[Fedora-security-commits] fedora-security/audit f10, 1.6, 1.7 f8, 1.224, 1.225 f9, 1.214, 1.215 fc7, 1.380, 1.381
fedora-security-commits at redhat.com
fedora-security-commits at redhat.com
Fri Jun 20 08:51:15 UTC 2008
Author: thoger
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28928/audit
Modified Files:
f10 f8 f9 fc7
Log Message:
another week of issues
last update of fc7 file
Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- f10 13 Jun 2008 18:29:09 -0000 1.6
+++ f10 20 Jun 2008 08:50:45 -0000 1.7
@@ -4,6 +4,13 @@
# *CVE are items that need verification for Fedora 10
# (mozilla) = (gecko-libs dependent stuff)
+CVE-2008-2724 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10]
+CVE-2008-2723 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10]
+CVE-2008-2722 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10]
+CVE-2008-2721 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10]
+CVE-2008-2720 version (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc10]
+CVE-2008-2713 version (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc10]
+CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17)
CVE-2008-2575 version (cbrpager) [since cbrpager-0.9.17-2.fc10]
CVE-2008-2426 backport (imlib2) [since imlib2-1.4.0-7.fc10]
CVE-2008-2420 version (stunnel, fixed 4.24) [since stunnel-4.24-2]
Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.224
retrieving revision 1.225
diff -u -r1.224 -r1.225
--- f8 13 Jun 2008 18:29:09 -0000 1.224
+++ f8 20 Jun 2008 08:50:45 -0000 1.225
@@ -6,14 +6,22 @@
rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258]
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2783 VULNERABLE (kronolith)
+CVE-2008-2724 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8]
+CVE-2008-2723 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8]
+CVE-2008-2722 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8]
+CVE-2008-2721 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8]
+CVE-2008-2720 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc8]
+CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1)
+CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17)
CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4528]
CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4842]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4579]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
CVE-2008-2363 VULNERABLE (pan) #449333
-CVE-2008-2362 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279]
-CVE-2008-2361 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279]
-CVE-2008-2360 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279]
+CVE-2008-2362 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
+CVE-2008-2361 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
+CVE-2008-2360 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
CVE-2008-2359 fixed (system-config-network) [since FEDORA-2008-4633]
CVE-2008-2357 fixed (mtr, fixed 0.73)
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447258 [since FEDORA-2008-4248]
@@ -65,9 +73,12 @@
CVE-2008-1836 ignore (clamav, fixed 0.93) affected code introduced after 0.92.1
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1833 fixed (clamav, fixed 0.93-rc1) #442363 [since FEDORA-2008-3420]
-CVE-2008-1808 VULNERABLE (freetype, fixed 2.3.6) #451212
-CVE-2008-1807 VULNERABLE (freetype, fixed 2.3.6) #451212
-CVE-2008-1806 VULNERABLE (freetype, fixed 2.3.6) #451212
+CVE-2008-1808 fixed (freetype, fixed 2.3.6) #451212 [since FEDORA-2008-5430]
+CVE-2008-1808 ignore (freetype1) PFB not supported, TTF BCI not enabled
+CVE-2008-1807 fixed (freetype, fixed 2.3.6) #451212 [since FEDORA-2008-5430]
+CVE-2008-1807 ignore (freetype1) PFB font fromat not supported
