For completeness, Redhat decision on this:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4578
"The risks associated with fixing this bug are greater than the low
severity security risk. We therefore currently have no plans to fix
this flaw in Red Hat Enterprise Linux 5."
I agree with them that the severity is so low that it doesn't justify the
work to backport and test the patch. I will mark it as no-dsa for lenny in
the security tracker.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
