Regarding BZ 884831 - security-team [ARCHIVED] - Fedora Mailing-Lists

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Regarding BZ 884831

[Fedocal] Reminder meeting :...

Eucalyptus vulnerabilities

Niranjan

Friday, 1 August 2014 Fri, 1 Aug '14

3:24 a.m.

Greetings, My Name is Niranjan, I am QE Engineer with Red Hat Certificate Services team, I would like to try and see if i can be of any help to the team. I would like to work on the below bugs: https://bugzilla.redhat.com/show_bug.cgi?id=884831 https://bugzilla.redhat.com/show_bug.cgi?id=869570 Regards, Niranjan

Attachments:

attachment.sig (application/pgp-signature — 311 bytes)

Reply

Show replies by date

Jason Taylor

Friday, 1 August Fri, 1 Aug

8:52 a.m.

New subject: Self Intro and BZ

Hi All, Just wanted to drop a quick intro and say hi. I currently work as a Linux admin and have very recently started helping as a package maintainer. I have grabbed: https://bugzilla.redhat.com/show_bug.cgi?id=890907 Initial research shows that the moin el5 package (1.5.9-1) has been orphaned and is far behind what we have in fedora (1.9.7-3). Would the first step be to see if vpv (moin fedora package maintainer) would be willing to submit the current fedora package for epel? TIA JT

Reply

Tomas Hoger

Monday, 4 August Mon, 4 Aug

7:14 a.m.

New subject: Self Intro and BZ

On Fri, 1 Aug 2014 13:52:44 +0000 Jason Taylor wrote:

https://bugzilla.redhat.com/show_bug.cgi?id=890907 Initial research shows that the moin el5 package (1.5.9-1) has been orphaned and is far behind what we have in fedora (1.9.7-3). Would the first step be to see if vpv (moin fedora package maintainer) would be willing to submit the current fedora package for epel?

Fedora maintainer may at least be able to hint if recent packages are compatible with the version in EPEL, i.e. if they can be offered as upgrade to users without breaking their existing installations. There are few components in EPEL that are already provided in multiple versions, older one probably unmaitained - mediawiki and mediawiki119, Django14 and python-django15, phpMyAdmin and phpMyAdmin3. -- Tomas Hoger / Red Hat Product Security

Reply

Niranjan

4:10 a.m.

Niranjan wrote:

Greetings, My Name is Niranjan, I am QE Engineer with Red Hat Certificate Services team, I would like to try and see if i can be of any help to the team. I would like to work on the below bugs: https://bugzilla.redhat.com/show_bug.cgi?id=884831 https://bugzilla.redhat.com/show_bug.cgi?id=869570

I am trying to reproduce the vulnerability on the affected version , To see if it's actually vulnerable. Will report the results back to the team soon.

Regards, Niranjan

_______________________________________________ security-team mailing list security-team(a)lists.fedoraproject.org https://lists.fedoraproject.org/mailman/listinfo/security-team

Reply

Tomas Hoger

7:44 a.m.

On Fri, 1 Aug 2014 13:54:28 +0530 Niranjan wrote:

My Name is Niranjan, I am QE Engineer with Red Hat Certificate Services team, I would like to try and see if i can be of any help to the team. I would like to work on the below bugs: https://bugzilla.redhat.com/show_bug.cgi?id=884831 https://bugzilla.redhat.com/show_bug.cgi?id=869570

A help form anyone who is already familiar with the code base of a specific affected component, or is familiar enough with it to be able to test applied fix, is definitely welcome. -- Tomas Hoger / Red Hat Product Security

Reply

Niranjan

8:35 a.m.

Tomas Hoger wrote:

On Fri, 1 Aug 2014 13:54:28 +0530 Niranjan wrote: > My Name is Niranjan, I am QE Engineer with Red Hat Certificate > Services team, I would like to try and see if i can be of any help to > the team. > > I would like to work on the below bugs: > > https://bugzilla.redhat.com/show_bug.cgi?id=884831 > https://bugzilla.redhat.com/show_bug.cgi?id=869570 A help form anyone who is already familiar with the code base of a specific affected component, or is familiar enough with it to be able to test applied fix, is definitely welcome.

I am trying to ascertain if the package is indeed vulnerable to CVE's mentioned in the BZ, I will post my updates to the list. Where i am currently: Have installed pki-ca, pki-kra, pki-tks, pki-tps and configured to verify if the CVE's are applicable. Currently there are some issues to access the TPS admin interface, If this issue turns out to be a bug, then CVE's may not be applicable (because to take advantage of the vulnerability one has to login to tps admin interface.) , I have mailed package maintainer for further help in this regard. I will post the updates on this. If any body else have any more pointers on this. Do let me know Regards Niranjan

-- Tomas Hoger / Red Hat Product Security _______________________________________________ security-team mailing list security-team(a)lists.fedoraproject.org https://lists.fedoraproject.org/mailman/listinfo/security-team

Reply

3546

days inactive

3549

days old

security-team@lists.fedoraproject.org

Manage subscription

5 comments

3 participants

tags (0)

participants (3)

Jason Taylor
Niranjan
Tomas Hoger