head 1.31; access; symbols; locks; strict; comment @# @; 1.31 date 2006.02.25.19.10.18; author rse; state Exp; branches; next 1.30; commitid DK0MyDS2oYSmWZmr; 1.30 date 2006.02.17.22.52.30; author rse; state Exp; branches; next 1.29; commitid elCsU8kR8oYxqZlr; 1.29 date 2005.12.03.12.35.41; author rse; state Exp; branches; next 1.28; commitid kPlSx0EBkXFosacr; 1.28 date 2005.12.03.11.50.03; author rse; state Exp; branches; next 1.27; commitid irQCXvyd7wvJcacr; 1.27 date 2005.06.23.13.56.25; author rse; state Exp; branches; next 1.26; 1.26 date 2005.06.23.13.16.40; author rse; state Exp; branches; next 1.25; 1.25 date 2005.06.15.11.55.55; author rse; state Exp; branches; next 1.24; 1.24 date 2004.10.29.13.59.34; author rse; state Exp; branches; next 1.23; 1.23 date 2004.08.04.14.37.39; author cs; state Exp; branches; next 1.22; 1.22 date 2004.07.20.07.04.15; author thl; state Exp; branches; next 1.21; 1.21 date 2004.04.16.13.06.58; author ms; state Exp; branches; next 1.20; 1.20 date 2004.04.05.13.11.35; author thl; state Exp; branches; next 1.19; 1.19 date 2004.04.01.15.42.57; author ms; state Exp; branches; next 1.18; 1.18 date 2004.03.12.14.48.01; author thl; state Exp; branches; next 1.17; 1.17 date 2004.03.08.14.10.09; author thl; state Exp; branches; next 1.16; 1.16 date 2004.01.08.08.02.14; author thl; state Exp; branches; next 1.15; 1.15 date 2003.09.15.13.47.35; author thl; state Exp; branches; next 1.14; 1.14 date 2003.08.06.15.40.29; author rse; state Exp; branches; next 1.13; 1.13 date 2003.08.06.13.09.15; author thl; state Exp; branches; next 1.12; 1.12 date 2003.06.03.13.48.16; author rse; state Exp; branches; next 1.11; 1.11 date 2003.04.09.15.08.39; author ms; state Exp; branches; next 1.10; 1.10 date 2003.03.30.11.26.38; author rse; state Exp; branches; next 1.9; 1.9 date 2003.01.22.13.02.50; author thl; state Exp; branches; next 1.8; 1.8 date 2003.01.16.13.53.34; author thl; state Exp; branches; next 1.7; 1.7 date 2003.01.15.15.31.42; author thl; state Exp; branches; next 1.6; 1.6 date 2003.01.15.12.52.01; author thl; state Exp; branches; next 1.5; 1.5 date 2002.11.15.10.18.11; author ms; state Exp; branches; next 1.4; 1.4 date 2002.08.23.12.53.04; author rse; state Exp; branches; next 1.3; 1.3 date 2002.03.08.11.09.38; author rse; state Exp; branches; next 1.2; 1.2 date 2002.03.08.09.27.00; author rse; state Exp; branches; next 1.1; 1.1 date 2002.01.31.15.04.56; author rse; state Exp; branches; next ; desc @@ 1.31 log @we are already in 2006 @ text @________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security@@openpkg.org openpkg@@openpkg.org OpenPKG-SA-2006.001 01-Jan-2006 ________________________________________________________________________ Package: foo Vulnerability: crazy foo vulnerability OpenPKG Specific: no Affected Releases: Affected Packages: Corrected Packages: OpenPKG CURRENT <= foo-1.2.4-20060123 >= foo-1.2.4-20069124 OpenPKG 2.5 <= foo-1.2.3-2.5.0 >= foo-1.2.3-2.5.1 OpenPKG 2.4 <= foo-1.2.2-2.4.0 >= foo-1.2.2-2.4.1 OpenPKG 2.3 <= foo-1.2.1-2.3.0 >= foo-1.2.1-2.3.1 Affected Releases: Dependent Packages: OpenPKG CURRENT bar quux OpenPKG 2.5 bar quux OpenPKG 2.4 bar OpenPKG 2.3 bar Description: According to a ... security advisory based on hints from ... [0], a crazy vulnerability exists in the ... [1] .... The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-... [2] to the problem. ________________________________________________________________________ References: [0] http://www.example.com/bugfinder.html [1] http://www.foo.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-... ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG " (ID 63C4CB9F) of the OpenPKG project which you can retrieve from http://pgp.openpkg.org and hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/ for details on how to verify the integrity of this advisory. ________________________________________________________________________ @ 1.30 log @adjust templates for 2006 @ text @d14 1 a14 1 OpenPKG CURRENT <= foo-1.2.4-20050123 >= foo-1.2.4-20059124 @ 1.29 log @allow us to still fix some packages for 2.3, too @ text @a0 3 #FIXME, this is a template #FIXME, the first three lines are just dummies #FIXME, to help comparing this against sibling signed documents d6 1 a6 1 OpenPKG-SA-2005.001 01-Jan-2005 @ 1.28 log @switch to newer world order of CVE instead of CAN and where no more solution hints are specified in detail and anybody should already memorize this standard text @ text @d20 1 d26 1 @ 1.27 log @one more 2.3 @ text @d18 2 a19 2 OpenPKG 2.4 <= foo-1.2.3-2.4.0 >= foo-1.2.3-2.4.1 OpenPKG 2.3 <= foo-1.2.2-2.3.0 >= foo-1.2.2-2.3.1 d23 2 a24 2 OpenPKG 2.4 bar quux OpenPKG 2.3 bar d31 1 a31 29 assigned the id CAN-... [2] to the problem. Please check whether you are affected by running "/bin/openpkg rpm -q foo". If you have the "foo" package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution) and its dependent packages (see above), if any, too [3][4]. Solution: Select the updated source RPM appropriate for your OpenPKG release [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror location, verify its integrity [9], build a corresponding binary RPM from it [3] and update your OpenPKG installation by applying the binary RPM [4]. For the most recent release OpenPKG 2.4, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). $ ftp ftp.openpkg.org ftp> bin ftp> cd release/2.4/UPD ftp> get foo-1.2.3-2.4.1.src.rpm ftp> bye $ /bin/openpkg rpm -v --checksig foo-1.2.3-2.4.1.src.rpm $ /bin/openpkg rpm --rebuild foo-1.2.3-2.4.1.src.rpm $ su - # /bin/openpkg rpm -Fvh /RPM/PKG/foo-1.2.3-2.4.1.*.rpm Additionally, we recommend that you rebuild and reinstall all dependent packages (see above), if any, too [3][4]. d37 1 a37 8 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-... [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/2.4/UPD/foo-1.2.3-2.4.1.src.rpm [6] ftp://ftp.openpkg.org/release/2.3/UPD/foo-1.2.2-2.3.1.src.rpm [7] ftp://ftp.openpkg.org/release/2.4/UPD/ [8] ftp://ftp.openpkg.org/release/2.3/UPD/ [9] http://www.openpkg.org/security.html#signature @ 