Update to bibutils-6.6

  • Security fix for CVE-2018-10773 CVE-2018-10774 CVE-2018-10775

This update has been submitted for testing by vascom.

2 years ago

This update has been pushed to testing.

2 years ago

petersen edited this update.

2 years ago

petersen edited this update.

2 years ago
User Icon tis commented & provided feedback 2 years ago
karma

This update includes so version bump and all packages depending on libbibutils needs update.

Update needed for:

ghc-hs-bibutils-5.0-2.el7.x86_64
ghc-pandoc-citeproc-0.3.0.1-3.el7.x86_64
pandoc-citeproc-0.3.0.1-3.el7.x86_64

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

2 years ago

OK. Also ghc-hakyll.

I'll write about it to mailing list and maintainers.

And quick test looks like rebuild is not enough, those packages need update.

Right, I will take care of it and add the packages here

ghc-hakyll is not actually built for epel7 - so we don't need to worry about that.

petersen edited this update.

New build(s):

  • pandoc-citeproc-0.3.0.1-4.el7
  • ghc-hs-bibutils-6.6.0.0-1.el7

Karma has been reset.

2 years ago

This update has been submitted for testing by petersen.

2 years ago

This update has been pushed to testing.

2 years ago

@petersen I think you forgot ghc-rpm-macros from update, ghc-hs-bibutils won't even build with current epel version.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago
User Icon lobocode commented & provided feedback 2 years ago
karma

works

User Icon hobbes1069 commented & provided feedback a year ago

This update it 7 months old now... Is it safe to push or not?

User Icon tis commented & provided feedback a year ago

Not safe to push because ghc-rpm-macros update needed is not included in this update.

User Icon hobbes1069 commented & provided feedback a year ago

Am I missing something? I don't see the ghc-rpm-macros dependency...

# repoquery --whatrequires "bibutils*"
bibutils-0:5.0-1.el7.x86_64
bibutils-devel-0:5.0-1.el7.x86_64
ghc-hs-bibutils-0:5.0-2.el7.x86_64
ghc-hs-bibutils-devel-0:5.0-2.el7.x86_64
ghc-pandoc-citeproc-0:0.3.0.1-3.el7.x86_64
pandoc-citeproc-0:0.3.0.1-3.el7.x86_64
User Icon hobbes1069 commented & provided feedback a year ago

I also looked through the spec file for ghc-rpm-macros and I don't see where it does anything during install that would depend on a package. It just copied a bunch of macro related files into the correct location.

User Icon tis commented & provided feedback a year ago

Packages can't be build with published ghc-rpm-macros - updated macros which is in koji is required in build root.

User Icon tis commented & provided feedback a year ago
karma

Correction - ghc-rpm-macros which are required have already been published as a separate update four months ago. So it is ok to publish this

User Icon vascom commented & provided feedback a year ago

So I can push it?

User Icon tis commented & provided feedback a year ago

Yes, just do that. Only issue there has been resolved on separate update.

User Icon tis commented & provided feedback a year ago

Afaik only problem which was a build dep missing has been fixed as a separate update FEDORA-EPEL-2018-22bb904daa

User Icon vascom commented & provided feedback a year ago

Hm, I am not see push button.

This update has been submitted for batched by hobbes1069.

a year ago

This update has been submitted for stable by hobbes1069.

a year ago
User Icon hobbes1069 commented & provided feedback a year ago

Not logged in? Anyway, I got it :)

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
a year ago
modified
2 years ago
BZ#1541039 bibutils: Does not use Fedora build flags
0
0
BZ#1577258 CVE-2018-10773 bibutils: NULL pointer deference in addsn function in serialno.c in libbibcore.a
0
0
BZ#1577261 CVE-2018-10773 CVE-2018-10774 CVE-2018-10775 bibutils: various flaws [epel-all]
0
0
BZ#1577262 CVE-2018-10773 CVE-2018-10774 CVE-2018-10775 ghc-hs-bibutils: various flaws [epel-all]
0
0
BZ#1577268 CVE-2018-10774 bibutils: Out-of-bounds Read in isiin_keyword function in isiin.c in libbibutils.a
0
0
BZ#1577280 CVE-2018-10775 bibutils: NULL pointer dereference in _fields_add function in fields.c in libbibcore.a
0
0
BZ#1585851 bibutils-6.5 is available
0
0
BZ#1599484 ghc-hs-bibutils-6.6.0.0 is available
0
0

Automated Test Results