-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 13 Dec 2002, Bret Hughes enscribed the following:
BH>On Fri, 2002-12-13 at 10:25, Chuck Mead wrote: BH>> -----BEGIN PGP SIGNED MESSAGE----- BH>> Hash: SHA1 BH>> BH>> On Fri, 13 Dec 2002, Matthew Boeckman enscribed the following: BH>> BH>> MB>> Are you sure that they're not addresing the issues? *My* understanding is BH>> MB>> that, in most cases, the security patches are applied to the version of BH>> MB>> the app currently being distributed by RH. This was certainly true with BH>> MB>> regard to the OpenSSH bugs, and I'm fairly sure that philosophy is true BH>> MB>> with Apache...there were a number of updates released for it, over the BH>> MB>> last few months. BH>> MB> BH>> MB>Are they? I suppose it is possible as I inexplicably find openssh-3.1p1 BH>> MB>RPM's in updates.redhat.com. Not that I doubt you, but I would like to BH>> MB>see some page somewhere that says so. Likewise I'd like to see the page, BH>> MB>dated in August that lets us all know that they patched apache1.3.26 to BH>> MB>fix that vulnerability and it's now available for download. BH>> MB> BH>> MB>If they are doing as you say, why the advisory that I posted earlier? BH>> MB>Reading it it certainly doesn't say anything about "pull down the BH>> MB>apache-1.3.26-2.rpm", but it does say to apply immeadiately the updates BH>> MB>for 1.3.27 (which did not ship with 7.2, or 7.3). BH>> BH>> Psyche: https://rhn.redhat.com/errata/rh8-errata.html BH>> Valhalla: https://rhn.redhat.com/errata/rh73-errata.html BH>> Enigma: https://rhn.redhat.com/errata/rh72-errata.html BH>> Seawolf: https://rhn.redhat.com/errata/rh71-errata.html BH>> BH> BH>Chuck, I think this makes his point although a little research shows it BH>not to bequite as bad as first thought at least in my mind. I had no intention to say he was wrong... I was simply calling attention to where the information may be found... As to RH's security policies and procedures/methods et. al. I am in the same boat as everybody else... er... uhm... not my department, eh what? Having personally lived through the openssh thingy last summer (prior to beginning my employment with RH) I know full well that the openssh thing was fixed the same week the bug was reported but it was fixed in an errata which was released the same week but based on the current version. To wit: https://rhn.redhat.com/errata/RHSA-2002-155.html - -- [EMAIL PROTECTED], RHCE Instructor, Global Learning Services -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE9+ij6YCtDlaj78K8RAn4WAJ4rQ4sQYYjLXElJG26Tn+rXgCZXYgCfa3L3 otMOG2f/knhMgMxJwF6Eo5w= =mNxG -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
