On Wed, Nov 09, 2005 at 04:19:35PM -0500, James Kosin wrote: > > On Wed, Nov 09, 2005 at 11:22:28AM -0800, Jesse Keating wrote: > > > >> Does look like we need to patch this. RHEL issued an update, > > > > > > Do you mean that one from August? > > https://rhn.redhat.com/errata/RHSA-2005-748.html CAN ids between > > that one and http://www.securityfocus.com/bid/14088/info do not > > agree although the latest worm descriptions would suggest that > > RHSA-2005:748-05 is the correct one. > > > > Michal > > > > -- fedora-legacy-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-legacy-list > > The CVE website states that CAN-2005-2498 is not the same as > CAN-2005-1921; so, I think to reason; both need to be fixed if we are > vulnerable. Indeed. But sources referenced in RHSA-2005:564-15, where CAN-2005-1751 and CAN-2005-1921 are mentioned, are explicitely marked as outdated by RHSA-2005:748-05 (CAN-2005-2498) so the latest presumably have fixes for all these. Source packages are somewhat different for RHEL3 and RHEL4 so you possibly need a right fit for FC1 and FC2. In my earlier remarks I meant that it does not look that any fix is needed for RH7.3; simply because the code with problems is not there. Yesterday updates for FC3 include also php-4.3.11-2.8.src.rpm (and php-5.0.4-10.5.src.rpm for FC4). Michal -- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
