[Fedora-security-commits] fedora-security/audit f8, 1.70, 1.71 f9, 1.63, 1.64 fc7, 1.227, 1.228

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Tue Jan 8 13:58:52 UTC 2008 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6667/audit

Modified Files:
	f8 f9 fc7 
Log Message:
recent httpd issue
formatting fixes



Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.70
retrieving revision 1.71
diff -u -r1.70 -r1.71
--- f8	8 Jan 2008 13:17:33 -0000	1.70
+++ f8	8 Jan 2008 13:58:50 -0000	1.71
@@ -9,12 +9,13 @@
 
 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0299] 
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
-CVE-2008-0003 VULNERABLE (tog-pegasus, 2.7.0) #427829 
+CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427982 
+CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427829 
 CVE-2007-6613 fixed (libcdio) #427199 [since FEDORA-2008-0136] 
 GENERIC-MAP-NOMATCH fixed (wordpress) #426433 [since FEDORA-2008-0103] 
 CVE-2007-6611 fixed (mantis) #427278 [since FEDORA-2008-0282] 
-CVE-2007-6601 VULNERABLE (postgresql, 8.2.6) #427773 
-CVE-2007-6600 VULNERABLE (postgresql, 8.2.6) #427773 
+CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427773 
+CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427773 
 CVE-2007-6596 VULNERABLE (clamav) #427287 Might be considered a mail client flaw
 CVE-2007-6595 VULNERABLE (clamav) #427287 
 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4562]
@@ -23,6 +24,9 @@
 CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
 CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
 CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
+CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427982 
+CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427982 
+CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427982 
 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
 CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426212 [since FEDORA-2008-0115] 
@@ -67,7 +71,7 @@
 CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4590]
 CVE-2007-6110 backport (htdig) [since FEDORA-2007-3958]
 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3639]
-CVE-2007-6067 VULNERABLE (postgresql, 8.2.6) #427773 
+CVE-2007-6067 VULNERABLE (postgresql, fixed 8.2.6) #427773 
 CVE-2007-6061 VULNERABLE (audacity) #393251
 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4275]
 CVE-2007-6013 VULNERABLE (wordpress)
@@ -104,7 +108,7 @@
 CVE-2007-5624 version (nagios, fixed 2.10) #362801 [since FEDORA-2007-4145]
 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731 [since FEDORA-2007-2876] nagios-plugins-1.4.8-9.fc8
 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-3636]
-CVE-2007-5503 version (cairo, 1.4.12) [since FEDORA-2007-3913] 
+CVE-2007-5503 version (cairo, fixed 1.4.12) [since FEDORA-2007-3913] 
 CVE-2007-5501 version (kernel) [since FEDORA-2007-3837]
 CVE-2007-5500 version (kernel) [since FEDORA-2007-3837]
 CVE-2007-5497 VULNERABLE (e2fsprogs) #414581 [since FEDORA-2007-4447] 
@@ -134,13 +138,13 @@
 CVE-2007-5079 VULNERABLE (gdm) #363021 Red Hat specific problem
 CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
 CVE-2007-5007 version (balsa, before 2.3.20) #297601
-CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7)
+CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) #427982 
 CVE-2007-4999 version (pidgin, fixed 2.2.2)
 CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
 CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281
-CVE-2007-4772 VULNERABLE (postgresql, 8.2.6) #427773 
-CVE-2007-4769 VULNERABLE (postgresql, 8.2.6) #427773 
+CVE-2007-4772 VULNERABLE (postgresql, fixed 8.2.6) #427773 
+CVE-2007-4769 VULNERABLE (postgresql, fixed 8.2.6) #427773 
 CVE-2007-4752 version (openssh, fixed 4.7) #280461
 CVE-2007-4619 version (flac, fixed 1.2) #332581
 CVE-2007-4575 backport (openoffice.org, fixed 2.3.1) [since FEDORA-2007-4172]
@@ -174,7 +178,7 @@
 CVE-2007-3382 version (tomcat5) [since FEDORA-2007-3474]
 CVE-2007-3280 ignore (postgresql) bogus CVE assignment
 CVE-2007-3279 ignore (postgresql) bogus CVE assignment
-CVE-2007-3278 version (postgresql, 8.2.5) 
+CVE-2007-3278 version (postgresql, fixed 8.2.5) 
 CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
 CVE-2007-2807 backport (eggdrop) [since FEDORA-2007-4305]
 CVE-2007-2450 version (tomcat5) #363081 [since FEDORA-2007-3474]


