> I take it the two CVEs from February are fixed in the packaged > version? > > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0575 > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0539 Yes, at least it is what is said upstream about those issues. Moreover the vulnerable program, convert-fcrontab isn't shipped in the package submitted to fedora extras, so it is not vulnerable. -- Pat -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
