[Mageia-dev] Security updates - help needed (status update)
David Walser
luigiwalser at yahoo.com
Fri Aug 17 19:56:14 CEST 2012
Here's a status update, as some have been fixed and new ones have been found.
I'll be really busy at work for the next couple weeks, so I'll update this in September.
......... updated initial message below ........
There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers.
Please help out with these where you can.
I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help.
Web apps
--------
ocsinventory - Mageia 1 package needs to be updated or patched (patches available from MDV)
https://bugs.mageia.org/show_bug.cgi?id=5252
https://bugs.mageia.org/show_bug.cgi?id=2129
mediawiki - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this.
https://bugs.mageia.org/show_bug.cgi?id=3448
drupal - update built, issues found by QA need fixing. Oliver Burger is working on this.
https://bugs.mageia.org/show_bug.cgi?id=5844
GNOME software
--------------
empathy - XSS issues fixed upstream in 3.2.1 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7008
libvirt - patches available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6526
libgnomesu - re-diffing the patch might be non-trivial since OpenSuSE has many other patches too
https://bugs.mageia.org/show_bug.cgi?id=7068
gjs - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything
https://bugs.mageia.org/show_bug.cgi?id=6382
Games
-----
openarena, alienarena - affected by DoS bug in quake3 engine. Juan Luis Baptiste is working on this.
https://bugs.mageia.org/show_bug.cgi?id=5496
Java-related
------------
jruby - fixed upstream in 1.6.5.1
https://bugs.mageia.org/show_bug.cgi?id=6742
poi - In progress by D Morgan. Additional updates pending.
https://bugs.mageia.org/show_bug.cgi?id=6011
apache-commons-compress - In progress by D Morgan. Mageia 1 updates pending.
https://bugs.mageia.org/show_bug.cgi?id=6331
apache-commons-daemon - fixed upstream in 1.0.7 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7004
Ruby-related
------------
Several security issues, one possible packaging issue
https://bugs.mageia.org/show_bug.cgi?id=6487
No response has been received from packagers yet
------------------------------------------------
ganglia - patch available from Fedora, we have another bug report saying it doesn't start
https://bugs.mageia.org/show_bug.cgi?id=6874
libreoffice - Mageia 1 only, patch available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6944
phpmyadmin - needs updated to 3.5.2.1 and fixed in Cauldron for new apache conf layout
https://bugs.mageia.org/show_bug.cgi?id=6905
openafs - patches available from Debian, plus a newer version is in Mageia 1 than Mageia 2
https://bugs.mageia.org/show_bug.cgi?id=7085
openswan - patches are available from RedHat, one needs re-diffing
https://bugs.mageia.org/show_bug.cgi?id=7095
torque - also a permissions problem in the package
https://bugs.mageia.org/show_bug.cgi?id=6082
tor - issues fixed upstream in 0.2.2.34 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=5351
erlang - issue fixed in R14B03 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7062
fuse - patches available from RedHat (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7063
blender - patch available from Fedora (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7065
libvoikko - issue fixed in 3.2.1 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7067
php-ZendFramework - issues fixed upstream in 1.11.6 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7083
abrt/libreport/btparser - should probably be upgraded to newer versions available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6523
sos - 62 patches available from Fedora
https://bugs.mageia.org/show_bug.cgi?id=6525
x11-server - upstream diffs linked by RedHat, maybe patches available from Ubuntu or Gentoo, plus other security issues fixed by RH/OpenSuSE/Ubuntu
https://bugs.mageia.org/show_bug.cgi?id=6744
In progress (help needed to finish)
-----------------------------------
dhcp - issues fixed upstream in 4.2.4-P1
https://bugs.mageia.org/show_bug.cgi?id=6872
bind - issues fixed upstream in 9.8.3-P2 and 9.9.1-P2
https://bugs.mageia.org/show_bug.cgi?id=6873
xen - doesn't build in Cauldron (incompatible pointer type in i8259.c), other patches missing
https://bugs.mageia.org/show_bug.cgi?id=6931
stunnel - updated/fixed in Cauldron, probably should just port updated version back
https://bugs.mageia.org/show_bug.cgi?id=3951
gc - links to upstream and Fedora patches available in bug, already fixed in Cauldron
https://bugs.mageia.org/show_bug.cgi?id=6652
bip - patch in Mageia 1 didn't fix it according to QA, patch wasn't applied in Mageia 2
https://bugs.mageia.org/show_bug.cgi?id=4319
emacs - re-diffing patch for Emacs 23.2 (Mageia 1) is non-trivial
https://bugs.mageia.org/show_bug.cgi?id=6995
More information about the Mageia-dev
mailing list