[Fedora-security-commits] fedora-security/audit f8, 1.201, 1.202 f9, 1.191, 1.192 fc7, 1.357, 1.358
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Fri Apr 18 15:33:16 UTC 2008
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.200, 1.201 fc7, 1.356, 1.357
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.202, 1.203 f9, 1.192, 1.193 fc7, 1.358, 1.359
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20565/audit
Modified Files:
f8 f9 fc7
Log Message:
note xpdf, dbmail, xine-lib CVE id
note some f9 updates
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.201
retrieving revision 1.202
diff -u -r1.201 -r1.202
--- f8 18 Apr 2008 08:18:37 -0000 1.201
+++ f8 18 Apr 2008 15:32:46 -0000 1.202
@@ -4,9 +4,9 @@
# *CVE are items that need verification for Fedora 8
# (mozilla) = (gecko-libs dependent stuff)
-442882 VULNERABLE (xine-lib) nsf demuxer overflow
-293031 fixed (nx) #293031 [since FEDORA-2008-2258]
-249840 VULNERABLE (tor)
+rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
+rhbz249840 VULNERABLE (tor)
+CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443055 nsf demuxer overflow
CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442363
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
@@ -14,6 +14,10 @@
CVE-2008-1796 fixed (comix) [since FEDORA-2008-2981]
CVE-2008-1729 ignore (drupal) 6.x only
CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441690 [since FEDORA-2008-3047]
+CVE-2008-1693 version (xpdf, fixed 3.02)
+CVE-2008-1693 version (poppler, fixed 0.6.2)
+CVE-2008-1693 ignore (kdegraphics) not affected
+CVE-2008-1693 ignore (koffice) not affected
CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue
CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
CVE-2008-1686 fixed (libfishsound, fixed 0.9.1) #441247 [since FEDORA-2008-3059]
@@ -218,6 +222,7 @@
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427829 [since FEDORA-2008-0572]
CVE-2008-0002 fixed (tomcat5) #432474 [since FEDORA-2008-1467]
+CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443021
CVE-2007-6703 VULNERABLE (vdccm) #436025
CVE-2007-6698 version (openldap, fixed 2.3.36)
CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430241 [since FEDORA-2008-1208]
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.191
retrieving revision 1.192
diff -u -r1.191 -r1.192
--- f9 17 Apr 2008 12:02:14 -0000 1.191
+++ f9 18 Apr 2008 15:32:46 -0000 1.192
@@ -4,25 +4,29 @@
# *CVE are items that need verification for Fedora 9
# (mozilla) = (gecko-libs dependent stuff)
-442882 VULNERABLE (xine-lib) nsf demuxer overflow
-249840 VULNERABLE (tor)
+rhbz249840 VULNERABLE (tor)
+CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443056 nsf demuxer overflow
CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442364
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9]
CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9]
CVE-2008-1796 fixed (comix) [since comix-3.6.4-6.fc9]
-CVE-2008-1771 ignore (mt-daapd) current Fedora version does not seem affected
+CVE-2008-1771 VULNERABLE (mt-daapd) [since mt-daapd-0.9-0.2.1696.fc9]
CVE-2008-1729 version (drupal, fixed 6.2) [since drupal-6.2-1.fc9]
-CVE-2008-1720 VULNERABLE (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9]
+CVE-2008-1720 version (rsync, fixed 3.0.2) [since rsync-3.0.2-0.fc9]
+CVE-2008-1693 version (xpdf, fixed 3.02)
+CVE-2008-1693 version (poppler, fixed 0.6.2)
+CVE-2008-1693 ignore (kdegraphics) not affected
+CVE-2008-1693 ignore (koffice) not affected
CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue
CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
-CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441248
