Just making sure this didn't slip between the cracks..
There was a security update associated with this
release, that I mentioned earlier and that is mentioned
in the changelog/spec. I know this is only a
Contrib-Rpm, and everyone is busy with last-minute 8.1
stuff, but I know there's a few people out there using
the bugzilla Contrib-Rpm that would appreciate this sort
of thing.
I guess I should have included vdanen in the first
e-mail; it didn't cross my mind at the time.
The SRPM is still in /incoming, and the spec file and
Red Hat security announcement are attached.
Don Head
SAIR LCA, CIW-P, i-Net+, Network+, A+
Systems Administrator [ [EMAIL PROTECTED] ]
Web Designer [ 1 314 650-4056 ]
[ AIM - Don Wave ] [ ICQ - 18804935 ] [ Yahoo - Don_Wave ]
---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: New bugzilla packages are available
Advisory ID: RHSA-2001:107-07
Issue date: 2001-08-30
Updated on: 2001-09-10
Product: Red Hat Powertools
Keywords:
Cross references:
Obsoletes:
---------------------------------------------------------------------
1. Topic:
The updated bugzilla package fixes numerous security issues which were
present in previous releases of bugzilla.
2. Relevant releases/architectures:
Red Hat Powertools 7.0 - alpha, i386, noarch
Red Hat Powertools 7.1 - alpha, i386, noarch
3. Problem description:
Bugzilla-2.14 is a general security update. The serious security problems
fixed are:
- multiple instances where valid users could obtain data on
"confidential" bugs without authorization.
- multiple instances of security holes where parameters were not being
checked/escaped properly.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
6. RPMs required:
..
snip
..
7. Verification:
..
snip
..
8. References:
http://www.securityfocus.com/templates/archive.pike?threads=0&end=2001-09-01
&list=1&fromthread=0&mid=210980&start=2001-08-26&
Copyright(c) 2000, 2001 Red Hat, Inc.
_______________________________________________
Redhat-watch-list mailing list
> -----Original Message-----
> From: Don Head
> Sent: Wednesday, September 12, 2001 1:52 PM
> To: 'Cooker Mailing List'; 'Lenny Cartier (Mandrake)'
> Subject: [Cooker] [Contrib-Rpm] bugzilla-2.14-1mdk
>
>
> This is a security update to a Contrib RPM!
>
>
>
> Name : bugzilla Relocations: (not
> relocateable)
> Version : 2.14 Vendor: MandrakeSoft
> Release : 1mdk Build Date: Wed
> 12 Sep 2001
> 01:45:09 PM CDT
> Install date: (not installed) Build Host:
> dhead.wavetech.com
> Group : Networking/WWW Source RPM: (none)
> Size : 720398 License: MPL
> Packager : Don Head <[EMAIL PROTECTED]>
> URL : http://www.mozilla.org/bugs/
> Summary : A bug tracking system developed by mozilla.org.
> Description :
> Bugzilla is the bug tracking system developed by mozilla.org.
> Mozilla.org is a group within Netscape that acts as a clearinghouse
> for Netscape source code. Some modifications have been made for
> use with Mandrake Linux.
>
>
> * Wed Sep 12 2001 Don Head <[EMAIL PROTECTED]> 2.14-1mdk
>
> - Merge with Red Hat:
> - add requirement for perl-DBD-MySQL (Mandrake requires perl-Mysql)
> - updated to 2.14 for security errata
> - added requires for perl-GD
> - forgot to include *.js files. Fixed. (#42795)
> - updated to 2.12, updated perlpath patch
> - added suggested fixes from bug 19497
> - Security fixes 38411
> - Note: This is not the Red Hat version of Bugzilla. You
> can grab that
> at ftp://people.redhat.com/dkl
> - fixed bug #16147, dependancy problems.
> - patched all the files which looked for perl in
> /usr/bonsaitools/bin
> - fixed problem with /usr/bonsai/perl not existing.
>
>
>
> Don Head
> SAIR LCA, CIW-P, i-Net+, Network+, A+
>
> Systems Administrator [ [EMAIL PROTECTED] ]
> Web Designer [ 1 314 650-4056 ]
> [ AIM - Don Wave ] [ ICQ - 18804935 ] [ Yahoo - Don_Wave ]
>
>
bugzilla.spec
