[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Fedora-security-commits] fedora-security/audit f10, 1.6, 1.7 f8, 1.224, 1.225 f9, 1.214, 1.215 fc7, 1.380, 1.381



Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28928/audit

Modified Files:
	f10 f8 f9 fc7 
Log Message:
another week of issues
last update of fc7 file



Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- f10	13 Jun 2008 18:29:09 -0000	1.6
+++ f10	20 Jun 2008 08:50:45 -0000	1.7
@@ -4,6 +4,13 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
 
+CVE-2008-2724 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
+CVE-2008-2723 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
+CVE-2008-2722 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
+CVE-2008-2721 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
+CVE-2008-2720 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10] 
+CVE-2008-2713 version (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc10] 
+CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
 CVE-2008-2575 version (cbrpager) [since cbrpager-0.9.17-2.fc10] 
 CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10] 
 CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2] 


Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.224
retrieving revision 1.225
diff -u -r1.224 -r1.225
--- f8	13 Jun 2008 18:29:09 -0000	1.224
+++ f8	20 Jun 2008 08:50:45 -0000	1.225
@@ -6,14 +6,22 @@
 
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
+CVE-2008-2783 VULNERABLE (kronolith) 
+CVE-2008-2724 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
+CVE-2008-2723 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
+CVE-2008-2722 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
+CVE-2008-2721 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
+CVE-2008-2720 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8] 
+CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1) 
+CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
 CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4528] 
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4842] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
 CVE-2008-2363 VULNERABLE (pan) #449333 
-CVE-2008-2362 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
-CVE-2008-2361 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
-CVE-2008-2360 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
+CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
+CVE-2008-2361 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
+CVE-2008-2360 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633] 
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
 CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248] 
@@ -65,9 +73,12 @@
 CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420] 
-CVE-2008-1808 VULNERABLE (freetype, fixed 2.3.6) #451212 
-CVE-2008-1807 VULNERABLE (freetype, fixed 2.3.6) #451212 
-CVE-2008-1806 VULNERABLE (freetype, fixed 2.3.6) #451212 
+CVE-2008-1808 fixed (freetype, fixed 2.3.6) #451212 [since FEDORA-2008-5430] 
+CVE-2008-1808 ignore (freetype1) PFB not supported, TTF BCI not enabled
+CVE-2008-1807 fixed (freetype, fixed 2.3.6) #451212 [since FEDORA-2008-5430] 
+CVE-2008-1807 ignore (freetype1) PFB font fromat not supported
+CVE-2008-1806 fixed (freetype, fixed 2.3.6) #451212 [since FEDORA-2008-5430] 
+CVE-2008-1806 ignore (freetype1) PFB font fromat not supported
 CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5001] 
 CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] 
 CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917] 
@@ -126,8 +137,8 @@
 CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14) 
 CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264] 
 CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557] 
-CVE-2008-1379 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
-CVE-2008-1377 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
+CVE-2008-1379 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
+CVE-2008-1377 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279] 
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131] 
 CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970] 
@@ -351,7 +362,7 @@
 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
 CVE-2007-6422 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
 CVE-2007-6421 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
-CVE-2007-6420 ignore (httpd) wontfix by upstream
+CVE-2007-6420 ignore (httpd, fixed 2.2.9) wontfix by upstream
 CVE-2007-6415 fixed (scponly, fixed 4.8) #429732 [since FEDORA-2008-1743] 
 CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711] 
 CVE-2007-6341 ignore (perl-Net-DNS) no impact
@@ -367,7 +378,7 @@
 CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
 CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
 CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423291
+CVE-2007-6321 fixed (roundcubemail) #423291 [since FEDORA-2008-5342] 
 CVE-2007-6318 VULNERABLE (wordpress)
 CVE-2007-6313 ignore (mysql) 5.1+ only
 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.214
retrieving revision 1.215
diff -u -r1.214 -r1.215
--- f9	13 Jun 2008 18:29:10 -0000	1.214
+++ f9	20 Jun 2008 08:50:45 -0000	1.215
@@ -5,14 +5,21 @@
 # (mozilla) = (gecko-libs dependent stuff)
 
 rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2724 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
+CVE-2008-2723 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
+CVE-2008-2722 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
+CVE-2008-2721 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
+CVE-2008-2720 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9] 
+CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc9] 
+CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17) 
 CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4501] 
 CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871] 
 CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531] 
 CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
 CVE-2008-2363 VULNERABLE (pan) #449334 
-CVE-2008-2362 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
-CVE-2008-2361 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
-CVE-2008-2360 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
+CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
+CVE-2008-2361 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
+CVE-2008-2360 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-2359 ignore (system-config-network) F8 specific issue
 CVE-2008-2357 fixed (mtr, fixed 0.73) 
 CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267] 
@@ -66,9 +73,12 @@
 CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
 CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9]
 CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9] 
-CVE-2008-1808 VULNERABLE (freetype, fixed 2.3.6) #451213 
-CVE-2008-1807 VULNERABLE (freetype, fixed 2.3.6) #451213 
-CVE-2008-1806 VULNERABLE (freetype, fixed 2.3.6) #451213 
+CVE-2008-1808 fixed (freetype, fixed 2.3.6) #451213 [since FEDORA-2008-5425] 
+CVE-2008-1808 ignore (freetype1) PFB not supported, TTF BCI not enabled
+CVE-2008-1807 fixed (freetype, fixed 2.3.6) #451213 [since FEDORA-2008-5425] 
+CVE-2008-1807 ignore (freetype1) PFB font fromat not supported
+CVE-2008-1806 fixed (freetype, fixed 2.3.6) #451213 [since FEDORA-2008-5425] 
+CVE-2008-1806 ignore (freetype1) PFB font fromat not supported
 CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5045] 
 CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] 
 CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886] 
@@ -127,8 +137,8 @@
 CVE-2008-1380 version (firefox, fixed 2.0.0.14) 
 CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9]
 CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
-CVE-2008-1379 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
-CVE-2008-1377 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
+CVE-2008-1379 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
+CVE-2008-1377 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254] 
 CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
 CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9]
 CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
@@ -348,7 +358,7 @@
 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
 CVE-2007-6422 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
 CVE-2007-6421 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
-CVE-2007-6420 ignore (httpd) wontfix by upstream
+CVE-2007-6420 ignore (httpd, fixed 2.2.9) wontfix by upstream
 CVE-2007-6415 backport (scponly, fixed 4.8) [since scponly-4.6-10.fc9]
 CVE-2007-6388 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
 CVE-2007-6341 version (perl-Net-DNS) [since perl-Net-DNS-0.63-1.fc9] 
@@ -364,7 +374,7 @@
 CVE-2007-6350 backport (scponly) [since scponly-4.6-8.fc9] rsync support disabled
 CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
 CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423301
+CVE-2007-6321 fixed (roundcubemail) #423301 [since FEDORA-2008-5333] 
 CVE-2007-6318 VULNERABLE (wordpress) #426434
 CVE-2007-6313 ignore (mysql) 5.1+ only
 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built


Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.380
retrieving revision 1.381
diff -u -r1.380 -r1.381
--- fc7	13 Jun 2008 18:29:10 -0000	1.380
+++ fc7	20 Jun 2008 08:50:45 -0000	1.381
@@ -350,7 +350,7 @@
 CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
 CVE-2007-6422 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] 
 CVE-2007-6421 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] 
-CVE-2007-6420 ignore (httpd) wontfix by upstream
+CVE-2007-6420 ignore (httpd, fixed 2.2.9) wontfix by upstream
 CVE-2007-6415 fixed (scponly, fixed 4.8) #429731 [since FEDORA-2008-1728] 
 CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695] 
 CVE-2007-6341 ignore (perl-Net-DNS) no impact
@@ -366,7 +366,7 @@
 CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
 CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
 CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423281
+CVE-2007-6321 fixed (roundcubemail) #423281 [since FEDORA-2008-5315] 
 CVE-2007-6318 VULNERABLE (wordpress)
 CVE-2007-6313 ignore (mysql) 5.1+ only
 CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]