Summary of FC5 vulnerabilities

Mark J Cox mjc at redhat.com
Mon Mar 20 09:52:59 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quick Summary:

For 20030101-20060320 there are a potential 1361 CVE named vulnerabilities 
that could have affected FC5 packages.  90% of those are fixed because FC5 
includes an upstream version that includes a fix, 1% are still 
outstanding, and 9% are fixed with a backported patch.  Many of the 
outstanding and backported entries are for issues still not dealt with 
upstream.

For comparison FC4 had 88% by version, 1% outstanding, 11% backported.

Method:

Near the release time of each new distribution the Red Hat security
team go through the packages to ensure that everything is up to date
with security patches.  Full details of the method can be found
http://people.redhat.com/mjc/20050505-fc4

A full table of CVE name, the reason why FC5 isn't vulnerable and optional 
comments showing the package name, version it was fixed in, or method used
to verify the details is available:
http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc5?root=fedora

This file will be kept up to date through the life of FC5 to track 
publically known vulnerabilities and how they affect FC5.

Corrections, comments to secalert at redhat.com.

Thanks, Mark
- -- 
Mark J Cox / Red Hat Security Response Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iQCVAwUBRB57f+6tTP1JpWPZAQIRAgQApmCQEUeH4vbMBJABLsFPXmyvkhlbfN+X
mRMcFOHjIc/bekCGb864f64rDxbs+piLE7uXZak4zio7xAKRdWT5z28X2TgprcS8
VT+XBIzix0+vGni8JzDKpEZEq6FTE6zPG22gDfxGAwt9K0qxHGxb1JkY/Syh7wjI
V7vi8XFlaag=
=dnuD
-----END PGP SIGNATURE-----




More information about the fedora-devel-list mailing list