| Summary: | desurium bundles a lot of security vulnerabilities | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Rémi Verschelde <rverschelde> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| Whiteboard: | MGA4TOO | ||
| Source RPM: | desurium | CVE: | |
| Status comment: | |||
|
Description
David Walser
2014-07-15 00:21:00 CEST
David Walser
2014-07-15 00:21:14 CEST
Whiteboard:
(none) =>
MGA4TOO I'll look into it. Desurium was indeed a pain to package, I had to remove lots of bundled dependencies, but I couldn't do without CEF and v8. The community development of Desurium has ceased since Desura was taken over by LindenLab; now a new LGPL version of the client is being developed professionally by one of the original developers as far as I understand: https://github.com/lindenlab/desura-app From what I've heard on #desura, it seems the development of a Linux version depends on what LindenLab will decide, and it's not 100% sure they consider Linux users as a reliable source of income (though I think many users will stop using their platform if they drop Linux support when even Steam has it now). So, I'll poke the desura-app dev to see if a Linux version (without known security vulnerabilities) can be expected soon, or if we should drop desurium altogether. I've dropped desurium from cauldron: http://svnweb.mageia.org/packages?view=revision&revision=672093 Sadly there's nothing we can do for Mageia 4. Status:
NEW =>
RESOLVED |