"JB" == Josh Bressers <(bressers) fedora-extras-commits@redhat.com> writes:
JB> Modified Files: fc5 fc6 Log Message: Note some new PHP CVE ids.
FC6 seems to have PHP 5.1.6 now, so should these:
+CVE-2006-4486 VULNERABLE (php, fixed 5.1.6) +CVE-2006-4485 VULNERABLE (php, fixed 5.1.5) +CVE-2006-4484 ignore (php, fixed 5.1.5) +CVE-2006-4482 VULNERABLE (php, fixed 5.1.5)
be listed as fixed?
- J<
"JB" == Josh Bressers <(bressers) fedora-extras-commits@redhat.com> writes:
JB> Modified Files: fc5 fc6 Log Message: Note some new PHP CVE ids.
FC6 seems to have PHP 5.1.6 now, so should these:
+CVE-2006-4486 VULNERABLE (php, fixed 5.1.6) +CVE-2006-4485 VULNERABLE (php, fixed 5.1.5) +CVE-2006-4484 ignore (php, fixed 5.1.5) +CVE-2006-4482 VULNERABLE (php, fixed 5.1.5)
be listed as fixed?
That's what any sane person would think :)
The file is a snapshot of FC6, in this case it's a snapshot of FC6 Test 2. Since FC6 Test 2 contained php 5.1.4, we mark them vulnerable. Once Test 3 comes out we'll look through the file again.
security@lists.fedoraproject.org