Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [opensuse] security update policy]
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Sun, 23 Apr 2006 10:05:34 +0200
  • Message-id: <20060423080534.GA30897@xxxxxxx>
On Sun, Apr 23, 2006 at 09:38:02AM +0200, jdd wrote:
> playing with YOU and working with mediawiki, I noticed the
> last YOU update was 1.4.x (with x=7, but I'm not sure of that)
>
> Mediawiki being at stable 1.6.3 I wondered if this was a
> good choice.. I asked the mediawiki list and got the answer
> below: mediawiki is maintained for approx 1 year.
>
> Given SUSE Linux is said to have security updates for two
> years, I wonder what is going to be done.
>
> Will a Novell programmer make the necessary patches to 1.4?
> will SUSE (YOU) provide upgrade to 1.5 or 1.6... giving I'm
> stuck with the 1.6 upgrade :-)

We currently do this, yes:
$ ls -l /work/SRC/old-versions/10.0/all/mediawiki
-rw-r--r-- 1 root root 854 2006-03-30 14:35 MD5SUMS
-rw-r--r-- 1 root root 42 2006-03-30 14:35 MD5SUMS.meta
-rw-r--r-- 1 root root 358 2006-01-26 11:08 mediawiki-1.4.5-permission-fix.diff
-rw-r--r-- 1 root root 399 2006-01-26 11:08 mediawiki-1.4.7-DoS-CVE-2006-0322.diff
-rw-r--r-- 1 root root 443 2006-01-26 11:08 mediawiki-1.4.7-EditPage.diff
-rw-r--r-- 1 root root 1162 2006-01-26 11:08 mediawiki-1.4.7-IE-XSS.diff
-rw-r--r-- 1 root root 1604 2005-12-07 14:47 mediawiki-1.4.7-php4.4.1.diff
-rw-r--r-- 1 root root 1485633 2006-01-26 11:08 mediawiki-1.4.7.tar.bz2
-rw-r--r-- 1 root root 2174 2006-01-26 11:08 mediawiki-1.4.7-xss-CAN-2005-2396.diff
-rw-r--r-- 1 root root 1849 2006-01-26 11:08 mediawiki-1.4.7-xss-CVE-2005-4501.diff
-rw-r--r-- 1 root root 3121 2006-01-26 11:08 mediawiki-1.4.7-xss-math.diff
-rw-r--r-- 2 root root 1459 2006-03-28 13:24 mediawiki-1.4.7-xss-parser.diff
-rw-r--r-- 2 root root 2155 2006-03-28 16:39 mediawiki.changes
-rw-r--r-- 2 root root 4922 2006-03-30 14:35 mediawiki.spec
-rw-r--r-- 1 root root 1140 2006-01-26 11:08 README.SuSE
-rw-r--r-- 1 root root 0 2006-03-30 14:35 ready

> php scripts are very sensitive materials. vulnerability
> found there can severely impact a server.

Just do not use them. ;)

> But of course my question is not about mediawiki (I already
> cope with this one :-), but more generally, giving the speed
> of the working Linux flow, how is the update policy setup?
> 10.0 is pretty fresh :-)

2 years of security updates, as with the dozen SUSE Linux releases
before.

Ciao, Marcus

< Previous Next >
Follow Ups
References