Fedora has issued an advisory today (December 14): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/ I don't know why we imported this package, as we never unbundled it from mediawiki, and nothing else uses it. If it needs to be kept for some reason, it should be updated to 0.39.3, as in Fedora, to pick up the latest fixes from mediawiki / upstream. Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOOCC: (none) => geiger.david68210
fixed in cauldron
Version: Cauldron => 7Whiteboard: MGA7TOO => (none)
new package in mga7 src: php-oojs-oojs-ui-0.41.0-1.mga7
Assignee: mageia => qa-bugs
Nicolas, did you determine why this package was imported or if we can drop it?
CC: (none) => mageia
Advisory: ---------------------------------------- The php-oojs-oojs-ui package has been updated to version 0.41.0 to pick up all of the latest fixes from upstream mediawiki. References: https://gerrit.wikimedia.org/r/plugins/gitiles/oojs/ui/+/refs/tags/v0.41.0/History.md ---------------------------------------- Updated packages in core/updates_testing: ---------------------------------------- php-oojs-oojs-ui-0.41.0-1.mga7 from php-oojs-oojs-ui-0.41.0-1.mga7.src.rpm
QA Contact: security => (none)Component: Security => RPM Packages
is there a decission why not to drop it from cauldron?
It was dropped.
No installation issues. Based on the above discussion, that should be sufficient for this one. Validating. Advisory in Comment 4.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA7-64-OK
Advisory pushed to SVN.
Keywords: (none) => advisoryQA Contact: (none) => securitySource RPM: php-oojs-oojs-ui-0.34.1-1.mga8.src.rpm => php-oojs-oojs-ui-0.17.10-3.mga7.src.rpmCC: (none) => ouaurelienComponent: RPM Packages => Security
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0050.html
Status: NEW => RESOLVEDResolution: (none) => FIXED