https://bugzilla.redhat.com/show_bug.cgi?id=1281950
Bug ID: 1281950
Summary: libxml2: Buffer overread with HTML parser in push mode
in xmlSAX2TextNode
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
Stack-based buffer overread vulnerability with HTML parser in push mode in
xmlSAX2TextNode causing segmentation fault when compiled with ASAN.
Upstream bug (containing reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756372
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=S97GEQo7jh&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
Bug ID: 1281936
Summary: libxml2: Buffer overread with XML parser in
xmlNextChar
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
A buffer overread in xmlNextChar was found, causing segmentation fault when
compiled with ASAN.
Upstream bug (contains reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756263
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc…
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=AuaeY9x6SN&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1281930
Bug ID: 1281930
Summary: libxml2: Out-of-bounds heap read on 0xff char in xml
declaration
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
An out-of-bounds heap read in xmlParseXMLDecl happens when a file containing
unfinished xml declaration, e.g. <?xml versionencoding="ISO88598", is followed
by 0xff byte.
Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=751631
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f264…
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=RtnuYLKA2T&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
Bug ID: 1277146
Summary: libxml2: DoS when parsing specially crafted XML
document if XZ support is enabled
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
A vulnerability in libxml2 when parsing specially crafted XML document if XZ
support is enabled causing DoS of application was found.
CVE request (including reproducer):
http://seclists.org/oss-sec/2015/q4/206
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=5GhAg1MnGX&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
Bug ID: 1276297
Summary: CVE-2015-7942 libxml2: heap-based buffer overflow in
xmlParseConditionalSections()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
A heap-based buffer overflow flaw was found in the way libxml2 parsed certain
crafted XML input. A remote attacker could provide a specially-crafted XML file
that, when opened in an application linked against libxml2, would cause the
application to crash.
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0…
Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=756456
CVE assignment:
http://seclists.org/oss-sec/2015/q4/130
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JWm7G50nVi&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1213957
Bug ID: 1213957
Summary: libxml2: out-of-bounds memory access when parsing an
unclosed HTML comment
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
Following issue was reported in libxml2
(http://seclists.org/oss-sec/2015/q2/214)
"""
This is an out-of-bounds memory access in libxml2. By entering a unclosed
html comment such as <!-- the libxml2 parser didn't stop parsing at the end
of the buffer, causing random memory to be included in the parsed comment
that was returned to ruby. In Shopify, this caused ruby objects from
previous http requests to be disclosed in the rendered page.
Link to the issue in libxml2's bugtracker:
https://bugzilla.gnome.org/show_bug.cgi?id=746048
A patched version of nokogiri (which uses a embedded libxml2) is available
here:
https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998…
This bug is still not patched upstream, but both libxml2 and nokogiri
developers are aware of the issue.
"""
No upstream patches exist at the time of creating this Bugzilla.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=zRmasjF3dU&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1301928
Bug ID: 1301928
Summary: libxml2: out-of-bounds read in htmlParseNameComplex()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
An out-of-bounds read flaw was reported in libxml2's htmlParseNameComplex()
function:
http://seclists.org/oss-sec/2016/q1/199
A remote attacker could provide a specially crafted XML file that, when
processed by an application linked against libxml2, could cause the application
to disclose crash.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1175542
Bug ID: 1175542
Summary: Building NASM with mingw-gcc fails in a strange manner
Product: Fedora
Version: 20
Component: mingw32-gcc
Assignee: rjones(a)redhat.com
Reporter: hpa(a)zytor.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
kalevlember(a)gmail.com, rjones(a)redhat.com
Description of problem:
Building NASM 2.11.07 (or from git) with i686-w63-mingw32 fails with a bunch of
duplicate symbol errors.
Removing -std=c99 from the command line seems to make it work, but I have not
been able to reduce it to a smaller example.
