On Tue, 12 Jun 2007 12:41:12 +0900 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> wrote: > Oh.. I sent a reply to Kevin and did not sent to mailing list, > resending... > > Kevin Fenzi wrote, at 06/12/2007 12:04 PM +9:00: > > ok. Looking at the nice big pile you checked in, I think we might be > > served better by folks taking particular packages. Ie, if you are > > already examining a package for one CVE, it might be easier to just > > keep going on that package rather than switch to another one and > > have to pull up more cvs files, bugzilla, etc. > > > > Here's the top 10 of the ones you just checked in today: > > > > 30 (php) > > 14 (helixplayer) > > 11 (tomcat) > > 8 (fedoradirectoryserver) > > 7 (flash-plugin) > > 7 (acroread) > > 6 (openoffice.org) > > 6 (kernel) > > 5 (xscreensaver) > > 5 (wu-ftpd) > > For xscreensaver, all CVE entries which were added today are > for <4.18 and no longer affects FC-5+ xscreensaver (4.24<=) Excellent news. ;) I looked around briefly and xscreensaver seems to not really note when these things are fixed. Nothing in the changelog at jwz's site, or in your spec file changelog mention CVE's or security issues that I could see off hand. Or is there somewhere that I am not looking? That makes it hard to verify things. ;( You might consider adding info about security fixes to your changelog, and/or talk to Jamie and see if he is willing to note them in the upstream changelog. Thanks for the info. > Mamoru (xscreensaver maintainer) kevin
Attachment:
signature.asc
Description: PGP signature
-- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
