zarb-ml/mageia-dev/2013-January/021091.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
 <HEAD>
   <TITLE> [Mageia-dev] Security updates - help needed!
   </TITLE>
   <LINK REL="Index" HREF="index.html" >
   <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20help%20needed%21&In-Reply-To=%3C1357223305.72380.YahooMailClassic%40web122005.mail.ne1.yahoo.com%3E">
   <META NAME="robots" CONTENT="index,nofollow">
   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
   <LINK REL="Previous"  HREF="021130.html">
   <LINK REL="Next"  HREF="021093.html">
 </HEAD>
 <BODY BGCOLOR="#ffffff">
   <H1>[Mageia-dev] Security updates - help needed!</H1>
    <B>David Walser</B> 
    <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Security%20updates%20-%20help%20needed%21&In-Reply-To=%3C1357223305.72380.YahooMailClassic%40web122005.mail.ne1.yahoo.com%3E"
       TITLE="[Mageia-dev] Security updates - help needed!">luigiwalser at yahoo.com
       </A><BR>
    <I>Thu Jan  3 15:28:25 CET 2013</I>
    <P><UL>
        <LI>Previous message: <A HREF="021130.html">[Mageia-dev] Mageia 2 / Mageia 3 beta on EC2
</A></li>
        <LI>Next message: <A HREF="021093.html">[Mageia-dev] Mageia 1 EOL.
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#21091">[ date ]</a>
              <a href="thread.html#21091">[ thread ]</a>
              <a href="subject.html#21091">[ subject ]</a>
              <a href="author.html#21091">[ author ]</a>
         </LI>
       </UL>
    <HR>  
<!--beginarticle-->
<PRE>First update of the new year.  Please help where you can.

Also, Manuel pointed out a bugzilla search that will typically contain most of these.
<A HREF="https://bugs.mageia.org/buglist.cgi?quicksearch=comp:secu+-@qa-b">https://bugs.mageia.org/buglist.cgi?quicksearch=comp:secu+-@qa-b</A>

......... updated initial message below ........

There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers.

Please help out with these where you can.

I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help.

Web apps
--------
mediawiki [mga2] - versions we have are at or nearing EOL upstream, probably should be updated.  Oliver Burger is working on this.
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=3448">https://bugs.mageia.org/show_bug.cgi?id=3448</A>

glpi [mga2] - issue fixed in 0.83.3, no backported patch is available that I'm aware of
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6762">https://bugs.mageia.org/show_bug.cgi?id=6762</A>

GNOME software
--------------
libvirt [mga2+cauldron] - patches available from RedHat
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6526">https://bugs.mageia.org/show_bug.cgi?id=6526</A>

Games
-----
openarena, alienarena [mga2] - affected by DoS bug in quake3 engine.
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=5496">https://bugs.mageia.org/show_bug.cgi?id=5496</A>

Java-related
------------
tomcat5, tomcat6, tomcat [mga2,cauldron] - issues fixed upstream
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=8307">https://bugs.mageia.org/show_bug.cgi?id=8307</A>

jruby [mga2+cauldron] - one issue fixed upstream in 1.6.5.1, the other in 1.7.1
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6742">https://bugs.mageia.org/show_bug.cgi?id=6742</A>

poi [mga2+cauldron] - jakarta-poi possibly needs patched
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6011">https://bugs.mageia.org/show_bug.cgi?id=6011</A>

apache-commons-compress [mga2] - apache-commons-compress10 possibly needs patched
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6331">https://bugs.mageia.org/show_bug.cgi?id=6331</A>

Ruby-related
------------
Several security issues, one possible packaging issue [mga2+cauldron]
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6487">https://bugs.mageia.org/show_bug.cgi?id=6487</A>

No response has been received from packagers yet
------------------------------------------------
qt4 [mga2] - issue fixed upstream in 4.8.4
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7998">https://bugs.mageia.org/show_bug.cgi?id=7998</A>

librdmacm [cauldron] - upstream patch linked in RedHat bug
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=8415">https://bugs.mageia.org/show_bug.cgi?id=8415</A>

squashfs-tools [mga2+cauldron] - patches for Cauldron available from Fedora, unsure about mga2
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=8448">https://bugs.mageia.org/show_bug.cgi?id=8448</A>

libreoffice [mga2] - patch available from Debian
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7949">https://bugs.mageia.org/show_bug.cgi?id=7949</A>

chromium/v8 [mga2+cauldron] - need upgraded to newest versions
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6927">https://bugs.mageia.org/show_bug.cgi?id=6927</A>
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=8567">https://bugs.mageia.org/show_bug.cgi?id=8567</A>

In progress (help needed to finish)
-----------------------------------
kdelibs4 [mga2] - upstream patches linked in RedHat bugs, we have one of the four in SVN
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7999">https://bugs.mageia.org/show_bug.cgi?id=7999</A>

xen [mga2+cauldron] - several outstanding security issues need additional patches applied
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=6931">https://bugs.mageia.org/show_bug.cgi?id=6931</A>

openafs [mga2] - pam_afs is missing from the current build in updates_testing
<A HREF="https://bugs.mageia.org/show_bug.cgi?id=7085">https://bugs.mageia.org/show_bug.cgi?id=7085</A>

</PRE>


<!--endarticle-->
    <HR>
    <P><UL>
        <!--threads-->
	<LI>Previous message: <A HREF="021130.html">[Mageia-dev] Mageia 2 / Mageia 3 beta on EC2
</A></li>
	<LI>Next message: <A HREF="021093.html">[Mageia-dev] Mageia 1 EOL.
</A></li>
         <LI> <B>Messages sorted by:</B> 
              <a href="date.html#21091">[ date ]</a>
              <a href="thread.html#21091">[ thread ]</a>
              <a href="subject.html#21091">[ subject ]</a>
              <a href="author.html#21091">[ author ]</a>
         </LI>
       </UL>

<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>