FEDORA-EPEL-2018-f9d6ff695a

security update in Fedora EPEL 7 for bibutils, ghc-hs-bibutils, & 1 more

Status: testing 6 months ago

Update to bibutils-6.6

  • Security fix for CVE-2018-10773 CVE-2018-10774 CVE-2018-10775

Comments 16

This update has been submitted for testing by vascom.

This update has been pushed to testing.

petersen edited this update.

petersen edited this update.

This update includes so version bump and all packages depending on libbibutils needs update.

Update needed for:

ghc-hs-bibutils-5.0-2.el7.x86_64
ghc-pandoc-citeproc-0.3.0.1-3.el7.x86_64
pandoc-citeproc-0.3.0.1-3.el7.x86_64
karma: -1

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

OK. Also ghc-hakyll.

I'll write about it to mailing list and maintainers.

And quick test looks like rebuild is not enough, those packages need update.

Right, I will take care of it and add the packages here

ghc-hakyll is not actually built for epel7 - so we don't need to worry about that.

petersen edited this update.

New build(s):

  • pandoc-citeproc-0.3.0.1-4.el7
  • ghc-hs-bibutils-6.6.0.0-1.el7

Karma has been reset.

This update has been submitted for testing by petersen.

This update has been pushed to testing.

@petersen I think you forgot ghc-rpm-macros from update, ghc-hs-bibutils won't even build with current epel version.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1541039 bibutils: Does not use Fedora build flags
#1577258 CVE-2018-10773 bibutils: NULL pointer deference in addsn function in serialno.c in libbibcore.a
#1577261 CVE-2018-10773 CVE-2018-10774 CVE-2018-10775 bibutils: various flaws [epel-all]
#1577262 CVE-2018-10773 CVE-2018-10774 CVE-2018-10775 ghc-hs-bibutils: various flaws [epel-all]
#1577268 CVE-2018-10774 bibutils: Out-of-bounds Read in isiin_keyword function in isiin.c in libbibutils.a
#1577280 CVE-2018-10775 bibutils: NULL pointer dereference in _fields_add function in fields.c in libbibcore.a
#1585851 bibutils-6.5 is available
#1599484 ghc-hs-bibutils-6.6.0.0 is available
Content Type
RPM
Status
testing
Test Gating
Submitted by
Update Type
security
Update Severity
low
Karma
+1
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted 6 months ago
in testing 6 months ago
modified 6 months ago

Related Bugs 8

00 #1541039 bibutils: Does not use Fedora build flags
00 #1577258 CVE-2018-10773 bibutils: NULL pointer deference in addsn function in serialno.c in libbibcore.a
00 #1577261 CVE-2018-10773 CVE-2018-10774 CVE-2018-10775 bibutils: various flaws [epel-all]
00 #1577262 CVE-2018-10773 CVE-2018-10774 CVE-2018-10775 ghc-hs-bibutils: various flaws [epel-all]
00 #1577268 CVE-2018-10774 bibutils: Out-of-bounds Read in isiin_keyword function in isiin.c in libbibutils.a
00 #1577280 CVE-2018-10775 bibutils: NULL pointer dereference in _fields_add function in fields.c in libbibcore.a
00 #1585851 bibutils-6.5 is available
00 #1599484 ghc-hs-bibutils-6.6.0.0 is available

Automated Test Results