[Bug 1078718] New: Deleting Zend Framework from Factory
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 Bug ID: 1078718 Summary: Deleting Zend Framework from Factory Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: kbabioch@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- openSUSE:Factory and hence openSUSE:Leap:15.0 still contain very old versions of Zend Framework (1.12.20, php7-ZendFramework). These are no longer maintained upstream since Sep 2016. There are open issues for Zend Framework (see #1017629 #1044027 #1052785) with security implications. It is not even clear whether the old 1.12.x branch is actually affected by the 2.2.x. Is anyone interested in bumping the version to the 3.x branch? Otherwise I would submit a deletion request, since upstream seems to be rather dead anyway (last release in 2016, no active development going on) and there are no dependencies on it. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 Karol Babioch <kbabioch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aj@ajaissle.de, | |alar.sing@err.ee, | |asemen@suse.com, | |broedel@b1-systems.de, | |chris@computersalat.de, | |crrodriguez@opensuse.org, | |jweberhofer@weberhofer.at, | |kbabioch@suse.com, | |lang@b1-systems.de, | |lars.vogdt@suse.com, | |nix@opensuse.org, | |opensuse@dstoecker.de, | |poeml@cmdline.net, | |robert.munteanu@gmail.com, | |suse-tux@gmx.de -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astieger@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c1 --- Comment #1 from Karol Babioch <kbabioch@suse.com> --- Bug 1017629 https://bugzilla.opensuse.org/show_bug.cgi?id=1017629 Bug 1044027 https://bugzilla.opensuse.org/show_bug.cgi?id=1044027 Bug 1052785 https://bugzilla.opensuse.org/show_bug.cgi?id=1052785 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c2 --- Comment #2 from Johannes Weberhofer <jweberhofer@weberhofer.at> --- Karol, I fully support removing the package. It was requested by maintainers of nagvis. Nagvis should migrate to a newer version then we could remove that package. Maintainers are @ecsos and @lrupp. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 Johannes Weberhofer <jweberhofer@weberhofer.at> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ecsos@schirra.net -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c3 --- Comment #3 from Eric Schirra <ecsos@schirra.net> --- (In reply to Johannes Weberhofer from comment #2)
Karol, I fully support removing the package. It was requested by maintainers of nagvis. Nagvis should migrate to a newer version then we could remove that package. Maintainers are @ecsos and @lrupp.
nagvis is needed for some other applications. Nagios or icingaweb2-module. But i'm not shure if we can remove zendframework. And i have no no change to test it at the moment. Lars, can you do that? Bumping to version 3 was very nice. :-) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c4 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #4 from Andreas Stieger <astieger@suse.com> --- delete request sent for Leap 15.0 and Factory. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c5 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |CONFIRMED --- Comment #5 from Andreas Stieger <astieger@suse.com> --- Eric, security team would like to absolutely clear: We need php7-ZendFramework to have a maintainer AND be on a current version with the issues fixed, or we drop it. You write in the DRs:
It's need for icingaweb2-module-nagvis
I do not see icingaweb2-module-nagvism in the distribution. Where is it? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c6 --- Comment #6 from Eric Schirra <ecsos@schirra.net> --- Deletions are approved. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c7 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #7 from Andreas Stieger <astieger@suse.com> --- removed from Factory -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com