[Fedora-security-commits] fedora-security/audit f10, 1.16, 1.17 f8, 1.236, 1.237 f9, 1.226, 1.227

fedora-security-commits at redhat.com fedora-security-commits at redhat.com
Tue Oct 7 15:10:30 UTC 2008 

Author: thoger

Update of /cvs/fedora/fedora-security/audit
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13765/audit

Modified Files:
	f10 f8 f9 
Log Message:
merge josh's commits to my pending pile of changes



Index: f10
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f10,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- f10	30 Sep 2008 12:51:46 -0000	1.16
+++ f10	7 Oct 2008 15:09:59 -0000	1.17
@@ -4,6 +4,14 @@
 # *CVE are items that need verification for Fedora 10
 # (mozilla) = (gecko-libs dependent stuff)
 
+CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465959 
+CVE-2008-4434 ignore (bittorrent) 6.x only
+CVE-2008-4422 backport (libxml2, fixed 2.7.2) [since libxml2-2.7.1-2.fc10] 
+CVE-2008-4408 version (mediawiki, fixed 1.13.2) [since mediawiki-1.13.2-41.fc10] 
+CVE-2008-4360 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] 
+CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #465754 
+CVE-2008-4326 version (phpMyAdmin, fixed 2.11.9.2) [since phpMyAdmin-2.11.9.2-1.fc10] 
+CVE-2008-4325 version (viewvc, fixed 1.0.6) [since viewvc-1.0.6-1.fc10] 
 CVE-2008-4298 version (lighttpd, fixed 1.4.20) [since lighttpd-1.4.20-0.1.r2303.fc10] 
 CVE-2008-4297 version (mercurial, fixed 1.0.2) [since mercurial-1.0.2-1.fc10] 
 CVE-2008-4242 VULNERABLE (proftpd) #464130 
@@ -60,13 +68,15 @@
 CVE-2008-3916 VULNERABLE (ed, fixed 1.0) 
 CVE-2008-3906 version (mono) #461755 [since mono-2.0-6.fc10]
 CVE-2008-3905 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] 
-CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459101 
+CVE-2008-3889 version (postfix, fixed 2.4.9, 2.5.5) #459101 [since postfix-2.5.5-1.fc10]
 CVE-2008-3837 version (firefox, fixed 3.0.2) [since firefox-3.0.2-1.fc10] 
 CVE-2008-3837 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
 CVE-2008-3836 ignore (firefox) ff2 only
 CVE-2008-3836 ignore (seamonkey) ff only
 CVE-2008-3835 ignore (firefox) ff2 only
 CVE-2008-3835 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
+CVE-2008-3834 VULNERABLE (dbus) 
+CVE-2008-3825 VULNERABLE (pam_krb5, 2.3.2) 
 CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.7.4-1.fc10] 
@@ -88,6 +98,8 @@
 CVE-2008-3657 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] 
 CVE-2008-3656 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] 
 CVE-2008-3655 version (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since ruby-1.8.6.287-1.fc10] 
+CVE-2008-3652 VULNERABLE (ipsec-tools) #465474 
+CVE-2008-3651 version (ipsec-tools, fixed 0.7.1) [since ipsec-tools-0.7.1-1.fc10] 
 CVE-2008-3546 version (git, fixed 1.5.6.4) [since git-1.5.6.4-1.fc10] 
 CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
 CVE-2008-3529 version (libxml2, fixed 2.7.0) [since libxml2-2.7.1-1.fc10] 
@@ -146,8 +158,8 @@
 CVE-2008-2940 ignore (hplip) #458991 not run as service
 CVE-2008-2938 version (tomcat6, fixed 6.0.18) #460132 [since tomcat6-6.0.18-1.1.fc10]
 CVE-2008-2938 VULNERABLE (tomcat5, fixed 5.5.27) #460127 
-CVE-2008-2937 VULNERABLE (postfix) #459101 
-CVE-2008-2936 backport (postfix) #459101 [since postfix-2.5.1-4.fc10]
+CVE-2008-2937 version (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.5-1.fc10]
+CVE-2008-2936 backport (postfix, fixed 2.4.8, 2.5.4) #459101 [since postfix-2.5.1-4.fc10]
 CVE-2008-2935 VULNERABLE (libxslt) 
 CVE-2008-2933 version (firefox, fixed 3.0.1) [since firefox-3.0.1-1.fc10]
 CVE-2008-2932 version (adminutil, fixed 1.1.7) [since adminutil-1.1.7-1.fc10] 
@@ -301,6 +313,7 @@
 CVE-2008-0553 version (tkimg) [since tkimg-1.3-0.10.20080505svn.fc10]
 CVE-2008-0314 version (clamav, fixed 0.93) [since clamav-0.93-1.fc9]
 CVE-2008-0166 ignore (openssl) Debian specific
+CVE-2008-0071 ignore (bittorrent) 6.x only
 CVE-2008-0016 ignore (firefox) ff2 only
 CVE-2008-0016 version (seamonkey, fixed 1.1.12) [since seamonkey-1.1.12-1.fc9] 
 CVE-2007-6714 version (dbmail, fixed 2.2.9) [since dbmail-2.2.9-1.fc9] 


