> openssl in FC4 is patched as openssl 0.9.7f (which was released for FC4 > when the vulnerability was announced last year) contains the same > security fix as openssl 0.9.8a. > > http://www.openssl.org/news/secadv_20051011.txt > http://lwn.net/Alerts/155824/
And of course, the really stupid thing is that Redhat/Fedora have been doing this sort of thing for years. They always futz with the version numbers, so that what you have on your FC/RH system is usually a mix of the named version and back ported patches. This is nothing new people and a reason why you should pay attention to what your distro releases in terms of security alerts instead of blindly following the originating projects alerts. Finally I would just like to add "Join our LUG, Join our LUG, We're From Sydney, We Get Mugged" -- James Purser Producer/Presenter - Linux Australia Update http://k-sit.com - My Blog http://la-pod.k-sit.com - Linux Australia Update Podcast, Blog and Forums Skype: purserj1977 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html