January 2023 - Epel-packagers-sig - Fedora Mailing-Lists

[Bug 2125190] New: [abrt] meld: help_callback(): meldapp.py:128:help_callback:gi.repository.GLib.GError: g-io-error-quark: The specified location is not supported (15)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2125190 Bug ID: 2125190 Summary: [abrt] meld: help_callback(): meldapp.py:128:help_callback:gi.repository.GLib.GError : g-io-error-quark: The specified location is not supported (15) Product: Fedora Version: 36 Hardware: x86_64 Status: NEW Whiteboard: abrt_hash:35a101c398ed0ff4b5936242a2309884d9ef9336; Component: meld Assignee: dmaphy(a)fedoraproject.org Reporter: ilaurie(a)bigpond.net.au QA Contact: extras-qa(a)fedoraproject.org CC: cwickert(a)fedoraproject.org, dmaphy(a)fedoraproject.org, epel-packagers-sig(a)lists.fedoraproject.org, lkundrak(a)v3.sk, michel(a)michel-slm.name, oliver(a)linux-kernel.at Target Milestone: --- Classification: Fedora Description of problem: Selected "Help" from the menu. Version-Release number of selected component: meld-3.22.0-1.fc36 Additional info: reporter: libreport-2.17.2 cgroup: 0::/user.slice/user-1000.slice/session-2.scope cmdline: /usr/bin/python3 /usr/bin/meld crash_function: help_callback exception_type: gi.repository.GLib.GError executable: /usr/bin/meld interpreter: python3-3.10.6-1.fc36.x86_64 kernel: 5.19.7-200.fc36.x86_64 runlevel: N 5 type: Python3 uid: 1000 Truncated backtrace: meldapp.py:128:help_callback:gi.repository.GLib.GError: g-io-error-quark: The specified location is not supported (15) Traceback (most recent call last): File "/usr/lib/python3.10/site-packages/meld/meldapp.py", line 128, in help_callback Gtk.show_uri( gi.repository.GLib.GError: g-io-error-quark: The specified location is not supported (15) Local variables in innermost frame: self: <meldapp.MeldApp object at 0x7f8f2e558740 (meld+meldapp+MeldApp at 0x55e5c654c210)> action: <Gio.SimpleAction object at 0x7f8f286ef9c0 (GSimpleAction at 0x55e5c6a26c50)> parameter: None uri: 'help:meld' -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2125190

11 months, 4 weeks

1
5
0 / 0

[Bug 2092724] New: CVE-2022-21681 thrift: marked: regular expression inline.reflinkSearch may lead Denial of Service [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2092724 Bug ID: 2092724 Summary: CVE-2022-21681 thrift: marked: regular expression inline.reflinkSearch may lead Denial of Service [fedora-all] Product: Fedora Version: 36 Status: NEW Component: thrift Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: ctubbsii(a)fedoraproject.org Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: ctubbsii(a)fedoraproject.org, epel-packagers-sig(a)lists.fedoraproject.org, milleruntime(a)gmail.com, orion(a)nwra.com, willb(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2092724

11 months, 4 weeks

1
4
0 / 0

[Bug 2090581] New: CVE-2022-21680 thrift: marked: regular expression block.def may lead Denial of Service [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2090581 Bug ID: 2090581 Summary: CVE-2022-21680 thrift: marked: regular expression block.def may lead Denial of Service [fedora-all] Product: Fedora Version: 36 Status: NEW Component: thrift Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: ctubbsii(a)fedoraproject.org Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: ctubbsii(a)fedoraproject.org, epel-packagers-sig(a)lists.fedoraproject.org, milleruntime(a)gmail.com, orion(a)nwra.com, willb(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2090581

11 months, 4 weeks

1
4
0 / 0

[Bug 2135230] New: CVE-2021-36369 dropbear: <net-misc/dropbear-2022.82: forwarded agent abuse [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2135230 Bug ID: 2135230 Summary: CVE-2021-36369 dropbear: <net-misc/dropbear-2022.82: forwarded agent abuse [fedora-all] Product: Fedora Version: 36 Status: NEW Component: dropbear Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: buytenh(a)wantstofly.org Reporter: mrehak(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: buytenh(a)wantstofly.org, cickumqt(a)gmail.com, daniellarasouza(a)yahoo.com.br, epel-packagers-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2135230

11 months, 4 weeks

1
4
0 / 0

[Bug 2141521] New: python-shortuuid-1.0.10 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2141521 Bug ID: 2141521 Summary: python-shortuuid-1.0.10 is available Product: Fedora Version: rawhide Status: NEW Component: python-shortuuid Keywords: FutureFeature, Triaged Assignee: michel(a)michel-slm.name Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name, ngompa13(a)gmail.com, python-packagers-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 1.0.10 Upstream release that is considered latest: 1.0.10 Current version/release in rawhide: 1.0.9-1.fc38 URL: https://github.com/stochastic-technologies/shortuuid/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/12823/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-shortuuid -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2141521

