2 vulnerabilities in "Extras" found and reported: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188122 http://bugzilla.livna.org/show_bug.cgi?id=889
Also a number in core but I assume those are known: MySQL: logging bypass: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0903 php: insecure data: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1490 samba: clear text password exposure: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059
Regards,
Hans
p.s.
What happens if I add fedora-security-list@redhat.com to the CC-list, will this work? If not can someone make this work?
On Thursday 06 April 2006 05:19, Hans de Goede wrote:
What happens if I add fedora-security-list@redhat.com to the CC-list, will this work? If not can someone make this work?
Please no. This list is being used to discuss how to create a security response system for Extras. CCing it with bugs will not help. We're trying to determine and create the proper place for these bugs to be cc'd or assigned to.
Also a number in core but I assume those are known:
Yes, here are the bugs. We place the CVE id in the bug summary to make for quick searching.
MySQL: logging bypass: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0903
Bug #183261
php: insecure data: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1490
Bug #187231
samba: clear text password exposure: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1059
Bug #187170
security@lists.fedoraproject.org
-
Hans de Goede -
Jesse Keating -
Josh Bressers