I was asked in the packagers meeting to update this list. I've been really busy at work, and don't have much time to work on these, so help is needed. Thanks to all that have helped so far.
Also, Manuel pointed out a bugzilla search that will typically contain most of these. https://bugs.mageia.org/buglist.cgi?quicksearch=comp:secu+-@qa-b ......... updated initial message below ........ There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers. Please help out with these where you can. I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help. Web apps -------- mediawiki - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this. https://bugs.mageia.org/show_bug.cgi?id=3448 drupal - update built, issues found by QA need fixing. Oliver Burger is working on this. https://bugs.mageia.org/show_bug.cgi?id=5844 roundcubemail - issues fixed upstream in 0.8.1, or 0.7.3 + patch from Fedora https://bugs.mageia.org/show_bug.cgi?id=7246 zabbix - issues fixed in 1.8.15 upstream, two possible patches linked in bug https://bugs.mageia.org/show_bug.cgi?id=7277 otrs - issue fixed in 3.1.10 https://bugs.mageia.org/show_bug.cgi?id=7527 GNOME software -------------- spice-gtk/glib2.0 - patches available from RedHat https://bugs.mageia.org/show_bug.cgi?id=7536 empathy - XSS issues fixed upstream in 3.2.1 (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7008 libvirt - patches available from RedHat https://bugs.mageia.org/show_bug.cgi?id=6526 libgnomesu - re-diffing the patch might be non-trivial since OpenSuSE has many other patches too https://bugs.mageia.org/show_bug.cgi?id=7068 gjs - doesn't rebuild against xulrunner in Mageia 1, but doesn't seem to be used by anything https://bugs.mageia.org/show_bug.cgi?id=6382 Games ----- openarena, alienarena - affected by DoS bug in quake3 engine. Juan Luis Baptiste is working on this. https://bugs.mageia.org/show_bug.cgi?id=5496 Java-related ------------ jruby - fixed upstream in 1.6.5.1 https://bugs.mageia.org/show_bug.cgi?id=6742 poi - In progress by D Morgan. Additional updates pending. https://bugs.mageia.org/show_bug.cgi?id=6011 apache-commons-compress - In progress by D Morgan. Mageia 1 updates pending. https://bugs.mageia.org/show_bug.cgi?id=6331 apache-commons-daemon - fixed upstream in 1.0.7 (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7004 Ruby-related ------------ Several security issues, one possible packaging issue https://bugs.mageia.org/show_bug.cgi?id=6487 No response has been received from packagers yet ------------------------------------------------ openafs - patches available from Debian, plus a newer version is in Mageia 1 than Mageia 2 https://bugs.mageia.org/show_bug.cgi?id=7085 openswan - patches are available from RedHat, one needs re-diffing https://bugs.mageia.org/show_bug.cgi?id=7095 freeradius - patch should be available from Debian https://bugs.mageia.org/show_bug.cgi?id=7447 blender - patches available from Fedora https://bugs.mageia.org/show_bug.cgi?id=7065 https://bugs.mageia.org/show_bug.cgi?id=7518 rpmdevtools - issue fixed in 8.3 https://bugs.mageia.org/show_bug.cgi?id=7465 erlang - issue fixed in R14B03 (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7062 fuse - patches available from RedHat (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7063 libvoikko - issue fixed in 3.2.1 (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7067 php-ZendFramework - issues fixed upstream in 1.11.6 (only Mageia 1 is affected) https://bugs.mageia.org/show_bug.cgi?id=7083 abrt/libreport/btparser - should probably be upgraded to newer versions available from RedHat https://bugs.mageia.org/show_bug.cgi?id=6523 sos - 62 patches available from Fedora https://bugs.mageia.org/show_bug.cgi?id=6525 x11-server - upstream diffs linked by RedHat, maybe patches available from Ubuntu or Gentoo, plus other security issues fixed by RH/OpenSuSE/Ubuntu https://bugs.mageia.org/show_bug.cgi?id=6744 In progress (help needed to finish) ----------------------------------- xen - more patches need applied in Mageia 1 and Mageia 2 branches https://bugs.mageia.org/show_bug.cgi?id=6931 argyllcms/icclib - file conflicts between these two packages need to be resolved https://bugs.mageia.org/show_bug.cgi?id=7464 ganglia - some issues found by QA need to be addressed https://bugs.mageia.org/show_bug.cgi?id=6874
