Fedora 7 and the Security Response Team
Kevin Fenzi
kevin at tummy.com
Tue Jun 12 16:55:16 UTC 2007
On Tue, 12 Jun 2007 12:41:12 +0900
Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> wrote:
> Oh.. I sent a reply to Kevin and did not sent to mailing list,
> resending...
>
> Kevin Fenzi wrote, at 06/12/2007 12:04 PM +9:00:
> > ok. Looking at the nice big pile you checked in, I think we might be
> > served better by folks taking particular packages. Ie, if you are
> > already examining a package for one CVE, it might be easier to just
> > keep going on that package rather than switch to another one and
> > have to pull up more cvs files, bugzilla, etc.
> >
> > Here's the top 10 of the ones you just checked in today:
> >
> > 30 (php)
> > 14 (helixplayer)
> > 11 (tomcat)
> > 8 (fedoradirectoryserver)
> > 7 (flash-plugin)
> > 7 (acroread)
> > 6 (openoffice.org)
> > 6 (kernel)
> > 5 (xscreensaver)
> > 5 (wu-ftpd)
>
> For xscreensaver, all CVE entries which were added today are
> for <4.18 and no longer affects FC-5+ xscreensaver (4.24<=)
Excellent news. ;)
I looked around briefly and xscreensaver seems to not really note when
these things are fixed. Nothing in the changelog at jwz's site, or in
your spec file changelog mention CVE's or security issues that I could
see off hand. Or is there somewhere that I am not looking?
That makes it hard to verify things. ;(
You might consider adding info about security fixes to your changelog,
and/or talk to Jamie and see if he is willing to note them in the
upstream changelog.
Thanks for the info.
> Mamoru (xscreensaver maintainer)
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-security-list/attachments/20070612/1b409125/attachment.sig>
More information about the Fedora-security-list
mailing list