libmodplug orphaned for real in EPEL
Ville Skyttä
ville.skytta at iki.fi
Thu May 19 19:45:33 UTC 2011
Hello,
libmodplug has been orphaned in EPEL already for a long time. Until now
I have been looking after it there (co-maintaining with the orphan
owner), but because I don't use it on any EL boxes and because there
doesn't seem to be anyone interested in giving feedback even for
security fixes in it, I have now disassociated myself with the EPEL
branches for it in pkgdb and have no plans to touch it in EPEL any longer.
If you're interested, go grab it. There are some security updates in
testing waiting for feedback:
EL-6, CVE-2011-1574, CVE-2011-1761:
https://admin.fedoraproject.org/updates/libmodplug-0.8.8.3-2.el6
EL-5, CVE-2011-1574:
https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.el5
Note that the EL-5 update does not address CVE-2011-1761 which is fixed
in upstream version 0.8.8.3. Updating to it in EL-5 is not an option
I'd consider because it involves a soname bump compared to 0.8.7.
There's a bunch of changes that fix the issue in upstream git between
0.8.8.2 and 0.8.8.3 that I suppose would be backportable to 0.8.7
without causing ABI compatibility issues.
More information about the epel-devel-list
mailing list