonkey, fixed 1.1.9)
+CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1234 version (firefox, fixed 2.0.0.13)
+CVE-2008-1234 version (seamonkey, fixed 1.1.9)
+CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
+CVE-2008-1233 version (firefox, fixed 2.0.0.13)
+CVE-2008-1233 version (seamonkey, fixed 1.1.9)
+CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442857
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since dovecot-1.0.13-6.fc9] marginally affected
CVE-2008-1199 version (dovecot, fixed 1.0.11) [since dovecot-1.0.13-6.fc9] not in default config
-CVE-2008-1142 ignore (rxvt) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296
+CVE-2008-1195 version (firefox, fixed 2.0.0.13)
+CVE-2008-1195 version (seamonkey, fixed 1.1.9)
CVE-2008-1184 version (dnssec-tools, fixed 1.3.2) [since dnssec-tools-1.3.2-1.fc9]
CVE-2008-1161 version (xine-lib, fixed 1.1.10.1) [since xine-lib-1.1.10.1-1.fc9]
CVE-2008-1149 version (phpMyAdmin, fixed 2.11.5) [since phpMyAdmin-2.11.5-1.fc9]
CVE-2008-1145 version (ruby, fixed 1.8.6-p114) [since ruby-1.8.6.114-1.fc9]
+CVE-2008-1142 ignore (rxvt) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296
CVE-2008-1133 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9]
CVE-2008-1131 version (drupal, fixed 6.1) #435817 [since drupal-6.1-1.fc9]
CVE-2008-1111 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
@@ -134,6 +160,9 @@
CVE-2008-0418 version (thuderbird, fixed 2.0.0.12) [since thunderbird-2.0.0.12-1.fc9]
CVE-2008-0417 version (firefox, fixed 2.0.0.12)
CVE-2008-0417 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9]
+CVE-2008-0416 version (firefox, fixed 2.0.0.12)
+CVE-2008-0416 version (thunderbird, fixed 2.0.0.12)
+CVE-2008-0416 version (seamonkey, fixed 1.1.8)
CVE-2008-0415 version (firefox, fixed 2.0.0.12)
CVE-2008-0415 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9]
CVE-2008-0415 version (thuderbird, fixed 2.0.0.12) [since thunderbird-2.0.0.12-1.fc9]
@@ -149,6 +178,7 @@
CVE-2008-0404 fixed (mantis) #429552 [since mantis-1.1.1-1.fc9]
CVE-2008-0386 fixed (xdg-utils) #429513 [since xdg-utils-1_0_2-4_fc9]
CVE-2008-0364 ignore (bittorrent) Windows only
+CVE-2008-0320 version (openoffice.org, fixed 2.4)
CVE-2008-0318 fixed (clamav, fixed 0.92.1)
CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442364
CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since seamonkey-1.1.8-3.fc9]
@@ -309,6 +339,9 @@
CVE-2007-5760 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9]
CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 version (liferea, fixed 1.4.6) #360641 [since liferea-1.4.6-3.fc9]
+CVE-2007-5747 version (openoffice.org, fixed 2.4)
+CVE-2007-5746 version (openoffice.org, fixed 2.4)
+CVE-2007-5745 version (openoffice.org, fixed 2.4)
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since wesnoth-1.2.8-3.fc9]
CVE-2007-5712 version (Django, fixed 0.96.1) #362781 [since Django-0.96.1-1.fc9]
CVE-2007-5708 version (openldap, fixed 2.3.39) #360091 [since openldap-2.3.39-1.fc9]
@@ -345,6 +378,8 @@
CVE-2007-5000 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
CVE-2007-4999 version (pidgin, fixed 2.2.2)
CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
+CVE-2007-4879 version (firefox, fixed 2.0.0.13)
+CVE-2007-4879 version (seamonkey, fixed 1.1.9)
CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291
CVE-2007-4772 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
CVE-2007-4771 backport (icu) [since icu-3.8.1-3.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.354
retrieving revision 1.355
diff -u -r1.354 -r1.355
--- fc7 16 Apr 2008 16:05:37 -0000 1.354
+++ fc7 17 Apr 2008 09:20:21 -0000 1.355
@@ -44,6 +44,9 @@
CVE-2008-1387 VULNERABLE (clamav, fixed 0.93) #442362
CVE-2008-1382 ignore (libpng, fixed 1.2.27) minimal impact, affected api rarely used
CVE-2008-1382 ignore (libpng10) minimal impact, affected api rarely used
+CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
+CVE-2008-1380 VULNERABLE (seamonkey, fixed 1.1.10) #442850
+CVE-2008-1380 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897]
CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
@@ -59,9 +62,32 @@
CVE-2008-1289 fixed (asterisk, fixed 1.4.18.1) #438132 [since FEDORA-2008-2620]
CVE-2008-1284 version (horde, fixed 3.1.7) #436628 [since FEDORA-2008-2406]
CVE-2008-1270 ignore (lighttpd) Not a bug, requires unlikely and incredibly stupid configuration change with well-documented effects.
