[Bug 1074648] New: CVE-2014-2240 mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() [fedora-20]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1074648
Bug ID: 1074648
Summary: CVE-2014-2240 mingw-freetype: freetype: OOB
stack-based read/write in cf2_hintmap_build()
[fedora-20]
Product: Fedora
Version: 20
Component: mingw-freetype
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: rjones(a)redhat.com
Reporter: vdanen(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com
Blocks: 1074646 (CVE-2014-2240)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-20 tracking bug for mingw-freetype: see blocks bug list for full details
of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1074646
[Bug 1074646] CVE-2014-2240 freetype: OOB stack-based read/write in
cf2_hintmap_build()
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zK27i6Rkr1&a=cc_unsubscribe
9 years, 11 months
[Bug 1074649] New: CVE-2014-2240 mingw-freetype: freetype: OOB stack-based read/write in cf2_hintmap_build() [fedora-19]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1074649
Bug ID: 1074649
Summary: CVE-2014-2240 mingw-freetype: freetype: OOB
stack-based read/write in cf2_hintmap_build()
[fedora-19]
Product: Fedora
Version: 19
Component: mingw-freetype
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: rjones(a)redhat.com
Reporter: vdanen(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com
Blocks: 1074646 (CVE-2014-2240)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-19 tracking bug for mingw-freetype: see blocks bug list for full details
of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1074646
[Bug 1074646] CVE-2014-2240 freetype: OOB stack-based read/write in
cf2_hintmap_build()
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=WvLZALxG0Q&a=cc_unsubscribe
9 years, 11 months
[Bug 1043744] New: CVE-2013-6425 mingw-pixman: pixman: integer underflow when handling trapezoids [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1043744
Bug ID: 1043744
Summary: CVE-2013-6425 mingw-pixman: pixman: integer underflow
when handling trapezoids [fedora-all]
Product: Fedora
Version: 19
Component: mingw-pixman
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: rjones(a)redhat.com
Reporter: huzaifas(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
lfarkas(a)lfarkas.org, rjones(a)redhat.com
Blocks: 1037975 (CVE-2013-6425)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1037975
[Bug 1037975] CVE-2013-6425 pixman: integer underflow when handling
trapezoids
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=owlZAibmE1&a=cc_unsubscribe
9 years, 11 months
[Bug 795426] New: cannot link with _ftime_s
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: cannot link with _ftime_s
https://bugzilla.redhat.com/show_bug.cgi?id=795426
Summary: cannot link with _ftime_s
Product: Fedora
Version: rawhide
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: unspecified
Priority: unspecified
Component: mingw32-gcc
AssignedTo: rjones(a)redhat.com
ReportedBy: cfergeau(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: rjones(a)redhat.com, kalevlember(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org
Classification: Fedora
Story Points: ---
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
// $ i686-w64-mingw32-gcc -Wimplicit-function-declaration ./ftime.c
//
// /tmp/ccdYAiqO.o:ftime.c:(.text+0x16): undefined reference to`_imp___ftime_s'
// collect2: error: ld returned 1 exit status
//
// No warning, this means the function is declared in headers (gcc -E shows
// it comes from sec_api/sys/timeb_s.h) but it's not available at link time.
/*
$ rpm -qa mingw32*
mingw32-binutils-2.22.51-3.fc17_cross.x86_64
mingw32-gcc-4.7.0-0.3.20120123.fc16_cross.x86_64
mingw32-filesystem-92-1.fc18_cross.noarch
mingw32-cpp-4.7.0-0.3.20120123.fc16_cross.x86_64
mingw32-headers-2.0.999-0.1.trunk.20120120.fc17_cross.noarch
mingw32-crt-2.0.999-0.3.trunk.20120124.fc17_cross.noarch
mingw32-gcc-c++-4.7.0-0.3.20120123.fc16_cross.x86_64
*/
#include <stdlib.h> // for NULL
#include <sys/timeb.h>
int main(int argc, char **argv)
{
_ftime_s(NULL);
return 0;
}
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
9 years, 11 months
[Bug 1056858] New: CVE-2013-6954 mingw-libpng: libpng: unhandled zero-length PLTE chunk or NULL palette [fedora-19]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1056858
Bug ID: 1056858
Summary: CVE-2013-6954 mingw-libpng: libpng: unhandled
