On Mon, 2003-11-10 at 10:25, The Matt wrote: > After getting the ethereal RHSA just now, > I wondered aloud...is Fedora Core vulnerable? According to the bulletin all versions <= 0.9.15 are vulnerable. FC1 comes with ethereal-0.9.13-4.1. So I would say it is probably vulnerable. > How about the recent CUPS and coreutils RHSAs? The CUPS bulletin was for versions prior to 1.1.19. FC1 comes with 1.1.19 so it appears to be alright. Doing a quick check of "ls" in the FC1 coreutils package to see if it suffers from the reported problem the answer is, yes it does. > So, I ask again, what is the security/bug procedure of Fedora > Core? Is there a "FCSA" list out there that mimics RHSA that I can > subscribe to? Thats a good question as to how security issues are going to be handled. There does not appear to be an fedora-watch-list at this time. > > Should I grab the Red Hat 9 packages to shore up these security holes if > the FC1 packages don't cover them (e.g., get ethereal*.0.9.16 until an > FC1 release appears)? I just grabbed the SRPM for the RH 9 errata and will compile it for my Fedora box. For the coreutils issue, I just grabbed the patches from the bug-coreutils mailing list. Will look at adding them to the current FC1 package and recompiling it. Regards, Jim H