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- f9	8 Jan 2008 13:17:33 -0000	1.63
+++ f9	8 Jan 2008 13:58:50 -0000	1.64
@@ -9,14 +9,15 @@
 
 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since python-cherrypy-2.2.1-8.fc9] 
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
-CVE-2008-0003 version (tog-pegasus, 2.7.0) 
+CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427984 
+CVE-2008-0003 version (tog-pegasus, fixed 2.7.0) 
 CVE-2007-6631 fixed (libnemesi, not fixed 0.6.4-rc1) #426910 [since libnemesi-0.6.4-0.1.rc2.fc9] This wasn't released yet
 CVE-2007-6630 version (netembryo, fixed 0.0.5) #427470 There was not release in stable branches yet [since netembryo-0.0.5-1.fc9]
 CVE-2007-6613 version (libcdio) #427200 [since libcdio-0.79-2.fc9]
 GENERIC-MAP-NOMATCH VULNERABLE (wordpress) #426434
 CVE-2007-6611 version (mantis) #427280 [since mantis-1.1.0-1.fc9]
-CVE-2007-6601 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
-CVE-2007-6600 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
+CVE-2007-6601 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
+CVE-2007-6600 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
 CVE-2007-6596 VULNERABLE (clamav) #427289 Might be considered a mail client flaw
 CVE-2007-6595 VULNERABLE (clamav) #427289 
 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since ganglia-3.0.6-1.fc9]
@@ -25,6 +26,9 @@
 CVE-2007-6441 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
 CVE-2007-6439 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
 CVE-2007-6438 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
+CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427984 
+CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427984 
+CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427984 
 CVE-2007-6337 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
 CVE-2007-6336 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
 CVE-2007-6335 version (clamav, fixed 0.92) #426213 [since clamav-0.92-3.fc9]
@@ -66,7 +70,7 @@
 CVE-2007-6111 version (wireshark, fixed 0.99.7) [since wireshark-0.99.7-1.fc9]
 CVE-2007-6110 version (htdig) [since htdig-3.2.0b6-13.fc9]
 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2)
-CVE-2007-6067 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
+CVE-2007-6067 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
 CVE-2007-6061 VULNERABLE (audacity) #393251
 CVE-2007-6035 version (cacti, fixed 0.8.7a) #392001 [since cacti-0.8.7a-1.fc9]
 CVE-2007-6015 VULNERABLE (samba, fixed 3.0.28)
@@ -102,7 +106,7 @@
 CVE-2007-5624 version (nagios, fixed 2.10) #362811 [since nagios-2.10-3.fc9]
 CVE-2007-5623 backport (nagios-plugins, not fixed 1.4.10) #348731
 CVE-2007-5589 version (phpMyAdmin, fixed 2.11.1.2) #333661 PMASA-2007-6
-CVE-2007-5503 version (cairo, 1.4.12) [since cairo-1.5.4-1.fc9] 
+CVE-2007-5503 version (cairo, fixed 1.4.12) [since cairo-1.5.4-1.fc9] 
 CVE-2007-5497 backport (e2fsprogs) #414591 [since e2fsprogs-1.40.2-14.fc9]
 CVE-2007-5461 VULNERABLE (tomcat5, not fixed 5.5.25) #334531
 CVE-2007-5395 version (link-grammar) #372361 [since link-grammar-4.2.5-1.fc9]
@@ -127,12 +131,12 @@
 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
 CVE-2007-5037 version (inotify-tools, fixed 3.11) #299771
 CVE-2007-5007 version (balsa, before 2.3.20) #297601
-CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7)
+CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) #427984 
 CVE-2007-4999 version (pidgin, fixed 2.2.2)
 CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364291
-CVE-2007-4772 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
-CVE-2007-4769 version (postgresql, 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
+CVE-2007-4772 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
+CVE-2007-4769 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
 CVE-2007-4575 version (openoffice.org, fixed 2.3.1) [since openoffice.org-2.3.1-9.1.fc9]
 CVE-2007-4752 version (openssh, fixed 4.7) #280461
 CVE-2007-4619 version (flac, fixed 1.2) #332581
@@ -158,7 +162,7 @@
 CVE-2007-3387 version (poppler, fixed 0.5.91) #251512
 CVE-2007-3280 ignore (postgresql) bogus CVE assignment
 CVE-2007-3279 ignore (postgresql) bogus CVE assignment
-CVE-2007-3278 version (postgresql, 8.2.5) 
+CVE-2007-3278 version (postgresql, fixed 8.2.5) 
 CVE-2007-3145 ignore (galeon) in 2.0.3 the truncation still occurs, but at reasonable length
 CVE-2007-2450 VULNERABLE (tomcat5, not fixed 5.5.24) #244812
 CVE-2007-2449 VULNERABLE (tomcat5, not fixed 5.5.24) #244812


