Can someone explain to me why a package whose update comment lists "added patch that fixes insufficient environment sanitization issue (CVE-2010-1646)" is not marked as a security bug? -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/