[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Fedora-security-commits] fedora-security/audit f10, 1.5, 1.6 f8, 1.223, 1.224 f9, 1.213, 1.214 fc7, 1.379, 1.380



Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14360/audit

Modified Files:
	f10 f8 f9 fc7 
Log Message:
another week of issues



Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- f10	6 Jun 2008 19:59:59 -0000	1.5
+++ f10	13 Jun 2008 18:29:09 -0000	1.6
@@ -4,19 +4,28 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
 
+CVE-2008-2575 version (cbrpager) [since cbrpager-0.9.17-2.fc10] 
 CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10] 
 CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
 CVE-2008-2363 VULNERABLE (pan) #449335 
+CVE-2008-2362 VULNERABLE (xorg-x11-server) #450927 
+CVE-2008-2361 VULNERABLE (xorg-x11-server) #450927 
+CVE-2008-2360 VULNERABLE (xorg-x11-server) #450927 
 CVE-2008-2359 ignore (system-config-network) F8 specific issue
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
 CVE-2008-2302 version (Django, fixed 0.96.2) #447260 [since Django-0.96.2-1.fc10]
+CVE-2008-2292 backport (net-snmp, fixed 5.4.2.pre1) [since net-snmp-5.4.1-19.fc10] 
 CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
 CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
 CVE-2008-2168 ignore (httpd) browser issue, not apache
+CVE-2008-2152 version (openoffice.org, fixed 2.4.1) [since openoffice.org-3.0.0-0.0.17.1.fc10] 
 CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
+CVE-2008-2108 VULNERABLE (php, fixed 5.2.6) 
+CVE-2008-2107 VULNERABLE (php, fixed 5.2.6) 
 CVE-2008-2085 VULNERABLE (sipp) #446222 
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804 
+CVE-2008-2051 VULNERABLE (php, fixed 5.2.6) 
 CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc10]
 CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
 CVE-2008-2004 VULNERABLE (kvm) fix mostly useless without libvirt changes
@@ -31,6 +40,9 @@
 CVE-2008-1928 version (perl-Imager, fixed 0.64) [since perl-Imager-0.64-2.fc10]
 CVE-2008-1926 backport (util-linux-ng) [since util-linux-ng-2.13.1-8.1.fc9] 
 CVE-2008-1836 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
+CVE-2008-1808 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10] 
+CVE-2008-1807 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10] 
+CVE-2008-1806 version (freetype, fixed 2.3.6) [since freetype-2.3.6-1.fc10] 
 CVE-2008-1804 version (snort, fixed 2.8.1) [since snort-2.8.1-3.fc10] 
 CVE-2008-1803 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] 
 CVE-2008-1802 version (rdesktop, fixed 1.6.0) [since rdesktop-1.6.0-1.fc10] 
@@ -49,26 +61,30 @@
 CVE-2008-1387 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
 CVE-2008-1382 version (libpng, fixed 1.2.27) [since libpng-1.2.29-1.fc10]
 CVE-2008-1382 version (libpng10) [since libpng10-1.0.37-1.fc10] 
+CVE-2008-1379 VULNERABLE (xorg-x11-server) #450927 
+CVE-2008-1377 VULNERABLE (xorg-x11-server) #450927 
 CVE-2008-1360 version (nagios) #437852 [since nagios-2.11-3.fc9]
 CVE-2008-1109 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
 CVE-2008-1108 backport (evolution) #449925 [since evolution-2.23.3.1-2.fc10]
-CVE-2008-1105 VULNERABLE (samba, fixed 3.0.30) 
+CVE-2008-1105 version (samba, fixed 3.0.30) [since samba-3.2.0-1.rc2.16.fc10]
 CVE-2008-1103 VULNERABLE (blender) not fixed upstream
 CVE-2008-1100 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
 CVE-2008-1078 backport (am-utils) #437746 [since am-utils-6.1.5-10.fc10]
 CVE-2008-1033 version (cups, fixed 1.3.7) [since cups-1.3.7-1.fc9] 
+CVE-2008-0960 backport (net-snmp, fixed 5.4.1.1) [since net-snmp-5.4.1-19.fc10] 
 CVE-2008-0891 backport (openssl, fixed 0.9.8h) #448691 [since openssl-0.9.8g-9.fc10]
+CVE-2008-0599 VULNERABLE (php, fixed 5.2.6) 
 CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10]
 CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
 CVE-2008-0166 ignore (openssl) Debian specific
 CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9] 
-CVE-2007-6321 VULNERABLE (roundcubemail) #423301
+CVE-2007-6321 version (roundcubemail) #423301 [since roundcubemail-0.2-0.alpha.fc10]
 CVE-2007-6318 VULNERABLE (wordpress) #426434
 CVE-2007-6131 VULNERABLE (scanbuttond) 
 CVE-2007-5962 fixed (vsftpd) [since vsftpd-2.0.6-4.fc10] 
 CVE-2007-5907 VULNERABLE (xen) #390121
 CVE-2007-5906 VULNERABLE (xen) #390121
-CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446383 
+CVE-2007-5803 version (nagios, fixed 2.12) #446383 [since nagios-2.12-3.fc10]