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.227
retrieving revision 1.228
diff -u -r1.227 -r1.228
--- fc7	8 Jan 2008 13:17:33 -0000	1.227
+++ fc7	8 Jan 2008 13:58:50 -0000	1.228
@@ -10,12 +10,13 @@
 
 GENERIC-MAP-NOMATCH backport (python-cherrypy) [since FEDORA-2008-0333] 
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0198]
-CVE-2008-0003 VULNERABLE (tog-pegasus, 2.7.0) #427828 
+CVE-2008-0005 VULNERABLE (httpd, fixed 2.2.7) #427983 
+CVE-2008-0003 VULNERABLE (tog-pegasus, fixed 2.7.0) #427828 
 CVE-2007-6613 fixed (libcdio) #427198 [since FEDORA-2008-0104] 
 GENERIC-MAP-NOMATCH fixed (wordpress) #426432 [since FEDORA-2008-0126] 
 CVE-2007-6611 fixed (mantis) #427279 [since FEDORA-2008-0353] 
-CVE-2007-6601 VULNERABLE (postgresql, 8.2.6) #427772 
-CVE-2007-6600 VULNERABLE (postgresql, 8.2.6) #427772 
+CVE-2007-6601 VULNERABLE (postgresql, fixed 8.2.6) #427772 
+CVE-2007-6600 VULNERABLE (postgresql, fixed 8.2.6) #427772 
 CVE-2007-6596 VULNERABLE (clamav) #427288 Might be considered a mail client flaw
 CVE-2007-6595 VULNERABLE (clamav) #427288 
 CVE-2007-6465 version (ganglia, fixed 3.0.6) [since FEDORA-2007-4584]
@@ -24,6 +25,9 @@
 CVE-2007-6441 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
 CVE-2007-6439 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
 CVE-2007-6438 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
+CVE-2007-6422 VULNERABLE (httpd, fixed 2.2.7) #427983 
+CVE-2007-6421 VULNERABLE (httpd, fixed 2.2.7) #427983 
+CVE-2007-6388 VULNERABLE (httpd, fixed 2.2.7) #427983 
 CVE-2007-6337 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
 CVE-2007-6336 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
 CVE-2007-6335 VULNERABLE (clamav, fixed 0.92) #426211 [since FEDORA-2008-0170] 
@@ -68,7 +72,7 @@
 CVE-2007-6111 version (wireshark, fixed 0.99.7) [since FEDORA-2007-4690]
 CVE-2007-6110 backport (htdig) [since FEDORA-2007-3907]
 CVE-2007-6100 version (phpMyAdmin, fixed 2.11.2.2) [since FEDORA-2007-3666]
-CVE-2007-6067 VULNERABLE (postgresql, 8.2.6) #427772 
+CVE-2007-6067 VULNERABLE (postgresql, fixed 8.2.6) #427772 
 CVE-2007-6061 VULNERABLE (audacity) #393251
 CVE-2007-6035 version (cacti, fixed 0.8.7a) #391981 [since FEDORA-2007-3683]
 CVE-2007-6015 version (samba, fixed 3.0.28) [since FEDORA-2007-4269]
@@ -115,7 +119,7 @@
 CVE-2007-5589 version (phpmyadmin, fixed 2.11.1.2) #333661 PMASA-2007-6 [since FEDORA-2007-2738]
 CVE-2007-5585 backport (rss-glx) #336331 [since FEDORA-2007-2652]
 CVE-2007-5585 backport (tempest) #336331 [since FEDORA-2007-2652]
