Re: Fedora 7 and the Security Response Team

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 12 Jun 2007 12:41:12 +0900
Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> wrote:

> Oh.. I sent a reply to Kevin and did not sent to mailing list,
> resending...
> 
> Kevin Fenzi wrote, at 06/12/2007 12:04 PM +9:00:
> > ok. Looking at the nice big pile you checked in, I think we might be
> > served better by folks taking particular packages. Ie, if you are
> > already examining a package for one CVE, it might be easier to just
> > keep going on that package rather than switch to another one and
> > have to pull up more cvs files, bugzilla, etc. 
> > 
> > Here's the top 10 of the ones you just checked in today: 
> > 
> >      30 (php)
> >      14 (helixplayer)
> >      11 (tomcat)
> >       8 (fedoradirectoryserver)
> >       7 (flash-plugin)
> >       7 (acroread)
> >       6 (openoffice.org)
> >       6 (kernel)
> >       5 (xscreensaver)
> >       5 (wu-ftpd)
> 
> For xscreensaver, all CVE entries which were added today are
> for <4.18 and no longer affects FC-5+ xscreensaver (4.24<=)

Excellent news. ;) 

I looked around briefly and xscreensaver seems to not really note when
these things are fixed. Nothing in the changelog at jwz's site, or in
your spec file changelog mention CVE's or security issues that I could
see off hand. Or is there somewhere that I am not looking?

That makes it hard to verify things. ;( 

You might consider adding info about security fixes to your changelog,
and/or talk to Jamie and see if he is willing to note them in the
upstream changelog. 

Thanks for the info. 

> Mamoru (xscreensaver maintainer)

kevin

Attachment: signature.asc
Description: PGP signature

--
Fedora-security-list mailing list
Fedora-security-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-security-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux