March 2023 - perl-devel - Fedora Mailing-Lists

[Bug 2064174] New: CVE-2021-44962 slic3r: specially crafted stl file could lead to information disclosure

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2064174 Bug ID: 2064174 Summary: CVE-2021-44962 slic3r: specially crafted stl file could lead to information disclosure Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: mrehak(a)redhat.com CC: mhroncok(a)redhat.com, perl-devel(a)lists.fedoraproject.org Target Milestone: --- Classification: Other An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability. Reference: https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2064174

4 months

1
5
0 / 0

[Bug 2064175] New: CVE-2021-44962 slic3r: specially crafted stl file could lead to information disclosure [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2064175 Bug ID: 2064175 Summary: CVE-2021-44962 slic3r: specially crafted stl file could lead to information disclosure [fedora-all] Product: Fedora Version: 35 Status: NEW Component: slic3r Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mhroncok(a)redhat.com Reporter: mrehak(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: mhroncok(a)redhat.com, perl-devel(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2064175

4 months

1
6
0 / 0

[Bug 2046366] New: CVE-2021-45846 slic3r: NULL pointer dereference in AMF XML parser via a crafted AMF document

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2046366 Bug ID: 2046366 Summary: CVE-2021-45846 slic3r: NULL pointer dereference in AMF XML parser via a crafted AMF document Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: mhroncok(a)redhat.com, perl-devel(a)lists.fedoraproject.org Target Milestone: --- Classification: Other A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a "type" attribute. Reference: https://github.com/slic3r/Slic3r/issues/5117 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2046366

4 months

1
5
0 / 0

[Bug 2046367] New: CVE-2021-45846 slic3r: NULL pointer dereference in AMF XML parser via a crafted AMF document [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2046367 Bug ID: 2046367 Summary: CVE-2021-45846 slic3r: NULL pointer dereference in AMF XML parser via a crafted AMF document [fedora-all] Product: Fedora Version: 35 Status: NEW Component: slic3r Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: mhroncok(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: mhroncok(a)redhat.com, perl-devel(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2046367

4 months

1
6
0 / 0

[Bug 2053165] New: perl-XML-LibXML: Validation succeeds even though the DTD could not be loaded

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2053165 Bug ID: 2053165 Summary: perl-XML-LibXML: Validation succeeds even though the DTD could not be loaded Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: caillon+fedoraproject(a)gmail.com, jplesnik(a)redhat.com, kasal(a)ucw.cz, mspacek(a)redhat.com, perl-devel(a)lists.fedoraproject.org, perl-maint-list(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com Target Milestone: --- Classification: Other When one sets validation to 1 without also setting load_ext_dtd to 1, the document is always regarded as valid. References: https://github.com/shlomif/perl-XML-LibXML/issues/71 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2053165

4 months

1
5
0 / 0

[Bug 2053166] New: perl-XML-LibXML: Validation succeeds even though the DTD could not be loaded [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2053166 Bug ID: 2053166 Summary: perl-XML-LibXML: Validation succeeds even though the DTD could not be loaded [fedora-all] Product: Fedora Version: 35 Status: NEW Component: perl-XML-LibXML Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: jplesnik(a)redhat.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: caillon+fedoraproject(a)gmail.com, jplesnik(a)redhat.com, kasal(a)ucw.cz, mspacek(a)redhat.com, perl-devel(a)lists.fedoraproject.org, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2053166

4 months

1
6
0 / 0

[Bug 2026907] New: Time to retire this package

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2026907 Bug ID: 2026907 Summary: Time to retire this package Product: Fedora Version: rawhide Status: NEW Component: perl-WWW-Google-Contacts Assignee: avibrazil(a)gmail.com Reporter: ppisar(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: avibrazil(a)gmail.com, perl-devel(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Does perl-WWW-Google-Contacts-0:0.39-18.fc35 actually work? According to an upstream bug <https://rt.cpan.org/Public/Bug/Display.html?id=113292> it does work since 2015. This package is also the only user of perl-Crypt-SSLeay which does not work with OpenSSL 3 (bug #2007247) which now in Fedora 36. Could you please consider removing perl-WWW-Google-Contacts from Fedora? -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2026907

4 months

1
2
0 / 0

[Bug 2182352] New: perl-Devel-CallParser-0.002-30.fc39 FTBFS: t/leximport.t fails

