a bunch of vulns have been reported in ethereal. many of these aren't relevant to the legacy versions, but some are: CAN-2004-1139 CAN-2004-1140 CAN-2004-1141 CAN-2004-1142 CAN-2005-0006 CAN-2005-0007 CAN-2005-0008 CAN-2005-0009 CAN-2005-0010 CAN-2005-0084 ------- Additional Comments From michal 2005-02-07 13:38:27 ---- After current updates Red Hat is using basically the same 0.10.9 source across the board from RHEL2 to FC3. ethereal-0.10.9-1.AS21.1.src.rpm includes ethereal.wmconfig, the same one as ethereal-0.10.3-0.73.3.legacy.src.rpm, while ethereal-0.10.9-1.FC{2,3}.1.src.rpm have ethereal.console, ethereal.desktop, ethereal.pam and ethereal.png instead. Also legacy specs have more extensive list of Requires/BuildRequires. Apart of other minor spec details that is it. There are no issues with recompiling ethereal-0.10.9-1.AS21.1.src.rpm, with a slightly adjusted spec file, on RH7.3 ------- Additional Comments From marcdeslauriers 2005-02-09 13:51:15 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated ethereal packages to QA: Changelog 7.3: * Mon Feb 07 2005 Marc Deslauriers <marcdeslauriers> 0.10.9-0.73.1.legacy - - Updated to 0.10.9 to fix multiple security issues (FL#2407) - - Modified configure parameters - - Added gcc patch Changelog 9: * Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers> 0.10.9-0.90.1.legacy - - Updated to 0.10.9 to fix multiple security issues (FL#2407) - - Modified configure parameters Changelog fc1: * Tue Feb 08 2005 Marc Deslauriers <marcdeslauriers> 0.10.9-1.FC1.1.legacy - - Updated to 0.10.9 to fix multiple security issues (FL#2407) - - Added htmlview patch - - Changed BuildRequires to gtk2 7.3: c59f69fa5aee10aefb80df36351f0bf8cd10ffd0 ethereal-0.10.9-0.73.1.legacy.i386.rpm 9902d66fc5fe8b408d5afa199eb9d7bc0a0a9534 ethereal-0.10.9-0.73.1.legacy.src.rpm 18275240b94a001adfddcfb7662969057b5d300d ethereal-gnome-0.10.9-0.73.1.legacy.i386.rpm 9: b16a536ce9323e490b999c6a561eacca07073e93 ethereal-0.10.9-0.90.1.legacy.i386.rpm b8f09cd2d6e5387340873c57eb307dede62aa374 ethereal-0.10.9-0.90.1.legacy.src.rpm 71224a0aef1dc676e21a5687aa4f14795df61350 ethereal-gnome-0.10.9-0.90.1.legacy.i386.rpm fc1: b29ed985aa799af2aae158bde72bc0b2596ca162 ethereal-0.10.9-1.FC1.1.legacy.i386.rpm cc4f1bd1cf3e23c8f1b6813e4cd852030fa03a27 ethereal-0.10.9-1.FC1.1.legacy.src.rpm 30316d6dd8581aed8149bfd6cf0c8369937a5fa5 ethereal-gnome-0.10.9-1.FC1.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-0.10.9-0.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-0.10.9-0.73.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/7.3/ethereal-gnome-0.10.9-0.73.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-0.10.9-0.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-0.10.9-0.90.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/ethereal-gnome-0.10.9-0.90.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-0.10.9-1.FC1.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-0.10.9-1.FC1.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/1/ethereal-gnome-0.10.9-1.FC1.1.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCCqIXLMAs/0C4zNoRAs8MAJ9rMK1yMuCw+BLb2+m07NK5ko3Z3QCffJE+ Yt6MDJmnQ94UmA2L8KE9Epc= =CW/i -----END PGP SIGNATURE----- ------- Additional Comments From marcdeslauriers 2005-02-10 14:08:41 ---- Red Hat's advisory: https://rhn.redhat.com/errata/RHSA-2005-011.html ------- Additional Comments From pekkas 2005-02-15 08:09:04 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - verified that the source tarballs have the correct signature - spec file changes non-trivial, but still OK - minor patches (compilation, htmlview, etc.) are reasonable +pUBLISH RHL9, RHL73, FC1 9902d66fc5fe8b408d5afa199eb9d7bc0a0a9534 ethereal-0.10.9-0.73.1.legacy.src.rpm b8f09cd2d6e5387340873c57eb307dede62aa374 ethereal-0.10.9-0.90.1.legacy.src.rpm ce509b18922d8eefc4d4853fe0bbd97a6ad02ffd ethereal-0.10.9-1.AS21.1.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCEjqrGHbTkzxSL7QRAi+nAJ9NROy7OdwgN70Wjvc1iTS8XE4qmACgjs4I ZVmeIpfrqwORdFWLKJYuNxw= =Eq6t -----END PGP SIGNATURE----- ------- Additional Comments From marcdeslauriers 2005-02-23 17:59:03 ---- Packages were pushed to updates-testing ------- Additional Comments From pekkas 2005-02-26 03:20:43 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL9 and RHL73 (non-gnome) RPM: - rpm-build-compare.sh for the binaries looks reasonable (but huge due to the text differences) (RHL9 only) - installs OK - tethereal seems to run OK +VERIFY RHL9, RHL73 fce29e1fdc627835a8ae16ec787fef0e8dfd428a ethereal-0.10.9-0.90.2.legacy.i386.rpm ee03b51a09f7d324ed7377ebdd88e6412183606d ethereal-gnome-0.10.9-0.90.2.legacy.i386.rpm bf5ae992795eed466b9e005fd4d14e1f38bfd185 ethereal-0.10.9-0.73.2.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCIHefGHbTkzxSL7QRAh7SAJ97IclGHXbL0xCqlb0aI4xJr9EyQQCglKxl D4LEwfkCYGCU3rf35jrKYI8= =trLi -----END PGP SIGNATURE----- ------- Additional Comments From pekkas 2005-03-18 06:01:30 ---- A slew of new issues found, continuing tracking Ethereal in #2453. If FC1 gets the missing VERIFY vote before the new packages in #2453 go forward, I guess we could publish two packages. ------- Additional Comments From rob.myers.edu 2005-03-18 11:17:04 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 i did QA on the FC1 ethereal package: 7be37b8141a229d5285f6bf09f9667555693e85e ethereal-0.10.9-1.FC1.2.legacy.i386.rpm 0c1ed87b9ae7f513b9a224e57d2579f333dcda07 ethereal-gnome-0.10.9-1.FC1.2.legacy.i386.rpm sha1sums ok gpg signatures ok runs fine +VERIFY -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCO0SdtU2XAt1OWnsRAhemAJ9V0d7Wmw3ZxbJ6wYCIy/zq4cf3hQCgi3Gq lTX21bZ+dNx2FFe1EKWhPl8= =jroC -----END PGP SIGNATURE----- ------- Bug moved to this database by dkl 2005-03-30 18:31 ------- This bug previously known as bug 2407 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2407 Originally filed under the Fedora Legacy product and Package request component. Bug depends on bug(s) 2453. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". The original reporter of this bug does not have an account here. Reassigning to the person who moved it here, dkl. Previous reporter was bugzilla.fedora.us. Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
These issues are tracked in the other PR. *** This bug has been marked as a duplicate of 152922 ***