Here's a status update, as some have been fixed and new ones have been found.
I'll be really busy at work for the next couple weeks, so I'll update this in September. ......... updated initial message below ........ There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers. Please help out with these where you can. I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help. Web apps -------- ocsinventory - Mageia 1 package needs to be updated or patched (patches available from MDV) https://bugs.mageia.org/show_bug.cgi?id=5252 https://bugs.mageia.org/show_bug.cgi?id=2129 mediawiki - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this. https://bugs.mageia.org/show_bug.cgi?id=3448 drupal - update built, issues found by QA need fixing. Oliver Burger is working on this. https://bugs.mageia.org/show_bug.cgi?id=5844 GNOME software -------------- empathy - XSS issues fixed upstream in 3.2.1 (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7008 libvirt - patches available from RedHat https://bugs.mageia.org/show_bug.cgi?id=6526 libgnomesu - re-diffing the patch might be non-trivial since OpenSuSE has many other patches too https://bugs.mageia.org/show_bug.cgi?id=7068 gjs - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything https://bugs.mageia.org/show_bug.cgi?id=6382 Games ----- openarena, alienarena - affected by DoS bug in quake3 engine. Juan Luis Baptiste is working on this. https://bugs.mageia.org/show_bug.cgi?id=5496 Java-related ------------ jruby - fixed upstream in 1.6.5.1 https://bugs.mageia.org/show_bug.cgi?id=6742 poi - In progress by D Morgan. Additional updates pending. https://bugs.mageia.org/show_bug.cgi?id=6011 apache-commons-compress - In progress by D Morgan. Mageia 1 updates pending. https://bugs.mageia.org/show_bug.cgi?id=6331 apache-commons-daemon - fixed upstream in 1.0.7 (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7004 Ruby-related ------------ Several security issues, one possible packaging issue https://bugs.mageia.org/show_bug.cgi?id=6487 No response has been received from packagers yet ------------------------------------------------ ganglia - patch available from Fedora, we have another bug report saying it doesn't start https://bugs.mageia.org/show_bug.cgi?id=6874 libreoffice - Mageia 1 only, patch available from RedHat https://bugs.mageia.org/show_bug.cgi?id=6944 phpmyadmin - needs updated to 3.5.2.1 and fixed in Cauldron for new apache conf layout https://bugs.mageia.org/show_bug.cgi?id=6905 openafs - patches available from Debian, plus a newer version is in Mageia 1 than Mageia 2 https://bugs.mageia.org/show_bug.cgi?id=7085 openswan - patches are available from RedHat, one needs re-diffing https://bugs.mageia.org/show_bug.cgi?id=7095 torque - also a permissions problem in the package https://bugs.mageia.org/show_bug.cgi?id=6082 tor - issues fixed upstream in 0.2.2.34 (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=5351 erlang - issue fixed in R14B03 (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7062 fuse - patches available from RedHat (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7063 blender - patch available from Fedora (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7065 libvoikko - issue fixed in 3.2.1 (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7067 php-ZendFramework - issues fixed upstream in 1.11.6 (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7083 abrt/libreport/btparser - should probably be upgraded to newer versions available from RedHat https://bugs.mageia.org/show_bug.cgi?id=6523 sos - 62 patches available from Fedora https://bugs.mageia.org/show_bug.cgi?id=6525 x11-server - upstream diffs linked by RedHat, maybe patches available from Ubuntu or Gentoo, plus other security issues fixed by RH/OpenSuSE/Ubuntu https://bugs.mageia.org/show_bug.cgi?id=6744 In progress (help needed to finish) ----------------------------------- dhcp - issues fixed upstream in 4.2.4-P1 https://bugs.mageia.org/show_bug.cgi?id=6872 bind - issues fixed upstream in 9.8.3-P2 and 9.9.1-P2 https://bugs.mageia.org/show_bug.cgi?id=6873 xen - doesn't build in Cauldron (incompatible pointer type in i8259.c), other patches missing https://bugs.mageia.org/show_bug.cgi?id=6931 stunnel - updated/fixed in Cauldron, probably should just port updated version back https://bugs.mageia.org/show_bug.cgi?id=3951 gc - links to upstream and Fedora patches available in bug, already fixed in Cauldron https://bugs.mageia.org/show_bug.cgi?id=6652 bip - patch in Mageia 1 didn't fix it according to QA, patch wasn't applied in Mageia 2 https://bugs.mageia.org/show_bug.cgi?id=4319 emacs - re-diffing patch for Emacs 23.2 (Mageia 1) is non-trivial https://bugs.mageia.org/show_bug.cgi?id=6995
