Update to bibutils-6.6

  • Security fix for CVE-2018-10773 CVE-2018-10774 CVE-2018-10775

This update has been submitted for testing by vascom.

a year ago

This update has been pushed to testing.

a year ago

petersen edited this update.

a year ago

petersen edited this update.

a year ago
User Icon tis commented & provided feedback a year ago
karma

This update includes so version bump and all packages depending on libbibutils needs update.

Update needed for:

ghc-hs-bibutils-5.0-2.el7.x86_64
ghc-pandoc-citeproc-0.3.0.1-3.el7.x86_64
pandoc-citeproc-0.3.0.1-3.el7.x86_64

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

a year ago

OK. Also ghc-hakyll.

I'll write about it to mailing list and maintainers.

And quick test looks like rebuild is not enough, those packages need update.

Right, I will take care of it and add the packages here

ghc-hakyll is not actually built for epel7 - so we don't need to worry about that.

petersen edited this update.

New build(s):

  • pandoc-citeproc-0.3.0.1-4.el7
  • ghc-hs-bibutils-6.6.0.0-1.el7

Karma has been reset.

a year ago

This update has been submitted for testing by petersen.

a year ago

This update has been pushed to testing.

a year ago

@petersen I think you forgot ghc-rpm-macros from update, ghc-hs-bibutils won't even build with current epel version.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

a year ago
User Icon lobocode commented & provided feedback a year ago
karma

works

User Icon hobbes1069 commented & provided feedback 11 months ago

This update it 7 months old now... Is it safe to push or not?

User Icon tis commented & provided feedback 11 months ago

Not safe to push because ghc-rpm-macros update needed is not included in this update.

User Icon hobbes1069 commented & provided feedback 11 months ago

Am I missing something? I don't see the ghc-rpm-macros dependency...

# repoquery --whatrequires "bibutils*"
bibutils-0:5.0-1.el7.x86_64
bibutils-devel-0:5.0-1.el7.x86_64
ghc-hs-bibutils-0:5.0-2.el7.x86_64
ghc-hs-bibutils-devel-0:5.0-2.el7.x86_64
ghc-pandoc-citeproc-0:0.3.0.1-3.el7.x86_64
pandoc-citeproc-0:0.3.0.1-3.el7.x86_64
User Icon hobbes1069 commented & provided feedback 11 months ago

I also looked through the spec file for ghc-rpm-macros and I don't see where it does anything during install that would depend on a package. It just copied a bunch of macro related files into the correct location.

User Icon tis commented & provided feedback 11 months ago

Packages can't be build with published ghc-rpm-macros - updated macros which is in koji is required in build root.

User Icon tis commented & provided feedback 11 months ago
karma

Correction - ghc-rpm-macros which are required have already been published as a separate update four months ago. So it is ok to publish this

User Icon vascom commented & provided feedback 11 months ago

So I can push it?

User Icon tis commented & provided feedback 11 months ago

Yes, just do that. Only issue there has been resolved on separate update.

User Icon tis commented & provided feedback 11 months ago

Afaik only problem which was a build dep missing has been fixed as a separate update FEDORA-EPEL-2018-22bb904daa

User Icon vascom commented & provided feedback 11 months ago

Hm, I am not see push button.

This update has been submitted for batched by hobbes1069.

11 months ago

This update has been submitted for stable by hobbes1069.

11 months ago
User Icon hobbes1069 commented & provided feedback 11 months ago

Not logged in? Anyway, I got it :)

This update has been pushed to stable.

11 months ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
a year ago
in testing
a year ago
in stable
11 months ago
modified
a year ago
BZ#1541039 bibutils: Does not use Fedora build flags
0
0
BZ#1577258 CVE-2018-10773 bibutils: NULL pointer deference in addsn function in serialno.c in libbibcore.a
0
0
BZ#1577261 CVE-2018-10773 CVE-2018-10774 CVE-2018-10775 bibutils: various flaws [epel-all]
0
0
BZ#1577262 CVE-2018-10773 CVE-2018-10774 CVE-2018-10775 ghc-hs-bibutils: various flaws [epel-all]
0
0
BZ#1577268 CVE-2018-10774 bibutils: Out-of-bounds Read in isiin_keyword function in isiin.c in libbibutils.a
0
0
BZ#1577280 CVE-2018-10775 bibutils: NULL pointer dereference in _fields_add function in fields.c in libbibcore.a
0
0
BZ#1585851 bibutils-6.5 is available
0
0
BZ#1599484 ghc-hs-bibutils-6.6.0.0 is available
0
0

Automated Test Results