January 2016 - mingw - Fedora mailing-lists

[Bug 1281950] New: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1281950 Bug ID: 1281950 Summary: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Stack-based buffer overread vulnerability with HTML parser in push mode in xmlSAX2TextNode causing segmentation fault when compiled with ASAN. Upstream bug (containing reproducer): https://bugzilla.gnome.org/show_bug.cgi?id=756372 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=S97GEQo7jh&a=cc_unsubscribe

1 20

[Bug 1281936] New: libxml2: Buffer overread with XML parser in xmlNextChar
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1281936 Bug ID: 1281936 Summary: libxml2: Buffer overread with XML parser in xmlNextChar Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com A buffer overread in xmlNextChar was found, causing segmentation fault when compiled with ASAN. Upstream bug (contains reproducer): https://bugzilla.gnome.org/show_bug.cgi?id=756263 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=AuaeY9x6SN&a=cc_unsubscribe

1 19

[Bug 1281930] New: libxml2: Out-of-bounds heap read on 0xff char in xml declaration
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1281930 Bug ID: 1281930 Summary: libxml2: Out-of-bounds heap read on 0xff char in xml declaration Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com An out-of-bounds heap read in xmlParseXMLDecl happens when a file containing unfinished xml declaration, e.g. <?xml versionencoding="ISO88598", is followed by 0xff byte. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=751631 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f264… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=RtnuYLKA2T&a=cc_unsubscribe

1 18

[Bug 1277146] New: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1277146 Bug ID: 1277146 Summary: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com A vulnerability in libxml2 when parsing specially crafted XML document if XZ support is enabled causing DoS of application was found. CVE request (including reproducer): http://seclists.org/oss-sec/2015/q4/206 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=5GhAg1MnGX&a=cc_unsubscribe

1 22

[Bug 1276297] New: CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1276297 Bug ID: 1276297 Summary: CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: mprpic(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0… Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=756456 CVE assignment: http://seclists.org/oss-sec/2015/q4/130 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JWm7G50nVi&a=cc_unsubscribe

1 17

[Bug 1274222] New: libxml2: Out-of-bounds memory access
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1274222 Bug ID: 1274222 Summary: libxml2: Out-of-bounds memory access Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com, weli(a)redhat.com An out-of-bounds read vulnerability was found in libxml2 with crafted xml input. Report can be found here: https://bugzilla.gnome.org/show_bug.cgi?id=744980#c1 Upstream patches: https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e… https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0… CVE request: http://seclists.org/oss-sec/2015/q4/127 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=DBMrfilEPi&a=cc_unsubscribe

1 19

[Bug 1213957] New: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment
by Red Hat Bugzilla 17 May '16

17 May '16

https://bugzilla.redhat.com/show_bug.cgi?id=1213957 Bug ID: 1213957 Summary: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: vkaigoro(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Following issue was reported in libxml2 (http://seclists.org/oss-sec/2015/q2/214) """ This is an out-of-bounds memory access in libxml2. By entering a unclosed html comment such as <!-- the libxml2 parser didn't stop parsing at the end of the buffer, causing random memory to be included in the parsed comment that was returned to ruby. In Shopify, this caused ruby objects from previous http requests to be disclosed in the rendered page. Link to the issue in libxml2's bugtracker: https://bugzilla.gnome.org/show_bug.cgi?id=746048 A patched version of nokogiri (which uses a embedded libxml2) is available here: https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998… This bug is still not patched upstream, but both libxml2 and nokogiri developers are aware of the issue. """ No upstream patches exist at the time of creating this Bugzilla. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zRmasjF3dU&a=cc_unsubscribe

1 27

[Bug 1301928] New: libxml2: out-of-bounds read in htmlParseNameComplex()
by Red Hat Bugzilla 25 Apr '16

25 Apr '16

https://bugzilla.redhat.com/show_bug.cgi?id=1301928 Bug ID: 1301928 Summary: libxml2: out-of-bounds read in htmlParseNameComplex() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: mprpic(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com An out-of-bounds read flaw was reported in libxml2's htmlParseNameComplex() function: http://seclists.org/oss-sec/2016/q1/199 A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose crash. -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1175542] New: Building NASM with mingw-gcc fails in a strange manner
by Red Hat Bugzilla 17 Mar '16