1.26 log @welcome OpenPKG 2.4 @ text @d50 1 a50 1 ftp> cd release/2.3/UPD @ 1.25 log @update template for 2005 world order @ text @d18 2 a19 2 OpenPKG 2.3 <= foo-1.2.3-2.3.0 >= foo-1.2.3-2.3.1 OpenPKG 2.2 <= foo-1.2.2-2.2.0 >= foo-1.2.2-2.2.1 d23 2 a24 2 OpenPKG 2.3 bar quux OpenPKG 2.2 bar d44 1 a44 1 binary RPM [4]. For the most recent release OpenPKG 2.3, perform the d51 1 a51 1 ftp> get foo-1.2.3-2.3.1.src.rpm d53 2 a54 2 $ /bin/openpkg rpm -v --checksig foo-1.2.3-2.3.1.src.rpm $ /bin/openpkg rpm --rebuild foo-1.2.3-2.3.1.src.rpm d56 1 a56 1 # /bin/openpkg rpm -Fvh /RPM/PKG/foo-1.2.3-2.3.1.*.rpm d68 4 a71 4 [5] ftp://ftp.openpkg.org/release/2.3/UPD/foo-1.2.3-2.3.1.src.rpm [6] ftp://ftp.openpkg.org/release/2.2/UPD/foo-1.2.2-2.2.1.src.rpm [7] ftp://ftp.openpkg.org/release/2.3/UPD/ [8] ftp://ftp.openpkg.org/release/2.2/UPD/ @ 1.24 log @adjust template for current world order @ text @d9 1 a9 1 OpenPKG-SA-2004.001 01-Jan-2004 d17 3 a19 3 OpenPKG CURRENT <= foo-1.2.4-20040123 >= foo-1.2.4-20049124 OpenPKG 2.2 <= foo-1.2.3-2.2.0 >= foo-1.2.3-2.2.1 OpenPKG 2.1 <= foo-1.2.2-2.1.0 >= foo-1.2.2-2.1.1 d23 2 a24 2 OpenPKG 2.2 bar quux OpenPKG 2.1 bar d44 1 a44 1 binary RPM [4]. For the most recent release OpenPKG 2.2, perform the d50 2 a51 2 ftp> cd release/2.2/UPD ftp> get foo-1.2.3-2.2.1.src.rpm d53 2 a54 2 $ /bin/openpkg rpm -v --checksig foo-1.2.3-2.2.1.src.rpm $ /bin/openpkg rpm --rebuild foo-1.2.3-2.2.1.src.rpm d56 1 a56 1 # /bin/openpkg rpm -Fvh /RPM/PKG/foo-1.2.3-2.2.1.*.rpm d68 4 a71 4 [5] ftp://ftp.openpkg.org/release/2.2/UPD/foo-1.2.3-2.2.1.src.rpm [6] ftp://ftp.openpkg.org/release/2.1/UPD/foo-1.2.2-2.1.1.src.rpm [7] ftp://ftp.openpkg.org/release/2.2/UPD/ [8] ftp://ftp.openpkg.org/release/2.1/UPD/ @ 1.23 log @reflect changes of OpenPKG 2.x @ text @d9 1 a9 1 OpenPKG-SA-2004.foo_3digit foo_as_2digitnum_dash_3charname-2004 d18 2 a19 2 OpenPKG 2.1 <= foo-1.2.3-2.1.0 >= foo-1.2.3-2.1.1 OpenPKG 2.0 <= foo-1.2.3-2.0.0 >= foo-1.2.3-2.0.1 d23 2 a24 2 OpenPKG 2.1 bar quux OpenPKG 2.0 bar d44 1 a44 1 binary RPM [4]. For the most recent release OpenPKG 2.1, perform the d50 2 a51 2 ftp> cd release/2.1/UPD ftp> get foo-1.2.3-2.1.1.src.rpm d53 2 a54 2 $ /bin/openpkg rpm -v --checksig foo-1.2.3-2.1.1.src.rpm $ /bin/openpkg rpm --rebuild foo-1.2.3-2.1.1.src.rpm d56 1 a56 1 # /bin/openpkg rpm -Fvh /RPM/PKG/foo-1.2.3-2.1.1.*.rpm d68 4 a71 4 [5] ftp://ftp.openpkg.org/release/2.1/UPD/foo-1.2.3-2.1.1.src.rpm [6] ftp://ftp.openpkg.org/release/2.0/UPD/foo-1.2.3-2.0.1.src.rpm [7] ftp://ftp.openpkg.org/release/2.1/UPD/ [8] ftp://ftp.openpkg.org/release/2.0/UPD/ @ 1.22 log @release OpenPKG 2.1 web pages @ text @d33 5 a37 5 Please check whether you are affected by running "/bin/rpm -q foo". If you have the "foo" package installed and its version is affected (see above), we recommend that you immediately upgrade it (see Solution) and its dependent packages (see above), if any, too [3][4]. @ 1.21 log @observe punctuation rules consistently @ text @d18 1 a19 1 OpenPKG 1.3 <= foo-1.2.3-1.3.0 >= foo-1.2.3-1.3.1 d23 2 a24 2 OpenPKG 2.0 bar quux OpenPKG 1.3 bar d44 1 a44 1 binary RPM [4]. For the most recent release OpenPKG 2.0, perform the d50 2 a51 2 ftp> cd release/2.0/UPD ftp> get foo-1.2.3-2.0.1.src.rpm d53 2 a54 2 $ /bin/openpkg rpm -v --checksig foo-1.2.3-2.0.1.src.rpm $ /bin/openpkg rpm --rebuild foo-1.2.3-2.0.1.src.rpm d56 1 a56 1 # /bin/openpkg rpm -Fvh /RPM/PKG/foo-1.2.3-2.0.1.