On Friday 05 May 2006 10:05, Jason L Tibbitts III wrote: > For example, I know there's a recent clamav vulnerability that affects > Extras. Now, I can search to find out that it's CVE-2006-1989. I > know Enrico pushed 0.88.2 on May 2 so we're not vulnerable. > > But, how would I have seen the CVE without knowing it existed? Click > on every link in the daily changelogs and manually read the > description? There has to be a more efficient way. > > BTW, what would be the format of the line to add to the fe4 and fe5 > files for this? > > CVE-2006-1989 version (clamav, fixed 0.88.2) > > (no bug number, no announcement obviously) > > - J< > When i saw this on bugtraq i first searched bugzilla. which had no bug filled. I then checked the repo to see if packages were updated. which they were not at that time. I then checked the fedora-extras-commits to see if there was something there. and the updates had been commited. My question is should I have filed a bug anyway so that we have a public record that the issue had been fixed? -- Regards Dennis Gilmore, RHCE Proud Australian