 CVE-2007-5079 VULNERABLE (gdm) #363041 Red Hat specific problem
 CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
 CVE-2007-4559 VULNERABLE (python, not fixed upstream) #315291 Upstream WONTFIX. See where we use the code.


Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.223
retrieving revision 1.224
diff -u -r1.223 -r1.224
--- f8	6 Jun 2008 19:59:59 -0000	1.223
+++ f8	13 Jun 2008 18:29:09 -0000	1.224
@@ -6,25 +6,35 @@
 
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
+CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4528] 
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4842] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
 CVE-2008-2363 VULNERABLE (pan) #449333 
+CVE-2008-2362 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
+CVE-2008-2361 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
+CVE-2008-2360 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633] 
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
 CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248] 
+CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5218] 
 CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
 CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
 CVE-2008-2168 ignore (httpd) browser issue, not apache
+CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) #450650 [since FEDORA-2008-5247] 
 CVE-2008-2146 version (wordpress, fixed 2.2.3) 
 CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
 CVE-2008-2109 fixed (libid3tag) #445814 [since FEDORA-2008-3976] 
+CVE-2008-2108 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864] 
+CVE-2008-2107 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864] 
 CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] 
 CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
 CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445822 [since FEDORA-2008-3442] 
 CVE-2008-2085 VULNERABLE (sipp) #446220 
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445805 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3397]  
+CVE-2008-2051 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864] 
+CVE-2008-2050 ignore (php, fixed 5.2.6) 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-3.fc8]
 CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
@@ -32,7 +42,7 @@
 CVE-2008-2000 ignore (WebKit) browser DoS
 CVE-2008-1999 VULNERABLE (WebKit) 
 CVE-2008-1996 fixed (licq, fixed 1.3.6) #445238 [since FEDORA-2008-3969] 
-CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444404 [since FEDORA-2008-3543] 
+CVE-2008-1974 fixed (kronolith, fixed 3.1.8) #444404 [since FEDORA-2008-3543] 
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
 CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3501] 
 CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447510 [since FEDORA-2008-4183] 
@@ -55,6 +65,9 @@
 CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420] 
+CVE-2008-1808 VULNERABLE (freetype, fixed 2.3.6) #451212 
+CVE-2008-1807 VULNERABLE (freetype, fixed 2.3.6) #451212 
+CVE-2008-1806 VULNERABLE (freetype, fixed 2.3.6) #451212 
 CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5001] 
 CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] 
 CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] 
@@ -106,12 +119,15 @@
 CVE-2008-1394 ignore (plone) 
 CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438133 [since FEDORA-2008-2554] 
 CVE-2008-1387 fixed (clamav, fixed 0.93) #442363 [since FEDORA-2008-3420] 
+CVE-2008-1384 ignore (php, fixed 5.2.6) 
 CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4847] 
 CVE-2008-1382 fixed (libpng10) [since FEDORA-2008-3937] 
 CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444436 [since FEDORA-2008-3462] 
 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) 
 CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] 
 CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] 
+CVE-2008-1379 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
+CVE-2008-1377 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] 
 CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] 
@@ -184,6 +200,7 @@
 CVE-2008-1011 version (WebKit) [since FEDORA-2008-3229]
 CVE-2008-1010 version (WebKit) [since FEDORA-2008-3229]
 CVE-2008-0983 fixed (lighttpd) #435807 [since FEDORA-2008-2262] 
+CVE-2008-0960 fixed (net-snmp, fixed 5.4.1.1) [since FEDORA-2008-5218] 
 CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
 CVE-2008-0932 fixed (sword) #433724 [since FEDORA-2008-1922] why? diatheke.pl is not shipped...