*.rpm d68 1 a68 1 [5] ftp://ftp.openpkg.org/release/1.3/UPD/foo-1.2.3-1.3.1.src.rpm d70 1 a70 1 [7] ftp://ftp.openpkg.org/release/1.3/UPD/ @ 1.20 log @avoid templates being incorrectly identified as signed @ text @d37 1 a37 1 too. [3][4] d59 1 a59 1 all dependent packages (see above), if any, too. [3][4] @ 1.19 log @correct english grammar @ text @d1 3 a3 3 -----BEGIN PGP SIGNED MESSAGE----- #FIXME, this is a template Hash: SHA1 #FIXME, this is a template #FIXME, this is a template @ 1.18 log @add fake signing headers to template for easier line-by-line comparison with existing SAs; avoid word "current" when talking about a release by replacing it with term "most recent" @ text @d36 1 a36 1 it (see Solution) and it's dependent packages (see above), if any, @ 1.17 log @update template for OpenPKG 2.0 @ text @d1 3 d43 4 a46 4 from it [3] and update your OpenPKG installation by applying the binary RPM [4]. For the current release OpenPKG 2.0, perform the following operations to permanently fix the security problem (for other releases adjust accordingly). @ 1.16 log @bump up year @ text @d15 1 a16 1 OpenPKG 1.2 <= foo-1.2.3-1.2.0 >= foo-1.2.3-1.2.1 d20 2 a21 2 OpenPKG 1.3 bar quux OpenPKG 1.2 bar d41 1 a41 1 RPM [4]. For the current release OpenPKG 1.3, perform the following d47 2 a48 2 ftp> cd release/1.3/UPD ftp> get foo-1.2.3-1.3.1.src.rpm d50 2 a51 2 $ /bin/rpm -v --checksig foo-1.2.3-1.3.1.src.rpm $ /bin/rpm --rebuild foo-1.2.3-1.3.1.src.rpm d53 1 a53 1 # /bin/rpm -Fvh /RPM/PKG/foo-1.2.3-1.3.1.*.rpm d65 4 a68 4 [5] ftp://ftp.openpkg.org/release/1.2/UPD/foo-1.2.3-1.2.1.src.rpm [6] ftp://ftp.openpkg.org/release/1.3/UPD/foo-1.2.3-1.3.1.src.rpm [7] ftp://ftp.openpkg.org/release/1.2/UPD/ [8] ftp://ftp.openpkg.org/release/1.3/UPD/ @ 1.15 log @make sure number of digits are correct; distinguish numbers and names @ text @d6 1 a6 1 OpenPKG-SA-2003.foo_3digit foo_as_2digitnum_dash_3charname-2003 d14 1 a14 1 OpenPKG CURRENT <= foo-1.2.4-20030123 >= foo-1.2.4-20039124 @ 1.14 log @fix template @ text @d6 1 a6 1 OpenPKG-SA-2003.foo DfooD-Mfoomm-2003 @ 1.13 log @foo fighting; update security template to OpenPKG v1.3 @ text @d41 1 a41 1 RPM [4]. For the current release OpenPKG 1.2, perform the following @ 1.12 log @back out change until we really have such a revoke functionality @ text @d6 1 a6 1 OpenPKG-SA-2003.### DD-Mmm-2003 d10 1 a10 1 Vulnerability: crazy vulnerability d14 3 a16 3 OpenPKG CURRENT <= foo-1.2.5-20021003 >= foo-1.2.5-20030115 OpenPKG 1.2 <= foo-1.2.4-1.2.0 >= foo-1.2.4-1.2.1 OpenPKG 1.1 <= foo-1.2.4-1.1.0 >= foo-1.2.4-1.1.1 d20 2 a21 2 OpenPKG 1.2 bar quux OpenPKG 1.1 bar d47 2 a48 2 ftp> cd release/1.2/UPD ftp> get foo-1.2.4-1.2.1.src.rpm d50 2 a51 2 $ /bin/rpm -v --checksig foo-1.2.4-1.2.1.src.rpm $ /bin/rpm --rebuild foo-1.2.4-1.2.1.src.rpm d53 1 a53 1 # /bin/rpm -Fvh /RPM/PKG/foo-1.2.4-1.2.1.