July 2022 - i18n-bugs - Fedora Mailing-Lists

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 Bug 2105075 depends on bug 2110848, which changed state. Bug 2110848 Summary: CVE-2022-31129 python-ipyparallel: moment: inefficient parsing algorithim resulting in DoS [fedora-35] https://bugzilla.redhat.com/show_bug.cgi?id=2110848 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2104219] New: adapt gettext to removal of java on i686

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2104219 Bug ID: 2104219 Summary: adapt gettext to removal of java on i686 Product: Fedora Version: rawhide Status: NEW Component: gettext Severity: high Assignee: suanand(a)redhat.com Reporter: jvanek(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dueno(a)redhat.com, i18n-bugs(a)lists.fedoraproject.org, java-maint-sig(a)lists.fedoraproject.org, jhuttana(a)redhat.com, jjanco(a)redhat.com, jvanek(a)redhat.com, nphilipp(a)redhat.com, petersen(a)redhat.com, pmikova(a)redhat.com, praiskup(a)redhat.com, sgehwolf(a)redhat.com, suanand(a)redhat.com, zzambers(a)redhat.com Blocks: 2083750 Target Milestone: --- Classification: Fedora Dear maintainer, we are going to drop i686 java-openjdk packages in f37 - https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs Your package (maybe jsut some subpakcage) is transitively affected by this change: gettext<-git<-subversion<-java-11-openjdk-devel gettext<-git<-subversion<-junit<-java-17-openjdk-headless gettext<-git<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-perl-Git<-git<-subversion<-java-11-openjdk-devel gettext<-git<-acl<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-emacs<-webkit2gtk3<-git<-subversion<-java-11-openjdk-devel gettext<-git<-subversion<-junit<-hamcrest<-java-17-openjdk-headless gettext<-git<-gawk<-git<-subversion<-junit<-java-17-openjdk-headless gettext<-git<-tar<-acl<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-gawk<-git<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-subversion<-ruby<-git<-subversion<-java-11-openjdk-devel gettext<-git<-gawk<-ghostscript<-git<-subversion<-java-11-openjdk-devel gettext<-emacs<-libxcb<-doxygen<-git<-subversion<-java-11-openjdk-devel gettext<-emacs<-libselinux<-ruby<-git<-subversion<-java-11-openjdk-devel gettext<-git<-perl-Git<-git<-subversion<-junit<-java-17-openjdk-headless gettext<-git<-perl-Git<-git<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-emacs<-alsa-lib<-doxygen<-git<-subversion<-java-11-openjdk-devel gettext<-git<-gawk<-git<-perl-Git<-git<-subversion<-java-11-openjdk-devel gettext<-emacs<-webkit2gtk3<-ruby<-git<-subversion<-java-11-openjdk-devel gettext<-git<-acl<-gawk<-git<-subversion<-junit<-java-17-openjdk-headless gettext<-git<-gawk<-git<-acl<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-acl<-gawk<-git<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-cvs<-krb5-libs<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-gnupg2<-libksba<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-sed<-libselinux<-ruby<-git<-subversion<-java-11-openjdk-devel gettext<-git<-tar<-libselinux<-ruby<-git<-subversion<-java-11-openjdk-devel gettext<-git<-subversion<-swig<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-acl<-gawk<-ghostscript<-git<-subversion<-java-11-openjdk-devel gettext<-emacs<-gpm-devel<-gpm<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-subversion<-swig<-R-devel<-R-java-devel<-java-17-openjdk-devel gettext<-git<-perl-Git<-git<-perl-Git<-git<-subversion<-java-11-openjdk-devel gettext<-git<-gnupg2<-libassuan<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-gnupg2<-libgcrypt<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-emacs<-gnupg2<-libksba<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-emacs<-webkit2gtk3<-git<-subversion<-junit<-java-17-openjdk-headless gettext<-texlive-xetex<-libpaper<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-emacs<-libselinux<-swig<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-emacs<-libselinux<-swig<-R-devel<-R-java-devel<-java-17-openjdk-devel gettext<-emacs<-webkit2gtk3<-git<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-tar<-acl<-gawk<-git<-subversion<-junit<-java-17-openjdk-headless gettext<-emacs<-libxcb<-graphviz<-R-devel<-R-java-devel<-java-17-openjdk-devel gettext<-git<-acl<-gawk<-git<-perl-Git<-git<-subversion<-java-11-openjdk-devel gettext<-git<-cvs<-krb5-libs<-libverto<-git<-subversion<-java-11-openjdk-devel gettext<-git<-subversion<-swig<-octave-devel<-octave<-java-17-openjdk-headless gettext<-git<-gawk<-git<-subversion<-junit<-hamcrest<-java-17-openjdk-headless gettext<-emacs<-libxcb<-graphviz<-ruby<-git<-subversion<-java-11-openjdk-devel gettext<-git<-perl-Git<-git<-acl<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-git<-gawk<-git<-tar<-acl<-gawk<-git<-subversion<-java-11-openjdk-devel gettext<-emacs<-libxcb<-graphviz<-ocaml<-git<-subversion<-java-11-openjdk-devel gettext<-git<-gawk<-git<-gawk<-git<-subversion<-junit<-java-17-openjdk-headless Shown 50 from 2187 This package was selected as one of the most crucial, which when missing, will burn distro down. Please take care, and adapt your package to exclude java on i686. For your convenience, there was added macro %{java_arches}, including all arches java is available on, which you can use to ifarch-out java specific features out in i686 (on non-java arches). Although for plain java package, the change is as simple as https://src.fedoraproject.org/rpms/maven/c/520942645bfd1e4721dacd536a6ccb..., you can not use it. The ExclusiveArch: %{java_arches} is not going to work for you, because your package is not simple java application, and also non-java world depends on it (even if you are one of dozen noarchs in this set) See exemplar PR: https://src.fedoraproject.org/rpms/graphviz/pull-request/9#request_diff See more details eg in:: https://bugzilla.redhat.com/show_bug.cgi?id=2102298 See why in : https://pagure.io/fesco/issue/2772 Please read carefully proposal: https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs Please see tracking bug for most up to date informations: https://bugzilla.redhat.com/show_bug.cgi?id=2083750 (note, that direct dependencies are already work in progress - native reported and worked on, noarch ones autoadjusted) I'm terribly sorry to report this bug so late in f37 lifecycle. If you can, please handle this with priority. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2083750 [Bug 2083750] Drop i686 builds of jdk8,11,17 and latest (18) rpms from f37 onwards -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2104219

