[Mageia-dev] Security updates - Help needed!
David Walser
luigiwalser at yahoo.com
Wed Jul 4 19:23:41 CEST 2012
I'm not going to update this thread every day or anything, but I just wanted to consolidate the
three threads I made, and update this based on the initial flurry of activity it created. Thanks.
......... updated initial message below ........
There are several packages that need security updates that either have not been built yet, or there
are some issues that need help and/or input from packagers.
Please help out with these where you can.
I'll try to organize these into categories and give a little info on them so it's easy to see if
you can and want to help.
Web apps
--------
mediawiki - versions we have are at or nearing EOL upstream, probably should be updated. Several
security issues are present.
https://bugs.mageia.org/show_bug.cgi?id=3448
dokuwiki - needs updated to 2012-01-25a version, already in Cauldron. Cauldron package does have a
bug that needs fixing.
https://bugs.mageia.org/show_bug.cgi?id=6166
https://bugs.mageia.org/show_bug.cgi?id=6480
wordpress - needs updated to 3.4.1, also QA has found some bugs in the current package.
https://bugs.mageia.org/show_bug.cgi?id=4065
viewvc - needs updated to 1.1.15
https://bugs.mageia.org/show_bug.cgi?id=6551
ocsinventory - Mageia 1 package needs to be updated or patched (patches available from MDV)
https://bugs.mageia.org/show_bug.cgi?id=5252
https://bugs.mageia.org/show_bug.cgi?id=2129
drupal - update built, issues found by QA need fixing
https://bugs.mageia.org/show_bug.cgi?id=5844
GNOME software
--------------
libgdata - update needed for Mageia 1, may require patch or upgrade to libsoup
https://bugs.mageia.org/show_bug.cgi?id=6330
libvirt - patch available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6526
vte - patch available from Fedora
https://bugs.mageia.org/show_bug.cgi?id=6161
gjs - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything
https://bugs.mageia.org/show_bug.cgi?id=6382
Games
-----
ioquake3, openarena, urbanterror, alienarena - affected by DoS bug in quake3 engine
https://bugs.mageia.org/show_bug.cgi?id=5496
Java-related
------------
poi - https://bugs.mageia.org/show_bug.cgi?id=6011
apache-commons-compress - https://bugs.mageia.org/show_bug.cgi?id=6331
spring2 - https://bugs.mageia.org/show_bug.cgi?id=6625
eclipse - https://bugs.mageia.org/show_bug.cgi?id=6611
Ruby-related
------------
Several security issues, at least one packaging issue, and an rpm issue
https://bugs.mageia.org/show_bug.cgi?id=6487
http://article.gmane.org/gmane.linux.mageia.devel/16419/match=ruby
No response has been received from packagers yet
------------------------------------------------
avidemux/gstreamer0.10-ffmpeg - should be able to borrow patches from mplayer for mga1 (ffmpeg git
for mga2)
https://bugs.mageia.org/show_bug.cgi?id=6427
graphicsmagick - needs updated to 1.3.16 or patch backported, upstream patch linked in bug
https://bugs.mageia.org/show_bug.cgi?id=6561
python-httplib2 - possible basis for patch (based on patch from SuSE) available in bug
https://bugs.mageia.org/show_bug.cgi?id=6568
openconnect - needs updated to at least 3.18 or patched (upstream patch linked in bug), possible
bug also found by user
https://bugs.mageia.org/show_bug.cgi?id=6504
https://bugs.mageia.org/show_bug.cgi?id=6627
dropbear - Debian and upstream patches differ, no response received from upstream either. Patch
proposed.
https://bugs.mageia.org/show_bug.cgi?id=5611
busybox - link to upstream patch available in bug
https://bugs.mageia.org/show_bug.cgi?id=6673
gc - links to upstream and Fedora patches available in bug
https://bugs.mageia.org/show_bug.cgi?id=6652
abrt/libreport/btparser - should probably be upgraded to newer versions available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6523
sos - 62 patches available from Fedora
https://bugs.mageia.org/show_bug.cgi?id=6525
v8 - might need to be updated to newer version
https://bugs.mageia.org/show_bug.cgi?id=6679
php-ZendFramework - patches available from Debian
https://bugs.mageia.org/show_bug.cgi?id=6666
In progress (help needed to finish)
-----------------------------------
sympa - update needs to be built for Mageia 2, issues have been found by QA that need fixed
https://bugs.mageia.org/show_bug.cgi?id=5939
apache-mod_security - update is in SVN in Cauldron and Mageia 2, but won't build in Cauldron
https://bugs.mageia.org/show_bug.cgi?id=6678
krb5 - update built, but some issues found by QA need fixing
https://bugs.mageia.org/show_bug.cgi?id=6469
groff - several scripts apparently need moved from main package to groff-perl (whose description
needs rewritten or rethought), security issue already patched
https://bugs.mageia.org/show_bug.cgi?id=6379
python - update for Mageia 2 built, update for Mageia 1 still needed (patches possibly available
from MDV)
https://bugs.mageia.org/show_bug.cgi?id=5843
cifs-utils/samba - cifs-utils is actually already done, patch needs applied to Samba as well
https://bugs.mageia.org/show_bug.cgi?id=5714
gajim - there is a requires or suggests missing
https://bugs.mageia.org/show_bug.cgi?id=5432
More information about the Mageia-dev
mailing list