On Wed, 2005-11-09 at 17:04 -0500, James Kosin wrote: > >>The CVE website states that CAN-2005-2498 is not the same as > >>CAN-2005-1921; so, I think to reason; both need to be fixed if we are > >>vulnerable. > > > > > >Indeed. But sources referenced in RHSA-2005:564-15, where > >CAN-2005-1751 and CAN-2005-1921 are mentioned, are explicitely > >marked as outdated by RHSA-2005:748-05 (CAN-2005-2498) so the latest > >presumably have fixes for all these. Source packages are somewhat > >different for RHEL3 and RHEL4 so you possibly need a right fit for > >FC1 and FC2. > > > >In my earlier remarks I meant that it does not look that any fix > >is needed for RH7.3; simply because the code with problems is not > >there. > > > >Yesterday updates for FC3 include also php-4.3.11-2.8.src.rpm > >(and php-5.0.4-10.5.src.rpm for FC4). > > > > Michal > > > >-- > > > >fedora-legacy-list@xxxxxxxxxx > >https://www.redhat.com/mailman/listinfo/fedora-legacy-list > > Yes, but the release for FC3 doesn't have a patch for 2005-2498... > They have a newer XML_RPC.tgz file. > They also address CVE-2005-3353, CVE-2005-3388, CVE-2005-3389 and > CVE-2005-3390... > do we need to concern ourselves with these? Right now, the worm that is going around is targeting CAN-2005-1921. FL released updates for that in July. Tonight, I'll build some packages that address all the other issues, just in case. They will be located here for QA: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166943 Marc.
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
