diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-August/018213.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-August/018213.html | 205 |
1 files changed, 205 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-August/018213.html b/zarb-ml/mageia-dev/2012-August/018213.html new file mode 100644 index 000000000..9b819e9de --- /dev/null +++ b/zarb-ml/mageia-dev/2012-August/018213.html @@ -0,0 +1,205 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Security updates - help needed (status update) + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20help%20needed%20%28status%20update%29&In-Reply-To=%3C1345226174.77764.YahooMailClassic%40web122006.mail.ne1.yahoo.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="018230.html"> + <LINK REL="Next" HREF="018214.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Security updates - help needed (status update)</H1> + <B>David Walser</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20help%20needed%20%28status%20update%29&In-Reply-To=%3C1345226174.77764.YahooMailClassic%40web122006.mail.ne1.yahoo.com%3E" + TITLE="[Mageia-dev] Security updates - help needed (status update)">luigiwalser at yahoo.com + </A><BR> + <I>Fri Aug 17 19:56:14 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="018230.html">[Mageia-dev] Upgrade of Kolab to 3.0 Alpha +</A></li> + <LI>Next message: <A HREF="018214.html">[Mageia-dev] [changelog] [RPM] cauldron core/release openvpn-2.2.2-7.mga3 +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#18213">[ date ]</a> + <a href="thread.html#18213">[ thread ]</a> + <a href="subject.html#18213">[ subject ]</a> + <a href="author.html#18213">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Here's a status update, as some have been fixed and new ones have been found. + +I'll be really busy at work for the next couple weeks, so I'll update this in September. + +......... updated initial message below ........ + +There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers. + +Please help out with these where you can. + +I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help. + +Web apps +-------- +ocsinventory - Mageia 1 package needs to be updated or patched (patches available from MDV) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5252">https://bugs.mageia.org/show_bug.cgi?id=5252</A> +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=2129">https://bugs.mageia.org/show_bug.cgi?id=2129</A> + +mediawiki - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this. +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=3448">https://bugs.mageia.org/show_bug.cgi?id=3448</A> + +drupal - update built, issues found by QA need fixing. Oliver Burger is working on this. +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5844">https://bugs.mageia.org/show_bug.cgi?id=5844</A> + +GNOME software +-------------- +empathy - XSS issues fixed upstream in 3.2.1 (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7008">https://bugs.mageia.org/show_bug.cgi?id=7008</A> + +libvirt - patches available from RedHat +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6526">https://bugs.mageia.org/show_bug.cgi?id=6526</A> + +libgnomesu - re-diffing the patch might be non-trivial since OpenSuSE has many other patches too +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7068">https://bugs.mageia.org/show_bug.cgi?id=7068</A> + +gjs - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6382">https://bugs.mageia.org/show_bug.cgi?id=6382</A> + +Games +----- +openarena, alienarena - affected by DoS bug in quake3 engine. Juan Luis Baptiste is working on this. +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5496">https://bugs.mageia.org/show_bug.cgi?id=5496</A> + +Java-related +------------ +jruby - fixed upstream in 1.6.5.1 +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6742">https://bugs.mageia.org/show_bug.cgi?id=6742</A> + +poi - In progress by D Morgan. Additional updates pending. +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6011">https://bugs.mageia.org/show_bug.cgi?id=6011</A> + +apache-commons-compress - In progress by D Morgan. Mageia 1 updates pending. +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6331">https://bugs.mageia.org/show_bug.cgi?id=6331</A> + +apache-commons-daemon - fixed upstream in 1.0.7 (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7004">https://bugs.mageia.org/show_bug.cgi?id=7004</A> + +Ruby-related +------------ +Several security issues, one possible packaging issue +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6487">https://bugs.mageia.org/show_bug.cgi?id=6487</A> + +No