Are they? I suppose it is possible as I inexplicably find openssh-3.1p1 RPM's in updates.redhat.com. Not that I doubt you, but I would like to see some page somewhere that says so. Likewise I'd like to see the page, dated in August that lets us all know that they patched apache1.3.26 to fix that vulnerability and it's now available for download.
Are you sure that they're not addresing the issues? *My* understanding is that, in most cases, the security patches are applied to the version of the app currently being distributed by RH. This was certainly true with regard to the OpenSSH bugs, and I'm fairly sure that philosophy is true with Apache...there were a number of updates released for it, over the last few months.
If they are doing as you say, why the advisory that I posted earlier? Reading it it certainly doesn't say anything about "pull down the apache-1.3.26-2.rpm", but it does say to apply immeadiately the updates for 1.3.27 (which did not ship with 7.2, or 7.3).
-- Matthew Boeckman (816) 777-2160 Manager - Systems Integration Saepio Technologies
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
