[Bug 1467608] New: CVE-2017-10788 CVE-2017-10789 perl-DBD-MySQL:
various flaws [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1467608
Bug ID: 1467608
Summary: CVE-2017-10788 CVE-2017-10789 perl-DBD-MySQL: various
flaws [fedora-all]
Product: Fedora
Version: 25
Component: perl-DBD-MySQL
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: jplesnik(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 4 months
[Bug 1410774] New: perl-PDL-Graphics-PLplot-0.71-3.fc26 FTBFS
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1410774
Bug ID: 1410774
Summary: perl-PDL-Graphics-PLplot-0.71-3.fc26 FTBFS
Product: Fedora
Version: rawhide
Component: perl-PDL-Graphics-PLplot
Assignee: ppisar(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: i(a)cicku.me, perl-devel(a)lists.fedoraproject.org,
ppisar(a)redhat.com
perl-PDL-Graphics-PLplot-0.71-3.fc26 fails to build in F26 because tests fail
on 64-bit PowerPC:
t/plplot.t ................
All 15 subtests passed
sh: line 1: 28335 Segmentation fault (core dumped) perl -Mblib ./t/x09.pl
-dev svg -o x09p.svg -fam > /dev/null 2>&1
# Failed test 'Script ./t/x09.pl ran successfully'
# at t/plplot_library_tests.t line 68.
# Failed test 'Output file x09p.svg.2 matches C output'
# at t/plplot_library_tests.t line 74.
sh: line 1: 28730 Segmentation fault (core dumped) perl -Mblib ./t/x22.pl
-dev svg -o x22p.svg -fam > /dev/null 2>&1
# Failed test 'Script ./t/x22.pl ran successfully'
# at t/plplot_library_tests.t line 68.
# Failed test 'Output file x22p.svg.1 matches C output'
# at t/plplot_library_tests.t line 74.
# Looks like you failed 4 tests of 221.
t/plplot_library_tests.t ..
Dubious, test returned 4 (wstat 1024, 0x400)
Failed 4/221 subtests
Test Summary Report
-------------------
t/plplot.t (Wstat: 139 Tests: 15 Failed: 0)
Non-zero wait status: 139
Parse errors: No plan found in TAP output
t/plplot_library_tests.t (Wstat: 1024 Tests: 221 Failed: 4)
Failed tests: 67, 69, 122-123
Non-zero exit status: 4
Files=2, Tests=236, 41 wallclock secs ( 0.05 usr 0.01 sys + 13.73 cusr 1.06
csys = 14.85 CPU)
Result: FAIL
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 6 months
[Bug 1384434] New: perl-Audio-Beep build is interactive
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1384434
Bug ID: 1384434
Summary: perl-Audio-Beep build is interactive
Product: Fedora
Version: rawhide
Component: perl-Audio-Beep
Assignee: jan.klepek(a)gmail.com
Reporter: rjones(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jan.klepek(a)gmail.com,
perl-devel(a)lists.fedoraproject.org
Description of problem:
The perl-Audio-Beep package fails to build from source unless
stdin is /dev/null. This is because the build interactively
asks questions:
$ fedpkg local
Downloading Audio-Beep-0.11.tar.gz
######################################################################## 100.0%
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.DDaXlx
+ umask 022
+ cd /home/rjones/d/fedora/perl-Audio-Beep/master
+ cd /home/rjones/d/fedora/perl-Audio-Beep/master
+ rm -rf Audio-Beep-0.11
+ /usr/bin/gzip -dc
/home/rjones/d/fedora/perl-Audio-Beep/master/Audio-Beep-0.11.tar.gz
+ /usr/bin/tar -xof -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd Audio-Beep-0.11
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ chmod -x music/beep_player.pl
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.1IrEhL
+ umask 022
+ cd /home/rjones/d/fedora/perl-Audio-Beep/master
+ cd Audio-Beep-0.11
+ /usr/bin/perl Makefile.PL INSTALLDIRS=vendor 'OPTIMIZE=-O2 -g -pipe -Wall
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches
-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic'
Would you like to install Japanese documentation?
If you enter 'y' then i will try to install Japanese docs alongside
English ones. On platforms using 'man' manpages (typically on UN*X)
Japanese documentation will be available transparently to users whose
locale language is set to Japanese.
On other platforms the documentation will be available as Audio::Beep_jp
Default is to not install Japanese docs. [N/y]
(At this point the build hangs)
Version-Release number of selected component (if applicable):
perl-Audio-Beep-0.11-17.fc26
How reproducible:
100%
Steps to Reproduce:
1. Run 'fedpkg local', 'rpmbuild' etc.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 6 months
[Bug 1414996] New: please stop sending email to root in build tests
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1414996
Bug ID: 1414996
Summary: please stop sending email to root in build tests
Product: Fedora
Version: rawhide
Component: perl-Log-Dispatch
Assignee: tcallawa(a)redhat.com
Reporter: kevin(a)scrye.com
QA Contact: extras-qa(a)fedoraproject.org
CC: perl-devel(a)lists.fedoraproject.org,
rc040203(a)freenet.de, tcallawa(a)redhat.com
In tests perl-Log-Dispatch seems to send an email to root(a)localhost.localdomain
saying something a test passing.
It's from "LogDispatch(a)foo.bar" to "root(a)localhost.localdomain"
Due to our setup this email tries to bound, but foo.bar isn't found so it just
gets dropped. It would be nice to not send it at all. :)
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 6 months
[Bug 1210614] New: Shell command injection in c2ph tool
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1210614
Bug ID: 1210614
Summary: Shell command injection in c2ph tool
Product: Fedora
Version: 21
Component: perl
Assignee: jplesnik(a)redhat.com
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: cweyl(a)alumni.drew.edu, iarnell(a)gmail.com,
jplesnik(a)redhat.com, kasal(a)ucw.cz,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rc040203(a)freenet.de,
tcallawa(a)redhat.com
The c2ph suffers from shell command injection:
$ c2ph -n '; id; x.c'
cc: fatal error: no input files
compilation terminated.
uid=500(petr) gid=500(petr) groups=500(petr),63(audio),100(users),478(mock)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
sh: x.c: command not found
Tested with perl-5.18.4-308.fc21.x86_64.
Reported to upstream <https://rt.perl.org/Ticket/Display.html?id=124275>.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 7 months