 CVE-2008-0928 fixed (qemu) #433561 [since FEDORA-2008-2001] 
@@ -210,6 +227,7 @@
 CVE-2008-0658 fixed (openldap) #432012 [since FEDORA-2008-1616] 
 CVE-2008-0646 fixed (deluge, fixed 0.5.8.3) [since FEDORA-2008-1287]
 CVE-2008-0646 fixed (rb_libtorrent) [since FEDORA-2008-1198]
+CVE-2008-0599 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3864] 
 CVE-2008-0597 version (cups) only old CUPS versions affected
 CVE-2008-0596 version (cups) only old CUPS versions affected
 CVE-2008-0595 backport (dbus, fixed 1.1.20) [since FEDORA-2008-2070]
@@ -417,11 +435,14 @@
 CVE-2007-5906 VULNERABLE (xen) #390111
 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
 CVE-2007-5901 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
+CVE-2007-5900 ignore (php, fixed 5.2.5) 
+CVE-2007-5899 VULNERABLE (php, fixed 5.2.5) [since FEDORA-2008-3864] 
+CVE-2007-5898 VULNERABLE (php, fixed 5.2.5) [since FEDORA-2008-3864] 
 CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
 CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
 CVE-2007-5848 version (cups, fixed 1.2.0) 
 CVE-2007-5846 version (net-snmp, fixed 5.4.1) 
-CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446381 
+CVE-2007-5803 VULNERABLE (nagios, fixed 2.12) #446381 
 CVE-2007-5795 backport (emacs) #367591 [since FEDORA-2007-2946]
 CVE-2007-5770 backport (ruby) #373391 [since FEDORA-2007-2812]
 CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429126 [since FEDORA-2008-0760] 
@@ -474,10 +495,17 @@
 CVE-2007-5000 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
 CVE-2007-4999 version (pidgin, fixed 2.2.2)
 CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
+CVE-2007-4887 ignore (php, fixed 5.2.5) 
 CVE-2007-4879 version (firefox, fixed 2.0.0.13) 
 CVE-2007-4879 version (seamonkey, fixed 1.1.9) 
+CVE-2007-4850 ignore (php, fixed 5.2.6) 
 CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3414] windows only anyway
+CVE-2007-4840 ignore (php, fixed 5.2.5) 
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar, not fixed upstream) #364281
+CVE-2007-4825 ignore (php, fixed 5.2.5) 
+CVE-2007-4784 ignore (php, fixed 5.2.5) 
+CVE-2007-4783 ignore (php, fixed 5.2.5) 
+CVE-2007-4782 VULNERABLE (php, fixed 5.2.5) [since FEDORA-2008-3864] 
 CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427773 [since FEDORA-2008-0478] 
 CVE-2007-4771 fixed (icu) #430233 [since FEDORA-2008-1036] 
 CVE-2007-4770 fixed (icu) #430233 [since FEDORA-2008-1036] 


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.213
retrieving revision 1.214
diff -u -r1.213 -r1.214
--- f9	6 Jun 2008 19:59:59 -0000	1.213
+++ f9	13 Jun 2008 18:29:10 -0000	1.214
@@ -5,25 +5,35 @@
 # (mozilla) = (gecko-libs dependent stuff)
 
 rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4501] 
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
 CVE-2008-2363 VULNERABLE (pan) #449334 
+CVE-2008-2362 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
+CVE-2008-2361 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
+CVE-2008-2360 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-2359 ignore (system-config-network) F8 specific issue
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
 CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267] 
+CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5215] 
 CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
 CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
 CVE-2008-2168 ignore (httpd) browser issue, not apache
+CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) [since FEDORA-2008-5143] 
