Till Maas opensource at
Tue Jun 15 11:54:06 UTC 2010

On Tue, Jun 15, 2010 at 07:28:40AM -0400, Stephen Gallagher wrote:
> Can someone explain to me why a package whose update comment lists 
> "added patch that fixes insufficient environment sanitization issue 
> (CVE-2010-1646)" is not marked as a security bug?

No, because according to the Bodhi web interface it is a security

If it is not in some other interface, it usually helps to specify where
it is not.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : 

More information about the devel mailing list