Description of Problem:
Errata for package abiword-0.99.5-2 was released to RHN without any available
advisory information, and only with cursory changelog.
Lack of this kind of detailed information does not offer network managers
enough information to decide whether or not to accept or delay adoption of a new
The up2date agent said that no advisory information was available for package
abiword-0.99.5-2, updating from abiword-0.99.4-1, when checked on 20 June 2002
The included RPM changelog did not give enough information to understand why
the package was posted for errata.
The full changelog post-Valhalla release is as follows:
* Sun Apr 14 2002 Jeremy Katz <email@example.com> 0.99.5-1
- zh_CN and zh_TW fonts.dir were flipped
- update to 0.99.5 as it fixes some major bugs
- define ABI_BUILD_VERSION so the about screen gives us a version
* Mon Apr 08 2002 Bennhard Rosenkraenzer <firstname.lastname@example.org> 0.99.4-2
- 1st try at fixing up CJK (#61590)
- #if 0'ify font warning dialog (#62909, #64556)
Enough information in an up2date errata advisory to help me understand whether
or not the new package's fixes clearly override the stability of remaining with
an older and established package. Without this information, the credibility of
the errata is suspect, and the tradeoff between security and stability is not known.
Is this a local root exploit being closed? Is this a controversial font
foundry problem being addressed (which abiword is known for)? Is this a data
integrity problem being rectified? The changelog merely says it "fixes some
Also note the available abiword errata package's number was misparsed by the
rhn_applet which invokes up2date. I don't know if it's related to this bug or
not, but I will connect it. See bug #67183
misa, please investigate and figure out what happened - or if this is still an
The specified version of abiword is part of the pristine Red Hat 7.3
distribution. We have previously released Red Hat 7.3 CDs with a different
version of abiword. RHN is aware of the bad impact this sort of changes will create.
The package is publically downloadable from Red Hat's ftp site, from the 7.3