17 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1175542 Bug ID: 1175542 Summary: Building NASM with mingw-gcc fails in a strange manner Product: Fedora Version: 20 Component: mingw32-gcc Assignee: rjones(a)redhat.com Reporter: hpa(a)zytor.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, kalevlember(a)gmail.com, rjones(a)redhat.com Description of problem: Building NASM 2.11.07 (or from git) with i686-w63-mingw32 fails with a bunch of duplicate symbol errors. Removing -std=c99 from the command line seems to make it work, but I have not been able to reduce it to a smaller example. Version-Release number of selected component (if applicable): mingw32-gcc-4.8.3-1.fc20.x86_64 How reproducible: 100% Steps to Reproduce: 1. Get NASM 2.11.07 source code. 2. ./autogen.sh 3. ./configure --host=i686-w64-mingw32 4. make Actual results: Build failure with a bunch of strange symbol errors. Expected results: Executables produced. Additional info: -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NINW6IoVUD&a=cc_unsubscribe

1 5

[Bug 1086514] New: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks()
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1086514 Bug ID: 1086514 Summary: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=70jisqeWxf&a=cc_unsubscribe

1 21

[Bug 1086516] New: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2()
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1086516 Bug ID: 1086516 Summary: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lqm7CkaJep&a=cc_unsubscribe

1 29

[Bug 1262377] New: freetype: Infinite loop in parse_encoding in t1load.c
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1262377 Bug ID: 1262377 Summary: freetype: Infinite loop in parse_encoding in t1load.c Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, lfarkas(a)lfarkas.org, mkasik(a)redhat.com, rjones(a)redhat.com If the Postscript stream contains a broken number-with-base (e.g. "8#garbage") the cursor doesn't advance and parse_encoding enters an infinite loop. Upstream patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0… CVE request: http://seclists.org/oss-sec/2015/q3/537 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Q45dqAndJZ&a=cc_unsubscribe

1 15

[Bug 1281760] New: CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-7]
by Red Hat Bugzilla 24 Feb '16

24 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1281760 Bug ID: 1281760 Summary: CVE-2015-8126 mingw-libpng: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libpng Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1281756 (CVE-2015-8126) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libpng: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1281756 [Bug 1281756] CVE-2015-8126 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=3qNv1TFMnN&a=cc_unsubscribe

1 15

[Bug 1213960] New: mingw-libxml2: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment [epel-all]
by Red Hat Bugzilla 24 Feb '16

24 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1213960 Bug ID: 1213960 Summary: mingw-libxml2: libxml2: out-of-bounds memory access when parsing an unclosed HTML comment [epel-all] Product: Fedora EPEL Version: el6 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: vkaigoro(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1213957 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1213957 [Bug 1213957] libxml2: out-of-bounds memory access when parsing an unclosed HTML comment -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HoEUhKdNiF&a=cc_unsubscribe

1 7

[Bug 1262849] New: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment
by Red Hat Bugzilla 24 Feb '16

24 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1262849 Bug ID: 1262849 Summary: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Out-of-bounds memory access vulnerability when parsing unclosed HTMl comment was found in libxml2. By entering a unclosed html comment such as <!-- the libxml2 parser didn't stop parsing at the end of the buffer, causing random memory to be included in the parsed comment. CVE request: http://seclists.org/oss-sec/2015/q3/540 Upstream was notified, but patch is not released yet. However, a patch for nokogiri, which uses embedded libxml2, was proposed: https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ORcMh1DqE6&a=cc_unsubscribe

1 9

[Bug 1262854] New: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [epel-7]
by Red Hat Bugzilla 24 Feb '16

24 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1262854 Bug ID: 1262854 Summary: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1262849 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1262849 [Bug 1262849] libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=4KtMCmFhFk&a=cc_unsubscribe

1 7

[Bug 1274226] New: mingw-libxml2: libxml2: Out-of-bounds memory access [epel-7]
by Red Hat Bugzilla 24 Feb '16

24 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1274226 Bug ID: 1274226 Summary: mingw-libxml2: libxml2: Out-of-bounds memory access [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1274222 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1274222 [Bug 1274222] libxml2: Out-of-bounds memory access -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Ejwt1OHhYo&a=cc_unsubscribe

1 8

[Bug 1276300] New: CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [epel-7]
by Red Hat Bugzilla 24 Feb '16

24 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1276300 Bug ID: 1276300 Summary: CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: mprpic(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1276297 (CVE-2015-7942) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1276297 [Bug 1276297] CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NZCcFmQKm4&a=cc_unsubscribe

1 6

[Bug 1281953] New: mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [epel-7]
by Red Hat Bugzilla 24 Feb '16

24 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1281953 Bug ID: 1281953 Summary: mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1281950 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1281950 [Bug 1281950] libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=SkWvVUcN3b&a=cc_unsubscribe

1 6

[Bug 1277150] New: mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [epel-7]
by Red Hat Bugzilla 24 Feb '16