+CVE-2008-1241 version (firefox, fixed 2.0.0.13)
+CVE-2008-1241 version (seamonkey, fixed 1.1.9)
+CVE-2008-1240 version (firefox, fixed 2.0.0.13)
+CVE-2008-1240 version (seamonkey, fixed 1.1.9)
+CVE-2008-1238 version (firefox, fixed 2.0.0.13)
+CVE-2008-1238 version (seamonkey, fixed 1.1.9)
+CVE-2008-1237 version (firefox, fixed 2.0.0.13)
+CVE-2008-1237 version (seamonkey, fixed 1.1.9)
+CVE-2008-1237 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855
+CVE-2008-1236 version (firefox, fixed 2.0.0.13)
+CVE-2008-1236 version (seamonkey, fixed 1.1.9)
+CVE-2008-1236 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855
+CVE-2008-1235 version (firefox, fixed 2.0.0.13)
+CVE-2008-1235 version (seamonkey, fixed 1.1.9)
+CVE-2008-1235 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855
+CVE-2008-1234 version (firefox, fixed 2.0.0.13)
+CVE-2008-1234 version (seamonkey, fixed 1.1.9)
+CVE-2008-1234 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855
+CVE-2008-1233 version (firefox, fixed 2.0.0.13)
+CVE-2008-1233 version (seamonkey, fixed 1.1.9)
+CVE-2008-1233 VULNERABLE (thunderbird, fixed 2.0.0.14) #442855
**CVE-2008-1227 fixed (libsilc) We updated this as non-security
CVE-2008-1218 version (dovecot, fixed 1.0.13) [since FEDORA-2008-2475] marginally affected
CVE-2008-1199 version (dovecot, fixed 1.0.11) [since FEDORA-2008-2475] not in default config
+CVE-2008-1195 version (firefox, fixed 2.0.0.13)
+CVE-2008-1195 version (seamonkey, fixed 1.1.9)
CVE-2008-1184 version (dnssec-tools, fixed 1.3.2) [since FEDORA-2008-1758]
CVE-2008-1161 version (xine-lib, fixed 1.1.10.1) [since FEDORA-2008-1581]
CVE-2008-1149 version (phpMyAdmin, fixed 2.11.5) [since FEDORA-2008-2229]
@@ -137,6 +163,9 @@
CVE-2008-0418 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
CVE-2008-0417 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
CVE-2008-0417 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
+CVE-2008-0416 version (firefox, fixed 2.0.0.12)
+CVE-2008-0416 version (thunderbird, fixed 2.0.0.12)
+CVE-2008-0416 version (seamonkey, fixed 1.1.8)
CVE-2008-0415 fixed (firefox, fixed 2.0.0.12) #432042 [since FEDORA-2008-1435]
CVE-2008-0415 fixed (seamonkey, fixed 1.1.8) #432045 [since FEDORA-2008-1669]
CVE-2008-0415 fixed (thunderbird, fixed 2.0.0.12) #432047 [since FEDORA-2008-2118]
@@ -152,6 +181,7 @@
CVE-2008-0404 fixed (mantis) #429552 [since FEDORA-2008-0796]
CVE-2008-0386 fixed (xdg-utils) #429513 [since FEDORA-2008-1015]
CVE-2008-0364 ignore (bittorrent) Windows only
+CVE-2008-0320 VULNERABLE (openoffice.org, fixed 2.4) #442845
CVE-2008-0318 fixed (clamav, fixed 0.92.1) [since FEDORA-2008-1608]
CVE-2008-0314 VULNERABLE (clamav, fixed 0.93) #442362
CVE-2008-0304 version (seamonkey, fixed 1.1.8) [since FEDORA-2008-1669]
@@ -311,6 +341,9 @@
CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831]
CVE-2007-5759 ignore (clamav, fixed 0.92) duplicate of CVE-2007-6335
CVE-2007-5751 backport (liferea, fixed 1.4.6) #360641 [since FEDORA-2007-2725]
+CVE-2007-5747 VULNERABLE (openoffice.org, fixed 2.4) #442845
+CVE-2007-5746 VULNERABLE (openoffice.org, fixed 2.4) #442845
+CVE-2007-5745 VULNERABLE (openoffice.org, fixed 2.4) #442845
CVE-2007-5742 version (wesnoth, fixed 1.2.8) [since FEDORA-2007-3986]
CVE-2007-5728 version (phpPgAdmin) seems to be fixed for some time
CVE-2007-5715 backport (denyhosts) fixed long ago
@@ -394,6 +427,8 @@
CVE-2007-4897 version (opal, fixed 2.2.9)
CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
+CVE-2007-4879 version (firefox, fixed 2.0.0.13)
+CVE-2007-4879 version (seamonkey, fixed 1.1.9)
CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137
CVE-2007-4841 ignore (mozilla) Windows only
CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3431] windows only anyway
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.197, 1.198 f9, 1.188, 1.189 fc7, 1.353, 1.354
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.199, 1.200 f9, 1.190, 1.191 fc7, 1.355, 1.356
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-security-commits
mailing list