First update of the new year. Please help where you can. Also, Manuel pointed out a bugzilla search that will typically contain most of these. https://bugs.mageia.org/buglist.cgi?quicksearch=comp:secu+-@qa-b
......... updated initial message below ........ There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers. Please help out with these where you can. I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help. Web apps -------- mediawiki [mga2] - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this. https://bugs.mageia.org/show_bug.cgi?id=3448 glpi [mga2] - issue fixed in 0.83.3, no backported patch is available that I'm aware of https://bugs.mageia.org/show_bug.cgi?id=6762 GNOME software -------------- libvirt [mga2+cauldron] - patches available from RedHat https://bugs.mageia.org/show_bug.cgi?id=6526 Games ----- openarena, alienarena [mga2] - affected by DoS bug in quake3 engine. https://bugs.mageia.org/show_bug.cgi?id=5496 Java-related ------------ tomcat5, tomcat6, tomcat [mga2,cauldron] - issues fixed upstream https://bugs.mageia.org/show_bug.cgi?id=8307 jruby [mga2+cauldron] - one issue fixed upstream in 1.6.5.1, the other in 1.7.1 https://bugs.mageia.org/show_bug.cgi?id=6742 poi [mga2+cauldron] - jakarta-poi possibly needs patched https://bugs.mageia.org/show_bug.cgi?id=6011 apache-commons-compress [mga2] - apache-commons-compress10 possibly needs patched https://bugs.mageia.org/show_bug.cgi?id=6331 Ruby-related ------------ Several security issues, one possible packaging issue [mga2+cauldron] https://bugs.mageia.org/show_bug.cgi?id=6487 No response has been received from packagers yet ------------------------------------------------ qt4 [mga2] - issue fixed upstream in 4.8.4 https://bugs.mageia.org/show_bug.cgi?id=7998 librdmacm [cauldron] - upstream patch linked in RedHat bug https://bugs.mageia.org/show_bug.cgi?id=8415 squashfs-tools [mga2+cauldron] - patches for Cauldron available from Fedora, unsure about mga2 https://bugs.mageia.org/show_bug.cgi?id=8448 libreoffice [mga2] - patch available from Debian https://bugs.mageia.org/show_bug.cgi?id=7949 chromium/v8 [mga2+cauldron] - need upgraded to newest versions https://bugs.mageia.org/show_bug.cgi?id=6927 https://bugs.mageia.org/show_bug.cgi?id=8567 In progress (help needed to finish) ----------------------------------- kdelibs4 [mga2] - upstream patches linked in RedHat bugs, we have one of the four in SVN https://bugs.mageia.org/show_bug.cgi?id=7999 xen [mga2+cauldron] - several outstanding security issues need additional patches applied https://bugs.mageia.org/show_bug.cgi?id=6931 openafs [mga2] - pam_afs is missing from the current build in updates_testing https://bugs.mageia.org/show_bug.cgi?id=7085
