Bug 27824 - php-oojs-oojs-ui should be dropped (or updated, but probably dropped)
Summary: php-oojs-oojs-ui should be dropped (or updated, but probably dropped)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2020-12-15 01:21 CET by David Walser
Modified: 2021-01-23 00:51 CET (History)
6 users (show)

See Also:
Source RPM: php-oojs-oojs-ui-0.17.10-3.mga7.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2020-12-15 01:21:54 CET
Fedora has issued an advisory today (December 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/

I don't know why we imported this package, as we never unbundled it from mediawiki, and nothing else uses it.

If it needs to be kept for some reason, it should be updated to 0.39.3, as in Fedora, to pick up the latest fixes from mediawiki / upstream.

Mageia 7 is also affected.
David Walser 2020-12-15 01:22:04 CET

Whiteboard: (none) => MGA7TOO
CC: (none) => geiger.david68210

Comment 1 Nicolas Lécureuil 2020-12-25 22:05:03 CET
fixed in cauldron

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)

Comment 2 Nicolas Lécureuil 2020-12-25 22:42:07 CET
new package in mga7

src:
    php-oojs-oojs-ui-0.41.0-1.mga7

Assignee: mageia => qa-bugs

Comment 3 David Walser 2020-12-26 16:52:25 CET
Nicolas, did you determine why this package was imported or if we can drop it?

CC: (none) => mageia

Comment 4 David Walser 2020-12-26 16:56:28 CET
Advisory:
----------------------------------------

The php-oojs-oojs-ui package has been updated to version 0.41.0 to pick up all
of the latest fixes from upstream mediawiki.

References:
https://gerrit.wikimedia.org/r/plugins/gitiles/oojs/ui/+/refs/tags/v0.41.0/History.md
----------------------------------------

Updated packages in core/updates_testing:
----------------------------------------
php-oojs-oojs-ui-0.41.0-1.mga7

from php-oojs-oojs-ui-0.41.0-1.mga7.src.rpm

QA Contact: security => (none)
Component: Security => RPM Packages

Comment 5 Marc Krämer 2021-01-09 12:11:01 CET
is there a decission why not to drop it from cauldron?

CC: (none) => mageia

Comment 6 David Walser 2021-01-09 16:23:37 CET
It was dropped.
Comment 7 Thomas Andrews 2021-01-21 20:10:55 CET
No installation issues. Based on the above discussion, that should be sufficient for this one.

Validating. Advisory in Comment 4.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA7-64-OK

Comment 8 Aurelien Oudelet 2021-01-22 16:26:59 CET
Advisory pushed to SVN.

Keywords: (none) => advisory
QA Contact: (none) => security
Source RPM: php-oojs-oojs-ui-0.34.1-1.mga8.src.rpm => php-oojs-oojs-ui-0.17.10-3.mga7.src.rpm
CC: (none) => ouaurelien
Component: RPM Packages => Security

Comment 9 Mageia Robot 2021-01-23 00:51:30 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0050.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.