-CVE-2007-5503 VULNERABLE (cairo, 1.4.12) [since FEDORA-2007-3818] 
+CVE-2007-5503 VULNERABLE (cairo, fixed 1.4.12) [since FEDORA-2007-3818] 
 CVE-2007-5501 version (kernel) [since FEDORA-2007-3751]
 CVE-2007-5500 version (kernel) [since FEDORA-2007-3751]
 CVE-2007-5497 VULNERABLE (e2fsprogs) #414571 [since FEDORA-2007-4461] 
@@ -168,7 +172,7 @@
 CVE-2007-5034 version (elinks) #297981 [since FEDORA-2007-2224]
 CVE-2007-5007 version (balsa) #297601 [since FEDORA-2007-2302]
 GENERIC-MAP-NOMATCH VULNERABLE (nx) #293031
-CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7)
+CVE-2007-5000 VULNERABLE (httpd, fixed 2.2.7) #427983 
 CVE-2007-4999 version (pidgin, fixed 2.2.2) [since FEDORA-2007-2714]
 CVE-2007-4996 version (pidgin, fixed 2.2.1) [since FEDORA-2007-2368]
 CVE-2007-4995 backport (openssl, fixed 0.9.8f) [since FEDORA-2007-2530]
@@ -187,8 +191,8 @@
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321
 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189]
 CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196]
-CVE-2007-4772 VULNERABLE (postgresql, 8.2.6) #427772 
-CVE-2007-4769 VULNERABLE (postgresql, 8.2.6) #427772 
+CVE-2007-4772 VULNERABLE (postgresql, fixed 8.2.6) #427772 
+CVE-2007-4769 VULNERABLE (postgresql, fixed 8.2.6) #427772 
 CVE-2007-4768 VULNERABLE (pcre, fixed 7.3) #378411
 CVE-2007-4767 VULNERABLE (pcre, fixed 7.3) #378411
 CVE-2007-4766 VULNERABLE (pcre, fixed 7.3) #378411
@@ -347,7 +351,7 @@
 CVE-2007-3294 ignore (php-extras) win only
 CVE-2007-3280 ignore (postgresql) bogus CVE assignment
 CVE-2007-3279 ignore (postgresql) bogus CVE assignment
-CVE-2007-3278 version (postgresql, 8.2.5) 
+CVE-2007-3278 version (postgresql, fixed 8.2.5) 
 CVE-2007-3257 backport (evolution) #244283 [since FEDORA-2007-0464]
 CVE-2007-3241 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
 CVE-2007-3240 version (wordpress, fixed 2.2.1) #245211 [since FEDORA-2007-0894]
@@ -379,7 +383,7 @@
 CVE-2007-2958 version (claws-mail) #254121 [since FEDORA-2007-2009]
 CVE-2007-2958 backport (sylpheed) #254123 [since FEDORA-2007-1841]
 CVE-2007-2956 backport (qtpfsgui) #251674 [since FEDORA-2007-1581]
-CVE-2007-2949 version (gimp, fixed, 2.2.16) [since FEDORA-2007-0725]
+CVE-2007-2949 version (gimp, fixed 2.2.16) [since FEDORA-2007-0725]
 CVE-2007-2926 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
 CVE-2007-2925 version (bind, fixed 9.4.1) [since FEDORA-2007-1247]
 CVE-2007-2894 backport (bochs) #241799 [since FEDORA-2007-1778]

More information about the Fedora-security-commits mailing list