*.rpm d65 4 a68 4 [5] ftp://ftp.openpkg.org/release/1.1/UPD/foo-1.2.0-1.1.1.src.rpm [6] ftp://ftp.openpkg.org/release/1.2/UPD/foo-1.2.4-1.2.1.src.rpm [7] ftp://ftp.openpkg.org/release/1.1/UPD/ [8] ftp://ftp.openpkg.org/release/1.2/UPD/ @ 1.11 log @Incorporate suggestions by Thomas LOTTERER. @ text @a36 4 First, please avoid applying an obsolete security update by ensuring that a more recent one doesn't exist. Also, ensure that this advisory has not been revoked by visiting the OpenPKG security page [5]. d38 2 a39 2 [6][7], fetch it from the OpenPKG FTP service [8][9] or a mirror location, verify its integrity [10], build a corresponding binary RPM d60 10 a69 11 [0] http://www.example.com/bugfinder.html [1] http://www.foo.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-... [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] http://www.openpkg.org/security.html#revoked [6] ftp://ftp.openpkg.org/release/1.1/UPD/foo-1.2.0-1.1.1.src.rpm [7] ftp://ftp.openpkg.org/release/1.2/UPD/foo-1.2.4-1.2.1.src.rpm [8] ftp://ftp.openpkg.org/release/1.1/UPD/ [9] ftp://ftp.openpkg.org/release/1.2/UPD/ [10] http://www.openpkg.org/security.html#signature @ 1.10 log @ok, now that we've our own key server, forget the (since longer) broken keyserver.pgp.com @ text @d37 4 d42 2 a43 2 [5][6], fetch it from the OpenPKG FTP service [7][8] or a mirror location, verify its integrity [9], build a corresponding binary RPM d64 11 a74 10 [0] http://www.example.com/bugfinder.html [1] http://www.foo.org/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-... [3] http://www.openpkg.org/tutorial.html#regular-source [4] http://www.openpkg.org/tutorial.html#regular-binary [5] ftp://ftp.openpkg.org/release/1.1/UPD/foo-1.2.0-1.1.1.src.rpm [6] ftp://ftp.openpkg.org/release/1.2/UPD/foo-1.2.4-1.2.1.src.rpm [7] ftp://ftp.openpkg.org/release/1.1/UPD/ [8] ftp://ftp.openpkg.org/release/1.2/UPD/ [9] http://www.openpkg.org/security.html#signature @ 1.9 log @migrate template from 1.1/1.0 to 1.2/1.1; drop 1.0 @ text @d72 5 a76 7 For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG " (ID 63C4CB9F) of the OpenPKG project which you can find under the official URL http://www.openpkg.org/openpkg.pgp or on http://keyserver.pgp.com/. To check the integrity of this advisory, verify its digital signature by using GnuPG (http://www.gnupg.org/). For instance, pipe this message to the command "gpg --verify --keyserver keyserver.pgp.com". @ 1.8 log @wrong query @ text @d15 1 a16 1 OpenPKG 1.0 <= foo-1.2.0-1.0.0 >= foo-1.2.0-1.0.1 d20 2 a21 2 OpenPKG 1.1 bar quux OpenPKG 1.0 bar d41 1 a41 1 RPM [4]. For the current release OpenPKG 1.1, perform the following d47 2 a48 2 ftp> cd release/1.1/UPD ftp> get foo-1.2.4-1.1.1.src.rpm d50 2 a51 2 $ /bin/rpm -v --checksig foo-1.2.4-1.1.1.src.rpm $ /bin/rpm --rebuild foo-1.2.4-1.1.1.src.rpm d53 1 a53 1 # /bin/rpm -Fvh /RPM/PKG/foo-1.2.4-1.1.1.