January 2023 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2093731] New: zbarimg does not read a Code 128 barcode
by bugzilla＠redhat.com 06 May '26

06 May '26

https://bugzilla.redhat.com/show_bug.cgi?id=2093731 Bug ID: 2093731 Summary: zbarimg does not read a Code 128 barcode Product: Fedora Version: 36 Status: NEW Component: zbar Severity: high Assignee: gwync(a)protonmail.com Reporter: cristian.ciupitu(a)yahoo.com QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, mr.marcelo.barbosa(a)gmail.com, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora Created attachment 1886898 --> https://bugzilla.redhat.com/attachment.cgi?id=1886898&action=edit Code 128 barcode Description of problem: zbarimg does not read a Code 128 barcode Version-Release number of selected component (if applicable): zbar-0.23.90-1.fc36.x86_64 How reproducible: Every time Steps to Reproduce: 1. zbarimg barcode.png Actual results: scanned 0 barcode symbols from 1 images in 0 seconds WARNING: barcode data was not detected in some image(s) Things to check: - is the barcode type supported? Currently supported symbologies are: . EAN/UPC (EAN-13, EAN-8, EAN-2, EAN-5, UPC-A, UPC-E, ISBN-10, ISBN-13) . DataBar, DataBar Expanded . Code 128 . Code 93 . Code 39 . Codabar . Interleaved 2 of 5 . QR code . SQ code . PDF 417 - is the barcode large enough in the image? - is the barcode mostly in focus? - is there sufficient contrast/illumination? - If the symbol is split in several barcodes, are they combined in one image? - Did you enable the barcode type? some EAN/UPC codes are disabled by default. To enable all, use: $ zbarimg -S*.enable <files> Please also notice that some variants take precedence over others. Due to that, if you want, for example, ISBN-10, you should do: $ zbarimg -Sisbn10.enable <files> Expected results: (Code 128) 755897201062022179.73 Additional info: -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093731

1 11

[Bug 2150951] New: CVE-2022-37325 asterisk: Remote Crash Vulnerability in H323 channel add on [fedora-all]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2150951 Bug ID: 2150951 Summary: CVE-2022-37325 asterisk: Remote Crash Vulnerability in H323 channel add on [fedora-all] Product: Fedora Version: 37 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jsmith.fedora(a)gmail.com Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2150949 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2150951

1 15

[Bug 2150950] New: CVE-2022-37325 asterisk: Remote Crash Vulnerability in H323 channel add on [epel-8]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2150950 Bug ID: 2150950 Summary: CVE-2022-37325 asterisk: Remote Crash Vulnerability in H323 channel add on [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2150949 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2150950

1 10

[Bug 2150945] New: CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [fedora-all]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2150945 Bug ID: 2150945 Summary: CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [fedora-all] Product: Fedora Version: 37 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: jsmith.fedora(a)gmail.com Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2150943 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2150945

1 15

[Bug 2150944] New: CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [epel-8]
by bugzilla＠redhat.com 30 Apr '26

30 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2150944 Bug ID: 2150944 Summary: CVE-2022-42705 asterisk: Use after free in res_pjsip_pubsub.c [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: asterisk Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: epel-packagers-sig(a)lists.fedoraproject.org Reporter: zmiele(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bennie.joubert(a)jsdaav.com, epel-packagers-sig(a)lists.fedoraproject.org, jsmith.fedora(a)gmail.com, rbryant(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2150943 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2150944

1 10

[Bug 2093358] New: CVE-2021-46790 ntfs-3g: heap-based buffer overflow in ntfsck
by bugzilla＠redhat.com 14 Jan '26

14 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2093358 Bug ID: 2093358 Summary: CVE-2021-46790 ntfs-3g: heap-based buffer overflow in ntfsck Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: ddepaula(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, jferlan(a)redhat.com, kparal(a)redhat.com, ngompa13(a)gmail.com, rjones(a)redhat.com, spotrh(a)gmail.com, virt-maint(a)redhat.com Target Milestone: --- Classification: Other ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. References: https://github.com/tuxera/ntfs-3g/issues/16 http://www.openwall.com/lists/oss-security/2022/05/26/1 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093358

1 17

[Bug 2093363] New: CVE-2021-46790 ntfs-3g-system-compression: ntfs-3g: heap-based buffer overflow in ntfsck [epel-all]
by bugzilla＠redhat.com 14 Jan '26

14 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2093363 Bug ID: 2093363 Summary: CVE-2021-46790 ntfs-3g-system-compression: ntfs-3g: heap-based buffer overflow in ntfsck [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: ntfs-3g-system-compression Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: kparal(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, kparal(a)redhat.com, ngompa13(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093363

1 5

[Bug 2093348] New: CVE-2022-30789 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array
by bugzilla＠redhat.com 14 Jan '26

14 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2093348 Bug ID: 2093348 Summary: CVE-2022-30789 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: ddepaula(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, jferlan(a)redhat.com, kparal(a)redhat.com, ngompa13(a)gmail.com, rjones(a)redhat.com, spotrh(a)gmail.com, virt-maint(a)redhat.com Target Milestone: --- Classification: Other A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. References: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x https://github.com/tuxera/ntfs-3g/releases -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093348

1 17

[Bug 2093353] New: CVE-2022-30789 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array [epel-all]
by bugzilla＠redhat.com 14 Jan '26

14 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2093353 Bug ID: 2093353 Summary: CVE-2022-30789 ntfs-3g-system-compression: ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: ntfs-3g-system-compression Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: kparal(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, kparal(a)redhat.com, ngompa13(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093353

1 5

[Bug 2093340] New: CVE-2022-30788 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc
by bugzilla＠redhat.com 14 Jan '26

14 Jan '26

https://bugzilla.redhat.com/show_bug.cgi?id=2093340 Bug ID: 2093340 Summary: CVE-2022-30788 ntfs-3g: crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: ddepaula(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, jferlan(a)redhat.com, kparal(a)redhat.com, ngompa13(a)gmail.com, rjones(a)redhat.com, spotrh(a)gmail.com, virt-maint(a)redhat.com Target Milestone: --- Classification: Other A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. References: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x https://github.com/tuxera/ntfs-3g/releases -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2093340

1 17

2026

2025

2024

2023

2022

2021

Epel-packagers-sig January 2023