Hide Forgot
Description of problem: This library contains an old embedded version of the expat xml parsing library. Code inspection shows this embedded copy is vulnerable to CVE-2009-3720 and possibly other issues. Version-Release number of selected component (if applicable): Name: libnodeupdown-backend-ganglia Version: 1.9 Release: 5.fc13 Additional info: The cve https://bugzilla.redhat.com/show_bug.cgi?id=531697 Ideally, the best solution is to link in the system expat library and not use the embedded copy. This would help prevent these types of security issues from reoccuring. I have marked this issue as a security issue due to the fact that a CVE was assigned to expat. I have not investigated how this vulnerability would be triggered.
Removing security restriction, the issue is public.
whatsup-1.12-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/whatsup-1.12-1.fc14
whatsup-1.12-1.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/whatsup-1.12-1.fc13
whatsup-1.12-2.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/whatsup-1.12-2.fc15
whatsup-1.12-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
whatsup-1.12-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
whatsup-1.12-2.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.