On Sun, Sep 25, 2005 at 02:51:57PM -0400, Jim Popovitch wrote: > > Michal, I am confused about all your comments on this thread. You raised a possibility that PCRE bugs affect also various Python packages. Quite timely alert, I would say, and from all what we know by now you were right. After that we got some followups on the topic and some which left me somewhat baffled. > Now > today I see that you already opened a bug back on 16-Sept > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=168516 Indeed I wrote that. But this is about bugs in 'pcre' package itself. Fixing that does not seem to help 'python<whatever>' as that appears to re-cycle that code with security bugs directly and not using 'pcre' as a library. Even if that would be used as a statically linked library then all affected packages would need to be at least recompiled (but most likely they need direct patches). So the report you qoute is not sufficient as bugzilla entries are for a package and not for a bug with a list of all possible packages where this may apply. Therefore we need a corresponding entry in bugzilla. If you cannot and/or do not want to do that then say so and somebody else will have to write something up. > Why didn't you just say that this bug already existed? Eh? Was that not explicit enough? https://www.redhat.com/archives/fedora-legacy-list/2005-September/msg00110.html I thought also that explanations why http://rhn.redhat.com/errata/RHSA-2005-761.html is not good enough for us to track the issue were pretty clear. Obviously this can be _one of_ references. Michal -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