Index: f8
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f8,v
retrieving revision 1.236
retrieving revision 1.237
diff -u -r1.236 -r1.237
--- f8	7 Oct 2008 12:55:57 -0000	1.236
+++ f8	7 Oct 2008 15:09:59 -0000	1.237
@@ -7,10 +7,17 @@
 rhbz293031 fixed (nx) #293031 [since FEDORA-2008-2258] 
 rhbz249840 version (tor, fixed 0.1.2.15) 
 CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465957
+CVE-2008-4434 ignore (bittorrent) 6.x only
+CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8582] 
+CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8678] 
+CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464638 
+CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464638 
+CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8286] 
+CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8270] 
 CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464638 
 CVE-2008-4297 VULNERABLE (mercurial, fixed 1.0.2) #464632 
 CVE-2008-4242 VULNERABLE (proftpd) #464128 
-CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8423] 
+CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8423] 
 CVE-2008-4190 VULNERABLE (openswan) 
 CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462871 
 CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462871 
@@ -63,7 +70,7 @@
 CVE-2008-3916 VULNERABLE (ed, fixed 1.0) 
 CVE-2008-3906 VULNERABLE (mono) #461753 
 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] 
-CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459099 [since FEDORA-2008-8595] 
 CVE-2008-3837 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
 CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
 CVE-2008-3836 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
@@ -71,6 +78,7 @@
 CVE-2008-3835 fixed (firefox, fixed 2.0.0.17) [since FEDORA-2008-8399] 
 CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8401] 
 CVE-2008-3834 VULNERABLE (dbus) #465835
+CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8605] 
 CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3790 VULNERABLE (ruby) 
@@ -91,6 +99,8 @@
 CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] 
 CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] 
 CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7554] 
+CVE-2008-3652 VULNERABLE (ipsec-tools) #465472 
+CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465472 
 CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
 CVE-2008-3533 fixed (yelp, fixed 2.24) #459502 [since FEDORA-2008-7293] 
 CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7666] 
@@ -146,8 +156,8 @@
 CVE-2008-2941 ignore (hplip) #458989 not run as service
 CVE-2008-2940 ignore (hplip) #458989 not run as service
 CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460125 [since FEDORA-2008-8130] 
-CVE-2008-2937 VULNERABLE (postfix) #459099 
-CVE-2008-2936 VULNERABLE (postfix) #459099 
+CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595] 
+CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459099 [since FEDORA-2008-8595] 
 CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7029] 
 CVE-2008-2933 fixed (firefox, fixed 2.0.0.16) [since FEDORA-2008-6491] 
 CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7642] 
@@ -530,6 +540,7 @@
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since FEDORA-2008-0199]
 CVE-2008-0073 fixed (xine-lib, fixed 1.1.11) #438192 [since FEDORA-2008-2569] 
 CVE-2008-0072 fixed (evolution) #436081 [since FEDORA-2008-2292] 
+CVE-2008-0071 ignore (bittorrent) 6.x only
 CVE-2008-0063 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
 CVE-2008-0062 fixed (krb5, fixed 1.6.4) #438023 [since FEDORA-2008-2647] 
 CVE-2008-0053 version (cups, fixed 1.3.6) [since FEDORA-2008-1901] 


Index: f9
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/f9,v
retrieving revision 1.226
retrieving revision 1.227
diff -u -r1.226 -r1.227
--- f9	7 Oct 2008 12:55:57 -0000	1.226
+++ f9	7 Oct 2008 15:09:59 -0000	1.227
@@ -6,10 +6,17 @@
 
