I just read about the security announcement SuSE-SA:2003:037 which advises to update Pine because of a security flaw in older versions. I downloaded the patch (pine-4.44-281.i386.patch.rpm) from the SuSE website and installed it as described there. However, after launching Pine, it still showed version number 4.44. Is this correct ? In the announcement it says that there is no workaround for older versions how come I still have the same version number? SuSE fixes the old version instead of rolling out the new one. Newer versions may have new and unknown bugs or other dependencies to other

On Sep 15, remote wrote: [Please: insert line wraps in your postings] packages. To keep the system stable, they fix the bug in the old version.

Another, maybe dumb, question : what is the difference between the files pine-4.44-281.i386.patch.rpm and pine-4.44-281.i386.rpm ? They are almost of equal size. Usually a patch rpm contains only changed files. The pine package consists mostly of binaries and all of them are recompiled. Therefore the patch.rpm is nearly equal size.

Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \

remote wrote:

In the announcement it says that there is no workaround for older versions how come I still have the same version number ?

The workarounds in the announcements are steps one can do to prevent exploits until you install the update rpm. If you are unsure which bugs got fixed, you can try to use "rpm -q --changelog <pkgname>". -- Have fun, Peter