1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] Security updates - Help needed!
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%21&In-Reply-To=%3Cjt1u9l%24ktd%241%40dough.gmane.org%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="017123.html">
<LINK REL="Next" HREF="017167.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] Security updates - Help needed!</H1>
<B>David Walser</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20Help%20needed%21&In-Reply-To=%3Cjt1u9l%24ktd%241%40dough.gmane.org%3E"
TITLE="[Mageia-dev] Security updates - Help needed!">luigiwalser at yahoo.com
</A><BR>
<I>Wed Jul 4 19:23:41 CEST 2012</I>
<P><UL>
<LI>Previous message: <A HREF="017123.html">[Mageia-dev] Security updates - Help needed!
</A></li>
<LI>Next message: <A HREF="017167.html">[Mageia-dev] Security updates - Help needed!
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#17145">[ date ]</a>
<a href="thread.html#17145">[ thread ]</a>
<a href="subject.html#17145">[ subject ]</a>
<a href="author.html#17145">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>I'm not going to update this thread every day or anything, but I just wanted to consolidate the
three threads I made, and update this based on the initial flurry of activity it created. Thanks.
......... updated initial message below ........
There are several packages that need security updates that either have not been built yet, or there
are some issues that need help and/or input from packagers.
Please help out with these where you can.
I'll try to organize these into categories and give a little info on them so it's easy to see if
you can and want to help.
Web apps
--------
mediawiki - versions we have are at or nearing EOL upstream, probably should be updated. Several
security issues are present.
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=3448">https://bugs.mageia.org/show_bug.cgi?id=3448</A>
dokuwiki - needs updated to 2012-01-25a version, already in Cauldron. Cauldron package does have a
bug that needs fixing.
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6166">https://bugs.mageia.org/show_bug.cgi?id=6166</A>
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6480">https://bugs.mageia.org/show_bug.cgi?id=6480</A>
wordpress - needs updated to 3.4.1, also QA has found some bugs in the current package.
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=4065">https://bugs.mageia.org/show_bug.cgi?id=4065</A>
viewvc - needs updated to 1.1.15
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6551">https://bugs.mageia.org/show_bug.cgi?id=6551</A>
ocsinventory - Mageia 1 package needs to be updated or patched (patches available from MDV)
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5252">https://bugs.mageia.org/show_bug.cgi?id=5252</A>
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=2129">https://bugs.mageia.org/show_bug.cgi?id=2129</A>
drupal - update built, issues found by QA need fixing
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5844">https://bugs.mageia.org/show_bug.cgi?id=5844</A>
GNOME software
--------------
libgdata - update needed for Mageia 1, may require patch or upgrade to libsoup
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6330">https://bugs.mageia.org/show_bug.cgi?id=6330</A>
libvirt - patch available from RedHat
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6526">https://bugs.mageia.org/show_bug.cgi?id=6526</A>
vte - patch available from Fedora
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6161">https://bugs.mageia.org/show_bug.cgi?id=6161</A>
gjs - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6382">https://bugs.mageia.org/show_bug.cgi?id=6382</A>
Games
-----
ioquake3, openarena, urbanterror, alienarena - affected by DoS bug in quake3 engine
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5496">https://bugs.mageia.org/show_bug.cgi?id=5496</A>
Java-related
------------
poi - <A HREF="https://bugs.mageia.org/show_bug.cgi?id=6011">https://bugs.mageia.org/show_bug.cgi?id=6011</A>
apache-commons-compress - <A HREF="https://bugs.mageia.org/show_bug.cgi?id=6331">https://bugs.mageia.org/show_bug.cgi?id=6331</A>
spring2 - <A HREF="https://bugs.mageia.org/show_bug.cgi?id=6625">https://bugs.mageia.org/show_bug.cgi?id=6625</A>
eclipse - <A HREF="https://bugs.mageia.org/show_bug.cgi?id=6611">https://bugs.mageia.org/show_bug.cgi?id=6611</A>
Ruby-related
------------
Several security issues, at least one packaging issue, and an rpm issue
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6487">https://bugs.mageia.org/show_bug.cgi?id=6487</A>
<A HREF="http://article.gmane.org/gmane.linux.mageia.devel/16419/match=ruby">http://article.gmane.org/gmane.linux.mageia.devel/16419/match=ruby</A>
No response has been received from packagers yet
------------------------------------------------
avidemux/gstreamer0.10-ffmpeg - should be able to borrow patches from mplayer for mga1 (ffmpeg git
for mga2)
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6427">https://bugs.mageia.org/show_bug.cgi?id=6427</A>
graphicsmagick - needs updated to 1.3.16 or patch backported, upstream patch linked in bug
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6561">https://bugs.mageia.org/show_bug.cgi?id=6561</A>
python-httplib2 - possible basis for patch (based on patch from SuSE) available in bug
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6568">https://bugs.mageia.org/show_bug.cgi?id=6568</A>
openconnect - needs updated to at least 3.18 or patched (upstream patch linked in bug), possible
bug also found by user
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6504">https://bugs.mageia.org/show_bug.cgi?id=6504</A>
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6627">https://bugs.mageia.org/show_bug.cgi?id=6627</A>
dropbear - Debian and upstream patches differ, no response received from upstream either. Patch
proposed.
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5611">https://bugs.mageia.org/show_bug.cgi?id=5611</A>
busybox - link to upstream patch available in bug
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6673">https://bugs.mageia.org/show_bug.cgi?id=6673</A>
gc - links to upstream and Fedora patches available in bug
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6652">https://bugs.mageia.org/show_bug.cgi?id=6652</A>
abrt/libreport/btparser - should probably be upgraded to newer versions available from RedHat
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6523">https://bugs.mageia.org/show_bug.cgi?id=6523</A>
sos - 62 patches available from Fedora
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6525">https://bugs.mageia.org/show_bug.cgi?id=6525</A>
v8 - might need to be updated to newer version
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6679">https://bugs.mageia.org/show_bug.cgi?id=6679</A>
php-ZendFramework - patches available from Debian
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6666">https://bugs.mageia.org/show_bug.cgi?id=6666</A>
In progress (help needed to finish)
-----------------------------------
sympa - update needs to be built for Mageia 2, issues have been found by QA that need fixed
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5939">https://bugs.mageia.org/show_bug.cgi?id=5939</A>
apache-mod_security - update is in SVN in Cauldron and Mageia 2, but won't build in Cauldron
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6678">https://bugs.mageia.org/show_bug.cgi?id=6678</A>
krb5 - update built, but some issues found by QA need fixing
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6469">https://bugs.mageia.org/show_bug.cgi?id=6469</A>
groff - several scripts apparently need moved from main package to groff-perl (whose description
needs rewritten or rethought), security issue already patched
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6379">https://bugs.mageia.org/show_bug.cgi?id=6379</A>
python - update for Mageia 2 built, update for Mageia 1 still needed (patches possibly available
from MDV)
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5843">https://bugs.mageia.org/show_bug.cgi?id=5843</A>
cifs-utils/samba - cifs-utils is actually already done, patch needs applied to Samba as well
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5714">https://bugs.mageia.org/show_bug.cgi?id=5714</A>
gajim - there is a requires or suggests missing
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5432">https://bugs.mageia.org/show_bug.cgi?id=5432</A>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="017123.html">[Mageia-dev] Security updates - Help needed!
</A></li>
<LI>Next message: <A HREF="017167.html">[Mageia-dev] Security updates - Help needed!
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#17145">[ date ]</a>
<a href="thread.html#17145">[ thread ]</a>
<a href="subject.html#17145">[ subject ]</a>
<a href="author.html#17145">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
