[Bug 481165] Update rt3 to 3.6.7

[bugzilla at redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


https://bugzilla.redhat.com/show_bug.cgi?id=481165





--- Comment #2 from Xavier Bachelot <xavier at bachelot.org>  2009-01-22 11:16:01 EDT ---
(In reply to comment #1)
> If I understand correctly, the vulnerability is in perl-Devel-StackTrace.
> 
> Fedora 9-11 already come with Devel-StackTrace-1.20
> => should not be affected by this vulnerability.

The vulnerability is in Devel::StackTrace, the bells and whistles are in rt3
3.6.7.

> 
> Fedora 10 and 11's rt3 currently is at 3.8.x => should also not be affected.
>
That's why I filed a bug against rt3 F9 too.

> Leaves Fedora 9's rt3, which is at 3.6.6. Upgrading FC9's rt3 to rt-3.8.x is
> hardly possible due to rt once again changed having its database format and
> because there is no known way to automatically reformat the database from
> inside of rpm.
> 
yes, upgrading between major rt3 releases is not possible, at least not
automagically, so no way to do that in a stable release.

> Whether upgrading it to 3.6.7 is possible, needs to be analyzed. I'd rather
> avoid doing so.

There's no database change nor any caveat mentioned in the changelog and we've
successfully done some basic update tests. We've yet to try with a production
database though.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.