[Bug 1747737] packages with conflicts
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1747737
Jens Petersen <petersen(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|unspecified |high
Assignee|petersen(a)redhat.com |vvijayra(a)redhat.com
Severity|unspecified |high
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 7 months
[Bug 1747737] packages with conflicts
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1747737
Michal Jaegermann <michal.jnn(a)gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |michal.jnn(a)gmail.com
--- Comment #8 from Michal Jaegermann <michal.jnn(a)gmail.com> ---
Not that surprisingly the same problem hits liberation-fonts-2.00.3-1.fc29 as
well. This cannot be installed even with '--allowerasing' present.
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 7 months
[Bug 1741802] New: CVE-2015-9290 freetype: buffer over-read in
function T1_Get_Private_Dict in type1/t1parse.c
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1741802
Bug ID: 1741802
Summary: CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: ajax(a)redhat.com, caillon+fedoraproject(a)gmail.com,
dblechte(a)redhat.com, dfediuck(a)redhat.com,
eedri(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org,
gnome-sig(a)lists.fedoraproject.org,
john.j5live(a)gmail.com, kevin(a)tigcc.ticalc.org,
mclasen(a)redhat.com, mgoldboi(a)redhat.com,
michal.skrivanek(a)redhat.com, mkasik(a)redhat.com,
rhughes(a)redhat.com, rstrode(a)redhat.com,
sandmann(a)redhat.com, sbonazzo(a)redhat.com,
sherold(a)redhat.com, yturgema(a)redhat.com
Target Milestone: ---
Classification: Other
A vulnerability was found in FreeType before 2.6.1, a buffer over-read occurs
in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that
the new values of cur and limit are sensible before going to Again.
Reference:
https://savannah.nongnu.org/bugs/?45923
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/src/type1/...
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 7 months
[Bug 1741803] New: CVE-2015-9290 freetype: buffer over-read in
function T1_Get_Private_Dict in type1/t1parse.c [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1741803
Bug ID: 1741803
Summary: CVE-2015-9290 freetype: buffer over-read in function
T1_Get_Private_Dict in type1/t1parse.c [fedora-all]
Product: Fedora
Version: 30
Status: NEW
Component: freetype
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mkasik(a)redhat.com
Reporter: darunesh(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: ajax(a)redhat.com, caillon+fedoraproject(a)gmail.com,
fonts-bugs(a)lists.fedoraproject.org,
gnome-sig(a)lists.fedoraproject.org,
john.j5live(a)gmail.com, kevin(a)tigcc.ticalc.org,
mclasen(a)redhat.com, mkasik(a)redhat.com,
rhughes(a)redhat.com, rstrode(a)redhat.com,
sandmann(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 7 months
[Bug 1747737] packages with conflicts
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1747737
--- Comment #7 from Edouard Bourguignon <madko(a)linuxed.net> ---
same here if wine is installed can't upgrade without error:
LANG=C dnf --version
4.2.7
Installed: dnf-0:4.2.7-2.fc30.noarch at Sat Aug 24 12:35:09 2019
Built : Fedora Project at Tue Jul 23 07:10:30 2019
Installed: rpm-0:4.14.2.1-5.fc30.x86_64 at Sun Sep 1 09:32:22 2019
Built : Fedora Project at Thu Aug 29 10:46:16 2019
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 7 months
[Bug 1747737] packages with conflicts
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1747737
--- Comment #6 from Donald O'Dona <thomas.paulsen(a)firemail.de> ---
env LANGUAGE=en dnf --version
4.2.7
Installed: dnf-0:4.2.7-2.fc30.noarch at Tue 30 Jul 2019 10:59:54 AM GMT
Built : Fedora Project at Tue 23 Jul 2019 07:10:30 AM GMT
Installed: rpm-0:4.14.2.1-5.fc30.x86_64 at Mon 02 Sep 2019 05:26:38 AM GMT
Built : Fedora Project at Thu 29 Aug 2019 10:46:16 AM GMT
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 7 months
[Bug 1747737] packages with conflicts
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1747737
--- Comment #5 from Yaroslav Sidlovsky <zawertun(a)gmail.com> ---
$ env LANGUAGE=en dnf --version
0.3s (0) 11:19:58
4.2.7
Installed: dnf-0:4.2.7-2.fc30.noarch at Вт 30 июл 2019 09:40:08
Built : Fedora Project at Вт 23 июл 2019 07:10:30
Installed: rpm-0:4.14.2.1-5.fc30.x86_64 at Пн 02 сен 2019 05:58:34
Built : Fedora Project at Чт 29 авг 2019 10:46:16
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 7 months
[Bug 1747737] packages with conflicts
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1747737
--- Comment #4 from Marek Blaha <mblaha(a)redhat.com> ---
May I ask you what version of dnf are you using?
My first thought was, that the provide/obsolete are missing in newer version by
a mistake. But in liberation-fonts changelog I found:
* Mon Jun 24 2019 Vishal Vijayraghavan <vvijayra AT redhat DOT com> -
1:2.00.5-3
- Resolves: rhbz#1643920: Removed Obsoletes: %{fontname}-narrow-fonts and
Provides: %{fontname}-narrow-fonts macro
- Splitted the font family(mono, sans and serif) into diferrent root font
directories
Now the situation is confusing for the dependency solver:
- given the obsolete/provide in the version
liberation-fonts-1:2.00.5-1.fc30.noarch, this is the best version of
liberation-narrow-fonts package
- at the same time liberation-fonts-1:2.00.5-3.fc30.noarch is the best version
of liberation-fonts
this end in solution where two versions of liberation-fonts are about to be
installed, which is not viable.
I'm not sure how to solve this situation, but better workaround at the moment
is not to use versionlock (as I recommended in comment#1), but exclude
liberation-fonts-1:2.00.5-1.fc30.noarch package. E.g. adding
excludepkgs=liberation-fonts-1:2.00.5-1.fc30.noarch
line into [main] section of /etc/dnf/dnf.conf
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 7 months
[Bug 1747737] packages with conflicts
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1747737
--- Comment #3 from Donald O'Dona <thomas.paulsen(a)firemail.de> ---
# dnf update
skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
liberation-fonts noarch 1:2.00.5-1.fc30 fedora 8.0 k
# dnf update --best --allowerasing liberation-fonts
Last metadata expiration check: 0:59:12 ago on Mon 02 Sep 2019 08:01:11 AM
CEST.
Error:
Problem: cannot install the best update candidate for package
liberation-fonts-1:2.00.5-3.fc30.noarch
- cannot install both liberation-fonts-1:2.00.5-1.fc30.noarch and
liberation-fonts-1:2.00.5-3.fc30.noarch
- problem with installed package liberation-narrow-fonts-1.07.6-1.fc30.noarch
- cannot install the best update candidate for package
liberation-narrow-fonts-1.07.6-1.fc30.noarch
(try to add '--skip-broken' to skip uninstallable packages)
# dnf update --best --allowerasing liberation-fonts --skip-broken
Error:
Problem: cannot install the best update candidate for package
liberation-fonts-1:2.00.5-3.fc30.noarch
- cannot install both liberation-fonts-1:2.00.5-1.fc30.noarch and
liberation-fonts-1:2.00.5-3.fc30.noarch
- problem with installed package liberation-narrow-fonts-1.07.6-1.fc30.noarch
- cannot install the best update candidate for package
liberation-narrow-fonts-1.07.6-1.fc30.noarch
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 7 months