[Bug 2046373] New: CVE-2021-45847 slic3r: NULL pointer dereference
in 3MF XML via a crafted 3MF input file [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2046373
Bug ID: 2046373
Summary: CVE-2021-45847 slic3r: NULL pointer dereference in 3MF
XML via a crafted 3MF input file [fedora-all]
Product: Fedora
Version: 35
Status: NEW
Component: slic3r
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: mhroncok(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: mhroncok(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2046373
1 month, 3 weeks
[Bug 1971453] New: perl-Crypt-RandPasswd-0.06-17.fc35 FTBFS
randomly: t/01-word.t: Use of uninitialized value $last_unit in hash element
at Crypt-RandPasswd-0.06/blib/lib/Crypt/RandPasswd.pm line 2205
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1971453
Bug ID: 1971453
Summary: perl-Crypt-RandPasswd-0.06-17.fc35 FTBFS randomly:
t/01-word.t: Use of uninitialized value $last_unit in
hash element at
Crypt-RandPasswd-0.06/blib/lib/Crypt/RandPasswd.pm
line 2205
Product: Fedora
Version: rawhide
Status: NEW
Component: perl-Crypt-RandPasswd
Assignee: emmanuel(a)seyman.fr
Reporter: ppisar(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: emmanuel(a)seyman.fr, perl-devel(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
perl-Crypt-RandPasswd-0.06-17.fc35 fails to build randomly because t/01-word.t
fails with 0.07 chance:
$ I=0; while prove -b -v t/01-word.t; do I=$((I+1)); echo $I; done
[...]
45
t/01-word.t ..
1..20
ok 1 - create random word of length 10
ok 2 - create random word of length 11
ok 3 - create random word of length 12
ok 4 - create random word of length 13
ok 5 - create random word of length 14
ok 6 - create random word of length 15
ok 7 - create random word of length 16
ok 8 - create random word of length 17
ok 9 - create random word of length 18
ok 10 - create random word of length 19
ok 11 - create random word of length 5 .. 10
ok 12 - create random word of length 6 .. 11
ok 13 - create random word of length 7 .. 12
ok 14 - create random word of length 8 .. 13
ok 15 - create random word of length 9 .. 14
ok 16 - create random word of length 10 .. 15
ok 17 - create random word of length 11 .. 16
ok 18 - create random word of length 12 .. 17
ok 19 - create random word of length 13 .. 18
Use of uninitialized value $last_unit in hash element at
/home/test/fedora/perl-Crypt-RandPasswd/Crypt-RandPasswd-0.06/blib/lib/Crypt/RandPasswd.pm
line 2205.
Failed 1/20 subtests
--
You are receiving this mail because:
You are on the CC list for the bug.
1 month, 3 weeks
[Bug 2037408] New: CVE-2020-16154
perl-App-cpanminus:1.7044/perl-App-cpanminus: Bypass of verification of
signatures in CHECKSUMS files [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2037408
Bug ID: 2037408
Summary: CVE-2020-16154
perl-App-cpanminus:1.7044/perl-App-cpanminus: Bypass
of verification of signatures in CHECKSUMS files
[fedora-all]
Product: Fedora
Version: 35
Status: NEW
Component: perl-App-cpanminus
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: jplesnik(a)redhat.com
Reporter: thoger(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com, mmaslano(a)redhat.com,
mspacek(a)redhat.com, perl-devel(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2037408
1 month, 3 weeks
[Bug 2035342] New: CVE-2020-16154 perl-App-cpanminus: signature
verification bypass [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2035342
Bug ID: 2035342
Summary: CVE-2020-16154 perl-App-cpanminus: signature
verification bypass [fedora-all]
Product: Fedora
Version: 35
Status: NEW
Component: perl-App-cpanminus
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: jplesnik(a)redhat.com
Reporter: mrehak(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: jplesnik(a)redhat.com, mmaslano(a)redhat.com,
mspacek(a)redhat.com, perl-devel(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2035342
1 month, 3 weeks
[Bug 2053166] New: perl-XML-LibXML: Validation succeeds even though
the DTD could not be loaded [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2053166
Bug ID: 2053166
Summary: perl-XML-LibXML: Validation succeeds even though the
DTD could not be loaded [fedora-all]
Product: Fedora
Version: 35
Status: NEW
Component: perl-XML-LibXML
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: jplesnik(a)redhat.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: caillon+fedoraproject(a)gmail.com, jplesnik(a)redhat.com,
