Fedora and External Product Vulnerabilities (Bugzilla #185499, RHSA-2006-0268 (Macromedia Flash))
Thorsten Leemhuis
fedora at leemhuis.info
Sat Apr 1 19:40:25 UTC 2006
Am Sonntag, den 02.04.2006, 00:57 +0530 schrieb Rahul Sundaram:
> On Sat, 2006-04-01 at 13:06 -0600, David Eisenstein wrote:
> > Hello,
> >
> > The other week, I sent a notice to fedora-legacy-list and fedora-
> > security-list regarding the Macromedia Flash critical vulnerability
> > (CVE-2006-0024, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024)
> > thinking that, even though it is proprietary and therefore Fedora Core,
> > Legacy, & Extras do not distribute it nor provide any support for it, that
> > I could tell my friends on both lists about it, since this bug has the
> > alleged possibility to run abitrary code remotely and so is critical.
> >
> > Here's the post:
> > <http://www.redhat.com/archives/fedora-legacy-list/2006-March/msg00107.html>
> >
> > Some reservations were expressed to me privately about using our mailing
> > list(s) to broadcast such information, after I already sent the thing out.
> > Yet I sent it out, because I felt it would be important for folks who
> > don't get Red Hat Enterprise Linux's security errata to be aware of the
> > issue so they can protect their computers.
>
> You are certainly allowed as a individual to post such warnings to the
> list. Just make it explicit that you are posting not on behalf of the
> project when it is controversial. Warren Togami for example made a
> announcement on the arrangement he had with Macromedia for a flash
> repository.
That's would be my opinion, too.
Cu
thl
--
Thorsten Leemhuis <fedora at leemhuis.info>
More information about the Fedora-websites-list
mailing list