[Mageia-dev] Security updates - help needed!
David Walser
luigiwalser at yahoo.com
Fri Aug 10 21:56:08 CEST 2012
I've picked off all of the low-hanging fruit, so the remaining packages on this list really do need help to get fixed.
......... updated initial message below ........
There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers.
Please help out with these where you can.
I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help.
Web apps
--------
ocsinventory - Mageia 1 package needs to be updated or patched (patches available from MDV)
https://bugs.mageia.org/show_bug.cgi?id=5252
https://bugs.mageia.org/show_bug.cgi?id=2129
mediawiki - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this.
https://bugs.mageia.org/show_bug.cgi?id=3448
drupal - update built, issues found by QA need fixing. Oliver Burger is working on this.
https://bugs.mageia.org/show_bug.cgi?id=5844
GNOME software
--------------
mono - upstream commit linked
https://bugs.mageia.org/show_bug.cgi?id=6789
libvirt - patch available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6526
libguestfs - patch available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6818
gjs - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything
https://bugs.mageia.org/show_bug.cgi?id=6382
Games
-----
openarena, alienarena - affected by DoS bug in quake3 engine. Juan Luis Baptiste is working on this.
https://bugs.mageia.org/show_bug.cgi?id=5496
Java-related
------------
jruby - fixed upstream in 1.6.5.1
https://bugs.mageia.org/show_bug.cgi?id=6742
poi - In progress by D Morgan. Additional updates pending.
https://bugs.mageia.org/show_bug.cgi?id=6011
apache-commons-compress - In progress by D Morgan. Mageia 1 updates pending.
https://bugs.mageia.org/show_bug.cgi?id=6331
apache-commons-daemon - fixed upstream in 1.0.7 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7004
Ruby-related
------------
Several security issues, one possible packaging issue
https://bugs.mageia.org/show_bug.cgi?id=6487
No response has been received from packagers yet
------------------------------------------------
ganglia - patch available from Fedora, we have another bug report saying it doesn't start
https://bugs.mageia.org/show_bug.cgi?id=6874
libreoffice - Mageia 1 only, patch available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6944
stunnel - package has several other issues as well, should probably just be updated
https://bugs.mageia.org/show_bug.cgi?id=3951
phpmyadmin - needs updated to 3.5.2.1 and fixed in Cauldron for new apache conf layout
https://bugs.mageia.org/show_bug.cgi?id=6905
python-django - issues fixed upstream in 1.3.2. Philippe Makowski said he'll work on this.
https://bugs.mageia.org/show_bug.cgi?id=6986
empathy - XSS issues fixed upstream in 3.2.1 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7008
abrt/libreport/btparser - should probably be upgraded to newer versions available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6523
sos - 62 patches available from Fedora
https://bugs.mageia.org/show_bug.cgi?id=6525
x11-server - upstream diffs linked by RedHat, maybe patches available from Ubuntu or Gentoo, plus other security issues fixed by RH/OpenSuSE/Ubuntu
https://bugs.mageia.org/show_bug.cgi?id=6744
In progress (help needed to finish)
-----------------------------------
dhcp - issues fixed upstream in 4.2.4-P1
https://bugs.mageia.org/show_bug.cgi?id=6872
bind - issues fixed upstream in 9.8.3-P2 and 9.9.1-P2
https://bugs.mageia.org/show_bug.cgi?id=6873
xen - doesn't build in Cauldron (incompatible pointer type in i8259.c)
https://bugs.mageia.org/show_bug.cgi?id=6931
gc - links to upstream and Fedora patches available in bug, already fixed in Cauldron
https://bugs.mageia.org/show_bug.cgi?id=6652
bip - patch in Mageia 1 didn't fix it according to QA, patch wasn't applied in Mageia 2
https://bugs.mageia.org/show_bug.cgi?id=4319
emacs - re-diffing patch for Emacs 23.2 (Mageia 1) is non-trivial
https://bugs.mageia.org/show_bug.cgi?id=6995
psi - fixed in SVN, does not build in Cauldron (can't find qca2-devel even though it's installed)
https://bugs.mageia.org/show_bug.cgi?id=7002
More information about the Mageia-dev
mailing list