https://bugzilla.redhat.com/show_bug.cgi?id=1738968
Bug ID: 1738968
Summary: gimp-layer-via-copy-cut depends on Python 2
Product: Fedora
Version: rawhide
Status: NEW
Component: gimp-layer-via-copy-cut
Assignee: luya_tfz(a)thefinalzone.net
Reporter: lbalhar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: design-devel(a)lists.fedoraproject.org,
luya_tfz(a)thefinalzone.net
Blocks: 1698500 (F31_PY2REMOVAL)
Target Milestone: ---
Classification: Fedora
Python 2.7 will reach end-of-life in January 2020, over 9 years after it was
released. This falls within the Fedora 31 lifetime.
Packages that depend on Python 2 are being switched to Python 3 or removed from
Fedora:
https://fedoraproject.org/wiki/Changes/F31_Mass_Python_2_Package_Removal#In…
Python 2 will be retired in Fedora 32:
https://fedoraproject.org/wiki/Changes/RetirePython2
To help planning, we'd like to know the plans for gimp-layer-via-copy-cut's
future. Specifically:
- What is the reason for the Python2 dependency? (Is it software written in
Python, or does it just provide Python bindings, or use Python in the build
system or test runner?)
- What are the upstream/community plans/timelines regarding Python 3?
- What is the guidance for porting to Python 3? (Assuming that there is someone
who generally knows how to port to Python 3, but doesn't know anything about
the particular package, what are the next steps to take?)
This bug is filed semi-automatically, and might not have all the context
specific to gimp-layer-via-copy-cut.
If you need anything from us, or something is unclear, please mention it here.
Thank you.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1698500
[Bug 1698500] F31 Mass Python 2 Package Removal
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2118559
Bug ID: 2118559
Summary: CVE-2022-2833 blender: Eternal loop in blender
thumbnail extractor
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: saroy(a)redhat.com
CC: code(a)musicinmybrain.net,
design-devel(a)lists.fedoraproject.org,
kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net,
negativo17(a)gmail.com, promac(a)gmail.com
Target Milestone: ---
Classification: Other
source/blender/blendthumb/src/blendthumb_extract.cc
https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512
DDOS
https://developer.blender.org/T99711
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2118559
https://bugzilla.redhat.com/show_bug.cgi?id=2118561
Bug ID: 2118561
Summary: CVE-2022-2833 blender: Eternal loop in blender
thumbnail extractor [epel-7]
Product: Fedora EPEL
Version: epel7
Status: NEW
Component: blender
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: negativo17(a)gmail.com
Reporter: saroy(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: code(a)musicinmybrain.net,
design-devel(a)lists.fedoraproject.org,
kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net,
negativo17(a)gmail.com, promac(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2118561
https://bugzilla.redhat.com/show_bug.cgi?id=2118558
Bug ID: 2118558
Summary: CVE-2022-2832 blender: Null pointer reference in
blender thumbnail extractor [epel-7]
Product: Fedora EPEL
Version: epel7
Status: NEW
Component: blender
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: negativo17(a)gmail.com
Reporter: saroy(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: code(a)musicinmybrain.net,
design-devel(a)lists.fedoraproject.org,
kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net,
negativo17(a)gmail.com, promac(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2118558
https://bugzilla.redhat.com/show_bug.cgi?id=2118555
Bug ID: 2118555
Summary: CVE-2022-2831 blender: Integer Overflow in blender
thumbnail extractor [epel-7]
Product: Fedora EPEL
Version: epel7
Status: NEW
Component: blender
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: negativo17(a)gmail.com
Reporter: saroy(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: code(a)musicinmybrain.net,
design-devel(a)lists.fedoraproject.org,
kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net,
negativo17(a)gmail.com, promac(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2118555
https://bugzilla.redhat.com/show_bug.cgi?id=2118560
Bug ID: 2118560
Summary: CVE-2022-2833 blender: Eternal loop in blender
thumbnail extractor [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: blender
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: luya_tfz(a)thefinalzone.net
Reporter: saroy(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: code(a)musicinmybrain.net,
design-devel(a)lists.fedoraproject.org,
kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net,
negativo17(a)gmail.com, promac(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2118560
https://bugzilla.redhat.com/show_bug.cgi?id=2118557
Bug ID: 2118557
Summary: CVE-2022-2832 blender: Null pointer reference in
blender thumbnail extractor [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: blender
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: luya_tfz(a)thefinalzone.net
Reporter: saroy(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: code(a)musicinmybrain.net,
design-devel(a)lists.fedoraproject.org,
kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net,
negativo17(a)gmail.com, promac(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2118557
https://bugzilla.redhat.com/show_bug.cgi?id=2118554
Bug ID: 2118554
Summary: CVE-2022-2831 blender: Integer Overflow in blender
thumbnail extractor [fedora-all]
Product: Fedora
Version: 36
Status: NEW
Component: blender
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: luya_tfz(a)thefinalzone.net
Reporter: saroy(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: code(a)musicinmybrain.net,
design-devel(a)lists.fedoraproject.org,
kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net,
negativo17(a)gmail.com, promac(a)gmail.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2118554