zarb-ml/mageia-dev/2012-November/019745.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
 <HEAD>
   <TITLE> [Mageia-dev] Security updates - help needed (status update)
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20help%20needed%20%28status%20update%29&In-Reply-To=%3C1351880399.64550.YahooMailClassic%40web122006.mail.ne1.yahoo.com%3E">
   <META NAME="robots" CONTENT="index,nofollow">
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="019743.html">
   <LINK REL="Next"  HREF="019746.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[Mageia-dev] Security updates - help needed (status update)</H1>
    <B>David Walser</B> 
    <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20help%20needed%20%28status%20update%29&In-Reply-To=%3C1351880399.64550.YahooMailClassic%40web122006.mail.ne1.yahoo.com%3E"
       TITLE="[Mageia-dev] Security updates - help needed (status update)">luigiwalser at yahoo.com
       </A><BR>
    <I>Fri Nov  2 19:19:59 CET 2012</I>
    <P><UL>
        <LI>Previous message: <A HREF="019743.html">[Mageia-dev] Proposed Feature: MTP (Media Transport Protocol)	Support
</A></li>
        <LI>Next message: <A HREF="019746.html">[Mageia-dev] ldap lat utility
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#19745">[ date ]</a>
              <a href="thread.html#19745">[ thread ]</a>
              <a href="subject.html#19745">[ subject ]</a>
              <a href="author.html#19745">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--beginarticle-->
<PRE>Here's the current list.  I fixed the ones I could from the old list, some still remain, some new ones are here.  Help is needed for all of them.

If anyone can help with LibreOffice or Java stuff that'd be great, since our maintainer has been off IRC and bugzilla for a few weeks now.

I've tagged each of these with the versions affected, so hopefully that's helpful.

Since the council is in such a hurry to retire Mageia 1, this is the last chance to get any of these fixed there.

Also, Manuel pointed out a bugzilla search that will typically contain most of these.
<A HREF="https://bugs.mageia.org/buglist.cgi?quicksearch=comp:secu+-@qa-b">https://bugs.mageia.org/buglist.cgi?quicksearch=comp:secu+-@qa-b</A>

......... updated initial message below ........

There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers.

Please help out with these where you can.

I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help.

Web apps
--------
mediawiki [mga1+mga2] - versions we have are at or nearing EOL upstream, probably should be updated.  Oliver Burger is working on this.
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=3448">https://bugs.mageia.org/show_bug.cgi?id=3448</A>

drupal [mga1] - update built, issues found by QA need fixing on Mageia 1.
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5844">https://bugs.mageia.org/show_bug.cgi?id=5844</A>

webmin [mga1+mga2+cauldron] - security issue fixed upstream in 1.600, package has other bugs too
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7803">https://bugs.mageia.org/show_bug.cgi?id=7803</A>

zabbix [mga2+cauldron] - issues fixed in 1.8.15 upstream, two possible patches linked in bug
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7277">https://bugs.mageia.org/show_bug.cgi?id=7277</A>

otrs [mga2] - issue fixed in 3.1.10
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7527">https://bugs.mageia.org/show_bug.cgi?id=7527</A>

glpi [mga1+mga2] - issue fixed in 0.83.3, no backported patch is available that I'm aware of
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6762">https://bugs.mageia.org/show_bug.cgi?id=6762</A>

GNOME software
--------------
empathy [mga1] - XSS issues fixed upstream in 3.2.1 (only Mageia 1 is affected)
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7008">https://bugs.mageia.org/show_bug.cgi?id=7008</A>

libvirt [mga1+mga2+cauldron] - patches available from RedHat
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6526">https://bugs.mageia.org/show_bug.cgi?id=6526</A>

libgnomesu [mga1+mga2+cauldron] - re-diffing the patch might be non-trivial since OpenSuSE has many other patches too
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7068">https://bugs.mageia.org/show_bug.cgi?id=7068</A>

gjs [mga1] - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6382">https://bugs.mageia.org/show_bug.cgi?id=6382</A>

Games
-----
openarena, alienarena [mga1+mga2] - affected by DoS bug in quake3 engine.
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5496">https://bugs.mageia.org/show_bug.cgi?id=5496</A>

ioquake3 [mga1] - update candidate for Mageia 1 has issues that still need to be fixed
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6997">https://bugs.mageia.org/show_bug.cgi?id=6997</A>

Java-related
------------
tomcat5 [mga1] - minor packaging issue found by QA needs fixed on Mageia 1
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=3099">https://bugs.mageia.org/show_bug.cgi?id=3099</A>

jruby [mga2+cauldron] - fixed upstream in 1.6.5.1
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6742">https://bugs.mageia.org/show_bug.cgi?id=6742</A>

poi [mga1+mga2+cauldron] - Some updates for this have been built, others are still needed
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6011">https://bugs.mageia.org/show_bug.cgi?id=6011</A>

apache-commons-compress [mga1+mga2] - Mageia 2 update done, needs Mageia 1 update
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6331">https://bugs.mageia.org/show_bug.cgi?id=6331</A>

apache-commons-daemon [mga1] - fixed upstream in 1.0.7 (only Mageia 1 is affected)
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7004">https://bugs.mageia.org/show_bug.cgi?id=7004</A>

Ruby-related
------------
Several security issues, one possible packaging issue [mga1+mga2+cauldron]
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6487">https://bugs.mageia.org/show_bug.cgi?id=6487</A>

No response has been received from packagers yet
------------------------------------------------
libreoffice [mga1+mga2+cauldron] - possibly a patch available from Debian
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7949">https://bugs.mageia.org/show_bug.cgi?id=7949</A>

erlang [mga1] - issue fixed in R14B03 (only Mageia 1 is affected)
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7062">https://bugs.mageia.org/show_bug.cgi?id=7062</A>

fuse [mga1] - patches available from RedHat (only Mageia 1 is affected)
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7063">https://bugs.mageia.org/show_bug.cgi?id=7063</A>

libvoikko [mga1] - issue fixed in 3.2.1 (only Mageia 1 is affected)
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7067">https://bugs.mageia.org/show_bug.cgi?id=7067</A>

abrt/libreport/btparser [mga1+mga2+cauldron] - should probably be upgraded to newer versions available from RedHat
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6523">https://bugs.mageia.org/show_bug.cgi?id=6523</A>

In progress (help needed to finish)
-----------------------------------
xen [mga1+mga2+cauldron] - more patches need applied in Mageia 1 and Mageia 2 branches
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6931">https://bugs.mageia.org/show_bug.cgi?id=6931</A>

transmission [mga1] - patch is non-trivial to rediff on Mageia 1, backport doesn't quite build
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7590">https://bugs.mageia.org/show_bug.cgi?id=7590</A>

openafs [mga1+mga2] - pam_afs is missing from the current build in updates_testing
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7085">https://bugs.mageia.org/show_bug.cgi?id=7085</A>

munin [mga1+mga2] - issue fixed upstream in 2.0.6
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7591">https://bugs.mageia.org/show_bug.cgi?id=7591</A>

</PRE>


<!--endarticle-->
    <HR>
    <P><UL>
        <!--threads-->
	<LI>Previous message: <A HREF="019743.html">[Mageia-dev] Proposed Feature: MTP (Media Transport Protocol)	Support
</A></li>
	<LI>Next message: <A HREF="019746.html">[Mageia-dev] ldap lat utility
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#19745">[ date ]</a>
              <a href="thread.html#19745">[ thread ]</a>
              <a href="subject.html#19745">[ subject ]</a>
              <a href="author.html#19745">[ author ]</a>
         </LI>
       </UL>

<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>