| Summary: | Несколько CVE в RT 4.4.4+: CVE-2022-25802, CVE-2023-41259, CVE-2023-41260 | ||
|---|---|---|---|
| Product: | Sisyphus | Reporter: | Rostislav <ogldelphi> |
| Component: | rt | Assignee: | viy <viy> |
| Status: | RESOLVED FIXED | QA Contact: | qa-sisyphus |
| Severity: | normal | ||
| Priority: | P5 | CC: | akv, amakeenk, lav, viy |
| Version: | unstable | Keywords: | security |
| Hardware: | all | ||
| OS: | Linux | ||
|
Description
Rostislav
2024-02-14 20:44:48 MSK
Сначала нужно обновить в сизифе. rt-4.4.7-alt1 -> sisyphus: Wed Jul 15 2026 Vitaly Lipatov <lav@altlinux.ru> 4.4.7-alt1 - new version 4.4.7 (CVE-2022-25802, CVE-2023-41259, CVE-2023-41260) (closes: #49420) - fix ftbfs: package builds again (closes: #39031) - add BuildRequires: perl(Test/MockTime/HiRes.pm) (new 4.4.7 devel dependency) - filter perl(GraphViz2) from requires; make rt-test-dependencies non-fatal (4.4.7 switched optional graph rendering to GraphViz2, not packaged in Sisyphus) - add Patch6: drop redundant testdeps prerequisite from "make install" (the dep-check already runs non-fatally in %build) - add Patch7: fix rt-setup-database upgrade dir (defaulted to relative "./etc/upgrade"; now uses $RT::EtcPath/upgrade -> /usr/share/rt/upgrade) |