[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora treats security as a joke.

> Also see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=121417 :-)

Over the last few days we've been doing some checking of FC1 and FC2 
security issues.

For FC1 there are a few cases where updates have been made available but
the associated announcement email seems to have been eaten before making
it out to fedora-announce-list.  Thse are CAN-2004-0179, CAN-2003-0695,
CAN-2004-0180, and recent CAN-2004-0421, CAN-2003-0856.  We'll have to
redo those announcements.

For FC1 there have also been a few cases where updates are required but
are not released (I've pinged all the folks responsible for those packages
individually and now have bugzilla entries at "security" level). These are
CAN-2004-0234/5, CAN-2003-0988, CAN-2004-0409, CAN-2003-0564,
CAN-2004-0191, CAN-2004-0113.

For FC2 we went back through the issues of the last 6 months to see if
these were fixed by FC2 containing a fixed upstream version or if the FC2
package contained a backport.  There are a few issues that will require
updates:  I've opened bugzila entries for each of these at "security"
level.  These include CAN-2004-0399/0400, CAN-2004-0403, CAN-2004-0409.

Thanks, Mark
Mark J Cox / Red Hat Security Response Team


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]