-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jesse Keating wrote: > On Wednesday 28 January 2004 07:51, Christian Pearce wrote: >> Testing: >> >> * tcpdump >> * cvs >> * ethereal > > CVS has had some testing on 7.3, I'd like to see somebody test it on > 7.2 and 8.0 before I launch it, but if that doesn't happen by > tonight, I'm going to launch it as an update. Ditto with tcpdump > and ethereal. I've been intending to test each of these on 7.2, 7.3, and 8.0 and put the results into bugzilla. Sorry that hasn't happened yet. I do have test boxes now for all three dists, so hopefully I can get around to doing something useful. >> QA: >> * gaim > > I'd have to check the bug again, but I think we made the decision to > upgrade the gaim version to keep up with protocol changes. Gaim is > one of those apps that is at the END of a dep chain, rather than > somewhere in the middle, so bumping its version isn't going to hurt > much. 2 questions on this: 1) Are these issues even relevant to gaim-0.59 which is what ships with 7.2-8.0? I know the advisories stated most of the issues were with 0.75 and lower, but my quick (and rather uneducated) glance at the code makes it seem like some or all of this stuff might not apply to the older gaim. If they do apply, the backporting might be fun. What has RHEL done, if anything? Looking at the errata page (https://rhn.redhat.com/errata/rh21ws-errata.html) I don't see anything released there which makes me think that either they're having to work hard to backport the fixes or they are not relevant. 2) IIRC, gaim > 0.60 requires gnome2 or kde 3 for any status docklets or whatever they're called. The older 0.59 shipped with the legacy dists this project is targeting had a gnome1 panel applet. Moving to the newer version will break this and may piss off quite a few people who use gaim regularly. That's just something to consider. If it's found that the security issues aren't relevant to 0.59, then it won't matter at all. Oh, and for reference, here's the RHEL3 errata page and CVE IDs for the gaim vulns (the CVE stuff is still not updated to provide anything useful): https://rhn.redhat.com/errata/RHSA-2004-033.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0007 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0008 Here's the bugtraq post detailing the issues: http://www.securityfocus.com/archive/1/351235/2004-01-25/2004-01-31/0 - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== The Constitution continues to remain no threat to our current form of government. -- Joseph Sobran -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQFAF+nVuv+09NZUB1oRAstCAKCAl0MtqxfLjU1Pm7VUOj+dy035OQCeKELq HYxxkYo5ZvTD567KEQeXk28= =kXWM -----END PGP SIGNATURE-----
