Please only post in english as this is an english forum, thanks.
Also crossposting is pretty much disregarded. You already discussed the same question previously today via mail to a huge number of Mageia mail distribution lists.
What do you expect asking this here in parallel?
regisb wrote:This security issue is critical because it potentially permit taking control of a vulnerable computer when it is simply doing a DNS request.
That's quite a bit oversimplified, to say the least. Basically, one would have to be able to force a client to process malicious DNS replies (presumably from malicious DNS servers)
You might want to read on some of the details and requirements, e.g. at
http://arstechnica.com/security/2016/02 ... ulnerable/regisb wrote:Most Linux distribution promptly published a package update to correct the issue. This is not the case for Mageia today. What is the reason ? When can we expect an update ?
Because Mageia is made of contributors who work on it in their free time, and for some packages the necessary maintainers might not be available 24x7,
you may imagine many also have some kind of dayjob, family and other appointments beside Mageia. Also glibc is a pretty critical package and cannot be feasibly updated by just any packager.
And furthermore, all our security and bugfix updates have to undergo extensive testing by our QA team, and in the past when other distributions quickly rushed some fixes for some overhyped vulnerabilities,
our QA team found weaknesses or regressions with the fixed packages, which other distributions blindly shipped quickly. Depends what you want, if you only want really fast and blindly rushed updates for such critical issues with no thorough testing, maybe you should consider another distribution.
Back on topic, for cauldron a fix has already been pushed, progress for Mageia 5 via
https://bugs.mageia.org/show_bug.cgi?id=17394