On Wed, 06 Jul 2011, Ahmad Samir wrote: > On 4 July 2011 08:25, Mageia Team <[email protected]> wrote: > > Name : logrotate Relocations: (not relocatable) > > Version : 3.8.0 Vendor: Mageia.Org > > Release : 1.mga2 Build Date: Mon Jul 4 08:24:04 > > 2011 > > Install Date: (not installed) Build Host: ecosse > > Group : File tools Source RPM: (none) > > Size : 55428 License: GPLv2 > > Signature : (none) > > Packager : Mageia Team <http://www.mageia.org> > > URL : https://fedorahosted.org/logrotate/ > > Summary : Rotates, compresses, removes and mails system log files > > Description : > > The logrotate utility is designed to simplify the administration of > > log files on a system which generates a lot of log files. Logrotate > > allows for the automatic rotation compression, removal and mailing of > > log files. Logrotate can be set to handle a log file daily, weekly, > > monthly or when the log file gets to a certain size. Normally, > > logrotate runs as a daily cron job. > > > > Install the logrotate package if you need a utility to deal with the > > log files on your system. > > > > ahmad <ahmad> 3.8.0-1.mga2: > > + Revision: 117993 > > - Update to 3.8.0, fixes: > > CVE-2011-1098 > > CVE-2011-1154 > > CVE-2011-1155 > > - Drop patch0, fixed upstream > > - Add BR acl-devel and compile with WITH_ACL > > - Put 'make test' in a %check section > > FWIW, I couldn't extract the commits from upstream SVN[1] that fixed > those three CVE's (the upstream svn log isn't that clear to me..), so > I can't backport the fixes to mga1.
There are patchs on redhat bugzilla. CVE-2011-1098: https://bugzilla.redhat.com/show_bug.cgi?id=680798 CVE-2011-1154: https://bugzilla.redhat.com/show_bug.cgi?id=680796 CVE-2011-1155: https://bugzilla.redhat.com/show_bug.cgi?id=680797
