Am 09.09.2015 um 17:05 schrieb Marcus Meissner:
On Wed, Sep 09, 2015 at 05:00:03PM +0200, Stephan Kulow wrote:
On 09.09.2015 15:36, Johannes Weberhofer wrote:
For the server:php:applications project there are currently many requests like
Submit package openSUSE:Factory / php5-pear-Horde_Image (revision 10) to package openSUSE:Leap:42.1 / php5-pear-Horde_Image
in the queue. What is expected from the project maintainers to be done?
Hi,
See http://lists.opensuse.org/opensuse-packaging/2015-08/msg00083.html we need the maintainers approval that the submission makes sense and is complete
In the very context of Horde I would expect someone to make sure all of it is submitted and not only those the script found useful.
Given that we do not have good experiences with horde security updates for openSUSE, either a more capable maintainer need to step up or we should not include it.
848972 SUSE Security Incidents Incidents lang@b1-systems.de NEW --- VUL-0: CVE-2013-6364: horde5: XSS and CSRF via saving search as virtual address book 2014-01-14 848974 SUSE Security Incidents Incidents lang@b1-systems.de NEW --- VUL-0: CVE-2013-6365: horde5: CSRF in changing permissions functionality 2015-06-28 872334 SUSE Security Incidents Incidents lang@b1-systems.de NEW --- VUL-0: CVE-2012-6640: horde5-imp: XSS vulnerabilities triggered by opening malicious SVG attachments 2015-04-10 882792 SUSE Security Incidents Incidents lang@b1-systems.de CONF --- VUL-0: CVE-2014-3999: php5-pear-Horde_Ldap: connect to LDAP without knowing the password 2015-02-24
Ciao, marcus
I personally could not maintain those packages. Ralf could do so, as all updates are done by him. Best regards, Johannes -- Johannes Weberhofer Weberhofer GmbH, Austria, Vienna -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org