{5} Assigned, Active Tickets by Owner (Full Description) (22 matches)

List tickets assigned, group by ticket owner. This report demonstrates the use of full-row display.

Bruce Dubbs (7 matches)

Ticket Summary Component Milestone Type Created
Description
#16900 tumbler-4.16.1 BOOK 11.2 enhancement 08/12/2022

New point version, fixes a vulnerability in the gstreamer plugin.

#16909 mariadb-10.6.9 BOOK 11.2 enhancement 08/16/2022

New point version

Contains six security fixes, including one from 2018

#16086 libsigc++-3.2.0 (Wait until something needs this) BOOK 99-Waiting enhancement 02/11/2022

New minor version

#16865 php-8.1.9 BOOK 11.2 enhancement 08/05/2022

New point version.

#16866 slang-2.3.3 BOOK 11.2 enhancement 08/06/2022

New point version.

#16908 ldns-1.8.3 BOOK 11.2 enhancement 08/16/2022

New point version

#16910 Pygments-2.13.0 (Python module) BOOK 11.2 enhancement 08/16/2022

New minor version.

pierre (1 match)

#15772 Update dependencies on "x-window-system" BOOK hold task 11/20/2021

With the rise of wayland, and the coming vulkan, "x-window-system" as a dependency is not accurate enough. This ticket is for following progress in replacing this dependency with a more accurate one. Some instruction changes may be needed too to adapt to wayland only builds.

Douglas R. Reno (14 matches)

#16822 Update to OpenJDK-18.0.2 to fix CVE-2022-34169, CVE-2022-21541, and CVE-2022-21540 BOOK 11.2 enhancement 07/21/2022

There is a new security vulnerability in OpenJDK that allows for corruption of Java class files and for arbitrary code execution. It occurs in the Apache Xalan Java XSLT Library which is bundled directly into the OpenJDK interpreter.

No future releases of Xalan are expected, but the OpenJDK folks do have it patched upstream:

https://github.com/openjdk/jdk/commit/41ef2b249073450172e11163a4d05762364b1297

The problem is an integer truncation issue that occurs when processing malicious XSLT stylesheets.

Looking over at https://openjdk.org/groups/vulnerability/advisories/2022-07-19, it looks like this and two other security vulnerabilities have been addressed. This vulnerability has been rated at 7.5, while CVE-2022-21541 has been rated 5.9 and CVE-2022-21540 has been rated 5.3.

https://jdk.java.net/18/ shows that 18.0.2 has been released

#16873 eog-42.3 BOOK 11.2 enhancement 08/07/2022

New minor version.

#16877 webkitgtk-2.36.6 BOOK 11.2 enhancement 08/08/2022

New point version.

#16879 gjs-1.72.2 BOOK 11.2 enhancement 08/08/2022

New point version

#16880 gnome-desktop-42.4 BOOK 11.2 enhancement 08/08/2022

New minor version

#16881 geocode-glib-3.26.4 BOOK 11.2 enhancement 08/08/2022

New point version

#16882 tracker3-3.3.3 BOOK 11.2 enhancement 08/09/2022

New point version.

#16887 cups-pk-helper-0.2.7 BOOK 11.2 enhancement 08/10/2022

New point version.

#16892 gnome-shell-42.4 BOOK 11.2 enhancement 08/11/2022

New minor version

#16893 mutter-42.4 BOOK 11.2 enhancement 08/11/2022

New minor version

#16898 cifs-utils-7.0 BOOK 11.2 enhancement 08/12/2022

New major version

#16907 grilo-0.3.15 BOOK 11.2 enhancement 08/16/2022

New point version

#16011 rest-0.9.1 (wait for GNOME 43) BOOK 99-Waiting enhancement 01/26/2022

New minor version

Very long time since the last release of this particular package, but it seems to come with a meson port, changes for soup3 compatibility (soup2 still supported), and the oauth2 fixes that are needed for tests to work.

#16235 Fix CVE-2021-3575 in OpenJPEG (Wait for upstream consensus) BOOK 99-Waiting enhancement 03/15/2022

OpenJPEG-2.4.0 is vulnerable to a heap buffer overflow that is known to lead to arbitrary code execution.

A fix can be found here: https://github.com/msabwat/openjpeg/commit/f4cb033a340b55dbc576453c4b6a967fec5cbbda

The most recent report for the vulnerability was June 2021.

Note: See TracReports for help on using and creating reports.