Version-Release number of selected component (if applicable):
mingw32-gcc-4.8.3-1.fc20.x86_64
How reproducible:
100%
Steps to Reproduce:
1. Get NASM 2.11.07 source code.
2. ./autogen.sh
3. ./configure --host=i686-w64-mingw32
4. make
Actual results:
Build failure with a bunch of strange symbol errors.
Expected results:
Executables produced.
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NINW6IoVUD&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1086514
Bug ID: 1086514
Summary: CVE-2013-7353 Integer overflow leading to a heap-based
buffer overflow in png_set_unknown_chunks()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: huzaifas(a)redhat.com
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jkoncick(a)redhat.com, jkurik(a)redhat.com,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
pfrields(a)redhat.com, phracek(a)redhat.com,
rjones(a)redhat.com
An integer overflow leading to a heap-based buffer overflow was found in the
png_set_unknown_chunks() API function of libpng. A attacker could create a
specially-crafated image file and render it with an application written to
explicitly call png_set_unknown_chunks() function, could cause libpng to crash
or execute arbitrary code with the permissions of the user running such an
application.
The vendor mentions that internal calls use safe values. These issues could
potentially affect applications that use the libpng API. Apparently no such
applications were identified.
Reference:
http://sourceforge.net/p/libpng/bugs/199/http://seclists.org/oss-sec/2014/q2/83
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=70jisqeWxf&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1086516
Bug ID: 1086516
Summary: CVE-2013-7354 Integer overflow leading to a heap-based
buffer overflow in png_set_sPLT() and png_set_text_2()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: huzaifas(a)redhat.com
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
jkoncick(a)redhat.com, jkurik(a)redhat.com,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
pfrields(a)redhat.com, phracek(a)redhat.com,
rjones(a)redhat.com
An integer overflow leading to a heap-based buffer overflow was found in the
png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could
create a specially-crafated image file and render it with an application
written to explicitly call png_set_sPLT() or png_set_text_2() function, could
cause libpng to crash or execute arbitrary code with the permissions of the
user running such an application.
The vendor mentions that internal calls use safe values. These issues could
potentially affect applications that use the libpng API. Apparently no such
applications were identified.
Reference:
http://sourceforge.net/p/libpng/bugs/199/http://seclists.org/oss-sec/2014/q2/83
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lqm7CkaJep&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1262377
Bug ID: 1262377
Summary: freetype: Infinite loop in parse_encoding in t1load.c
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: behdad(a)fedoraproject.org, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
fonts-bugs(a)lists.fedoraproject.org,
kevin(a)tigcc.ticalc.org, lfarkas(a)lfarkas.org,
mkasik(a)redhat.com, rjones(a)redhat.com
If the Postscript stream contains a broken number-with-base (e.g. "8#garbage")
the cursor doesn't advance and parse_encoding enters an infinite loop.
Upstream patch:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0…
CVE request:
http://seclists.org/oss-sec/2015/q3/537
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Q45dqAndJZ&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1281760
Bug ID: 1281760
Summary: CVE-2015-8126 mingw-libpng: libpng: Buffer overflow
vulnerabilities in png_get_PLTE/png_set_PLTE functions
[epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libpng
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com
Blocks: 1281756 (CVE-2015-8126)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-libpng: see blocks bug list for full details of
the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1281756
[Bug 1281756] CVE-2015-8126 libpng: Buffer overflow vulnerabilities in
png_get_PLTE/png_set_PLTE functions
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=3qNv1TFMnN&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1213960
Bug ID: 1213960
Summary: mingw-libxml2: libxml2: out-of-bounds memory access
when parsing an unclosed HTML comment [epel-all]
Product: Fedora EPEL
Version: el6
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1213957
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1213957
[Bug 1213957] libxml2: out-of-bounds memory access when parsing an unclosed
HTML comment
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=HoEUhKdNiF&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1262849
Bug ID: 1262849
Summary: libxml2: Out-of-bounds memory access when parsing
unclosed HTMl comment
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
ohudlick(a)redhat.com, rjones(a)redhat.com,
veillard(a)redhat.com
Out-of-bounds memory access vulnerability when parsing unclosed HTMl comment
was found in libxml2. By entering a unclosed html comment such as <!-- the
libxml2 parser didn't stop parsing at the end of the buffer, causing random
memory to be included in the parsed comment.