12 months

1
11
0 / 0

[Bug 2093358] New: CVE-2021-46790 ntfs-3g: heap-based buffer overflow in ntfsck

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2093358 Bug ID: 2093358 Summary: CVE-2021-46790 ntfs-3g: heap-based buffer overflow in ntfsck Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: ddepaula(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, jferlan(a)redhat.com, kparal(a)redhat.com, ngompa13(a)gmail.com, rjones(a)redhat.com, spotrh(a)gmail.com, virt-maint(a)redhat.com Target Milestone: --- Classification: Other ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. References: https://github.com/tuxera/ntfs-3g/issues/16 http://www.openwall.com/lists/oss-security/2022/05/26/1 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093358

1 year

1
16
0 / 0

[Bug 2093348] New: CVE-2022-30789 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2093348 Bug ID: 2093348 Summary: CVE-2022-30789 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: ddepaula(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, jferlan(a)redhat.com, kparal(a)redhat.com, ngompa13(a)gmail.com, rjones(a)redhat.com, spotrh(a)gmail.com, virt-maint(a)redhat.com Target Milestone: --- Classification: Other A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. References: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x https://github.com/tuxera/ntfs-3g/releases -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093348

1 year

1
16
0 / 0

[Bug 2093340] New: CVE-2022-30788 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2093340 Bug ID: 2093340 Summary: CVE-2022-30788 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: ddepaula(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, jferlan(a)redhat.com, kparal(a)redhat.com, ngompa13(a)gmail.com, rjones(a)redhat.com, spotrh(a)gmail.com, virt-maint(a)redhat.com Target Milestone: --- Classification: Other A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. References: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x https://github.com/tuxera/ntfs-3g/releases -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093340

1 year

1
16
0 / 0

[Bug 2093326] New: CVE-2022-30786 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2093326 Bug ID: 2093326 Summary: CVE-2022-30786 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: ddepaula(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, jferlan(a)redhat.com, kparal(a)redhat.com, ngompa13(a)gmail.com, rjones(a)redhat.com, spotrh(a)gmail.com, virt-maint(a)redhat.com Target Milestone: --- Classification: Other A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. References: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x https://github.com/tuxera/ntfs-3g/releases -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093326

1 year

1
16
0 / 0

[Bug 2159621] New: Importing xarray.tests.test_dataset fails

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2159621 Bug ID: 2159621 Summary: Importing xarray.tests.test_dataset fails Product: Fedora Version: rawhide Status: NEW Component: python-xarray Assignee: quantum.analyst(a)gmail.com Reporter: david08741(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, python-packagers-sig(a)lists.fedoraproject.org, quantum.analyst(a)gmail.com Target Milestone: --- Classification: Fedora Description of problem: Running from xarray.tests.test_dataset import create_test_data fails with: missing pytest if only python3-xarray has been installed Once python3-pytest is installed, the error is the following: ImportError while importing test module '/builddir/build/BUILD/xbout-0.3.4/xbout/tests/test_plot.py'. Hint: make sure your test modules/packages have valid Python names. Traceback: /usr/lib64/python3.11/importlib/__init__.py:126: in import_module return _bootstrap._gcd_import(name[level:], package, level) xbout/tests/test_plot.py:8: in <module> from xbout.tests.test_load import bout_xyt_example_files xbout/tests/test_load.py:14: in <module> from xarray.tests.test_dataset import create_test_data /usr/lib/python3.11/site-packages/xarray/tests/test_dataset.py:11: in <module> from pandas.core.computation.ops import UndefinedVariableError E ImportError: cannot import name 'UndefinedVariableError' from 'pandas.core.computation.ops' (/usr/lib64/python3.11/site-packages/pandas/core/computation/ops.py) _________________ ERROR collecting xbout/tests/test_region.py __________________ Version-Release number of selected component (if applicable): 2022.03.0 How reproducible: always Steps to Reproduce: 1. python3 -c "import xarray.tests.test_dataset" Alternatively try to build python-xbout 0.3.4 for rawhide: https://koji.fedoraproject.org/koji/taskinfo?taskID=95936268 Actual results: An ImportError is raised. Presumably that is due to a change in pandas. Expected results: Import works Additional info: This seems to be fixed in 2022.12 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2159621

1 year

1
4
0 / 0

2024

2023

2022

2021

Epel-packagers-sig January 2023