kasal(a)ucw.cz, mspacek(a)redhat.com,
perl-devel(a)lists.fedoraproject.org,
rhughes(a)redhat.com, rstrode(a)redhat.com,
sandmann(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2053166
2 months
[Bug 1835353] New: rubygem-mail: Out of memory issue through nested
MIME parts
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1835353
Bug ID: 1835353
Summary: rubygem-mail: Out of memory issue through nested MIME
parts
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: akarol(a)redhat.com, alexl(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bkearney(a)redhat.com, btotty(a)redhat.com,
caillon+fedoraproject(a)gmail.com, caolanm(a)redhat.com,
dmetzger(a)redhat.com, gmccullo(a)redhat.com,
gnome-sig(a)lists.fedoraproject.org,
gtanzill(a)redhat.com, hhudgeon(a)redhat.com,
jfrey(a)redhat.com, jhardy(a)redhat.com,
john.j5live(a)gmail.com, jose.p.oliveira.oss(a)gmail.com,
lzap(a)redhat.com, mclasen(a)redhat.com,
mmccune(a)redhat.com, nmoumoul(a)redhat.com,
obarenbo(a)redhat.com, paul(a)city-fan.org,
perl-devel(a)lists.fedoraproject.org, rchan(a)redhat.com,
rhughes(a)redhat.com, rjerrido(a)redhat.com,
rob.myers(a)gtri.gatech.edu, roliveri(a)redhat.com,
rstrode(a)redhat.com, sandmann(a)redhat.com,
simaishi(a)redhat.com, smallamp(a)redhat.com,
sokeeffe(a)redhat.com, tbrisker(a)redhat.com,
tcallawa(a)redhat.com, vondruch(a)redhat.com,
walter.pete(a)yandex.com, xavier(a)bachelot.org
Target Milestone: ---
Classification: Other
A possible DoS issue may affect several MIME parsers. Messages with too many
tiny nested MIME parts can lead to memory exhaustion on split().
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960064
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960062
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960159
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960158
--
You are receiving this mail because:
You are on the CC list for the bug.
2 months
[Bug 2134183] New: Can't install perl on i*86 due to missing
dependencies
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2134183
Bug ID: 2134183
Summary: Can't install perl on i*86 due to missing dependencies
Product: Fedora
Version: rawhide
Hardware: i686
Status: NEW
Component: perl
Assignee: jplesnik(a)redhat.com
Reporter: fsumsal(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: caillon+fedoraproject(a)gmail.com, iarnell(a)gmail.com,
jplesnik(a)redhat.com, kasal(a)ucw.cz,
mmaslano(a)redhat.com, mspacek(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, ppisar(a)redhat.com,
psabata(a)redhat.com, rhughes(a)redhat.com,
sandmann(a)redhat.com, spotrh(a)gmail.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Today in our upstream systemd CI I noticed we can't no longer rebuild systemd
in the i*86 Rawhide chroot due to unmet dependencies for perl:
```
# /usr/bin/systemd-nspawn -q -M d5935823227641a790915d9d5f507513 -D
/var/lib/mock/fedora-rawhide-i686-bootstrap-1665588965.075313/root -a
--capability=cap_ipc_lock --rlimit=RLIMIT_NOFILE=10240
--capability=cap_ipc_lock --bind=/tmp/mock-resolv._n93ai7d:/etc/resolv.conf
--console=pipe --setenv=TERM=vt100 --setenv=SHELL=/bin/bash
--setenv=HOME=/var/lib/mock/fedora-rawhide-i686-1665588965.075313/root/installation-homedir
--setenv=HOSTNAME=mock --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin
--setenv=PROMPT_COMMAND=printf "\033]0;<mock-chroot>\007"
--setenv=PS1=<mock-chroot> \s-\v\$ --setenv=LANG=C.UTF-8
--setenv=LC_MESSAGES=C.UTF-8 --setenv=SYSTEMD_NSPAWN_TMPFS_TMP=0
--setenv=SYSTEMD_SECCOMP=0 --resolv-conf=off /usr/bin/dnf builddep
--installroot /var/lib/mock/fedora-rawhide-i686-1665588965.075313/root/
--releasever 38 --setopt=deltarpm=False --allowerasing --disableplugin=local
--disableplugin=spacewalk --disableplugin=versionlock --disableplugin=local
--disableplugin=spacewalk --disableplugin=versionlock
/var/lib/mock/fedora-rawhide-i686-1665588965.075313/root//builddir/build/SRPMS/systemd-252.rc1-28.20221012153515830511.pr24944.114.g27a356aad9.src.rpm
--setopt=tsflags=nocontexts --setopt=tsflags=nocontexts
--setopt=tsflags=nocontexts
No matches found for the following disable plugin patterns: local, spacewalk,
versionlock
Copr repository 34 kB/s | 3.3 kB 00:00
local 36 kB/s | 3.8 kB 00:00
Package util-linux-2.38.1-2.fc38.i686 is already installed.