 CVE-2008-2146 version (wordpress, fixed 2.2.3) 
 CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
 CVE-2008-2109 fixed (libid3tag) #445815 [since FEDORA-2008-3757] 
+CVE-2008-2108 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606] 
+CVE-2008-2107 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606] 
 CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668] 
 CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
 CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445823 [since FEDORA-2008-3668] 
 CVE-2008-2085 VULNERABLE (sipp) #446221 
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445806 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since wordpress-2.5.1-1.fc9] 
+CVE-2008-2051 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606] 
+CVE-2008-2050 ignore (php, fixed 5.2.6) 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.2.0-11.fc9]
 CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
@@ -56,6 +66,9 @@
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9]
 CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9] 
+CVE-2008-1808 VULNERABLE (freetype, fixed 2.3.6) #451213 
+CVE-2008-1807 VULNERABLE (freetype, fixed 2.3.6) #451213 
+CVE-2008-1806 VULNERABLE (freetype, fixed 2.3.6) #451213 
 CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5045] 
 CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] 
 CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] 
@@ -107,12 +120,15 @@
 CVE-2008-1394 ignore (plone) 
 CVE-2008-1390 version (asterisk, fixed 1.6.0-beta6) #438134 [since asterisk-1.6.0-0.6.beta6.fc9]
 CVE-2008-1387 fixed (clamav, fixed 0.93) #442364 [since FEDORA-2008-3900] 
+CVE-2008-1384 ignore (php, fixed 5.2.6) 
 CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4910] 
 CVE-2008-1382 fixed (libpng10) [since FEDORA-2008-3683] 
 CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444437 [since FEDORA-2008-3601] 
 CVE-2008-1380 version (firefox, fixed 2.0.0.14) 
 CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9]
 CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
+CVE-2008-1379 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
+CVE-2008-1377 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9]
 CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
@@ -183,6 +199,7 @@
 CVE-2008-1011 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9]
 CVE-2008-1010 version (WebKit) [since WebKit-1.0.0-0.8.svn31787.fc9]
 CVE-2008-0983 backport (lighttpd) #435809 [since lighttpd-1.4.18-6.fc9]
+CVE-2008-0960 fixed (net-snmp, fixed 5.4.1.1) [since FEDORA-2008-5215] 
 CVE-2008-0947 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] 
 CVE-2008-0932 backport (sword) #433726 [since sword-1.5.10-3.fc9] why? diatheke.pl is not shipped...
 CVE-2008-0928 backport (qemu) #433563 [since qemu-0.9.1-3.fc9]
@@ -207,6 +224,7 @@
 CVE-2008-0658 backport (openldap) #432014 [since openldap-2.4.7-7.fc9]
 CVE-2008-0646 version (deluge, fixed 0.5.8.3) [since deluge-0.5.8.3-1.fc9]
 CVE-2008-0646 backport (rb_libtorrent) [since rb_libtorrent-0.12-3.fc9]
+CVE-2008-0599 VULNERABLE (php, fixed 5.2.6) [since FEDORA-2008-3606] 
 CVE-2008-0597 version (cups) only old CUPS versions affected
 CVE-2008-0596 version (cups) only old CUPS versions affected
 CVE-2008-0595 version (dbus, fixed 1.1.20) [since dbus-1.1.20-1.fc9]
@@ -224,7 +242,7 @@
 CVE-2008-0554 version (netpbm, fixed 10.27) 
 CVE-2008-0553 backport (perl-Tk) #431529 [since perl-Tk-804.028-3.fc9]
