On Fri, 7 Apr 2006, Dennis Gilmore wrote: > I just reported a security bug for ClamAV in extras > > it came to me from bug traq while i know its not the be all and end all of > finding issues its a place to start. > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188286 One thought - it might be best in cases like that to file a separate bug for each CVE. I'd think it'll simplify verifying that all CVEs are covered later, and it also accomodates better for having to backport separate patches to fix each CVE if the decision is not to upgrade.... later, chris
