Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=225660 --- Comment #3 from Dave Anderson <anderson@xxxxxxxxxx> 2009-01-23 12:11:22 EDT --- I'm not sure why the review was made of the crash.spec file from the upstream package instead of the Fedora version? When updating the Fedora package, the upstream spec file is not pulled into Fedora. In any case, I'm presuming that the relevant issues brought up re: the upstream spec file should be addressed in the Fedora version if they haven't already. The Fedora crash utility NVR scheme has (up until now) simply mirrored the upstream version upon which it was based, but I can see the validity in encapsulating the upstream NVR into the Fedora version. It's been an annoyance in the past when somebody has come in (unbeknownst to me) and bumped up the release number, which in turn screwed up the upstream NVR relationship. With respect to the CVE's, both 1704 and 4146 are highly unlikely to be issues given that the crash utility does a number of checks on the vmlinux object file prior to the embedded gdb module ever being invoked. (i.e., using the supplied sample hand-carved object files, they get rejected by the crash code as not being legitimate vmlinux files) Nonetheless, the patches for both of those issues are reasonable and safe to add, and I have done so. I've also incorporated the patch for the .gdbinit-related 1705 issue. When I update the upstream version, I will follow up with a Fedora update -- after I figure out how to check into my account given that I haven't been there since the Fedora break-in. Thanks, Dave Anderson -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. _______________________________________________ Fedora-package-review mailing list Fedora-package-review@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-package-review