| Summary: | sharpziplib new security issue fixed upstream in 1.3.3 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, joequant, mageia, matteo.pasotti, sysadmin-bugs, tarazed25 |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | sharpziplib-1.3.0-0.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2021-09-26 20:06:25 CEST
David Walser
2021-09-26 20:06:39 CEST
Whiteboard:
(none) =>
MGA8TOO mono-tools was also rebuilt for that update: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FNSMRB4SS5RB6VSYN4DMWC2QCMMMEMVC/ updated in cauldron. Whiteboard:
MGA8TOO =>
(none) pushed in mga8:
src:
- sharpziplib-1.3.3-1.mga8Assignee:
joequant =>
qa-bugs sharpziplib-1.3.3-1.mga8 sharpziplib-devel-1.3.3-1.mga8 sharpziplib-1.3.3-1.mga8.src.rpm mga8, x64 The "sharp" alludes to its C# coding and much of the online documentation concerns programming, and urpmq indicates that no Mageia packages depend on it. Upstream simply states that the new release contains a security fix. Mono tools are mentioned in various places. $ urpmq --requires sharpziplib mono(System)[== 4.0.0.0] mono(System.Core)[== 4.0.0.0] mono(mscorlib)[== 4.0.0.0] mono-core $ urpmq -i sharpziplib Name : sharpziplib Version : 1.3.0 Release : 0.mga8 Group : Development/C# Size : 217752 Architecture: x86_64 Source RPM : sharpziplib-1.3.0-0.mga8.src.rpm URL : http://icsharpcode.github.io/SharpZipLib Summary : Zip, GZip, Tar and BZip2 library Description : SharpZipLib, formerly NZipLib is a Zip, GZip, Tar and BZip2 library written entirely in C# . It is implemented as an assembly (installable in the GAC), and thus can easily be incorporated into other projects. /usr/share/doc/sharpziplib contains the README.md file which provides information of interest to developers. The two packages updated without issues. Since this is a library with no accompanying tools there is little we can do here except pass this as ready for use, with fingers crossed. CC:
(none) =>
tarazed25 It calls into question why we even have this package. CC:
(none) =>
joequant A question to be answered another day. Validating. CC:
(none) =>
andrewsfarm, sysadmin-bugs Un-validating. What about the rrebuild of mono-tools mentioned in comment 1 Keywords:
validated_update =>
(none) Adding Matteo to cc list, as the registered maintainer for mono-tools. Please see comment 1 CC:
(none) =>
matteo.pasotti Changing the assignee to Mateo because of Comment 1, as the registered maintainer of mono-tools. Assignee:
qa-bugs =>
matteo.pasotti
pushed in mga8:
src:
- sharpziplib-1.3.3-1.mga8
- mono-tools-4.2-10.1.mga8
rpms:
- sharpziplib-1.3.3-1.mga8
- sharpziplib-devel-1.3.3-1.mga8
- mono-tools-4.2-10.1.mga8Assignee:
matteo.pasotti =>
qa-bugs MGA8-64 Plasma on Lenovo B50 No installation issues # urpmq --whatrequires-recursive mono-tools returns all doc packages, so very little to test, so OK on clean install. Whiteboard:
(none) =>
MGA8-64-OK Validating once more. Keywords:
(none) =>
validated_update
Dave Hodgins
2021-12-08 01:38:38 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0541.html Status:
NEW =>
RESOLVED |