On Fri, Aug 22, 2008 at 5:15 PM, Paul Norton <paul at neoverve.com> wrote: > I see an announcement for the packages on the announce list, but no more > informamtion anywhere from the CentOS team (Planet or ML). Are these > packages "just to be safe" or was there something actually found? There's a CVE associated with a different (unrelated) bug in how ssh handled forwarded x11 sessions. The upstream announcement is here -> http://rhn.redhat.com/errata/RHSA-2008-0855.html. So there are new packages anyway in spite of the other bits. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell