Chuck, > I'll repeat the question again: Can you name any security exploits that > exist that haven't been addressed? As you seem to be unwilling to investigate this yourself, despite pointers handed to you by others, I'll help you out. As the original poster (Nathan) stated there are many unresolved issues, as well as issues that linger in testing but are never announced (as a security update). Patches that linger in testing are probably not observed by 99% of users, especially if they are not announced as security updates. To me it is very surprising that while the infrastructure is not in place and thus the community can not yet address these issues fully bug reports are filed by the Red Hat Security Response Team for Red Hat Linux and Red Hat Enterprise Linux, but these bug reports are not propagated to Fedora Core (ie a duplicate entry added for FC), although they are relevant to Fedora Core as well. Also surprising is the fact that patches are added but not announced, as in the case with mc. 4.6.0-8.1 got in testing without being announced whatsoever. The same happened to mailman. Other issues are not dealt with yet whatsoever. The list as far as I can tell (thanks to Nathan for pointing out tcpdump): tcpdump: CAN-2003-0989 CAN-2004-0055 CAN-2004-0057 gaim: CAN-2004-0006 CAN-2004-0007 CAN-2004-0008 mc: (in testing since 4.6.0-8.1, but never announced, 8.3 and 8.4 announced as test, not as security patch) CAN-2003-1023 mailman: (unannounced in testing) CAN-2003-0965 Leonard. -- mount -t life -o ro /dev/dna /genetic/research
