-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Quick Summary:
For 20030101-20060320 there are a potential 1361 CVE named vulnerabilities
that could have affected FC5 packages. 90% of those are fixed because FC5
includes an upstream version that includes a fix, 1% are still
outstanding, and 9% are fixed with a backported patch. Many of the
outstanding and backported entries are for issues still not dealt with
upstream.
For comparison FC4 had 88% by version, 1% outstanding, 11% backported.
Method:
Near the release time of each new distribution the Red Hat security
team go through the packages to ensure that everything is up to date
with security patches. Full details of the method can be found
http://people.redhat.com/mjc/20050505-fc4
A full table of CVE name, the reason why FC5 isn't vulnerable and optional
comments showing the package name, version it was fixed in, or method used
to verify the details is available:
http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc5?root=fedora
This file will be kept up to date through the life of FC5 to track
publically known vulnerabilities and how they affect FC5.
Corrections, comments to secalert@xxxxxxxxxxx
Thanks, Mark
- --
Mark J Cox / Red Hat Security Response Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iQCVAwUBRB57f+6tTP1JpWPZAQIRAgQApmCQEUeH4vbMBJABLsFPXmyvkhlbfN+X
mRMcFOHjIc/bekCGb864f64rDxbs+piLE7uXZak4zio7xAKRdWT5z28X2TgprcS8
VT+XBIzix0+vGni8JzDKpEZEq6FTE6zPG22gDfxGAwt9K0qxHGxb1JkY/Syh7wjI
V7vi8XFlaag=
=dnuD
-----END PGP SIGNATURE-----
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
