[Mageia-dev] Security updates - help needed!
David Walser
luigiwalser at yahoo.com
Sat Feb 16 00:23:54 CET 2013
Some old ones have finally left the list, some are still there, some new ones are here. Help is still needed.
Also, Manuel pointed out a bugzilla search that will typically contain most of these.
https://bugs.mageia.org/buglist.cgi?quicksearch=comp:secu+-@qa-b
......... updated initial message below ........
There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers.
Please help out with these where you can.
I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help.
Web apps
--------
wordpress [mga2] - issues fixed in 3.5.1
https://bugs.mageia.org/show_bug.cgi?id=9030
mediawiki [mga2] - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this.
https://bugs.mageia.org/show_bug.cgi?id=3448
glpi [mga2] - issue fixed in 0.83.3, no backported patch is available that I'm aware of
https://bugs.mageia.org/show_bug.cgi?id=6762
Games
-----
openarena, alienarena [mga2] - affected by DoS bug in quake3 engine.
https://bugs.mageia.org/show_bug.cgi?id=5496
Java-related
------------
jruby [mga2+cauldron] - one issue fixed upstream in 1.6.5.1, the other in 1.7.1
https://bugs.mageia.org/show_bug.cgi?id=6742
tomcat5 [mga2] - permissions problem found by QA needs to be fixed
https://bugs.mageia.org/show_bug.cgi?id=8307
apache-commons-compress [mga2] - apache-commons-compress10 possibly needs patched
https://bugs.mageia.org/show_bug.cgi?id=6331
jakarta-commons-httpclient [mga2] - patch available from Fedora
https://bugs.mageia.org/show_bug.cgi?id=8933
axis [mga2] - patch available from Fedora
https://bugs.mageia.org/show_bug.cgi?id=8936
No response has been received from packagers yet
------------------------------------------------
chromium/v8 [mga2+cauldron] - need upgraded to newest versions
https://bugs.mageia.org/show_bug.cgi?id=6927
https://bugs.mageia.org/show_bug.cgi?id=8567
corosync [mga2] - denial of service issued fixed in 2.3.0
https://bugs.mageia.org/show_bug.cgi?id=8905
ffmpeg [mga2] - issues fixed in upstream git, not clear if they plan to cut another release
https://bugs.mageia.org/show_bug.cgi?id=8881
In progress (help needed to finish)
-----------------------------------
libvirt [mga2] - patches available from RedHat, need re-diffed
https://bugs.mageia.org/show_bug.cgi?id=6526
zabbix [mga2] - issues raised by QA need to be addressed
https://bugs.mageia.org/show_bug.cgi?id=8801
xen [mga2+cauldron] - several outstanding security issues need additional patches applied
https://bugs.mageia.org/show_bug.cgi?id=6931
openafs [mga2] - pam_afs is missing from the current build in updates_testing
https://bugs.mageia.org/show_bug.cgi?id=7085
More information about the Mageia-dev
mailing list