-----BEGIN PGP SIGNED MESSAGE-----
For 20030101-20060320 there are a potential 1361 CVE named vulnerabilities
that could have affected FC5 packages. 90% of those are fixed because FC5
includes an upstream version that includes a fix, 1% are still
outstanding, and 9% are fixed with a backported patch. Many of the
outstanding and backported entries are for issues still not dealt with
For comparison FC4 had 88% by version, 1% outstanding, 11% backported.
Near the release time of each new distribution the Red Hat security
team go through the packages to ensure that everything is up to date
with security patches. Full details of the method can be found
A full table of CVE name, the reason why FC5 isn't vulnerable and optional
comments showing the package name, version it was fixed in, or method used
to verify the details is available:
This file will be kept up to date through the life of FC5 to track
publically known vulnerabilities and how they affect FC5.
Corrections, comments to secalert(a)redhat.com.
Mark J Cox / Red Hat Security Response Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v220.127.116.11 (GNU/Linux)
-----END PGP SIGNATURE-----
fedora-devel-list mailing list