Some FC1 security advisories are still missing
Andy Green
fedora at warmcat.com
Wed May 19 09:10:48 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 19 May 2004 09:23, Bernd Bartmann wrote:
> It's nice to see that some of the missing FC1 security advisories were
> finally posted today:
> cvs-1.11.15-1
> neon-0.24.5-1
> mailman-2.1.4-1
>
> But again at least two advisories are still missing, although the
> updates are already available for some time:
> postfix-2.0.16-1
> tcpdump-3.7.2-8.fc1.2
I saw over on Full-disclosure that Stefan Esser released information on the
bugs today, with, for example this for the CVS one:
Disclosure Timeline:
02. May 2004 - CVS developers and vendor-sec were notified by email
Derek Robert Price replied nearly immediately that the
issue is fixed
03. May 2004 - Pre-notification process of important repositories
was started
11. May 2004 - Sourceforge discovered that the patch breaks
compatibility with some pserver protocol violating
versions of WinCVS/TortoiseCVS
12. May 2004 - Pre-notified repositories were warned about this
problem with a more compatible patch.
19. May 2004 - Coordinated Public Disclosure
It is likely then that the problems with postfix and tcpdump are currently
being sat on until their "Coordinated Public Disclosure".
Me, if I see an official update is around, I jump on it, I'll find out why
later ;-)
- -Andy
- --
Automatic actions for USB cameras, cardreaders, memory sticks, MP3 players
http://warmcat.com/usbautocam
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAqySYjKeDCxMJCTIRAhyFAJwNb7DMQ+aAINARuFDB/DD2ta/KcACgjJud
1Gc1IUnOPOjoQHCtX2SslHI=
=LyOs
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list