On Sat, 15 Dec 2007 13:50:03 +0100
shrek-m@xxxxxx ("shrek-m@xxxxxx") wrote:
> Kevin Kofler schrieb:
> > shrek-m <at> gmx.de <shrek-m <at> gmx.de> writes:
> >
> >> nice to see that
> >> 1.4.13 f8 is complete
> >> 1.4.13 f9 (rawhide) is complete
> >> http://koji.fedoraproject.org/koji/packageinfo?packageID=473
> >>
> >> please push them asap to updates.
They should go out with the next push.
> > Look closer at the announcements, they have been compromised
> > post-release, and fairly recently (around December 8), the 1.4.11
> > in F8 was packaged much earlier, so it should be safe.
Indeed this was the case. The reason for the 1.4.13 update was to
prevent confusion about if the version in fedora is vulnerable or not.
(It is not).
Looking at the compromised source and checking it against the 1.4.11
source in the fedora lookaside cvs cache, it is NOT vulnerable. It has
the orig md5sum of the released 1.4.11 and none of the tampering.
It was uploaded to the fedora lookaside cache before the compromise.
In any event, 1.4.13 should be pushed soon and hopefully help get rid
of the confusion.
kevin
Attachment:
signature.asc
Description: PGP signature
-- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
