Some old ones have finally left the list, some are still there, some new ones are here. Help is still needed.
Also, Manuel pointed out a bugzilla search that will typically contain most of these. https://bugs.mageia.org/buglist.cgi?quicksearch=comp:secu+-@qa-b ......... updated initial message below ........ There are several packages that need security updates that either have not been built yet, or there are some issues that need help and/or input from packagers. Please help out with these where you can. I'll try to organize these into categories and give a little info on them so it's easy to see if you can and want to help. Web apps -------- wordpress [mga2] - issues fixed in 3.5.1 https://bugs.mageia.org/show_bug.cgi?id=9030 mediawiki [mga2] - versions we have are at or nearing EOL upstream, probably should be updated. Oliver Burger is working on this. https://bugs.mageia.org/show_bug.cgi?id=3448 glpi [mga2] - issue fixed in 0.83.3, no backported patch is available that I'm aware of https://bugs.mageia.org/show_bug.cgi?id=6762 Games ----- openarena, alienarena [mga2] - affected by DoS bug in quake3 engine. https://bugs.mageia.org/show_bug.cgi?id=5496 Java-related ------------ jruby [mga2+cauldron] - one issue fixed upstream in 1.6.5.1, the other in 1.7.1 https://bugs.mageia.org/show_bug.cgi?id=6742 tomcat5 [mga2] - permissions problem found by QA needs to be fixed https://bugs.mageia.org/show_bug.cgi?id=8307 apache-commons-compress [mga2] - apache-commons-compress10 possibly needs patched https://bugs.mageia.org/show_bug.cgi?id=6331 jakarta-commons-httpclient [mga2] - patch available from Fedora https://bugs.mageia.org/show_bug.cgi?id=8933 axis [mga2] - patch available from Fedora https://bugs.mageia.org/show_bug.cgi?id=8936 No response has been received from packagers yet ------------------------------------------------ chromium/v8 [mga2+cauldron] - need upgraded to newest versions https://bugs.mageia.org/show_bug.cgi?id=6927 https://bugs.mageia.org/show_bug.cgi?id=8567 corosync [mga2] - denial of service issued fixed in 2.3.0 https://bugs.mageia.org/show_bug.cgi?id=8905 ffmpeg [mga2] - issues fixed in upstream git, not clear if they plan to cut another release https://bugs.mageia.org/show_bug.cgi?id=8881 In progress (help needed to finish) ----------------------------------- libvirt [mga2] - patches available from RedHat, need re-diffed https://bugs.mageia.org/show_bug.cgi?id=6526 zabbix [mga2] - issues raised by QA need to be addressed https://bugs.mageia.org/show_bug.cgi?id=8801 xen [mga2+cauldron] - several outstanding security issues need additional patches applied https://bugs.mageia.org/show_bug.cgi?id=6931 openafs [mga2] - pam_afs is missing from the current build in updates_testing https://bugs.mageia.org/show_bug.cgi?id=7085