 rhbz249840 version (tor, fixed 0.1.2.15)
 CVE-2008-4437 VULNERABLE (bugzilla, fixed 3.0.5) #465958
+CVE-2008-4434 ignore (bittorrent) 6.x only
+CVE-2008-4422 fixed (libxml2, fixed 2.7.2) [since FEDORA-2008-8575] 
+CVE-2008-4408 fixed (mediawiki, fixed 1.13.2) [since FEDORA-2008-8639] 
+CVE-2008-4360 VULNERABLE (lighttpd, fixed 1.4.20) #464639 
+CVE-2008-4359 VULNERABLE (lighttpd, fixed 1.4.20) #464639 
+CVE-2008-4326 fixed (phpMyAdmin, fixed 2.11.9.2) [since FEDORA-2008-8335] 
+CVE-2008-4325 fixed (viewvc, fixed 1.0.6) [since FEDORA-2008-8252] 
 CVE-2008-4298 VULNERABLE (lighttpd, fixed 1.4.20) #464639 
 CVE-2008-4297 fixed (mercurial, fixed 1.0.2) [since FEDORA-2008-7490] 
 CVE-2008-4242 VULNERABLE (proftpd) #464129 
-CVE-2008-4191 VULNERABLE (emacspeak) [since FEDORA-2008-8379] 
+CVE-2008-4191 fixed (emacspeak) [since FEDORA-2008-8379] 
 CVE-2008-4190 VULNERABLE (openswan) 
 CVE-2008-4130 VULNERABLE (gallery2, fixed 2.2.6) #462872 
 CVE-2008-4129 VULNERABLE (gallery2, fixed 2.2.6) #462872 
@@ -62,7 +69,7 @@
 CVE-2008-3916 VULNERABLE (ed, fixed 1.0) 
 CVE-2008-3906 VULNERABLE (mono) #461754 
 CVE-2008-3905 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] 
-CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 
+CVE-2008-3889 VULNERABLE (postfix, fixed 2.4.9, 2.5.5) #459100 [since FEDORA-2008-8593] 
 CVE-2008-3837 fixed (firefox, fixed 3.0.2) [since FEDORA-2008-8425] 
 CVE-2008-3837 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
 CVE-2008-3836 ignore (firefox) ff2 only
@@ -70,6 +77,7 @@
 CVE-2008-3835 ignore (firefox) ff2 only
 CVE-2008-3835 fixed (seamonkey, fixed 1.1.12) [since FEDORA-2008-8429] 
 CVE-2008-3834 VULNERABLE (dbus) #465836
+CVE-2008-3825 fixed (pam_krb5, 2.3.2) [since FEDORA-2008-8618] 
 CVE-2008-3824 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3823 VULNERABLE (horde) oCERT-2008-012
 CVE-2008-3796 version (swfdec, fixed 0.6.8) [since swfdec-0.6.8-1.fc9] 
@@ -85,12 +93,14 @@
 CVE-2008-3740 fixed (drupal, fixed 6.4) [since FEDORA-2008-7626] 
 CVE-2008-3714 fixed (awstats) #459742 [since FEDORA-2008-7663] 
 CVE-2008-3699 fixed (amarok, fixed 1.4.40) [since FEDORA-2008-7739] 
-CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 
+CVE-2008-3663 VULNERABLE (squirrelmail, fixed 1.4.16) #464185 [since FEDORA-2008-8559] 
 CVE-2008-3662 VULNERABLE (gallery2, fixed 2.2.6) #462872 
 CVE-2008-3661 VULNERABLE (drupal) #464164 ignored by upstream
 CVE-2008-3657 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] 
 CVE-2008-3656 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] 
 CVE-2008-3655 VULNERABLE (ruby, fixed 1.8.6-p287, 1.8.7-p72) [since FEDORA-2008-7697] 
+CVE-2008-3652 VULNERABLE (ipsec-tools) #465473 
+CVE-2008-3651 VULNERABLE (ipsec-tools, fixed 0.7.1) #465473 
 CVE-2008-3546 ignore (git, fixed 1.5.6.4) caught by fortify_source
 CVE-2008-3533 ignore (yelp, fixed 2.24) caught by glibc
 CVE-2008-3529 fixed (libxml2, fixed 2.7.0) [since FEDORA-2008-7594] 
@@ -149,8 +159,8 @@
 CVE-2008-2940 ignore (hplip) #458990 not run as service
 CVE-2008-2938 fixed (tomcat6, fixed 6.0.18) #460131 [since FEDORA-2008-7977] 
 CVE-2008-2938 fixed (tomcat5, fixed 5.5.27) #460126 [since FEDORA-2008-8113] 
-CVE-2008-2937 VULNERABLE (postfix) #459100 
-CVE-2008-2936 VULNERABLE (postfix) #459100 
+CVE-2008-2937 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593] 
+CVE-2008-2936 VULNERABLE (postfix, fixed 2.4.8, 2.5.4) #459100 [since FEDORA-2008-8593] 
 CVE-2008-2935 fixed (libxslt) [since FEDORA-2008-7062] 
 CVE-2008-2933 fixed (firefox, fixed 3.0.1) [since FEDORA-2008-6518] 
 CVE-2008-2932 fixed (adminutil, fixed 1.1.7) [since FEDORA-2008-7339] 
@@ -532,6 +542,7 @@
 CVE-2008-0095 version (asterisk, fixed 1.4.17) AST-2008-001 [since asterisk-1.4.17-1.fc9]
 CVE-2008-0073 version (xine-lib, fixed 1.1.11) #438193 [since xine-lib-1.1.11-1.fc9]
 CVE-2008-0072 backport (evolution) #436082 [evolution-2.21.92-2.fc9] 
+CVE-2008-0071 ignore (bittorrent) 6.x only
 CVE-2008-0063 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] 
 CVE-2008-0062 backport (krb5, fixed 1.6.4) [since krb5-1.6.3-10.fc9] 
 CVE-2008-0053 version (cups, fixed 1.3.6) [since cups-1.3.6-1.fc9]

More information about the Fedora-security-commits mailing list