 CVE-2008-0553 backport (tk, fixed 8.5.1) [since tk-8.5.0-4.fc9]
-CVE-2008-0553 VULNERABLE (tkimg) #444872 
+CVE-2008-0553 fixed (tkimg) #444872 [since FEDORA-2008-3621] 
 CVE-2008-0544 backport (SDL_image) #430696 ILBM overflow [since SDL_image-1.2.6-5.fc9]
 CVE-2008-0486 version (xine-lib, fixed 1.1.10.1) #431544 [since xine-lib-1.1.10.1-1.fc9]
 CVE-2008-0460 version (mediawiki) #430289 [since mediawiki-1.10.4-38.fc9]
@@ -413,11 +431,12 @@
 CVE-2007-5906 VULNERABLE (xen) #390121
 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
 CVE-2007-5901 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] 
+CVE-2007-5900 ignore (php, fixed 5.2.5) 
 CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
 CVE-2007-5849 version (cups, fixed 1.3.5) [since cups-1.3.5-1.fc9] 
 CVE-2007-5848 version (cups, fixed 1.2.0) 
 CVE-2007-5846 version (net-snmp, fixed 5.4.1) 
-CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #446382 
+CVE-2007-5803 VULNERABLE (nagios, fixed 2.12) #446382 
 CVE-2007-5795 backport (emacs) #367601 [since emacs-22.1-8.fc9]
 CVE-2007-5770 backport (ruby) #373401 [since ruby-1.8.6.111-1]
 CVE-2007-5760 backport (xorg-x11-server, fixed 1.4.1) #429127 [since xorg-x11-server-1.4.99.1-0.17.20080107.fc9]
@@ -464,9 +483,15 @@
 CVE-2007-5000 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
 CVE-2007-4999 version (pidgin, fixed 2.2.2)
 CVE-2007-4990 version (xorg-x11-xfs, fixed 1.0.5)
+CVE-2007-4887 ignore (php, fixed 5.2.5) 
 CVE-2007-4879 version (firefox, fixed 2.0.0.13) 
 CVE-2007-4879 version (seamonkey, fixed 1.1.9) 
+CVE-2007-4850 ignore (php, fixed 5.2.6) 
+CVE-2007-4840 ignore (php, fixed 5.2.5) 
 CVE-2007-4829 VULNERABLE (perl, not fixed upstream) #364291 perl-Archive-Tar directory traversal
+CVE-2007-4825 ignore (php, fixed 5.2.5) 
+CVE-2007-4784 ignore (php, fixed 5.2.5) 
+CVE-2007-4783 ignore (php, fixed 5.2.5) 
 CVE-2007-4772 version (postgresql, fixed 8.2.6) #427774 [since postgresql-8.2.6-1.fc9]
 CVE-2007-4771 backport (icu) [since icu-3.8.1-3.fc9]
 CVE-2007-4770 backport (icu) [since icu-3.8.1-3.fc9]


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.379
retrieving revision 1.380
diff -u -r1.379 -r1.380
--- fc7	6 Jun 2008 19:59:59 -0000	1.379
+++ fc7	13 Jun 2008 18:29:10 -0000	1.380
@@ -7,25 +7,35 @@
 
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) #249840 [since FEDORA-2007-1674] 
+CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4440] 
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4950] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4606] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
 CVE-2008-2363 VULNERABLE (pan) 
+CVE-2008-2362 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285] 
+CVE-2008-2361 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285] 
+CVE-2008-2360 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285] 
 CVE-2008-2359 ignore (system-config-network) F8 specific issue
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
 CVE-2008-2302 fixed (Django, fixed 0.96.2) #447257 [since FEDORA-2008-4191] 
+CVE-2008-2292 fixed (net-snmp, fixed 5.4.2.pre1) [since FEDORA-2008-5224] 
 CVE-2008-2276 VULNERABLE (mantis) upstream fix in 1.2.0a1 seems useless
 CVE-2008-2266 ignore (perl-Convert-UUlib) embedded uulib copy uses mkstemp
 CVE-2008-2168 ignore (httpd) browser issue, not apache
+CVE-2008-2152 fixed (openoffice.org, fixed 2.4.1) #450649 [since FEDORA-2008-5239] 
 CVE-2008-2146 version (wordpress, fixed 2.2.3) 
 CVE-2008-2119 ignore (asterisk, fixed 1.2.29) AST-2008-008, only for 1.0.x and 1.2.x