1 year, 10 months

1
4
0 / 0

[Bug 2104215] New: adapt fontconfig to removal of java on i686

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2104215 Bug ID: 2104215 Summary: adapt fontconfig to removal of java on i686 Product: Fedora Version: rawhide Status: NEW Component: fontconfig Severity: high Assignee: tagoh(a)redhat.com Reporter: jvanek(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: ajax(a)redhat.com, caillon+fedoraproject(a)gmail.com, fonts-bugs(a)lists.fedoraproject.org, gnome-sig(a)lists.fedoraproject.org, i18n-bugs(a)lists.fedoraproject.org, java-maint-sig(a)lists.fedoraproject.org, jhuttana(a)redhat.com, jvanek(a)redhat.com, mclasen(a)redhat.com, pmikova(a)redhat.com, pnemade(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com, sgehwolf(a)redhat.com, tagoh(a)redhat.com, zzambers(a)redhat.com Blocks: 2083750 Target Milestone: --- Classification: Fedora Dear maintainer, we are going to drop i686 java-openjdk packages in f37 - https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs Your package (maybe jsut some subpakcage) is transitively affected by this change: fontconfig<-docbook-utils<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-subversion<-junit<-java-17-openjdk-headless fontconfig<-docbook-utils<-gawk<-git<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-ghostscript<-git<-subversion<-java-11-openjdk-devel fontconfig<-coreutils-single<-libselinux<-ruby<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-perl-Git<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-acl<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils-pdf<-docbook-utils<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-elinks<-krb5-libs<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-subversion<-junit<-hamcrest<-java-17-openjdk-headless fontconfig<-coreutils-single<-libselinux<-swig<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-tar<-acl<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-w3m<-gpm-devel<-gpm<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-gawk<-git<-subversion<-junit<-java-17-openjdk-headless fontconfig<-coreutils-single<-libselinux<-swig<-R-devel<-R-java-devel<-java-17-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-gawk<-git<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-elinks<-krb5-libs<-libverto<-git<-subversion<-java-11-openjdk-devel fontconfig<-coreutils-single<-libselinux<-swig<-octave-devel<-octave<-java-17-openjdk-headless fontconfig<-docbook-utils<-gawk<-ghostscript<-git<-subversion<-junit<-java-17-openjdk-headless fontconfig<-docbook-utils<-gawk<-git<-subversion<-ruby<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-ghostscript<-git<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-gawk<-ghostscript<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-elinks<-gpm-devel<-gpm<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-perl-Git<-git<-subversion<-junit<-java-17-openjdk-headless fontconfig<-coreutils-single<-libselinux<-ruby<-git<-subversion<-junit<-java-17-openjdk-headless fontconfig<-coreutils-single<-libselinux<-ruby<-git<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-gawk<-git<-perl-Git<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-acl<-gawk<-git<-subversion<-junit<-java-17-openjdk-headless fontconfig<-docbook-utils<-gawk<-git<-perl-Git<-git<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-cvs<-krb5-libs<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-coreutils-single<-libselinux<-ruby-devel<-ruby<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-ghostscript<-git<-perl-Git<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-gnupg2<-libksba<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-sed<-libselinux<-ruby<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-tar<-libselinux<-ruby<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-ghostscript<-libgs<-libijs<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-subversion<-swig<-R-devel<-R-java-devel<-java-17-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-subversion<-swig<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-freetype<-harfbuzz<-gtk-doc<-docbook-utils<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-acl<-gawk<-ghostscript<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils-pdf<-docbook-utils<-gawk<-git<-subversion<-junit<-java-17-openjdk-headless fontconfig<-docbook-utils<-gawk<-ghostscript<-git<-acl<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-elinks<-krb5-libs<-gawk<-git<-subversion<-junit<-java-17-openjdk-headless fontconfig<-docbook-utils<-gawk<-git<-gnupg2<-libassuan<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-elinks<-krb5-libs<-gawk<-git<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-perl-Git<-git<-perl-Git<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-git<-gnupg2<-libgcrypt<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils-pdf<-docbook-utils<-gawk<-git<-gawk<-git<-subversion<-java-11-openjdk-devel fontconfig<-coreutils-single<-libselinux<-ruby<-git<-perl-Git<-git<-subversion<-java-11-openjdk-devel fontconfig<-docbook-utils<-gawk<-bison<-gnupg2<-libksba<-gawk<-git<-subversion<-java-11-openjdk-devel Shown 50 from 282 This package was selected as one of the most crucial, which when missing, will burn distro down. Please take care, and adapt your package to exclude java on i686. For your convenience, there was added macro %{java_arches}, including all arches java is available on, which you can use to ifarch-out java specific features out in i686 (on non-java arches). Although for plain java package, the change is as simple as https://src.fedoraproject.org/rpms/maven/c/520942645bfd1e4721dacd536a6ccb..., you can not use it. The ExclusiveArch: %{java_arches} is not going to work for you, because your package is not simple java application, and also non-java world depends on it (even if you are one of dozen noarchs in this set) See exemplar PR: https://src.fedoraproject.org/rpms/graphviz/pull-request/9#request_diff See more details eg in:: https://bugzilla.redhat.com/show_bug.cgi?id=2102298 See why in : https://pagure.io/fesco/issue/2772 Please read carefully proposal: https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs Please see tracking bug for most up to date informations: https://bugzilla.redhat.com/show_bug.cgi?id=2083750 (note, that direct dependencies are already work in progress - native reported and worked on, noarch ones autoadjusted) I'm terribly sorry to report this bug so late in f37 lifecycle. If you can, please handle this with priority. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2083750 [Bug 2083750] Drop i686 builds of jdk8,11,17 and latest (18) rpms from f37 onwards -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2104215

