[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security Patch in netpanzer (question)

Hugo Cisneiros wrote:
> Hi,
> I'm trying to fix this bug in the netpanzer package:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
> It seems that the SVN version is ok, but I'm not a programmer to make a patch 
> only to fix this vulnerability. An option would be to create and apply a 
> patch to update the entire version to SVN instead of only the vulnerability 
> fix.
> What do you think? What is the current method?
> If applying the patch to update entirely to the svn version, I must change the 
> entire package's version or change only the release field in the specfile?

Why don't you ask upstream to make a new release with their fix for this
and the fix I've attached to:
for CVE-2006-2575?

That sounds like a good reason to make a new release to me?

Otherwise I would try to find the exact patch fixing this and
backporting it, upgrading to a snapshot might cause all kinda problems
including network protocol incompatibilities.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]