Hi there,

I do not understand specifically what Novell means when they place a
'Security Alert' exclamation sign next to a list Product Update.

Let me illustrate:

Border Manager 3.7 SP2 (bm37sp2.exe) was originally issued on March 25


Therefore under the product updates page this patch was preceding
bm37fp3b.exe (Border Manager 3.7 Field Patch 3B) because it is older.
However recently bm37sp2.exe has had it's issue date change to July 28

2003, along with the Security Alert flag.

This can lead people to believe that a new version of the patch is
being issued to address a security issue. However of course, upon
closer inspection, one finds that it is still the original patch.

Therefore in this example I have to conclude that a security
venerability was discovered in the original release of Border Manger
3.7 AFTER the release of SP2 AND that by applying SP2, the security
issue is addressed.

Sorry if I sound stupid, I guess most people perhaps have come to thesame conclusion, however if this is the case, then Novell should makeit clear on their web site to avoid confusion.

I do realise that Novell have always been known to release very little

information in regards to security vulnerabilities other than to say
'apply this patch now!' -remember the GroupWise Padlock fix : )

However they must at least explain this date ordering issue!

Just head to:


and find no explanation about anything other than 'Indicates file is a

security alert'