1 year, 10 months

1
1
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 --- Doc Text *updated* by RaTasha Tillery-Smith <rtillery(a)redhat.com> --- A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 Bug 2105075 depends on bug 2110850, which changed state. Bug 2110850 Summary: CVE-2022-31129 cldr-emoji-annotation: moment: inefficient parsing algorithim resulting in DoS [fedora-36] https://bugzilla.redhat.com/show_bug.cgi?id=2110850 What |Removed |Added ---------------------------------------------------------------------------- Status|VERIFIED |CLOSED Resolution|--- |WORKSFORME -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2110850] New: CVE-2022-31129 cldr-emoji-annotation: moment: inefficient parsing algorithim resulting in DoS [fedora-36]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2110850 Bug ID: 2110850 Summary: CVE-2022-31129 cldr-emoji-annotation: moment: inefficient parsing algorithim resulting in DoS [fedora-36] Product: Fedora Version: 36 Status: NEW Component: cldr-emoji-annotation Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: tfujiwar(a)redhat.com Reporter: ahanwate(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: i18n-bugs(a)lists.fedoraproject.org, tfujiwar(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-36. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2110850

1 year, 10 months

1
8
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 Bug 2105075 depends on bug 2110849, which changed state. Bug 2110849 Summary: CVE-2022-31129 workrave: moment: inefficient parsing algorithim resulting in DoS [fedora-35] https://bugzilla.redhat.com/show_bug.cgi?id=2110849 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 Bug 2105075 depends on bug 2110854, which changed state. Bug 2110854 Summary: CVE-2022-31129 workrave: moment: inefficient parsing algorithim resulting in DoS [fedora-36] https://bugzilla.redhat.com/show_bug.cgi?id=2110854 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |NOTABUG -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 --- Doc Text *updated* by Avinash Hanwate <ahanwate(a)redhat.com> --- A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to (Re)DoS attacks. The highest threat from this vulnerability is system availability. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

[Bug 2105075] CVE-2022-31129 moment: inefficient parsing algorithim resulting in DoS

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2105075 --- Comment #24 from Avinash Hanwate <ahanwate(a)redhat.com> --- Created cldr-emoji-annotation tracking bugs for this issue: Affects: fedora-36 [bug 2110850] Created couchdb tracking bugs for this issue: Affects: fedora-35 [bug 2110846] Created golang-github-apache-beam-2 tracking bugs for this issue: Affects: fedora-35 [bug 2110847] Affects: fedora-36 [bug 2110851] Created python-ipyparallel tracking bugs for this issue: Affects: fedora-35 [bug 2110848] Affects: fedora-36 [bug 2110852] Created subscription-manager-cockpit tracking bugs for this issue: Affects: fedora-36 [bug 2110853] Created syncthing tracking bugs for this issue: Affects: epel-8 [bug 2110845] Created workrave tracking bugs for this issue: Affects: fedora-35 [bug 2110849] Affects: fedora-36 [bug 2110854] -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2105075

1 year, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

i18n-bugs July 2022