Red Hat updates apache, elm, cvs, kdepim
William Stockall
wstockal at compusmart.ab.ca
Wed Jan 21 21:49:18 UTC 2004
It might actually be useful here to get some indication that, although
the package (never mind the version) is installed, we are not vulnerable
for whatever reason. This is probably preferable to wondering if,
perhaps, nobody noticed this particular package for this distribution.
Will.
Jason wrote:
> On Wed, Jan 21, 2004 at 03:20:17PM -0500, Todd wrote:
>
>>Jesse Keating wrote:
>>
>>>We should write an advisory that this vul does not effect the
>>>releases we support. Thoughts on format?
>>
>>Doesn't the KDE advisory make that clear enough? Seems like there is
>>already more than enough work just to keep up with the known updates.
>>If there are folks insisting that the vulnerability affects KDE < 3.1
>>then let them do some work to show that and then it might be worth
>>looking at.
>>
>>Putting out advisories that something *isn't* vulnerable seems useless
>>at best and confusing at worst. To me anyway. It might be different
>>if 8.0 had a vulnerable version and 7.x didn't. Then noting that the
>>vuln didn't affect 7.x might be good to do in the advisory for the
>>updated 8.0 packages. This case could happen with KDE packages after
>>9 goes EOL in April.
>
>
> I concur
More information about the fedora-legacy-list
mailing list