Security Patch in netpanzer (question)
Hans de Goede
j.w.r.degoede at hhs.nl
Fri Jun 9 08:11:07 UTC 2006
Hugo Cisneiros wrote:
> Hi,
>
> I'm trying to fix this bug in the netpanzer package:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
>
> It seems that the SVN version is ok, but I'm not a programmer to make a patch
> only to fix this vulnerability. An option would be to create and apply a
> patch to update the entire version to SVN instead of only the vulnerability
> fix.
>
> What do you think? What is the current method?
>
> If applying the patch to update entirely to the svn version, I must change the
> entire package's version or change only the release field in the specfile?
>
Why don't you ask upstream to make a new release with their fix for this
and the fix I've attached to:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192983
for CVE-2006-2575?
That sounds like a good reason to make a new release to me?
Otherwise I would try to find the exact patch fixing this and
backporting it, upgrading to a snapshot might cause all kinda problems
including network protocol incompatibilities.
Regards,
Hans
More information about the fedora-extras-list
mailing list