24 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1277150 Bug ID: 1277150 Summary: mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1277146 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1277146 [Bug 1277146] libxml2: DoS when parsing specially crafted XML document if XZ support is enabled -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=skNfyT0B5S&a=cc_unsubscribe

1 8

[Bug 1281952] New: mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [fedora-all]
by Red Hat Bugzilla 16 Feb '16

16 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1281952 Bug ID: 1281952 Summary: mingw-libxml2: libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode [fedora-all] Product: Fedora Version: 23 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1281950 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1281950 [Bug 1281950] libxml2: Buffer overread with HTML parser in push mode in xmlSAX2TextNode -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=onjZDgIxYw&a=cc_unsubscribe

1 10

[Bug 1277149] New: mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all]
by Red Hat Bugzilla 16 Feb '16

16 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1277149 Bug ID: 1277149 Summary: mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all] Product: Fedora Version: 22 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1277146 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1277146 [Bug 1277146] libxml2: DoS when parsing specially crafted XML document if XZ support is enabled -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=6QqISaRX8I&a=cc_unsubscribe

1 12

[Bug 1276299] New: CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all]
by Red Hat Bugzilla 16 Feb '16

16 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1276299 Bug ID: 1276299 Summary: CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all] Product: Fedora Version: 22 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: mprpic(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1276297 (CVE-2015-7942) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1276297 [Bug 1276297] CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fZhozt3A5i&a=cc_unsubscribe

1 10

[Bug 1274225] New: mingw-libxml2: libxml2: Out-of-bounds memory access [fedora-all]
by Red Hat Bugzilla 16 Feb '16

16 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1274225 Bug ID: 1274225 Summary: mingw-libxml2: libxml2: Out-of-bounds memory access [fedora-all] Product: Fedora Version: 22 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1274222 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1274222 [Bug 1274222] libxml2: Out-of-bounds memory access -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wUyBa6ppBZ&a=cc_unsubscribe

1 12

[Bug 1262853] New: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [fedora-all]
by Red Hat Bugzilla 16 Feb '16

16 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1262853 Bug ID: 1262853 Summary: mingw-libxml2: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment [fedora-all] Product: Fedora Version: 22 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1262849 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1262849 [Bug 1262849] libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=LE5Z3j5KiV&a=cc_unsubscribe

1 11

[Bug 1281756] New: CVE-2015-8126 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
by Red Hat Bugzilla 16 Feb '16

16 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1281756 Bug ID: 1281756 Summary: CVE-2015-8126 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, paul(a)city-fan.org, phracek(a)redhat.com, rjones(a)redhat.com Buffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE, allowing remote attackers to cause DoS to application or have unspecified other impact. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8. Affected versions of libpng are before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19. Upstream patches: https://github.com/glennrp/libpng/commit/81f44665cce4cb1373f049a76f3904e981… https://github.com/glennrp/libpng/commit/a901eb3ce6087e0afeef988247f1a1aa20… https://github.com/glennrp/libpng/commit/1bef8e97995c33123665582e57d3ed40b5… https://github.com/glennrp/libpng/commit/83f4c735c88e7f451541c1528d8043c31b… CVE assignment: http://seclists.org/oss-sec/2015/q4/264 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=kwjqAGuHqm&a=cc_unsubscribe

1 68

[Bug 851819] New: Review Request: mingw-sparsehash - MinGW Extremely memory-efficient C++ hash_map implementation
by Red Hat Bugzilla 07 Feb '16

07 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=851819 Bug ID: 851819 QA Contact: extras-qa(a)fedoraproject.org Severity: unspecified Version: rawhide Priority: unspecified CC: fedora-mingw(a)lists.fedoraproject.org, notting(a)redhat.com, package-review(a)lists.fedoraproject.org Assignee: nobody(a)fedoraproject.org Summary: Review Request: mingw-sparsehash - MinGW Extremely memory-efficient C++ hash_map implementation Regression: --- Story Points: --- Classification: Fedora OS: Unspecified Reporter: t.sailer(a)alumni.ethz.ch Type: Bug Documentation: --- Hardware: Unspecified Mount Type: --- Status: NEW Component: Package Review Product: Fedora Spec URL: http://sailer.fedorapeople.org/mingw-sparsehash.spec SRPM URL: http://sailer.fedorapeople.org/mingw-sparsehash-2.0.2-1.fc17.src.rpm Description: MinGW Extremely memory-efficient C++ hash_map implementation Approved MinGW packaging guidelines are here: http://fedoraproject.org/wiki/Packaging/MinGW -- You are receiving this mail because: You are on the CC list for the bug.

