[Bug 192830] CVE-2006-2453 Additional dia format string flaws

bugzilla at redhat.com bugzilla at redhat.com
Sat May 27 23:32:25 UTC 2006 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: CVE-2006-2453 Additional dia format string flaws


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830


deisenst at gtw.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bugs at fedoralegacy.org




------- Additional Comments From deisenst at gtw.net  2006-05-27 19:24 EST -------
Have a question.  If this has been fixed for FC5 (or, I guess the technically
correct moniker would be "FE5"), and this is a security issue -- so people who
need to know (and don't have yum automatically set to update their FC5 systems)
DO know that this has been fixed -- should there not be an announcement for this
fix and the CVE-2006-2480 fix (in Bug 192535) published to the
fedora-package-announce list, like Caolan McNamara's announcement here?:

http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00119.html

Not everybody has yum working to automatically update their FC5 installs, so
unless there is an announcement somewhere, how will they know to update their
dia to dia-0.95-3??

Another unrelated question:  Do you mind if we in Fedora Legacy backport the
fixes you made for maintaining the older legacy versions of dia?  If so, may we
include you, Hans, in the cc: list for such a bugzilla entry?  The open Bugzilla
Bug Fedora Legacy has for dia currently is Bug #190942, in which we also
discovered that the CVE-2005-2966 may not have been covered either here, in FC,
or in RHEL...  (This CVE may not affect FedoraExtras, but may affect Fedora Core
4, RHEL 4/3/2.x?...)

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the Fedora-security-list mailing list