On 06/15/2010 07:54 AM, Till Maas wrote: > On Tue, Jun 15, 2010 at 07:28:40AM -0400, Stephen Gallagher wrote: >> Can someone explain to me why a package whose update comment lists >> "added patch that fixes insufficient environment sanitization issue >> (CVE-2010-1646)" is not marked as a security bug? > > No, because according to the Bodhi web interface it is a security > update: > https://admin.fedoraproject.org/updates/sudo-1.7.2p6-2.fc13 > > If it is not in some other interface, it usually helps to specify where > it is not. > > Regards > Till > Hmm, then maybe this is a bug in PackageKit. In the Software Update GUI, it's listed as "normal update". -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
