Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2453 Additional dia format string flaws https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830 deisenst@xxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bugs@xxxxxxxxxxxxxxxx ------- Additional Comments From deisenst@xxxxxxx 2006-05-27 19:24 EST ------- Have a question. If this has been fixed for FC5 (or, I guess the technically correct moniker would be "FE5"), and this is a security issue -- so people who need to know (and don't have yum automatically set to update their FC5 systems) DO know that this has been fixed -- should there not be an announcement for this fix and the CVE-2006-2480 fix (in Bug 192535) published to the fedora-package-announce list, like Caolan McNamara's announcement here?: http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00119.html Not everybody has yum working to automatically update their FC5 installs, so unless there is an announcement somewhere, how will they know to update their dia to dia-0.95-3?? Another unrelated question: Do you mind if we in Fedora Legacy backport the fixes you made for maintaining the older legacy versions of dia? If so, may we include you, Hans, in the cc: list for such a bugzilla entry? The open Bugzilla Bug Fedora Legacy has for dia currently is Bug #190942, in which we also discovered that the CVE-2005-2966 may not have been covered either here, in FC, or in RHEL... (This CVE may not affect FedoraExtras, but may affect Fedora Core 4, RHEL 4/3/2.x?...) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
