[WBEL-devel] SAMPLE: [WBSA-# 2003:404-01] Updated lftp packages fix security
vulnerability
John Morris
jmorris@beau.org
Mon, 9 Feb 2004 19:41:24 -0600 (CST)
Yes, I have been AWOL for several weeks, but finally have enough fires out
elsewhere.....
All of the recent errata + the update1 packages have now propagated to the
mirrors, just need to get the announcents out. Here is a proposed format.
It has the advantages of being very simple and rips off enough of the
numbering scheme from RH to make cross tabbing with their errata easy. It
avoids swiping huge swaths of their text wholesale but by including a link
to their mailing list it is easy to see the details on each bug to know
how fast you need to apply the fix.
Unlike RH I'm putting the version number (3.0) in the header. As multiple
versions/platforms appear it will probably look more like:
WBEL 3.0, 4.0 (i386, amd64)
Does anyone see a problem with the format before I embark on a frenzy of
cut/paste and post -announce messages for all of the errata? It would be
a good thing to get the format nailed down for automated tools to process
the errata posts.
----------------------------------------------------------------------
Security Advisory
Synopsis: Updated lftp packages fix security vulnerability
Advisory ID: WBSA-2003:404-01
Issue date: 2004-02-09
Updated on: 2003-12-17
Product: White Box Enterprise Linux 3.0
Keywords:
Cross references:
Obsoletes:
CVE Names: CAN-2003-0963
----------------------------------------------------------------------
Updated lftp packages are now available that fix a buffer overflow
security vulnerability.
More information is available in Red Hat, Inc's original advisory
available on their site at:
http://www.redhat.com/archives/enterprise-watch-list/2003-December/msg00008.html