Package coreutils-9.1-8.fc38.i686 is already installed.
Package gawk-5.1.1-4.fc37.i686 is already installed.
Package pkgconf-pkg-config-1.8.0-3.fc37.i686 is already installed.
Package xz-5.2.7-1.fc38.i686 is already installed.
Error:
Problem: package perl-Archive-Tar-2.40-490.fc37.noarch requires
perl(IO::Uncompress::UnXz), but none of the providers can be installed
- package perl-Archive-Tar-2.40-490.fc37.noarch requires
perl(IO::Compress::Xz), but none of the providers can be installed
- package perl-4:5.36.0-492.fc38.i686 requires perl-Archive-Tar, but none of
the providers can be installed
- package perl-IO-Compress-Lzma-2.201-2.fc37.noarch requires
perl(Compress::Raw::Lzma) >= 2.201, but none of the providers can be installed
- conflicting requests
- nothing provides xz-libs(x86-32) = 5.2.6 needed by
perl-Compress-Raw-Lzma-2.201-3.fc38.i686
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use
not only best candidate packages)
```
Version-Release number of selected component (if applicable):
perl-4:5.36.0-492.fc38.i686
How reproducible:
always
Steps to Reproduce:
$ mock --init --install perl -r fedora-rawhide-i386
Actual results:
```
$ mock --init --install perl -r fedora-rawhide-i386
INFO: mock.py version 3.1 starting (python version = 3.10.6, NVR =
mock-3.1-1.fc36)...
Start(bootstrap): init plugins
INFO: selinux disabled
Finish(bootstrap): init plugins
Start: init plugins
INFO: selinux disabled
Finish: init plugins
INFO: Signal handler active
Start: run
Start(bootstrap): chroot init
...
INFO: installing package(s): perl
No matches found for the following disable plugin patterns: local, spacewalk,
versionlock
local
9.3 kB/s | 3.8 kB 00:00
local
480 kB/s | 59 MB 02:06
Last metadata expiration check: 0:01:44 ago on Wed Oct 12 19:51:40 2022.
Error:
Problem: package perl-Archive-Tar-2.40-490.fc37.noarch requires
perl(IO::Uncompress::UnXz), but none of the providers can be installed
- package perl-Archive-Tar-2.40-490.fc37.noarch requires
perl(IO::Compress::Xz), but none of the providers can be installed
- package perl-4:5.36.0-492.fc38.i686 requires perl-Archive-Tar, but none of
the providers can be installed
- package perl-IO-Compress-Lzma-2.201-2.fc37.noarch requires
perl(Compress::Raw::Lzma) >= 2.201, but none of the providers can be installed
- conflicting requests
- nothing provides xz-libs(x86-32) = 5.2.6 needed by
perl-Compress-Raw-Lzma-2.201-3.fc38.i686
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use
not only best candidate packages)
ERROR: Command failed:
# /usr/bin/systemd-nspawn -q -M ca32ef1169e04f23a8796855e6cc0fb6 -D
/var/lib/mock/fedora-rawhide-i686-bootstrap/root -a --capability=cap_ipc_lock
--bind=/tmp/mock-resolv.yjxlqd3e:/etc/resolv.conf --console=pipe
--setenv=TERM=vt100 --setenv=SHELL=/bin/bash
--setenv=HOME=/var/lib/mock/fedora-rawhide-i686/root/installation-homedir
--setenv=HOSTNAME=mock --setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin
--setenv=PROMPT_COMMAND=printf "\033]0;<mock-chroot>\007"
--setenv=PS1=<mock-chroot> \s-\v\$ --setenv=LANG=C.UTF-8
--setenv=LC_MESSAGES=C.UTF-8 --resolv-conf=off /usr/bin/dnf --installroot
/var/lib/mock/fedora-rawhide-i686/root/ --releasever 38 --setopt=deltarpm=False
--allowerasing --disableplugin=local --disableplugin=spacewalk
--disableplugin=versionlock install perl
```
Expected results:
The perl package should be installable on i*86.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2134183
2 months
[Bug 2064175] New: CVE-2021-44962 slic3r: specially crafted stl file
could lead to information disclosure [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2064175
Bug ID: 2064175
Summary: CVE-2021-44962 slic3r: specially crafted stl file
could lead to information disclosure [fedora-all]
Product: Fedora
Version: 35
Status: NEW
Component: slic3r
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mhroncok(a)redhat.com
Reporter: mrehak(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: mhroncok(a)redhat.com,
perl-devel(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2064175
2 months