[Mageia-dev] Security updates - help needed (status update)

David Walser luigiwalser at yahoo.com
Fri Nov 2 19:19:59 CET 2012 

Here's the current list.  I fixed the ones I could from the old list, some still remain, some new ones are here.  Help is needed for all of them.

If anyone can help with LibreOffice or Java stuff that'd be great, since our maintainer has been off IRC and bugzilla for a few weeks now.

I've tagged each of these with the versions affected, so hopefully that's helpful.

Since the council is in such a hurry to retire Mageia 1, this is the last chance to get any of these fixed there.

Also, Manuel pointed out a bugzilla search that will typically contain most of these.
https://bugs.mageia.org/buglist.cgi?quicksearch=comp:secu+-@qa-b

......... updated initial message below ........

There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers.

Please help out with these where you can.

I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help.

Web apps
--------
mediawiki [mga1+mga2] - versions we have are at or nearing EOL upstream, probably should be updated.  Oliver Burger is working on this.
https://bugs.mageia.org/show_bug.cgi?id=3448

drupal [mga1] - update built, issues found by QA need fixing on Mageia 1.
https://bugs.mageia.org/show_bug.cgi?id=5844

webmin [mga1+mga2+cauldron] - security issue fixed upstream in 1.600, package has other bugs too
https://bugs.mageia.org/show_bug.cgi?id=7803

zabbix [mga2+cauldron] - issues fixed in 1.8.15 upstream, two possible patches linked in bug
https://bugs.mageia.org/show_bug.cgi?id=7277

otrs [mga2] - issue fixed in 3.1.10
https://bugs.mageia.org/show_bug.cgi?id=7527

glpi [mga1+mga2] - issue fixed in 0.83.3, no backported patch is available that I'm aware of
https://bugs.mageia.org/show_bug.cgi?id=6762

GNOME software
--------------
empathy [mga1] - XSS issues fixed upstream in 3.2.1 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7008

libvirt [mga1+mga2+cauldron] - patches available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6526

libgnomesu [mga1+mga2+cauldron] - re-diffing the patch might be non-trivial since OpenSuSE has many other patches too
https://bugs.mageia.org/show_bug.cgi?id=7068

gjs [mga1] - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything
https://bugs.mageia.org/show_bug.cgi?id=6382

Games
-----
openarena, alienarena [mga1+mga2] - affected by DoS bug in quake3 engine.
https://bugs.mageia.org/show_bug.cgi?id=5496

ioquake3 [mga1] - update candidate for Mageia 1 has issues that still need to be fixed
https://bugs.mageia.org/show_bug.cgi?id=6997

Java-related
------------
tomcat5 [mga1] - minor packaging issue found by QA needs fixed on Mageia 1
https://bugs.mageia.org/show_bug.cgi?id=3099

jruby [mga2+cauldron] - fixed upstream in 1.6.5.1
https://bugs.mageia.org/show_bug.cgi?id=6742

poi [mga1+mga2+cauldron] - Some updates for this have been built, others are still needed
https://bugs.mageia.org/show_bug.cgi?id=6011

apache-commons-compress [mga1+mga2] - Mageia 2 update done, needs Mageia 1 update
https://bugs.mageia.org/show_bug.cgi?id=6331

apache-commons-daemon [mga1] - fixed upstream in 1.0.7 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7004

Ruby-related
------------
Several security issues, one possible packaging issue [mga1+mga2+cauldron]
https://bugs.mageia.org/show_bug.cgi?id=6487

No response has been received from packagers yet
------------------------------------------------
libreoffice [mga1+mga2+cauldron] - possibly a patch available from Debian
https://bugs.mageia.org/show_bug.cgi?id=7949

erlang [mga1] - issue fixed in R14B03 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7062

fuse [mga1] - patches available from RedHat (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7063

libvoikko [mga1] - issue fixed in 3.2.1 (only Mageia 1 is affected)
https://bugs.mageia.org/show_bug.cgi?id=7067

abrt/libreport/btparser [mga1+mga2+cauldron] - should probably be upgraded to newer versions available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6523

In progress (help needed to finish)
-----------------------------------
xen [mga1+mga2+cauldron] - more patches need applied in Mageia 1 and Mageia 2 branches
https://bugs.mageia.org/show_bug.cgi?id=6931

transmission [mga1] - patch is non-trivial to rediff on Mageia 1, backport doesn't quite build
https://bugs.mageia.org/show_bug.cgi?id=7590

openafs [mga1+mga2] - pam_afs is missing from the current build in updates_testing
https://bugs.mageia.org/show_bug.cgi?id=7085

munin [mga1+mga2] - issue fixed upstream in 2.0.6
https://bugs.mageia.org/show_bug.cgi?id=7591

More information about the Mageia-dev mailing list