Hi Mark, thanks for the list, saves me digging through lots of emails :) I've opened a few new bugs and commented on a few others below. I haven't looked at the ones I say nothing about, but I'll try to get to a few of those later. -Jeff > kde dcop CAN-2005-0365 or CAN-2005-0396 > gnomevfs CAN-2005-0706 > mysql CAN-2004-0957 better fix available? (debian, ubuntu) > kdelibs CAN-2005-1046 > cyrus-imapd CAN-2005-0546 This exists as bugzilla #156290 > kdewebdev CAN-2005-0754 > gnutls CAN-2005-1431 Does this package exist in legacy? > squid CAN-2005-1345 CAN-2005-1519 CVE-1999-0710 CAN-2005-1390 > CAN-2005-1389 There is an old squid package sitting in updates-testing, but it doesn't cover those issues. I vote for pushing out the old package and opening up a new bug for these. RHEL has a package which covers many of those patches: https://rhn.redhat.com/errata/RHSA-2005-415.html > ethereal There are ethereal packages sitting in updates-testing since March (bug #152922). Any reason this hasn't timed-out yet? RHEL has updated packages for the newer bugs: https://rhn.redhat.com/errata/RHSA-2005-687.html > openssl CAN-2005-0109 I opened a new report for this - #166939 - also addresses CAN-2004-0975. > gaim CAN-2005-1269 CAN-2005-1934 > ruby CAN-2005-1992 > sudo CAN-2005-1993 I opened a new report for this - #166940 > gedit CAN-2005-1686 > binutils CAN-2005-1704 > zlib CAN-2005-2096 (rpm?) This exists as bug #162680 and looks like it's just waiting to be pushed to updates - am I missing something? > httpd 2.0 CAN-2005-2088 CAN-2005-1344 It looks like redhat has patched CAN-2005-2088 and CAN-2005-1268, but I don't see a patch for CAN-2005-1344. According to the CVE page, it doesn't look easily exploitable. I've created a new report for this - #166941 > vixie cron CAN-2005-1038 > krb5 CAN-2005-1689 CAN-2005-1175 CAN-2005-1174 etc > net-snmp CAN-2005-2177 > klibs - kate CAN-2005-1920 > fetchmail CAN-2005-2335 This exists as bug #164512. I'll look into adding the fixes you mentioned there. > kdenetwork (kopete) CAN-2005-1852 > xpdf CAN-2005-2097 > vim CAN-2005-2368 This exists as bug #164488 > slocate CAN-2005-2499 I'm confused on this one. bug #165430 makes it looks like all rhel os's are effected, yet the errata is only for rhel 2.1 - anyone have any ideas on this? The CVE page states that it only effects versions prior to 2.7, which should mean we are OK, but RHEL 2.1 was also running 2.7 which is why I'm confused... > pcre CAN-2005-2491 > php CAN-2005-2498 I created a new report for this - #166943 - it effects fc1 & fc2 > freeradius CAN-2005-1454 CAN-2005-1455 > ntp CAN-2005-2496 -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list