CVE request:
http://seclists.org/oss-sec/2015/q3/540
Upstream was notified, but patch is not released yet. However, a patch for
nokogiri, which uses embedded libxml2, was proposed:
https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998…
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ORcMh1DqE6&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1262854
Bug ID: 1262854
Summary: mingw-libxml2: libxml2: Out-of-bounds memory access
when parsing unclosed HTMl comment [epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1262849
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of
the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1262849
[Bug 1262849] libxml2: Out-of-bounds memory access when parsing unclosed
HTMl comment
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=4KtMCmFhFk&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1274226
Bug ID: 1274226
Summary: mingw-libxml2: libxml2: Out-of-bounds memory access
[epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1274222
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of
the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
[Bug 1274222] libxml2: Out-of-bounds memory access
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Ejwt1OHhYo&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1276300
Bug ID: 1276300
Summary: CVE-2015-7942 mingw-libxml2: libxml2: heap-based
buffer overflow in xmlParseConditionalSections()
[epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: mprpic(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1276297 (CVE-2015-7942)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of
the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
[Bug 1276297] CVE-2015-7942 libxml2: heap-based buffer overflow in
xmlParseConditionalSections()
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NZCcFmQKm4&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1281953
Bug ID: 1281953
Summary: mingw-libxml2: libxml2: Buffer overread with HTML
parser in push mode in xmlSAX2TextNode [epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1281950
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of
the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
[Bug 1281950] libxml2: Buffer overread with HTML parser in push mode in
xmlSAX2TextNode
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=SkWvVUcN3b&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1277150
Bug ID: 1277150
Summary: mingw-libxml2: libxml2: DoS when parsing specially
crafted XML document if XZ support is enabled [epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1277146
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of
the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
[Bug 1277146] libxml2: DoS when parsing specially crafted XML document if
XZ support is enabled
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=skNfyT0B5S&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1281952
Bug ID: 1281952
Summary: mingw-libxml2: libxml2: Buffer overread with HTML
parser in push mode in xmlSAX2TextNode [fedora-all]
Product: Fedora
Version: 23
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1281950
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1281950
[Bug 1281950] libxml2: Buffer overread with HTML parser in push mode in
xmlSAX2TextNode
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=onjZDgIxYw&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1277149
Bug ID: 1277149
Summary: mingw-libxml2: libxml2: DoS when parsing specially
crafted XML document if XZ support is enabled
[fedora-all]
Product: Fedora
Version: 22
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1277146
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1277146
[Bug 1277146] libxml2: DoS when parsing specially crafted XML document if
XZ support is enabled
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=6QqISaRX8I&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1276299
Bug ID: 1276299
Summary: CVE-2015-7942 mingw-libxml2: libxml2: heap-based
buffer overflow in xmlParseConditionalSections()
[fedora-all]
Product: Fedora
Version: 22
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: mprpic(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1276297 (CVE-2015-7942)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1276297
[Bug 1276297] CVE-2015-7942 libxml2: heap-based buffer overflow in
xmlParseConditionalSections()
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=fZhozt3A5i&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1274225
Bug ID: 1274225
Summary: mingw-libxml2: libxml2: Out-of-bounds memory access
[fedora-all]
Product: Fedora
Version: 22
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1274222
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1274222
[Bug 1274222] libxml2: Out-of-bounds memory access
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wUyBa6ppBZ&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1262853
Bug ID: 1262853
Summary: mingw-libxml2: libxml2: Out-of-bounds memory access
when parsing unclosed HTMl comment [fedora-all]
Product: Fedora
Version: 22
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1262849
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1262849
[Bug 1262849] libxml2: Out-of-bounds memory access when parsing unclosed
HTMl comment
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=LE5Z3j5KiV&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1291312
Bug ID: 1291312
Summary: CVE-2015-8540 libpng: underflow read in
png_check_keyword()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
paul(a)city-fan.org, phracek(a)redhat.com,
rdieter(a)math.unl.edu, rjones(a)redhat.com
An underflow read was found in png_check_keyword in pngwutil.c in
libpng-1.2.54:
If the data of "key" is only ' ' (0x20), it will read a byte before the buffer
in line 1288.
