fedora-security/audit fc5,1.308,1.309 fc6,1.54,1.55
Josh Bressers
bressers at redhat.com
Sat Sep 2 04:01:36 UTC 2006
> >>>>> "JB" == Josh Bressers <(bressers) <fedora-extras-commits at redhat.com>> writes:
>
> JB> Modified Files: fc5 fc6 Log Message: Note some new PHP CVE ids.
>
> FC6 seems to have PHP 5.1.6 now, so should these:
>
> +CVE-2006-4486 VULNERABLE (php, fixed 5.1.6)
> +CVE-2006-4485 VULNERABLE (php, fixed 5.1.5)
> +CVE-2006-4484 ignore (php, fixed 5.1.5)
> +CVE-2006-4482 VULNERABLE (php, fixed 5.1.5)
>
> be listed as fixed?
That's what any sane person would think :)
The file is a snapshot of FC6, in this case it's a snapshot of FC6 Test 2.
Since FC6 Test 2 contained php 5.1.4, we mark them vulnerable. Once Test 3
comes out we'll look through the file again.
--
JB
More information about the Fedora-security-list
mailing list