July 2014 - security-team [ARCHIVED]

First message in list with some questions ;)

by Igor Gnatenko

Hi, first thank you for creating maillist. That's really useful. Let me some qoute Eric and ask some questions. > As of 2014-06-10 there were 539 open security bugs in Fedora. With a little work we should be able to get this number down by figuring out if the vulnerability is still open, if a patch/release is available to fix it, or need to work upstream. We'll likely need to come up with a way to categorize these things in BZ to make it easier to do a search. Can you provide link where I can get this list of bugs? P.S. I did search RHBZ for CVEs, but don't know what product/component I want ;) -- -Igor Gnatenko

9 years, 9 months

5
6
0 / 0

[dcmtk] important vulnerability (possible privilege escalation if setuid() fails)

by Igor Gnatenko

Hi, we have important vulnerability[0] in yours package - dcmtk. Please apply upstream patch provided in BZ and submit update using link in BZ for all Fedora branches. Also when you created SCM request you added EPEL6 to branches, but we got nothing in el6, fix it please ;) [0]https://bugzilla.redhat.com/show_bug.cgi?id=1104041 -- -Igor Gnatenko

9 years, 9 months

2
1
0 / 0

Security Team Meeting - When is good?

by Eric Christensen

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I've created a survey[0] to find out when I good time to meet on IRC is for everyone. I'd like to meet weekly so we can keep track of what's happening and get feedback. [0] http://whenisgood.net/yk7nyfb - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Fedora Project sparks(a)fedoraproject.org - sparks(a)redhat.com 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJTw+O9AAoJEB/kgVGp2CYvJfMMAITeMO/LZ7QYFxGk+XGrRldq l4EDPCqjvej58WT05LVavPY4N/pi8lpPfCwoFlzhsE/mfkJ9KeHA19lzUCUdJpcu MFOcdG4DtmloDfpsv1/6irlz1wuXuTzNA2IfeWo17oRoVc9Ts6UWX1jFIBRxhjN6 GUxE4OZ67ChSgZ11HauLBaPLnVOHAnDNiiByFokCWOq9iIxzzJMb9W5eZNX5mUeB IfRZX9DsnthilpW/lr8OhMn+nbCXjDPknIPu/hj0I8ZkfJnHgpeoIPQybbgWbTQo j5RY9oMT3BkQmGmwYfgVPWfVw2lMI/KCX64mRPHM7GpaS8zdZi9Ls4Epf6ya9Ttd AP8yuPqoUSuEnrvP1yVHKyya2Bn3E2K74BlOll/NwEVyoUZNL0IoBeLuIfNguu77 pLhrIMiKvE+dv1d2SCAvp2I5xhbOWVgDd9n6alyTde8/ukdSAPOt5F5qyLvXyd8H 3+TRLAabhDIb+RFHWlwGYJ3z/nFH4lKEshiTlc0Zmw== =4ZKQ -----END PGP SIGNATURE-----

9 years, 9 months

1
0
0 / 0

[python-bottle] important vulnerability + new versions available

by Igor Gnatenko

The record for FST. -------- Forwarded Message -------- > From: Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> > To: Rahul Sundaram <sundaram(a)fedoraproject.org>, Rahul Sundaram > <metherid(a)gmail.com> > Subject: [python-bottle] important vulnerability + new versions > available > Date: Sat, 12 Jul 2014 12:05:25 +0400 > > Hi, > > we have important vulnerability in python-bottle[0]. > > Please update to 0.11.7 in Fedora 19, 20, 21, 22 (rawhide) and to > 0.10.12 in Fedora EPEL 6, 7. It's bugfix releases. > > I think would be good if we will update to 0.12.6 for Fedora 21, 22 > (rawhide). > > And submit update with link[1]. > > [0]https://bugzilla.redhat.com/show_bug.cgi?id=1093257 > [1]https://admin.fedoraproject.org/updates/new/?type_=security&bugs=109325... > -- > -Igor Gnatenko > -- -Igor Gnatenko

9 years, 9 months

1
0
0 / 0

[sdcc] vulnerability + new release available (3.4.0)

by Igor Gnatenko

Hi, we have vulnerability in sdcc[0]. You can read how-to fix it in BZ. Also there sdcc-3.4.0 available (but security bug not fixed there). Please fix it! [0]https://bugzilla.redhat.com/show_bug.cgi?id=1059361 -- -Igor Gnatenko

9 years, 9 months

1
0
0 / 0

[nagios-plugins] important vulnerability + new version available (2.0.3)

by Igor Gnatenko

Hi, we have important vulnerability in nagios-plugins[0]. It's fixed in 2.0.3. In Fedora/EPEL we have 2.0.1. Please update to 2.0.3 in Fedora 19, 20, 21, 22 (rawhide), EPEL7 and submit update with link[1]. P.S. I've CCed maintainers, co-maintainers and who updated this package in last time. [0]https://bugzilla.redhat.com/show_bug.cgi?id=1098548 [1]https://admin.fedoraproject.org/updates/new/?type_=security&bugs=109854... -- -Igor Gnatenko

9 years, 9 months

1
0
0 / 0

pixman vulnerability in fedora 19 and 20

by Igor Gnatenko

Hi, We have important vulnerability in Fedora 19, 20 in pixman package.[0] please fix it! In bug you can find needed commits to backport (or uptaing to required version) and some notes about packaging. [0]https://bugzilla.redhat.com/show_bug.cgi?id=1043743 -- -Igor Gnatenko

9 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

security-team [ARCHIVED] July 2014