On Tue, May 19, 2009 at 02:16:12PM -0500, Chris Adams wrote: > Once upon a time, John Oliver <[email protected]> said: > > ...will the following issues be addressed in RHEL5? > > Since these bugs are all filed against Fedora, I'd say never. Have you > opened support cases against RHEL?
Not sure how I would be expected to know that... the URL gives no indication, the issues are equally applicalble to RHEL as well as Fedora, and the only place the word "[Ff]edora" appears is in comments. > However: > > > https://bugzilla.redhat.com/show_bug.cgi?id=476671 > > Fixed Tue Dec 16 2008 in openssl-0.9.8e-7. > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-0005 > > Fixed Mon Jan 07 2008 in httpd-2.2.3-11.el5_1.1. Neither page refers to those fixes. I'm sure that there is errata that gives that info, but since it isn't referred to on those bugzilla pages... > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-0002 > > In the report: > > Versions Affected: > Tomcat 6.0.5 to 6.0.15 > > RHEL 5 ships tomcat5-5.5.23 so appears not affected. That page specifically mentions: Fixed In Version: 5.5.26-1jpp.1 That implies that 5.5.23 would still be vulnerable. Same point as above... the bugzilla page does not help me find an answer. > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1232 > > Fixed Fri Aug 22 2008 in tomcat5-5.5.23-0jpp.7. > > I suggest next time RTFM before complaining. It would help if TFM had anything to read about the issue at hand :-) The resources I found with Google did not address my questions. I have no doubt that Red Hat employees, being intimately familiar with the various systems and content therein find stuff like this painfully obvious. But to those of us who do not live and breath Red Hat errata and simply look for one answer at a time, what I've found is deficient. It might be perfect for internal tracking, but it was, clearly, of less help to me than it could, or should, have been. By plan or accident, these bugzilla pages are what come up in a Google search. If they're not the "right" place to find answers, maybe some SEO would be in order. -- *********************************************************************** * John Oliver http://www.john-oliver.net/ * * * *********************************************************************** _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
