[Fedora Release Engineering] #960: final freeze exception request (cluster)
Fedora Release Engineering
rel-eng at fedoraproject.org
Mon Nov 3 15:55:51 UTC 2008
#960: final freeze exception request (cluster)
----------------------+-----------------------------------------------------
Reporter: fabbione | Owner: rel-eng at lists.fedoraproject.org
Type: task | Status: new
Milestone: | Component: koji
Keywords: |
----------------------+-----------------------------------------------------
Package n-v-r: cluster-2_99_12-1_fc10
Description: new upstream release to fix several security issues
discovered after running a code audit. Details of the issues can be found
here: https://bugzilla.redhat.com/show_bug.cgi?id=469338
Rationale: would be nice to ship with it. Tho it can go in as part of
updates. It will spare the troubles of issuing a security update later on.
Impact: the upstream source is sensible to several symlinks attack by
default. It doesn't lead to privilege escalation but a normal user could
easily make a DoS on the system.
Testing: we did run the usual test suite before releasing from upstream.
Install/remove rpm, run, form a cluster, etc. Verified one by one that all
the security changes did not introduce regressions or behaviour changes.
Thanks
Fabio
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/960>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
More information about the rel-eng
mailing list