[Bug 824089] CVE-2011-2082 rt3: Multiple security flaws fixed in upstream v3.8.12 and v4.0.6 versions [epel-all]
bugzilla at redhat.com
bugzilla at redhat.com
Fri Apr 24 16:20:56 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=824089
Ralf Corsepius <rc040203 at freenet.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rc040203 at freenet.de
--- Comment #2 from Ralf Corsepius <rc040203 at freenet.de> ---
[Fedora maintainer speaking - I do not maintain rt in EPEL]
(In reply to David A. Cafaro from comment #1)
> This bug is VERY old, do we have an udpate/patch for this?
None that I am aware of. rt3 was abandoned upstream.
In Fedora >= 21, rt3 has been replaced with rt4 (rt-4.2.x) and is effectively
abandoned/dead in Fedora 20. It's only still present in F20, because I missed
to EOL it in time before F20 was released and because packages can't be removed
from Fedora after release.
I do not think trying to backport the changes from rt4 or trying to develop
actual bug-fixes is feasible (checking other distros could be worth a try,
though).
Instead I'd recommend to remove rt3 from all EPELs and - should there be
sufficient interest - somebody to try adding rt4 (4.0.x or 4.2.x) to EPEL.
However, due to the long chain of deps on (modern) perl-modules and
CentOS/RHEL's packaging policies, I would expect this to be a challenging,
almost impossible task.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the perl-devel
mailing list