Bug 78768
Summary: | Security issue in Pine 4.44 and older releases | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Mark J. Cox <mjc> |
Component: | pine | Assignee: | Mike A. Harris <mharris> |
Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2.1 | CC: | mharris |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-01-12 02:53:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mark J. Cox
2002-11-29 14:38:26 UTC
People reading this report may be a bit curious about the fix that Red Hat and pretty much all other vendors are currently using, due to the timing of things. This bug was found prior to pine 4.50 being released, and the patch which fixes pine 4.44 and earlier is what we have applied to pine 4.44 in order to resolve this issue with minimal impact. Some users have asked why Red Hat has not released a pine 4.50 update since it also fixes this issue. Since this is a security issue, what is most important is that the specific security issue is fixed, and nothing else is changed. That provides Red Hat customers with a new bug fixed version of the version of pine that they are already using, and it comes with no surprises. pine 4.50 is brand new, and as such may contain instabilities or other new bugs due to it being a brand new release just released to the general public, and not yet having widespread testing. As such, releasing pine 4.50 instead of the bug fixed pine 4.44 could cause a software regression, and that isn't an acceptable solution for Red Hat's stable OS products. We've chosen to fix the bug instead by patching it, and providing a known stable package as an update. Some users are curious about when Red Hat will release pine 4.50 for the various Red Hat OS products. pine 4.50 or some later version will appear in a future Red Hat Linux product at some point, once it is considered stable for inclusion and has had adequate beta testing. There are no plans for shipping a pine 4.50 enhancement update for any Red Hat Linux products at this time, however over time if the new version of pine proves itself to be as stable and reliable as pine 4.44 is, then we may consider releasing an enhancement. There are currently no plans however to do so. This problem has been fixed and in QA testing. I've updated the bug summary to be more accurate, and closing this as fixed in erratum, as the new erratum should be released very soon. This bug is used for tracking security issues in Advanced Server; reopening until the errata ships (at which time the bug will be closed automatically) Closed automatically by what? ;o) The erratum has been released already. |