Re: [Cooker] [Contrib-Rpm] bugzilla-2.14-1mdk
On Mon, Sep 24, 2001 at 08:42:37PM -0600, Vincent Danen wrote: On Mon Sep 24, 2001 at 12:13:16PM -0500, Don Head wrote: Just making sure this didn't slip between the cracks.. There was a security update associated with this release, that I mentioned earlier and that is mentioned in the changelog/spec. I know this is only a Contrib-Rpm, and everyone is busy with last-minute 8.1 stuff, but I know there's a few people out there using the bugzilla Contrib-Rpm that would appreciate this sort of thing. We don't normally do security updates for contribs stuff. This isn't a set-in-stone policy, but I'm usually too busy supporting main packages for 6-7 distros I don't pay any attention to stuff in contribs (aka unsupported). BTW I've updated bugzilla with your srpm Don. Thanks. lenny -- Lenny Cartier | Iptoip project : http://iptoip.sourceforge.net [EMAIL PROTECTED]| MandrakeSoft : http://www.mandrakesoft.com Informatique: Excel, Word, chef de projet informatique. (c) Serious resume
RE: [Cooker] [Contrib-Rpm] bugzilla-2.14-1mdk
Just making sure this didn't slip between the cracks.. There was a security update associated with this release, that I mentioned earlier and that is mentioned in the changelog/spec. I know this is only a Contrib-Rpm, and everyone is busy with last-minute 8.1 stuff, but I know there's a few people out there using the bugzilla Contrib-Rpm that would appreciate this sort of thing. We don't normally do security updates for contribs stuff. This isn't a set-in-stone policy, but I'm usually too busy supporting main packages for 6-7 distros I don't pay any attention to stuff in contribs (aka unsupported). BTW I've updated bugzilla with your srpm Don. Thanks. Yeah, I wasn't really expecting a security update per se, but just making sure the new RPM got out there so that people still using the older insecure version could upgrade. I just thought about copying you (vdanen) in in case you were able to take the load off of poor Lenny's back (there's a LOT of contrib stuff!) or in case you needed to do something special security-wise. Thank you Lenny for the quick response, I'm about to install the official RPM right now! Oh, also, you might want to send a heads-up note to whoever is in charge of the Mandrake bug tracking system, in case they're affected by the same security breach. Don Head SAIR LCA, CIW-P, i-Net+, Network+, A+ Systems Administrator [ [EMAIL PROTECTED] ] Web Designer[ 1 314 650-4056 ] [ AIM - Don Wave ] [ ICQ - 18804935 ] [ Yahoo - Don_Wave ]
RE: [Cooker] [Contrib-Rpm] bugzilla-2.14-1mdk
Just making sure this didn't slip between the cracks.. There was a security update associated with this release, that I mentioned earlier and that is mentioned in the changelog/spec. I know this is only a Contrib-Rpm, and everyone is busy with last-minute 8.1 stuff, but I know there's a few people out there using the bugzilla Contrib-Rpm that would appreciate this sort of thing. I guess I should have included vdanen in the first e-mail; it didn't cross my mind at the time. The SRPM is still in /incoming, and the spec file and Red Hat security announcement are attached. Don Head SAIR LCA, CIW-P, i-Net+, Network+, A+ Systems Administrator [ [EMAIL PROTECTED] ] Web Designer[ 1 314 650-4056 ] [ AIM - Don Wave ] [ ICQ - 18804935 ] [ Yahoo - Don_Wave ] - Red Hat, Inc. Red Hat Security Advisory Synopsis: New bugzilla packages are available Advisory ID: RHSA-2001:107-07 Issue date:2001-08-30 Updated on:2001-09-10 Product: Red Hat Powertools Keywords: Cross references: Obsoletes: - 1. Topic: The updated bugzilla package fixes numerous security issues which were present in previous releases of bugzilla. 2. Relevant releases/architectures: Red Hat Powertools 7.0 - alpha, i386, noarch Red Hat Powertools 7.1 - alpha, i386, noarch 3. Problem description: Bugzilla-2.14 is a general security update. The serious security problems fixed are: - multiple instances where valid users could obtain data on confidential bugs without authorization. - multiple instances of security holes where parameters were not being checked/escaped properly. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this to be an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info): 6. RPMs required: .. snip .. 7. Verification: .. snip .. 