 CVE-2008-2109 fixed (libid3tag) #445813 [since FEDORA-2008-3874] 
+CVE-2008-2108 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734] 
+CVE-2008-2107 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734] 
 CVE-2008-2105 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488] 
 CVE-2008-2104 ignore (bugzilla, fixed 3.1.4) only affects 3.1.3, not in Fedora
 CVE-2008-2103 fixed (bugzilla, fixed 3.0.4, 3.1.4) #445821 [since FEDORA-2008-3488] 
 CVE-2008-2085 VULNERABLE (sipp) #446219 
 CVE-2008-2079 VULNERABLE (mysql, fixed 5.0.60) #445804 
 CVE-2008-2068 version (wordpress, fixed 2.5.1) [since FEDORA-2008-3319] 
+CVE-2008-2051 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734] 
+CVE-2008-2050 ignore (php, fixed 5.2.6) 
 CVE-2008-2033 ignore (zoneminder) duplicate of CVE-2008-1381
 CVE-2008-2004 VULNERABLE (xen) disables format autodetection by default [since xen-3.1.2-3.fc7]
 CVE-2008-2004 VULNERABLE (qemu) fix mostly useless without libvirt changes
@@ -33,7 +43,7 @@
 CVE-2008-2000 ignore (WebKit) browser DoS
 CVE-2008-1999 VULNERABLE (WebKit) 
 CVE-2008-1996 fixed (licq, fixed 1.3.6) #445237 [since FEDORA-2008-3909] 
-CVE-2008-1974 VULNERABLE (kronolith, fixed 3.1.8) #444403 [since FEDORA-2008-3460] 
+CVE-2008-1974 fixed (kronolith, fixed 3.1.8) #444403 [since FEDORA-2008-3460] 
 CVE-2008-1964 ignore (xine-lib) bogus vulnerability report
 CVE-2008-1959 fixed (sipp, fixed 3.1) [since FEDORA-2008-3508] 
 CVE-2008-1950 fixed (gnutls, fixed 2.2.4) #447509 [since FEDORA-2008-4274] 
@@ -56,6 +66,9 @@
 CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442362 [since FEDORA-2008-3358] 
+CVE-2008-1808 VULNERABLE (freetype, fixed 2.3.6) 
+CVE-2008-1807 VULNERABLE (freetype, fixed 2.3.6) 
+CVE-2008-1806 VULNERABLE (freetype, fixed 2.3.6) 
 CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5045] 
 CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985] 
 CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445841 [since FEDORA-2008-3985] 
@@ -107,12 +120,15 @@
 CVE-2008-1394 ignore (plone) 
 CVE-2008-1390 fixed (asterisk, fixed 1.4.19-rc3) #438132 [since FEDORA-2008-2620] 
 CVE-2008-1387 fixed (clamav, fixed 0.93) #442362 [since FEDORA-2008-3358] 
+CVE-2008-1384 ignore (php, fixed 5.2.6) 
 CVE-2008-1382 fixed (libpng, fixed 1.2.27) [since FEDORA-2008-4947] 
-CVE-2008-1382 VULNERABLE (libpng10) [since libpng10-1.0.33-1.fc7] 
+CVE-2008-1382 fixed (libpng10) [since FEDORA-2008-3979] 
 CVE-2008-1381 fixed (zoneminder, fixed 1.23.3) #444435 [since FEDORA-2008-3516] 
 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) 
 CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442850 [since FEDORA-2008-3231] 
 CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442855 [since FEDORA-2008-3519] 
+CVE-2008-1379 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285] 
+CVE-2008-1377 fixed (xorg-x11-server) #450924 [since FEDORA-2008-5285] 
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 fixed (cups) #440042 [since FEDORA-2008-2897] 
 CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] 
@@ -185,6 +201,7 @@
 CVE-2008-1011 fixed (WebKit) [since FEDORA-2008-3415] 
 CVE-2008-1010 fixed (WebKit) [since FEDORA-2008-3415] 
 CVE-2008-0983 fixed (lighttpd) #435808 [since FEDORA-2008-2278] 
+CVE-2008-0960 fixed (net-snmp, fixed 5.4.1.1) [since FEDORA-2008-5224] 
 CVE-2008-0947 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] 
 CVE-2008-0932 fixed (sword) #433725 [since FEDORA-2008-1951] why? diatheke.pl is not shipped...
