Hugo Cisneiros wrote: > Hi, > > I'm trying to fix this bug in the netpanzer package: > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990 > > It seems that the SVN version is ok, but I'm not a programmer to make a patch > only to fix this vulnerability. An option would be to create and apply a > patch to update the entire version to SVN instead of only the vulnerability > fix. > > What do you think? What is the current method? > > If applying the patch to update entirely to the svn version, I must change the > entire package's version or change only the release field in the specfile? > Why don't you ask upstream to make a new release with their fix for this and the fix I've attached to: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192983 for CVE-2006-2575? That sounds like a good reason to make a new release to me? Otherwise I would try to find the exact patch fixing this and backporting it, upgrading to a snapshot might cause all kinda problems including network protocol incompatibilities. Regards, Hans -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
