On Tue, 2003-11-11 at 16:45, Mike Burger wrote: > Maybe Fedora has a more recent version of Ethereal than is included in > RHL9? The errata that was just released for RH 9 was ethereal-0.9.16 it replaced ethereal-0.9.13. The version that shipped with FC1 is ethereal-0.9.13. If you read the security announcement all versions <= 0.9.15 are effected. I rebuilt the RH 9 errata SRPM to use on Fedora. The coreutils issue, for which an errata was already issued more then a week ago for RHL releases has also not been addressed. Yesterday I grabbed the patches myself from the bugs-coreutils mailing list and CVS and ported them to the FC1 coreutils package. The Fedora FAQ does not guarantee timely patches. If you want guarantees the buying an RHEL product is required. I guess if we want timely patches for FC1 we are going to have to do it ourself. Quoting.. Q: What is the errata policy for The Fedora Project? A: Security updates, bugfix updates, and new feature updates will all be available, through Red Hat and third parties. Updates may be staged (first made available for public qualification, then later for general consumption) when appropriate. In drastic cases, we may remove a package from The Fedora Project if we judge that a necessary security update is too problematic/disruptive to the larger goals of the project. Availability of updates should not be misconstrued as support for anything other than continued development and innovation of the code base. Red Hat will not be providing an SLA (Service Level Agreement) for resolution times for updates for The Fedora Project. Security updates will take priority. For packages maintained by external parties, Red Hat may respond to security holes by deprecating packages if the external maintainers do not provide updates in a reasonable time. Users who want support, or maintenance according to an SLA, may purchase the appropriate Red Hat Enterprise Linux product for their use. End quote. Regards, Jim H