 CVE-2008-0928 fixed (qemu) #433562 [since FEDORA-2008-1995] 
@@ -210,6 +227,7 @@
 CVE-2008-0658 fixed (openldap) #432013 [since FEDORA-2008-1568] 
 CVE-2008-0646 fixed (deluge, fixed 0.5.8.3) [since FEDORA-2008-1198]
 CVE-2008-0646 fixed (rb_libtorrent) [since FEDORA-2008-1245]
+CVE-2008-0599 fixed (php, fixed 5.2.6) [since FEDORA-2008-1734] 
 CVE-2008-0597 version (cups) only old CUPS versions affected
 CVE-2008-0596 version (cups) only old CUPS versions affected
 CVE-2008-0595 backport (dbus, fixed 1.1.20) [since FEDORA-2008-2043]
@@ -416,11 +434,14 @@
 CVE-2007-5906 VULNERABLE (xen) #390101
 CVE-2007-5902 ignore (krb5, fixed 1.6.4) not exploitable
 CVE-2007-5901 fixed (krb5, fixed 1.6.4) #438022 [since FEDORA-2008-2637] 
+CVE-2007-5900 ignore (php, fixed 5.2.5) 
+CVE-2007-5899 fixed (php, fixed 5.2.5) [since FEDORA-2008-1734] 
+CVE-2007-5898 fixed (php, fixed 5.2.5) [since FEDORA-2008-1734] 
 CVE-2007-5894 ignore (krb5, fixed 1.6.4) not exploitable
 CVE-2007-5849 ignore (cups, fixed 1.3.5) minimal impact, see #415131
 CVE-2007-5848 version (cups, fixed 1.2.0) 
 CVE-2007-5846 backport (net-snmp) [since FEDORA-2007-3019]
-CVE-2007-5803 VULNERABLE (nagios, not fixed 2.11) #437851
+CVE-2007-5803 VULNERABLE (nagios, fixed 2.12) #437851
 CVE-2007-5795 backport (emacs) #367581 [since FEDORA-2007-3056]
 CVE-2007-5770 backport (ruby) #373381 [since FEDORA-2007-2685]
 CVE-2007-5760 fixed (xorg-x11-server, fixed 1.4.1) #429125 [since FEDORA-2008-0831] 
@@ -514,15 +535,21 @@
 CVE-2007-4897 version (opal, fixed 2.2.9)
 CVE-2007-4894 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
 CVE-2007-4893 version (wordpress, fixed 2.2.3) [since FEDORA-2007-2143]
+CVE-2007-4887 ignore (php, fixed 5.2.5) 
 CVE-2007-4879 version (firefox, fixed 2.0.0.13) 
 CVE-2007-4879 version (seamonkey, fixed 1.1.9) 
 CVE-2007-4851 ignore (tk) duplicate of CVE-2007-5137
+CVE-2007-4850 ignore (php, fixed 5.2.6) 
 CVE-2007-4841 ignore (mozilla) Windows only
 CVE-2007-4841 version (thunderbird) [since FEDORA-2007-3431] windows only anyway
-CVE-2007-4840 ignore (php)
+CVE-2007-4840 ignore (php, fixed 5.2.5) 
 CVE-2007-4829 VULNERABLE (perl-Archive-Tar) #315321
 CVE-2007-4828 version (mediawiki, fixed 1.11.0, 1.10.2, 1.9.4) #287881 [since FEDORA-2007-2189]
 CVE-2007-4826 version (quagga, fixed 0.99.9) [since FEDORA-2007-2196]
+CVE-2007-4825 ignore (php, fixed 5.2.5) 
+CVE-2007-4784 ignore (php, fixed 5.2.5) 
+CVE-2007-4783 ignore (php, fixed 5.2.5) 
+CVE-2007-4782 fixed (php, fixed 5.2.5) [since FEDORA-2008-1734] 
 CVE-2007-4772 fixed (postgresql, fixed 8.2.6) #427772 [since FEDORA-2008-0552] 
 CVE-2007-4771 fixed (icu) #430232 [since FEDORA-2008-1076] 
 CVE-2007-4770 fixed (icu) #430232 [since FEDORA-2008-1076] 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]