This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. Please note: this issue affects multiple supported versions of Fedora. Only one tracking bug has been filed; please ensure that it is only closed when all affected versions are fixed. [bug automatically created by: add-tracking-bugs]
Please use the following update submission link to create the Bodhi request for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. Please also ensure that the "Close bugs when update is stable" option remains checked. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1059000,1059001
What's happening with this package? I believe it's been broken up into other packages and this package is just here for compatibility. Is it possible to upgrade this?
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
Somehow I ended up owning this package; I was helping out ages ago but I guess everyone else left and I ended up holding the bag. I really have no interest in this and I've removed myself in pkgdb. What happened to the horde suite is that upstream completely revamped their distribution methods which allows Fedora to ship and update all of the (100+) components separately. However, Fedora policies preclude upgrading existing releases so F19 and F20 are stuck with the old code that nobody wants to touch. I'm not really sure what the best course of action would be.
...and with no way to tell who actually has this installed there is no way of knowing how many systems are affected. I'm guessing this is an orphaned package now?
Package has been retired. Leaving bug open for anyone that may un-retire the package.
Hmm, how did I get assigned here? This package should be retired completely. Horde was a mess in old Fedora; I was doing a bit of helping out but somehow I ended up owning the thing when everyone else dropped the package before I did. I'm certainly not competent to fix bugs in very old unsupported PHP code. In F20, the php-horde-horde package (which I do not and never have maintained) provides horde = 5.2.4, but it also conflicts with horde < 5 so I've no real idea what happens. I believe if you installed (instead of updating) horde after the new version was released, you have the new version and otherwise you still have the old version. An automatic upgrade isn't possible in any case, but of course they can uninstall and reinstall. That's all based on my limited understanding of yum would do in that situation. In any case, even though this was assigned to me, there's nothing I can do here. Horde can't be brought back and at least there is a way to get it upgraded using only what's in the distro.
(In reply to Jason Tibbitts from comment #8) > Hmm, how did I get assigned here? This package should be retired > completely. Horde was a mess in old Fedora; I was doing a bit of helping > out but somehow I ended up owning the thing when everyone else dropped the > package before I did. I'm certainly not competent to fix bugs in very old > unsupported PHP code. Ha! BZ certainly thinks you're the right person [to assign this bug to]. :) > In any case, even though this was assigned to me, there's nothing I can do > here. Horde can't be brought back and at least there is a way to get it > upgraded using only what's in the distro. I haven't looked to see if horde is in F21 or beyond (it is in F20). Can this package be retired if there is no maintenance happening?
Horde in f21 is a virtual provide from php-horde-horde package; the old monolithic horde package was not branched for F21 or later and is dead.package'd in rawhide. Horde certainly appears to be retired in f20, at least in pkgdb, but I was just in there clicking buttons today so it might not have have been that way until recently. https://admin.fedoraproject.org/pkgdb/package/horde/ Not sure what else I can do now except either close this or wait for the EOL process to close it.
Okay, yeah it appears to be retired. For some reason yum was still able to trudge up some information about it. Thanks!