That would probably be good.. we could use the NEEDSWORK tag which I think already exists. And, I think there should certainly be the goal to patch everything that needs it.. even if a few people end up as clean up crew. -jason On Wed, Jan 14, 2004 at 08:38:21PM +0000, Christian Pearce wrote: > Seth brings up an interesting issue. If we don't have people interested in fixing a package, then it will still be vulnerable. Should we keep track of this in bugzilla? Just create a bug and tag it NOOWNER. Or something like that? This way we don't give people the idea that everything is fixed security wise if you use FedoraLegacy. > > Just a thought. > > -- > Christian Pearce > http://www.commnav.com > > > > seth vidal said: > > > > On Wed, 2004-01-14 at 12:03, Bernd Bartmann wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Hi all, > > > > > > FYI: Besides the kdepim, cvs and httpd update for RHES3 Red Hat also > > > released updated elm packages for RHAS 2.1 that fix a buffer overflow > > > vulnerability in the 'frm' command. Please have a look at: > > > > > > https://rhn.redhat.com/errata/RHSA-2004-009.html > > > > > > > If there are admins out there who have users using elm or users who are > > using it who would like fix up a package and submit I'm sure it would be > > just fine. Personally, I don't have any of those users and I don't have > > the sparetime to spend on applications I don't use. > > > > -sv > > > > > > > > -- > > > > fedora-legacy-list@xxxxxxxxxx > > http://www.redhat.com/mailman/listinfo/fedora-legacy-list > > > > > -- > > fedora-legacy-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-legacy-list
Attachment:
pgp00175.pgp
Description: PGP signature