[Mageia-dev] Security updates - help needed!
David Walser
luigiwalser at yahoo.com
Thu Jan 3 15:28:25 CET 2013
First update of the new year. Please help where you can.
Also, Manuel pointed out a bugzilla search that will typically contain most of these.
https://bugs.mageia.org/buglist.cgi?quicksearch=comp:secu+-@qa-b
......... updated initial message below ........
There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers.
Please help out with these where you can.
I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help.
Web apps
--------
mediawiki [mga2] - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this.
https://bugs.mageia.org/show_bug.cgi?id=3448
glpi [mga2] - issue fixed in 0.83.3, no backported patch is available that I'm aware of
https://bugs.mageia.org/show_bug.cgi?id=6762
GNOME software
--------------
libvirt [mga2+cauldron] - patches available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6526
Games
-----
openarena, alienarena [mga2] - affected by DoS bug in quake3 engine.
https://bugs.mageia.org/show_bug.cgi?id=5496
Java-related
------------
tomcat5, tomcat6, tomcat [mga2,cauldron] - issues fixed upstream
https://bugs.mageia.org/show_bug.cgi?id=8307
jruby [mga2+cauldron] - one issue fixed upstream in 1.6.5.1, the other in 1.7.1
https://bugs.mageia.org/show_bug.cgi?id=6742
poi [mga2+cauldron] - jakarta-poi possibly needs patched
https://bugs.mageia.org/show_bug.cgi?id=6011
apache-commons-compress [mga2] - apache-commons-compress10 possibly needs patched
https://bugs.mageia.org/show_bug.cgi?id=6331
Ruby-related
------------
Several security issues, one possible packaging issue [mga2+cauldron]
https://bugs.mageia.org/show_bug.cgi?id=6487
No response has been received from packagers yet
------------------------------------------------
qt4 [mga2] - issue fixed upstream in 4.8.4
https://bugs.mageia.org/show_bug.cgi?id=7998
librdmacm [cauldron] - upstream patch linked in RedHat bug
https://bugs.mageia.org/show_bug.cgi?id=8415
squashfs-tools [mga2+cauldron] - patches for Cauldron available from Fedora, unsure about mga2
https://bugs.mageia.org/show_bug.cgi?id=8448
libreoffice [mga2] - patch available from Debian
https://bugs.mageia.org/show_bug.cgi?id=7949
chromium/v8 [mga2+cauldron] - need upgraded to newest versions
https://bugs.mageia.org/show_bug.cgi?id=6927
https://bugs.mageia.org/show_bug.cgi?id=8567
In progress (help needed to finish)
-----------------------------------
kdelibs4 [mga2] - upstream patches linked in RedHat bugs, we have one of the four in SVN
https://bugs.mageia.org/show_bug.cgi?id=7999
xen [mga2+cauldron] - several outstanding security issues need additional patches applied
https://bugs.mageia.org/show_bug.cgi?id=6931
openafs [mga2] - pam_afs is missing from the current build in updates_testing
https://bugs.mageia.org/show_bug.cgi?id=7085
More information about the Mageia-dev
mailing list