mingw March 2016

mingw@lists.fedoraproject.org

2 participants
45 discussions

[Bug 1301928] New: libxml2: out-of-bounds read in htmlParseNameComplex()
by Red Hat Bugzilla 25 Apr '16

25 Apr '16

https://bugzilla.redhat.com/show_bug.cgi?id=1301928 Bug ID: 1301928 Summary: libxml2: out-of-bounds read in htmlParseNameComplex() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: mprpic(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com An out-of-bounds read flaw was reported in libxml2's htmlParseNameComplex() function: http://seclists.org/oss-sec/2016/q1/199 A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose crash. -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1320995] New: pcre: Segmentation fault on crafted regex when JIT is used
by Red Hat Bugzilla 01 Apr '16

01 Apr '16

https://bugzilla.redhat.com/show_bug.cgi?id=1320995 Bug ID: 1320995 Summary: pcre: Segmentation fault on crafted regex when JIT is used Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: adam.stokes(a)gmail.com, andrew(a)beekhof.net, athmanem(a)gmail.com, csutherl(a)redhat.com, databases-maint(a)redhat.com, dknox(a)redhat.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fidencio(a)redhat.com, jclere(a)redhat.com, jdornak(a)redhat.com, jdoyle(a)redhat.com, jgrulich(a)redhat.com, jmlich83(a)gmail.com, jorton(a)redhat.com, jtfas90(a)gmail.com, klember(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk, marcandre.lureau(a)redhat.com, mbabacek(a)redhat.com, mclasen(a)redhat.com, mmaslano(a)redhat.com, myarboro(a)redhat.com, pmyers(a)valanet.net, ppisar(a)redhat.com, pslavice(a)redhat.com, rcollet(a)redhat.com, rjones(a)redhat.com, rmeggins(a)redhat.com, rsvoboda(a)redhat.com, sgrubb(a)redhat.com, t.sailer(a)alumni.ethz.ch, twalsh(a)redhat.com, walters(a)redhat.com, webstack-team(a)redhat.com, weli(a)redhat.com It was reported that segmentation fault in surricata appeared when certain regex is processed by pcre_exec in libpcre3. Bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819050 -- You are receiving this mail because: You are on the CC list for the bug.

1 21

[Bug 1321001] New: mingw-glib2: pcre: Segmentation fault on crafted regex when JIT is used [epel-7]
by Red Hat Bugzilla 01 Apr '16

01 Apr '16

https://bugzilla.redhat.com/show_bug.cgi?id=1321001 Bug ID: 1321001 Summary: mingw-glib2: pcre: Segmentation fault on crafted regex when JIT is used [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-glib2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: erik-fedora(a)vanpienbroek.nl Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, marcandre.lureau(a)redhat.com, rjones(a)redhat.com, t.sailer(a)alumni.ethz.ch Blocks: 1320995 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1320995 [Bug 1320995] pcre: Segmentation fault on crafted regex when JIT is used -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1320999] New: mingw-glib2: pcre: Segmentation fault on crafted regex when JIT is used [fedora-all]
by Red Hat Bugzilla 01 Apr '16

01 Apr '16

https://bugzilla.redhat.com/show_bug.cgi?id=1320999 Bug ID: 1320999 Summary: mingw-glib2: pcre: Segmentation fault on crafted regex when JIT is used [fedora-all] Product: Fedora Version: 23 Component: mingw-glib2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: erik-fedora(a)vanpienbroek.nl Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fidencio(a)redhat.com, klember(a)redhat.com, marcandre.lureau(a)redhat.com, rjones(a)redhat.com, t.sailer(a)alumni.ethz.ch Blocks: 1320995 This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1320995 [Bug 1320995] pcre: Segmentation fault on crafted regex when JIT is used -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1317701] New: zlib1.dll missing execute premission
by Red Hat Bugzilla 31 Mar '16

31 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1317701 Bug ID: 1317701 Summary: zlib1.dll missing execute premission Product: Fedora Version: 23 Component: mingw32-zlib Assignee: rjones(a)redhat.com Reporter: gene(a)digilicious.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, lfarkas(a)lfarkas.org, rjones(a)redhat.com, t.sailer(a)alumni.ethz.ch Description of problem: ls -l /usr/i686-w64-mingw32/sys-root/mingw/bin/zlib1.dll -rw-r--r--. 1 root root 85026 Jun 17 2015 /usr/i686-w64-mingw32/sys-root/mingw/bin/zlib1.dll Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: $ ls -l /usr/i686-w64-mingw32/sys-root/mingw/bin/zlib1.dll -rwxr-xr-x. 1 root root 85026 Jun 17 2015 /usr/i686-w64-mingw32/sys-root/mingw/bin/zlib1.dll* Additional info: -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1287636] CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion (8.38/6)
by Red Hat Bugzilla 21 Mar '16

21 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1287636 shiwang <shiwang(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |shiwang(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1319831] New: CVE-2016-3627 mingw-libxml2: libxml2: stack exhaustion while parsing xml files in recovery mode [fedora-all]
by Red Hat Bugzilla 21 Mar '16

21 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1319831 Bug ID: 1319831 Summary: CVE-2016-3627 mingw-libxml2: libxml2: stack exhaustion while parsing xml files in recovery mode [fedora-all] Product: Fedora Version: 23 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1319829 (CVE-2016-3627) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1319829 [Bug 1319829] CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1319832] New: CVE-2016-3627 mingw-libxml2: libxml2: stack exhaustion while parsing xml files in recovery mode [epel-7]
by Red Hat Bugzilla 21 Mar '16

21 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1319832 Bug ID: 1319832 Summary: CVE-2016-3627 mingw-libxml2: libxml2: stack exhaustion while parsing xml files in recovery mode [epel-7] Product: Fedora EPEL Version: epel7 Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com Blocks: 1319829 (CVE-2016-3627) This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-tracking-bugs] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1319829 [Bug 1319829] CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1319829] New: CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode
by Red Hat Bugzilla 21 Mar '16

21 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1319829 Bug ID: 1319829 Summary: CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: athmanem(a)gmail.com, c.david86(a)gmail.com, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, ktietz(a)redhat.com, ohudlick(a)redhat.com, rjones(a)redhat.com, veillard(a)redhat.com A vulnerability was found in a way libxml2 parses certain files. With the libxml2 in recovery mode, a maliciously crafted filed could cause libxml2 to crash. References: http://seclists.org/oss-sec/2016/q1/682 CVE assignment: http://seclists.org/oss-sec/2016/q1/683 -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 954148] Review Request: mingw-enet - Thin, simple and robust network layer on top of UDP
by Red Hat Bugzilla 19 Mar '16

19 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=954148 Itamar Reis Peixoto <itamar(a)ispbrasil.com.br> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED CC| |itamar(a)ispbrasil.com.br, | |maci(a)satgnu.net Resolution|--- |WONTFIX Flags| |needinfo?(maci(a)satgnu.net) Last Closed| |2016-03-19 21:37:59 --- Comment #3 from Itamar Reis Peixoto <itamar(a)ispbrasil.com.br> --- please reopen if you're still interested, thank you. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw March 2016