response has been received from packagers yet +------------------------------------------------ +ganglia - patch available from Fedora, we have another bug report saying it doesn't start +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6874">https://bugs.mageia.org/show_bug.cgi?id=6874</A> + +libreoffice - Mageia 1 only, patch available from RedHat +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6944">https://bugs.mageia.org/show_bug.cgi?id=6944</A> + +phpmyadmin - needs updated to 3.5.2.1 and fixed in Cauldron for new apache conf layout +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6905">https://bugs.mageia.org/show_bug.cgi?id=6905</A> + +openafs - patches available from Debian, plus a newer version is in Mageia 1 than Mageia 2 +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7085">https://bugs.mageia.org/show_bug.cgi?id=7085</A> + +openswan - patches are available from RedHat, one needs re-diffing +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7095">https://bugs.mageia.org/show_bug.cgi?id=7095</A> + +torque - also a permissions problem in the package +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6082">https://bugs.mageia.org/show_bug.cgi?id=6082</A> + +tor - issues fixed upstream in 0.2.2.34 (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5351">https://bugs.mageia.org/show_bug.cgi?id=5351</A> + +erlang - issue fixed in R14B03 (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7062">https://bugs.mageia.org/show_bug.cgi?id=7062</A> + +fuse - patches available from RedHat (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7063">https://bugs.mageia.org/show_bug.cgi?id=7063</A> + +blender - patch available from Fedora (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7065">https://bugs.mageia.org/show_bug.cgi?id=7065</A> + +libvoikko - issue fixed in 3.2.1 (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7067">https://bugs.mageia.org/show_bug.cgi?id=7067</A> + +php-ZendFramework - issues fixed upstream in 1.11.6 (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7083">https://bugs.mageia.org/show_bug.cgi?id=7083</A> + +abrt/libreport/btparser - should probably be upgraded to newer versions available from RedHat +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6523">https://bugs.mageia.org/show_bug.cgi?id=6523</A> + +sos - 62 patches available from Fedora +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6525">https://bugs.mageia.org/show_bug.cgi?id=6525</A> + +x11-server - upstream diffs linked by RedHat, maybe patches available from Ubuntu or Gentoo, plus other security issues fixed by RH/OpenSuSE/Ubuntu +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6744">https://bugs.mageia.org/show_bug.cgi?id=6744</A> + +In progress (help needed to finish) +----------------------------------- +dhcp - issues fixed upstream in 4.2.4-P1 +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6872">https://bugs.mageia.org/show_bug.cgi?id=6872</A> + +bind - issues fixed upstream in 9.8.3-P2 and 9.9.1-P2 +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6873">https://bugs.mageia.org/show_bug.cgi?id=6873</A> + +xen - doesn't build in Cauldron (incompatible pointer type in i8259.c), other patches missing +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6931">https://bugs.mageia.org/show_bug.cgi?id=6931</A> + +stunnel - updated/fixed in Cauldron, probably should just port updated version back +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=3951">https://bugs.mageia.org/show_bug.cgi?id=3951</A> + +gc - links to upstream and Fedora patches available in bug, already fixed in Cauldron +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6652">https://bugs.mageia.org/show_bug.cgi?id=6652</A> + +bip - patch in Mageia 1 didn't fix it according to QA, patch wasn't applied in Mageia 2 +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=4319">https://bugs.mageia.org/show_bug.cgi?id=4319</A> + +emacs - re-diffing patch for Emacs 23.2 (Mageia 1) is non-trivial +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6995">https://bugs.mageia.org/show_bug.cgi?id=6995</A> + +</PRE> + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="018230.html">[Mageia-dev] Upgrade of Kolab to 3.0 Alpha +</A></li> + <LI>Next message: <A HREF="018214.html">[Mageia-dev] [changelog] [RPM] cauldron core/release openvpn-2.2.2-7.mga3 +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#18213">[ date ]</a> + <a href="thread.html#18213">[ thread ]</a> + <a href="subject.html#18213">[ subject ]</a> + <a href="author.html#18213">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |