[Mageia-dev] Security updates - help needed (status update)
David Walser
luigiwalser at yahoo.com
Wed Jul 11 19:21:25 CEST 2012
I figured I should give a status update on this, especially before I get too busy for the next few weeks. I'll update again in August if need be.
Thanks to those who have helped so far. I managed to wrangle a few of them myself yesterday too.
......... updated initial message below ........
There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers.
Please help out with these where you can.
I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help.
Web apps
--------
dokuwiki - needs updated to 2012-01-25a version, already in Cauldron. Cauldron package does have a bug that needs fixing.
https://bugs.mageia.org/show_bug.cgi?id=6166
https://bugs.mageia.org/show_bug.cgi?id=6480
ocsinventory - Mageia 1 package needs to be updated or patched (patches available from MDV)
https://bugs.mageia.org/show_bug.cgi?id=5252
https://bugs.mageia.org/show_bug.cgi?id=2129
mediawiki - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this.
https://bugs.mageia.org/show_bug.cgi?id=3448
wordpress - needs updated to 3.4.1, also QA has found some bugs in the current package. Damien Lallement is working on this.
https://bugs.mageia.org/show_bug.cgi?id=4065
drupal - update built, issues found by QA need fixing. Oliver Burger is working on this.
https://bugs.mageia.org/show_bug.cgi?id=5844
GNOME software
--------------
libgdata - update needed for Mageia 1, may require patch or upgrade to libsoup
https://bugs.mageia.org/show_bug.cgi?id=6330
libvirt - patch available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6526
vte - vte3 still needs fixed in Mageia 2
https://bugs.mageia.org/show_bug.cgi?id=6161
gjs - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything
https://bugs.mageia.org/show_bug.cgi?id=6382
Games
-----
ioquake3, openarena, urbanterror, alienarena - affected by DoS bug in quake3 engine
https://bugs.mageia.org/show_bug.cgi?id=5496
Java-related
------------
jruby - just reported yesterday
https://bugs.mageia.org/show_bug.cgi?id=6742
poi - In progress by D Morgan. Additional updates pending.
https://bugs.mageia.org/show_bug.cgi?id=6011
apache-commons-compress - In progress by D Morgan. Mageia 1 updates pending.
https://bugs.mageia.org/show_bug.cgi?id=6331
spring2 - In progress by D Morgan. Cauldron update pending.
https://bugs.mageia.org/show_bug.cgi?id=6625
Ruby-related
------------
Several security issues, one possible packaging issue
https://bugs.mageia.org/show_bug.cgi?id=6487
No response has been received from packagers yet
------------------------------------------------
avidemux/gstreamer0.10-ffmpeg - should be able to borrow patches from mplayer for mga1 (ffmpeg git for mga2)
https://bugs.mageia.org/show_bug.cgi?id=6427
graphicsmagick - needs updated to 1.3.16 or patch backported, upstream patch linked in bug
https://bugs.mageia.org/show_bug.cgi?id=6561
dropbear - Debian and upstream patches differ, no response received from upstream either. Patch proposed.
https://bugs.mageia.org/show_bug.cgi?id=5611
abrt/libreport/btparser - should probably be upgraded to newer versions available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6523
sos - 62 patches available from Fedora
https://bugs.mageia.org/show_bug.cgi?id=6525
keepalived - possible patch from Gentoo for security issue, we have another open bug report too
https://bugs.mageia.org/show_bug.cgi?id=6743
x11-server - bug has links to upstream commits used to fix this
https://bugs.mageia.org/show_bug.cgi?id=6744
In progress (help needed to finish)
-----------------------------------
busybox - will not build in Cauldron, tmb blames uClibc, which won't build either
https://bugs.mageia.org/show_bug.cgi?id=6673
gc - links to upstream and Fedora patches available in bug, already fixed in Cauldron
https://bugs.mageia.org/show_bug.cgi?id=6652
v8/chromium - In progress by D Morgan. chromium won't build for Mageia 1.
https://bugs.mageia.org/show_bug.cgi?id=6679
More information about the Mageia-dev
mailing list