Lawrence Houston wrote:
> Subject: Re: [FLSA-2006:195418] Updated sendmail packages fix security issue
> From: Lawrence Houston <legacy -AT- greenfield.dyndns.org>
> Date: Sun, 29 Oct 2006 09:34:17 -0500 (EST)
> To: [EMAIL PROTECTED]
> On Sun, 29 Oct 2006, Lawrence Houston wrote:
>
>> On Sun, 29 Oct 2006, [EMAIL PROTECTED] wrote:
>>
>>> Red Hat Linux 7.3:
>>> SRPM:
>>> http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/sendmail-8.12.11-4.22.11.legacy.src.rpm
>>>
>>> i386:
>>> http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-8.12.11-4.22.11.legacy.i386.rpm
>>> http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-cf-8.12.11-4.22.11.legacy.i386.rpm
>>> http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-devel-8.12.11-4.22.11.legacy.i386.rpm
>>> http://download.fedoralegacy.org/redhat/7.3/updates/i386/sendmail-doc-8.12.11-4.22.11.legacy.i386.rpm
>>
>> For the Red Hat 7.3 Distribution the above updates can also be found
>> within the "updates-testing" Area:
>>
>> SRPM:
>> http://download.fedoralegacy.org/redhat/7.3/updates-testing/sendmail-0-8.12.11-4.22.11.legacy.i386.rpm
>>
>> i386:
>> http://download.fedoralegacy.org/redhat/7.3/updates-testing/i386/sendmail-0-8.12.11-4.22.11.legacy.i386.rpm
>> http://download.fedoralegacy.org/redhat/7.3/updates-testing/i386/sendmail-cf-0-8.12.11-4.22.11.legacy.i386.rpm
>> http://download.fedoralegacy.org/redhat/7.3/updates-testing/i386/sendmail-devel-0-8.12.11-4.22.11.legacy.i386.rpm
>> http://download.fedoralegacy.org/redhat/7.3/updates-testing/i386/sendmail-doc-0-8.12.11-4.22.11.legacy.i386.rpm
>>
>> Which means the final release of these updates will NOT be available
>> by YUM until the comments around the "updates-testing" section of
>> yum.conf have been removed!!! My understanding is this should NOT be
>> required since the same updates should NOT appear in both areas???
>
> A similar pattern repeats for the Red Hat 9 Distribution... Secondly I
> failed to notice the leading '0' on the Major Release Number such that
> removing the comments around the "updates-testing" sections still will
> NOT allow the July 27th Sendmail Updates to be applied... The net
> effect being the July 27th Update are being "held back", either on
> purpose or because of an over-sight???
>
> Lawrence Houston -- ([EMAIL PROTECTED])
I think there is something wrong with the header files that yum depends on to
do updates. Perhaps our 'push-to-update' scripts did not generate them cor-
rectly, or they may not have been pushed correctly from the build server to
download.fedoralegacy.org. We're looking into that.
Are messages you see that display the URL that have 'sendmail-*0-*.i386.rpm'
being
generated by the yum program? No such URL's were included in the Fedora Legacy
Security Advisory FLSA-2006:195418, so I was wondering where you saw them.
In the meantime, if you wish to update these files manually, you can download
them with wget or a web browser using the URLs given in the Advisory message.
You
can then use the 'rpm -U' command (as user root) to update the sendmail
packages.
That will do the same thing that yum should have done.
Please write us back and let us know if there is anything more we can do to
help.
Hope this helped.
Regards,
David Eisenstein
--
fedora-legacy-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-legacy-list
