On Friday 05 May 2006 10:05, Jason L Tibbitts III wrote:
For example, I know there's a recent clamav vulnerability that
affects
Extras. Now, I can search to find out that it's CVE-2006-1989. I
know Enrico pushed 0.88.2 on May 2 so we're not vulnerable.
But, how would I have seen the CVE without knowing it existed? Click
on every link in the daily changelogs and manually read the
description? There has to be a more efficient way.
BTW, what would be the format of the line to add to the fe4 and fe5
files for this?
CVE-2006-1989 version (clamav, fixed 0.88.2)
(no bug number, no announcement obviously)
- J<
When i saw this on bugtraq i first searched bugzilla. which had no bug
filled. I then checked the repo to see if packages were updated. which
they were not at that time. I then checked the fedora-extras-commits to see
if there was something there. and the updates had been commited. My
question is should I have filed a bug anyway so that we have a public
record that the issue had been fixed?
--
Regards
Dennis Gilmore, RHCE
Proud Australian