Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Development (http://www.linux-archive.org/fedora-development/)
-   -   sudo-1.7.2p6-2.fc13 (http://www.linux-archive.org/fedora-development/386055-sudo-1-7-2p6-2-fc13.html)

Stephen Gallagher 06-15-2010 11:28 AM

sudo-1.7.2p6-2.fc13
 
Can someone explain to me why a package whose update comment lists
"added patch that fixes insufficient environment sanitization issue
(CVE-2010-1646)" is not marked as a security bug?

--
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Till Maas 06-15-2010 11:54 AM

sudo-1.7.2p6-2.fc13
 
On Tue, Jun 15, 2010 at 07:28:40AM -0400, Stephen Gallagher wrote:
> Can someone explain to me why a package whose update comment lists
> "added patch that fixes insufficient environment sanitization issue
> (CVE-2010-1646)" is not marked as a security bug?

No, because according to the Bodhi web interface it is a security
update:
https://admin.fedoraproject.org/updates/sudo-1.7.2p6-2.fc13

If it is not in some other interface, it usually helps to specify where
it is not.

Regards
Till
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Stephen Gallagher 06-15-2010 11:59 AM

sudo-1.7.2p6-2.fc13
 
On 06/15/2010 07:54 AM, Till Maas wrote:
> On Tue, Jun 15, 2010 at 07:28:40AM -0400, Stephen Gallagher wrote:
>> Can someone explain to me why a package whose update comment lists
>> "added patch that fixes insufficient environment sanitization issue
>> (CVE-2010-1646)" is not marked as a security bug?
>
> No, because according to the Bodhi web interface it is a security
> update:
> https://admin.fedoraproject.org/updates/sudo-1.7.2p6-2.fc13
>
> If it is not in some other interface, it usually helps to specify where
> it is not.
>
> Regards
> Till
>

Hmm, then maybe this is a bug in PackageKit. In the Software Update GUI,
it's listed as "normal update".

--
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Matt McCutchen 06-15-2010 12:08 PM

sudo-1.7.2p6-2.fc13
 
On Tue, 2010-06-15 at 07:59 -0400, Stephen Gallagher wrote:
> Hmm, then maybe this is a bug in PackageKit. In the Software Update GUI,
> it's listed as "normal update".

I've seen that a lot over the past few months. Unfortunately, I haven't
investigated to the point of being able to write a useful bug report.

--
Matt

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Simo Sorce 06-15-2010 12:40 PM

sudo-1.7.2p6-2.fc13
 
On Tue, 15 Jun 2010 08:08:20 -0400
Matt McCutchen <matt@mattmccutchen.net> wrote:

> On Tue, 2010-06-15 at 07:59 -0400, Stephen Gallagher wrote:
> > Hmm, then maybe this is a bug in PackageKit. In the Software Update
> > GUI, it's listed as "normal update".
>
> I've seen that a lot over the past few months. Unfortunately, I
> haven't investigated to the point of being able to write a useful bug
> report.
>

PackageKit seem a bit confused lately (F-13), it doesn't properly
understand dependencies it seems (always require me to install some
packages that do *not* depend on a smaller subset I told it to update)
and also seem not to understand that I do not have to
"rebbot/logout/whatever" if I did *not* in fact update the packages
that are marked that way...

Yet it is a little unclear if these are bugs or if it is in some way
intended behavior.

Simo.

--
Simo Sorce * Red Hat, Inc * New York
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Michael Cronenworth 06-15-2010 01:39 PM

sudo-1.7.2p6-2.fc13
 
Stephen Gallagher wrote:
> Hmm, then maybe this is a bug in PackageKit. In the Software Update GUI,
> it's listed as "normal update".

https://bugzilla.redhat.com/show_bug.cgi?id=574658
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel


All times are GMT. The time now is 10:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.