Bug 27824 - php-oojs-oojs-ui should be dropped (or updated, but probably dropped)
Summary: php-oojs-oojs-ui should be dropped (or updated, but probably dropped)
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-12-15 01:21 CET by David Walser
Modified: 2021-01-09 16:23 CET (History)
3 users (show)

See Also:
Source RPM: php-oojs-oojs-ui-0.34.1-1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2020-12-15 01:21:54 CET
Fedora has issued an advisory today (December 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/

I don't know why we imported this package, as we never unbundled it from mediawiki, and nothing else uses it.

If it needs to be kept for some reason, it should be updated to 0.39.3, as in Fedora, to pick up the latest fixes from mediawiki / upstream.

Mageia 7 is also affected.
David Walser 2020-12-15 01:22:04 CET

Whiteboard: (none) => MGA7TOO
CC: (none) => geiger.david68210

Comment 1 Nicolas Lécureuil 2020-12-25 22:05:03 CET
fixed in cauldron

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

Comment 2 Nicolas Lécureuil 2020-12-25 22:42:07 CET
new package in mga7

src:
    php-oojs-oojs-ui-0.41.0-1.mga7

Assignee: mageia => qa-bugs

Comment 3 David Walser 2020-12-26 16:52:25 CET
Nicolas, did you determine why this package was imported or if we can drop it?

CC: (none) => mageia

Comment 4 David Walser 2020-12-26 16:56:28 CET
Advisory:
----------------------------------------

The php-oojs-oojs-ui package has been updated to version 0.41.0 to pick up all
of the latest fixes from upstream mediawiki.

References:
https://gerrit.wikimedia.org/r/plugins/gitiles/oojs/ui/+/refs/tags/v0.41.0/History.md
----------------------------------------

Updated packages in core/updates_testing:
----------------------------------------
php-oojs-oojs-ui-0.41.0-1.mga7

from php-oojs-oojs-ui-0.41.0-1.mga7.src.rpm

QA Contact: security => (none)
Component: Security => RPM Packages

Comment 5 Marc Krämer 2021-01-09 12:11:01 CET
is there a decission why not to drop it from cauldron?

CC: (none) => mageia

Comment 6 David Walser 2021-01-09 16:23:37 CET
It was dropped.

Note You need to log in before you can comment on or make changes to this bug.