[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: F12 Security Updates not tagged (Re: Reminder: Tagging Policy for Fedora 12)
- From: Christoph Wickert <christoph wickert googlemail com>
- To: Development discussions related to Fedora <fedora-devel-list redhat com>
- Subject: Re: F12 Security Updates not tagged (Re: Reminder: Tagging Policy for Fedora 12)
- Date: Wed, 21 Oct 2009 02:27:46 +0200
Am Dienstag, den 20.10.2009, 17:01 -0700 schrieb Jesse Keating:
> On Wed, 2009-10-21 at 01:11 +0200, Christoph Wickert wrote:
> >
> > What really scares me is that there is a number of security updates in
> > bodhi that don't have a tag request in trac. Are maintainers that
> > careless? We don't want F12 released with 6 weeks old security bugs, so
> > it might be worth to mail their owners if there is no tag request.
>
> "security" is a pretty broad and vague moniker. Are any of these known
> privilege escalations, or could they just be crashers or DoS?
AFAICS these are privilege escalations and a have CVE assigned:
https://admin.fedoraproject.org/updates/ocaml-mysql-1.0.4-11.fc12
https://admin.fedoraproject.org/updates/ocaml-postgresql-1.12.3-1.fc12
https://admin.fedoraproject.org/updates/ocaml-camlimages-3.0.1-12.fc12.1
But these are already tagged and the submitter forgot to withdraw the
requests.
Others:
https://admin.fedoraproject.org/updates/perl-Net-OAuth-0.19-1.fc12
https://admin.fedoraproject.org/updates/rt3-3.8.4-6.fc12
this one has no details or comments at all :(
Regards,
Christoph
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]