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2182352 Bug ID: 2182352 Summary: perl-Devel-CallParser-0.002-30.fc39 FTBFS: t/leximport.t fails Product: Fedora Version: rawhide URL: https://koschei.fedoraproject.org/package/perl-Devel-C allParser Status: NEW Component: perl-Devel-CallParser Assignee: jplesnik(a)redhat.com Reporter: ppisar(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: jplesnik(a)redhat.com, paul(a)city-fan.org, perl-devel(a)lists.fedoraproject.org Blocks: 2168842 (F39FTBFS,RAWHIDEFTBFS) Target Milestone: --- Classification: Fedora perl-Devel-CallParser-0.002-30.fc39 fails to build in Fedora 39 because a test fails: $ prove -b -I . -v t/leximport.t t/leximport.t .. 1..5 ok 1 ok 2 - require Devel::CallParser; ok 3 not ok 4 # Failed test at t/leximport.t line 46. # got: 'syntax error at (eval 19) line 1, near "foo:" # ' # expected: '' not ok 5 # Failed test at t/leximport.t line 47. # Structures begin differing at: # $got = undef # $expected = ARRAY(0x56053003c0f0) # Looks like you failed 2 tests of 5. Dubious, test returned 2 (wstat 512, 0x200) Failed 2/5 subtests Test Summary Report ------------------- t/leximport.t (Wstat: 512 (exited 2) Tests: 5 Failed: 2) Failed tests: 4-5 Non-zero exit status: 2 A difference between passing and failing build root is at <https://koschei.fedoraproject.org/build/15176938>. An update of perl-Lexical-Var from 0.009-31.fc38 to 0.010-1.fc39 is suspicious. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2168842 [Bug 2168842] Fedora 39 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2182352

4 months, 3 weeks

1
6
0 / 0

[Bug 2113577] New: perl-IO-Async: FTBFS in Fedora rawhide/f37

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2113577 Bug ID: 2113577 Summary: perl-IO-Async: FTBFS in Fedora rawhide/f37 Product: Fedora Version: rawhide Status: NEW Component: perl-IO-Async Assignee: emmanuel(a)seyman.fr Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: emmanuel(a)seyman.fr, kwizart(a)gmail.com, perl-devel(a)lists.fedoraproject.org Blocks: 2045102 (F37FTBFS,RAWHIDEFTBFS) Target Milestone: --- Classification: Fedora perl-IO-Async failed to build from source in Fedora rawhide/f37 https://koji.fedoraproject.org/koji/taskinfo?taskID=89851432 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Please fix perl-IO-Async at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, perl-IO-Async will be orphaned. Before branching of Fedora 38, perl-IO-Async will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai... Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2045102 [Bug 2045102] Fedora 37 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2113577

4 months, 3 weeks

1
3
0 / 0

[Bug 2180465] New: bugzilla fails to build with Sphinx 6.1.3

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2180465 Bug ID: 2180465 Summary: bugzilla fails to build with Sphinx 6.1.3 Product: Fedora Version: rawhide Status: NEW Component: bugzilla Assignee: emmanuel(a)seyman.fr Reporter: ksurma(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: astra(a)ionic.at, emmanuel(a)seyman.fr, perl-devel(a)lists.fedoraproject.org Blocks: 2135122 Target Milestone: --- Classification: Fedora bugzilla fails to build with Sphinx 6.1.3 in Fedora 39 (currently Rawhide). For the logs from testing build attempts, see: https://copr.fedorainfracloud.org/coprs/ksurma/sphinx-6.1.3/package/bugzi... You can test you package in mock running: $ mock -r fedora-rawhide-x86_64 --addrepo=https://download.copr.fedorainfracloud.org/results/ksurma/sphinx-6.1.3/fedora-rawhide-x86_64/ --no-clean your.src.rpm $ mock -r fedora-rawhide-x86_64 --addrepo=https://download.copr.fedorainfracloud.org/results/ksurma/sphinx-6.1.3/fedora-rawhide-x86_64/ shell The issue detected: Exception occurred: File "/usr/lib/python3.11/site-packages/sphinx/ext/extlinks.py", line 103, in role title = caption % part ~~~~~~~~^~~~~~ TypeError: not all arguments converted during string formatting It's an error in configuration. To resolve, edit the documentation `conf.py` and correct the `extlinks` definition to contain exactly one `%s` in the captions, eg. Bad: 'github': ('https://github.com/%s', '') Good: 'github': ('https://github.com/%s', '%s') Sphinx 6.1.3 will be included in Fedora 39. Let us know here if you have any questions. Thank you! Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2135122 [Bug 2135122] python-sphinx-6.1.3 is available -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2180465

4 months, 3 weeks

1
3
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

perl-devel March 2023