Fedora Legacy shutting down

In case any of you are not aware, the Fedora Legacy project is in the
process of shutting down.

The current model for supporting maintenance distributions is being
re-examined.  In the meantime, we are unable to extend support to older
Fedora Core releases as we had planned. As of now, Fedora Core 4 and
earlier distributions are no longer being maintained.

Discussions last night on the #Fedora-Legacy channel have brought to 
light the fact that certain Fedora Legacy properties (servers) may be 
going away soon, such as the repository at 
<http://download.fedoralegacy.org/> and the build server.  Legacy folks 
need to let us know what they want to be done with the content in the 
repository mirrors.  If you don't speak up, we may find ourselves in a 
place where 'yum update' commands will fail in the near future for the 
Red Hat and Fedora Core releases that Legacy has supported in the past.

If there are any issues you need to discuss regarding these events, you
are welcome to discuss them on our IRC channel (channel #Fedora-Legacy
on the freenode IRC network <http://freenode.net/>), or on the Fedora
Legacy discussion list:
     <https://www.redhat.com/mailman/listinfo/fedora-legacy-list>

	Sincerely,
	   Jesse Keating
	   and
	   David Eisenstein
	of the Legacy Team.

--

[FLSA-2006:211760] Updated gzip package fixes security issues

---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated gzip package fixes security issues
Advisory ID:       FLSA:211760
Issue date:        2006-11-13
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CVE-2006-4334, CVE-2006-4338, CVE-2006-4335,
                   CVE-2006-4336, CVE-2006-4337
---------------------------------------------------------------------

---------------------------------------------------------------------
1. Topic:

An updated gzip package is now available.

The gzip package contains the GNU gzip data compression program.

2. Relevant releases/architectures:

Fedora Core 3 - i386, x86_64
Fedora Core 4 - i386, x86_64

3. Problem description:

Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or

Sendmail download issue fixed. Re: [FLSA-2006:195418] Updated sendmail packages fix security issue

If you tried running 'yum update' or had yum updates automatically enabled and
sendmail did not update on your machine(s), please try doing 'yum update' again.

There was a problem in the creation of the repository metadata.  That problem
should now be fixed, and the new repository metadata now uploaded to the
download.fedoralegacy.org website.

If you use a mirror of download.fedoralegacy.org, the corrected metadata along
with the packages should be available when that mirror next refreshes.

	Regards,
	David Eisenstein

--
Fedora-legacy-announce mailing list
Fedora-legacy-announce <at> redhat.com
https://www.redhat.com/mailman/listinfo/fedora-legacy-announce

[FLSA-2006:195418] Updated sendmail packages fix security issue

---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated sendmail packages fix security issue
Advisory ID:       FLSA:195418
Issue date:        2006-10-29
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix, Security
CVE Names:         CVE-2006-1173
---------------------------------------------------------------------

---------------------------------------------------------------------
1. Topic:

Updated sendmail packages that fix a security issue are now available.

The sendmail package provides a widely used Mail Transport Agent (MTA).

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

A flaw in the handling of multi-part MIME messages was discovered in
Sendmail.  A remote attacker could create a carefully crafted message

Yum config for Fedora Core 4

The Fedora Legacy project has (finally (: ) released yum configs for Fedora 
Core 4.  Currently there are no Fedora Legacy updates for 4, however the 
latest updates as released by the Fedora Project are available.

You can pick up the config file from:

http://download.fedoralegacy.org/

65e477dda2e852ea5de37cae3ab7d64a2def6259  
fedora/4/updates/SRPMS/legacy-yumconf-4-2.fc4.src.rpm
48fd898e50a9c26d3cad870e9c92cd45d6cc1adf  
fedora/4/updates/i386/legacy-yumconf-4-2.fc4.noarch.rpm
48fd898e50a9c26d3cad870e9c92cd45d6cc1adf  
fedora/4/updates/x86_64/legacy-yumconf-4-2.fc4.noarch.rpm

There were a number of updates in "Testing" for Fedora Core 4 at time of 
transition to Legacy.  The Fedora Legacy Project will examine these and 
re-release them as updates-testing if they are security related in the days 
ahead.

--

-- 
Jesse Keating RHCE      (geek.j2solutions.net)
Fedora Legacy Team      (www.fedoralegacy.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)

--
Fedora-legacy-announce mailing list
Fedora-legacy-announce <at> redhat.com
https://www.redhat.com/mailman/listinfo/fedora-legacy-announce

Fedora Core 4 Support

Fedora Core 4 support has been transferred to Fedora Legacy!

With the release of Fedora Core 6 Test 2, Fedora Core 4 enters maintenance 
mode, where Fedora Legacy will be responsible for security and major bugfix 
updates.