1 9

[Bug 1291312] New: CVE-2015-8540 libpng: underflow read in png_check_keyword()
by Red Hat Bugzilla 06 Feb '16

06 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1291312 Bug ID: 1291312 Summary: CVE-2015-8540 libpng: underflow read in png_check_keyword() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: mprpic(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, paul(a)city-fan.org, phracek(a)redhat.com, rdieter(a)math.unl.edu, rjones(a)redhat.com An underflow read was found in png_check_keyword in pngwutil.c in libpng-1.2.54: If the data of "key" is only ' ' (0x20), it will read a byte before the buffer in line 1288. This issue impacts upstream versions 1.2.55, 1.0.65, 1.4.18, and 1.5.25 of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. CVE assignment: http://seclists.org/oss-sec/2015/q4/469 Upstream issue: http://sourceforge.net/p/libpng/bugs/244/ Upstream patch: http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815… -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qQrX6Dct1p&a=cc_unsubscribe

2 29

[Bug 1291317] New: CVE-2015-8540 mingw-libpng: libpng: underflow read in png_check_keyword() [fedora-all]
by Red Hat Bugzilla 06 Feb '16

06 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1291317 Bug ID: 1291317 Summary: CVE-2015-8540 mingw-libpng: libpng: underflow read in png_check_keyword() [fedora-all] Product: Fedora Version: 23 Component: mingw-libpng Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: mprpic(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1291312 (CVE-2015-8540) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1291312 [Bug 1291312] CVE-2015-8540 libpng: underflow read in png_check_keyword() -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=9P0jjEHGyb&a=cc_unsubscribe

1 2

[Bug 1291319] New: CVE-2015-8540 mingw-libpng: libpng: underflow read in png_check_keyword() [epel-7]
by Red Hat Bugzilla 06 Feb '16

06 Feb '16

https://bugzilla.redhat.com/show_bug.cgi?id=1291319 Bug ID: 1291319 Summary: CVE-2015-8540 mingw-libpng: libpng: underflow read in png_check_keyword() [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libpng Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: mprpic(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com Blocks: 1291312 (CVE-2015-8540) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libpng: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1291312 [Bug 1291312] CVE-2015-8540 libpng: underflow read in png_check_keyword() -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=9IMAx9fQVr&a=cc_unsubscribe

1 2

[Bug 1301931] New: mingw-libxml2: libxml2: out-of-bounds read in htmlParseNameComplex() [epel-7]
by Red Hat Bugzilla 27 Jan '16

27 Jan '16

https://bugzilla.redhat.com/show_bug.cgi?id=1301931 Bug ID: 1301931 Summary: mingw-libxml2: libxml2: out-of-bounds read in htmlParseNameComplex() [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: mprpic(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1301928 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the blocked bugs. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1301928 [Bug 1301928] libxml2: out-of-bounds read in htmlParseNameComplex() -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1301930] New: mingw-libxml2: libxml2: out-of-bounds read in htmlParseNameComplex() [fedora-all]
by Red Hat Bugzilla 27 Jan '16

27 Jan '16

https://bugzilla.redhat.com/show_bug.cgi?id=1301930 Bug ID: 1301930 Summary: mingw-libxml2: libxml2: out-of-bounds read in htmlParseNameComplex() [fedora-all] Product: Fedora Version: 23 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: mprpic(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1301928 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1301928 [Bug 1301928] libxml2: out-of-bounds read in htmlParseNameComplex() -- You are receiving this mail because: You are on the CC list for the bug.

1 3

Fedora mingw-qt5-qtbase and opengl API
by Sandro Mani 22 Jan '16

22 Jan '16

Hi Erik The current mingw-qt5-qtbase package is compiled with the support for the OpenGL API autodetected by the configure script (i.e. no -opengl option passed), which from what I understand results in Qt using OpenGL ES 2.0 + ANGLE. I have a project which uses full desktop OpenGL, and currently I'm recompiling mingw-qt5-qtbase with "-opengl desktop". I see that Arch is providing two mingw-qt5-qtbase variants, mingw-qt5-qtbase and mingw-qt5-qtbase-opengl, which conflict with each other [1]. Would you be okay with having something similar in Fedora? (There is actually a post on dynamic opengl implementation loading [2], but I cannot find any trace of -opengl dynamic support in the qt-5.5.0 source code, not sure what happened to that...). Thanks Sandro [1] https://aur.archlinux.org/packages/mingw-w64-qt5-base-opengl/ [2] http://blog.qt.io/blog/2014/11/27/qt-weekly-21-dynamic-opengl-implementatio…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw January 2016