[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Bug 192830] CVE-2006-2453 Additional dia format string flaws

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: CVE-2006-2453 Additional dia format string flaws


deisenst gtw net changed:

           What    |Removed                     |Added
                 CC|                            |bugs fedoralegacy org

------- Additional Comments From deisenst gtw net  2006-05-27 19:24 EST -------
Have a question.  If this has been fixed for FC5 (or, I guess the technically
correct moniker would be "FE5"), and this is a security issue -- so people who
need to know (and don't have yum automatically set to update their FC5 systems)
DO know that this has been fixed -- should there not be an announcement for this
fix and the CVE-2006-2480 fix (in Bug 192535) published to the
fedora-package-announce list, like Caolan McNamara's announcement here?:


Not everybody has yum working to automatically update their FC5 installs, so
unless there is an announcement somewhere, how will they know to update their
dia to dia-0.95-3??

Another unrelated question:  Do you mind if we in Fedora Legacy backport the
fixes you made for maintaining the older legacy versions of dia?  If so, may we
include you, Hans, in the cc: list for such a bugzilla entry?  The open Bugzilla
Bug Fedora Legacy has for dia currently is Bug #190942, in which we also
discovered that the CVE-2005-2966 may not have been covered either here, in FC,
or in RHEL...  (This CVE may not affect FedoraExtras, but may affect Fedora Core
4, RHEL 4/3/2.x?...)

Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]