Seth brings up an interesting issue. If we don't have people interested in fixing a package, then it will still be vulnerable. Should we keep track of this in bugzilla? Just create a bug and tag it NOOWNER. Or something like that? This way we don't give people the idea that everything is fixed security wise if you use FedoraLegacy. Just a thought. -- Christian Pearce http://www.commnav.com seth vidal said: > > On Wed, 2004-01-14 at 12:03, Bernd Bartmann wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Hi all, > > > > FYI: Besides the kdepim, cvs and httpd update for RHES3 Red Hat also > > released updated elm packages for RHAS 2.1 that fix a buffer overflow > > vulnerability in the 'frm' command. Please have a look at: > > > > https://rhn.redhat.com/errata/RHSA-2004-009.html > > > > If there are admins out there who have users using elm or users who are > using it who would like fix up a package and submit I'm sure it would be > just fine. Personally, I don't have any of those users and I don't have > the sparetime to spend on applications I don't use. > > -sv > > > > -- > > fedora-legacy-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-legacy-list >
