SCIENTIFIC-LINUX-USERS Archives

August 2006

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Apache version and CVE-2006-3747
From:
Jaroslaw Polok <[log in to unmask]>
Reply To:
Jaroslaw Polok <[log in to unmask]>
Date:
Thu, 3 Aug 2006 12:07:29 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (34 lines) 
Hi
> 
> (hmmm - is it allowed to say R** H** in SL???  ;-)

You rather say TUV (The Upstream Vendor) ;-)

[...]

> It does, however, leave open the more general question of how RH 
> should be informing the world about their response to security 
> advisories which are on the public record, but for which their version 
> has been rated as safe. At the moment they seem to be staying quiet, 
> which may be at least one excuse that I can give for the commotion 
> here.

Indeed they are not doing announcements about not being
affected by given vulnerability, but:

access to the Knowledge Base (from which the citation
in that LWN thread comes) is public: http://kbase.redhat.com

And there is also an article there addressing specifically
this subject: http://kbase.redhat.com/faq/FAQ_58_8448.shtm
(basically rpm -q package.rpm --changelog )

Best Regards

Jarek
__
-------------------------------------------------------
_ Jaroslaw_Polok ___________________ CERN - IT/FIO/LA _
_ http://home.cern.ch/~jpolok ___ tel_+41_22_767_1834 _
_____________________________________ +41_78_792_0795 _

ATOM RSS1 RSS2