Fedora has issued an advisory on November 11: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LM6ZNCU2KVKOL44GHTMMKKXJ4G5GHKYZ/ There has been some debate as to whether to classify this as a security issue. We should at least include the fix in Cauldron and Mageia 6 SVN. Fedora added a patch to fix it in this commit: http://pkgs.fedoraproject.org/cgit/rpms/glusterfs.git/commit/?id=202c34e6826fd2cba34ee61fc14312126ede808f
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
glusterfs is already in task-obsoletes (for mga6 and cauldron). The question is, why python-gluster is still present in the repo and why task-obsoletes does not remove it.
CC: (none) => mageia
If python-gluster has no other dep, it is simply because of human error. It must be added to task-obsoletes and moved in the svn (not removed) according to this : https://wiki.mageia.org/en/Packaging_guidelines#Obsoleting_a_package You are welcome to do so.
CC: (none) => lists.jjorge
Thanks Marc. I thought we had dropped this package, so I guess I wasn't crazy after all. It was typed incorrectly as python-glusterfs in task-obsolete, so it was still hanging around. glusterfs actually isn't in SVN at all.
Status: NEW => RESOLVEDResolution: (none) => INVALID