8. References: http://www.securityfocus.com/templates/archive.pike?threads=0end=2001-09-01 list=1fromthread=0mid=210980start=2001-08-26 Copyright(c) 2000, 2001 Red Hat, Inc. ___ Redhat-watch-list mailing list -Original Message- From: Don Head Sent: Wednesday, September 12, 2001 1:52 PM To: 'Cooker Mailing List'; 'Lenny Cartier (Mandrake)' Subject: [Cooker] [Contrib-Rpm] bugzilla-2.14-1mdk This is a security update to a Contrib RPM! Name: bugzilla Relocations: (not relocateable) Version : 2.14 Vendor: MandrakeSoft Release : 1mdk Build Date: Wed 12 Sep 2001 01:45:09 PM CDT Install date: (not installed) Build Host: dhead.wavetech.com Group : Networking/WWWSource RPM: (none) Size: 720398 License: MPL Packager: Don Head [EMAIL PROTECTED] URL : http://www.mozilla.org/bugs/ Summary : A bug tracking system developed by mozilla.org. Description : Bugzilla is the bug tracking system developed by mozilla.org. Mozilla.org is a group within Netscape that acts as a clearinghouse for Netscape source code. Some modifications have been made for use with Mandrake Linux. * Wed Sep 12 2001 Don Head [EMAIL PROTECTED] 2.14-1mdk - Merge with Red Hat: - add requirement for perl-DBD-MySQL (Mandrake requires perl-Mysql) - updated to 2.14 for security errata - added requires for perl-GD - forgot to include *.js files. Fixed. (#42795) - updated to 2.12, updated perlpath patch - added suggested fixes from bug 19497 - Security fixes 38411 - Note: This is not the Red Hat version of Bugzilla. You can grab that at ftp://people.redhat.com/dkl - fixed bug #16147, dependancy problems. - patched all the files which looked for perl in /usr/bonsaitools/bin - fixed problem with /usr/bonsai/perl not existing. Don Head SAIR LCA, CIW-P, i-Net+, Network+, A+ Systems Administrator [ [EMAIL PROTECTED] ] Web Designer[ 1
Re: [Cooker] [Contrib-Rpm] bugzilla-2.14-1mdk
On Mon Sep 24, 2001 at 12:13:16PM -0500, Don Head wrote: Just making sure this didn't slip between the cracks.. There was a security update associated with this release, that I mentioned earlier and that is mentioned in the changelog/spec. I know this is only a Contrib-Rpm, and everyone is busy with last-minute 8.1 stuff, but I know there's a few people out there using the bugzilla Contrib-Rpm that would appreciate this sort of thing. I guess I should have included vdanen in the first e-mail; it didn't cross my mind at the time. The SRPM is still in /incoming, and the spec file and Red Hat security announcement are attached. We don't normally do security updates for contribs stuff. This isn't a set-in-stone policy, but I'm usually too busy supporting main packages for 6-7 distros I don't pay any attention to stuff in contribs (aka unsupported). One possibly compromise may be for me to rebuild bugzilla for 8.0 on my own time, but since it's a simple set of perl scripts, anyone should be able to grab bugzilla from contribs and install it without any adverse affects. -- [EMAIL PROTECTED], OpenPGP key available on www.keyserver.net 1024D/FE6F2AFD 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD - Danen Consulting Serviceswww.danen.net, www.freezer-burn.org - MandrakeSoft, Inc. Security www.linux-mandrake.com Current Linux kernel 2.4.8-26mdk uptime: 19 hours 44 minutes. PGP signature
[Cooker] [Contrib-Rpm] bugzilla-2.14-1mdk
This is a security update to a Contrib RPM! Name: bugzilla Relocations: (not relocateable) Version : 2.14 Vendor: MandrakeSoft Release : 1mdk Build Date: Wed 12 Sep 2001 01:45:09 PM CDT Install date: (not installed) Build Host: dhead.wavetech.com Group : Networking/WWWSource RPM: (none) Size: 720398 License: MPL Packager: Don Head [EMAIL PROTECTED] URL : http://www.mozilla.org/bugs/ Summary : A bug tracking system developed by mozilla.org. Description : Bugzilla is the bug tracking system developed by mozilla.org. Mozilla.org is a group within Netscape that acts as a clearinghouse for Netscape source code. Some modifications have been made for use with Mandrake Linux. * Wed Sep 12 2001 Don Head [EMAIL PROTECTED] 2.14-1mdk - Merge with Red Hat: - add requirement for perl-DBD-MySQL (Mandrake requires perl-Mysql) - updated to 2.14 for security errata - added requires for perl-GD - forgot to include *.js files. Fixed. (#42795) - updated to 2.12, updated perlpath patch - added suggested fixes from bug 19497 - Security fixes 38411 - Note: This is not the Red Hat version of Bugzilla. You can grab that at ftp://people.redhat.com/dkl - fixed bug #16147, dependancy problems. - patched all the files which looked for perl in /usr/bonsaitools/bin - fixed problem with /usr/bonsai/perl not existing. Don Head SAIR LCA, CIW-P, i-Net+, Network+, A+ Systems Administrator [ [EMAIL PROTECTED] ] Web Designer[ 1 314 650-4056 ] [ AIM - Don Wave ] [ ICQ - 18804935 ] [ Yahoo - Don_Wave ] bugzilla.spec