diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-September/018515.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-September/018515.html | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-September/018515.html b/zarb-ml/mageia-dev/2012-September/018515.html new file mode 100644 index 000000000..d6a3ae3d1 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-September/018515.html @@ -0,0 +1,172 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Security updates - help needed! + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20help%20needed%21&In-Reply-To=%3C1346968275.21766.YahooMailClassic%40web122006.mail.ne1.yahoo.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="018514.html"> + <LINK REL="Next" HREF="018517.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Security updates - help needed!</H1> + <B>David Walser</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20help%20needed%21&In-Reply-To=%3C1346968275.21766.YahooMailClassic%40web122006.mail.ne1.yahoo.com%3E" + TITLE="[Mageia-dev] Security updates - help needed!">luigiwalser at yahoo.com + </A><BR> + <I>Thu Sep 6 23:51:15 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="018514.html">[Mageia-dev] [changelog] [RPM] cauldron core/release qemu-1.2.0-2.mga3 +</A></li> + <LI>Next message: <A HREF="018517.html">[Mageia-dev] Network issue with pm-suspend +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#18515">[ date ]</a> + <a href="thread.html#18515">[ thread ]</a> + <a href="subject.html#18515">[ subject ]</a> + <a href="author.html#18515">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>I've cleared the low-hanging fruit again and handled the ones I can handle, clearing out most of the in-progress ones. + +The rest of these need someone to step up and take responsibility for them if they're gonna get done. Thanks to all that have helped so far. + +......... updated initial message below ........ + +There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers. + +Please help out with these where you can. + +I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help. + +Web apps +-------- +ocsinventory - Mageia 1 package needs to be updated or patched (patches available from MDV) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5252">https://bugs.mageia.org/show_bug.cgi?id=5252</A> +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=2129">https://bugs.mageia.org/show_bug.cgi?id=2129</A> + +mediawiki - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this. +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=3448">https://bugs.mageia.org/show_bug.cgi?id=3448</A> + +drupal - update built, issues found by QA need fixing. Oliver Burger is working on this. +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5844">https://bugs.mageia.org/show_bug.cgi?id=5844</A> + +roundcubemail - issues fixed upstream in 0.8.1, or 0.7.3 + patch from Fedora +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7246">https://bugs.mageia.org/show_bug.cgi?id=7246</A> + +zabbix - issues fixed in 1.8.15 upstream, two possible patches linked in bug +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7277">https://bugs.mageia.org/show_bug.cgi?id=7277</A> + +GNOME software +-------------- +empathy - XSS issues fixed upstream in 3.2.1 (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7008">https://bugs.mageia.org/show_bug.cgi?id=7008</A> + +libvirt - patches available from RedHat +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6526">https://bugs.mageia.org/show_bug.cgi?id=6526</A> + +libgnomesu - re-diffing the patch might be non-trivial since OpenSuSE has many other patches too +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7068">https://bugs.mageia.org/show_bug.cgi?id=7068</A> + +gjs - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6382">https://bugs.mageia.org/show_bug.cgi?id=6382</A> + +Games +----- +openarena, alienarena - affected by DoS bug in quake3 engine. Juan Luis Baptiste is working on this. +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5496">https://bugs.mageia.org/show_bug.cgi?id=5496</A> + +Java-related +------------ +java-1.7.0-openjdk - IcedTea needs updated in Mageia 2 +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7278">https://bugs.mageia.org/show_bug.cgi?id=7278</A> + +jruby - fixed upstream in 1.6.5.1 +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6742">https://bugs.mageia.org/show_bug.cgi?id=6742</A> + +poi - In progress by D Morgan. Additional updates pending. +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6011">https://bugs.mageia.org/show_bug.cgi?id=6011</A> + +apache-commons-compress - In progress by D Morgan. Mageia 1 updates pending. +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6331">https://bugs.mageia.org/show_bug.cgi?id=6331</A> + +apache-commons-daemon - fixed upstream in 1.0.7 (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7004">https://bugs.mageia.org/show_bug.cgi?id=7004</A> + +Ruby-related +------------ +Several security issues, one possible packaging issue +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6487">https://bugs.mageia.org/show_bug.cgi?id=6487</A> + +No response has been received from packagers yet +------------------------------------------------ +openafs - patches available from Debian, plus a newer version is in Mageia 1 than Mageia 2 +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7085">https://bugs.mageia.org/show_bug.cgi?id=7085</A> + +openswan - patches are available from RedHat, one needs re-diffing +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7095">https://bugs.mageia.org/show_bug.cgi?id=7095</A> + +tor - issues fixed upstream in 0.2.2.34 and 0.2.2.38 +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5351">https://bugs.mageia.org/show_bug.cgi?id=5351</A> + +erlang - issue fixed in R14B03 (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7062">https://bugs.mageia.org/show_bug.cgi?id=7062</A> + +fuse - patches available from RedHat (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7063">https://bugs.mageia.org/show_bug.cgi?id=7063</A> + +blender - patch available from Fedora (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7065">https://bugs.mageia.org/show_bug.cgi?id=7065</A> + +libvoikko - issue fixed in 3.2.1 (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7067">https://bugs.mageia.org/show_bug.cgi?id=7067</A> + +php-ZendFramework - issues fixed upstream in 1.11.6 (only Mageia 1 is affected) +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7083">https://bugs.mageia.org/show_bug.cgi?id=7083</A> + +abrt/libreport/btparser - should probably be upgraded to newer versions available from RedHat +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6523">https://bugs.mageia.org/show_bug.cgi?id=6523</A> + +sos - 62 patches available from Fedora +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6525">https://bugs.mageia.org/show_bug.cgi?id=6525</A> + +x11-server - upstream diffs linked by RedHat, maybe patches available from Ubuntu or Gentoo, plus other security issues fixed by RH/OpenSuSE/Ubuntu +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6744">https://bugs.mageia.org/show_bug.cgi?id=6744</A> + +In progress (help needed to finish) +----------------------------------- +xen - more patches need applied in Mageia 1 and Mageia 2 branches +<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6931">https://bugs.mageia.org/show_bug.cgi?id=6931</A> + +</PRE> + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="018514.html">[Mageia-dev] [changelog] [RPM] cauldron core/release qemu-1.2.0-2.mga3 +</A></li> + <LI>Next message: <A HREF="018517.html">[Mageia-dev] Network issue with pm-suspend +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#18515">[ date ]</a> + <a href="thread.html#18515">[ thread ]</a> + <a href="subject.html#18515">[ subject ]</a> + <a href="author.html#18515">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |