List of bugs to investigate/open

Sun Aug 28 13:23:59 UTC 2005

Hi Mark, thanks for the list, saves me digging through lots of emails :) 
I've opened a few new bugs and commented on a few others below.  I haven't
looked at the ones I say nothing about, but I'll try to get to a few of
those later.

-Jeff

> kde dcop CAN-2005-0365 or CAN-2005-0396
> gnomevfs CAN-2005-0706
> mysql CAN-2004-0957 better fix available? (debian, ubuntu)
> kdelibs CAN-2005-1046
> cyrus-imapd CAN-2005-0546
This exists as bugzilla #156290

> kdewebdev CAN-2005-0754
> gnutls CAN-2005-1431
Does this package exist in legacy?

> squid CAN-2005-1345 CAN-2005-1519 CVE-1999-0710 CAN-2005-1390
> CAN-2005-1389
There is an old squid package sitting in updates-testing, but it doesn't
cover those issues.  I vote for pushing out the old package and opening up
a new bug for these.  RHEL has a package which covers many of those
patches:
https://rhn.redhat.com/errata/RHSA-2005-415.html

> ethereal
There are ethereal packages sitting in updates-testing since March (bug
#152922). Any reason this hasn't timed-out yet?  RHEL has updated packages
for the newer bugs: https://rhn.redhat.com/errata/RHSA-2005-687.html

> openssl CAN-2005-0109
I opened a new report for this - #166939 - also addresses CAN-2004-0975.

> gaim CAN-2005-1269 CAN-2005-1934
> ruby CAN-2005-1992
> sudo CAN-2005-1993
I opened a new report for this - #166940

> gedit CAN-2005-1686
> binutils CAN-2005-1704
> zlib CAN-2005-2096 (rpm?)
This exists as bug #162680 and looks like it's just waiting to be pushed
to updates - am I missing something?

> httpd 2.0 CAN-2005-2088 CAN-2005-1344
It looks like redhat has patched CAN-2005-2088 and CAN-2005-1268, but I
don't see a patch for CAN-2005-1344.  According to the CVE page, it
doesn't look easily exploitable.  I've created a new report for this -
#166941

> vixie cron CAN-2005-1038
> krb5 CAN-2005-1689 CAN-2005-1175 CAN-2005-1174 etc
> net-snmp CAN-2005-2177
> klibs - kate CAN-2005-1920
> fetchmail CAN-2005-2335
This exists as bug #164512.  I'll look into adding the fixes you mentioned
there.

> kdenetwork (kopete) CAN-2005-1852
> xpdf CAN-2005-2097
> vim CAN-2005-2368
This exists as bug #164488

> slocate CAN-2005-2499
I'm confused on this one.  bug #165430 makes it looks like all rhel os's
are effected, yet the errata is only for rhel 2.1 - anyone have any ideas
on this?  The CVE page states that it only effects versions prior to 2.7,
which should mean we are OK, but RHEL 2.1 was also running 2.7 which is
why I'm confused...

> pcre CAN-2005-2491
> php CAN-2005-2498
I created a new report for this - #166943 - it effects fc1 & fc2

> freeradius CAN-2005-1454 CAN-2005-1455
> ntp CAN-2005-2496