Once upon a time, John Oliver <[email protected]> said: > On Tue, May 19, 2009 at 02:16:12PM -0500, Chris Adams wrote: > > Once upon a time, John Oliver <[email protected]> said: > > > ...will the following issues be addressed in RHEL5? > > > > Since these bugs are all filed against Fedora, I'd say never. Have you > > opened support cases against RHEL? > > Not sure how I would be expected to know that... the URL gives no > indication, the issues are equally applicalble to RHEL as well as > Fedora, and the only place the word "[Ff]edora" appears is in comments.
That's because you jumped into the middle of a site. The front page of bugzilla.redhat.com tells you (I don't expect them to burden every page with a disclaimer). > > However: > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=476671 > > > > Fixed Tue Dec 16 2008 in openssl-0.9.8e-7. > > > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-0005 > > > > Fixed Mon Jan 07 2008 in httpd-2.2.3-11.el5_1.1. > > Neither page refers to those fixes. I'm sure that there is errata that > gives that info, but since it isn't referred to on those bugzilla > pages... Again, because those bugs were used by Fedora, not RHEL. > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-0002 > > > > In the report: > > > > Versions Affected: > > Tomcat 6.0.5 to 6.0.15 > > > > RHEL 5 ships tomcat5-5.5.23 so appears not affected. > > That page specifically mentions: > > Fixed In Version: 5.5.26-1jpp.1 Fedora package 5.5.26-1jpp.1, not RHEL. > That implies that 5.5.23 would still be vulnerable. Same point as > above... the bugzilla page does not help me find an answer. Because it is not for RHEL. > > > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1232 > > > > Fixed Fri Aug 22 2008 in tomcat5-5.5.23-0jpp.7. > > > > I suggest next time RTFM before complaining. > > It would help if TFM had anything to read about the issue at hand :-) TFM for RHEL is www.redhat.com and rhn.redhat.com (per the RHEL documentation and KB), not bugzilla.redhat.com. Are you assuming that *.redhat.com == RHEL? That is not a valid assumption. -- Chris Adams <[email protected]> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