At this time we also announce the end of life for Fedora Core 1 and 2. No new 
bugreports will be accepted, existing reports will be closed out as best as 
we can.

--

-- 
Jesse Keating RHCE      (geek.j2solutions.net)
Fedora Legacy Team      (www.fedoralegacy.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub

--
Fedora-legacy-announce mailing list
Fedora-legacy-announce <at> redhat.com
https://www.redhat.com/mailman/listinfo/fedora-legacy-announce

[FLSA-2006:175040] Updated php packages fix security issues

---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated php packages fix security issues
Advisory ID:       FLSA:175040
Issue date:        2006-07-27
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CVE-2005-2933 CVE-2005-3883 CVE-2006-0208
                   CVE-2006-0996 CVE-2006-1490 CVE-2006-1990
---------------------------------------------------------------------

---------------------------------------------------------------------
1. Topic:

Updated PHP packages that fix multiple security issues are now
available.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

Announcing End of Life times (Fedora Core 1, 2, Red Hat Linux 7.3, 9)

With Fedora Core 6 Test 2 set to be released July 26th, it is time we announce 
the End of Life of our various Legacy supported releases.

After much discussion on fedora-legacy-list and the #fedora-legacy IRC channel 
on the freenode network, we have decided to end of life the following 
releases when FC6 Test2 is released:

Fedora Core 1
Fedora Core 2

This will leave us with supporting just releases 3 and 4 of Fedora Core.

As to our Red Hat Linux releases (7.3 and 9) the following has been decided:

New issues (bugs) will be accepted until October 1st of this year.  No new 
bugs will be accepted after that mark.  All existing bugs will be resolved to 
the best of our ability by December 31st of this year.  What hasn't been 
completed by then will not be completed by the Fedora Legacy project.  This 
will be the end of Fedora Legacy's support of the Red Hat Linux line of 
distributions.  We will continue focusing our efforts on the Fedora Core 
line, and improving our integration with the Fedora project in whole.

Please watch for more announcements regarding our integration with the Fedora 
project, and for schedule information should it change (Fedora Core release 
schedules can and do slip from time to time)

Please direct any questions to the fedora-legacy-list <at> redhat.com email list.
--

-- 
Jesse Keating RHCE      (geek.j2solutions.net)
Fedora Legacy Team      (www.fedoralegacy.org)

[FLSA-2006:189672] Updated thunderbird package fixes security issues

---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:       Updated thunderbird package fixes security issues
Advisory ID:    FLSA:189672
Issue date:     2006-06-30
Product:        Fedora Core
Keywords:       Bugfix, Security
CVE Names:      CVE-2006-0292 CVE-2006-0296 CVE-2006-0748 CVE-2006-0749
                CVE-2006-0884 CVE-2006-1045 CVE-2006-1724 CVE-2006-1727
                CVE-2006-1728 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732
                CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1737
                CVE-2006-1738 CVE-2006-1739 CVE-2006-1741 CVE-2006-1742
                CVE-2006-1790
---------------------------------------------------------------------

---------------------------------------------------------------------
1. Topic:

An updated thunderbird package that fixes various bugs is now available
for Fedora Core 3.

Mozilla Thunderbird is a standalone mail and newsgroup client.

2. Relevant releases/architectures:

Fedora Core 3 - i386, x86_64

3. Problem description:

[FLSA-2006:190941] Updated ipsec-tools package fixes security issue

---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated ipsec-tools package fixes security issue
Advisory ID:       FLSA:190941
Issue date:        2006-06-06
Product:           Fedora Core
Keywords:          Bugfix
CVE Names:         CVE-2005-3732
---------------------------------------------------------------------

---------------------------------------------------------------------
1. Topic:

An updated ipsec-tools package that fixes a bug in racoon is now
available.

The ipsec-tools package is used in conjunction with the IPsec
functionality in the linux kernel and includes racoon, an IKEv1 keying
daemon.

2. Relevant releases/architectures:

Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

A denial of service flaw was found in the ipsec-tools racoon daemon. If
a victim's machine has racoon configured in a non-recommended insecure

[FLSA-2006:190884] Updated squirrelmail package fixes security issues

---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated squirrelmail package fixes security issues
Advisory ID:       FLSA:190884
Issue date:        2006-06-06
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CVE-2006-0188 CVE-2006-0195 CVE-2006-0377
---------------------------------------------------------------------

---------------------------------------------------------------------
1. Topic:

An updated squirrelmail package that fixes three security issues is now
available.

SquirrelMail is a standards-based webmail package written in PHP4.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

A bug was found in the way SquirrelMail presents the right frame to the
user. If a user can be tricked into opening a carefully crafted URL, it