zero-length PLTE chunk or NULL palette [fedora-19]
Product: Fedora
Version: 19
Component: mingw-libpng
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: huzaifas(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com
Blocks: 1045561 (CVE-2013-6954)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-19 tracking bug for mingw-libpng: see blocks bug list for full details
of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1045561
[Bug 1045561] CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or
NULL palette
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Un14vuFRae&a=cc_unsubscribe
9 years, 11 months
[Bug 1070988] New: CVE-2014-0333 mingw-libpng: libpng: denial of service via png_push_read_chunk() [fedora-20]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1070988
Bug ID: 1070988
Summary: CVE-2014-0333 mingw-libpng: libpng: denial of service
via png_push_read_chunk() [fedora-20]
Product: Fedora
Version: 20
Component: mingw-libpng
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: vdanen(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com
Blocks: 1070985 (CVE-2014-0333)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-20 tracking bug for mingw-libpng: see blocks bug list for full details
of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1070985
[Bug 1070985] CVE-2014-0333 libpng: denial of service via
png_push_read_chunk()
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=i3Skr0tvnN&a=cc_unsubscribe
10 years, 1 month
[Bug 1056859] New: CVE-2013-6954 mingw-libpng: libpng: unhandled zero-length PLTE chunk or NULL palette [fedora-20]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1056859
Bug ID: 1056859
Summary: CVE-2013-6954 mingw-libpng: libpng: unhandled
zero-length PLTE chunk or NULL palette [fedora-20]
Product: Fedora
Version: 20
Component: mingw-libpng
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: huzaifas(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com
Blocks: 1045561 (CVE-2013-6954)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
fedora-20 tracking bug for mingw-libpng: see blocks bug list for full details
of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1045561
[Bug 1045561] CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or
NULL palette
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=k5oYmvG6z0&a=cc_unsubscribe
10 years, 1 month
Version Discrepancy Report
by Michael Cronenworth
------------------------------------------
MinGW/native package version discrepancies
------------------------------------------
Fedora N Matches Found: 40
Fedora Rawhide Matches Found: 40
+---------------------------------------------+
| f20 | rawhide | owner |
+-------------------------------+---------------+---------------+-------------+
| cairo | 1.13.1 | 1.13.1 | |
| mingw-cairo | 1.12.16 | 1.12.16 | rjones |
+-------------------------------+---------------+---------------+-------------+
| curl | 7.32.0 | 7.36.0 | |
| mingw-curl | 7.33.0 | 7.33.0 | epienbro |
+-------------------------------+---------------+---------------+-------------+
| cxxtest | 4.3 | 4.3 | |
| mingw-cxxtest | 3.10.1 | 3.10.1 | astokes |
+-------------------------------+---------------+---------------+-------------+
| dbus | | 1.6.18 | |
| mingw-dbus | | 1.6.12 | ivanromanov |
+-------------------------------+---------------+---------------+-------------+
| fftw | 3.3.4 | 3.3.4 | |
| mingw-fftw | 3.3.3 | 3.3.3 | sailer |
+-------------------------------+---------------+---------------+-------------+
| fontconfig | | 2.11.1 | |
| mingw-fontconfig | | 2.11.0 | rjones |
+-------------------------------+---------------+---------------+-------------+
| freeimage | 3.10.0 | 3.10.0 | |
| mingw-freeimage | 3.15.4 | 3.15.4 | smani |
+-------------------------------+---------------+---------------+-------------+
| freetype | 2.5.0 | 2.5.3 | |
| mingw-freetype | 2.5.0.1 | 2.5.0.1 | rjones |
+-------------------------------+---------------+---------------+-------------+
| gdbm | | 1.11 | |
| mingw-gdbm | | 1.10 | rjones |
+-------------------------------+---------------+---------------+-------------+
| giflib | 4.1.6 | 4.1.6 | |
| mingw-giflib | 5.0.5 | 5.0.5 | smani |
+-------------------------------+---------------+---------------+-------------+
| glib-networking | | 2.40.0 | |
| mingw-glib-networking | | 2.38.2 | kalev |
+-------------------------------+---------------+---------------+-------------+
