Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=481165 --- Comment #2 from Xavier Bachelot <xavier@xxxxxxxxxxxx> 2009-01-22 11:16:01 EDT --- (In reply to comment #1) > If I understand correctly, the vulnerability is in perl-Devel-StackTrace. > > Fedora 9-11 already come with Devel-StackTrace-1.20 > => should not be affected by this vulnerability. The vulnerability is in Devel::StackTrace, the bells and whistles are in rt3 3.6.7. > > Fedora 10 and 11's rt3 currently is at 3.8.x => should also not be affected. > That's why I filed a bug against rt3 F9 too. > Leaves Fedora 9's rt3, which is at 3.6.6. Upgrading FC9's rt3 to rt-3.8.x is > hardly possible due to rt once again changed having its database format and > because there is no known way to automatically reformat the database from > inside of rpm. > yes, upgrading between major rt3 releases is not possible, at least not automagically, so no way to do that in a stable release. > Whether upgrading it to 3.6.7 is possible, needs to be analyzed. I'd rather > avoid doing so. There's no database change nor any caveat mentioned in the changelog and we've successfully done some basic update tests. We've yet to try with a production database though. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl Fedora-perl-devel-list mailing list Fedora-perl-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-perl-devel-list