This issue impacts upstream versions 1.2.55, 1.0.65, 1.4.18, and 1.5.25 of
libpng.
An attacker could possibly use this flaw to cause an out-of-bounds read by
tricking an unsuspecting user into processing a specially crafted PNG image.
CVE assignment:
http://seclists.org/oss-sec/2015/q4/469
Upstream issue:
http://sourceforge.net/p/libpng/bugs/244/
Upstream patch:
http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815…
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qQrX6Dct1p&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1291317
Bug ID: 1291317
Summary: CVE-2015-8540 mingw-libpng: libpng: underflow read in
png_check_keyword() [fedora-all]
Product: Fedora
Version: 23
Component: mingw-libpng
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: mprpic(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com
Blocks: 1291312 (CVE-2015-8540)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1291312
[Bug 1291312] CVE-2015-8540 libpng: underflow read in png_check_keyword()
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=9P0jjEHGyb&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1291319
Bug ID: 1291319
Summary: CVE-2015-8540 mingw-libpng: libpng: underflow read in
png_check_keyword() [epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libpng
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: mprpic(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com
Blocks: 1291312 (CVE-2015-8540)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-libpng: see blocks bug list for full details of
the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1291312
[Bug 1291312] CVE-2015-8540 libpng: underflow read in png_check_keyword()
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=9IMAx9fQVr&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1301931
Bug ID: 1301931
Summary: mingw-libxml2: libxml2: out-of-bounds read in
htmlParseNameComplex() [epel-7]
Product: Fedora EPEL
Version: epel7
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: mprpic(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1301928
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
epel-7 tracking bug for mingw-libxml2: see blocks bug list for full details of
the security issue(s).
This bug is never intended to be made public, please put any public notes
in the blocked bugs.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1301928
[Bug 1301928] libxml2: out-of-bounds read in htmlParseNameComplex()
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1301930
Bug ID: 1301930
Summary: mingw-libxml2: libxml2: out-of-bounds read in
htmlParseNameComplex() [fedora-all]
Product: Fedora
Version: 23
Component: mingw-libxml2
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: rjones(a)redhat.com
Reporter: mprpic(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erik-fedora(a)vanpienbroek.nl,
fedora-mingw(a)lists.fedoraproject.org,
ktietz(a)redhat.com, lfarkas(a)lfarkas.org,
rjones(a)redhat.com, veillard(a)redhat.com
Blocks: 1301928
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1301928
[Bug 1301928] libxml2: out-of-bounds read in htmlParseNameComplex()
--
You are receiving this mail because:
You are on the CC list for the bug.
Hi Erik
The current mingw-qt5-qtbase package is compiled with the support for
the OpenGL API autodetected by the configure script (i.e. no -opengl
option passed), which from what I understand results in Qt using OpenGL
ES 2.0 + ANGLE.
I have a project which uses full desktop OpenGL, and currently I'm
recompiling mingw-qt5-qtbase with "-opengl desktop". I see that Arch is
providing two mingw-qt5-qtbase variants, mingw-qt5-qtbase and
mingw-qt5-qtbase-opengl, which conflict with each other [1].
Would you be okay with having something similar in Fedora?
(There is actually a post on dynamic opengl implementation loading [2],
but I cannot find any trace of -opengl dynamic support in the qt-5.5.0
source code, not sure what happened to that...).
Thanks
Sandro
[1] https://aur.archlinux.org/packages/mingw-w64-qt5-base-opengl/
[2]
http://blog.qt.io/blog/2014/11/27/qt-weekly-21-dynamic-opengl-implementatio…