ELOG

Demo Discussion

Forum Config Examples Contributions Vulnerabilities

Discussion forum about ELOG

Not logged in

Back | Find | Login | Help

custom css not loaded, posted by Laurent Jean-Rigaud on Fri Dec 2 14:02:49 2022

Re: custom css not loaded, posted by Laurent Jean-Rigaud on Fri Dec 2 14:44:46 2022

remove elog from EPEL and Fedora., posted by Konstantin Olchanski on Mon Dec 5 04:15:17 2022

remove elog from EPEL and Fedora., posted by Germano Massullo on Tue Dec 20 17:37:42 2022

Message ID: 69592 Entry time: Tue Dec 20 17:37:42 2022 In reply to: 69591

Icon:

Author:

Germano Massullo

Author Email:

germano.massullo@cern.ch

Category:

Bug report

OS:

Linux

ELOG Version:

3.14 EL7 EPEL

Subject:

remove elog from EPEL and Fedora.

> > elogd binary from EPEL
> 
> thank you for bringing this up to our attention. we recently went through this with debian and ubuntu. the elog package was severely out of date and 
> did not include the security patches that went it right before covid started in the Winter of 2020.
> 
> the elogd package in EPEL7 is insecure and should not be used. (I see it is removed from EPEL8, EPEL9 and current Fedora).
> 
> I will have to contact EPEL maintainers to have it removed from EPEL7 (or at least to have it marked as "insecure, do not use").
> 
> https://dl.fedoraproject.org/pub/epel/7/SRPMS/Packages/e/elog-3.1.4-1.20190113git283534d97d5a.el7.src.rpm
> 
> https://packages.fedoraproject.org/pkgs/elog/elog/
> https://packages.fedoraproject.org/pkgs/elog/elog/fedora-35.html
> https://packages.fedoraproject.org/pkgs/elog/elog/epel-7.html
> 
> note in the changelog "Update to post-release snapshot of 3.1.4. - Fix several security issues."
> 
> K.O.


Good day, elog has never been retired in EPEL 7. It is still there
https://src.fedoraproject.org/rpms/elog/tree/epel7

I am pretty sure because I am a Fedora/RHEL package maintainer and a retired package should contain in its Git branch only a file named "dead.package"

ELOG V3.1.5-fe60aaf