[Mageia-dev] Security updates - Help needed!
David Walser
luigiwalser at yahoo.com
Wed Jul 4 00:37:39 CEST 2012
There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers.
Please help out with these where you can.
I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help.
Web apps
--------
mediawiki - versions we have are at or nearing EOL upstream, probably should be updated. Several security issues are present.
https://bugs.mageia.org/show_bug.cgi?id=3448
dokuwiki - needs updated to 2012-01-25a version, already in Cauldron. Cauldron package does have a bug that needs fixing.
https://bugs.mageia.org/show_bug.cgi?id=6166
https://bugs.mageia.org/show_bug.cgi?id=6480
wordpress - needs updated to 3.4.1, also QA has found some bugs in the current package.
https://bugs.mageia.org/show_bug.cgi?id=4065
viewvc - needs updated to 1.1.15
https://bugs.mageia.org/show_bug.cgi?id=6551
ocsinventory - Mageia 1 package needs to be updated or patched (patches available from MDV)
https://bugs.mageia.org/show_bug.cgi?id=5252
https://bugs.mageia.org/show_bug.cgi?id=2129
drupal - update built, issues found by QA need fixing
https://bugs.mageia.org/show_bug.cgi?id=5844
GNOME software
--------------
libgdata - update needed for Mageia 1, may require patch or upgrade to libsoup
https://bugs.mageia.org/show_bug.cgi?id=6330
libvirt - patch available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6526
vte - patch available from Fedora
https://bugs.mageia.org/show_bug.cgi?id=6161
gjs - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything
https://bugs.mageia.org/show_bug.cgi?id=6382
Games
-----
ioquake3, openarena, urbanterror, alienarena - affected by DoS bug in quake3 engine
https://bugs.mageia.org/show_bug.cgi?id=5496
Java-related
------------
poi - https://bugs.mageia.org/show_bug.cgi?id=6011
apache-commons-compress - https://bugs.mageia.org/show_bug.cgi?id=6331
spring2 - https://bugs.mageia.org/show_bug.cgi?id=6625
eclipse - https://bugs.mageia.org/show_bug.cgi?id=6611
avalon-framework - https://bugs.mageia.org/show_bug.cgi?id=4524
jsr-305 - https://bugs.mageia.org/show_bug.cgi?id=4525
Ruby-related
------------
Several security issues, at least one packaging issue, and an rpm issue
https://bugs.mageia.org/show_bug.cgi?id=6487
http://article.gmane.org/gmane.linux.mageia.devel/16419/match=ruby
No response has been received from packagers yet
------------------------------------------------
graphicsmagick - needs updated to 1.3.16 or patch backported, upstream patch linked in bug
https://bugs.mageia.org/show_bug.cgi?id=6561
python-httplib2 - possible basis for patch (based on patch from SuSE) available in bug
https://bugs.mageia.org/show_bug.cgi?id=6568
openconnect - needs updated to at least 3.18 or patched (upstream patch linked in bug), possible bug also found by user
https://bugs.mageia.org/show_bug.cgi?id=6504
https://bugs.mageia.org/show_bug.cgi?id=6627
dropbear - Debian and upstream patches differ, no response received from upstream either. Patch proposed.
https://bugs.mageia.org/show_bug.cgi?id=5611
busybox - link to upstream patch available in bug
https://bugs.mageia.org/show_bug.cgi?id=6673
gc - links to upstream and Fedora patches available in bug
https://bugs.mageia.org/show_bug.cgi?id=6652
abrt/libreport/btparser - should probably be upgraded to newer versions available from RedHat
https://bugs.mageia.org/show_bug.cgi?id=6523
sos - 62 patches available from Fedora
https://bugs.mageia.org/show_bug.cgi?id=6525
v8 - might need to be updated to newer version
https://bugs.mageia.org/show_bug.cgi?id=6679
php-ZendFramework - patches available from Debian
https://bugs.mageia.org/show_bug.cgi?id=6666
In progress (help needed to finish)
-----------------------------------
sympa - update needs to be built for Mageia 2, issues have been found by QA that need fixed
https://bugs.mageia.org/show_bug.cgi?id=5939
groff - several scripts apparently need moved from main package to groff-perl (whose description needs rewritten or rethought), security issue already patched
https://bugs.mageia.org/show_bug.cgi?id=6379
python - update for Mageia 2 built, update for Mageia 1 still needed (patches possibly available from MDV)
https://bugs.mageia.org/show_bug.cgi?id=5843
cifs-utils/samba - cifs-utils is actually already done, patch needs applied to Samba as well
https://bugs.mageia.org/show_bug.cgi?id=5714
gajim - there is a requires or suggests missing
https://bugs.mageia.org/show_bug.cgi?id=5432
More information about the Mageia-dev
mailing list