On 6 July 2011 11:29, nicolas vigier <[email protected]> wrote: > On Wed, 06 Jul 2011, Ahmad Samir wrote: > >> On 4 July 2011 08:25, Mageia Team <[email protected]> wrote: >> > Name : logrotate Relocations: (not relocatable) >> > Version : 3.8.0 Vendor: Mageia.Org >> > Release : 1.mga2 Build Date: Mon Jul 4 >> > 08:24:04 2011 >> > Install Date: (not installed) Build Host: ecosse >> > Group : File tools Source RPM: (none) >> > Size : 55428 License: GPLv2 >> > Signature : (none) >> > Packager : Mageia Team <http://www.mageia.org> >> > URL : https://fedorahosted.org/logrotate/ >> > Summary : Rotates, compresses, removes and mails system log files >> > Description : >> > The logrotate utility is designed to simplify the administration of >> > log files on a system which generates a lot of log files. Logrotate >> > allows for the automatic rotation compression, removal and mailing of >> > log files. Logrotate can be set to handle a log file daily, weekly, >> > monthly or when the log file gets to a certain size. Normally, >> > logrotate runs as a daily cron job. >> > >> > Install the logrotate package if you need a utility to deal with the >> > log files on your system. >> > >> > ahmad <ahmad> 3.8.0-1.mga2: >> > + Revision: 117993 >> > - Update to 3.8.0, fixes: >> > CVE-2011-1098 >> > CVE-2011-1154 >> > CVE-2011-1155 >> > - Drop patch0, fixed upstream >> > - Add BR acl-devel and compile with WITH_ACL >> > - Put 'make test' in a %check section >> >> FWIW, I couldn't extract the commits from upstream SVN[1] that fixed >> those three CVE's (the upstream svn log isn't that clear to me..), so >> I can't backport the fixes to mga1. > > There are patchs on redhat bugzilla. > > CVE-2011-1098: > https://bugzilla.redhat.com/show_bug.cgi?id=680798 > > CVE-2011-1154: > https://bugzilla.redhat.com/show_bug.cgi?id=680796 > > CVE-2011-1155: > https://bugzilla.redhat.com/show_bug.cgi?id=680797 > >
OK, thanks. -- Ahmad Samir
