mingw March 2016

mingw@lists.fedoraproject.org

2 participants
45 discussions

[Bug 1057909] Review Request: mingw-qt5-qtquickcontrols - Qt5 for Windows - QtQuickControls component
by Red Hat Bugzilla 07 Mar '16

07 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1057909 Przemysław Palacz <pprzemal(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pprzemal(a)gmail.com --- Comment #5 from Przemysław Palacz <pprzemal(a)gmail.com> --- Updated Spec URL: https://paste.fedoraproject.org/335492/ Updated SRPM URL: https://copr-be.cloud.fedoraproject.org/results/przemal/mingw-qt5-qtquickco… Copr URL: https://copr.fedorainfracloud.org/coprs/przemal/mingw-qt5-qtquickcontrols/ * Mon Mar 07 2016 Przemysław Palacz <pprzemal(a)gmail.com> - 5.5.1-1 - Update to 5.5.1 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1086514] New: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks()
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1086514 Bug ID: 1086514 Summary: CVE-2013-7353 Integer overflow leading to a heap-based buffer overflow in png_set_unknown_chunks() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_unknown_chunks() API function of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_unknown_chunks() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=70jisqeWxf&a=cc_unsubscribe

1 21

[Bug 890087] CVE-2012-5668 freetype: NULL Pointer Dereference in bdf_free_font (#37905)
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

[Bug 1086516] New: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2()
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1086516 Bug ID: 1086516 Summary: CVE-2013-7354 Integer overflow leading to a heap-based buffer overflow in png_set_sPLT() and png_set_text_2() Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: huzaifas(a)redhat.com CC: drizt(a)land.ru, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, jkoncick(a)redhat.com, jkurik(a)redhat.com, ktietz(a)redhat.com, lfarkas(a)lfarkas.org, pfrields(a)redhat.com, phracek(a)redhat.com, rjones(a)redhat.com An integer overflow leading to a heap-based buffer overflow was found in the png_set_sPLT() and png_set_text_2() API functions of libpng. A attacker could create a specially-crafated image file and render it with an application written to explicitly call png_set_sPLT() or png_set_text_2() function, could cause libpng to crash or execute arbitrary code with the permissions of the user running such an application. The vendor mentions that internal calls use safe values. These issues could potentially affect applications that use the libpng API. Apparently no such applications were identified. Reference: http://sourceforge.net/p/libpng/bugs/199/ http://seclists.org/oss-sec/2014/q2/83 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=lqm7CkaJep&a=cc_unsubscribe

1 29

[Bug 890094] CVE-2012-5670 freetype: Out-of-bounds write in _bdf_parse_glyphs() (#37907)
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

[Bug 724906] CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

[Bug 1124500] CVE-2014-5116 cairo: NULL pointer dereference in cairo_image_surface_get_data()
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

[Bug 1262377] New: freetype: Infinite loop in parse_encoding in t1load.c
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

https://bugzilla.redhat.com/show_bug.cgi?id=1262377 Bug ID: 1262377 Summary: freetype: Infinite loop in parse_encoding in t1load.c Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: behdad(a)fedoraproject.org, erik-fedora(a)vanpienbroek.nl, fedora-mingw(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, kevin(a)tigcc.ticalc.org, lfarkas(a)lfarkas.org, mkasik(a)redhat.com, rjones(a)redhat.com If the Postscript stream contains a broken number-with-base (e.g. "8#garbage") the cursor doesn't advance and parse_encoding enters an infinite loop. Upstream patch: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0… CVE request: http://seclists.org/oss-sec/2015/q3/537 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Q45dqAndJZ&a=cc_unsubscribe

1 15

[Bug 835863] CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact
by Red Hat Bugzilla 04 Mar '16

04 Mar '16

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

mingw March 2016