HEADSUP: json-c SONAME BUMP
Remi Collet
Fedora at FamilleCollet.com
Mon Jul 28 14:08:01 UTC 2014
Le 28/07/2014 16:03, Peter Robinson a écrit :
>>> If the udpate broke packages: a) it should not have been updated on stable
>>> releases (was it?),
>>
>> Two updates have been filed hours ago,
>>
>> https://admin.fedoraproject.org/updates/json-c-0.12-1.fc20
>> https://admin.fedoraproject.org/updates/json-c-0.12-1.el6
>>
>> and it seems the upgrade has not been examined at all. I've mentioned in
>> bugzilla that there are tools such as rpmsodiff and abi-compliance-checker.
>
> There is no way an intrusive change such as this should be going
> through to a stable release such as F-20, even worse for an EPEL
> release. If it's deemed that a change such as this needs to go through
> to a stable release due to something severe such as a security issue
> it needs to announced before it happens and coordinated widely before
> randomly being pushed without any details with dependent libraries and
> applications.
>
> Peter
>
And despite the update claims to fix CVE-2013-6371, this one was already
fixed in
https://admin.fedoraproject.org/updates/FEDORA-2014-5006
Remi.
More information about the devel
mailing list