On 06.08.2014 16:24, Stephen John Smoogen wrote: > > > > On 6 August 2014 10:53, Jan Rusnacko <jrusn...@fedoraproject.org > <mailto:jrusn...@fedoraproject.org>> wrote: > > Hello, > > following the policy for nonresponsive maintainers, does anyone have a > contact of Jeroen van Meeuwen (kanarip) ? All three mail addresses listed > here http://fedoraproject.org/wiki/User:Kanarip bounce back, including FAS > email kana...@kanarip.com <mailto:kana...@kanarip.com>. > > He is a co-maintainer of quite a number of packages > (https://admin.fedoraproject.org/pkgdb/packager/kanarip/), which now have ~20 > unfixed vulnerabilities combined in EPEL, some of them for over a year. > > > > I have run into kanarip and will have him correct the problems one way or > another by the end of FLOCK. And I will get the EPEL items dealt with as soon > as possible. > > Could you give me a list of packages with problems so I can do the second > part? So the packages in question are: rubygem-actionmailer, rubygem-actionpack, rubygem-activerecord, rubygem-activeresource, rubygem-activesupport, rubygem-rails, rubygem-rack and rubygems. These are relevant bugzillas:
https://bugzilla.redhat.com/show_bug.cgi?id=1115776 https://bugzilla.redhat.com/show_bug.cgi?id=1095129 https://bugzilla.redhat.com/show_bug.cgi?id=1095127 https://bugzilla.redhat.com/show_bug.cgi?id=1095125 https://bugzilla.redhat.com/show_bug.cgi?id=1095122 https://bugzilla.redhat.com/show_bug.cgi?id=1095120 https://bugzilla.redhat.com/show_bug.cgi?id=1095118 https://bugzilla.redhat.com/show_bug.cgi?id=961066 https://bugzilla.redhat.com/show_bug.cgi?id=948706 https://bugzilla.redhat.com/show_bug.cgi?id=924318 https://bugzilla.redhat.com/show_bug.cgi?id=924297 https://bugzilla.redhat.com/show_bug.cgi?id=905374 https://bugzilla.redhat.com/show_bug.cgi?id=905373 https://bugzilla.redhat.com/show_bug.cgi?id=891468 https://bugzilla.redhat.com/show_bug.cgi?id=847202 https://bugzilla.redhat.com/show_bug.cgi?id=843924 https://bugzilla.redhat.com/show_bug.cgi?id=831583 https://bugzilla.redhat.com/show_bug.cgi?id=731453 https://bugzilla.redhat.com/show_bug.cgi?id=731451 https://bugzilla.redhat.com/show_bug.cgi?id=731450 https://bugzilla.redhat.com/show_bug.cgi?id=677629 https://bugzilla.redhat.com/show_bug.cgi?id=1097205 https://bugzilla.redhat.com/show_bug.cgi?id=909088 https://bugzilla.redhat.com/show_bug.cgi?id=814725 https://bugzilla.redhat.com/show_bug.cgi?id=771152 https://bugzilla.redhat.com/show_bug.cgi?id=771151 Looks scary, but it the end it`s just rails, rubygems and rack. All of these are co-maintained with Michael Stahnke, which I have no luck contacting either. There are actually more unfixed vulnerabilities, but I am confident they can be fixed by more active maintainers. Thank you for helping out, really appreciated ! > > Thank You. > > > > Thank you! > -- > Jan Rusnacko, Fedora Security Team > -- > devel mailing list > devel@lists.fedoraproject.org <mailto:devel@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > > > > > -- > Stephen J Smoogen. > > > -- Jan Rusnacko, Fedora Security Team -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
