FYI, I did a very simple and dumb (my specialty!) comparison of all the packages in the FE5 CVS tree with the CVE-2006-* database A couple of the packages I don't have time to enter right now (seamonkey being the real biggie) but for the ones I had time to get to, I've updated the fe4 and fe5 lists in CVS and filed bugzillas for a couple of packages that appear to have unresolved vulnerabilities. Overall Fedora Extras looked pretty good.... Packages which at least match between FE4 / FE5 and CVE-2006* that I've not looked into fully yet: bsd-games clamav nethack seamonkey wine I'll get to them later in the week Do people see a need to extend this back any further, or is CVE-2006 a good line to draw as a beginning for when we track CVE? later, chris
