[21147] in bugtraq
RE: [RHSA-2001:078-05] Format string bug fixed
daemon@ATHENA.MIT.EDU (storage@iewebs.com)
Fri Jun 22 16:29:05 2001
Message-Id: <200106201650.f5KGoho23809@hanktree.iewebs.com>
Date: Wed, 20 Jun 2001 16:50:43 -0000
To: "Mayers, Philip J" <p.mayers@ic.ac.uk>,
"'bugzilla@redhat.com'" <bugzilla@redhat.com>,
<redhat-watch-list@redhat.com>
From: <storage@iewebs.com>
In-Reply-To: <A0F836836670D41183A800508BAF190B35E761@icex1.cc.ic.ac.uk>
Cc: <bugtraq@securityfocus.com>, <linux-security@redhat.com>,
<security@redhat.com>
"Mayers, Philip J" <p.mayers@ic.ac.uk> said:
> That's great - but did you even *bother* to check if the update works on
> RedHat 7.0?
>
<SNIP>
> *Wonderful* - you've shipped an update that no-one can apply, unless they
> update their OpenSSL package (an update you don't provide). Doubtless you
> built the RPM on RedHat 7.1, which has OpenSSL 0.9.6 and libcrypto.so.1
>
> I like RedHat, but this is the third time you've done something like this in
> recent months:
>
<SNIP>
I have to agree with Philip. I like Red Hat too but the updates are getting
slow and messy. An example is the mod_php package shipped with Red Hat 7.0,
which has flawed url-encoded form handling and has never been fixed, even
though two bug reports have been filed on Bugzilla about it. I emailed Red
Hat directly to ask about status - there's a newer package on Rawhide but it
would mean converting pretty much *everything* to Rawhide - and didn't even
receive an autoresponse, never mind an answer. The mod_perl package is also
missing CPAN distributions for embedding Perl in Apache configuration files,
which is just a silly oversight.
This affects me badly becuase I run Red Hat on three remote machines and one
local development machine. I'd *like* to keep these machines as stock as
possible to take full advantage of the Red Hat Network that Red Hat are so
keen to tell me about, but it's proving impossible. If it was Red Hat 5x or
maybe even 6x I could probably understand it, but this is the previous
release in the same primary version. It's not on. I'm beginning to wonder if
the profits are going to Red Hat's head... :)
adam
