mingw November 2015

mingw@lists.fedoraproject.org

3 participants
83 discussions

[Bug 1162655] New: binutils: directory traversal vulnerability
by Red Hat Bugzilla 18 Nov '15

18 Nov '15

https://bugzilla.redhat.com/show_bug.cgi?id=1162655 Bug ID: 1162655 Summary: binutils: directory traversal vulnerability Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com Directory traversal vulnerability allowing random files deleteion/creation was reported [1] in binutils. Upstream patch is in [2]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17552 [2]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bEUzAveurp&a=cc_unsubscribe

1 45

[Bug 1162621] New: CVE-2014-8504 binutils: stack overflow in the SREC parser
by Red Hat Bugzilla 18 Nov '15

18 Nov '15

https://bugzilla.redhat.com/show_bug.cgi?id=1162621 Bug ID: 1162621 Summary: CVE-2014-8504 binutils: stack overflow in the SREC parser Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com Stack overflow issue was reported [1] in SREC parser in binutils. Upstream patch that fixes this issue is at [2]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7 [2]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d7… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=bHcxYEBDhk&a=cc_unsubscribe

1 42

[Bug 1162607] New: CVE-2014-8503 binutils: stack overflow in objdump when parsing specially crafted ihex file
by Red Hat Bugzilla 18 Nov '15

18 Nov '15

https://bugzilla.redhat.com/show_bug.cgi?id=1162607 Bug ID: 1162607 Summary: CVE-2014-8503 binutils: stack overflow in objdump when parsing specially crafted ihex file Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com Stack overflow was reported [1] in objdump when parsing a crafted ihex file [2]. Upstream patch is at [3]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7869 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fWj88qzSHL&a=cc_unsubscribe

1 31

[Bug 1162594] New: CVE-2014-8502 binutils: heap overflow in objdump
by Red Hat Bugzilla 18 Nov '15

18 Nov '15

https://bugzilla.redhat.com/show_bug.cgi?id=1162594 Bug ID: 1162594 Summary: CVE-2014-8502 binutils: heap overflow in objdump Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com A heap overflow was reborted [1] when running objdump on a specially crafted PE executable [2]. Upstream patches that address this are at [3] and [4]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7862 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30ca… [4]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=acafeb6056bec47d… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=pnYCBTnBr5&a=cc_unsubscribe

1 44

[Bug 1162570] New: CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable
by Red Hat Bugzilla 18 Nov '15

18 Nov '15

https://bugzilla.redhat.com/show_bug.cgi?id=1162570 Bug ID: 1162570 Summary: CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: bgollahe(a)redhat.com, dan(a)danny.cz, dhowells(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jakub(a)redhat.com, kalevlember(a)gmail.com, kanderso(a)redhat.com, ktietz(a)redhat.com, law(a)redhat.com, lkocman(a)redhat.com, lkundrak(a)v3.sk, mfranc(a)redhat.com, mhlavink(a)redhat.com, nickc(a)redhat.com, ohudlick(a)redhat.com, pfrankli(a)redhat.com, rjones(a)redhat.com, rob(a)robspanton.com, seceng-idm-qe-list(a)redhat.com, swhiteho(a)redhat.com, thibault.north(a)gmail.com, tmlcoch(a)redhat.com, trond.danielsen(a)gmail.com It was reported [1] that running strings, nm or objdump on a constructed PE file [2] leads to out-of bounds write to an unitialized memory area. Upstream path for this issue is at [3]. [1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c0 [2]: https://sourceware.org/bugzilla/attachment.cgi?id=7849 [3]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24ae… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=xVCMYjG9bG&a=cc_unsubscribe

1 39

[Bug 1265854] Review Request: mingw-jxrlib - MinGW Windows JPEG XR library
by Red Hat Bugzilla 14 Nov '15

14 Nov '15

https://bugzilla.redhat.com/show_bug.cgi?id=1265854 --- Comment #8 from Fedora Update System <updates(a)fedoraproject.org> --- mingw-jxrlib-1.1-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update mingw-jxrlib' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-136b8b7bdd -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=nUk1oAkVGO&a=cc_unsubscribe

1 0

[Bug 1265854] Review Request: mingw-jxrlib - MinGW Windows JPEG XR library
by Red Hat Bugzilla 14 Nov '15

14 Nov '15

https://bugzilla.redhat.com/show_bug.cgi?id=1265854 Fedora Update System <updates(a)fedoraproject.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |ON_QA --- Comment #7 from Fedora Update System <updates(a)fedoraproject.org> --- mingw-jxrlib-1.1-1.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update mingw-jxrlib' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-3fe5e099ba -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=3ss9YbA9MW&a=cc_unsubscribe

1 0

[Bug 1265854] Review Request: mingw-jxrlib - MinGW Windows JPEG XR library
by Red Hat Bugzilla 13 Nov '15

13 Nov '15

https://bugzilla.redhat.com/show_bug.cgi?id=1265854 Fedora Update System <updates(a)fedoraproject.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |MODIFIED --- Comment #6 from Fedora Update System <updates(a)fedoraproject.org> --- mingw-jxrlib-1.1-1.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-3fe5e099ba -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HmUKcE6Hn2&a=cc_unsubscribe

1 0

[Bug 1265854] Review Request: mingw-jxrlib - MinGW Windows JPEG XR library
by Red Hat Bugzilla 13 Nov '15

13 Nov '15

https://bugzilla.redhat.com/show_bug.cgi?id=1265854 --- Comment #6 from Fedora Update System <updates(a)fedoraproject.org> --- mingw-jxrlib-1.1-1.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-3fe5e099ba -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=7bIyI1uYez&a=cc_unsubscribe

1 0

[Bug 1265854] Review Request: mingw-jxrlib - MinGW Windows JPEG XR library
by Red Hat Bugzilla 13 Nov '15

13 Nov '15

https://bugzilla.redhat.com/show_bug.cgi?id=1265854 --- Comment #5 from Jon Ciesla <limburgher(a)gmail.com> --- Package request has been approved: https://admin.fedoraproject.org/pkgdb/package/mingw-jxrlib -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Sw7VasMis4&a=cc_unsubscribe

1 0

← Newer
1
2
3
4
5
6
7
8
9
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw November 2015