2013/9/12 Peter Hatina <phat...@redhat.com>: > Hi Peter, > > On 09/12/2013 10:00 AM, Peter Lemenkov wrote: >> Hello All! >> >> There are *lots* of CVEs against Wireshark shipped with Fedora 18 >> (quite old 1.8.8 version). >> >> * https://bugzilla.redhat.com/965942 >> * https://bugzilla.redhat.com/972762 >> * https://bugzilla.redhat.com/990189 >> >> In order to fix them and not to add additional work for the >> maintainers I'm thinking of upgrading up to 1.10.2 from 1.8.x. > > Well, idea looks fine, but before pushing such update, give us some time > to reply to your message (3 minutes is not enough). > >> >> Instead of backporting stuff let's build the latest stable! I'm sure >> users will love this, since new Wireshark adds a lot of new features >> and fixes all these CVEs. >> > > I would rather stick to 1.8.10, which is the latest Maintenance release > of wireshark. 1.8.10 will be certainly more OK with Fedora Update Policy > [1] [2] [3]. I don't think, Wireshark is on exception list.
I'm afraid that's just adds additional work for maintainers w/o any visible benefits. Let's move further instead of backporting - that's just a leafnode app so nobody got hurt by a potential dependency issue. Regarding version - fortunately that's not a critpath application, so we have a lot of freedom here. -- With best regards, Peter Lemenkov. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
