Red Hat Bugzilla – Full Text Bug Listing
|Summary:||rt3: Multiple security flaws fixed in upstream v3.8.12 and v4.0.6 versions|
|Product:||[Other] Security Response||Reporter:||Jan Lieskovsky <jlieskov>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||NEW ---||QA Contact:|
|Version:||unspecified||CC:||alexmv, mmahut, perl-devel, rc040203, tremble, xavier|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||824089, 824088|
Description Jan Lieskovsky 2012-05-22 13:11:14 EDT
Comment 1 Jan Lieskovsky 2012-05-22 13:19:57 EDT
These issues affect the versions of the rt3 package, as shipped with Fedora release of 15 and 16. Please schedule an update / rebase. -- These issues affect the versions of the rt3 package, as shipped with Fedora EPEL 5 and 6. Please schedule an update.
Comment 2 Jan Lieskovsky 2012-05-22 13:21:08 EDT
Created rt3 tracking bugs for this issue Affects: fedora-all [bug 824088] Affects: epel-all [bug 824089]
Comment 3 Alex Vandiver 2012-05-24 23:33:09 EDT
To anyone readying a release based on the above, please also note the two follow-up messages addressing problems with sending mail caused by the security patches: http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000205.html http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000206.html As the latter mentions, 3.8.13 should be released in the next couple days to address the issue with mod_perl deployments. - Alex
Comment 4 Ralf Corsepius 2012-05-24 23:49:07 EDT
Hmm, I am confused about http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000205.html There, you say: "RT 3.8.11 and 4.0.5 already require version (FCGI) 0.75 or higher". However, the latest version of FCGI.pm in CPAN is 0.74 as well as does rt-3.8.12/sbin/rt-test-dependencies check for FCGI 0.74? Could you elaborate?
Comment 5 Alex Vandiver 2012-05-24 23:51:20 EDT
Gah -- simple typo. Please read that as 0.74, as you confirmed by looking at sbin/rt-test-dependencies.in - Alex
Comment 6 Ralf Corsepius 2012-05-25 00:13:48 EDT
Thanks for clarifying this. Fedora already ships 0.74, but ... CentOS6 is still at 0.71 ;)
Comment 7 Fedora Update System 2012-06-01 12:53:29 EDT
rt3-3.8.12-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2012-06-01 23:52:07 EDT
rt3-3.8.12-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2012-06-01 23:58:16 EDT
rt3-3.8.12-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.