-CVE-2008-1686 VULNERABLE (speex) [since speex-1.2-0.7.beta3]
-CVE-2008-1658 VULNERABLE (PolicyKit) #439996
-CVE-2008-1657 VULNERABLE (openssh, fixed 4.9) #440376
+CVE-2008-1686 version (libfishsound, fixed 0.9.1) #441248 [since libfishsound-0.9.1-1.fc9]
+CVE-2008-1686 backport (speex) [since speex-1.2-0.7.beta3]
+CVE-2008-1658 backport (PolicyKit) #439996 [since PolicyKit-0.7-7.fc9]
+CVE-2008-1657 version (openssh, fixed 4.9) #440376 [since openssh-5.0p1-1.fc9]
CVE-2008-1652 version (Perlbal, fixed 1.70) [since Perlbal-1.70-1.fc9]
-CVE-2008-1637 VULNERABLE (pdns-recursor, fixed 3.1.5) #440250
+CVE-2008-1637 version (pdns-recursor, fixed 3.1.5) #440250 [since pdns-recursor-3.1.5-1.fc9]
CVE-2008-1628 version (audit) [since audit-1.7-2.fc9]
CVE-2008-1614 version (mod_suphp, fixed 0.6.3) [since mod_suphp-0.6.3-1.fc9]
CVE-2008-1612 ignore (squid, fixed 2.6.STABLE19) 3.0 was not affected
@@ -215,6 +219,7 @@
CVE-2008-0005 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
CVE-2008-0003 version (tog-pegasus, fixed 2.7.0)
CVE-2008-0002 VULNERABLE (tomcat5) #432476
+CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443022
CVE-2007-6703 VULNERABLE (vdccm) #436027
CVE-2007-6698 version (openldap, fixed 2.3.36)
CVE-2007-6697 backport (SDL_image, fixed 1.2.7) #430238 [since SDL_image-1.2.6-4.fc9]
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.357
retrieving revision 1.358
diff -u -r1.357 -r1.358
--- fc7 18 Apr 2008 08:18:37 -0000 1.357
+++ fc7 18 Apr 2008 15:32:46 -0000 1.358
@@ -5,9 +5,9 @@
# (mozilla) = (firefox, seamonkey, thunderbird, yelp, devhelp, galeon, liferea. epiphany)
# A couple of first F7 updates were marked as FEDORA-2007-0001
-442882 VULNERABLE (xine-lib) nsf demuxer overflow
-293031 fixed (nx) #293031 [since FEDORA-2008-2258]
-249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
+rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
+rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674]
+CVE-2008-1878 VULNERABLE (xine-lib, fixed 1.1.12.1) #443054 nsf demuxer overflow
CVE-2008-1837 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1836 VULNERABLE (clamav, fixed 0.93) #442362
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
@@ -15,6 +15,10 @@
CVE-2008-1796 fixed (comix) [since FEDORA-2008-2993]
CVE-2008-1729 ignore (drupal) 6.x only
CVE-2008-1720 fixed (rsync, fixed 3.0.2) #441689 [since FEDORA-2008-3060]
+CVE-2008-1693 version (xpdf, fixed 3.02)
+CVE-2008-1693 ignore (kdegraphics) not affected
+CVE-2008-1693 ignore (koffice) not affected
+CVE-2008-1693 VULNERABLE (poppler, fixed 0.6.2) #443026
CVE-2008-1688 ignore (m4, fixed 1.4.11) not really a security issue
CVE-2008-1687 ignore (m4, fixed 1.4.11) not really a security issue
CVE-2008-1686 VULNERABLE (libfishsound, fixed 0.9.1) #441246 [since FEDORA-2008-3117]
@@ -218,6 +222,7 @@
CVE-2008-0005 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
CVE-2008-0003 fixed (tog-pegasus, fixed 2.7.0) #427828 [since FEDORA-2008-0506]
CVE-2008-0002 fixed (tomcat5) #432475 [since FEDORA-2008-1603]
+CVE-2007-6714 VULNERABLE (dbmail, fixed 2.2.9) #443020
CVE-2007-6703 fixed (vdccm) #436026 [since FEDORA-2008-0680]
CVE-2007-6698 fixed (openldap, fixed 2.3.36) #431409 [since FEDORA-2008-1307]
CVE-2007-6697 fixed (SDL_image, fixed 1.2.7) #430239 [since FEDORA-2008-1231]
- Previous message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.200, 1.201 fc7, 1.356, 1.357
- Next message (by thread): [Fedora-security-commits] fedora-security/audit f8, 1.202, 1.203 f9, 1.192, 1.193 fc7, 1.358, 1.359
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Fedora-security-commits
mailing list