Fedora treats security as a joke.
Mark J Cox
mjc at redhat.com
Tue May 11 13:43:21 UTC 2004
> Also see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=121417 :-)
Over the last few days we've been doing some checking of FC1 and FC2
security issues.
For FC1 there are a few cases where updates have been made available but
the associated announcement email seems to have been eaten before making
it out to fedora-announce-list. Thse are CAN-2004-0179, CAN-2003-0695,
CAN-2004-0180, and recent CAN-2004-0421, CAN-2003-0856. We'll have to
redo those announcements.
For FC1 there have also been a few cases where updates are required but
are not released (I've pinged all the folks responsible for those packages
individually and now have bugzilla entries at "security" level). These are
CAN-2004-0234/5, CAN-2003-0988, CAN-2004-0409, CAN-2003-0564,
CAN-2004-0191, CAN-2004-0113.
For FC2 we went back through the issues of the last 6 months to see if
these were fixed by FC2 containing a fixed upstream version or if the FC2
package contained a backport. There are a few issues that will require
updates: I've opened bugzila entries for each of these at "security"
level. These include CAN-2004-0399/0400, CAN-2004-0403, CAN-2004-0409.
Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team
More information about the fedora-devel-list
mailing list