| glibmm24 | | 2.39.92 | |
| mingw-glibmm24 | | 2.39.91 | sailer |
+-------------------------------+---------------+---------------+-------------+
| gstreamer1 | 1.2.3 | 1.2.3 | |
| mingw-gstreamer1 | 1.2.1 | 1.2.1 | pfor |
+-------------------------------+---------------+---------------+-------------+
| gstreamer1-plugins-base | 1.2.3 | 1.2.3 | |
| mingw-gstreamer1-plugins-base | 1.2.1 | 1.2.1 | pfor |
+-------------------------------+---------------+---------------+-------------+
| gtkhtml3 | | 4.8.0 | |
| mingw-gtkhtml3 | | 4.6.6 | epienbro |
+-------------------------------+---------------+---------------+-------------+
| gtkmm30 | 3.10.1 | 3.11.9 | |
| mingw-gtkmm30 | 3.8.1 | 3.8.1 | kalev |
+-------------------------------+---------------+---------------+-------------+
| gtksourceview3 | 3.10.2 | 3.12.0 | |
| mingw-gtksourceview3 | 3.8.1 | 3.9.91 | kalev |
+-------------------------------+---------------+---------------+-------------+
| icu | | 52.1 | |
| mingw-icu | | 50.1.2 | pfor |
+-------------------------------+---------------+---------------+-------------+
| libgcrypt | | 1.6.1 | |
| mingw-libgcrypt | | 1.5.3 | rjones |
+-------------------------------+---------------+---------------+-------------+
| libgeotiff | 1.2.5 | 1.2.5 | |
| mingw-libgeotiff | 1.4.0 | 1.4.0 | smani |
+-------------------------------+---------------+---------------+-------------+
| libosinfo | 0.2.9 | 0.2.9 | |
| mingw-libosinfo | 0.2.8 | 0.2.8 | berrange |
+-------------------------------+---------------+---------------+-------------+
| libpng | 1.6.3 | 1.6.8 | |
| mingw-libpng | 1.6.10 | 1.6.10 | rjones |
+-------------------------------+---------------+---------------+-------------+
| libsigsegv | 2.10 | 2.10 | |
| mingw-libsigsegv | 2.6 | 2.6 | bonzini |
+-------------------------------+---------------+---------------+-------------+
| libsoup | | 2.46.0 | |
| mingw-libsoup | | 2.44.2 | epienbro |
+-------------------------------+---------------+---------------+-------------+
| libtasn1 | | 3.4 | |
| mingw-libtasn1 | | 3.3 | kalev |
+-------------------------------+---------------+---------------+-------------+
| libusbx | 1.0.18 | 1.0.18 | |
| mingw-libusbx | 1.0.15 | 1.0.15 | elmarco |
+-------------------------------+---------------+---------------+-------------+
| libvirt | 1.1.3.4 | 1.2.2 | |
| mingw-libvirt | 1.1.3.1 | 1.2.0 | berrange |
+-------------------------------+---------------+---------------+-------------+
| libvorbis | 1.3.4 | 1.3.4 | |
| mingw-libvorbis | 1.3.3 | 1.3.3 | kalev |
+-------------------------------+---------------+---------------+-------------+
| libwebp | 0.3.1 | 0.4.0 | |
| mingw-libwebp | 0.2.1 | 0.2.1 | pfor |
+-------------------------------+---------------+---------------+-------------+
| llvm | 3.3 | 3.4 | |
| mingw-llvm | 3.0 | 3.0 | brouhaha |
+-------------------------------+---------------+---------------+-------------+
| orc | 0.4.18 | 0.4.18 | |
| mingw-orc | 0.4.16 | 0.4.16 | elmarco |
+-------------------------------+---------------+---------------+-------------+
| pcre | | 8.35 | |
| mingw-pcre | | 8.34 | astokes |
+-------------------------------+---------------+---------------+-------------+
| polyclipping | | 6.1.3a | |
| mingw-polyclipping | | 5.1.6 | sailer |
+-------------------------------+---------------+---------------+-------------+
| poppler | 0.24.3 | 0.24.3 | |
| mingw-poppler | 0.24.5 | 0.24.5 | smani |
+-------------------------------+---------------+---------------+-------------+
| qpid-cpp | 0.24 | 0.26 | |
| mingw-qpid-cpp | 0.14 | 0.14 | beekhof |
+-------------------------------+---------------+---------------+-------------+
| shapelib | 1.3.0f | 1.3.0f | |
| mingw-shapelib | 1.3.0 | 1.3.0 | smani |
+-------------------------------+---------------+---------------+-------------+
| spice-protocol | 0.12.6 | 0.12.6 | |
| mingw-spice-protocol | 0.12.4 | 0.12.4 | kraxel |
+-------------------------------+---------------+---------------+-------------+
| sqlite | 3.8.4.2 | 3.8.4.2 | |
| mingw-sqlite | 3.8.2 | 3.8.2 | rjones |
+-------------------------------+---------------+---------------+-------------+
| tk | 8.5.14 | 8.5.15 | |
| mingw-tk | 8.5.13 | 8.5.13 | roma |
+-------------------------------+---------------+---------------+-------------+
| webkitgtk3 | | 2.4.0 | |
| mingw-webkitgtk3 | | 2.2.6 | kalev |
+-------------------------------+---------------+---------------+-------------+
10 years, 1 month