On Samstag, 22. Dezember 2018 18:19:23 CET Michael Ströder wrote:
On 12/22/18 4:32 PM, Axel Braun wrote:
Am Samstag, 22. Dezember 2018, 15:00:01 CET schrieb Dominique Leuenberger:
- update to perl-5.28.1
* [CVE-2018-18311] Integer overflow leading to buffer overflow * [CVE-2018-18312] Heap-buffer-overflow write in S_regatom
I guess this is the issue for:
T520:/home/docb # zypper dup -dl
3 Probleme: Problem: perl-Gtk2-Ex-FormFactory-0.67-1.21.noarch benötigt perl(:MODULE_COMPAT_5.26.2), kann jedoch nicht zur Verfügung gestellt werden Problem: perl-5.26.2-1.4.x86_64 benötigt perl-base = 5.26.2, kann jedoch nicht zur Verfügung gestellt werden Problem: perl-CBOR-XS-1.71-5.1.x86_64 benötigt perl(:MODULE_COMPAT_5.26.2), kann jedoch nicht zur Verfügung gestellt werden
It seems more Perl-based packages are affected by this and also PHP-based packages, e.g. nextcloud.
You are aware perl-Gtk2-Ex-FormFactory is not a Factory package, but only in e.g. devel:languages:perl? All projects targetting Tumbleweed only start rebuilding *after* the snapshot has been released, for larger repositories it may take a while until everything is finished. According to https://build.opensuse.org/packages/perl-Gtk2-Ex-FormFactory/ job_history/devel:languages:perl/openSUSE_Tumbleweed/x86_64, the package has been rebuilt 1.5 hours ago.
I wonder why that snapshot passed the tests.
So you apparently have an interest in the package. If you want it tested as part of the snapshot, you need to: 1. Submit the package to Factory, otherwise it is not even part of the snapshot - this typically also implies you are wiling to do the maintenance 2. For proper testing, you also create some testcases for openQA Kind regards, Stefan -- Stefan Brüns / Bergstraße 21 / 52062 Aachen home: +49 241 53809034 mobile: +49 151 50412019