Fedora and External Product Vulnerabilities (Bugzilla #185499, RHSA-2006-0268 (Macromedia Flash))
Thomas Chung
tchung at fedoraproject.org
Tue Apr 4 06:58:25 UTC 2006
On 4/3/06, Karsten Wade <kwade at redhat.com> wrote:
> On Sat, 2006-04-01 at 23:55 -0600, Robert 'Bob' Jensen wrote:
>
> > Is there a current web space that users can look for security issues
> > that may apply to them? If not is this something that should be created
> > and maintained by the community at large? If it does how can we promote
> > this resource so users are aware can do research and can make wise
> > choices?
>
> Well, we get many security announcements to f-announce-l. It seems like
> an extra burden for us to track down and highlight security risks for
> applications not in Core or Extras; hard to know where to draw the line,
> and people are always going to think we drew it too far or not far
> enough.
>
> It might be cool if we could get security announcements to all magically
> appear on a page ... or in a searchable database ... and that would
> cover us for everything in Core and Extras thoroughly. We could link to
> external lists of non-FC/FE vulnerabilities for packages in third-party
> repos.
>
> FedoraNews.org and other news/planet sites might be a good place to draw
> attention to a vulnerability that is outside of the normal FC/FE-sphere
> but many users may have installed. For example, if there were a
> vulnerability in XMMS's MP3 plug-in, we would be remiss if no one
> announced it because it has the evil MP3 word in it.
>From time to time, I do post security information from third party
companies such as Adobe and Real on fedoranews.org. If you believe the
information is critical for desktop computing environment, feel free
to forward such security announcement and I'll add it under a new
category which also generates rss feed.
http://fedoranews.org/cms/Categories
Regards,
--
Thomas Chung
http://fedoraproject.org/wiki/ThomasChung
More information about the Fedora-security-list
mailing list