[Mageia-dev] Security updates - help needed (status update)

Fri Aug 17 19:56:14 CEST 2012

Here's a status update, as some have been fixed and new ones have been found.
+
+I'll be really busy at work for the next couple weeks, so I'll update this in September.
+
+......... updated initial message below ........
+
+There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers.
+
+Please help out with these where you can.
+
+I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help.
+
+Web apps
+--------
+ocsinventory - Mageia 1 package needs to be updated or patched (patches available from MDV)
+https://bugs.mageia.org/show_bug.cgi?id=5252
+https://bugs.mageia.org/show_bug.cgi?id=2129
+
+mediawiki - versions we have are at or nearing EOL upstream, probably should be updated.  Oliver Burger is working on this.
+https://bugs.mageia.org/show_bug.cgi?id=3448
+
+drupal - update built, issues found by QA need fixing.  Oliver Burger is working on this.
+https://bugs.mageia.org/show_bug.cgi?id=5844
+
+GNOME software
+--------------
+empathy - XSS issues fixed upstream in 3.2.1 (only Mageia 1 is affected)
+https://bugs.mageia.org/show_bug.cgi?id=7008
+
+libvirt - patches available from RedHat
+https://bugs.mageia.org/show_bug.cgi?id=6526
+
+libgnomesu - re-diffing the patch might be non-trivial since OpenSuSE has many other patches too
+https://bugs.mageia.org/show_bug.cgi?id=7068
+
+gjs - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything
+https://bugs.mageia.org/show_bug.cgi?id=6382
+
+Games
+-----
+openarena, alienarena - affected by DoS bug in quake3 engine.  Juan Luis Baptiste is working on this.
+https://bugs.mageia.org/show_bug.cgi?id=5496
+
+Java-related
+------------
+jruby - fixed upstream in 1.6.5.1
+https://bugs.mageia.org/show_bug.cgi?id=6742
+
+poi - In progress by D Morgan.  Additional updates pending.
+https://bugs.mageia.org/show_bug.cgi?id=6011
+
+apache-commons-compress - In progress by D Morgan.  Mageia 1 updates pending.
+https://bugs.mageia.org/show_bug.cgi?id=6331
+
+apache-commons-daemon - fixed upstream in 1.0.7 (only Mageia 1 is affected)
+https://bugs.mageia.org/show_bug.cgi?id=7004
+
+Ruby-related
+------------
+Several security issues, one possible packaging issue
+https://bugs.mageia.org/show_bug.cgi?id=6487
+
+No response has been received from packagers yet
+------------------------------------------------
+ganglia - patch available from Fedora, we have another bug report saying it doesn't start
+https://bugs.mageia.org/show_bug.cgi?id=6874
+
+libreoffice - Mageia 1 only, patch available from RedHat
+https://bugs.mageia.org/show_bug.cgi?id=6944
+
+phpmyadmin - needs updated to 3.5.2.1 and fixed in Cauldron for new apache conf layout
+https://bugs.mageia.org/show_bug.cgi?id=6905
+
+openafs - patches available from Debian, plus a newer version is in Mageia 1 than Mageia 2
+https://bugs.mageia.org/show_bug.cgi?id=7085
+
+openswan - patches are available from RedHat, one needs re-diffing
+https://bugs.mageia.org/show_bug.cgi?id=7095
+
+torque - also a permissions problem in the package
+https://bugs.mageia.org/show_bug.cgi?id=6082
+
+tor - issues fixed upstream in 0.2.2.34 (only Mageia 1 is affected)
+https://bugs.mageia.org/show_bug.cgi?id=5351
+
+erlang - issue fixed in R14B03 (only Mageia 1 is affected)
+https://bugs.mageia.org/show_bug.cgi?id=7062
+
+fuse - patches available from RedHat (only Mageia 1 is affected)
+https://bugs.mageia.org/show_bug.cgi?id=7063
+
+blender - patch available from Fedora (only Mageia 1 is affected)
+https://bugs.mageia.org/show_bug.cgi?id=7065
+
+libvoikko - issue fixed in 3.2.1 (only Mageia 1 is affected)
+https://bugs.mageia.org/show_bug.cgi?id=7067
+
+php-ZendFramework - issues fixed upstream in 1.11.6 (only Mageia 1 is affected)
+https://bugs.mageia.org/show_bug.cgi?id=7083
+
+abrt/libreport/btparser - should probably be upgraded to newer versions available from RedHat
+https://bugs.mageia.org/show_bug.cgi?id=6523
+
+sos - 62 patches available from Fedora
+https://bugs.mageia.org/show_bug.cgi?id=6525
+
+x11-server - upstream diffs linked by RedHat, maybe patches available from Ubuntu or Gentoo, plus other security issues fixed by RH/OpenSuSE/Ubuntu
+https://bugs.mageia.org/show_bug.cgi?id=6744
+
+In progress (help needed to finish)
+-----------------------------------
+dhcp - issues fixed upstream in 4.2.4-P1
+https://bugs.mageia.org/show_bug.cgi?id=6872
+
+bind - issues fixed upstream in 9.8.3-P2 and 9.9.1-P2
+https://bugs.mageia.org/show_bug.cgi?id=6873
+
+xen - doesn't build in Cauldron (incompatible pointer type in i8259.c), other patches missing
+https://bugs.mageia.org/show_bug.cgi?id=6931
+
+stunnel - updated/fixed in Cauldron, probably should just port updated version back
+https://bugs.mageia.org/show_bug.cgi?id=3951
+
+gc - links to upstream and Fedora patches available in bug, already fixed in Cauldron
+https://bugs.mageia.org/show_bug.cgi?id=6652
+
+bip - patch in Mageia 1 didn't fix it according to QA, patch wasn't applied in Mageia 2
+https://bugs.mageia.org/show_bug.cgi?id=4319
+
+emacs - re-diffing patch for Emacs 23.2 (Mageia 1) is non-trivial
+https://bugs.mageia.org/show_bug.cgi?id=6995
+
+