+CVE-2008-1806 fixed (freetype, fixed 2.3.6) #451212 [since FEDORA-2008-5430]
+CVE-2008-1806 ignore (freetype1) PFB font fromat not supported
CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5001]
CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917]
CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445842 [since FEDORA-2008-3917]
@@ -126,8 +137,8 @@
CVE-2008-1380 VULNERABLE (firefox, fixed 2.0.0.14)
CVE-2008-1380 fixed (seamonkey, fixed 1.1.10) #442851 [since FEDORA-2008-3264]
CVE-2008-1380 fixed (thunderbird, fixed 2.0.0.14) #442856 [since FEDORA-2008-3557]
-CVE-2008-1379 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279]
-CVE-2008-1377 VULNERABLE (xorg-x11-server) #450925 [since FEDORA-2008-5279]
+CVE-2008-1379 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
+CVE-2008-1377 fixed (xorg-x11-server) #450925 [since FEDORA-2008-5279]
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 fixed (cups) #440040 [since FEDORA-2008-2131]
CVE-2008-1372 fixed (bzip2, fixed 1.0.5) #439855 [since FEDORA-2008-2970]
@@ -351,7 +362,7 @@
CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
CVE-2007-6421 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
-CVE-2007-6420 ignore (httpd) wontfix by upstream
+CVE-2007-6420 ignore (httpd, fixed 2.2.9) wontfix by upstream
CVE-2007-6415 fixed (scponly, fixed 4.8) #429732 [since FEDORA-2008-1743]
CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427982 [since FEDORA-2008-1711]
CVE-2007-6341 ignore (perl-Net-DNS) no impact
@@ -367,7 +378,7 @@
CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423291
+CVE-2007-6321 fixed (roundcubemail) #423291 [since FEDORA-2008-5342]
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6313 ignore (mysql) 5.1+ only
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.214
retrieving revision 1.215
diff -u -r1.214 -r1.215
--- f9 13 Jun 2008 18:29:10 -0000 1.214
+++ f9 20 Jun 2008 08:50:45 -0000 1.215
@@ -5,14 +5,21 @@
# (mozilla) = (gecko-libs dependent stuff)
rhbz249840 version (tor, fixed 0.1.2.15)
+CVE-2008-2724 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9]
+CVE-2008-2723 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9]
+CVE-2008-2722 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9]
+CVE-2008-2721 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9]
+CVE-2008-2720 VULNERABLE (gallery2, fixed 2.2.5) [since gallery2-2.2.5-1.fc9]
+CVE-2008-2713 VULNERABLE (clamav, fixed 0.93.1) [since clamav-0.93.1-1.fc9]
+CVE-2008-2696 VULNERABLE (exiv2, fixed 0.17)
CVE-2008-2575 fixed (cbrpager) [since FEDORA-2008-4501]
CVE-2008-2426 fixed (imlib2) [since FEDORA-2008-4871]
CVE-2008-2420 fixed (stunnel, fixed 4.24) [since FEDORA-2008-4531]
CVE-2008-2392 ignore (wordpress) issue only in certain deployments, not affected by default
CVE-2008-2363 VULNERABLE (pan) #449334
-CVE-2008-2362 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254]
-CVE-2008-2361 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254]
-CVE-2008-2360 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254]
+CVE-2008-2362 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
+CVE-2008-2361 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
+CVE-2008-2360 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
CVE-2008-2359 ignore (system-config-network) F8 specific issue
CVE-2008-2357 fixed (mtr, fixed 0.73)
CVE-2008-2302 fixed (Django, fixed 0.96.2) #447259 [since FEDORA-2008-4267]
@@ -66,9 +73,12 @@
CVE-2008-1835 ignore (clamav, fixed 0.93) unrar code not shipped
CVE-2008-1834 version (swfdec, fixed 0.6.4) [since swfdec-0.6.4-1.fc9]
CVE-2008-1833 version (clamav, fixed 0.93-rc1) [since clamav-0.93-0.0.rc1.fc9]
-CVE-2008-1808 VULNERABLE (freetype, fixed 2.3.6) #451213
-CVE-2008-1807 VULNERABLE (freetype, fixed 2.3.6) #451213
-CVE-2008-1806 VULNERABLE (freetype, fixed 2.3.6) #451213
+CVE-2008-1808 fixed (freetype, fixed 2.3.6) #451213 [since FEDORA-2008-5425]
+CVE-2008-1808 ignore (freetype1) PFB not supported, TTF BCI not enabled
+CVE-2008-1807 fixed (freetype, fixed 2.3.6) #451213 [since FEDORA-2008-5425]
+CVE-2008-1807 ignore (freetype1) PFB font fromat not supported
+CVE-2008-1806 fixed (freetype, fixed 2.3.6) #451213 [since FEDORA-2008-5425]
+CVE-2008-1806 ignore (freetype1) PFB font fromat not supported
CVE-2008-1804 fixed (snort, fixed 2.8.1) [since FEDORA-2008-5045]
CVE-2008-1803 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886]
CVE-2008-1802 fixed (rdesktop, fixed 1.6.0) #445843 [since FEDORA-2008-3886]
@@ -127,8 +137,8 @@
CVE-2008-1380 version (firefox, fixed 2.0.0.14)
CVE-2008-1380 backport (seamonkey, fixed 1.1.10) #442852 [since seamonkey-1.1.9-3.fc9]
CVE-2008-1380 version (thunderbird, fixed 2.0.0.14) #442857 [since thunderbird-2.0.0.14-1.fc9]
-CVE-2008-1379 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254]
-CVE-2008-1377 VULNERABLE (xorg-x11-server) #450926 [since FEDORA-2008-5254]
+CVE-2008-1379 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
+CVE-2008-1377 fixed (xorg-x11-server) #450926 [since FEDORA-2008-5254]
CVE-2008-1374 ignore (cups) only affects old cups versions in RHEL
CVE-2008-1373 backport (cups) #440041 [since cups-1.3.6-9.fc9]
CVE-2008-1372 version (bzip2, fixed 1.0.5) [since bzip2-1.0.5-1.fc9]
@@ -348,7 +358,7 @@
CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
CVE-2007-6421 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
-CVE-2007-6420 ignore (httpd) wontfix by upstream
+CVE-2007-6420 ignore (httpd, fixed 2.2.9) wontfix by upstream
CVE-2007-6415 backport (scponly, fixed 4.8) [since scponly-4.6-10.fc9]
CVE-2007-6388 version (httpd, fixed 2.2.8) #427984 [since httpd-2.2.8-2]
CVE-2007-6341 version (perl-Net-DNS) [since perl-Net-DNS-0.63-1.fc9]
@@ -364,7 +374,7 @@
CVE-2007-6350 backport (scponly) [since scponly-4.6-8.fc9] rsync support disabled
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423301
+CVE-2007-6321 fixed (roundcubemail) #423301 [since FEDORA-2008-5333]
CVE-2007-6318 VULNERABLE (wordpress) #426434
CVE-2007-6313 ignore (mysql) 5.1+ only
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
Index: fc7
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc7,v
retrieving revision 1.380
retrieving revision 1.381
diff -u -r1.380 -r1.381
--- fc7 13 Jun 2008 18:29:10 -0000 1.380
+++ fc7 20 Jun 2008 08:50:45 -0000 1.381
@@ -350,7 +350,7 @@
CVE-2007-6423 ignore (httpd) can not be reproduced by upstream
CVE-2007-6422 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
CVE-2007-6421 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
-CVE-2007-6420 ignore (httpd) wontfix by upstream
+CVE-2007-6420 ignore (httpd, fixed 2.2.9) wontfix by upstream
CVE-2007-6415 fixed (scponly, fixed 4.8) #429731 [since FEDORA-2008-1728]
CVE-2007-6388 fixed (httpd, fixed 2.2.8) #427983 [since FEDORA-2008-1695]
CVE-2007-6341 ignore (perl-Net-DNS) no impact
@@ -366,7 +366,7 @@
CVE-2007-6350 fixed (scponly) #429731 [since FEDORA-2008-1728] rsync vector only
CVE-2007-6348 ignore (squirrelmail) trojaned version was not shipped
CVE-2007-6328 ignore (dosbox) design decision
-CVE-2007-6321 VULNERABLE (roundcubemail) #423281
+CVE-2007-6321 fixed (roundcubemail) #423281 [since FEDORA-2008-5315]
CVE-2007-6318 VULNERABLE (wordpress)
CVE-2007-6313 ignore (mysql) 5.1+ only
CVE-2007-6304 ignore (mysql, fixed 5.0.52) federated engine not built
More information about the Fedora-security-commits
mailing list