F12 Security Updates not tagged (Re: Reminder: Tagging Policy for Fedora 12)

Richard W.M. Jones rjones at redhat.com
Wed Oct 21 09:44:15 UTC 2009


On Wed, Oct 21, 2009 at 02:27:46AM +0200, Christoph Wickert wrote:
> Am Dienstag, den 20.10.2009, 17:01 -0700 schrieb Jesse Keating:
> > On Wed, 2009-10-21 at 01:11 +0200, Christoph Wickert wrote:
> > > 
> > > What really scares me is that there is a number of security updates in
> > > bodhi that don't have a tag request in trac. Are maintainers that
> > > careless? We don't want F12 released with 6 weeks old security bugs, so
> > > it might be worth to mail their owners if there is no tag request.
> > 
> > "security" is a pretty broad and vague moniker.  Are any of these known
> > privilege escalations, or could they just be crashers or DoS? 
> 
> AFAICS these are privilege escalations and a have CVE assigned:
> https://admin.fedoraproject.org/updates/ocaml-mysql-1.0.4-11.fc12
> https://admin.fedoraproject.org/updates/ocaml-postgresql-1.12.3-1.fc12
> https://admin.fedoraproject.org/updates/ocaml-camlimages-3.0.1-12.fc12.1
> But these are already tagged and the submitter forgot to withdraw the
> requests.

... Didn't know I was supposed to.  But as you say, all three
had trac requests and rel-eng have dealt with them already.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora




More information about the fedora-devel-list mailing list