[Bug 962708] New: CVE-2012-6143 perl-Spoon (Spoon::Cookie): Do not run Storable::thaw() on arbitrary untrusted user input [epel-6]
by Red Hat Bugzilla
Product: Fedora EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=962708
Bug ID: 962708
Summary: CVE-2012-6143 perl-Spoon (Spoon::Cookie): Do not run
Storable::thaw() on arbitrary untrusted user input
[epel-6]
Product: Fedora EPEL
Version: el6
Component: perl-Spoon
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: steve(a)silug.org
Reporter: jlieskov(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org, steve(a)silug.org
Blocks: 962705 (CVE-2012-6143)
Category: ---
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-6 tracking bug for perl-Spoon: see blocks bug list for full details of the
security issue(s).
[bug automatically created by: add-tracking-bugs]
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=OAeSnqF8OC&a=cc_unsubscribe
9 years, 7 months
[Bug 1129402] New: slic3r-1.1.6-1.fc22 FTBFS: t/01_trianglemesh.t fails
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1129402
Bug ID: 1129402
Summary: slic3r-1.1.6-1.fc22 FTBFS: t/01_trianglemesh.t fails
Product: Fedora
Version: rawhide
Component: slic3r
Assignee: mhroncok(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: mhroncok(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
slic3r-1.1.6-1.fc22 fails to build in F22 because t/01_trianglemesh.t fails:
t/01_trianglemesh.t (Wstat: 139 Tests: 14 Failed: 0)
Non-zero wait status: 139
Parse errors: Bad plan. You planned 46 tests but ran 14.
Either the file declares wrong number of tests or interpreter crashes so, the
TAP output does not contain all 46 results.
The difference between last known working and this build root is:
Removed packages:
admesh-devel-0.97.5
admesh-libs-0.97.5
audit-libs-2.3.7
bash-4.3.18
cups-libs-1.7.4
device-mapper-1.02.87
device-mapper-libs-1.02.87
gnupg2-2.0.24
harfbuzz-0.9.32
libdrm-2.4.54
libogg-1.3.0
libpwquality-1.2.3
libwebp-0.4.0
libXfont-1.4.99.901
openssl-1.0.1h
openssl-libs-1.0.1h
perl-boolean-0.30
perl-CPAN-Meta-2.140640
perl-CPAN-Meta-Requirements-2.125
perl-ExtUtils-Manifest-1.63
perl-HTTP-Tiny-0.043
perl-libwww-perl-6.07
perl-Net-HTTP-6.06
perl-Sub-Name-0.07
python-2.7.7
python-libs-2.7.7
tar-1.27.1
Added packages:
admesh-devel-0.98.0
admesh-libs-0.98.0
audit-libs-2.3.8
bash-4.3.22
cups-libs-1.7.5
device-mapper-1.02.88
device-mapper-libs-1.02.88
gnupg2-2.0.25
harfbuzz-0.9.34
libbabeltrace-1.2.1
libdrm-2.4.56
libogg-1.3.2
libpwquality-1.2.4
libwebp-0.4.1
libXfont-1.5.0
openssl-1.0.1i
openssl-libs-1.0.1i
perl-boolean-0.38
perl-CPAN-Meta-2.142060
perl-CPAN-Meta-Requirements-2.126
perl-ExtUtils-Manifest-1.64
perl-HTTP-Tiny-0.047
perl-libwww-perl-6.08
perl-Net-HTTP-6.07
perl-Sub-Name-0.08
perl-Term-ANSIColor-4.03
python-2.7.8
python-libs-2.7.8
tar-1.28
Running the test manually shows the interpreter gets ABORTed by glibc
allocator:
$ perl -Iblib/{arch,lib} t/01_trianglemesh.t
1..46
ok 1 - hello world
ok 2 - vertices arrayref roundtrip
ok 3 - facets arrayref roundtrip
ok 4 - normals returns the right number of items
ok 5 - cloned vertices arrayref roundtrip
ok 6 - cloned facets arrayref roundtrip
ok 7 - stats.number_of_facets
ok 8 - stats.volume
ok 9 - scale
ok 10 - scale_xyz
ok 11 - translate
ok 12 - align_to_origin
ok 13 - size
ok 14 - rotate
ok 15 - split
ok 16 - 'split' isa 'Slic3r::TriangleMesh'
ok 17 - split populates stats
*** Error in `perl': corrupted double-linked list: 0x0000000001ed8540 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7ab3e)[0x7fe4e4cbdb3e]
/lib64/libc.so.6(+0x80ec3)[0x7fe4e4cc3ec3]
/lib64/libc.so.6(+0x82a93)[0x7fe4e4cc5a93]
/lib64/libc.so.6(+0x849a1)[0x7fe4e4cc79a1]
/lib64/libc.so.6(realloc+0xeb)[0x7fe4e4cc9d1b]
/lib64/libadmesh.so.1(stl_reallocate+0x30)[0x7fe4ddb49ab0]
blib/arch/auto/Slic3r/XS/XS.so(_ZN6Slic3r12TriangleMesh5mergeEPKS0_+0x3a)[0x7fe4de20014a]
blib/arch/auto/Slic3r/XS/XS.so(+0xa139c)[0x7fe4de10039c]
/lib64/libperl.so.5.20(Perl_pp_entersub+0x4db)[0x7fe4e606c50b]
/lib64/libperl.so.5.20(Perl_runops_standard+0x26)[0x7fe4e6064c96]
/lib64/libperl.so.5.20(perl_run+0x247)[0x7fe4e5ff5557]
perl[0x400d29]
/lib64/libc.so.6(__libc_start_main+0xf0)[0x7fe4e4c630e0]
perl[0x400d61]
(Please do not pay attention to the 5.20.0 perl version. It happens with 5.18.2
too.)
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=o18tTYT0Wh&a=cc_unsubscribe
9 years, 8 months
[Bug 1110725] New: CVE-2014-0477 perl-Email-Address: Denial-of-Service in Email::Address::parse [epel-5]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1110725
Bug ID: 1110725
Summary: CVE-2014-0477 perl-Email-Address: Denial-of-Service in
Email::Address::parse [epel-5]
Product: Fedora EPEL
Version: el5
Component: perl-Email-Address
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rob.myers(a)gtri.gatech.edu
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
rob.myers(a)gtri.gatech.edu
Blocks: 1110723 (CVE-2014-0477)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking bug for perl-Email-Address: see blocks bug list for full
details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1110723
[Bug 1110723] CVE-2014-0477 perl-Email-Address: Denial-of-Service in
Email::Address::parse
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=NhD9tnOLrD&a=cc_unsubscribe
9 years, 8 months
[Bug 1110726] New: CVE-2014-0477 perl-Email-Address: Denial-of-Service in Email::Address::parse [epel-6]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1110726
Bug ID: 1110726
Summary: CVE-2014-0477 perl-Email-Address: Denial-of-Service in
Email::Address::parse [epel-6]
Product: Fedora EPEL
Version: el6
Component: perl-Email-Address
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: rob.myers(a)gtri.gatech.edu
Reporter: vkaigoro(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
rob.myers(a)gtri.gatech.edu
Blocks: 1110723 (CVE-2014-0477)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-6 tracking bug for perl-Email-Address: see blocks bug list for full
details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1110723
[Bug 1110723] CVE-2014-0477 perl-Email-Address: Denial-of-Service in
Email::Address::parse
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=nH9a5NmShV&a=cc_unsubscribe
9 years, 8 months