Re: whole pile o' updates | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
On Thu, Feb 14, 2008 at 09:25:16AM -0700, Jake Edge wrote: > (sorry if this starts a new thread, you folks answered before I had a > chance to subscribe :) > > Jesse wrote: > > > As for ruby-gnome2's other CVE fix, that was released earlier in a > > different update, > > https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4216 > > So this getting into our system is an artifact of how we process the > alerts. Our program looks for CVE references anywhere in the alert and > believes the alert fixes those CVEs. In this case (and presumably others), > that CVE was fixed in an earlier release and only appeared in the Changelog > in the message. > > I have sometimes wondered about those changelogs. It would seem to me that > unless they only refer to the changes since the last release, they are > fairly confusing to someone reading them. Is there a way for a human (or > program) to determine which of those changelog entries actually correspond > to the changes in the release that goes with the alert? The changelogs are /supposed/ to be from the last time that package was updated. However, there are still some bugs that need to get worked out in the generation of these. luke -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
[Home] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Coolkey] [Fedora Tools]