*.rpm d65 4 a68 4 [5] ftp://ftp.openpkg.org/release/1.0/UPD/foo-1.2.0-1.0.1.src.rpm [6] ftp://ftp.openpkg.org/release/1.1/UPD/foo-1.2.4-1.1.1.src.rpm [7] ftp://ftp.openpkg.org/release/1.0/UPD/ [8] ftp://ftp.openpkg.org/release/1.1/UPD/ @ 1.7 log @backporting from latest SA @ text @d31 1 a31 1 -qa foo". If you have the "foo" package installed and its version @ 1.6 log @update/uprev template @ text @d6 1 a6 1 OpenPKG-SA-2003.xxx xx-xxx-2003 d10 1 a10 1 Vulnerability: local root exploit d13 9 a21 4 Affected Releases: OpenPKG 1.0 OpenPKG 1.1 Affected Packages: foo-1.2.0-1.0.0 foo-1.4.0-1.1.0 Corrected Packages: foo-1.2.0-1.0.1 foo-1.4.0-1.1.1 Dependent Packages: bar-1.0.0-1.0.0 bar-1.0.0-1.1.0 d24 5 a28 1 According to ... [7] ... d30 2 a31 2 Please check whether you are affected by running "/bin/rpm -qa foo". If you have the "foo" package installed and its version d33 2 a34 10 it (see Solution). Additionally, we recommend that you rebuild and reinstall all dependent OpenPKG packages, too. [2] Workaround: Perform the following operations to temporarily workaround the security problem (be careful, it deactivates the whole service): $ su - # /etc/rc foo stop # /bin/rpm -e foo d38 4 a41 4 [5][6], fetch it from the OpenPKG FTP service [3][4] or a mirror location, verify its integrity [1], build a corresponding binary RPM from it and update your OpenPKG installation by applying the binary RPM [2]. For the latest OpenPKG 1.1 release, perform the following d47 2 a48 2 ftp> cd release/1.0/UPD ftp> get foo-1.2.0-1.0.1.src.rpm d50 2 a51 2 $ /bin/rpm -v --checksig foo-1.2.1-1.0.1.src.rpm $ /bin/rpm --rebuild foo-1.2.1-1.0.1.src.rpm d53 4 a56 2 # /bin/rpm -Fvh /RPM/PKG/foo-1.2.1-1.0.1.*.rpm # /etc/rc foo stop start d60 5 a64 4 [1] http://www.openpkg.org/security.html#signature [2] http://www.openpkg.org/tutorial.html#regular-source [3] ftp://ftp.openpkg.org/release/1.0/UPD/ [4] ftp://ftp.openpkg.org/release/1.1/UPD/ d66 4 a69 2 [6] ftp://ftp.openpkg.org/release/1.1/UPD/foo-1.4.0-1.1.1.src.rpm [7] ... BugTraq ... @ 1.5 log @Remove trailing whitespace. @ text @d6 1 a6 1 OpenPKG-SA-2002.xxx xx-xxx-2002 d40 1 a40 1 RPM [2]. For the latest OpenPKG 1.0 release, perform the following @ 1.4 log @add -v option as recommended by Andrew Griffiths @ text @d3 1 a3 1 OpenPKG Security Advisory The OpenPKG Project d5 1 a5 1 openpkg-security@@openpkg.org openpkg@@openpkg.org d16 1 a16 1 Dependent Packages: bar-1.0.0-1.0.0 bar-1.0.0-1.1.0 @ 1.3 log @restart service. Hint by Christoph Schug @ text @d49 1 a49 1 $ /bin/rpm --checksig foo-1.2.1-1.0.1.src.rpm @ 1.2 log @add latest SAs @ text @d53 1 @ 1.1 log @ok, ok, use a dot instead of a slash ;) @ text @d21 5 a25 3 We recommend that you upgrade the affected package immediately (see Solution). Additionally, we recommend that you re-build and re-install all dependent OpenPKG packages, too. [2] d29 1 a29 1 security problem: d31 1 d40 2 a41 2 RPM [2]. For the latest OpenPKG 1.1 release, perform the following operations to permanently fix the security problem (for OpenPKG 1.0 d51 1 @