#5960 libmodplug security vulnerability
Closed: Fixed None Opened 5 years ago by sparks.

libmodplug suffers from seven important CVEs (https://bugzilla.redhat.com/show_bug.cgi?id=728371 and https://bugzilla.redhat.com/show_bug.cgi?id=995578). Version >= 0.8.8.5 fixes all of these CVEs. This package is orphaned and is not receiving updates. Could someone update this package or remove the package from the repos?

EPEL-6 - 0.8.8.3
EPEL-5 - 0.8.7


retired and builds untagged

retired and builds untagged

the package removal has broken dependencies for qmmp and xine-lib and users seem to be missing libmodplug too (see bug #1128121)

the package removal has broken dependencies for qmmp and xine-lib and users seem to be missing libmodplug too (see bug #1128121)

as agreed on epel-devel, I've rebased the package and prepared the update:
https://admin.fedoraproject.org/updates/libmodplug-0.8.8.5-1.el6

as per https://fedoraproject.org/wiki/Orphaned_package_that_need_new_maintainers now it should be requested to unblock it, so ... I'd like to request it

"In this request, please post a link to the completed re-review."
- re-review was not done as the package is still in Fedora ("To unretire a EPEL branch if the package is still in Fedora, no re-review is required."); the cvs request bug is 1133548

this is just EL6, I'm not going to revive the EL5 version

as agreed on epel-devel, I've rebased the package and prepared the update:
https://admin.fedoraproject.org/updates/libmodplug-0.8.8.5-1.el6

as per https://fedoraproject.org/wiki/Orphaned_package_that_need_new_maintainers now it should be requested to unblock it, so ... I'd like to request it

"In this request, please post a link to the completed re-review."
- re-review was not done as the package is still in Fedora ("To unretire a EPEL branch if the package is still in Fedora, no re-review is required."); the cvs request bug is 1133548

this is just EL6, I'm not going to revive the EL5 version

FYI: I unblocked it already. Otherwise building would fail already. Thank you for taking care of this.

FYI: I unblocked it already. Otherwise building would fail already. Thank you for taking care of this.

Metadata Update from @sparks:
- Issue set to the milestone: Fedora 20 Final

2 years ago

Login to comment on this ticket.

Metadata