Bug 481165
Summary: | Update rt3 to 3.6.7 | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Xavier Bachelot <xavier> |
Component: | rt3 | Assignee: | Xavier Bachelot <xavier> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | el5 | CC: | mmahut, perl-devel, rc040203, xavier |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-02-16 17:21:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 481163 | ||
Bug Blocks: |
Description
Xavier Bachelot
2009-01-22 15:13:53 UTC
If I understand correctly, the vulnerability is in perl-Devel-StackTrace. Fedora 9-11 already come with Devel-StackTrace-1.20 => should not be affected by this vulnerability. Fedora 10 and 11's rt3 currently is at 3.8.x => should also not be affected. Leaves Fedora 9's rt3, which is at 3.6.6. Upgrading FC9's rt3 to rt-3.8.x is hardly possible due to rt once again changed having its database format and because there is no known way to automatically reformat the database from inside of rpm. Whether upgrading it to 3.6.7 is possible, needs to be analyzed. I'd rather avoid doing so. (In reply to comment #1) > If I understand correctly, the vulnerability is in perl-Devel-StackTrace. > > Fedora 9-11 already come with Devel-StackTrace-1.20 > => should not be affected by this vulnerability. The vulnerability is in Devel::StackTrace, the bells and whistles are in rt3 3.6.7. > > Fedora 10 and 11's rt3 currently is at 3.8.x => should also not be affected. > That's why I filed a bug against rt3 F9 too. > Leaves Fedora 9's rt3, which is at 3.6.6. Upgrading FC9's rt3 to rt-3.8.x is > hardly possible due to rt once again changed having its database format and > because there is no known way to automatically reformat the database from > inside of rpm. > yes, upgrading between major rt3 releases is not possible, at least not automagically, so no way to do that in a stable release. > Whether upgrading it to 3.6.7 is possible, needs to be analyzed. I'd rather > avoid doing so. There's no database change nor any caveat mentioned in the changelog and we've successfully done some basic update tests. We've yet to try with a production database though. Pushed to EPEL stable, as well as a fixed perl-Devel-StackTrace. |