Fyi - from drak, he accidentally only replied to me.
---------- Forwarded message ---------- From: Drak drak@zikula.org Date: Fri, 14 May 2010 21:53:18 +0545 Subject: Re: Fedora Insight weekly Meeting To: Robyn Bergeron robyn.bergeron@gmail.com
- The Zikula 1.2.2 that I believe we're running has vulnerabilities. Despite the fact that 1.2.3 has bundled library problems, FESCo is OK with using it temporarily while we await the 1.3 release, since upstream is committed to fixing the bundled libs. (stickster, 18:24:26)
What are these? I thought we already had this solved since 1.2.1?
Drak
On Thu, May 20, 2010 at 11:20:37AM -0700, Robyn Bergeron wrote:
Fyi - from drak, he accidentally only replied to me.
Thanks for sending this on, Robyn!
---------- Forwarded message ----------
- The Zikula 1.2.2 that I believe we're running has vulnerabilities. Despite the fact that 1.2.3 has bundled library problems, FESCo is OK with using it temporarily while we await the 1.3 release, since upstream is committed to fixing the bundled libs. (stickster, 18:24:26)
What are these? I thought we already had this solved since 1.2.1?
Drak, here is the full ticket explanation in FESCo's Trac instance:
https://fedorahosted.org/fesco/ticket/375
Take a look at that, and you might want to touch base with Zikula's security team to see if they've been notified about the Bugzillas to which that ticket alludes.
logistics@lists.fedoraproject.org
-
Paul W. Frields -
Robyn Bergeron