November 2014 - mingw - Fedora Mailing-Lists

[Bug 1086514] New: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1086514 Bug ID: 1086514 Summary: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=70jisqeWxf&a=cc_unsubscribe

7 years, 9 months

1
21
0 / 0

[Bug 1086516] New: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2()

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1086516 Bug ID: 1086516 Summary: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lqm7CkaJep&a=cc_unsubscribe

7 years, 9 months

1
29
0 / 0

[Bug 851819] New: Review Request: mingw-sparsehash - MinGW Extremely memory-efficient C++ hash_map implementation

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=851819 Bug ID: 851819 QA Contact: extras-qa(a)fedoraproject.org Severity: unspecified Version: rawhide Priority: unspecified CC: fedora-mingw(a)lists.fedoraproject.org, notting(a)redhat.com, package-review(a)lists.fedoraproject.org Assignee: nobody(a)fedoraproject.org Summary: Review Request: mingw-sparsehash - MinGW Extremely memory-efficient C++ hash_map implementation Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: t.sailer(a)alumni.ethz.ch Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: Package Review Product: Fedora Spec URL: http://sailer.fedorapeople.org/mingw-sparsehash.spec SRPM URL: http://sailer.fedorapeople.org/mingw-sparsehash-2.0.2-1.fc17.src.rpm Description: MinGW Extremely memory-efficient C++ hash_map implementation Approved MinGW packaging guidelines are here: http://fedoraproject.org/wiki/Packaging/MinGW -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 10 months

1
9
0 / 0

[Bug 1162666] New: binutils: out of bounds memory write

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162666 Bug ID: 1162666 Summary: binutils: out of bounds memory write Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com It was reported [1] that objdump will try to overwrite part of memory when processing a crafted "ar" archive file. Upstream patch for this is at [2]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17533 [2]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=MacgSycVBH&a=cc_unsubscribe

8 years

1
52
0 / 0

[Bug 1162655] New: binutils: directory traversal vulnerability

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162655 Bug ID: 1162655 Summary: binutils: directory traversal vulnerability Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com Directory traversal vulnerability allowing random files deleteion/creation was reported [1] in binutils. Upstream patch is in [2]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17552 [2]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bEUzAveurp&a=cc_unsubscribe

8 years

1
45
0 / 0

[Bug 1162621] New: CVE-2014-8504 binutils: stack overflow in the SREC parser

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Bug ID: 1162621 Summary: CVE-2014-8504 binutils: stack overflow in the SREC parser Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com Stack overflow issue was reported [1] in SREC parser in binutils. Upstream patch that fixes this issue is at [2]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7 [2]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bHcxYEBDhk&a=cc_unsubscribe

8 years

1
42
0 / 0

[Bug 1162607] New: CVE-2014-8503 binutils: stack overflow in objdump when parsing specially crafted ihex file

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162607 Bug ID: 1162607 Summary: CVE-2014-8503 binutils: stack overflow in objdump when parsing specially crafted ihex file Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com Stack overflow was reported [1] in objdump when parsing a crafted ihex file [2]. Upstream patch is at [3]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7869 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc5... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fWj88qzSHL&a=cc_unsubscribe

8 years

1
31
0 / 0

[Bug 1162594] New: CVE-2014-8502 binutils: heap overflow in objdump

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162594 Bug ID: 1162594 Summary: CVE-2014-8502 binutils: heap overflow in objdump Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com A heap overflow was reborted [1] when running objdump on a specially crafted PE executable [2]. Upstream patches that address this are at [3] and [4]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7862 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30... [4]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=acafeb6056bec4... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=pnYCBTnBr5&a=cc_unsubscribe

8 years

1
44
0 / 0

[Bug 1162570] New: CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1162570 Bug ID: 1162570 Summary: CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com It was reported [1] that running strings, nm or objdump on a constructed PE file [2] leads to out-of bounds write to an unitialized memory area. Upstream path for this issue is at [3]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c0 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7849 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=xVCMYjG9bG&a=cc_unsubscribe

8 years

1
39
0 / 0

[Bug 858062] New: Review Request: mingw-qt5-qtactiveqt - Qt5 for Windows - QtActiveQt component

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=858062 Bug ID: 858062 QA Contact: extras-qa(a)fedoraproject.org Severity: unspecified Version: rawhide Priority: unspecified CC: fedora-mingw(a)lists.fedoraproject.org, notting(a)redhat.com, package-review(a)lists.fedoraproject.org Assignee: nobody(a)fedoraproject.org Summary: Review Request: mingw-qt5-qtactiveqt - Qt5 for Windows - QtActiveQt component Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: erik-fedora(a)vanpienbroek.nl Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: Package Review Product: Fedora Spec URL: http://svn.openftd.org/svn/fedora_cross/mingw-qt5-qtactiveqt/mingw-qt5-qt... SRPM URL: http://ftd4linux.nl/contrib/mingw-qt5-qtactiveqt-5.0.0-0.1.beta1.fc17.src... Fedora Account System Username: epienbro Description: This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler. -- You are receiving this mail because: You are on the CC list for the bug.

8 years, 4 months

1
26
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw November 2014